Can't properly use USB Tethering from Android other than interface bridge.
Goal first: to be able to attach my Android phone to USB any time, providing internet to DHCP Clients on LAN1 - LAN4 ports.
Hardware: Asus RT-N66U (Broadcom BCM5300)
Software: OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)
So I read a lot of articles on how to make USB tethering work. "usb0" interface created successfully.
usb0: DHCP Client
wan: shutdown (so it wouldn't mess with me)
lan: Static address, DHCP Server, etc, etc.
Result: DHCP server on lan works correctly, as expected, though I don't have any internet access.
Additionally: If it was WAN, there would be no problem.
usb0 + lan => bridge
Result: It worked. Windows successfully obtained DHCP from Android and I got a ping to 22.214.171.124.
Additionally: That observation proves that USB <-> Ethernet part works correctly and that makes Attempt1 OpenWRT problem.
In order to make it work in Attempt1 configuration, I tried to understand if OpenWRT usb0 ever obtains any address from Android. Judging by ifconfig usb0 output it doesn't.
The most straightforward way to set up the routed configuration is to remove any Ethernet port from the pre-defined wan network and replace it with usb0 instead. In the default configuration, wan is already a DHCP client and has firewall rules in place to NAT / route from LAN.
If you build from scratch a new network to be the WAN, you will need to make firewall zones and rules for that network.
Also, your assumption/suggestion doesn't explain/count why usb0 doesn't have any IPv4 assigned (Android is set up to use IPv4 only, which Windows perfectly uses).
Point is internet is inaccessible from ssh too. You can't ping anything through usb0 if it's set as DHCP client and no bridge.
Something other than the firewall is wrong if it doesn't even pull a DHCP address from the phone.
Note that there are kernel device interface names (produced automatically by the device drivers) and OpenWrt UCI interface names defined in config files. This is a little confusing but basically you need to always have an OpenWrt interface which attaches to the kernel device which is doing the actual I/O. These two things can, but to reduce confusion really shouldn't, have the same name.
Also for clarity some logs of the USB connection and enabling tethering (and successfully obtaining usb0 interface):
[ 6699.646971] usb 1-1.1: new high-speed USB device number 10 using ehci-platform
[ 6704.217449] usb 1-1.1: USB disconnect, device number 10
[ 6704.516995] usb 1-1.1: new high-speed USB device number 11 using ehci-platform
[ 6704.713606] rndis_host 1-1.1:1.0 usb0: register 'rndis_host' at usb-ehci-platform.0-1.1, RNDIS device, f6:33:b3:dd:aa:de
That was it. So apparently there is some kind of difference between Windows and OpenWRT approach on obtaining address. When VPN is enabled on Android, it doesn't work on OpenWRT, but works on Windows. If VPN is off, then works on both.
Well I don't doubt any experience. Just saying when you see one system working and other doesn't, you suspect something wrong with the other. In this case evidence made OpenWRT look like the "other system" that doesn't work.
I'm using ShadowSocks btw.