How to configure Cosmote (Τέλειο σήμα) Huawei UAP2105 behind pfSense firewall/router

Huawei uap-2105 is a cell phone signal booster device (much like a mobile phone access point) which works over Internet in order to deliver the mobile signal into your home (or places where mobile phone signal is too weak).It looks like a normal router/access point with a RJ-45 input (which you connect to your router) and a DC power input.

telio_sima

 

So I connected the device to my LAN switch, powered it on and I was waiting it automagically to connect (that’s what its manual said).Unfortunately this was not the case.I have an Alix board with pfSense 2.1 as a internet router/firewall device so my first thought was that maybe that was blocking huawei device from connecting to the internet.Huawei did not have a user manual so I had to start from scratch.First of all I must find its mac address and the ip address that it had obtained from the dhcp server(pfsense).So I went at pfsense webgui at DHCP leases section and there I found the address it had obtained and it’s associated MAC address.Then I added a Static Mapping on the dhcp server so It would give always the same ip address to huawei.After that I powered off huawei and started Packet Caputer under Diagnostics on pfsense and powered it again on so I could sniff some packets from it.On packet capture menu I put as a filter the ip address of huawei.After power it on I noticed on packet capture that the device was trying to establish an IPSEC tunnel with my mobile phone carrier and was failing.Specifically was trying to establish a connection at UDP port 500 and 4500 (NAT-T).After reading some articles on pfsense forums about ipsec and nat-t behind pfsense I followed the following steps: 1. I went at Firewall -> NAT -> Outbound -> Enabled (Manual Outbound NAT rule generation) where I created a rule on WAN interface, with source address the local ip address of huawei with STATIC port enabled.Then I also went at System -> Advanced -> Firewall/NAT -> Enabled (Clear invalid DF bits instead of dropping the packets) Very Important! After this my Huawei was able to successfully establish the IPSEC vpn tunnel with the mobile carrier and I have full signal coverage on my home. 🙂