IP Passthrough M6 Pro (MR6500)
I apologize in advance for this wall of text since this will be a long, drawn-out inquiry/request. If you do decide you "have time to read all that" I truly thank you in advance if you take the time to read/assist. Disclaimer: I'm in the Army, so I can follow directions pretty well but every now and then I do need something written out in "ELI5" format. I am moderately adept at user level networking, and if things go south, the hard factory reset buttons/options on devices have always been quite handy to start fresh. My goal with the gateway I have is to mount in an external enclosure with PoE injector to a splitter/step-down from 48V to 5V-12V and RJ-45 on the peak of my roof, approximately 35 feet high (about 6 feet above the peak of the roofline). This may not be troublesome for some to mess with and climb up on the roof year-round if needing to access the gateway to hard-factory-reset a gateway with the pin-button if something happens, but where I live (interior Alaska, about 100 miles from the nearest "large" city) with the accompanying frigid temperatures (sustained -40 below zero with occasional dips to -70 below and colder with wind-chill to -120, snow and ice in the winter from October to April) I am hoping to have a stable, working solution in place before winter hits in October.
Why external enclosure? Wireless connection is very spotty here, and hardwired connectivity is virtually non-existent so it's all WISP solutions, unless you want 0.5 Mbps DSL for $90+/month (no thanks). StarLink is on a perpetual shift to the right for target availability since the polar regions will see service dead last (on the pre-order wait-list since February 2021). Antarctica will probably see StarLink before interior Alaska does. Why PoE step-down for the gateway? The gateway I have unfortunately does not power via PoE, so PoE injector will feed to the splitter/step-down that switches this to 5V USB-C and RJ-45 Ethernet. The gateway power block states 5V-12V, so I'll have to research if they make variable voltage power step-down splitters. I have a 50ft CAT7 to run up to the roof through the attic (I know it's not a recognized standard, but for my slow speeds I couldn't justify buying a new CAT8).
For the WISP gateway, I purchased a Netgear Nighthawk M6 Pro through FirstNET (AT&T) and am unfortunately also having "difficulty" as the other posters on this forum with placing the M6 (or any other AT&T gateway for that matter) into proper IP Passthrough mode. I debated purchasing a "more advanced" gateway that is "FirstNET ready/certified", but I had previously tried two other "3rd party, non-AT&T branded gateways" and had to have the device IMEI and SIM provisioned every month while on regular AT&T via a data-only SIM plan reseller (or else connection would revert to 0.3UL/0.1DL if I didn't call for them to reset this every week or so). Also, since AT&T is the ONLY wireless carrier that works out here (other wireless devices work, but all are roaming on AT&T towers), imagine what happens at around 5pm-2am every day...speeds go from a useable 10-15 Mbps down to 0.5 Mbps on AT&T. Since I am eligible for FirstNET, I went that route, because during peak usage times, I'm now shifted to Band 14 and am no longer stuck in the oversold B12/B66, etc. pipes, which is critical if I need the access for work. I went with the "preferred device" from FirstNET (they offered M6 or M6 Pro - the M6 Pro has the X65 chip with "better antennas" with internal 4x4 MIMO setup and also supports 2.5Gbps LAN and 6.0Ghz WiFi when the battery is removed - 6.0Ghz is currently only authorized indoors so I completed initial setup with dual 2.4/5.0 to be FCC compliant, just in case), since carriers have a habit of bumping non-branded 3rd party devices off their network (at least in my previous bad luck experiences).
Here's what I did to get my setup mostly useable in the short-term:
I changed the default gateway (M6) IP from 192.168.1.1 to 192.168.2.254 to avoid any potential conflicts. I switched the DHCP range to mimic this from ...2.1 to .2.99
My ASUS RT-AX68U default is 192.268.1.1, so I changed this to 192.168.0.1 to again avoid any potential conflicts. The router automatically fixed the DHCP range to correspond to the IP change.
The "advanced" tab on the M6 gateway allows disabling DHCP. When doing so, it would not pass through the WISP connection (router let me know DHCP is broken from ISP after I disabled gateway DHCP,) so I had to reenable this. The only "working" option is to check the "IP Passthrough" box, which disables the gateway WiFi. The ASUS router sees the connection via Ethernet, and connectivity to the web is available, but the IP address assigned to the router (from the 2.5Gbps Ethernet on the M6 to the WAN on ASUS) is 10.XX.XXX.XX or other derivative, which shifts periodically, I'm guessing due to lease time. This is a private IP assigned to the router WAN from the gateway (the ASUS is kind enough to tell me this, and a quick check to try to enable DDNS confirms "sorry, your router is in a double-NAT situation".
I can connect to router on the X.0.1 and the gateway on X.2.254 no problem to make changes to settings on either device.
I just completed this rough setup yesterday evening and have not had any web connection drops, but the speed is definitely slower than the gateway by itself. The gateway is currently inside the house while I am testing this, but speed difference is around 10 Mbps slower with router after gateway. Once mounted up high outside for the remarkably better connection (boosts connection by over 25 Mbps on average), the 2.4/5.0 signal is too weak for inside the house if I reenable WiFi (by turning off IP Passthrough). The "easy" solution is to place the ASUS in Access Point AP Mode, but the primary reasons for having the ASUS in proper router mode are: 1. QoS setup by MAC/IP (a must with two kiddos in the house on such a limited connection - at best I'm looking at 45 Mbps on the most ideal days, with realistic speeds around 25-35 MBps with occasional dips to 5-15 Mbps) 2. Advanced routing and network monitoring (I am not an IT technician by trade, but enjoy dabbling on user level side and seeing what is going on and the flexibility for media/printer servers, etc. with proper router) 3. VPN option for all devices connected to the ASUS, which is required for work (and also if I feel the need to watch the occasional regional content such as European TV streaming without hitting the region blocks).
How do I:
Place the gateway into "true" Passthrough Mode to resolve double-NAT on the ASUS/connected devices side and avoid any other potential related hiccups for when I need to VPN to work?
Allow the router to receive a public IP address instead of the private IP address from the gateway?
My first inclination is to skip all the steps and just put the router in the DMZ behind the gateway (at least that is an option), but I've ran into issues before in the past with the simple "fixes" like this and am looking for a long-term solution. Not even sure if the DMZ solves all the potential issues, as it may just be the placebo pill effect.
If you made it this far, I thank you for reading and hope someone with the motivation and knowledge chooses to help me and others in this situation out.