Sponsored

Huawei B535-232 4g/LTE Router Issue

Hey guys,

just found this thread. Interesting that so many people got the same issue.

I can reliably provoke the issue and resolve it again, by opening many connections/closing them.

So it's a firmware issue on the Huawei with the firewall features - which I turned all off in the GUI. But it seems that there's still some detection going on on HTTP/HTTPS connections, which gets overloaded when there are too many open connections.

I've contacted the support 3 days ago about this, but haven't heard anything back.

Does anyone got an idea how to get shell access on those routers?
 

dabigm

Top Member
Sorry if i've not read every single post, quite a long thread, maybe it was already mentioned..

re: stalling web pages, that seem to work over VPN or messages like "Establishing secure connection" in chrome ... have you tried setting the MTU to 1400 ? I believe even the routers supplied by three have them set to 1440 but setting it to 1400 resolved all of that issue on my friends 535.

He was getting good speeds, over 70mbit, but pages would take ages to establish the connection. Works perfectly now.

This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.
 

TTJJ

ULTIMATE Member
Does anybody have any advice for this negotiation? Anybody managed to successfully get out of their contract early without paying?
How did you get on?

After making it very clear the issues weren't improving I managed to get them to cancel 3 lines I had in family members homes because of this. In one case I wanted to keep the router so they charged something like 50 quid, the others let us cancel FOC as long as we returned the routers so it ended up fine. Vodafone has been fine since.

It took a few calls but it wasn't particularly difficult to get them to end the contract. I think they know what their network performance is like and they don't really have much of a choice. They do try to offer your discounts first (and heavy ones) to make you stay but in the end it's really not worth it.
 

Gandi69

Pro Member
You’ll be lucky to get any better latency than that, it is the nature of over the air connections (not star link though). I wouldn’t bother with vpn or tunnels if you are trying to reduce latency, they are good for hosting your own stuff etc but imo it’s not going to help you with gaming.
 
Sorry if i've not read every single post, quite a long thread, maybe it was already mentioned..

re: stalling web pages, that seem to work over VPN or messages like "Establishing secure connection" in chrome ... have you tried setting the MTU to 1400 ? I believe even the routers supplied by three have them set to 1440 but setting it to 1400 resolved all of that issue on my friends 535.

He was getting good speeds, over 70mbit, but pages would take ages to establish the connection. Works perfectly now.

This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.
Hey dabigm,

thanks for the hint, but Linux should normally do proper path mtu testing by default.

I've checked it, to be sure, and indeed my internet provider supplies me with a proper path mtu of 1500. So there's no issue here.

I can also reliably trigger this, by opening more connections - so when I close some programs which establish connections the issue will disappear.

Huawei Customer service btw replied to my request, and stated, and I quote:

"Maybe your internet connection is not that strong, because if your
device meets all 4 bars and the connection is still slow, it is not the
not the device itself.

Please note that when you download something, the connection is slowed down."

So there definitely onto something :'D

Anyway - I wrote them an answer. I actually had a smaller Huawei router in the same position before, and it hasn't had any issues. So there's definitely some "web filtering" stuff still on this model, even when the firewall is deactivated - which causes this issue.

I'll gonna have a look at the firmware and report back if I find the time to work out a solution.


This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.

Nope, no proxying, but tunneling. I think you found that they use IPv4 over IPv6 tunneling and don't properly handle too large packages. Normally IPv4 expects that packages are fragmented by routers which can't handle the full 1500 byte size. If not, there's an ICMP to inform the sending computer, that the package is too large, if the "do not fragment" flag is set. The network stack then sends smaller packages.

But IPv6 doesn't bother with this bs. The packages are always "do not fragment" and routers will never fragment packages, but instead send an ICMP.

But somewhere in most ISPs setups they tend to brake something and the "package too big" info from the IPv6 side isn't reaching the sending IPv4 host.

That's called an PMTUD blackhole.
 

dabigm

Top Member
Hey dabigm,

thanks for the hint, but Linux should normally do proper path mtu testing by default.

I've checked it, to be sure, and indeed my internet provider supplies me with a proper path mtu of 1500. So there's no issue here.

I can also reliably trigger this, by opening more connections - so when I close some programs which establish connections the issue will disappear.

Huawei Customer service btw replied to my request, and stated, and I quote:

"Maybe your internet connection is not that strong, because if your
device meets all 4 bars and the connection is still slow, it is not the
not the device itself.

Please note that when you download something, the connection is slowed down."

So there definitely onto something :'D

Anyway - I wrote them an answer. I actually had a smaller Huawei router in the same position before, and it hasn't had any issues. So there's definitely some "web filtering" stuff still on this model, even when the firewall is deactivated - which causes this issue.

I'll gonna have a look at the firmware and report back if I find the time to work out a solution.




Nope, no proxying, but tunneling. I think you found that they use IPv4 over IPv6 tunneling and don't properly handle too large packages. Normally IPv4 expects that packages are fragmented by routers which can't handle the full 1500 byte size. If not, there's an ICMP to inform the sending computer, that the package is too large, if the "do not fragment" flag is set. The network stack then sends smaller packages.

But IPv6 doesn't bother with this bs. The packages are always "do not fragment" and routers will never fragment packages, but instead send an ICMP.

But somewhere in most ISPs setups they tend to brake something and the "package too big" info from the IPv6 side isn't reaching the sending IPv4 host.

That's called an PMTUD blackhole.

Path MTU relies on ICMP.

Today, many people / corporations block ICMP therefore PMTU will not work . This is something you can test yourself with the linux ping command.

All I can tell you is that right now, three 5G is my main internet connection (OK it gets busted down to 4G sometimes, but I still get 70mbit down and 30-40 up when it does) but when I was busted down to 4G the speed tests would tell me I was getting that 70mbit etc, when I opened a web browser I would often see chrome waiting for a connection, or establishing the connection etc... but after making the MTU change, bam everything just works. Doesn't seem to be a problem on 5G, but I guess it's different kit.

I even noticed it on youtube and disney+ with the loading circle of doom... but not after the MTU changes.

This of course depends on the kit that the network uses near you. For me, it fixes many issues. I'm not saying it works for everyone. But I don't think you can rely on PMTU in 2021.
 
@dabigm agreed, there are some circumstances where pathmtu might not work. But in my case I've run the test towards one of my servers.

Linux does also do a fallback if there's a blackhole, due to ICMP issues, so it *should* always work, as long as both sides of the connection run linux.

My test showed that the path can support 1500 MTU - which is what I expected.

Apart from this, I usually have no issues. Only when there are too many connections, something about 300-400 open connections will trigger this behavior pretty reliably.

When I close those connections, the router cleans up this weird firewall state and everything starts to work, basically immediately.

Additionally with the much smaller Huawei router before I had zero issues.

---

My request to the Huawei support passed the L1 support and is now heading towards the "specialty department" - which is probably just another level of support :D

I'll keep you updated. :)
 

joshshort

Member
Hi! Sorry for the slight thread hijack from a new user but there seems to be a lot of shared knowledge about this device in here!

I have a B535-232 which I bought a Smarty SIM for and am using it on my boat. I got an AAISP L2TP VPN account to get around Smarty CG-NAT and give me a static IP. I've done this because I have a few services running on Raspberry Pi's around the boat that I'd like to be able to access when I'm not aboard. However I'm not having any luck at all forwarding the ports I need using the static IP from AAISP. Does the B535 not forward VPN traffic at all or is there a workaround for this?

I'm going to try a three SIM and use the non CG-NAT APN as I'm not actually bothered about my connection to these services being routed through the VPN and could use a DDNS to get the WAN IP (I already checked this and that also seems to update the DDNS with the Smarty IP rather than the AAISP VPN one so I'm hoping inbound ports to this IP would also be routed using the bizarrely named "Virtual Sever" rules). The AAISP VPN still seems to work well as a general traffic anonymiser so I think I'll be keeping it regardless.
 

dabigm

Top Member
Hi! Sorry for the slight thread hijack from a new user but there seems to be a lot of shared knowledge about this device in here!

I have a B535-232 which I bought a Smarty SIM for and am using it on my boat. I got an AAISP L2TP VPN account to get around Smarty CG-NAT and give me a static IP. I've done this because I have a few services running on Raspberry Pi's around the boat that I'd like to be able to access when I'm not aboard. However I'm not having any luck at all forwarding the ports I need using the static IP from AAISP. Does the B535 not forward VPN traffic at all or is there a workaround for this?

I'm going to try a three SIM and use the non CG-NAT APN as I'm not actually bothered about my connection to these services being routed through the VPN and could use a DDNS to get the WAN IP (I already checked this and that also seems to update the DDNS with the Smarty IP rather than the AAISP VPN one so I'm hoping inbound ports to this IP would also be routed using the bizarrely named "Virtual Sever" rules). The AAISP VPN still seems to work well as a general traffic anonymiser so I think I'll be keeping it regardless.

I don't have any experience with AAISP but I've heard their technical support is basically second to none in the UK ISP world, have you tried asking them ? How have you got things configured ? I would imagine you are trying to access ports using the VPN IP address right ? and you've got the ports forwarded on the Huawei router to your internal IP right ? And those ports are open on the device you're forwarding to?

Where is the VPN running ? On the Huawei router itself ?

Perhaps you can give us a brief outline of how you've got everything set up. I still recommend having a chat with AAISP, as I said they're not the type to just sit there and read a script or tell you turn it off and on again and since you're paying for it, you've got every right to call them up and make use of their tech support.
 

joshshort

Member
I don't have any experience with AAISP but I've heard their technical support is basically second to none in the UK ISP world, have you tried asking them ? How have you got things configured ? I would imagine you are trying to access ports using the VPN IP address right ? and you've got the ports forwarded on the Huawei router to your internal IP right ? And those ports are open on the device you're forwarding to?

Where is the VPN running ? On the Huawei router itself ?

Perhaps you can give us a brief outline of how you've got everything set up. I still recommend having a chat with AAISP, as I said they're not the type to just sit there and read a script or tell you turn it off and on again and since you're paying for it, you've got every right to call them up and make use of their tech support.
I actually know their support is good because I signed up at about 1am last night and had a password issues, so I put in a ticket expecting to get a reply on Monday, but got it resolved within about 10mins! Wasn't sure if they'd support routers not on their recommended equipment list but you're right that it might be worth asking anyway. I have a suspicion it's just a bug or lack of feature implementation with the B535 though - unless I overlooked something stupid!

To answer your other questions though, the VPN connection is set up on the Huawei router itself, and the ports are all open on the devices I'm trying to forward to, since I'm able to access the services from other devices on my network. All the port forwards are set up on the router using the "Virtual Servers" setting page (why did they call it that?!).
 

dabigm

Top Member
I actually know their support is good because I signed up at about 1am last night and had a password issues, so I put in a ticket expecting to get a reply on Monday, but got it resolved within about 10mins! Wasn't sure if they'd support routers not on their recommended equipment list but you're right that it might be worth asking anyway. I have a suspicion it's just a bug or lack of feature implementation with the B535 though - unless I overlooked something stupid!

To answer your other questions though, the VPN connection is set up on the Huawei router itself, and the ports are all open on the devices I'm trying to forward to, since I'm able to access the services from other devices on my network. All the port forwards are set up on the router using the "Virtual Servers" setting page (why did they call it that?!).

Yeah I don't own the B535 but sounds like you've got everything set up correctly. I take it the VPN works from your earlier comments. Do you know how to do a tcpdump? It might show you how far the connection gets. But then you need another external connection to diagnose it properly.

If the destination where you want the port forwarding to go is the same for each port, you could try sticking it in the DMZ to see if it's a firewall issue or not.
 

joshshort

Member
Yeah I don't own the B535 but sounds like you've got everything set up correctly. I take it the VPN works from your earlier comments. Do you know how to do a tcpdump? It might show you how far the connection gets. But then you need another external connection to diagnose it properly.

If the destination where you want the port forwarding to go is the same for each port, you could try sticking it in the DMZ to see if it's a firewall issue or not.
I did look into DMZ but altho most of the services are on one Pi right now I would like to keep the ability to access services all over the boat eventually so its not really a solution for me long term.

I've got another external connection and altho I haven't heard of tcpdump I'm okish with Linux (and googling things!) so I can take a look!
 
Hey guys. I have been using this modem for about a year. I have never had problems since 2 months ago. It has been constantly dropping connections like every 5-15 minutes, wi-fi and ethernet both. And actually that's around the time my ISP limited my speed to about 15 mbits. So I don't know if that is the issue.

It generally happens after 6 pm but we have had guests for a few days and it started to happen at morning as well. I read that changing MTU may solve the issue but I can't see MTU option.

Can anyone help?
 

Buggerlugz

ULTIMATE Member
I don't think the B535 is capable of handling anywhere near enough connections, you can see this when it reports slower speed tests on multiple connections and anytime you use torrents. (cut the number of connections, it speeds up again.)

Sadly with 4G being so variable with bandwidth generally, you can't directly pin point the issue because bandwidth fluctuates all the time. Certainly on Three it's not unexpected to be getting 100Mbps one minute and 1Mbps the next.

It still happens for me every evening and when I'm hammering what bandwidth I've got, this last week the issue has appeared more than the last 6 months for me.

It's clearly a lack of bandwidth at the mast at the specific time of the webpage request.
 
Top
Promotion
Cheapest Superfast ISPs
  • NOW £22.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • TalkTalk £22.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
  • Vodafone £22.00 (*25.00)
    Speed 35Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPERSPRING
  • Plusnet £22.99 (*36.52)
    Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £24.00 (*44.00)
    Speed: 100Mbps, Unlimited
    Gift: Offer Code: SPRUCE20
  • Vodafone £26.00 (*29.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Virgin Media £28.00 (*44.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Hyperoptic £29.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: HYPERSPRING
  • TalkTalk £29.95 (*39.95)
    Speed: 145Mbps, Unlimited
    Gift: None
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion
The Top 20 Category Tags
  1. FTTP (3206)
  2. BT (2920)
  3. FTTC (1849)
  4. Building Digital UK (1848)
  5. Politics (1827)
  6. Openreach (1745)
  7. Business (1588)
  8. Mobile Broadband (1371)
  9. FTTH (1355)
  10. Statistics (1346)
  11. 4G (1181)
  12. Fibre Optic (1127)
  13. Wireless Internet (1107)
  14. Virgin Media (1101)
  15. Ofcom Regulation (1095)
  16. EE (785)
  17. Vodafone (777)
  18. TalkTalk (735)
  19. Sky Broadband (714)
  20. 5G (664)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules