User Tools

Site Tools


docs:guide-user:network:wan:smartphone.usb.tethering

Smartphone USB Tethering to an OpenWrt router

USB tethering is used to connect your OpenWrt Router to the Internet by using the contract and 3G/4G modem of your smartphone. It's more convenient and has better performance (lower latency) than turning your smartphone into an access point and using that. It also is less of a CPU load on your phone, charges your phone, and allows you the flexibility of doing things with your OpenWrt router that you cannot do with your phone like hiding your SSID and changing Wi-Fi channel number. In order to maximize performance, you should turn your phone Wi-Fi and Bluetooth off.


WARNING: connecting your whole network to the Internet using the Smartphone might consume your monthly GB quota very fast, as other devices in the network will download updates (ahem… Windows 10) or use the network whenever they feel like without asking your permission. This is also the case for other human users.

Tested and working with a Wileyfox Swift (Android smartphone) with a router running OpenWrt “master” (built from source) as of 25/04/2018. Building from source isn't necessary for this, I did it for other reasons.

Tested and working with an IPhone8 and X running IOS 13.1.3 with OpenWrt version 18.06.4 on a HooToo HT-TM02 (TripMate Nano) v1.5

:!: Sharing the router's internet connection with a device over USB (which is the reverse of this) is described in smartphone.usb.reverse.tethering

Installation

install some Kernel packages to get USB tethering support.

opkg update
opkg install kmod-usb-net kmod-usb-net-rndis kmod-usb-net-cdc-ether

:!: There is also kmod-usb-net-ipheth package whose description is “Kernel support for Apple iPhone USB Ethernet driver”, which might be necessary if you want to tether from an iPhone. Can users with iPhones confirm if this is needed or not? Confirmed that kmod-usb-net-ipheth is needed for IPhone.

Installation for iOS 13.1.3 devices

Download these Packages:

 opkg update
 opkg install kmod-usb-net kmod-usb-net-rndis kmod-usb-net-cdc-ether kmod-usb-net-ipheth usbmuxd libimobiledevice usbutils

:!: Still not sure if kmod-usb-net-ipheth is needed. I installed it and did no further testing. Confirmed that kmod-usb-net-ipheth is needed for IPhone

execute usbmuxd

 /usr/sbin/usbmuxd -v

you now should get the trust-question on your iPhone and the eth-interface should come up.

Configuration

On the Smartphone

Connect the smartphone to the USB port of the router with the USB cable and then enable USB Tethering from the Android settings.

On the router

If all went well you should be able to see something like the following in the kernel log

  • click on Status and then on Kernel Log to see this log from the LuCi web interface
  • write “dmesg” in the console if you are over SSH or connected through serial port.
[  168.599245] usb 1-1: new high-speed USB device number 2 using orion-ehci
[  175.997290] usb 1-1: USB disconnect, device number 2
[  176.449246] usb 1-1: new high-speed USB device number 3 using orion-ehci
[  176.654650] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-f1050000.ehci-1, RNDIS device, ee:da:c0:50:ff:44

Note how the last line tells us that this new “RNDIS device” was bound to interface usb0. :!: The above messages will not be shown with IPhone tethering.

Create a new interface called TetheringWAN (or however you like), and bind to it the new *usb0* network device (or for some cases '*eth1*, check what the log is saying in your case), set the protocol to DHCP client mode, and place it into the WAN firewall zone.

Write this in your console if you are using SSH or serial connection:

uci set network.TetheringWAN=interface
uci set network.TetheringWAN.proto='dhcp'
uci set network.TetheringWAN.ifname='usb0'
uci set firewall.@zone[1].network='wan wan6 TetheringWAN'
uci commit

:!: For IPhones, replace usb0 with eth1

If you are using LuCi web interface, Click on Network, then on Interfaces, and then on the “Create new interface” button. then see the following screenshots.

First page of the Create Interface wizard.

Firewall tab of the Create Interface Wizard. Very important to set it as WAN.

And the end result in the Interfaces page.

After committing the changes the new TetheringWAN should be activated.

If it does not, write

ifup TetheringWAN

or restart it with the buttons you find in the Interface page of LuCi Web interface.

:!: For IPhones, you may have to disable and re-enable the Personal Hotspot/Allow Others to Join setting on the IPhone to force the OpenWrt DHCP client to get an IP address from the eth1 IPhone interface. Disabling and re-enabling the Personal Hotspot/Allow Others to Join setting on the IPhone is also required if you disconnect the IPhone from the OpenWrt USB port and re-coonect it later.

Troubleshooting

If your Android phone does not seem to detect that there is something attached to the USB port and refuses to switch to USB tethering, you might want to install DriveDroid and try to enable various methods of using USB guest for its own functionality. This does solve that issue in my phone (which is running LineageOS nightly and sometimes after I update does show this issue). You will probably need root (administrator) access on your device though.

If you don't see something like the sample kernel log output in your device's log then your device might be lacking proper USB drivers (drivers to operate the USB controllers at all). Check Installing USB drivers and report the issue in a bug report or in the mailing list, as devices should have base USB drivers integrated and working already.

For other issues it might be worth it to check the article about using RNDIS dongles as Android tethering is using the same protocol.

Additional reading

The original forum thread: https://forum.openwrt.org/viewtopic.php?pid=173399#p173399

The old wiki archived page https://wiki.openwrt.org/doc/howto/usb.tethering

A script that might enhance the experience (especially for iPhone users) https://github.com/LeJeko/OpenWRT-USB-Tethering

HooToo TM02 Configuration Files

What follows are my HooToo TM02/TM03/TM04 configuration files which allow IPhone USB Tethering. In addition, these configuration files support package openvpn-openssl. When openvpn is executed, all traffic from the HooToo TM02 Wi-Fi and Ethernet ports are routed to the VPN through the IPhone. Otherwise, all traffic from the OpenWrt Wi-Fi and Ethernet ports go directly to the IPhone. openvpn can be executed from the OpenWrt command line after SSHing into the OpenWrt device. Note that many VPN providers support OpenVPN.

Since, OpenWrt 18.06.4, you may not be able to pipe or perform package listings after an opkg update command. This is because there are now so many OpenWrt packages, the listings database uses up most of the available RAM. However, you can still use opkg install to install the required packages without any issue. After installing the required packages, reboot the OpenWRT device to free up the RAM taken by the OpenWRT package database and everything will work fine.

/etc/rc.local

/usr/sbin/usbmuxd &

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '0'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

/etc/config/firewall

config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	list   network		'vpn'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

# Allow IPv4 ping
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option src_ip		fc00::/6
	option dest_ip		fc00::/6
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6===/etc/config/firewall===
	option target		ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request===/etc/config/firewall===
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

# include a file with users custom iptables rules
config include
	option path /etc/firewall.user

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd87:a2c4:f87d::/48'

config interface 'lan'
	option ifname 'eth0'
	option force_link '1'
	option macaddr '00:1c:c2:19:cc:3f'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'vpn'
	option ifname 'tun0'
	option proto 'none'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '0'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth1'

:!: Note that you should use the macaddr of your device and not the one in the above.

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10180000.wmac'
	option htmode 'HT20'
	option disabled '0'

config wifi-iface
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'TM02'
	option encryption 'none'
#	Uncomment this line if you want a hidden SSID
# 	option hidden '1'
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/network/wan/smartphone.usb.tethering.txt · Last modified: 2019/10/16 01:01 by vernonjvs