Providing USB Tethering in an OpenWrt "Access Point" for the Main Router

Installing and Using OpenWrt Network and Wireless Configuration
1

My setup: OpenWRT "Access Points" are wired to the Main Router. "Access Points" means that I disabled dnsmasq, odhcpd and firewall, and bridged SSIDs as well as dedicated LAN ports to VLANS.

My objective is to have one of the APs provide the connectivity of a USB tethered Android to the Main Router via a new VLAN. The Main Router would use that connection as a failover and / or load balancing uplink.

Since I don't want to handle a dynamic IP address for the tethered uplink in the Main Router, I set up the following.

At he Main Router:

  • Create new interface with VLAN 99 and static IP in new subnet 192.168.99 on top of existing LAN port group
  • Include VLAN 99 interface in the WAN interface group of the firewall
  • Create secondary default route for the new interface with the "Access Point's" static IP address as the gateway

At the "Access Point", I was following Smartphone USB Tethering to an OpenWrt router as far as it led me:

  • Configure switch0 for VLAN 99 (CPU and uplink tagged) (yes my uplink LAN port belongs to eth0)
  • Configure interface for eth0.99 with static IP address
  • Configure interface for usb0 with DHCP (yes my Droid is detected and in my case it's usb0)
  • Run all services including dnsmasq, odhcpd and firewall
  • Configure firewall to only have the eth0.99 based interface in the LAN group and only the usb0 based interface in the WAN group
  • Configure firewall to accept in, out and forward; full WAN to LAN as well as full LAN to WAN forwarding; no port forwardings; unchanged traffic rules; masquerade to WAN; no custom rules

Here's what I get:

  • When I force the primary uplink down, Main Router tries secondary uplink via VLAN 99
  • traceroute clearly shows that there is a secondary route via the tethered Droid
  • Access Point has an internal default route via the tethered Droid, which is not what I want (for maintenance, it had a route via Main Router before and that makes more sense)
  • The Access Point's internal route via the tethered Droid appears to be functional (e.g. ssh)
  • traceroute (and maybe also DNS) work from Main Router and LAN client
  • Data requests from Main Router seem to reach the eth0.99 interface
  • There is traffic on the usb0 interface
  • However, data connections from LAN client via USB tethered Droid are not possible

Tethering is supposed to be allowed and also, it seems that I can use the connection from the Access Point. One reason why I'm searching for a mistake in my configuration is because I have no clear idea where the VLAN tagging is ending in this scenario. I am suspecting that the packets received from the Main Router are still tagged when they enter the router and there is no mechanism to strip that. Or something similar.

I've tried some variations such as no CPU tagging at the switch etc but I've run out of ideas and can't seem to find new information on the Web. What / where should I search (for)?

Some configuration artefacts:

config interface 'wan_99utth'           
       option ifname 'eth0.99'      
       option proto 'static'         
       option ipaddr '192.168.99.1'    
       option netmask '255.255.255.0'
                                       
config interface 'usb_99utth'          
        option proto 'dhcp'           
        option ifname 'usb0'

config switch_vlan 'switch0_99utth'       
        option device 'switch0'           
        option ports '0t 4t'           
        option vlan '99'                  
        option vid '99'
2

Make the second router a dumb bridge from the phone to a VLAN. Set the interface that joins usb0 and eth0.99 to protocol none or Unmanaged. You do not want the second router to hold an IP address or install routes with the phone. The main router should handle all that.

3

Tried that before. Switched off firewall and created unmanaged bridge. Can see that the bridge seems to do something; Ethernet Adapter usb0 and Software VLAN eth0.99 receive and transmit packets (and the bridge as well). I guess that's due to the Main Router's DHCP client requests. However, the Main Router isn't happy and never assigns an IP address.

Du I understand that correctly: rndis_host sits "behind" usb0 and turns the USB connection into an ethernet connection by "dialling in"? So that should be transparent from the outside and the Main Router should "see" the mobile provider?

4

I finally managed to set this up. There was something wrong with my Main Router's config.

Problem is, my central router's DHCP client will set the metric of the DHCP based route to 1.

I would appreciate hints why the "DHCP on AP" approach didn't work. How do I glue wan_99utth and usb_99utth togehter? How can I change the metric of the DHCP default route?

5

I believe the problem with my initial config (where the AP would be a DHCP client for the USB tethering and bridge the traffic to my VLAN with a static IP address) were default route metrics inside the AP. For maintenance etc, my APs have a default route via the Main Router. The USB tethered WAN uplink was probably not reachable from the VLANs because in the AP, all traffic that was received for the WAN uplink was redirected to the Main Router, which in turn would have sent it back.

The exact solution is not completely clear to me; what would be needed for a clean approach would be a bridge from eth0 VLAN99 to the tethered WAN uplink without routing functionality and that is exaclty what I failed to set up. But only this way, the AP could maintain its default route to the Main Router (not via VLAN99), which would make the failover decision and if appropriate, send the packets back (on VLAN99) and the AP would send them to the tethered device. Since I failed to set this up, I'm not sure OpenVPN can provide such a layering where the VLANis forwarded to an internal bridge that excludes routing and handles the tagging. It should be possible.

A simpler solution, where VLAN99 is terminated at eth0 and the traffic gets routed, requires carefully setup default routes as entioned above, but has the drawback that the AP will always use the tethered WAN uplink, which may or may not be relevant for your particular setup.

The reason why I'm not sure is that I reconsidered mobile connectivity and finally set up a spare TP-MR3020 as a dedicated USB tethering to LAN bridge, because i was able to place it in accordance with mobile signal strength.

I would still be interested in understanding whether OpenWRT could handle my originally intended setup, and how that would have to be configured.