jonathan_winters
New Around Here
After my LTE provider made a change a week or so ago, I have been working my way through the various issues that their changes created for me. It now appears that I'm behind an extra layer of NAT/CG-NAT that is really throwing off some of my internal networking (which was all finely tuned prior to the recent change).
So far my fix has been to tunnel all of my traffic through wireguard to a VPS that I have running in Oracle cloud (in the Always Free tier). It works well to work around the issues presented by CG-NAT, but the downside is that my speed/performance has REALLY taken a hit. The best I can tell is that between the wireguard tunnel and my local network, I'm running into a fair amount of packet fragmentation, presumably due to the MTU coming from my LAN + the wireguard tunnel + CG-NAT.
To update the MTU, I copied the original `/etc/init.d/wg-client` init script into the overlay directory so that I could customize it, and then adjusted the MTU to 1400 there (reduced from 1420). Of course, the change persisted, but I'm still losing far more of my bandwidth than I would expect that I should based on my history with using wireguard in various environments, so I'm wondering if I should either:
1) Further reduce the MTU to prevent more fragmentation - I don't know for sure the implications of going even smaller, but it seems like even the default 1420 is already pretty small, so I'm cautious to take it down even more.
OR
2) See if I can find some way to reduce the complexity in my home network to reduce the impacts of the Wireguard tunnel.
For some context, here is my network connection:
INTERNET --> Oracle Cloud VM [ WG "Server" ] --> ISP: CG-NAT/T-Mobile LTE --> LBR20 [ WG "Client" ] --> TP-Link Omada Gateway --> LAN
NAT1: My LBR20 *receives* an RFC5735 IP address from T-Mobile's CG-NAT - 192.0.0.2/27
NAT2: My LBR20 creates a small LAN for itself and the Omada Gateway - 192.168.1.0/24
NAT3: My Omada Gateway is the gateway for my entire home LAN - 172.16.0.0/24
I'd prefer to remove the 2nd NAT but the LBR20 doesn't have an option for Bridge/IP-Passthrough mode when using LTE as the primary connection, so as far as I know about the LBR20, that is an unavoidable hop. If someone knows of a way to put this into bridge mode while using the LTE modem as the primary uplink, please let me know!
Does anyone have any thoughts or advice on the best way around this?
As an aside, I've been running Voxel firmware on my LBR20 for quite a while now and have REALLY appreciated all of the power and flexibility it has given me. I've managed to create a library of scripts that allow me to quickly and easily run various `AT+` commands to update the MBN, restart the modem, and change the band locks, and I've also managed to rig up a series of symlinks that retain my bash history and other fun things. Overall I'm REALLY happy with the flexibility of this setup, so hopefully I can get this last piece fixed up.
So far my fix has been to tunnel all of my traffic through wireguard to a VPS that I have running in Oracle cloud (in the Always Free tier). It works well to work around the issues presented by CG-NAT, but the downside is that my speed/performance has REALLY taken a hit. The best I can tell is that between the wireguard tunnel and my local network, I'm running into a fair amount of packet fragmentation, presumably due to the MTU coming from my LAN + the wireguard tunnel + CG-NAT.
To update the MTU, I copied the original `/etc/init.d/wg-client` init script into the overlay directory so that I could customize it, and then adjusted the MTU to 1400 there (reduced from 1420). Of course, the change persisted, but I'm still losing far more of my bandwidth than I would expect that I should based on my history with using wireguard in various environments, so I'm wondering if I should either:
1) Further reduce the MTU to prevent more fragmentation - I don't know for sure the implications of going even smaller, but it seems like even the default 1420 is already pretty small, so I'm cautious to take it down even more.
OR
2) See if I can find some way to reduce the complexity in my home network to reduce the impacts of the Wireguard tunnel.
For some context, here is my network connection:
INTERNET --> Oracle Cloud VM [ WG "Server" ] --> ISP: CG-NAT/T-Mobile LTE --> LBR20 [ WG "Client" ] --> TP-Link Omada Gateway --> LAN
NAT1: My LBR20 *receives* an RFC5735 IP address from T-Mobile's CG-NAT - 192.0.0.2/27
NAT2: My LBR20 creates a small LAN for itself and the Omada Gateway - 192.168.1.0/24
NAT3: My Omada Gateway is the gateway for my entire home LAN - 172.16.0.0/24
I'd prefer to remove the 2nd NAT but the LBR20 doesn't have an option for Bridge/IP-Passthrough mode when using LTE as the primary connection, so as far as I know about the LBR20, that is an unavoidable hop. If someone knows of a way to put this into bridge mode while using the LTE modem as the primary uplink, please let me know!
Does anyone have any thoughts or advice on the best way around this?
As an aside, I've been running Voxel firmware on my LBR20 for quite a while now and have REALLY appreciated all of the power and flexibility it has given me. I've managed to create a library of scripts that allow me to quickly and easily run various `AT+` commands to update the MBN, restart the modem, and change the band locks, and I've also managed to rig up a series of symlinks that retain my bash history and other fun things. Overall I'm REALLY happy with the flexibility of this setup, so hopefully I can get this last piece fixed up.
