The Opengear can make its internal modem available to a downstream router by enabling IP Passthrough. When the router is configured to use the Opengear's cellular modem as a backup WAN connection, this feature is known as Failover to Cellular (F2C).
This short video provides an overview of F2C and IP Passthrough, full details are below.
IP Passthrough is used to make a modem connection (e.g. the Opengear’s internal cellular modem) appear like a regular Ethernet connection to a third-party downstream router, allowing the downstream router to use the Opengear’s modem connection as a primary or backup WAN interface.
The Opengear provides the modem IP address and DNS details to the downstream device over DHCP and transparently passes network traffic to and from the modem and router.
While IP Passthrough essentially turns an Opengear into a modem-to-Ethernet half bridge, some specific layer 4 services (HTTP/HTTPS/SSH) may still be terminated at the Opengear (Service Intercepts). Also, services running on the Opengear can initiate outbound cellular connections independent of the downstream router.
This allows the Opengear to continue to be used for out-of-band management and alerting and also be managed via Lighthouse, while in IP Passthrough mode.
Downstream Router Setup Tips
To use failover connectivity on the downstream router (aka Failover to Cellular or F2C), it must have two or more WAN interfaces.
Note Failover in the IP Passthrough context is external, and performed by the downstream router. From firmware version 4.1.0 onwards, IP Passthrough mode may also be combined with any of the internal failover modes described in this article.
Connect an Ethernet WAN interface on the downstream router to the Opengear’s Network Interface or Management LAN port with an Ethernet cable.
Configure this interface on the downstream router to receive its network settings via DHCP. If failover is required, configure the downstream router for failover (e.g. using Cisco's IP SLA feature) between its primary interface and the Ethernet port connected to the Opengear.
Note Be aware of the bandwidth and data usage limitations of your cellular plan, and take care to implement appropriate QoS and rate limiting in your downstream router configuration.
IP Passthrough Pre-Configuration
Prerequisite steps to enable IP Passthrough are:
- Configure the Network Interface and where applicable Management LAN interfaces with static network settings
- Click System: IP
- For Network Interface and where applicable Management LAN, select Static for the Configuration Method and enter the network settings (see the section entitled Network Configuration for detailed instructions)
- For the interface connected to the downstream router, you may choose any dedicated private network – this network will only exist between the Opengear and downstream router and will not normally be accessible
- For the other interface, configure it as you would per normal on the local network
- Configure the Opengear modem in Always On Out-of-band mode
- For a cellular connection, click System: Dial: Internal Cellular Modem
- Select Enable Dial-Out and enter carrier details such as APN (see the section entitled Cellular Modem Connection for detailed instructions)
IP Passthrough Configuration
To configure IP Passthrough:
- Click Serial & Network: IP Passthrough and check Enable
- Select the Opengear Modem to use for upstream connectivity
- Optionally, enter the MAC Address of the downstream router’s connected interface
Note If MAC address is not specified, the Opengear will passthrough to the first downstream device requesting a DHCP address.
- Select the Opengear Ethernet Interface to use for connectivity to the downstream router
- If the downstream router is rejecting the DHCP offer due to an invalid address/netmask, check Enable Force Subnet Mask and enter a Force Subnet Mask (the default of 24 is typically okay)
- Click Apply
These allow the Opengear to continue to provide services for e.g. out-of-band management when in IP Passthrough mode. Connections to the modem address on the specified intercept port(s) will be handled by the Opengear, rather than being passed through to the downstream router.
- For the required service of HTTP, HTTPS or SSH, check Enable
- Optionally modify the Intercept Port to an alternate port (e.g. 8443 for HTTPS), this is useful if you want to continue to allow the downstream router to remain accessible via its regular port
IP Passthrough Status
Refresh the page to view the Status section. It displays the modem’s External IP Address being passed through, the Internal MAC Address of the downstream router (only populated when the downstream router accepts the DHCP lease), and the overall running status of the IP Passthrough service.
Additionally, you may be alerted to the failover status of the downstream router by configuring a Routed Data Usage Check under Alerts & Logging: Auto-Response.
- Some downstream routers may be incompatible with the gateway route. This may happen when IP Passthrough is bridging a 3G cellular network where the gateway address is a point-to-point destination address and no subnet information is available. The Opengear sends a DHCP netmask of 255.255.255.255. Devices will normally correctly construe this as a "single host route" on the interface, but as this is an unusual setting for Ethernet, some older downstream devices may have issues.
- A second issue that can arise is when the carrier network (e.g. Verizon 4G LTE) is not handing out a network mask. In this case the Opengear's internal cellular modem will interpolate one, however this can result in an address/netmask that doesn't fall on a valid classless subnet boundary. Cisco routers in particular will reject such settings – if you are experiencing this enable the Force Subnet Mask option.
- As per normal operation, Service Intercepts will not work unless the service is enabled and access to the service is enabled (see System: Services: Service Access: Dialout/Cellular).
- Outbound connections originating from Opengear to remote services are supported (e.g. sending SMTP email alerts, SNMP traps, getting NTP time, IPSec tunnels), however there is a miniscule risk of connection failure should both the Opengear and the downstream device try to access the same UDP or TCP port on the same remote host at the same time where they have randomly chosen the same originating local port number.
- Opengear ACM5500 and IM4200 models will degrade in performance routing over 15Mbps due to CPU limitations. If enhanced performance is required, consider an Opengear 7000-series solution.
Article is closed for comments.