Huawei B535-232 4g/LTE Router Issue

[MrDave]

Do people still have the drop out issue with SINR greater than +10?

 

[Buggerlugz]

YES

 

[Darsuke]

I did have the exact same issue with Three and the 5G router Huawei CPE Pro, and setting up a VPN fixed the issue for me.

I was experiencing the same issue described in this thread: good bandwidth (200 Mbps download, 25Mbps upload), but web pages hanging randomly for 10-30 seconds when loading.

I set up a VPN server in Google Cloud Platform and connected the router to it, it fixed the issue. Bandwidth is slightly reduced (150 Mbps download, 25Mbps upload), but the ping is unaffected (20ms). I suspect on 4G the bandwidth won't be affected because lower. And more importantly: no more hanging pages.

--

Steps I followed to set up the VPN server:

1. In Google Cloud Platform, create a VM running Ubuntu 20.04. I choose the e2-micro machine type and located it in zone europe-west2-c (London). Also set up an external IP address for this VM, which will be the IP of the VPN.
2. Run the VPN setup script here: https://github.com/hwdsl2/setup-ipsec-vpn. It's a quite handy script that sets up a IPsec/L2TP VPN for you (the VPN protocol that the Huawei router supports, it doesn't support OpenVpn or IKEv2).
3. Slightly modify the iptables rules in /etc/iptables.rules. Replace all the INPUT lines with these three:
   

   -A INPUT -m conntrack --ctstate INVALID -j DROP
   -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
   -A INPUT -p udp -m multiport --dports 500,1701,4500 -j ACCEPT

4. In the Google Cloud Console, in the firewall rules, open the UDP ports 500, 1701 and 4500.

And now on the router in the VPN page:

• Connection type: L2TP VPN client
• LNS address: the external IP of your VPN server
• Hostname: a friendly name (e.g. "GCP VPN")
• Tunnel password: the "IPsec PSK" returned by the VPN server script
• Handshake interval: 60s
• PPP user name: the "Username" returned by the VPN server script
• PPP password: the "Password" returned by the VPN server script
• Authentication: auto

I gave this a try but for me the guide is a touch too basic having never seen the console before.

Any chance of a slightly longer version for beginners?

 

[tartanGuru]

I’ve been able to massively improve the page not loading/loading slowly issue but simply installing the free Cloudflare 1.1.1.1 app onto my iOS devices and turning on the ‘WARP’ option which encrypts DNS requests (there is also a version for Android). This encryption seems to be enough to circumvent some of what three are doing at the back end. Unfortunately the windows and mac OS desktop clients are still in private beta, however there are manual instructions on the cloudflare forums for installing the service on mac os and linux.

I still seem to get the odd site that refuses to load, but it’s down to about 5% of the time rather than the 30% that I was getting before.

EDIT: Just spotted this app was mentioned already a few pages back.

 

[tartanGuru]

If you don’t want a client solution like Cloudflare WARP and are looking for a mainstream VPN provider that works with the Huawei’s L2TP client, then Surfshark will work. They don’t advertise themselves as supporting L2TP, however they will send you configuration details if you send their support team a message. It did seem to work for me ok, but seemed to trigger a lot of CAPTHA’s on sites that use Cloudflare, which the WARP solution didn’t

 

[Darsuke]

I gave this a try but for me the guide is a touch too basic having never seen the console before.

Any chance of a slightly longer version for beginners?

I did have the exact same issue with Three and the 5G router Huawei CPE Pro, and setting up a VPN fixed the issue for me.

I was experiencing the same issue described in this thread: good bandwidth (200 Mbps download, 25Mbps upload), but web pages hanging randomly for 10-30 seconds when loading.

I set up a VPN server in Google Cloud Platform and connected the router to it, it fixed the issue. Bandwidth is slightly reduced (150 Mbps download, 25Mbps upload), but the ping is unaffected (20ms). I suspect on 4G the bandwidth won't be affected because lower. And more importantly: no more hanging pages.

--

Steps I followed to set up the VPN server:

1. In Google Cloud Platform, create a VM running Ubuntu 20.04. I choose the e2-micro machine type and located it in zone europe-west2-c (London). Also set up an external IP address for this VM, which will be the IP of the VPN.
2. Run the VPN setup script here: https://github.com/hwdsl2/setup-ipsec-vpn. It's a quite handy script that sets up a IPsec/L2TP VPN for you (the VPN protocol that the Huawei router supports, it doesn't support OpenVpn or IKEv2).
3. Slightly modify the iptables rules in /etc/iptables.rules. Replace all the INPUT lines with these three:
   

   -A INPUT -m conntrack --ctstate INVALID -j DROP
   -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
   -A INPUT -p udp -m multiport --dports 500,1701,4500 -j ACCEPT

4. In the Google Cloud Console, in the firewall rules, open the UDP ports 500, 1701 and 4500.

And now on the router in the VPN page:

• Connection type: L2TP VPN client
• LNS address: the external IP of your VPN server
• Hostname: a friendly name (e.g. "GCP VPN")
• Tunnel password: the "IPsec PSK" returned by the VPN server script
• Handshake interval: 60s
• PPP user name: the "Username" returned by the VPN server script
• PPP password: the "Password" returned by the VPN server script
• Authentication: auto

I got further with this after finding a similar guide online. But the router vpn remains disconnected. Can't get it to connect.

Yet I can use the same credentials on my android mobile and it does connect.

Anyone help other than checking the obvious passwords etc.?

 

[Darsuke]

I got further with this after finding a similar guide online. But the router vpn remains disconnected. Can't get it to connect.

Yet I can use the same credentials on my android mobile and it does connect.

Anyone help other than checking the obvious passwords etc.?

An update.

Took a few days but managed to get this working however, it's not use able for me. Speed difference is dramatic from up to 50Mb to less than 2Mb so not viable.

Plus side is I haven't noticed the stalling Web pages for a few days now

 

[smithbill17]

Took a few days but managed to get this working however, it's not use able for me. Speed difference is dramatic from up to 50Mb to less than 2Mb so not viable.

Oh, that's disappointing. I probably won't bother trying then. But at least on the plus side you've probably learnt quite a lot doing it.

 

[Pwablo]

I realize others have tried this already and not had much success, but I changed my MTU on the 4G side on the B535 to 1500 a few days ago in conjunction with changing the DNS to 1.1.1.1 around a week ago, and Ive not had a single drop or stall on any devices connected directly to Three which are not via Nord.

On another point, if anyone is contemplating a VPN, NordVPN have a 70% off deal on their 3 year package atm, using coupon code "thoughty". Makes it a one off payment of £96.74 for 3 years! And you get 6 client connections for that. Naturally if you set up the VPN on a router, it only counts as one client connection. Completely eliminates the stalling and time outs on Three.

https://join.nordvpn.com/order/

ATB

 

[GavinAshford]

An update.

Took a few days but managed to get this working however, it's not use able for me. Speed difference is dramatic from up to 50Mb to less than 2Mb so not viable.

Plus side is I haven't noticed the stalling Web pages for a few days now

L2TP is a pretty heavy VPN type for a CPU to perform the necessary encryption.
I assumption that the B535 just doesn't have a powerful enough CPU to allow sustained high throughput, whereas the 5G Pro that Frediche mentioned he uses, does.

You would likely see much better performance by using PPTP as it has the lowest level of encryption. PPTP is generally to be avoided if good security is the important, however in this instance just making the data look like VPN traffic to Three's inspector process is what's needed to avoid stalling and PPTP will do that.

InfoSec Handlers Diary Blog - SANS Internet Storm Center

End of Days for MS-CHAPv2, Author: Guy Bruneau

isc.sans.edu

I've used this installer before for all 3 VPN types:

GitHub - bedefaced/vpn-install: Simple PPTP, L2TP/IPsec, OpenVPN installers

Simple PPTP, L2TP/IPsec, OpenVPN installers. Contribute to bedefaced/vpn-install development by creating an account on GitHub.

github.com

 

[MrDave]

I realize others have tried this already and not had much success, but I changed my MTU on the 4G side on the B535 to 1500 a few days ago in conjunction with changing the DNS to 1.1.1.1 around a week ago, and Ive not had a single drop or stall on any devices connected directly to Three which are not via Nord.

On another point, if anyone is contemplating a VPN, NordVPN have a 70% off deal on their 3 year package atm, using coupon code "thoughty". Makes it a one off payment of £96.74 for 3 years! And you get 6 client connections for that. Naturally if you set up the VPN on a router, it only counts as one client connection. Completely eliminates the stalling and time outs on Three.

https://join.nordvpn.com/order/

ATB

Remember to take off 28 from that value, mine is set to 1472 to make it 1500 MTU on these routers. An MTU of 1500 seems to be the norm for most devices?

 

[tartanGuru]

I changed my MTU on the 4G side on the B535 to 1500

Agree this seems to be an MTU issue however I think the setting will differ on various set-ups and it's a matter of experimenting.
My B535-235 (generic rather than the 232 Three version) already had it's 4g modem MTU set to 1500 - I found the complete opposite to you and my page loading issues completely disappeared once I forced it to 1440. Unfortunately the MTU settings are not exposed via the web GUI on the 235 versions and you have to read/set the value via AJAX calls to the API on the unit.

 

[Pwablo]

Remember to take off 28 from that value, mine is set to 1472 to make it 1500 MTU on these routers. An MTU of 1500 seems to be the norm for most devices?

Thanks I will change it now.

 

[smithbill17]

On another point, if anyone is contemplating a VPN, NordVPN have a 70% off deal on their 3 year package atm, using coupon code "thoughty". Makes it a one off payment of £96.74 for 3 years! And you get 6 client connections for that. Naturally if you set up the VPN on a router, it only counts as one client connection. Completely eliminates the stalling and time outs on Three.

This might've been a good deal, but for the fact that NordVPN no longer support use of L2TP & PPTP, so you can't use it with the B535 router.

Question for knowledgeable people: I use a DD-WRT router as a Wireless Access Point just to extend my WiFi to the back of the house. It supports OpenVPN etc. Can I use NordVPN with relevant OpenVPN details in my DD-WRT router to create a 'tunnel' even though it's only acting as a WAP to my Three 4G broadband through the B535? Or does the VPN tunnel have to be set up on the WAN facing B535?

Incidentally, I set MTU to 1440 on the B535 and all 3 of the Wireless Access Points I have connected to it (not sure if the WAP routers on my LAN should have MTU set at 1440 or if it's only relevant to the WAN facing B535?)

 

[smithbill17]

Unfortunately the MTU settings are not exposed via the web GUI on the 235 versions and you have to read/set the value via AJAX calls to the API on the unit.

Is this a different MTU value to the one that appears under 'Network Settings' in the B535 admin page? How do you use AJAX calls to set the one you are referring to?

 

[smithbill17]

My B535-235 (generic rather than the 232 Three version) already had it's 4g modem MTU set to 1500 - I found the complete opposite to you and my page loading issues completely disappeared once I forced it to 1440. Unfortunately the MTU settings are not exposed via the web GUI on the 235 versions and you have to read/set the value via AJAX calls to the API on the unit.

I'm slightly confused by your description of your B535 as being "generic B535-235" - as far as I understood, the Three version is "generic" and I had thought there was only one model which was "B535-232", is there also a "-235" version? same firmware etc? And same page-load-stall problem on Three?

 

[GavinAshford]

Question for knowledgeable people: I use a DD-WRT router as a Wireless Access Point just to extend my WiFi to the back of the house. It supports OpenVPN etc. Can I use NordVPN with relevant OpenVPN details in my DD-WRT router to create a 'tunnel' even though it's only acting as a WAP to my Three 4G broadband through the B535?

Yes, you can 100% do this. Effectively this is what happens when you enable VPN on your personal device (laptop/phone), though those are yet another step away from the external connection.
Note that sometimes setting up OpenVPN on routers can be tricky - there are sometimes specific router configs that VPN providers need to generate for them. I'm not sure if NordVPN do, but I'm sure there'll be some online documentation for it.

 

[GavinAshford]

Is this a different MTU value to the one that appears under 'Network Settings' in the B535 admin page? How do you use AJAX calls to set the one you are referring to?

LTE-H Monitor (old Huawei Monitor) Windows application can set the MTU through the API, but you first need to enable the debug API page in the xml configuration file that gets created after first running the program.

 

[tartanGuru]

I'm slightly confused by your description of your B535 as being "generic B535-235" - as far as I understood, the Three version is "generic" and I had thought there was only one model which was "B535-232", is there also a "-235" version? same firmware etc? And same page-load-stall problem on Three?

There are two versions of the B535 available - there are reports on this board about page loading issues on Three/Smarty for both versions. The B535-232 is the one provided by Three and doesn't have a VoIP RJ11, whilst the B535-235 is non network specific and available from various vendors (e.g. LiveWire) which also includes a VoIP port. Apart from the VOIP support, the other difference seems to be the inability to change the 4g modem MTU settings from the web GUI on the 235 variant and that it's MTU default is 1500 ( I believe the 535-232's default is 1440).

 

[tartanGuru]

How do you use AJAX calls to set the one you are referring to?

Have a look at my posts on this thread.

It‘s not an easy process and I have no idea why this setting isn’t available on the 235 version. However changing the value has definitely solved my issues!