Use RNDIS USB Dongle for WAN connection

RNDIS (Remote Network Driver Interface Specification) is Ethernet over USB protocol used by some USB modems.

The same applies to external modems connected to USB ports (“dongles”) and internal models installed into M.2(NGFF) or mPCIe slots.

Note from rndis_host Linux driver source code:

USE OF RNDIS IS STRONGLY DISCOURAGED in favor of such non-proprietary alternatives as CDC Ethernet or the newer (and currently rare) “Ethernet Emulation Model” (EEM).

It is also used by many USB3.0-GigabitEthernet-Adapter like the TP-Link UE300 and all chinese low-cost ones I bought on ebay. It is one of the ways these gigabit ethernet dongles use to be “plug and play” or “driverless”, by conforming to RNDIS standard so they don't need a special driver just for themselves. These dongles lack any kind of interface or settings, they are just usb-to-ethernet adapters, nothing more.

For more information about other protocols commonly used:

(This section is based on experience with Bleeding Edge r47548 from December of 2015 on a wt3020 and connecting to an Alcatel Onetouch L850.).

For RNDIS device to work kmod-usb-net-rndis package needs to be installed.

Install usb-modeswitch if that is needed for switching the modem into a “working” state. More about: USB mode switch

After installing the packages and connecting the USB stick, the following should appear in dmesg output:

[  847.390000] usb 1-1: new high-speed USB device number 3 using ehci-platform
[  847.590000] usb 1-1: no of_node; not parsing pinctrl DT
[  847.610000] rndis_host 1-1:1.0: no of_node; not parsing pinctrl DT
[  847.620000] rndis_host 1-1:1.0 usb0: register 'rndis_host' at usb-101c0000.ehci-1, RNDIS device, 72:4d:eb:bb:e2:60

Note the interface name (usb0) mentioned on the last line, it will be used later. For another modem the name could be eth3 or something like that.

If the USB stick will be your only WAN connection, then the easiest way to set up the automatic connection is to change /etc/config/network to be something like:

config interface 'wan'
        option ifname 'usb0'
        option proto 'dhcp'

(you need to reboot or restart the network subsystem with /etc/init.d/network restart afterwards)

For some modems adding an interface will be sufficient, but others may need an APN provisioned, it is also sometimes necessary to send a special “dial” command to the AT command port, consult AT Commands Guide for the given modem for details.

If the modem exposes serial interfaces then the appropriate driver needs to be installed (kmod-usb-serial or kmod-usb-serial-option or kmod-usb-serial-qualcomm or kmod-usb-acm) as well as a simple terminal app like picocom. More about: sending AT commands from the router.


Since RNDIS-based sticks create their own NAT'ed IP subnet, it is important that OpenWrt's LAN IP range is different from the modem's IP range. In the case of the Alcatel L850, the default range is 192.168.1.1, which clashes with OpenWrt's default. Therefore OpenWrt's LAN IP should be changed to something else, such as:

config interface 'lan'
        option ipaddr '192.168.10.1'


If auto-connect is disabled, or PIN-request is enabled on the modem, you may need to visit its admin web interface (typically at http://192.168.1.1) to enter the PIN and/or initiate the connection.

If you only see the USB messages, but not the rndis_host messages, then modeswitching may be at fault.

Checking with cat /sys/kernel/debug/usb/devices, the device section should look like this:

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  3 Spd=480  MxCh= 0
D:  Ver= 2.01 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1bbb ProdID=0195 Rev= 2.28
S:  Manufacturer=Alcatel
S:  Product=MobileBroadBand
S:  SerialNumber=0123456789ABCDEF
C:* #Ifs= 3 Cfg#= 1 Atr=80 MxPwr=500mA
A:  FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=03
I:* If#= 0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host
E:  Ad=82(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
E:  Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms

and not like this:

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=480  MxCh= 0
D:  Ver= 2.01 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1bbb ProdID=f000 Rev= 2.28
S:  Manufacturer=Alcatel
S:  Product=MobileBroadBand
S:  SerialNumber=0123456789ABCDEF
C:* #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms

(note the number of interfaces “#Ifs=” and the “ProdID=”)

:!: Leaving your RNDIS-based dongle admin web interface available to LAN users might not be something you would like to do, as there is usually no authentication mechanism there. To protect it, you can add the following rule to Network→Firewall→Custom Rules (obsolete, needs to be converted to nftables rules):

iptables -A forwarding_lan_rule -d 192.168.1.0/24 -m comment --comment "no access to USB dongle from LAN" -j DROP

Now, if you need to access your dongle web interface, log in to your OpenWrt box with:

ssh -L 8080:192.168.1.1:80 root@your-openwrt-ip

and point your browser to http://localhost:8080.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2024/06/05 14:12
  • by andrewz