Huawei B535-232 4g/LTE Router Issue

[RubenKelevra]

Hey guys,

just found this thread. Interesting that so many people got the same issue.

I can reliably provoke the issue and resolve it again, by opening many connections/closing them.

So it's a firmware issue on the Huawei with the firewall features - which I turned all off in the GUI. But it seems that there's still some detection going on on HTTP/HTTPS connections, which gets overloaded when there are too many open connections.

I've contacted the support 3 days ago about this, but haven't heard anything back.

Does anyone got an idea how to get shell access on those routers?

 

[dabigm]

Sorry if i've not read every single post, quite a long thread, maybe it was already mentioned..

re: stalling web pages, that seem to work over VPN or messages like "Establishing secure connection" in chrome ... have you tried setting the MTU to 1400 ? I believe even the routers supplied by three have them set to 1440 but setting it to 1400 resolved all of that issue on my friends 535.

He was getting good speeds, over 70mbit, but pages would take ages to establish the connection. Works perfectly now.

This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.

 

[TTJJ]

Does anybody have any advice for this negotiation? Anybody managed to successfully get out of their contract early without paying?

How did you get on?

After making it very clear the issues weren't improving I managed to get them to cancel 3 lines I had in family members homes because of this. In one case I wanted to keep the router so they charged something like 50 quid, the others let us cancel FOC as long as we returned the routers so it ended up fine. Vodafone has been fine since.

It took a few calls but it wasn't particularly difficult to get them to end the contract. I think they know what their network performance is like and they don't really have much of a choice. They do try to offer your discounts first (and heavy ones) to make you stay but in the end it's really not worth it.

 

[Gandi69]

You’ll be lucky to get any better latency than that, it is the nature of over the air connections (not star link though). I wouldn’t bother with vpn or tunnels if you are trying to reduce latency, they are good for hosting your own stuff etc but imo it’s not going to help you with gaming.

 

[RubenKelevra]

Sorry if i've not read every single post, quite a long thread, maybe it was already mentioned..

re: stalling web pages, that seem to work over VPN or messages like "Establishing secure connection" in chrome ... have you tried setting the MTU to 1400 ? I believe even the routers supplied by three have them set to 1440 but setting it to 1400 resolved all of that issue on my friends 535.

He was getting good speeds, over 70mbit, but pages would take ages to establish the connection. Works perfectly now.

This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.

Hey dabigm,

thanks for the hint, but Linux should normally do proper path mtu testing by default.

I've checked it, to be sure, and indeed my internet provider supplies me with a proper path mtu of 1500. So there's no issue here.

I can also reliably trigger this, by opening more connections - so when I close some programs which establish connections the issue will disappear.

Huawei Customer service btw replied to my request, and stated, and I quote:

"Maybe your internet connection is not that strong, because if your
device meets all 4 bars and the connection is still slow, it is not the
not the device itself.

Please note that when you download something, the connection is slowed down."

So there definitely onto something :'D

Anyway - I wrote them an answer. I actually had a smaller Huawei router in the same position before, and it hasn't had any issues. So there's definitely some "web filtering" stuff still on this model, even when the firewall is deactivated - which causes this issue.

I'll gonna have a look at the firmware and report back if I find the time to work out a solution.

This only applies to the three network though, an EE sim in the same router worked fine with the default MTU. But I think they've also got some weird transparent proxying going on as well.

Nope, no proxying, but tunneling. I think you found that they use IPv4 over IPv6 tunneling and don't properly handle too large packages. Normally IPv4 expects that packages are fragmented by routers which can't handle the full 1500 byte size. If not, there's an ICMP to inform the sending computer, that the package is too large, if the "do not fragment" flag is set. The network stack then sends smaller packages.

But IPv6 doesn't bother with this bs. The packages are always "do not fragment" and routers will never fragment packages, but instead send an ICMP.

But somewhere in most ISPs setups they tend to brake something and the "package too big" info from the IPv6 side isn't reaching the sending IPv4 host.

That's called an PMTUD blackhole.

 

[dabigm]

Hey dabigm,

thanks for the hint, but Linux should normally do proper path mtu testing by default.

I've checked it, to be sure, and indeed my internet provider supplies me with a proper path mtu of 1500. So there's no issue here.

I can also reliably trigger this, by opening more connections - so when I close some programs which establish connections the issue will disappear.

Huawei Customer service btw replied to my request, and stated, and I quote:

"Maybe your internet connection is not that strong, because if your
device meets all 4 bars and the connection is still slow, it is not the
not the device itself.

Please note that when you download something, the connection is slowed down."

So there definitely onto something :'D

Anyway - I wrote them an answer. I actually had a smaller Huawei router in the same position before, and it hasn't had any issues. So there's definitely some "web filtering" stuff still on this model, even when the firewall is deactivated - which causes this issue.

I'll gonna have a look at the firmware and report back if I find the time to work out a solution.




Nope, no proxying, but tunneling. I think you found that they use IPv4 over IPv6 tunneling and don't properly handle too large packages. Normally IPv4 expects that packages are fragmented by routers which can't handle the full 1500 byte size. If not, there's an ICMP to inform the sending computer, that the package is too large, if the "do not fragment" flag is set. The network stack then sends smaller packages.

But IPv6 doesn't bother with this bs. The packages are always "do not fragment" and routers will never fragment packages, but instead send an ICMP.

But somewhere in most ISPs setups they tend to brake something and the "package too big" info from the IPv6 side isn't reaching the sending IPv4 host.

That's called an PMTUD blackhole.

Path MTU relies on ICMP.

Today, many people / corporations block ICMP therefore PMTU will not work . This is something you can test yourself with the linux ping command.

All I can tell you is that right now, three 5G is my main internet connection (OK it gets busted down to 4G sometimes, but I still get 70mbit down and 30-40 up when it does) but when I was busted down to 4G the speed tests would tell me I was getting that 70mbit etc, when I opened a web browser I would often see chrome waiting for a connection, or establishing the connection etc... but after making the MTU change, bam everything just works. Doesn't seem to be a problem on 5G, but I guess it's different kit.

I even noticed it on youtube and disney+ with the loading circle of doom... but not after the MTU changes.

This of course depends on the kit that the network uses near you. For me, it fixes many issues. I'm not saying it works for everyone. But I don't think you can rely on PMTU in 2021.

 

[RubenKelevra]

@dabigm agreed, there are some circumstances where pathmtu might not work. But in my case I've run the test towards one of my servers.

Linux does also do a fallback if there's a blackhole, due to ICMP issues, so it *should* always work, as long as both sides of the connection run linux.

My test showed that the path can support 1500 MTU - which is what I expected.

Apart from this, I usually have no issues. Only when there are too many connections, something about 300-400 open connections will trigger this behavior pretty reliably.

When I close those connections, the router cleans up this weird firewall state and everything starts to work, basically immediately.

Additionally with the much smaller Huawei router before I had zero issues.

---

My request to the Huawei support passed the L1 support and is now heading towards the "specialty department" - which is probably just another level of support

I'll keep you updated.

 

[joshshort]

Hi! Sorry for the slight thread hijack from a new user but there seems to be a lot of shared knowledge about this device in here!

I have a B535-232 which I bought a Smarty SIM for and am using it on my boat. I got an AAISP L2TP VPN account to get around Smarty CG-NAT and give me a static IP. I've done this because I have a few services running on Raspberry Pi's around the boat that I'd like to be able to access when I'm not aboard. However I'm not having any luck at all forwarding the ports I need using the static IP from AAISP. Does the B535 not forward VPN traffic at all or is there a workaround for this?

I'm going to try a three SIM and use the non CG-NAT APN as I'm not actually bothered about my connection to these services being routed through the VPN and could use a DDNS to get the WAN IP (I already checked this and that also seems to update the DDNS with the Smarty IP rather than the AAISP VPN one so I'm hoping inbound ports to this IP would also be routed using the bizarrely named "Virtual Sever" rules). The AAISP VPN still seems to work well as a general traffic anonymiser so I think I'll be keeping it regardless.

 

[dabigm]

Hi! Sorry for the slight thread hijack from a new user but there seems to be a lot of shared knowledge about this device in here!

I have a B535-232 which I bought a Smarty SIM for and am using it on my boat. I got an AAISP L2TP VPN account to get around Smarty CG-NAT and give me a static IP. I've done this because I have a few services running on Raspberry Pi's around the boat that I'd like to be able to access when I'm not aboard. However I'm not having any luck at all forwarding the ports I need using the static IP from AAISP. Does the B535 not forward VPN traffic at all or is there a workaround for this?

I'm going to try a three SIM and use the non CG-NAT APN as I'm not actually bothered about my connection to these services being routed through the VPN and could use a DDNS to get the WAN IP (I already checked this and that also seems to update the DDNS with the Smarty IP rather than the AAISP VPN one so I'm hoping inbound ports to this IP would also be routed using the bizarrely named "Virtual Sever" rules). The AAISP VPN still seems to work well as a general traffic anonymiser so I think I'll be keeping it regardless.

I don't have any experience with AAISP but I've heard their technical support is basically second to none in the UK ISP world, have you tried asking them ? How have you got things configured ? I would imagine you are trying to access ports using the VPN IP address right ? and you've got the ports forwarded on the Huawei router to your internal IP right ? And those ports are open on the device you're forwarding to?

Where is the VPN running ? On the Huawei router itself ?

Perhaps you can give us a brief outline of how you've got everything set up. I still recommend having a chat with AAISP, as I said they're not the type to just sit there and read a script or tell you turn it off and on again and since you're paying for it, you've got every right to call them up and make use of their tech support.

 

[joshshort]

I don't have any experience with AAISP but I've heard their technical support is basically second to none in the UK ISP world, have you tried asking them ? How have you got things configured ? I would imagine you are trying to access ports using the VPN IP address right ? and you've got the ports forwarded on the Huawei router to your internal IP right ? And those ports are open on the device you're forwarding to?

Where is the VPN running ? On the Huawei router itself ?

Perhaps you can give us a brief outline of how you've got everything set up. I still recommend having a chat with AAISP, as I said they're not the type to just sit there and read a script or tell you turn it off and on again and since you're paying for it, you've got every right to call them up and make use of their tech support.

I actually know their support is good because I signed up at about 1am last night and had a password issues, so I put in a ticket expecting to get a reply on Monday, but got it resolved within about 10mins! Wasn't sure if they'd support routers not on their recommended equipment list but you're right that it might be worth asking anyway. I have a suspicion it's just a bug or lack of feature implementation with the B535 though - unless I overlooked something stupid!

To answer your other questions though, the VPN connection is set up on the Huawei router itself, and the ports are all open on the devices I'm trying to forward to, since I'm able to access the services from other devices on my network. All the port forwards are set up on the router using the "Virtual Servers" setting page (why did they call it that?!).

 

[dabigm]

I actually know their support is good because I signed up at about 1am last night and had a password issues, so I put in a ticket expecting to get a reply on Monday, but got it resolved within about 10mins! Wasn't sure if they'd support routers not on their recommended equipment list but you're right that it might be worth asking anyway. I have a suspicion it's just a bug or lack of feature implementation with the B535 though - unless I overlooked something stupid!

To answer your other questions though, the VPN connection is set up on the Huawei router itself, and the ports are all open on the devices I'm trying to forward to, since I'm able to access the services from other devices on my network. All the port forwards are set up on the router using the "Virtual Servers" setting page (why did they call it that?!).

Yeah I don't own the B535 but sounds like you've got everything set up correctly. I take it the VPN works from your earlier comments. Do you know how to do a tcpdump? It might show you how far the connection gets. But then you need another external connection to diagnose it properly.

If the destination where you want the port forwarding to go is the same for each port, you could try sticking it in the DMZ to see if it's a firewall issue or not.

 

[joshshort]

Yeah I don't own the B535 but sounds like you've got everything set up correctly. I take it the VPN works from your earlier comments. Do you know how to do a tcpdump? It might show you how far the connection gets. But then you need another external connection to diagnose it properly.

If the destination where you want the port forwarding to go is the same for each port, you could try sticking it in the DMZ to see if it's a firewall issue or not.

I did look into DMZ but altho most of the services are on one Pi right now I would like to keep the ability to access services all over the boat eventually so its not really a solution for me long term.

I've got another external connection and altho I haven't heard of tcpdump I'm okish with Linux (and googling things!) so I can take a look!

 

[joshshort]

see if it's a firewall issue or not.

I temporarily disabled the firewall on the B535 and it didn't solve anything

 

[khaylee.marabel]

Hey guys. I have been using this modem for about a year. I have never had problems since 2 months ago. It has been constantly dropping connections like every 5-15 minutes, wi-fi and ethernet both. And actually that's around the time my ISP limited my speed to about 15 mbits. So I don't know if that is the issue.

It generally happens after 6 pm but we have had guests for a few days and it started to happen at morning as well. I read that changing MTU may solve the issue but I can't see MTU option.

Can anyone help?

 

[Buggerlugz]

I don't think the B535 is capable of handling anywhere near enough connections, you can see this when it reports slower speed tests on multiple connections and anytime you use torrents. (cut the number of connections, it speeds up again.)

Sadly with 4G being so variable with bandwidth generally, you can't directly pin point the issue because bandwidth fluctuates all the time. Certainly on Three it's not unexpected to be getting 100Mbps one minute and 1Mbps the next.

It still happens for me every evening and when I'm hammering what bandwidth I've got, this last week the issue has appeared more than the last 6 months for me.

It's clearly a lack of bandwidth at the mast at the specific time of the webpage request.

 

[eccles]

It’s Huawei Link+, it talks to other Huawei routers. You can turn it off in settings.

A belated "like" and thanks for this. The hidden SSID with my newly acquired B818 was doing my head in. I should have checked here first.

 

[Failip420]

Hello I'm playing around with the B535-232 I managed to get uart but I can't type anything. The baud rate is 115200.

 

[autopilot]

I've finally given up on my Three/B535-232 combination and I'm trying to cancel. Although sometimes the performance is OK (10-20Mbps) I've had long periods (large parts of a day) where it drops down to 1-2Mbps, which is basically unusable. I've jumped through all the usual hoops - moving the router, changing the SIM, rebooting the router. I've spent a good few hours on the phone to various technical teams reading out RSSI and RSRP numbers.

Anyway, the trouble is that my contract has 10 months to run and they are not willing to waive the early cancellation fee - the best they can do is to reduce it by 60% which leaves me paying £100.

Looking at the Ofcom web page is says that I should not have to pay a cancellation fee if they can't meet their promised speeds after a 30 day period to fix the problem, but it looks like Three neither promises a speed nor signs up to that particular code. The complaints guy insisted that he can't waive the cancellation fee entirely because it partly pays for the router - and no, returning the router won't make any difference because it's now more than a year old.

Does anybody have any advice for this negotiation? Anybody managed to successfully get out of their contract early without paying? My family are pretty sick of trying to do a 4-person lockdown with such a terrible internet connection so at the moment I think we're more likely to pay than anything else

I had to same problem until I realised it was being caused by the router (or should I say the routers modem) was switching bands automatically. I’m surprised no one has mentioned this, but the big changes in speeds like that are most likely due to the router switching bands.

The problem with most Hauwei routers is they don’t allow you to switch and lock onto specific bands manually, and this is pretty much essential when using 4G as a replacement for fixed line broadband in locations that don’t have extensive coverage/speeds (like cities).

With my 525 I have to use an app that locks in onto a specific band. There is two masts near me, on different bands. One is closer and has a stronger signal (full bars) but for whatever reason is much slower than another mast (on another band) further way, that only gives me 3 bars but is 4 times faster. I have to force it to use the further away mast (band) to maintain decent speeds.

 

[eccles]

Agreed. Some sort of band control is pretty much an accepted goto for me too. You can use LTEH Monitor or LTE Inspecteur from Windows or HuaCtrl from an Android device to lock bands.

 

[ulflun]

I have the exact same issue with B535-333 (newer model). Now and then, it just disconnects with "WAN connection INTERNET_VOICE_R_UMTS1:IPv4 disconnected" and reconnects again. Extremely frustrating!