QMI with Quectel EG25 (same as EC25)

I have issue (target x86-64) with EG25 modem in QMI mode, internet did not works in LAN (DNS did not resolve and IPs can't ping), but in SSH command line of OpenWRT i can access internet (ping 8.8.8.8, even opkg update works and i can install all packages thru QMI and download files without any problems).

Have try different configurations with firewall and builds of OpenWrt (stable 18.06.2, current branch with kernel 4.14/4.19), and sometimes occasionally it can works but not so long (about 2-3 min) and than themselves stop working (in ssh of OpenWrt ping to 8.8.8.8 didn't lose, but internet just stop working in LAN).

All that i need to pass thru VLAN OpenWrt USB 4G connection to other firewall (pfSense) as WAN connection, how i can make it? Best if it will pass without any firewall - directly to pfSense WAN, but i don't know how to do this...

Please, help to resolve this issue, case at now a couple of days i have no idea how to make it works. :frowning:

If you have static IP and manual DNS for your PC, can you access internet or ping 8.8.8.8 form PC? This will tell if it's a matter of DHCP/DNS or firewall.

Also, could you post the output of the following commands form SSH. You may mask out your MAC and public IP addresses. Use Pre-formatted text tool to share the code here. (paste the code, highlight it, and click </> in the tool bar or press Ctrl + Shift + C).

What commands do you mean?

Sorry!

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/firewall
cat/etc/config/dhcp

I have try with 8.8.8.8 in DNS for computer in that LAN, but no success.
I have try make classic 3G connection, it have UP and all works excellent in OpenWrt SSH/opkg/wget and etc., but did not work at all in LAN network PCs, that clear now - there is not issue with QMI, i have no idea, what is point of problem.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd58:2b9f:f429::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0 eth1 eth2 eth3'
        option proto 'static'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipaddr '10.0.0.1'
        option gateway '10.0.0.1'

config interface 'wan'
        option proto 'qmi'
        option delegate '0'
        option device '/dev/cdc-wdm0'
        option apn 'internet'
        option auth 'none'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:1c.2/0000:03:00.0'
        option country 'HT'
        option legacy_rates '0'
        option channel '40'
        option htmode 'VHT80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option key 'wpakey'
        option wpa_disable_eapol_key_retries '1'
        option network 'lan'

root@OpenWrt:~# cat /etc/config/firewall


config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan'
        option input 'REJECT'
        option forward 'REJECT'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'wan'
        option src 'lan'

root@OpenWrt:~# cat /etc/config/dhcp


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option rebind_protection '0'
        option localservice '0'
        option boguspriv '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

I have make "factory defaults", than just setup QMI, and same troubles, but i can make tracert in LAN PC:

C:\tracert google.com.ua

Трассировка маршрута к google.com.ua [172.217.16.35]
с максимальным числом прыжков 30:

  1    <1 мс    <1 мс    <1 мс  OpenWrt.lan [192.168.1.1]
  2     *        *        *     Превышен интервал ожидания для запроса.
  3    80 ms    60 ms    56 ms  88-214-103-129.vf-ua.net [88.214.103.129]
  4    49 ms    59 ms    68 ms  88-214-102-216.vf-ua.net [88.214.102.216]
  5    96 ms    48 ms    44 ms  172.17.10.1
  6    97 ms    67 ms    57 ms  88.214.120.1
  7    76 ms    57 ms    57 ms  88.214.120.2
  8   102 ms    67 ms    75 ms  108.170.248.147
  9    91 ms    77 ms    82 ms  209.85.248.105
 10   102 ms    68 ms    78 ms  209.85.251.188
 11   110 ms    71 ms    69 ms  108.170.250.209
 12    98 ms    72 ms    72 ms  216.239.41.133
 13    91 ms    69 ms    67 ms  muc03s08-in-f35.1e100.net [172.217.16.35]

Трассировка завершена.

Did you also put a static IP address for you PC (10.0.0.11 for example) when you tried? Or is it the same computer from which you can access the router by SSH, so you know that the PC gets proper IP?

Did you edit /etc/config/network? I find the following a bit strange, but then again I'm not familiar with your router so I can't know for sure.

config interface 'lan' 
    option type 'bridge' 
    option ifname 'eth0 eth1 eth2 eth3'

What do you mean same troubles? What can you do and what can't you do now?

Yes, i have a try static, but in network properties there is correct IP (in this LAN)

There is 4 LANs MB, i have bridge it in LAN net.

I can't access web sites, but LAN icon in windows shows that internet is accessible.

If you set manual DNS now on the PC, do you have internet access?

I have set manual DNS (after reset network is default - 192.168.1.1):
%D0%B8%D0%B7%D0%BE%D0%B1%D1%80%D0%B0%D0%B6%D0%B5%D0%BD%D0%B8%D0%B5

I don't understand how you can tracert google.com.ua but can't ping it or access it via browser.

Anyway, lets home that someone will come up with with a solution or a way to find where the problem is.

You can believe me - crazy things happens here:

C:>tracert google.com.ua


Трассировка маршрута к google.com.ua [216.58.215.99]
с максимальным числом прыжков 30:

  1    <1 мс    <1 мс    <1 мс  OpenWrt.lan [192.168.1.1]
  2     *        *        *     Превышен интервал ожидания для запроса.
  3    78 ms    70 ms    58 ms  88-214-103-193.vf-ua.net [88.214.103.193]
  4    57 ms    59 ms    59 ms  88-214-102-216.vf-ua.net [88.214.102.216]
  5    82 ms    59 ms    46 ms  172.17.10.1
  6    72 ms    55 ms    70 ms  88.214.120.1
  7    78 ms    59 ms    54 ms  88.214.120.2
  8    93 ms    58 ms    68 ms  108.170.248.147
  9    89 ms    67 ms    64 ms  209.85.248.105
 10   107 ms    70 ms    67 ms  108.170.250.193
 11    93 ms    70 ms    66 ms  108.170.234.245
 12    84 ms    65 ms    65 ms  waw02s17-in-f3.1e100.net [216.58.215.99]

Трассировка завершена.

C:>ping google.com.ua


Обмен пакетами с google.com.ua [216.58.215.99] с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.

Статистика Ping для 216.58.215.99:
    Пакетов: отправлено = 4, получено = 0, потеряно = 4
    (100% потерь)
1 Like

It was problem in LTE operator (Vodafone), i have change SIM to another LTE operator (Kyivstar) and problem is gone. It's very unclear to understand cause of problem with operators for OpenWrt firewall.

I have totally resolve issue with Vodafone operator, they magically "blocking" traffic for more than one PC, so - if it in OpenWrt, all PCs behind NAT is blocked by operator. I did not know how they do it, is there any solution to avoid this blocking?

Maybe TTL problem? Set TTL to larger value.

Yep, TTL is fixed finally my issue with LTE operator.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.