USB tethering is used to connect your OpenWrt Router to the Internet by using the contract and 3G/4G modem of your smartphone. It's more convenient and has better performance (lower latency) than turning your smartphone into an access point and using that. It also is less of a CPU load on your phone, charges your phone, and allows you the flexibility of doing things with your OpenWrt router that you cannot do with your phone like hiding your SSID and changing Wi-Fi channel number. In order to maximize performance, you should turn your phone Wi-Fi and Bluetooth off.
WARNING: connecting your whole network to the Internet using the Smartphone might consume your monthly GB quota very fast, as other devices in the network will download updates (ahem… Windows 10) or use the network whenever they feel like without asking your permission. This is also the case for other human users.
Tested and working with a Wileyfox Swift (Android smartphone) with a router running OpenWrt “master” (built from source) as of 25/04/2018. Building from source isn't necessary for this, I did it for other reasons.
Tested and working with an IPhone8 and X running IOS 13.1.3 with OpenWrt version 18.06.4 on a HooToo HT-TM02 (TripMate Nano) v1.5
Sharing the router's internet connection with a device over USB (which is the reverse of this) is described in smartphone.usb.reverse.tethering
install some Kernel packages to get USB tethering support.
opkg update opkg install kmod-usb-net kmod-usb-net-rndis kmod-usb-net-cdc-ether
There is also kmod-usb-net-ipheth package whose description is “Kernel support for Apple iPhone USB Ethernet driver”, which might be necessary if you want to tether from an iPhone. Can users with iPhones confirm if this is needed or not? Confirmed that kmod-usb-net-ipheth is needed for IPhone.
Download these Packages:
opkg update opkg install kmod-usb-net kmod-usb-net-rndis kmod-usb-net-cdc-ether kmod-usb-net-ipheth usbmuxd libimobiledevice usbutils
Still not sure if kmod-usb-net-ipheth is needed. I installed it and did no further testing. Confirmed that kmod-usb-net-ipheth is needed for IPhone
you now should get the trust-question on your iPhone and the eth-interface should come up.
Connect the smartphone to the USB port of the router with the USB cable and then enable USB Tethering from the Android settings.
If all went well you should be able to see something like the following in the kernel log
[ 168.599245] usb 1-1: new high-speed USB device number 2 using orion-ehci [ 175.997290] usb 1-1: USB disconnect, device number 2 [ 176.449246] usb 1-1: new high-speed USB device number 3 using orion-ehci [ 176.654650] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-f1050000.ehci-1, RNDIS device, ee:da:c0:50:ff:44
Note how the last line tells us that this new “RNDIS device” was bound to interface usb0. The above messages will not be shown with IPhone tethering.
Create a new interface called TetheringWAN (or however you like), and bind to it the new *usb0* network device (or for some cases '*eth1*, check what the log is saying in your case), set the protocol to DHCP client mode, and place it into the WAN firewall zone.
Write this in your console if you are using SSH or serial connection:
uci set network.TetheringWAN=interface uci set network.TetheringWAN.proto='dhcp' uci set network.TetheringWAN.ifname='usb0' uci set firewall.@zone.network='wan wan6 TetheringWAN' uci commit
For IPhones, replace usb0 with eth1
If you are using LuCi web interface, Click on Network, then on Interfaces, and then on the “Create new interface” button. then see the following screenshots.
First page of the Create Interface wizard.
Firewall tab of the Create Interface Wizard. Very important to set it as WAN.
And the end result in the Interfaces page.
After committing the changes the new TetheringWAN should be activated.
If it does not, write
or restart it with the buttons you find in the Interface page of LuCi Web interface.
For IPhones, you may have to disable and re-enable the Personal Hotspot/Allow Others to Join setting on the IPhone to force the OpenWrt DHCP client to get an IP address from the eth1 IPhone interface. Disabling and re-enabling the Personal Hotspot/Allow Others to Join setting on the IPhone is also required if you disconnect the IPhone from the OpenWrt USB port and re-coonect it later.
If your Android phone does not seem to detect that there is something attached to the USB port and refuses to switch to USB tethering, you might want to install DriveDroid and try to enable various methods of using USB guest for its own functionality. This does solve that issue in my phone (which is running LineageOS nightly and sometimes after I update does show this issue). You will probably need root (administrator) access on your device though.
If you don't see something like the sample kernel log output in your device's log then your device might be lacking proper USB drivers (drivers to operate the USB controllers at all). Check Installing USB drivers and report the issue in a bug report or in the mailing list, as devices should have base USB drivers integrated and working already.
For other issues it might be worth it to check the article about using RNDIS dongles as Android tethering is using the same protocol.
The original forum thread: https://forum.openwrt.org/viewtopic.php?pid=173399#p173399
The old wiki archived page https://wiki.openwrt.org/doc/howto/usb.tethering
A script that might enhance the experience (especially for iPhone users) https://github.com/LeJeko/OpenWRT-USB-Tethering
What follows are my HooToo TM02/TM03/TM04 configuration files which allow IPhone USB Tethering. In addition, these configuration files support package
openvpn is executed, all traffic from the HooToo TM02 Wi-Fi and Ethernet ports are routed to the VPN through the IPhone. Otherwise, all traffic from the OpenWrt Wi-Fi and Ethernet ports go directly to the IPhone.
openvpn can be executed from the OpenWrt command line after SSHing into the OpenWrt device. Note that many VPN providers support OpenVPN.
Since, OpenWrt 18.06.4, you may not be able to pipe or perform package listings after an
opkg update command. This is because there are now so many OpenWrt packages, the listings database uses up most of the available RAM. However, you can still use
opkg install to install the required packages without any issue. After installing the required packages, reboot the OpenWRT device to free up the RAM taken by the OpenWRT package database and everything will work fine.
config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '0' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'server' option ra 'server' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update'
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan list network 'lan' option input ACCEPT option output ACCEPT option forward ACCEPT config zone option name wan list network 'wan' list network 'wan6' list network 'vpn' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wan # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option name Allow-DHCP-Renew option src wan option proto udp option dest_port 68 option target ACCEPT option family ipv4 # Allow IPv4 ping config rule option name Allow-Ping option src wan option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT config rule option name Allow-IGMP option src wan option proto igmp option family ipv4 option target ACCEPT # Allow DHCPv6 replies # see https://dev.openwrt.org/ticket/10381 config rule option name Allow-DHCPv6 option src wan option proto udp option src_ip fc00::/6 option dest_ip fc00::/6 option dest_port 546 option family ipv6 option target ACCEPT config rule option name Allow-MLD option src wan option proto icmp option src_ip fe80::/10 list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family ipv6===/etc/config/firewall=== option target ACCEPT # Allow essential incoming IPv6 ICMP traffic config rule option name Allow-ICMPv6-Input option src wan option proto icmp list icmp_type echo-request===/etc/config/firewall=== list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type list icmp_type router-solicitation list icmp_type neighbour-solicitation list icmp_type router-advertisement list icmp_type neighbour-advertisement option limit 1000/sec option family ipv6 option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic config rule option name Allow-ICMPv6-Forward option src wan option dest * option proto icmp list icmp_type echo-request list icmp_type echo-reply list icmp_type destination-unreachable list icmp_type packet-too-big list icmp_type time-exceeded list icmp_type bad-header list icmp_type unknown-header-type option limit 1000/sec option family ipv6 option target ACCEPT config rule option name Allow-IPSec-ESP option src wan option dest lan option proto esp option target ACCEPT config rule option name Allow-ISAKMP option src wan option dest lan option dest_port 500 option proto udp option target ACCEPT # include a file with users custom iptables rules config include option path /etc/firewall.user
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd87:a2c4:f87d::/48' config interface 'lan' option ifname 'eth0' option force_link '1' option macaddr '00:1c:c2:19:cc:3f' option type 'bridge' option proto 'static' option ipaddr '192.168.3.1' option netmask '255.255.255.0' option ip6assign '60' config interface 'vpn' option ifname 'tun0' option proto 'none' config switch option name 'switch0' option reset '1' option enable_vlan '0' config interface 'wan' option proto 'dhcp' option ifname 'eth1'
Note that you should use the
macaddr of your device and not the one in the above.
config wifi-device 'radio0' option type 'mac80211' option channel '11' option hwmode '11g' option path 'platform/10180000.wmac' option htmode 'HT20' option disabled '0' config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' option ssid 'TM02' option encryption 'none' # Uncomment this line if you want a hidden SSID # option hidden '1'