The Ubiquiti UniFi routers offer the ability to set up backup WAN (Wide Area Network, or.. “Internet”) connections so that your network can be resilient to issues, or even be load-balanced across multiple network connections.
A lot of people will jump to a dedicated 4G/5G modem that they can plug straight in or even UniFi’s own LTE backup option but why spend that money when you could spend a similar amount of money on a 4G/LTE modem, and bang your head against a wall to set it up a UniFi Raspberry Pi WAN failover yourself?
With a little luck, by the end of this guide, you’ll have a Raspberry Pi providing your UniFi router with a backup internet connection!
Before we get into the nitty-gritty, whilst I’m saying that this is for the UniFi/Ubiquiti ecosystem, ultimately by the end of this you’ll be able to plug any device into the Pi’s RJ45 port and access the internet via the 4G/LTE connection, be it a laptop, PC, or another type of router that offers a backup WAN option.
Table of Contents
Hardware Requirements
We’ll need a few things to get up and running, and if you’ve a recent Pi gagging for a project lying around, then good times. I’ve listed what I used for this below, though older Pi models will likely be fine with the traffic amounts these can push through.
- Raspberry Pi 5 – The Pi Hut, Amazon*
- 4G/LTE Modem – Amazon EG25* AliExpress EC25*
- mPCIe to USB adapter – Amazon 1*, Amazon 2* (I didn’t use #2, but it’s a cheaper alternative)
- UniFi router/gateway with Backup WAN – UniFi Cloud Gateway Ultra
- SIM Card – I used a spare I already had for testing, your mileage may vary!
* denotes an affiliate link. If you click and make a purchase from that link, I may receive a small commission, all of which goes back into purchasing hardware to test out here. I hope that’s OK!
If you have a Raspberry Pi 5 HAT that offers a miniPCIe connection on it and the necessary hardware to connect to a modem, then that can be used too, instead of a USB adapter.
Step 1: Setting up the Raspberry Pi
First up, we need to get the Raspberry Pi ready for action. I recommend going with Raspberry Pi OS Lite (64-bit), and if you use Raspberry Pi Imager, you can quickly enable SSH and anything else you need. As you’re going to be using the RJ45 port for connection sharing later, it may be a good idea to set up WiFi so you have something to access the Pi with once Ethernet is unavailable to you.
Once you’re logged in to your Pi via SSH, give the OS an update
sudo apt update
sudo apt upgradeAt this point, we can move on to the 4G/LTE modem.
Step 2: Configuring the 4G/LTE modem
Other guides focused on using qmcli, but with ModemManager being available by default in Raspberry Pi OS, we’re going to utilise that and make our lives a whole lot easier.
Check that the modem is detected
We can start with mmcli to list the available modems on the Pi 5
mmcli --list-modemsThis results in /org/freedesktop/ModemManager1/Modem/1 [QUALCOMM INCORPORATED] QUECTEL Mobile Broadband Module for me, so it’s there and ready. If it’s not shown, try lsusb to see if your device detects it.
Create the 4G connection with ModemManager
The next command is what we’ll use to replace perhaps 10-15 steps you’d need with qmcli. Why waste time copy lot commands when few commands do trick?
You’ll want to update the options in bold before running it. The interface will be cdc-wdm0 by default, so that’s a safe bet, but con-name, apn, and gsm.pin are all specific to you. You can set con-name to anything you like, I’ve used 4g-modem in this example. The APN depends on your mobile data provider, so if you’re unsure, reach out to their support to double-check. Finally, gsm.pin is needed if your SIM card has a PIN on it to unlock it. If you don’t have one, you can remove that from the end of the command.
sudo nmcli connection add type gsm ifname 'cdc-wdm0' con-name '4g-modem' apn 'internet' connection.autoconnect yes gsm.pin 1234Check the connection’s status
nmcli device statusWith nmcli device status we can check the status of all of the connections on your Pi 5, and you’ll end up with output similar to this. If you try it immediately after creating the connection above, you may see it initialising, if so, give it 30s or so and try again.
Check that we successfully got an IP address
Now we have a working connection, let’s confirm all is OK with ifconfig
ifconfigWhich will show output containing the following
wwan0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.x.x.x netmask 255.255.255.192 destination 10.x.x.x
inet6 2001:beep:boop prefixlen 64 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 39 bytes 3951 (3.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 2724 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wwan0 is the default name for the interface, and it will show at the end of the list, usually, and we can see that it’s gained its IP addresses just fine from the mobile carrier, so everything should now be in order and ready for testing
Confirm the connection is working!
If everything up until this point has gone smoothly, we should now have a working internet connection over the wwan0 interface via your 4G/LTE modem, so let’s test it out with a quick PING command, forcing it to use the wwan0 interface to do so.
ping -I wwan0 bret.dk -c 5If you’re getting responses, congratulations—you now have a working internet connection! However, there are still a few steps to take before you can use this as your backup internet connection.
Step 3: Setting up network routing
Once your Raspberry Pi 5 is back up and you’ve confirmed that the connection is available again (it may take a minute or so due to the checks), we can start working on pushing that LTE/4G connection out of the RJ45 port so that we can use it.
By default (with Raspberry Pi OS on the Pi 5), you’ll be using NetworkManager, so we’ll be using nmcli to help us out here.
Install required packages
sudo apt install -y dnsmasq iptables-persistentConfigure IP forwarding
sudo sh -c "echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf"
sudo sysctl -pConfigure the Ethernet interface
You’ll need to choose an IP range for the Ethernet interface. I use 192.168.1.0/24 at home, so I chose 192.168.10.1 for this. I’m also using Google’s DNS, but you can replace 8.8.8.8,8.8.4.4 with anything you like, 1.1.1.1,1.0.0.1 for Cloudflare, for example.
sudo nmcli connection add type ethernet con-name "shared-ethernet" ifname eth0 ipv4.method manual ipv4.addresses 192.168.10.1/24 ipv4.dns "8.8.8.8,8.8.4.4"Set up connection sharing
sudo nmcli connection modify shared-ethernet ipv4.route-metric 900
sudo nmcli connection modify shared-ethernet connection.autoconnect yes
sudo nmcli connection modify shared-ethernet ipv4.never-default trueSet up NAT for traffic forwarding
sudo iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wwan0 -j ACCEPT
sudo iptables -A FORWARD -i wwan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo netfilter-persistent saveConfigure dnsmasq to provide DHCP on the Ethernet interface
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.confPaste the following (changing the IP ranges/DNS server IPs if you did so earlier)
interface=eth0
dhcp-range=192.168.10.50,192.168.10.150,12h
dhcp-option=option:router,192.168.10.1
dhcp-option=option:dns-server,8.8.8.8,8.8.4.4Restart dnsmasq
sudo systemctl restart dnsmasqEnable the NetworkManager connection
BIG NOTE: When you run this command, any connection you already had on the RJ45 port will die off, so you will need to ensure you either have WiFi configured and connected, a USB Ethernet adapter, or a monitor/mouse/keyboard so that you can still access the device for any future changes that are required.
sudo nmcli connection up shared-ethernetIf everything went through without error, you should now be sharing your 4G/LTE internet connection over the RJ45/Ethernet port of the Raspberry Pi 5, and you can test it with any device you may have to hand, or go straight ahead and connect a cable from the Pi to your UniFi router to prepare for the next step.
Step 4: Configuring the UniFi router
You’ve made it a long way to this point. Congratulations. We’re on the home stretch!
Add your new WAN connection
Go to your UniFi Console, Settings, and then Internet. You should see your Primary (WAN1) connection, and just below that, an “Add WAN” button that, when pressed, will open up the view below.
Give your connection a name, “Backup Internet” or something similar, and then select the “Port” that your backup WAN connection from the Raspberry Pi is connected to on your router.
There’s an expected ISP speed option where you can state the speed of the connection, though it’s a bit random, given that the connection speed will depend on your network provider, the modem, and the mPCIe/USB adapter that you’re using. I wouldn’t worry too much, you can always do a speed test and modify it later.
I’ve used Auto for the Advanced section as it all “just works” for me, but if you want to make changes, go ahead.
Configure failover/load balancing rules
Your UniFi router offers you the ability to choose whether you want your backup connection to kick in when your primary connection drops (there’ll be a short blip where it recognises it’s dropped and switches over), or you can tell it to load balance across both connections.
I’ll be going with a straightforward failover rule as I only want to use this when my main connection is unavailable. If you live in a country where you have generous data plans and your 4G/LTE connection would help out, do look into load balancing across both.
In the above view, tick “Failover Only” for failover. With “Load Balancing”, you can choose a percentage for each connection.
Step 5: Testing the setup
There might be a slightly nicer way to test the setup, but considering I’m using “Failover Only”, I decided I’d unplug the cable for the primary connection and simulate a failure that way.
To keep an eye on how things went, I opened up a terminal and started pinging 1.1.1.1 continuously (ping -t 1.1.1.1 on Windows) and unplugged the connection
As you can see, only 2 packets were dropped during the changeover, and then the latency increased and was a little unstable. Don’t mind the high initial latency and it being all over the place afterwards, I may or may not have a VPN open and be watching Eurovision at the same time as writing this.
When we plug the primary connection back in, things will switch back over in much the same way, and we’re back to our nice fibre connection.
Troubleshooting and post-testing notes
A couple of things came up during the testing that I thought may be of use!
Raspberry Pi USB Current Limits
This caught me out at first! As I’m using an mPCIe to USB adapter, I ran into issues when I began trying to download over the modem, as it was attempting to draw more power than it could get from the USB ports, as I was testing with a 3A PSU. This resulted in the device resetting itself. Luckily, it’s a quick fix with either sudo raspi-config -> 4 Performance Options -> P4 USB Current ->Yes, or by adding the following to the /boot/firmware/config.txt file
usb_max_current_enable=1Power Consumption
Measuring using my HardKernel SmartPower 3, at idle, a Raspberry Pi 5, my mPCIe to USB adapter, and a USB Ethernet adapter are drawing around 3.3w whilst not doing anything. If I then start downloading, this jumps to around 4.5w.
Conclusion
Assuming no errors until this point, you now have a backup internet connection using your Raspberry Pi!
If you wanted to take it a step further, you could go for a 5G modem and data plan, but 5G modems are considerably more expensive still, so perhaps it’s not entirely worth it. At that point, you could just look into a travel router and use that instead, that’s probably a lot quicker too, but why go down the easy route if you can tinker with a Pi for hours instead?
