Teleport after v3.0.1 update = fails to connect **SOLVED - sort of**

  • After performing the v3.0.1 update I can no longer connect to the Home Network

    I have green check-mark for Local Connection, Internet and AmpliFi Router

    Big red X for Home Network

    Rollback to v3.0.0 did not fix the issue

    LED is just a full blinking circle now

    UPDATED - it was the dreaded Bridge mode MAC address bug on the router

  • @derek-saville Sorry to hear about your problem and really hope you get it fixed soon. I will hold fire on upgrading until I hear from you here.

  • Hi @ali-hadi - it was an issue on the HD Router side

    If you run your HD Router in Bridge mode, the MAC address reported to the upstream router can change back and forth between the WAN & LAN as @Alex-Balcanquall reported about a year ago

    This breaks things like static IP assignments, port forwarding rules, UPnP and Teleports

  • @derek-saville Glad you got to the root of the problem. Just out of interest, why are you using your router in bridge (as opposed to DHCP) mode?

  • why are you using your router in bridge (as opposed to DHCP) mode?

    Hi @ali-hadi - for this particular case I am using the HD Router as a dedicated Teleport server

    A Teleport + HD Router can only process and push out so much VPN throughput
    From previous forum discussions with Ubiquiti staff they indicated that a single HD Router was rightly balanced to serve one Teleport

    You can actually pair multiple Teleports to a single Router, but if you try to use them simultaneously performance can suffer

    Some people like to use HD Routers in Bridge mode dedicated for Teleports to spare the router from also doing other functions like NAT, Firewall and QoS duty and maximize the VPN potential

    Unfortunately with AmpliFi we cannot turn off the WiFi, so this does create an unnecessary extra SSID that you can manually set to dead channels to avoid interference with your main network and/or try to block the WiFi around the unit as much as possible
    You still need Bluetooth access though so you probably can't just clip the super antenna off, but maybe someday I will open one up and see if it is possible to cut the power to just the 2.4 & 5 GHz radios and leave Bluetooth active

    Other routers in front of the AmpliFi units can also give more control over WAN & LAN QoS that HD routers don't offer (Gamers Edition do have some but I haven't tried one) and provide other features, such as multiple VLAN's

    If you want to run multiple Teleports from one home location, having dedicated HD Routers to serve them lets you specify a different port address for each one in the web UI which from my experience worked better than having multiple Teleports on the same HD router
    In my main home router I set a static IP address for each HD Router's MAC address and then set a port forwarding rule for each Teleport resepctively

    About a year ago or so when AmpliFi was implementing HW NAT they had to separate the MAC addresses on the WAN & LAN side of the routers to enable it
    One side starts with f0 and the other side f2
    But sometimes something happens where the MAC address presented to the upstream router flips to the wrong one

    When this happens the upstream router sees it as a new device being attached which breaks the static IP reservation, which then breaks the port forwarding rule preventing Teleport from seeing the home network LAN

    UPnP maybe could prevent this, but UPnP is actually what broke first when the problem originally started occurring
    And I personally prefer the manual port forwarding rules if we can just get a stable MAC address

  • @derek-saville Thanks for another very informative post.

  • @derek-saville

    Hey Derek,

    I thought I had read the two Teleports connected to one HD Router should work fine and be able to keep up with the upload throughput.

    Did you see a performance hit with just two teleports connected to one HD Router — or were you trying to connect 3+?

    Just curious as I’m about to pull the trigger on a 2nd Teleport.

    Thanks in advance!

  • Hi @derek-s - with the new Teleport App in beta testing I am highly optimistic that multiple clients can be well supported
    I am not able to test the Teleport App myself because I run my HD's in Bridge mode, which won't be supported until the next test release

    Are you registered for beta testing?
    I wouldn't recommend investing in another physical Teleport until you can test out the new app and see how well multiple clients work from your router in real world scenarios

    I don't know if they have implemented the new kernel mode VPN code in the router with these updates and/or the video streaming and UDP improvements - hope so

    In the past I had issues with UDP video and the router could barely support a single stream while in Bridge mode
    TCP video is much better served, but can be latency sensitive depending on your ISP (i.e. buffer bloat) and remote connection
    For me 2 TCP streams (i.e. Netflix, Hulu, Amazon) was workable, but not 3 from a single router

    But your environment may be completely different
    If your multi-client VPN needs are less latency sensitive and fit within the bandwidth limitations that your router can serve, then 2 or 3 clients should be fine

    For my setup I have gotten as high as 15 Mbps from a single router, but 10 to 12 Mbps is reasonably sustainable on a good day, and average is about 8 Mbps
    I have 3 Teleports now with each having their own HD router in Bridge mode, and have no issues with them other than the MAC addresses throwing off the port forwarding rules

    But I am really looking forward to testing the Teleport App as it could easily be all that I need for traveling with individual devices (i.e. iPad) and just using the hardware Teleports for fixed sites / extended stay locations with multiple interconnected devices where I use HD routers in Ethernet backhaul RAMP mode connected to the Telepot's LAN in order to help keep traffic localized

    PS - if you are using a Teleport at a single location for an extended period with multiple clients, I do recommend using an HD router as a mesh point for your home network with Ethernet backhaul to the Teleport
    So the Teleport must connect via WiFi to the remote network and you will want to give the Teleport a different WiFi SSID than your home network
    I have found this to be the strongest setup as the HD's are much stronger in WiFi, have additional LAN ports, and have faster processors than a Teleport
    You can connect a Teleport to the remote network via LAN, but its WiFi performance doesn't seem robust enough for multiple client devices

  • Hi Derek,

    Thanks for your detailed response, much appreciated!

    Yes, I’m living abroad for an extended period of time and I’m looking for a robust solution to stream tv from home in the U.S. The teleport works great for one TV/Roku, but two TV’s kills it. I was thinking a 2nd hardware teleport would help, but perhaps the Beta teleport App will suffice.

    Speaking of that, I tried to launch the Beta Teleport app while operating remotely over my Teleport WiFi, but its asking for a code to connect to my home HD Router. Where do I get my code — is it being displayed on my home router?

    Thanks for the heads-up on buying a 2nd HD Router to work in concert with my Teleport at my remote location. So if I use the LAN port to connect to an HD Router, will I be double nat’d or do I just place it on bridge mode? Is the configuration straightforward?

    Thanks again for the help!

  • @derek-s The code is something you get through the Beta Amplifi app, note that your Amplifi router must also be running the latest beta firmware.

    There are pictures showing the connection process for the Beta Teleport app in the first post of the topic introducing it, including code generation etc.

  • @derek-s Please follow the steps here, make sure you are updated (router and app).

  • Awesome, thanks everyone!

  • So if I use the LAN port to connect to an HD Router, will I be double nat’d or do I just place it on bridge mode? Is the configuration straightforward?

    Hi @derek-s - you have 2 options depending on your needs, and both are easy to set up, but one requires access to your home network

    Option 1, you can add an HD Router (or any router for that matter) in Bridge mode to your Teleport by connecting the router's WAN port to the Teleport's LAN port and setting it up accordingly = no double NAT and anything connected to the bridged router will be virtually at your home network

    My home ISP/TV service provider has some features that prefer being on the meshed network
    So option 2, I set up an HD Router as a mesh point (RAMP) at my home network and then enable Ethernet backhaul
    Take this HD RAMP to your remote site and connect its WAN port to the Teleport's LAN port and it will show up as a wired backhaul mesh point broadcasting the home network's SSID (exactly the same as if it was in your living room at home)
    This just works better in my specific usage scenario

    For both options, the Teleport's WiFi is then a dedicated link to the remote site's router and nothing connects to the Teleport's SSID
    I also give the Teleport the highest QoS priority in the remote site router's settings

    But this won't help if you are trying to stream 2 high bandwidth videos from your home site simultaneously and your combination of ISP connections & HD Router Teleport server cannot handle it

    It will help if your ISP connections and home HD Router can handle 2 video streams, but your Teleport's WiFi cannot handle 2 video clients, and especially if your Teleport is also connected at the remote site via WiFi instead of LAN to the remote router
    In my opinion and from my experiences the hardware Teleport's WiFi and processor are currently not great for more than one video client

    If the videos are real-time streaming from the internet at the home site (i.e. Netflix, Hulu, Amazon, etc.) remember that your home router needs to receive the video, process it for VPN, and then push it back out to your remote site - this is where buffer bloat issues might become a problem where you have the bandwidth potential, but latency spikes cause the videos to pause or buffer and become unwatchable

    You may end up needing a second Teleport and likely a second HD Router in Bridge mode to serve the Teleport, which brings its own downsides of having a junk SSID broadcast at your home site (unless you are willing to void your warranty)

    Let's hope they have brought the improvements to the VPN code to better support simultaneous Teleport App users and that the hardware version benefits too
    Early estimates were for a 2x to 3x improvement in VPN bandwidth potential with additional latency reductions for video streaming

Log in to reply