LTE Home Internet

Don't tell AT&T

Since I live 2 miles away from anything my internet options are... limited. If you hop on CenturyLink's internet purchasing tool I have an option for up to 10mbps, though my house was thankfully grandfathered in at the old 15 mbps (for $70+) rate. This is not great. 2 miles down the road you can get Wave gig, and a road over (1 mile) CenturyLink offers a respectible 60Mbps.

Maybe cellular service could be my salvation - I've got a 5G-capable smartphone that's seen as much as 168 Mbps at the bottom of the hill (4ish miles away).


My service provider for cellular is T-Mobile, and aside from the internet-connected personal CellSpot device I have installed I get 0 signal anywhere in the house.

Verizon and AT&T, however, do get some level of service in my front yard, and in an effort to capitalize on that signal I'm currently engaged in a project to install LTE internet at my house. BTW - even though both T-Mobile and Verizon offer home internet, neither is available at my location (of course). So this will be a more DIY project.

Planning Phase

I did quite a bit of research into the topic of LTE home internet, thanks to LTEHacks, Whirlpool and Reddit I came to the conclusion that AT&T was probably my best bet for service. T-Mobile was out due to the aforementioned lack of signal, and Verizon apparently has a 50GB/month soft cap that's enforced. AT&T has some congestion throttling, but so long as I do my serious downloading overnight this cap should be workable.

I purchased a Red Pocket GSMA sim with 1GB of data for $10, installed it in an old Pixel 1st gen and tested various points around my room. The best service (~40Mbps) was available with my window open (untenable - I get cold). The second-best service is within a weird attic/crawl-space area off to the side of my room. Some electrical and telecommunication wiring already exists in the crawlspace, though no exposed outlets were present. I decided, however, that this would be the best place for the LTE router/modem that I was looking to acquire.

Initially, I wanted to get a MOFI4500 SIM4 for ease-of-use, but pricing (even used) pushed me to look at other options. I settled on building my own modem/router - and with my limited signal I felt dropping several hundred on the setup might be overkill. I got a used ZBT WE826 and a Dell-branded Sierra EM7455 modem. I also purchase an m.2 to Mini-PCIe adapter and a set of U.FL to RP-SMA antenna wires. By the way, RP in this case stands for rever-polarity, don't buy these, buy plain-Jane SMA-type ones otherwise you won't get any signal.

The Initial Installation

Once I got my parts in I made an attempt at getting everything setup - the first hurdle was replacing the RP-SMA antenna plugs with SMA antenna plugs. Using some scripts found on Daniel Wood's GitHub for Sierra Modems (a super-useful resource), I converted my Dell modem to a "Generic" card. Then I encountered a "MISMATCHED FW" error within the router which prevented the modem from exiting low-power mode. I fixed that by flashing a firmware (twice) with the above script after having initially attempted the manual FW install steps on Linux. Finally, after putting the card back into the WE826 (I did the firmware flashing in a Dell laptop sans USB adapter) and insterting my Red Pocket SIM, I was connected. In my window I recieved a whopping 4 Mbps up to 12Mbps if I was lucky.

Placing the card into my OnePlus 6t I found that I could get up to 50Mbps, but if I attempted to do hotspotting I would drop to 15Mbps (even using the phone for running the test). It seemed that just having hotspot active seemed to lower my speeds. Rooting the phone, installting the VPN hotspot application, VPNing to my workplace, and using USB tethering seemed to resolve the issue. Only together were these settings impactful, individually I was limited to anywhere from 5 (no VPN) to 15Mbps.

All of that got me a USB-tethered speed of 42Mbps max in Steam (Update: I've seen as high as 63Mbps after about a month of use).

Router Troubleshooting

Following the initial failure of my fancy router setup to deliver optimal speeds, I moved locations. I found that placing the router in the attic on the eastern side of the house yeilded the best speeds - however, I was still limited to ~20 Mbps. After over an hour of crouched walking in the attic I gave up and accepted that I may not be able to use this as a home internet solution. Still - I figured that I could get some of the wiring in place in case something like Starlink became availble or I figured out what was up with my router setup. I ran a spare Cat5 cable from a security system across the attic and into the crawl space next to a bedroom (70s houses, man). That cable went into a POE-capable switch and I installed a 12v adapter to the router end, allowing my to forego running power into the attic. This setup got the router powered up and a laptop connected to the switch onto the net.

At this point I ran another speedtest and was given a bit of a suprise - nearly 40Mbps down. Apparently the talk about the WE826 having terrible WiFi had not been simple exaggeration, it really is a terrible wireless router.

I plugged in an Asus "Dark Knight" RT-N66U router configured to run in bridged mode and was able to pull a very similar downlink figure from a device configured to use the bridge-AP wireless network. I disabled the WE826's wireless functionality at this point.

Finally, I installed an outlet to power everything and was off to the races with a somewhat functional setup.

Configuring a VPN

As much as I appreciate T-Mobile for making cellular service cheap enough for my parents to add me to there plan many years ago, their support of anti-net-neutrality functionality grinds my gears a bit. Years ago they introduced a "Stream On" service that throttles video traffic on their network to roughly 480p H.264, AT&T has implemented a similar "service" onto their prepaid plans which makes watching TV on a proper television not fun. One option might be a more expensive service, however, my current plan is as high as it gets on AT&T prepaid and I'd rather not go post-paid and concern myself with the logistics around potential credit checks and whatnot while I'm still worried about simply getting booted from the network for higher-than-normal utilization.

The solution, at least for now, is to make use of of a VPN to avoid my traffic being seen a media traffic. Assuming a large enough VPN pipe is made available, it should be possible to stream 1080p or better over a VPN on any of the major providers.

I've previously configured a Wireguard server at my place of work, and OpenWrt purports to support WireGuard. However, the custom modem-centric build that I have soft-bricks the WE826 when I install the kmod package for Wireguard. I figure it would be cool to build a security appliance and VM host with an old AMD AM1 5150-based ITX machine I had in a closet. I purchased a 2-port gigabit pci-e networking card and installed it upon arrival. I installed proxmox for easy management of my router/firewall VM and then configured networking and an install of Vyos. Within an hour I had configured a basic router and could plug my laptop into the LAN port of the 2-port card, obtain a DHCP IP address and route out to the greater web. Sweet.

Trouble was setting up bridged networking also isn't easily doable on Rooter (the custom OpenWrt firmware I previously mentioned), and the Double-NAT setup was not allowing the incoming handshake to work properly for wireguard, nor could I make use of the abundant CPU resources provided by the 5150 to get sufficient OpenVPN bandwidth (same double-NAT problem I guess). This issue was present on the X86 version of OpenWRT that I installed as a VM as well, eliminating a VyOS misconfiguration as the source of my problems.

The solution: ditch Rooter and go straight to the source. I pulled an img for OpenWrt Mips-24 something or other and flashed the CLI-only version of OpenWRT. I then had to modify some configs to get an internet connection through the WE826's LAN port to my DSL modem and got Luci (web gui) and wireguard packages, as well as everything required to utilize the sierra modem as my WAN installed successfully. The configuration of Wireguard on the WE826 was fairly straighforward after this, with the only real issues being a result of my own inexperience configuring WireGuard beyond using their provided clients.

Since then...

Everything above this section was published around January of 2021. Since then the biggest changes have been to the service plan and my choice of modem/router hardware. I've got a service tier that no longer throttles video - so the VPN at the router level is gone. I ditched the WE826 (and a similar WE3526) and utilized a Netgear Nighthawk M1 for about 8 months - that device worked fairly well minus a couple things: a 20-device limit that had some odd enforcement mechanism (initially thought to be via DHCP leasing, but an external DHCP server failed to correct devices getting booted off the network) and the M1 introduced about 10ms of additional latency. Regular reboots were needed to maintain service, but the ~70Mbps (as high as 130Mbps) was so much better than CenturyLink that this was doable.

However, in June 2022 my Nighthawk bricked and in searching for a replacement picked up a Cradlepoint AER3100 off of Ebay for $120. This thing is very much enterprise-oriented. Rack-mount 1u design, dual-modem capable and a whole slew of router management options that blow the Netgear out of the water. It's a bit of a bandwidth hit (Ive maxed this unit near 80Mbps on the cat 6 modem that came with it) but the stability of the connection is basically perfect. I'm fully confident that a UPS and this router is more stable than my CenturyLink line could've ever hoped to be. The 20 device limit is gone, as is the odd 10ms latency hit of the Netgear.

My recommendation:

Get something like this (Cradlepoint, maybe Mikrotik) and just forget about the consumer-grade gear.