Problems in setting up USB tethering

shanjiv177 · December 11, 2024, 6:04am

Hi everyone,
I'm new to OpenWRT, so apologies in advance if this is a basic question. I’ve set up OpenWRT 24.10 on my Raspberry Pi 5 and connected my phone to the router via USB tethering. I added a WAN interface named wan1 for USB tethering, and the interface is assigned an IP from my phone on eth1. I’ve verified that the router itself has internet access through eth1 by successfully pinging google.com.

However, my laptop, which is connected to the LAN interface of the router, cannot access the internet when eth1 is the only active WAN interface.

Strangely, I have an upstream router connected via eth0 with a similar configuration, and when eth0 is active, my laptop can access the internet without any issues. This problem only occurs when using eth1 (USB tethering) as the WAN interface.

Could anyone help me figure out why devices on the LAN cannot access the internet through the USB-tethered connection?

Thanks in advance!

psherman · December 11, 2024, 6:06am

What is the IP address on your wan and on your lan? Let's make sure there aren't any subnet overlaps:

ifstatus wan | grep address
ifstatus lan | grep address

(for the wan, please only post the first two octets (in bold aaa.bbb.ccc.ddd) if it doesn't begin with 192.168.x.y).

And let's look at the rest of your configs:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

shanjiv177 · December 11, 2024, 6:20am

IP address on:
wan - 192.168.1.123
wan1 - 192.168.172.162
lan - 192.168.200.1

wan1 is my eth1 interface where usb tethering is connected, and lan is an interface of phy0-ap0 (wifi) device.

ubus call system board

{
	"kernel": "6.6.63",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 1",
	"model": "Raspberry Pi 5 Model B Rev 1.0",
	"board_name": "raspberrypi,5-model-b",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.0-rc2",
		"revision": "r28161-ea17e958b9",
		"target": "bcm27xx/bcm2712",
		"description": "OpenWrt 24.10.0-rc2 r28161-ea17e958b9",
		"builddate": "1733226068"
	}
}

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc4:2d1e:d630::/48'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0'

config interface 'wan1'
	option proto 'dhcp'
	option device 'eth1'

config interface 'lan'
	option proto 'static'
	option device 'phy0-ap0'
	option ipaddr '192.168.200.1'
	option netmask '255.255.255.0'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/axi/1001100000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option band '5g'
	option channel '36'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option network 'lan'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'

cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan1'
	option log '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'allow-ALL'
	option src '*'
	option dest '*'
	option target 'ACCEPT'
	list proto 'all'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'wan'
	option dest 'lan'

I get internet now, coz both eth0 and eth1 are active
When i disable eth0, so eth1 is the only upstream, there is not internet on lan. But pinging through interface eth1 on the router succeeds.

psherman · December 11, 2024, 6:24am

The wan zone should have input set to REJECT. same for the forward rule:

shanjiv177:

config zone
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan1'
	option log '1'

delete this:

Did you install mwan3?

shanjiv177 · December 11, 2024, 6:53am

Yes I did install mwan3.

I have made the changes you suggested.
But i still am not able to get internet access on my lan.

psherman · December 11, 2024, 7:02am

what is the output of:

route

shanjiv177 · December 11, 2024, 7:04am

Output when both eth1 and eth0 are active:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
192.168.172.0   *               255.255.255.0   U     0      0        0 eth1
192.168.200.0   *               255.255.255.0   U     0      0        0 phy0-ap0

After disabling eth0 and restarting eth1:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.172.209 0.0.0.0         UG    0      0        0 eth1
192.168.172.0   *               255.255.255.0   U     0      0        0 eth1
192.168.200.0   *               255.255.255.0   U     0      0        0 phy0-ap0

psherman · December 11, 2024, 7:10am

Is this actually the gateway address on that network? It's certainly possible, but just uncommon for it not to be .1 or .254.

Meanwhile... did you say earlier that you can access the internet from the router itself when only eth1 is running, but you can't do it from the lan? If that's the case, it may be a ttl issue.

what does this show from the router:

traceroute openwrt.org
ping openwrt.org

And then if you repeat it form one of your devices the lan?

shanjiv177 · December 11, 2024, 7:28am

Yes 192.168.172.209 is the gateway for eth1.

Following are outputs only when eth1 (tethering) is active:

traceroute openwrt.org
traceroute to openwrt.org (64.226.122.113), 30 hops max, 46 byte packets
 1traceroute: sendto: Network unreachable

ping openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
ping: sendto: Network unreachable

ping -I eth1 openwrt.org
PING openwrt.org (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=4 ttl=43 time=239.188 ms
64 bytes from 64.226.122.113: seq=5 ttl=43 time=1025.364 ms
64 bytes from 64.226.122.113: seq=6 ttl=43 time=983.386 ms
64 bytes from 64.226.122.113: seq=7 ttl=43 time=342.874 ms
64 bytes from 64.226.122.113: seq=8 ttl=43 time=1024.309 ms
64 bytes from 64.226.122.113: seq=9 ttl=43 time=172.045 ms
64 bytes from 64.226.122.113: seq=10 ttl=43 time=1014.111 ms
^C64 bytes from 64.226.122.113: seq=11 ttl=43 time=639.363 ms
64 bytes from 64.226.122.113: seq=12 ttl=43 time=775.040 ms
^C
--- openwrt.org ping statistics ---
14 packets transmitted, 9 packets received, 35% packet loss
round-trip min/avg/max = 172.045/690.631/1025.364 ms

shanjiv177 · December 11, 2024, 7:33am

traceroute while specifying interface eth1:

traceroute -i eth1 openwrt.org
traceroute to openwrt.org (64.226.122.113), 30 hops max, 46 byte packets
 1  192.168.172.50 (192.168.172.50)  3147.835 ms !H  3119.710 ms !H  3119.912 ms !H

from a device on lan:

it just gives 30 (max hops) * * *

psherman · December 11, 2024, 7:34am

this suggests that the traffic is trying to egress via eth0, even though only eth1 is active.

I'd check the mwan3 configuration.

Also, consider restarting the router with eth0 physically disconnected (don't connect it prior to the test), just to see if traffic will egress properly when the system never sees a link on eth0.

shanjiv177 · December 11, 2024, 8:08am

Thanks a lot!
With eth0 physically disconnected, everything works as expected.

I have a (probably noob) question:

this suggests that the traffic is trying to egress via eth0, even though only eth1 is active.

Did you come to this conclusion, because the ping worked only when forced through the interface?

I will check the mwan3 config, thanks a lot!!!

psherman · December 11, 2024, 8:11am

Precisely.

Great. You can also set metrics on the wan interfaces, but I think mwan3 can do everything you need.

system · December 21, 2024, 8:11am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.