How to Share Free Internet and unlock all internet Using Passwall?

Installing and Using OpenWrt Network and Wireless Configuration
1

I have free internet access on my 4G SIM card that allows me to use social media apps, including Telegram. However, this service does not support Hotspot tethering.

To work around this, I use a ZTE modem to receive the 4G signal and connect it to a secondary router running OpenWRT. Then, I modify the TTL (Time To Live) value to 65 using nftables with the following commands:

mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/

echo "ip ttl set 65" > /usr/share/nftables.d/chain-pre/mangle_postrouting/01-set-ttl.nft

fw4 reload

This approach worked perfectly, and I was able to access the free social media services.

Just like on a phone, if I run a VLESS server, I can gain full internet access. Fortunately, my service provider doesn't enforce strict restrictions, so I can easily bypass the limitations using a configuration like this:

vless://81e1a55c-328a-41a1-9f09-5900ef93e79e@test.tedt:443?encryption=none&flow=none&type=ws&host=www.telegram.org&headerType=none&path=%2Fws&security=tls&sni=www.telegram.org#vless-ws-tls

Here, I use WebSocket (ws) and set the SNI to a domain of one of the allowed social media platforms.

Later, I decided to install Passwall on the router and connect it to the VLESS server. I followed the method described in this guide:
https://github.com/amirhosseinchoghaei/Passwall

However, after installing Passwall2, I could no longer access the free social media services. I had no internet access at all, and the router couldn't connect to the VLESS server.

What could be the issue, and how can I fix it?

For reference, I confirmed that the TTL is still set to 65 by pinging the router's IP address.

2

It would make sense to ask the author/maintainer of passwall since it is likely a problem with that package. And since the package is not part of the OpenWrt repo, the best way to do this would be via the authors GitHub or other support channels.

1 Like
3

First of all, thank you for the quick reply.

I'd like to clarify that there doesn't seem to be an issue with the package itself, as I tested it on a fully open internet connection, and the VLESS server connected successfully through Passwall.

So, I'm not sure where the problem lies. I suspect it might just be a matter of a simple configuration tweak—perhaps creating an exception to allow social media sites to work.

But honestly, I’m still a beginner, and this is my first time working with OpenWRT. That’s why I shared it here, hoping to get some guidance.

4

I’m curious - if ISP only allows access to certain domains, how is that circumvented to facilitate access to all domains? Can anyone explain how this would work in theory?

5

With a vpn/tunnel, the isp would not be able to restrict general access, provided that the tunnel endpoint is not, itself, restricted.

6

It seems that the ISP allows access certain social media domains (so presumably IP addresses associated with those domains) only, and one of those is picked to somehow facilitate access via that to all other domains.

So consider this:

Thereqwiyj this telegram.org is set as the ‘SNI’ whatever that means.

Ah, is it that there is an endpoint (e.g. server acting as a telegram user) established on the social media website and all traffic is tunnelled through that endpoint? So to the ISP it just looks like social media traffic (and it may even be encrypted anyway so contents can’t be seen).

Maybe that’s how this works?

7

Short answer. It’s the host name configured for the certificate
(Server name identification).