The normal Internet access is via a fiber connection which at present operates at 1 Gb/sec up and down. The connection has operated almost without flawlessly since I got it circa 2006.

But, but, but. There is always the chance that the fiber is cut, e.g. when somebody starts digging without having obtained proper information on what already may be buried in the ground (power cables, antenna cables, telephone cables , water piping, sewage piping, you name it)

So the idea arose of having another way of connecting to the internet in case the fiber connection for whatever reason stopped functioning. This allows for at least two things:

• It allows connecting to the Internet from the LAN for browsing, email etc. The details on how this is done in practice are Redundancy
• By itself it doesn't allow for incoming connection to publicly accessible server on the LAN. But since we are two persons working on this from different locations it became evident that an alternative was possible: By establishing a tunnel between our sites we could make it possible to access our own servers by connecting to the other's LAN using special addresses. The 'other' LAN could then route the connection back through the tunnel to the desired destination. Of course this scheme would break down if both sites lost their fiber connection simultaneously.

This note describes how this alternative Internet access way is constructed.

The access device used is an USB stick (dongle), in casu a Huawei E3372 LTE modem. A SIM card from Lebara completes the setup.

A good question is: where to place the dongle: In the primary (fiber) router or in a separate router dedicated to the purpose. The answer in this situation became a separate router because having to distinct router gives an extra degree of redundancy.

The alternative router is a RaspberryPi 3B running “Raspbian GNU/Linux”, at present at version 11 (bullseye)

The primary router is a 3-port APU2E5 from PCengines running Gentoo Linux.

Once decided to have two routers on the LAN you have to use a routing protocol in order to keep the routers updater on each other. The general routing protocol setup is described in Routing

We have decided to solely use IPv6 for this function. Each of us have delegated a /64 sub-domain of our IPv6 allocation to the other. We have also set up routing tables so that connection requests to this sub-domain are routed through the tunnel back to the other.

The details of the sub-allocation and the routing is described in Alternate routed address space

Connecting back to our servers through the tunnel does not require actions beyond what is described above. If, however, it should be necessary to use the sub-delegated addresses as source address for sending mail, further action is required.

In order to have our sent email properly accepted by foreign mail server it is necessary to provide reverse name lookup for the mail servers. For practical reasons we decided to delegate the administration of the delegated sub-domain to the one that uses it. Details of the name space delegation is described in IPv6 Cross allocation