RUTX50 - Passthrough, DHCP & (assumed) Firmware Issue

Hello Teltonika Community,

First post on the ‘new’ boards and unfortunately it’s to seek assistance with my RUTX50, which until this last week has been absolutely rock solid…

TLDR: Updated RUTX50 to latest Device & Modem Firmware, Internet no longer stable, rolling back to know good configuration no longer works either, wondering if I’ve got a Firmware issue/corruption/bug, I think it’s DHCP related and have managed to work some temporary fixes that last between hours and a couple days, but have now reached the limits of my networking knowledge and need assistance. Nearest search result I’ve found with similar feel is for a TRB500: Firmware 07.08/07.09 - Passthrough issue not solved

I run the attached network configuration, with the RUTX50 setup in Passthrough with DCHP Disabled, supplying only Internet to my TP-Link Omada setup. The RUTX50 WAN is just a single Vodafone (UK) 5G Unlimited SIM, with the RUTX50 LAN powering the unit (PoE) and is connected to the WAN port of the TP Router.

I try to keep on top of firmware updates around my family downtime requirements (Home Office Working & Streaming/Gaming), and around 6 days ago I woke to find the internet had dropped out (TP-Link WiFi connections OK, but ‘Connected Without Internet’ at all devices). I logged into the RUTX50 via the browser and noticed a blue box informing me that a Modem Firmware update was in progress, and at the time I assumed this was automatically triggered by the FOTA settings I had. This being the first time I’ve seen this message I assumed that was the reason for the internet dropout and waited for it to complete. While waiting for assumed completion of the install, the message was replaced with another stating that a Modem Firmware update was now available. This puzzled me a bit so I checked the Firmware page and sure enough was informed that both a Device and Modem update were available. Unfortunately by this point I was running a little late for work and my Girlfriend needed the internet ‘fixing’ so she could work, so rather than install the new firmware, I rebooted the RUTX50 with a plan to update the firmware later, and this seemed to fix the issue.

At this point, my configuration is at:
- Firmware Version, Device: RUTX_R_00.07.07.3
- Firmware Version, Internal Modem: RG501QEUAAR12A08M4G_04.200.02.200
- Kernel Version: 5.10.210

Time then got away from me and we spent the weekend away at my parents, and when we returned on Sunday evening we found that the internet again had dropped out, so assuming a reboot would fix the issue, I took this opportunity of family downtime to update the firmware in the hope that everything would be rectified. I first installed the Modem Firmware from the server which seemed to complete successfully, followed by the Device firmware which also completed successfully, but still with no internet seen at the house (TP-Link WiFi connected, but ‘Connected Without Internet’). I then rebooted the RUTX50, but again no internet.

At this point, my configuration is at:
- Firmware Version, Device: RUTX_R_00.07.09.1
- Firmware Version, Internal Modem: RG501QEUAAR12A11M4G_04.200.02.200
- Kernel Version: 5.10.221

Starting to panic a little, I began checking the local Vodafone signal on my phone which is also a 5G SIM on the same plan, and everything is up and running. So next I disconnect the TP-Link equipment and connect a local PC to the LAN port of the RUTX50 directly, and connecting locally I also cannot get an internet connection. My next logical conclusion was to roll-back the firmware to the previously working version, so I downloaded the file from the Teltonika Wiki, got the green OK/checksums and rolled back the Device firmware. I selected to keep settings but received a warning that previous versions may not be compatible, but as I also had a backup configuration file (on 07.07.3) I proceeded.

Unfortunately, the firmware roll-back also seemed to factory reset the RUTX50, and upon completion I could not log in and had to revert to the default user and password printed on the base of the unit, and then go through the Setup Wizard. Once completed, I had internet again so as a quick check, I put the RUTX50 in Passthrough mode with DHCP Disabled and reconnected the RUTX50 LAN cable to my TP-Link Router WAN, but internet would not pass to my VLANs configured on the TP-Link Router. I could access internet on my main ‘VLAN 1’ network, but internet wasn’t available at any other VLAN. Confused I decided to restore my previous RUTX50 configuration backup file (from 07.07.3), which was essentially just Passthrough & DHCP Disabled again, but unfortunately nothing changed.

At this point I was running out of networking knowledge and started stabbing in the dark… I put the Device firmware back to the latest (07.9.1) and configured Passthough & DHCP Disabled, same issue. Digging deeper into the settings I noticed that under Network > DHCP that the DHCPv4 Server (& DHCPv6 Server) were still running though, despite me setting Disable DHCP - ON in the ‘Interfaces: mob1s1a1’. This confused me, but I assumed that the master Disable DHCP in the WAN configuration would overside all other settings. I tried various other setting tweaks, too many to mention in full (eg. trying Bridge mode, NAT mode, DHCP On/Off, Factory Resets of ALL equipment TP-Link included, etc.) with no luck until I DID find a temporary solution!

With the RUTX50 on its default IP address of 192.168.1.1, and the TP-Link ER605 on its default of 192.168.0.1 (WAN Dynamic), I changed the Subnet mask of the RUTX50 LAN to 255.255.0.0, and everything sprang back into life, internet again at all devices and over all VLANs! So at 4am having spent 6hrs fault finding, I left this temporary setup in play and went to sleep thinking I’ll do some more reading and reconfigure a permanent solution in the morning!

Unfortunately though, my success only lasted about 12hrs, and 4pm on the dot the internet dropped out completely with my TP-Link router showing the error: “ER605 failed to obtain the IP Address because IP-Address/Gateway conflict with IP address of another LAN/WAN ports IP Address=192.168.0.181, Mask=255.255.0.0, Gateway=192.168.1.1)”. Again this is where my networking knowledge hits it’s limits, but this must have something to do with DHCP leasing, and my guess was that the RUTX50 and the ER605 were fighting for control.

The last step in my journey, and much appreciated if you’ve got this far, was to set the ER605 Router to a Static WAN on 192.168.1.2/30, and change the LAN port of the RUTX50 to 192.168.1.1/30, hopefully forcing the two devices to talk with no other options available. And a again some success, Internet returns to all devices and VLANs… but only for around 2 days because this morning I was back to no internet.

Frustratingly, I am now at the limit of my knowledge, but with “Something DHCP Related” being my thoughts. As such, before I left the house today I tried putting the RUTX50 back into NAT Mode (not Passthrough), and I’m back to having internet throughout the system… But I have no idea for how long and at now at the point where I need help.

So at present, my configuration is at:
- Firmware Version, Device: RUTX_R_00.07.09.1
- Firmware Version, Internal Modem: RG501QEUAAR12A11M4G_04.200.02.200
- Kernel Version: 5.10.221

I have tried:

1. Confirming that Vodafone signal is good to the property (via phone).
2. Return Device Firmware to a known working configuration, but now no longer working.
3. Tried factory default settings/addresses for basic system configuration and fault finding, some temporary success.
4. Cycling through the settings I’m brave enough to change, and finding some temporary success.

My gut is telling me I’ve got a DHCP Issue, so unless there’s something blatantly obvious in my story that a network expert can point out, my initial questions would be:

• When using mob1s2a1 for WAN, does ‘Passthrough’ and ‘DHCP Disable’ actually disable ALL DHCP, or does this have to also be turned off in the DHCP Server menus?

Teltonika Wiki Page: RUTX50_WAN#WAN
Teltonika Wiki Page: RUTX50_DHCP

• When reverting back to my last known working configuration of Device firmware and backup configuration file, the only difference was the Internal Modem Firmware which cannot be rolled back by the end user, so could this be a factor?

• Has anyone else chased a similar issue, with a similar/same firmware configuration, and had more success than me that they could share?

Thank you in advance if you managed to get through all that, I’m happy to supply any other information I can gather that may help, just point me in the right direction. I appreciate any and all help you could give me, as while I‘m currently up and running, I don’t know why it’s working and feel like I’ve just put a sticking plaster on a much more complex fault.

Kind Regards,
Leon.

Are you set to IPv4 only and Auto APN on your mobile connection already?

[Just ignore my NAT Mode in the screenshot]

Hi TeWe,

I don’t have the equipment in front of me until I get home unfortunately, but I did try and take as many photos this morning as I could, and luckily one of them was of the mobile interfaces screen.

Can confirm that my current settings are:

• PDP Type: IPv4/IPv6
• Auto APN: On

(Currently in ‘Mode: NAT’, but the same settings used in Passthrough. I do not know what they were on my previously working configuration unfortunately)

Kind Regards,
Leon.

Okay - so I’ve seen situations where the mobile connection flaps between IPv4 and IPv6 and this won’t work.
Make sure you’re on IPv4 only and give it a try.

If - for whatever reason - your RUTX50 decides to jump on IPv6 then your mobile connection will be gone and the result is exactly what you wrote in your little book

Ha Ha, I’ll give it a go tonight and report back (after my creative writing course).

Thanks again,
Leon.

After a plethora of changes, can you check that you have set the ER605’s MAC address on your mobile interface. This you will find in the ‘MAC address’ field at NETWORK > WAN > WAN INTERFACES > mob1s1a1 > GENERAL SETTINGS (assuming passthrough is occuring on mob1s1a1).

If you don’t know the WAN MAC address for your ER605, then note the MAC address on the label underneath the ER605, and increment it by +1 for the WAN MAC or +2 for the WAN/LAN1 MAC (if using).

Judging from several posts on here, Passthrough has a LONG STANDING issue with DHCP, should the mobile signal drop out. From the posts, it seems that the device waits for the lease to expire before re-establishing connectivity. Workarounds seem to be ‘setting lowest lease times’ in a couple of places on the UI. THIS SHOULD HAVE BEEN ADDRESSED BY TELTONIKA A LONG TIME AGO BUT HAS NOT!

Given the tortured route of upgrades you’ve gone through to get to your current position, you could consider taking the device back to a base config and rebuilding by:

• girlfriend using her own data until problem solved
• factory reset
• reflash device (not modem) firmware from local file
• rebuild, including any DHCP workarounds that also work in NAT mode
• sit back and obesrve stability of mobile connection in NAT mode
• after a suitably long period, change over to Passthrough mode, including any futher DHCP workarounds applicable only to Passthrough mode
• have a beer with all that money saved in data costs

Thanks Mike,

Good shout, I never thought to specify/force the MAC address, probably because it didn’t previously require it on my last working configuration, so will give that a go tonight. I’ve also read a few posts around the successful Passthrough workarounds, so that’s also on my list to try.

Typically, I only got about 10mins playtime last night (self imposed as my late night finally caught up with me), so just got around to implementing the PDP Type: IPv4 only setting as recommended by TeWe, which so far has maintained the internet connection overnight (all be it still running in NAT mode).

Weekend plan though is essentially as you’ve described, start at a fresh baseline to get my head on track and work through those steps, while also making (less panicked) notes and monitoring/logging as much as I can… Might move the beer up a few stages though!

Thanks again for your time and assistance and I’ll report back tomorrow/after weekend.

Kind Regards,
Leon.

I believe that the RUTX in Passthrough mode, passed on the WAN IP to the first device to connect to it. I assume this field now ensures that the WAN IP only gets assigned to a device port with that specific MAC.

Enjoy the beers.

Regards,

Mike

Ok, took most of my Sunday evening, but I believe I’m now up and running again with the RUTX50 in Passthrough mode, with stable internet through to my ER605 (where DHCP is/should be performed), and Internet provided to all clients at all permitted VLANs on my Omada network.

I worked up a substantial Word document log of steps taken with associated before/after screenshots, but I think the big hitter in all of this was applying the MAC address of the ER605 WAN port (which I can confirm is the hardware printed sticker MAC address incremented up by one) to the mob1s1a1 WAN Interface setting page.

I got a good couple days running in NAT mode, and switching to Passthrough mode with ‘DHCP Disabled: On’ (mob1s1a1 WAN Interface page) still allowed Internet at the main VLAN on my Omada setup, but instantly blocked it on all other Omada VLANs. Then, setting ‘DHCP Disabled: Off’ but adding the MAC address to the configuration brought all VLANs back online instantly, so while I still don’t fully understand the reason, this has 99% returned me to my original working configuration. The only difference now is that I have to create a static WAN port IP address on my ER605 on the same subnet as the RUTX50 LAN port, and DHCP is presumably ‘enabled’ on the RUTX50 (but directed to the ER605) whereas before it wasn’t, and doesn’t seem to be doing anything anyway as my VLANs are all on a completely different subnet.

Just to reaffirm my own networking knowledge here, if I put ANY mobile router into Passthrough mode, shouldn’t all DHCP capability be switched off if I want it to just act as a dumb 5G modem? This was my understanding and is what I’ve done with our previous two iterations of cellular internet sources on the same SIM card (a Netgear Nighthawk M1 and a TP-Link Archer MR600), and also how I ran the RUTX50 for over a year with no issues until Firmware 07.09.1.

I expect there are some use cases where DHCP in Passthrough at the cellular hardware are valid, otherwise why not just disable it automatically by default and grey out the option when Passthrough is selected. But for me, I have a pre-configured Omada network that just asks for an internet source connected to its only active WAN port, and it is/was setup to do so regardless of the cellular passthrough device connected to it, or at least given my experience always has. Therefore, what is the reason (outside of my probable lack of understanding) for turning the ‘DHCP Disabled: Off’ slider on my RUTX50 (to make entering a MAC address available), when the ER605 should be doing the DHCP? And… why has this only become an issue now?

I can see that the DHCP Server page of the RUTX50 gives the default 100 through 249 pool of dynamic addresses, none of which are being used because the static address on the ER605 is in the sub-100 range, and DHCP on both IPv4 & IPv6 tabs are set to ‘Status: Disabled’ anyway with nothing else ever to be connected on the same RUTX50 LAN/ER605 WAN subnet, so I’m confused… Is setting ‘DHCP Disabled: Off’ just to get the GUI option for MAC address and disabling it manually needs to be done throughout the rest of the device, or is it actually switched on but serving no function at the moment other than to provide unrequired DHCP for 100 to 249 on its own subnet?

My Omada network uses a completely different subnet address range to the RUTX50 (outside of the now static WAN port), and the VLANs are split again into their own subnets. So, I’m sure all DHCP is being done at the Omada level… Isn’t it?

I’m obviously going to do some more reading outside of these questions to help my understanding, maybe book myself that CompTIA course I’ve been telling myself I always would, but for now I’m up and running again (13hrs, plus a successful scheduled weekly reboot) with a configuration I’m happier with, so the pressure is off.

Thanks again to you Mike for the suggestion as it seems to have been the solution, even if I don’t yet fully understand the fix!

Kind Regards,
Leon.

Also, the ‘PDP Type: IPv4’ only configuration suggested seems to have been stable for a few days now, so thanks again TeWe!

Kind Regards,
Leon.

Welcome mate

That is what Teltonika calls “bridge mode”.
“Passthrough mode” is something slightly different: the modem replies to DHCP requests with the address that the WAN side has received from the network. So the router behind the Teltonika device will get a DHCP reply with a small network (/30 or slightly larger) where the received address is your public address and the received default gateway is another address in that small network. So your own router will treat it as an internet connection.
There are some issues:

• before the WAN side has made a connection, the Teltonika device will reply with an IP address from its own DHCP server (192.168.2.100 for example) and with quite a long leasetime. When one second later it receives the correct IP from the WAN, it has (due to restrictions of DHCP) no way to tell your router it needs to update its address.
• when the WAN side changes your address (happens once a day here), it has no way telling the router.

Workaround: set a very short lease time in both the DHCP service and the “Passthrough” setup.

Another problem: apparently the use of Passthrough puts much more load on the CPU, resulting in slow connections (max 200-250 Mbps on my TRB500).
One would expect NAT mode to be slower, but the opposite happens.

@r.janssen has elaborated the behaviour very well, that I referenced in an earlier post about the workarounds. I have a site that has exactly your Omada configuration, using a RUTX as its WAN in passthrough mode.

As we’re not too concerned with always-on, real-time data streaming, then the 2 minutes lowest lease time (set via the UI) is acceptable. There are two areas that we set this via the UI, and the first is found at …

NETWORK > DHCP > SERVER SETTINGS > IPv4 > DHCPv4 SERVERS:lan > GENERAL SETUP > Lease time = 2 Minutes

And the second place …

NETWORK > WAN > WAN INTERFACES > mob1s1a1 > GENERAL SETTINGS > Lease time = 2 minutes

CAN WE PLEASE HAVE A RESPONSE FROM TELTONIKA, AS TO WHEN THESE ISSUES WILL BE ADDRESSED

As an aside …

Bridge mode offers significant improvements in response times compared to Passthrough but my limited observations were that its behaviour MAY be similar to Passthrough mode, as described by r.jansen. But in Bridge mode, there is no option of manipulating things such as lease time to force the connection sooner, rather than later. Hence why we settled on Passthrough mode with the lease time ‘band-aids’ - I will revisit the possibility of using Bridge mode.

For Bridge mode, this can be observed in your setup by plugging in the powered up ER605 into the powered down RUTX and then powering up the RUTX. You will find that there is no Internet.

Reboot the ER605 and Internet connectivity is established because the RUTX has already established a connection with the mobile operator and reconciled its internal interfaces, before it has had to ‘talk’ to the ER605.

It’s been a long time since I played with the RUTX in Bridge mode, so if you don’t use RMS, Ping Reboot etc. and the only device plugged into the LAN ports is the ER605, then it is worth seeing if it works for you. When connecting for the first time, ensure the RUTX has powered up and been given time for the LTE connection to stabilise … then plug in the ER605.

I’ve just setup a ‘lab’ platform with your topology but using a RUTX09 and I can see the WAN DHCP Client on the ER605 sucessfully renewing the lease every 30 minutes. The connection also re-established when the carrier renewed their DHCP lease. Unfortunately I wasn’t awake to capture any length of down-time (if any) when the carrier IP changed. I’ll report back.

On our setup, we don’t do this, and with my limited experience of Omada, I am trying to think why we would. Does everything still function if you remove it, set to Dynamic and give it a couple of DNS servers (optional) .e.g. 1.1.1.1 & 8.8.8.8?

I assume you’re setting this via the OC200 on this screen …

image640×810 12.3 KB

That is what Teltonika calls “bridge mode”.

“Passthrough mode” is something slightly different: the modem replies to DHCP requests with the address that the WAN side has received from the network. So the router behind the Teltonika device will get a DHCP reply with a small network (/30 or slightly larger) where the received address is your public address and the received default gateway is another address in that small network. So your own router will treat it as an internet connection.

Today is a school day! Thank you for that, it seems I had my terminology a bit backwards. From memory, I think the Netgear Nighthawk called it ‘IP Passthrough’, or at least that’s the mode I would put their 4G Router in to provide just internet to the router (Nighthawk mesh system at the time). Also, having now read your clear description and going back to the RUTX50 Wiki Manual, the definition of Bridge & Passthrough makes a lot more sense to me! I always assumed Bridge mode was something I didn’t need to know about, so my own ignorance is to blame there!

It’s been a long time since I played with the RUTX in Bridge mode, so if you don’t use RMS, Ping Reboot etc. and the only device plugged into the LAN ports is the ER605, then it is worth seeing if it works for you. When connecting for the first time, ensure the RUTX has powered up and been given time for the LTE connection to stabilise … then plug in the ER605.

I’ve just setup a ‘lab’ platform with your topology but using a RUTX09 and I can see the WAN DHCP Client on the ER605 sucessfully renewing the lease every 30 minutes. The connection also re-established when the carrier renewed their DHCP lease. Unfortunately I wasn’t awake to capture any length of down-time (if any) when the carrier IP changed. I’ll report back.

Yes, that’s exactly my configuration. I use the RUTX50 purely as our internet source, so none of the packages or ‘extra’ features are in play. A bit overkill, but my logic for getting this over the TRB500 was that if the Omada had a complete failure, I could at least configure the RUTX50 as ‘Backup WiFi Router’ pretty quickly with a pre-set, so built in redundancy for a few extra £’s.

I will give bridge mode a try this weekend and see how I get on, so far I’m just over 3 days without a known dropout since the new configuration was applied on Sunday (adding MAC address). I’ve not actually changed the DHCP lease times down to 2mins yet either, so maybe I’ve got lucky or perhaps it’s because the kit (all of it) only gets a scheduled reboot on a weekend and the RUTX50 always boots up and configures quicker than the ER605… Will also report back!

On our setup, we don’t do this, and with my limited experience of Omada, I am trying to think why we would. Does everything still function if you remove it, set to Dynamic and give it a couple of DNS servers (optional) .e.g. 1.1.1.1 & 8.8.8.8?

I assume you’re setting this via the OC200 on this screen …

Yes, when running up to and including Firmware v07.07.3, in Passthrough with ‘DHCP Disabled: ON’ and no MAC address entered, the ER605 was set to its default of Dynamic IP and all was working, I never had to touch it and working fine for over a year.

When updating to Firmware v07.09.1, with Keep Settings enabled, and still no MAC address entered, I had no internet from the ER605/Omada post update, but could get internet by connecting my PC directly to the RUTX50 LAN cable. At this stage I could also no longer access the RUTX50 Web Interface via the Omada network, which prompted this direct connection. So perhaps this was the passthrough issue manifesting before I knew to even look for it.

I admit, this was the stage I started to flail about in a post-midnight panic, so my memory is a bit spotty, but reverting back to Firmware v07.07.3 forced me to Factory Settings, I applied just Passthrough and ‘DHCP Disabled: ON’, but that now didn’t work… Or admittedly, perhaps I’d forgotten something. Either way I upgraded again to Firmware v07.09.1, Factory Reset and started from scratch, finally getting up and running again with the RUTX50 LAN and ER605 WAN on the same static 192.168.1.1/24 subnet in NAT mode… Then I sought help here!

Fast forward to today, my working configured setup is currently:

- RUTX50: Firmware v07.09.1, Passthrough with ‘DHCP Disabled: OFF’ & MAC address of the ER605 WAN port entered, Static LAN IP and /24 mask.

- ER605 (managed via OC200): Static WAN IP on the same RUTX50 IP range and /24 mask with Gateway IP set as RUTX50 LAN IP. DNS Servers as 1.1.1.1 Primary & 8.8.8.8 Secondary.

If I switch to Dynamic IP on the ER605 WAN (via the OC200 GUI), I can no longer access the RUTX50 Web Interface over the Omada network and I lose internet to all VLANs (which are all on completely different subnets to the RUTX50 LAN & ER605 WAN). Alert message at the OC200 is “[WAN] of ER605 is down”.

I’ve not left it in this state for any real amount of time, or yet tried powering up kit in specific orders with Dynamic IP selected, but again I’ll also give this a go at the weekend and see if it’s just hanging there waiting for a lease and would correct itself again if I forced it/waited long enough.

New firmware seems to be coming out thick and fast at the moment too, currently up to v07.09.4, but I’m “once bitten” at the moment so going to get my head around this properly before I progress to another update…

Kind Regards,
Leon.

This topic was automatically closed after 15 days. New replies are no longer allowed.