What is the main risk when selecting a SIM8202G module for industrial gateway remote communication?

Assuming cellular connectivity at remote sites is reliable for real-time SCADA. In a 4-site deployment, each TAC change triggered a 2-5 minute gateway outage (3.7 events per month). At -112 dBm LTE RSRP the module fell back to 3G with 25 kbps throughput, insufficient for 128-byte SCADA polling across 45 RTUs at a 500 ms cycle target.

Which technical constraint matters most for this industrial gateway 5G/LTE deployment?

IPsec VPN tunnel re-establishment after cellular IP change. Without MOBIKE (RFC 4555), the gateway's dynamic DNS record cached the old IP at 300 s TTL, delaying VPN reconnection by an average of 4.2 minutes per event. Enabling MOBIKE with UPDATE_SA_ADDRESSES reduced reconnection time to under 30 seconds.

Can the same SIM8202G module be reused in adjacent industrial products?

Yes. Agricultural weather stations, oil/gas pipeline monitors, and construction site security cameras face identical constraints: cellular TAC boundary crossings, dynamic IP changes, and low RSRP in remote terrain. Each site needs individual link budget analysis using the production antenna and enclosure.

Industrial Gateway Remote Communication Case Study – 5G/LTE Module for SCADA

Blog 2026-06-10

Industrial Gateway Remote Communication — 5G/LTE Module Case Study

Q: What validation metrics should teams track for this deployment?

Track cellular link uptime percentage (target >99.9%), VPN tunnel re-establishment time after IP change (target 99%), and SCADA polling success rate at the required interval (128-byte packet every 5 s across all RTUs).

Key Overview

Who this is for: Embedded engineers, product managers, and IoT solution architects evaluating 5G/LTE module choices for edge gateways and related connected devices.

Core Issue: Industrial gateways need long-term online stability for remote monitoring, telemetry forwarding, and maintenance in harsh factory environments.

Key Conclusions: This industrial gateway remote communication case study evaluates the SIM8202G 5G module in a four-site deployment across mountainous terrain for SCADA remote monitoring. Three specific failure dimensions were identified: (1) cellular TAC (Tracking Area Code) change during inter-site roaming caused the SIM8202G to re-register on the LTE network, taking 2-5 minutes during which the gateway was unreachable and the SCADA master logged “Site offline” for all 45 RTUs behind the gateway; (2) IPsec VPN tunnel (IKEv2) did not automatically re-establish after the gateway’s public IP changed following a cellular TAC change, because the DNS A record for the gateway’s dynamic DNS hostname still had the old IP cached (TTL 300 s), and the VPN client’s IKE_SA_INIT request was routed to the wrong IP address; (3) at Site C with -112 dBm LTE RSRP (15 km from the nearest tower, mountainous terrain with tree cover), the SIM8202G fell back from LTE to 3G (WCDMA) during peak network hours (14:00-16:00), reducing actual throughput to 25 kbps — insufficient for the SCADA polling rate (128-byte packets every 5 seconds across 45 RTUs). Measured improvements cover cellular link uptime, VPN tunnel re-establishment time after IP change, LTE retention rate during peak hours, and SCADA polling success rate.

Keywords: industrial gateway 5G LTE module

Definition: An industrial gateway remote communication 5G/LTE module (such as the SIMCom SIM8202G) is a cellular-capable embedded module integrated into industrial edge gateways that enables SCADA remote monitoring, telemetry forwarding, and equipment maintenance in unmanned sites. Unlike consumer cellular modules, industrial gateway modules must operate under three specific constraints: (1) cellular TAC (Tracking Area Code) change events trigger 2-5 minute TAU (Tracking Area Update) procedures per 3GPP TS 23.401, during which the gateway is unreachable and the SCADA master logs all RTUs as offline; (2) IPsec VPN tunnels (IKEv2) fail to automatically re-establish after the cellular network assigns a new IP address because the DNS A record is cached (300-second TTL); and (3) at LTE RSRP below -112 dBm (mountainous terrain beyond 12 km from the tower), the module falls back to 3G (WCDMA) with only 25 kbps actual throughput — insufficient for real-time SCADA polling across 45+ RTUs at a 500 ms cycle target.

Project Background

Key Takeaway: Industrial Gateway Remote Communication depends on three independent failure dimensions: cellular TAC change disconnection (2-5 min), IPsec VPN failing to follow dynamic IP change (DNS TTL), and LTE-to-3G fallback under -112 dBm RSRP (25 kbps throughput).

A utility company was deploying remote monitoring gateways at four unmanned industrial sites (water treatment plant, oil pipeline valve station, wind farm substation, mining conveyor transfer point) to forward SCADA data from 45 RTUs to a central control room. Each gateway used a SIM8202G 5G module with LTE fallback, an IPsec VPN tunnel (IKEv2 with strongSwan v5.9) to the central office, and 12V battery backup with 4-hour runtime. The sites were in mountainous terrain at 8-15 km from the nearest LTE tower.

During the first 30 days of operation across all four sites, three problems emerged:

Failure Mode 1: Cellular TAC Change Disconnection

Each cellular TAC change event (3.7 per month average) triggered a full Tracking Area Update procedure on the SIM8202G, taking 2-5 minutes. During this period, the gateway had no cellular connectivity, and the SCADA master (Schneider Electric ClearSCADA) logged “Site offline” for all 45 RTUs behind the affected gateway.

Failure Mode 2: IPsec VPN Not Re-establishing After IP Change

After the TAC change completed and the SIM8202G received a new IP address from the cellular network, the IPsec VPN tunnel did not automatically re-establish. The gateway’s dynamic DNS record (DuckDNS, 300-second TTL) still held the old IP address. The central office VPN peer (strongSwan on Ubuntu) kept sending IKE_SA_INIT packets to the old IP, which was either dead or belonged to a different subscriber. The VPN remained down until the DNS TTL expired AND the strongSwan charon daemon’s liveness check triggered an IKE_SA re-establishment — this took an average of 4.2 minutes per event.

Failure Mode 3: LTE-to-3G Fallback at -112 dBm RSRP

At Site C (mining conveyor, 15 km from the nearest tower in a valley with tree cover), the LTE RSRP was -112 dBm during clear weather, dropping to -118 dBm during rain (ITU-R P.526-15 diffraction loss). During peak hours (14:00-16:00), when the tower gave scheduling priority to users closer to the cell, the SIM8202G fell back to 3G (WCDMA). With 25 kbps actual throughput in 3G mode, each SCADA poll (128 bytes + TCP overhead = 224 bytes) took 72 ms — across 45 RTUs polling every 5 seconds, the total cycle was 3.2 seconds, exceeding the 500 ms target.

The project goal was to configure the SIM8202G-based gateway with (a) extended TAU timer (T3412 set to 120 minutes) to minimize TAC-change re-registrations, (b) MOBIKE (RFC 4555) on the IPsec stack to enable seamless public IP change handling, and (c) LTE-only mode (AT+QCFG=”lteonly”) enforced via the gateway’s connection manager to prevent 3G fallback — all while maintaining the SCADA polling rate below 500 ms total cycle time.

Real-World Example: At Site D (mountainous remote site with -112 dBm LTE RSRP), the SIM8202G fell back to 3G during peak hours with 25 kbps actual throughput — too slow for SCADA polling (128-byte packet every 5 seconds across 45 RTUs). Adding a 12 dBi log-periodic directional antenna (L-com HG912-12P) pointed at the nearest tower improved LTE RSRP to -98 dBm, keeping the module on LTE 24/7 with 2.8 Mbps sustained throughput.

Core Challenges

Key Takeaway: The main challenge is converting three remote-site field symptoms — cellular TAC change disconnection (2-5 minutes), IPsec VPN not re-establishing after IP change (DNS TTL dependency), and LTE-to-3G fallback at -112 dBm RSRP (25 kbps throughput) — into pass/fail engineering targets.

The primary failure mode is cellular TAC change disconnection. Per 3GPP TS 23.401, when the SIM8202G moves to a new tracking area (crossing a TAC boundary), it must initiate a Tracking Area Update (TAU) procedure. The TAU request goes to the MME (Mobility Management Entity) via the eNodeB, which authenticates the device and updates its location — this takes 90-180 seconds in the best case (single TAU with no contention), and up to 300 seconds when the network is congested (the 4-site deployment averaged 4.2 minutes per event). During the TAU, the SIM8202G’s PDN (Packet Data Network) connection is suspended, the EPS bearer is released, and no IP traffic can pass. The gateway’s cellular link uptime drops from 99.9% to 99.6% across 3.7 events per month — 0.3% downtime that triggers critical SCADA alerts.

The second challenge is IPsec VPN tunnel persistence after a cellular IP change. When the TAU completes and the SIM8202G re-establishes its PDN connection, the cellular network (HSS/GGSN) assigns a new IP address from the new tracking area’s pool. The gateway’s dynamic DNS record (DuckDNS, 300-second TTL) still points to the old IP. The central office strongSwan VPN peer continuously sends IKE_SA_INIT packets to the old IP address, which is now assigned to a different subscriber (or is unreachable). The gateway cannot receive the IKE_SA_INIT because the peer’s source IP doesn’t match the expected endpoint. The MOBIKE (RFC 4555) extension is designed for exactly this scenario — it allows the VPN client to notify the server of its new IP address over the existing IKE_SA using UPDATE_SA_ADDRESSES notification. Without MOBIKE, the only recovery path is waiting for the DNS TTL to expire (300 seconds) AND the VPN client’s DPD (Dead Peer Detection) to trigger an IKE_SA re-establishment — average total time: 4.2 minutes.

The third challenge is LTE-to-3G fallback at -112 dBm RSRP. The SIM8202G’s 3GPP Release 15 RF specification requires -112 dBm RSRP sensitivity for LTE (Band 20, 800 MHz), but real-world performance depends on the tower’s scheduler. When the RSRP is at the noise floor (-118 dBm thermal noise in 10 MHz BW), the tower’s scheduler (eNodeB MAC scheduler, proportional fair algorithm) allocates fewer PRBs (Physical Resource Blocks) to fringe users during peak hours. With inadequate PRB allocation for the LTE uplink, the SIM8202G’s cell selection algorithm decides to fall back to 3G (WCDMA) where the signal is stronger but the data rate is limited to 25 kbps. The gateway then operates at 25 kbps until the LTE signal improves enough to trigger re-registration — this happens at the next cell reselection period (typically every 6 seconds via the Serving Cell Measurement Report).

TAU management: Configure the SIM8202G’s T3412 timer (extended TAU periodicity) via AT+QCFG=”tau_timer”,120 to set the TAU interval to 120 minutes. This reduces TAC-change-triggered re-registration from 3.7 events/month to <1 event/month for sites that stay within a single tracking area. For sites crossing TAC boundaries (mobile gateways on vehicles), implement a connection manager script that pre-registers with the new tracking area's MME before the TAU timeout triggers a full reconnection.
VPN persistence: Enable MOBIKE on both the gateway and central office strongSwan servers. In strongSwan, set mobike=yes in both ipsec.conf and charon.conf. Configure the gateway to send an UPDATE_SA_ADDRESSES notification within 500 ms of detecting a new IP address (via a custom udev script triggered by the SIM8202G’s IP change event). Verify the central office supports MOBIKE on the same server.
LTE fallback prevention: Lock the SIM8202G to LTE-only mode using AT+QCFG=”lteonly”,1. If the LTE signal is below -115 dBm RSRP and the connection is unstable, install a 12 dBi log-periodic directional antenna (L-com HG912-12P) pointed at the nearest tower. Test the RSRP improvement: target >6 dB improvement to keep the module above the -112 dBm fallback threshold.
Diagnostics: Log cellular RSRP, RSRQ, CQI, and ECIO per event; VPN tunnel uptime histogram; DNS A record TTL and resolution time; and TAU event count per day for field support.

Failure Modes to Design Around

Failure Mode	Likely Root Cause	Design Response
Gateway unreachable for 4-11 minutes after TAC change (SCADA master logs “Site offline”)	SIM8202G TAU procedure suspends PDN connection for 2-5 min; >5 min if MME congested	Extend T3412 timer to 120 min via AT+QCFG=”tau_timer”,120; implement MOBIKE for IP change to keep VPN alive during TAU.
IPsec VPN not re-establishing after cellular IP change (central office keeps sending IKE_SA_INIT to old IP)	DNS A record cached at 300 s TTL; no MOBIKE support; VPN DPD triggers at 120 s interval	Enable MOBIKE (strongSwan mobike=yes); send UPDATE_SA_ADDRESSES within 500 ms of IP change via udev script.
LTE to 3G fallback during peak hours (actual throughput 25 kbps, SCADA cycle exceeds 500 ms)	SIM8202G RSRP at -112 dBm threshold; tower’s PF scheduler allocates insufficient PRBs at fringe	Lock LTE-only mode AT+QCFG=”lteonly”,1; install 12 dBi directional antenna if RSRP < -115 dBm.

Solution Selection

Key Takeaway: The selected module configuration must solve three remote-site-specific problems: cellular TAC change disconnection (MOBIKE + T3412), IPsec VPN not re-establishing after IP change (MOBIKE UPDATE_SA_ADDRESSES), and LTE-to-3G fallback (LTE-only + directional antenna).

We evaluated three SIM8202G-based gateway configurations: (A) stock configuration with default TAU timer, IPsec without MOBIKE, automatic network selection (allows 3G fallback); (B) configuration with T3412 extended to 120 minutes + MOBIKE enabled on IPsec, but automatic network selection still enabled; and (C) full configuration with T3412 extended + MOBIKE + LTE-only mode + 12 dBi directional antenna at Site C. Each was tested at the four remote industrial sites over 30 days of continuous operation.

Option	Architecture	Cellular Link Uptime (30 days)	VPN Re-establishment Time (IP change)	LTE Retention Rate (peak hours)	SCADA Poll Success (500 ms target)
Baseline	Default SIM8202G, no MOBIKE, auto network selection	99.2%	4.2 min (DNS TTL + DPD)	74%	82%
Candidate	T3412 extended + MOBIKE, auto network selection	99.6%	8 s (MOBIKE)	74%	88%
Selected	T3412 extended + MOBIKE + LTE-only + directional antenna	99.98%	8 s (MOBIKE)	99.9%	99.7%

Option C was selected. The three critical design decisions were: (1) extending the T3412 TAU timer from the default 54 minutes to 120 minutes via AT+QCFG=”tau_timer”,120 — this reduced TAC-change-triggered PDN suspension events from 3.7 per month to 0.8 per month for the three fixed-site gateways (the wind farm gateway still saw 2.1 events per month due to its larger physical footprint crossing multiple tracking areas). (2) Enabling MOBIKE on both the gateway’s strongSwan (charon.conf: mobike=yes) and the central office VPN peer — when the SIM8202G received a new IP address after a TAU, the gateway’s udev script detected the IP change event and sent an UPDATE_SA_ADDRESSES notification within 500 ms. The central office VPN peer updated its endpoint address and continued the IKE_SA without any interruption — VPN re-establishment time dropped from 4.2 minutes to 8 seconds. (3) Configuring the SIM8202G to LTE-only mode (AT+QCFG=”lteonly”,1) and installing a 12 dBi log-periodic directional antenna (L-com HG912-12P) at Site C — the antenna improved RSRP from -112 dBm to -98 dBm (14 dB gain), keeping the module permanently on LTE and eliminating the 3G fallback during peak hours.

Real-World Example: During the 30-day validation across four remote sites, the SIM8202G with T3412 extended + MOBIKE + LTE-only mode + directional antenna increased cellular link uptime from 99.2% to 99.98%, reduced VPN re-establishment from 4.2 minutes to 8 seconds per IP change event, and maintained LTE connectivity 24/7 at Site C (previously falling back to 3G every day at 14:00). SCADA polling success rate at the 500 ms target improved from 82% to 99.7%.

Key Specifications

Key Takeaway: For industrial remote communication gateways using cellular links, TAU timer configuration, MOBIKE compatibility, and LTE retention at -112 dBm RSRP are the critical specs — not the module’s peak 5G throughput.

The specification profile below was measured with the SIM8202G module in the production industrial gateway enclosure with the stock dipole antenna (2 dBi, 2.4-2.7 GHz, 50 ohm) at the worst-case installation point (Site C, 15 km from the nearest tower in a valley with tree cover). Cellular link uptime measured over 30-day continuous operation across all four sites. VPN re-establishment time measured after each cellular TAC change event (3.7 events per month average). LTE retention measured during peak hours (14:00-16:00 local time).

Module Specifications

Parameter	SIM8202G Measured Value
Module / Chipset	SIMCom SIM8202G, Qualcomm Snapdragon X55, 5G NR Sub-6 + LTE Cat 22
Cellular Link Uptime (30 days)	99.98% (with T3412 extended + MOBIKE + LTE-only + directional antenna)
VPN Re-establishment Time (IP change)	8 s (with MOBIKE; was 4.2 min without)
LTE Retention Rate (peak hours)	99.9% (with LTE-only mode + directional antenna; was 74%)
SCADA Poll Success Rate (500 ms target)	99.7% (was 82% at baseline)
LTE RSRP at Site C (15 km, valley)	-98 dBm (with 12 dBi directional antenna; was -112 dBm with stock antenna)
TAU Events per Month	0.8 (fixed sites, T3412=120 min; was 3.7 at default)
Radio Standards	5G NR Sub-6, LTE Cat 22, WCDMA (LTE-only mode used)
Max 5G NR Throughput	2.5 Gbps (DL) / 900 Mbps (UL) — not the limiting factor for SCADA
Host Interface	USB 3.0 / PCIe 3.0 / UART / I2S
Operating Temperature	-40°C to +85°C
Unit Cost (5k qty)	$89.00

Deployment Configuration

Parameter	Configuration
TAU Timer (T3412)	120 minutes (AT+QCFG=”tau_timer”,120)
Network Selection	LTE-only (AT+QCFG=”lteonly”,1)
VPN Protocol	IPsec IKEv2 with MOBIKE (strongSwan 5.9, mobike=yes)
Antenna (Site C only)	L-com HG912-12P, 12 dBi log-periodic, directional
Antenna (Sites A, B, D)	Stock 2 dBi dipole (included with SIM8202G EVB)
Dynamic DNS	DuckDNS with 60 s TTL (reduced from 300 s)
Battery Backup	12V, 4-hour runtime (sealed lead-acid)

Implementation Results

Key Takeaway: Over 30-day validation across four remote sites, the configured SIM8202G gateway achieved 99.98% cellular link uptime, 8-second VPN re-establishment after IP changes, and 99.7% SCADA polling success at the 500 ms target — meeting all project requirements.

The full configuration (Option C: T3412 extended + MOBIKE + LTE-only + directional antenna at Site C) was deployed across all four industrial sites and validated for 30 continuous days. The table below summarizes the before-and-after metrics measured at each site:

Metric	Before (default SIM8202G config)	After (T3412 + MOBIKE + LTE-only + 12 dBi antenna)
Cellular Link Uptime (30-day avg)	99.2%	99.98%
VPN Re-establishment Time (post-IP change)	4.2 min	8 s
LTE Retention Rate (Site C, peak hours)	74%	99.9%
SCADA Poll Cycle Time (45 RTUs, p95)	1.8 s (during 3G fallback)	380 ms
“Site Offline” Alarms in ClearSCADA (per month)	11+ (3.7 TAC events × 3+ alarms per event)	0

These results are specific to the 4-site remote industrial gateway deployment using SIM8202G modules. Sites with different cellular operators (different TAU timer defaults), different terrain (less than 15 km to tower), or different VPN peer stacks (OpenVPN vs. strongSwan) will see different absolute numbers. The evaluation methodology — measuring cellular link uptime via AT+QENG serving cell output, VPN connection persistence via strongSwan charon status logs, and LTE retention rate via continuous RSRP logging — transfers to any remote industrial gateway deployment where cellular connectivity is the primary WAN link.

Production Validation Checklist for Cellular-Based Remote Industrial Gateways

Use this checklist as the release gate for any SIM8202G-based remote gateway deployment:

TAU event test: Log the cellular TAC (Tracking Area Code) from the SIM8202G via AT+QENG=”servingcell” for 7 days. Count TAU events (any TAC change). If events exceed 5 per month, configure T3412 extended TAU timer via AT+QCFG=”tau_timer”,120. Verify the gateway stays online during TAU with MOBIKE.
VPN persistence test: Force a cellular IP change by sending AT+COPS=2 (detach from network) then AT+COPS=0 (auto attach). Measure VPN re-establishment time from the strongSwan tunnel status. Target: <30 seconds with MOBIKE enabled. If MOBIKE is not available, configure a VPN liveness check script that fast-resolves the DNS A record every 30 seconds.
LTE fallback test: Lock the SIM8202G to LTE-only mode (AT+QCFG=”lteonly”,1). Measure RSRP at the installation point for 24 hours. If RSRP drops below -115 dBm at any point (indicating the module is at the network’s fringe), install a directional antenna (12 dBi log-periodic minimum) pointed at the nearest tower. Verify RSRP stays above -105 dBm after installation.
SCADA polling validation: Simulate the full SCADA polling cycle at the configured interval (e.g., 128-byte polls every 5 seconds across all RTUs). Measure the end-to-end cycle time from the central office. Target: p95 cycle time <500 ms. If cycle time exceeds 500 ms, check cellular latency (ping RTT from gateway to central office; target <100 ms).
Evidence package: Store cellular serving cell log (7 days), VPN status histogram, RSRP 24-hour trace, and SCADA poll timing report with the release record.

Applicable Scenarios

Key Takeaway: The T3412 TAU configuration, MOBIKE VPN persistence method, and LTE fallback mitigation with directional antenna design transfer to any remote industrial gateway deployment where cellular connectivity is the primary WAN link.

The 4-site remote gateway methodology — measuring TAU events via AT+QENG serving cell logging, configuring T3412 extended TAU timer and MOBIKE for seamless IP change handling, and specifying directional antennas for LTE fringe-area sites — applies to any industrial gateway deployment where cellular backhaul is the only connectivity option. For each product, adjust the TAU timer value, MOBIKE enablement, and antenna gain based on the specific cellular operator, site terrain, and VPN infrastructure.

This case study’s architecture and validation apply to the following scenarios:

Edge Gateways (SCADA RTUs, PLC data concentrators, remote terminal units): The TAU management is the critical first step for fixed-edge gateways. Log the serving cell TAC change count per month using the SIM8202G’s AT+QENG statistics. If the gateway stays within one tracking area (typical for a fixed industrial site), extend T3412 to 120 minutes. If the gateway is mobile (on a vehicle or moved between sites), keep T3412 at the default and implement MOBIKE as the primary IP change handling mechanism. Verify that the MOBIKE peer (central office strongSwan) has the same IKE version (IKEv2) and mobike=yes configured.
Remote Monitoring Boxes (unattended weather stations, pipeline corrosion monitors, wellhead sensors): These boxes typically have very low data rates (1-10 kbps average) and run on battery or solar power. The SCADA polling requirement is less demanding but the LTE fallback problem is worse — the RSRP tends to be even lower because these boxes are in the most remote terrain. The directional antenna solution is the highest-impact change: install a 12 dBi log-periodic antenna (such as L-com HG912-12P for 700-2700 MHz) in a weatherproof radome. For solar-powered boxes, ensure the antenna is mounted at least 2 m from the solar panel to avoid RF shadowing.
Machine Network Gateways (mobile equipment on mining/conveyor sites, drill rigs): Mobile gateways on mining equipment cross multiple TAC boundaries frequently (often 10+ events per day). The TAU-MOBIKE interaction is critical — MOBIKE must handle the IP change during each TAU, and the T3412 extended timer is counter-productive for mobile gateways (it delays the TAU and may cause the network to drop the PDN connection unexpectedly). For mobile gateways, configure MOBIKE with the default TAU timer and implement a DNS-based failover script as a backup (resolves the gateway’s hostname every 60 seconds and updates the VPN peer address).

References

3GPP TS 23.401 V17.6.0 — “General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access.” §5.3.3.2 Tracking Area Update procedure timing and T3412 timer specification.
SIMCom SIM8202G AT Command Manual V2.0 — AT+QCFG=”tau_timer” (TAU extended periodicity), AT+QCFG=”lteonly” (LTE-only mode), and AT+QENG=”servingcell” (RSRP/RSRQ/CQI measurement reporting).
RFC 4555 — “IKEv2 Mobility and Multihoming Protocol (MOBIKE)”. IKE_SA IP address change handling via UPDATE_SA_ADDRESSES notification.
ITU-R P.526-15 — “Propagation by diffraction.” Diffraction loss calculation for tree-covered terrain at 800 MHz (LTE Band 20).
strongSwan 5.9.x Configuration Manual — mobike=yes parameter in charon.conf for MOBIKE support, charon.dpd_delay for dead peer detection interval.
L-com HG912-12P Datasheet — 12 dBi log-periodic directional antenna, 806-960 MHz (LTE Band 20, 800 MHz), 50 ohm, N-female connector.

Frequently Asked Questions

Key Takeaway: The three most common questions about industrial gateway cellular module deployments center on VPN persistence after IP change, LTE fallback prevention, and antenna selection for marginal signal conditions.

What happens to the IPsec VPN when the cellular network assigns a new IP address?

Without MOBIKE (RFC 4555), the VPN tunnel breaks and cannot re-establish until the DNS TTL expires (300 seconds by default) AND the VPN peer’s Dead Peer Detection (DPD) triggers an IKE_SA re-establishment — averaging 4.2 minutes of downtime. With MOBIKE enabled (strongSwan mobike=yes), the gateway sends an UPDATE_SA_ADDRESSES notification within 500 ms of detecting the new IP address, and the VPN peer updates its endpoint without interrupting the IKE_SA. In our 30-day validation, MOBIKE reduced VPN re-establishment time from 4.2 minutes to 8 seconds per IP change event.

Why does the SIM8202G fall back to 3G even when LTE is available at -112 dBm RSRP?

The tower’s eNodeB MAC scheduler uses a proportional fair algorithm that allocates fewer Physical Resource Blocks (PRBs) to fringe users during peak hours. When the RSRP is at -112 dBm (near the thermal noise floor of -118 dBm in 10 MHz BW), the scheduler starves the fringe user of PRBs. The SIM8202G’s cell selection algorithm interprets the inadequate PRB allocation as a loss of LTE service and falls back to 3G (WCDMA), which has lower throughput but stronger signal at the fringe. The fix is twofold: (1) lock LTE-only mode (AT+QCFG=”lteonly”,1) to prevent 3G fallback, and (2) install a high-gain directional antenna to improve RSRP above -105 dBm.

Can the same MOBIKE configuration work with OpenVPN or WireGuard?

MOBIKE is specific to IPsec IKEv2 (RFC 4555). OpenVPN has its own “remote ip change” handling via the float directive, which allows the server to accept packets from a different source IP during an active session — similar behavior but different protocol. WireGuard has built-in roaming support by design — when a peer’s IP address changes, the other peer automatically updates its endpoint after receiving an authenticated packet from the new IP. Both alternatives are valid, but we validated MOBIKE with IPsec/strongSwan because the customer’s central office already used strongSwan. For new deployments, WireGuard’s built-in roaming is simpler to configure and does not require any special MOBIKE setup.

What validation metrics should teams track for this deployment?

Track the four primary metrics we used: (1) Cellular link uptime percentage — target >99.9% measured over 30 days; (2) VPN tunnel re-establishment time after IP change — target <30 s with MOBIKE; (3) LTE retention rate during peak hours — target >99%; (4) SCADA polling success rate at the required interval — target >99% for 128-byte packets every 5 seconds across all RTUs. Secondary metrics: TAU event count per day per site, DNS A record resolution time, and VPN DPD-triggered re-key events. Log all metrics at 15-minute intervals for field support.

▶ Related Pillar Guide: For a broader chipset selection framework connected to this case, see the Qualcomm WiFi Chipset Complete Guide for Embedded & Enterprise featuring comparison tables, reference design support, and selection criteria.

Published: January 15, 2026 | By: Zukaka Engineering Team | Last Updated: June 6, 2026

Editorial note: reviewed for scenario-specific 5G/LTE module selection, field validation value, and people-first technical usefulness.