Experience with Optus 4G wireless broadband
Some background, where I try not to gripe about NBN...
O NBN!, wherefore art thou NBN!That pretty much sums up my experience over the last year, having relocated from Sydney with a decent NBN connection, to an ADSL1 connection in the Gold Coast. I was then left waiting for either an ADSL2 port to free up (not likely to happen) or NBN to finally arrive. NBN was expected here in Dec-18 and is now due in Dec-19....
So with NBN delayed another year, I was well and truly over my current connection. For the record I had 6 Mbps download and 0.3 Mbps upload. So uploading a picture to facebook would kill my internet. It's hard to believe this can be sold in Australia as an adequate service.... right not griping, moving on.
Thankfully this is all behind me with the introduction of Optus's 4G wireless broadband plans, which were released in November 2018 replacing the Vividwireless service.
Based on our usage of around 380 GB per month, I selected the the $80 500 GB plan. The $60 option was for 200 GB.
Optus Plan and Hardware
Checking the Optus wireless broadband coverage I was happy to see the expected coverage was indicated as "Good" indoors and "Great" outdoors, I wasn't sure exactly what this meant but I expected it would be better than what I had. I did do some tests with my mobile which uses the Optus network as well to see what I could expect which seemed promising.I did look at antenna's, in-case the connection wasn't as good as I hoped, the Router has two connectors for an external antenna, if I do get one I'll likely try the one recommended here for $79.
I ordered the Optus $80 plan online, the hardware arrived promptly, with the router and standard LAN and telephone cables, the activation was expected to be automatic within 4 hours of delivery, but I ended up needing to call to get this done.
Huawei 4G Router B525 (model B525s-65a)
This is a 4G LTE router which seems to review fairly well. However I was disappointed in the lack of security/family features which I discuss below.The full specs can be found here.
I have the router upstairs in our 2 story house, I had a fair idea of the best spots having tested speeds on my mobile which uses the Optus network (using Speedtest.net).
Here's the speed as this morning. As you can see this is a vast improvement on my previous ADSL1 speeds of 6 Mbps down and 0.3 Mbps up.
Due to the location of the 4G router I don't use the WAN connection, I've used my existing Asus AC68U router in repeater mode which most devices were connected to either physically or via wireless. This meant fairly simple integration with the existing home network.
Router Configuration
Blocking Inappropriate Content
For the family I implement some standard security. Normally from the router I'd set the DNS settings to use my own DNS server which uses OpenDNS to help block inappropriate content, plus some additional settings to force Google and Bing to always do safe searches.Setting up DNS
Running through the settings there wasn't a screen to change the 4G routers DNS settings. This seems likely a pretty glaring omission. Digging a bit further I found the capability is there, it's just hidden in the Web UI. I'm not sure on the rational of why.Below is the standard DHCP settings screen.
Using the developer features in Chrome you can re-enable the DNS setting options.
While on the DHCP settings screen:
1. press F12 to bring up the developer screens
2. Then enter the following in the interactive Console
$('#dhcp_dns_statistic').show();
$('#dhcp_primary_dns').show();
$('#dhcp_secondary_dns').show();
The DNS settings should now appear.
Here's a screenshot of the entering the javascript commands into the console.
This will then enable the DNS settings, so you can enter values and save.
Below I've set my DNS to a local server (192.168.8.11), and left the secondary as the Router address.
Time Scheduling
There appears to be no concept of time scheduling on the router, again a must have for the kids.
The router does have an XML based API that the Web UI uses. As there is blocking of MAC addresses I'm currently tinkering with this with an aim to setup time scheduling from a Raspberry Pi blocking an unblocking devices as required.
Once I have some progress I'll add a post.
Update 24-Jan-19: I've now implemented a Python API in this post.
Port Forwarding (Virtual Server)
There is no Web UI to allow port forwarding. From looking at a non hobbled B525 it looks like these settings should be under Security, likely linking to a virtualserver.html page.
I couldn't find an obscured page, nor any hidden settings, but all was not lost the underlying API still allows setting this, you can login to the router Web UI then change the address to http://192.168.8.1/api/security/virtual-servers. I've now implemented setting this in the Python API mentioned in this post.
I now have a local IPSEC VPN server running on a Raspberry Pi and the B525 forwards UDP ports 500 and 4500 to this server.
I now have a local IPSEC VPN server running on a Raspberry Pi and the B525 forwards UDP ports 500 and 4500 to this server.
Update 2-Feb-19: I've added a separate post on setting up port forwarding. Either using the python API or manually.
Monitoring Usage
You will get charged $10 per 10 GB if you go over your data usage cap, we can use 10 GB in a day so monitoring is pretty important.
The My Optus web page will provide the usage information, with some delay, but it's manual.
I expect I may get SMS and email alerts from Optus, so I'll wait and see. I haven't yet got the mobile application working for the phone so I'm not sure if it has some alerting features.
In the meantime I'm also looking into the router API to see what I can do. I'm aiming to setup monitoring and send an alert to my phone. It may also be possible to limit the connection speeds if the limit is getting close.
Summary
Overall I'm pretty happy, $80 per month was a bit more than my previous plan, but I now have decent internet service (for Australia), and we have fewer family member witch hunts when the internet crawls to a halt.
The router home security features are a bit disappointing, but as above I've got the inappropriate content blocking working, and I should be able to set time scheduling via the router API, a Raspberry Pi and some python code.
I'll likely look at an Antenna to see what I can push the service to, and it may be credible to stick with wireless broadband even when NBN finally arrives. Although having a cap of 500 GB on my service is probably the biggest issue. Especially once we start to get some 4k content streaming into the house.
it would be great if you could find a way to enable band locking on this device.
ReplyDeletemine seems to like to default to a slower band.
Sure I'll have a look into this and see what I can find.
DeleteGreat, I have found a program that allows you to lock the modem to specific bands.
DeleteThe website is in German but the program can be changed to english.
It's called LTE inspector and can be found on
https://www.lte-anbieter.info/lte-forum/threads/lteinspector-huawei-4g-router-Ãœberwachungssoftware.4172/
Nice, I grabbed a copy too. Looks like an easy way to control the LTE bands.
DeleteFrom looking into it the band settings involve calculating bit masks, so it's not so easy to determine and set via a back-end fudge. I did add it to the Python API while I was there.
Thanks for the DNS fix :)
ReplyDeleteAny idea on how we can put the unit into bridge mode??
ReplyDeleteJust picked up a Netgear orbi and it seems to be causing issues that bridge mode should fix.
It's a feature that's avavalibav on overseas models but missing from ours :(
Unfortunately not, the bridgemode API endpoint appears to be disabled on the Optus provided modem.
Deletehow do you alter the ipv6 dns settings?
ReplyDeleteI'm not sure as I don't use ipv6. You could try just passing a ipv6 address directly to the modem API. Either using the python code or following the steps to call an API manually here:
ReplyDeletehttps://adventuresinadigitalland.blogspot.com/2019/02/port-forwarding-on-optus-4g-b525-router.html
The API to call is:
http://192.168.8.1/api/dhcp/settings
This comment has been removed by the author.
ReplyDeletethanks so much for DNS uncovering tip. Really helped me out.
ReplyDeleteMy pleasure :)
DeleteThat DNS hack is awesome. Optus DNS is terrible and after switching over to google public dns, some routing issues for our myshopify admin went from close to 20 seconds for a product page load (yesterday) down to about 1 second today. Amazing work uncovering that dns setting. Many Thanks !!
ReplyDeleteAwesome! I'm glad to hear this helped you.
DeleteHey Hamish!
DeleteIt's amazing to see someone who investigate so much on this router. I realised that your DNS hack was used with the previous Web UI. I have now the new version:
Software version81.191.13.00.25
Web UI version81.100.31.02.25
When using the commands in the developper tool nothing happens. Any chance you could help with this hack on the new UI?
Thanks!
Hi Adrien,
DeleteI checked for any updates my Web UI, but it is on 21.100.44.00.03.
I can only suggest you view the source of the DHCP page and search for "dns" to see if the elements are still there, perhaps just renamed.
HTML elements with a style including "display:none" is how they were disabled in my version. So you can also search for "display:none".
In Chrome to view the source you need to press F12, then reload the page to see the contents of dhcp.html.
Great article. Can you detail what you did to run your own DNS server? I'm wanting to setup for the same reasons you did. At the moment I'm running an Access Point (AC68-U) off the Huawei.
ReplyDeleteSnap - I use the dnsmasq running on the Asus rt-ac68u router. Using Merlin's firmware for the router to make adding user configs easier. So I have a custom config that the dnsmasq uses. I'll send some more detail on how it's setup when I'm at home.
DeleteOh rats - I think in Access Point mode the DNS functions may be disabled on the AC68-U router.
DeleteI ran in this mode for a while, then ran a cable to my router from the AC68-U so I could run it in the normal router mode.
For what it's wotrth here's my DNSMasq config:
# Logging
#log-facility=/tmp/mnt/BACKUP/asus/log/dnsmasq.log
#log-queries
domain=local
expand-hosts
local=/local/
#OpenDNS first
server=208.67.222.123
server=208.67.220.123
server=/ngrok.com/8.8.8.8
server=/ngrok.com/8.8.4.4
server=/ngrok.io/8.8.8.8
server=/ngrok.io/8.8.4.4
address=/double-click.net/127.0.0.1
address=/tesla/192.168.1.51
address=/tesla.local/192.168.1.51
cname=www.google.com,forcesafesearch.google.com
cname=www.google.com.au,forcesafesearch.google.com.au
cname=www.bing.com,strict.bing.com
cname=www.bing.com.au,strict.bing.com.au
Hi! Is there an hidden option or API option to tweak SIP VOIP settings? I need to change the reconnection time from default to 60 sec to be compatible with my 4G natted provider or I'll miss all incoming calls :(
ReplyDeleteCan you help anyhow?
Thanks !
Hi Mattia,
DeleteOn my system the VOIP settings look to be hobbled.
I found the following API calls, but they return no payload:
- api/voice/sipadvance
- api/voice/sipaccount
- api/voice/voiceadvance
I also hunted through some screenshots of the VOIP settings pages online but couldn't see a reconnection setting.
Count another THANK YOU for the DNS fix from me please - this was wonderful! I'm using T-Mobile in Austria (now renamed to Magenta) with a similar yet different crappy 4G LTE modem "Huawei b529s-23a" and your DNS trick worked just fine on that one, too!
ReplyDeleteHow did you uncover this? Is there any chance that my model might have that fabled bridge mode in there, but similarly hidden? I'd like to go hunt for it, see what I can do.
Hi @torengb, great I'm glad to hear this helped you!
DeleteI downloaded all the source (javascript, html pages) then scanned it for "DNS" text. Followed the advice here:
https://www.mrt-prodz.com/blog/view/2015/05/huawei-modem-api-and-data-plan-monitor
Once I found the the HTML elements it was fairly elementry from there, and great to discover that the functionality was only hobbled at the front-end.
If I get a chance I'll see what I can find on the bridge mode.
Hi torengb,
DeleteYou can login to the modem, then enter the following address and see what it says:
192.168.8.1/api/security/bridgemode
On mine it gives an error (100002), so I believe it is disabled on my device.
Let me know what yours says (you may need to view source to see the response).
Hi @torengb - for those in Oz on Optus the only option for Bridge mode seems to be changing the firmware as per the post below.
DeleteInteresting post on Whirlpool with instructions to 'unlock' the B525, seems it does have a Bridge Mode. https://whrl.pl/RfZFtW
ReplyDeleteNice - once I finish my Wireless Broadband with Optus (NBN has arrived at last - probably....) I'll be looking into this.
DeleteWell NBN is now up and running. I went ahead and followed the instructions to unlock the B525. Took me a couple of goes to get it into the boot loader mode. Other than that it went fine. I'll post some screenshots.
DeleteI can confirm Bridge mode is then enabled.
After doing this I realised I probably didn't need to, as I only needed it to be set to Dynamic mode (it gets an IP from my RT-AC68u via a LAN cable, which is connected to my new TPG provided NBN router), and I turned off the mobile function.