Teltonika & Netgate troubleshooting

NETWORKING SOLUTIONS
1

Hi folks I’m in a quite tricky situation. I’m a junior networker, got my CCNA last year but didn’t have that much opportunities to deal with problems that are outside the CCNA scope. I’m also new to Teltonika and lets say “advanced” user at Netgate. Firstly I will describe my situation and afterwards will ask questions.

I have a client who used Teltonika for internet connection via SIM card and he wanted to put Netgate after Teltonika so he could see if certain Netgate features will work for him since Teltonika router couldn’t provide it for him. Basically, Teltonika is just a modem and the Netgate is firewall in the current setup.

When I first started this task, I thought it will be piece of cake but deeper I go I find myself really confused and unsure what to do.

Anyway…

Teltonika is currently set up in a Bridge mode and it leased a private IP address to the Netgates WAN interface connected to it. It’s NATing and the devices have access to the internet but that’s not working for me since I’m unable to setup IPsec and OpenVPN. But… I need Teltonika to lease/ forward/ pass (not quite sure which expression to use) the public IP address to Netgates WAN interface.

This is what I found on the web.

  • NAT mode This is the most commonly used mode - it handles L3 routing, as well as NAT (Network Address Translation). In this mode, managed Teltonika products can support more than one LAN client, by providing each of them with a private IP address. If you have a public IP address on your mobile interface, port forwarding can be configured to forward specific ports to LAN clients. Some people also treat NAT as another layer of security, as without manually opening the ports from the public internet, LAN clients will not be reachable.
  • Passthrough mode In this mode the router shares the IP address assigned by the operator with a single LAN clients. Great option in cases where the router needs to have internet access itself (for example RMS, ping reboot, monitoring, etc.).
  • Bridge mode The router forwards the DHCP lease from the carrier directly to the LAN client. This way the router/gateway will only act as a “bridge” between the LTE network and a wired client.

I’m currently accessing those two devices via AnyDesk session on the PC that is in their network (they are 80km distant from me and I really don’t want to cutout myself and be forced to drive there again).

My question is:

If i put Teltonika in Passthrough mode will I permanently lose connection and be forced to drive there again or will I lose connection for just a few minutes?

If you guys need any additional info please let me know, I will gladly provide it. I’m really desperate and don’t know what to do..

Any help and information is welcome!

Thank you in advance and best regards,

Aleksej

3

Hello,

Just to confirm, as I understand it, you’d like to have the public IP address assigned directly to the Netgate device, correct?

The key point here is that when configuring Passthrough mode, you’ll need to specify the MAC address of the Netgate’s. If that MAC address is known and it’s the only device connected to the Teltonika’s LAN port, and your AnyDesk session runs via a different office internet connection (or another out-of-band path), then switching to Passthrough mode shouldn’t cause any lasting connection issues. The connection would typically drop momentarily while the new lease is assigned, but you should be able to reach the Netgate via the new public IP shortly after.

If, however, your AnyDesk session is dependent on the local network behind the Teltonika, you might risk cutting yourself off. In that case, it would be wise to arrange a temporary out-of-band fallback (like a mobile hotspot connection for remote access to the management PC) just in case.

Best regards,