{"id":32,"date":"2025-08-09T14:13:00","date_gmt":"2025-08-09T14:13:00","guid":{"rendered":"https:\/\/azherrashid.xyz\/?p=32"},"modified":"2025-12-09T14:22:24","modified_gmt":"2025-12-09T14:22:24","slug":"never-go-offline-again-setting-up-4g-wan-failover-on-opnsense-with-a-teltonika-trb140","status":"publish","type":"post","link":"https:\/\/azherrashid.xyz\/?p=32","title":{"rendered":"Never Go Offline Again: Setting up 4G WAN Failover on OPNsense with a Teltonika TRB140"},"content":{"rendered":"\n

Introduction<\/h2>\n\n\n\n

We rely on the internet for almost everything now. Whether you are running a home lab, a small business office, or just have a household that panics when Netflix buffers, losing your primary internet connection is a major headache.<\/p>\n\n\n\n

If you are already running OPNsense, you have enterprise-grade failover capabilities right at your fingertips. You just need a second internet source.<\/p>\n\n\n\n

In this guide, we are going to set up a robust Multi-WAN failover system. We will use your existing primary internet connection (fiber\/cable) and add a 4G\/LTE backup using the super-reliable Teltonika TRB140 gateway.<\/p>\n\n\n\n

Why the Teltonika TRB140?<\/h2>\n\n\n\n

While you could use a cheap USB 4G dongle, they are notoriously flaky. They overheat, disconnect randomly, and driver support in FreeBSD (the OS underneath OPNsense) can be hit-or-miss.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The Teltonika TRB140 is an industrial LTE Cat 4 gateway. It connects via Ethernet, meaning no driver issues. It\u2019s designed to run 24\/7 in harsh environments. Most importantly, it supports IP Passthrough (Bridge Mode)<\/strong>, which is crucial for avoiding “Double NAT” issues and ensuring OPNsense handles the public IP address directly.<\/p>\n\n\n\n

Prerequisites<\/h2>\n\n\n\n

Before we start, ensure you have the following:<\/p>\n\n\n\n

    \n
  1. OPNsense Firewall:<\/strong> Running and configured with a primary WAN and LAN. You need at least one free physical Ethernet port (e.g., igb2<\/code>, em2<\/code>, etc.).<\/li>\n\n\n\n
  2. Teltonika TRB140:<\/strong> With power adapter and LTE antennas attached.<\/li>\n\n\n\n
  3. A SIM Card:<\/strong> An active data SIM with a known APN (Access Point Name). Warning: Keep an eye on your data caps when running on backup!<\/em><\/li>\n\n\n\n
  4. Ethernet Cable:<\/strong> To connect the TRB140 to OPNsense.<\/li>\n<\/ol>\n\n\n\n

    Phase 1: Configuring the Teltonika TRB140<\/h2>\n\n\n\n

    We need to configure the TRB140 just enough so that it connects to the mobile network and passes that connection straight through its Ethernet port without doing any routing itself.<\/p>\n\n\n\n

      \n
    1. Insert SIM and Power Up:<\/strong> Insert your SIM card into the TRB140 and power it on. Wait for the mobile signal LEDs to stabilize.<\/li>\n\n\n\n
    2. Initial Connection:<\/strong> Connect your computer’s Ethernet port directly to the TRB140’s Ethernet port.<\/li>\n\n\n\n
    3. Login:<\/strong> Open a browser and go to 192.168.2.1<\/code> (the default IP). Log in (admin\/admin01 usually, you will be forced to change this).<\/li>\n\n\n\n
    4. Setup Wizard:<\/strong> Run through the initial setup wizard to set your time zone and ensure the mobile interface connects. If it doesn’t connect automatically, you may need to enter your carrier’s APN located under Network -> Interfaces -> General (Mobile)<\/strong>.<\/li>\n\n\n\n
    5. Enable Passthrough Mode (Crucial Step):<\/strong>\n
        \n
      • Navigate to Network -> Interfaces<\/strong>.<\/li>\n\n\n\n
      • Edit the Mobile<\/strong> interface.<\/li>\n\n\n\n
      • Change the Mode<\/strong> from NAT to Passthrough<\/strong>.<\/li>\n\n\n\n
      • Ensure the “Passthrough to interface” is set to the LAN<\/strong> Ethernet port.<\/li>\n\n\n\n
      • Optional but recommended:<\/em> Sometimes you need to specify the MAC address of the OPNsense port you will be connecting to. For now, try leaving it blank; the TRB140 usually detects the first device plugged into its LAN port.<\/li>\n\n\n\n
      • Click Save & Apply<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

        Note: Once passthrough is enabled, you will lose easy access to the TRB140 web UI because it is no longer acting as a router with a local IP of 192.168.2.1. It is now a transparent bridge.<\/em><\/p>\n\n\n\n

        Phase 2: Physical Connections<\/h2>\n\n\n\n

        Now that the modem is ready, let’s hook it into the firewall.<\/p>\n\n\n\n

          \n
        1. Disconnect your computer from the TRB140.<\/li>\n\n\n\n
        2. Connect an Ethernet cable from the TRB140 LAN port<\/strong> to your chosen free port on the OPNsense box<\/strong> (e.g., igb2<\/code>).<\/li>\n<\/ol>\n\n\n\n

          Phase 3: Configuring the OPNsense Interface<\/p>\n\n\n\n

          We need to tell OPNsense that this new port is a second WAN connection.<\/p>\n\n\n\n

            \n
          1. Log into your OPNsense Admin UI.<\/li>\n\n\n\n
          2. Navigate to Interfaces -> Assignments<\/strong>.<\/li>\n\n\n\n
          3. At the bottom, where it says “New interface”, select the physical port you connected the TRB140 to (e.g., igb2<\/code>) and click the +<\/strong> button.<\/li>\n\n\n\n
          4. It will likely be named OPT1<\/code> or OPT2<\/code>. Click on its name to edit it.<\/li>\n\n\n\n
          5. General Configuration:<\/strong>\n
              \n
            • Enable Interface:<\/strong> Checked.<\/li>\n\n\n\n
            • Description:<\/strong> Give it a name, like WAN2_4G<\/code>.<\/li>\n\n\n\n
            • IPv4 Configuration Type:<\/strong> DHCP. (Because the TRB140 is in passthrough mode, it will pass the carrier’s IP settings via DHCP to this interface).<\/li>\n\n\n\n
            • IPv6 Configuration Type:<\/strong> None (unless your carrier supports it and you want to configure it).<\/li>\n<\/ul>\n<\/li>\n\n\n\n
            • Save<\/strong> and Apply Changes<\/strong>.<\/li>\n<\/ol>\n\n\n\n

              Checkpoint: Go to the OPNsense Dashboard\/Lobby. You should see the WAN2_4G<\/code> interface get an IP address. It might be a CGNAT private IP (like 10.x.x.x or 100.x.x.x) depending on your mobile carrier. This is normal.<\/em><\/p>\n\n\n\n

              Phase 4: Gateway and Monitor IP Setup<\/h2>\n\n\n\n

              OPNsense needs to know how<\/em> to determine if an internet connection is actually working. If we just monitor the TRB140 itself, the connection might look “up” even if the cellular tower has lost internet connectivity.<\/p>\n\n\n\n

                \n
              1. Navigate to System -> Gateways -> Single<\/strong>.<\/li>\n\n\n\n
              2. You should see a new gateway that was automatically created when you enabled DHCP on WAN2_4G. It usually has “GW” in the name. Click the pencil icon to edit it.<\/li>\n\n\n\n
              3. Edit Gateway:<\/strong>\n
                  \n
                • Gateway name:<\/strong> Rename it something clearer if you wish (e.g., GW_WAN2_4G<\/code>).<\/li>\n\n\n\n
                • Monitor IP:<\/strong> This is critical. Do not<\/strong> leave this blank. Enter an external, highly available DNS server. Good choices are 1.1.1.1<\/code> (Cloudflare) or 8.8.8.8<\/code> (Google). Note: Ensure your primary WAN gateway is monitoring a different IP (e.g., if WAN1 monitors 8.8.8.8, have WAN2 monitor 1.1.1.1).<\/em><\/li>\n<\/ul>\n<\/li>\n\n\n\n
                • Click Save<\/strong> and Apply Changes<\/strong>.<\/li>\n<\/ol>\n\n\n\n

                  Checkpoint: Look at the gateway status on the dashboard. You should see both gateways showing green “Online”.<\/em><\/p>\n\n\n\n

                  <\/p>\n","protected":false},"excerpt":{"rendered":"

                  Introduction We rely on the internet for almost everything now. Whether you are running a home lab, a small business office, or just have a household that panics when Netflix buffers, losing your primary internet connection is a major headache. If you are already running OPNsense, you have enterprise-grade failover capabilities right at your fingertips. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-32","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/posts\/32","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=32"}],"version-history":[{"count":1,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/posts\/32\/revisions"}],"predecessor-version":[{"id":34,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=\/wp\/v2\/posts\/32\/revisions\/34"}],"wp:attachment":[{"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azherrashid.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}