I’ve been working on setting up my GL-X3000 to run on T-Mobile 5G SA only, and I’ve encountered some challenges. Here’s the situation:
I’m getting a valid IPv6 address without any issues.
However, on the IPv4 side, I’m assigned the address 192.0.0.2, with a gateway of 192.0.0.1. This differs from my experience with 5G NSA (I get a valid IPv4 on the CGNAT, but I’d prefer to use SA).
Some functionalities on the IPv4 stack are not working as expected, such as GlobalProtect, Wi-Fi calling, and certain IP4 address pinging.
To address this, I’ve come up with a workaround using a WireGuard Profile with split access for IPv4. Here’s how I’ve configured it:
I’ve utilized the “Customize Routing Rules” setting, as other settings seem to negatively impact my IPv6 connectivity.
Initially, I tried a single rule of 0.0.0.0/0 through the WireGuard gateway. Strangely, I kept getting a T-Mobile IPv4 public address, which was unexpected.
Currently, I have 3 custom rules enabled: 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/3. These rules cover all public IPv4 addresses on the internet.
When I tested on ipleak.net, I saw my IPv4 ISP as Cloudflare and my IPv6 ISP as T-Mobile, using CloudFlare WARP. This setup has resolved most of my IPv4-related issues, in addition WireGuard with WARP handles network routing more efficiently.
However, I’m facing a challenge with Hulu. Despite the success of WireGuard and WARP for most sites, Hulu doesn’t seem to cooperate. Here’s what I’ve tried:
I created an additional custom rule for Hulu’s IPv4 address blocks to the main gateway, but that didn’t work.
I raised the metrics of the other target IPv4’s, and entered a lower metric for the HULU IPv4 with the main gateway, that didn’t work.
I also attempted custom Luci firewall rules without success.
I’m reaching out to the for assistance. Has anyone encountered a similar situation or found a solution to this problem?
Oh, it’s a bit complicated. Many aspects get involved.
How do you config rules for Hulu? Does Hulu use IPv4 or IPv6?
What is the wireguard service provider?
Great idea to make these functionalities work by using wireguard.
The advantage is that although it is a VPN, the idea is not to mask your location, and allows for hopefully more efficient routing through their network. It has also allowed me to bypass the CGNAT issues by using the IPv4 stack only.
I have tried two different ways:
I have created an executable script that I can configure with either hostnames or CIDR blocks, and when “wgclient” is up it can add the routes by resolving the IPv4 using ‘dig’ and loops in the case that a hostname has multiple IPv4’s. I have done the same if a user wants to configure with CIDR blocks. I am still working on optimizing the script, and automating it. But this seems to be the way to go since it just forces the hostnames to resolve, and adds them to the route and does not get overwritten by any other automated scripts.
I have also tried to configure ‘DNSMASQ’ to utilize the default DNS resolution server for the hostnames. In doing so, while connected to the VPN, when the hostnames are requested, it is not resolved by the VPN. However, due to the other configurations and scripts that are ran, I think dnsmasq.conf is being overwritten and restarted each time wgclient is up/down and not utilizing the changes ive made in /etc/dnsmasq.conf
The Hulu issue arises when I am only trying to watch with my RokuTV which does not use IPv6. I do not have these issues with any other device that utilizes IPv6 as most devices favor that with the fallback being IPv4.
Here is the script I have written to add custom hostname’s and IP’s or CIDR Blocks:
#!/bin/sh
# List of host names to add to the routing table
HOSTS="
# ... (custom host names)
"
# List of custom CIDR blocks to add to the routing table
CUSTOM_CIDR_BLOCKS="
# ... (custom CIDR blocks)
"
# Network interface name (change to your actual interface name)
BRIDGE_INTERFACE="rmnet_mhi0"
# Determine the action based on the provided argument
case "$ACTION" in
ifup)
if [ "$INTERFACE" = "wgclient" ]; then
# Add routes for specified host names
if [ -n "$HOSTS" ]; then
for host in $HOSTS; do
for ip in $(dig +short $host); do
# Check if the IP address is IPv4
if echo "$ip" | grep -E -q '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
ip route add $ip dev $BRIDGE_INTERFACE
fi
done
done
else
echo "No hosts specified. Skipping."
fi
# Add routes for custom CIDR blocks
if [ -n "$CUSTOM_CIDR_BLOCKS" ]; then
for cidr_block in $CUSTOM_CIDR_BLOCKS; do
ip route add $cidr_block dev $BRIDGE_INTERFACE
done
else
echo "No custom CIDR blocks specified. Skipping."
fi
fi
;;
ifdown)
# Delete routes for specified host names
if [ "$INTERFACE" = "wgclient" ]; then
if [ -n "$HOSTS" ]; then
for host in $HOSTS; do
for ip in $(dig +short $host); do
# Check if the IP address is IPv4
if echo "$ip" | grep -E -q '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
ip route del $ip dev $BRIDGE_INTERFACE
fi
done
done
else
echo "No hosts specified. Skipping."
fi
# Delete routes for custom CIDR blocks
if [ -n "$CUSTOM_CIDR_BLOCKS" ]; then
for cidr_block in $CUSTOM_CIDR_BLOCKS; do
ip route del $cidr_block dev $BRIDGE_INTERFACE
done
else
echo "No custom CIDR blocks specified. Skipping."
fi
fi
;;
esac
In the process, I was able to figure out all the host names to get Hulu to work properly while connected to the VPN:
So this is where I’m at right now, I am running on T-Mobile 5G SA with CloudFlare WARP, all IPv4 traffic is being routed through CloudFlare, and all IPv6 traffic is being routed through T-Mobile. All devices that are restricted to IPv4 are working flawlessly as are the devices that have access to IPv6. I am no longer being impacted by the CGNAT issues from the IPv4 address of 192.0.0.2.