I'm using an USB Stick Huawei E3372 via kmod-usb-net-cdc-ether. It's like a usual Ethernet device with a Gateway on 192.168.8.1 and a webinterface for configuration. Too bad, the network is fixed to that 192.168.8.0/24 address in the firmware and can't be changed according to many threads in the internet.
This conflicts with my main VPN.
With all the Linux power, is it somehow possible to change, translate or alias that complete 192.168.8.0 network behind eth2 to something like 192.168.100.0 or whatever?
Hi.
You can modify this HiLink it to a S ( stick ) mode serial.
On S mode you will get rid of double nat. It will be a NCM usb lte dongle ( no more ether-cdc no more 192.168.8.1. Your new interface will be dhcp mode from you ISP)
config interface 'LTE'
option ifname 'wwan0'
option proto 'ncm'
option username 'user'
option ipv6 'auto'
option apn 'internet'
option dialnumber '*99#'
option pdptype 'IP'
option service 'preferlte'
option peerdns '0'
option metric '30'
option device '/dev/cdc-wdm0'
list dns '192.168.3.2'
list dns '8.8.8.8'
list dns '8.8.4.4'
You will find a lot of tutorials how to do it. Just google "E3372h hilink to S mode"
I used balong approach to convert my own E3372h to S mode.
Ok, reading https://www.0xf8.org/2017/01/flashing-a-huawei-e3372h-4g-lte-stick-from-hilink-to-stick-mode/ I got an idea what you mean. So the firmware of that device needs to be flashed to that other version.
Afterwards, will I still be able to access the webinterface of the device? I guess not, but this is very useful to evaluate the reception quality, setting the mobile network modes etc. And actually using the ether-cdc mode is also quite comfortable.
So there is no other way to just mask or alias the 192.168.8.0/24 network to something else? Linux should have ways for something like that.
For the mobile network mode, it seems you are already doing things in your config like "preferlte", is that documented somewhere? Is it possible to create that config via LuCI or only via editor? Which OpenWRT packages would I need for NCM?
There should be a way using namespaces:
link set netns, ip netns, probably ip link add ... type veth. I'm going to find a Howto as I never worked with namespaces.
On OpenWrt you typically need the 'ip-full' package.
I think you might need to place wan and your VPN interface in a new namespace then veth pair with one end in new namespace and other end in normal namespace. The link above provides everything you need on how to do that once you have ensured you have the 'ip-full' package installed or otherwise have namespace support.
See this script here for veth stuff:
That provides an example way to set up veth:
## set up veth devices to handle inbound and outbound traffic
ip link show | grep veth0 || ip link add type veth
## get new veth interfaces up
ip link set veth0 up
ip link set veth1 up
## trun on promisc mode,sometimes it's needed to make bridge work
ip link set veth1 promisc on
## add veth1 to bridge
brctl addif br-lan veth1
## just to make sure there's nothing inside this table
ip rule del priority 100
ip route flush table 100
## add routing for veth0 this will handle all traffic
ip route add default dev veth0 table 100
ip rule add iif $WANIF table 100 priority 100
#########
#Veth end
#########
I tried myself to do this but failed to make it all work so I'd really like to know how you manage it if you do. In particular, I managed to set up the namespace and veth pair particulars, but I could not work out how to set up the routing on both sides, and then gave up. My use case is different to yours, namely I just want a single interface on which to apply CAKE to both VPN and non-VPN traffic. I ended up using the 'ifb' approach, but would still be interested to try this namespace/veth approach if I can see how to make it all work.
In your case, unless I am mistaken it would allow you to:
HI.
Correct, no more web-interface for the E3372. You will only use luci network --> interface to configure your LTE connection.
You can use 3ginfo to monitor your connection status. https://github.com/4IceG/luci-app-3ginfo
No alias, as serial mode the usb modem will deliver a dynamic IP provide from your ISP to your LTE ( wwanX ) interface.
Hi.
Same for my huawei B315s in bridge mode with a public IP provided to my openwrt router I still connect to the web interface of the B315s.
And as your huawei is a modem router too, but this E3372 is a modem only, and with S mode no more gui interface needed.
You mean, eventhough the whole device only has a public IP address and no own local address at all and so there is no route into 192.168.100.0, how can that IP address be reachable then?
Hi.
My wan port is dhcp configured, and I just needed to define an alias for wan port with static address 192.168.100.x. New firewall zone for this alias port.
A "bridging modem" is a router with 2 ports and rules similar to
if packet entered port LAN then it goes out port WAN
else it goes out port LAN
You can add a rule in front of that saying
if packet has destination 192.168.100.1 then it goes to this host (i.e. "modem")
and the modem will still look like a "bridge" to anything else.
You can add an infinite number of such exceptions. All it hurts is the ability to use those addresses on the WAN, which usually isn't a problem for 192.168.0.0/16 and the likes. Although it could be since mobile operators like to use CGNAT with RFC1918 addresses.
Note that an LTE modem cannot be a real bridge since there is no concept of L2 addressing on the WAN (radio) interface. It's always a router.