Sharing LTE connection

larsf · January 20, 2022, 9:37pm

After a little work I think I have installed both wifi dongle and huawei LTE dongle.

It's currently connected to my network with a static IP on the built in ethernet. It's a Raspberry Pi 2 B+. I'm planning to get a Pi 4, but it's currently not in stock anywhere (where I live) - so this will have to to until i get the Pi 4

The current state of my interfaces:

What do I need to do now? Right now its connected to my home network and I gave it a static ip outside of the DHCP range. But I would like to take with me the raspberry pi and share the LTE's internet connection to anyone connected to wlan0.

How do I set that up?

I am able to connect to it with the wifi dongle, but is it correct that the LTE also should be DHCP client? How does it know that clients of WIFI should get internet thru LTE?

psherman · January 20, 2022, 9:47pm

There could be a bunch of things going on, and screenshots can only tell us a little bit. But at first glance, it looks like your wifi and LTE interfaces are not associated with any firewall zones. If you want your LTE to be the internet connection, it should be assigned to the wan firewall zone. And the wifi interface would likely need to be associated with the lan zone.

larsf · January 20, 2022, 9:57pm

Okey, I have added LTE to wan firewall and WIFI to lan zone.

But what about the LAN interface, what is it doing? I was default when I installed OpenWRT and the only thing I did was give it a static IP.

Will creating a eth0 and put it to WAN zone make a source for internet? Is it that smart that it will probe LTE and eth0 to see what gives internet? Right now I have disabled connection on the LTE device itself, it does not connect (and use up my plan )

psherman · January 20, 2022, 10:01pm

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

larsf · January 20, 2022, 10:14pm

cat network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'something::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.9'
        option gateway '192.168.1.1'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config interface 'Wifi'
        option proto 'dhcp'
        option device 'wlan0'

config interface 'LTE'
        option device 'eth1'
        option proto 'dhcp'

cat wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/soc/3f980000.usb/usb1/1-1/1-1.2'
        option htmode 'HT20'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'My 4G'
        option encryption 'psk2'
        option key 'supahsecret'
        option network 'lan Wifi'

cat dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat firewall:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'Wifi'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'LTE'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

psherman · January 20, 2022, 10:24pm

A few things I can see right away...

First, the additional wifi network (wlan0) is a DHCP client. If that is supposed to be acting as a wifi AP, it will need to be associated with your lan (i.e. included in the bridge with your br-lan). Keep in mind that not all USB wifi adapters will work in AP mode, and you will also need to make sure that you have installed the packages with the appropriate drivers for that device.

Next, your LAN is set to function as an extension of your existing network, and therefore it isn't setup correctly to be a router on its own. You can change the IP address to something else, if you like, but remove the gateway definition.

Does your LTE device show up as eth1? It seems you have an IP address from that, which is good. It is already NAT'd (this isn't necessarily a problem, but a thing to be aware of -- if the LTE device can be put into bridge mode, that may be better).

Are you able to ping anything when you ssh into the router? A set of addresses to test would be:

the LTE modem itself (likely 192.168.8.1 -- but that is just a guess).
8.8.8.8 or another public IP address.
google.com

larsf · January 21, 2022, 7:53am

I don't quite understand the way you explain the setup. Here is a couple of facts:

I want clients to be able to connect to this device by connecting to the wireless network "My 4G" and get IP
Clients connected to "My 4G" should get internet thru a) the LTE usb modem on eth1 og b) the build int ethernet eth0.
While at home I will connect this device to my network on eth0 and eth0 will get IP from my home network.

I was thinking about link aggregation between LTE and eth0, but I could make do by simply use the web interface and bring the interfaces up or down depending on the situation.

The goal here is to have a small device that I can bring with me on family trips and we will be able to log on its wifi and connect to the internet with the LTE usb modem.

What do I need to to with wlan0 in order for it to give out IPs? How do I configure the br-lan?

frollic · January 21, 2022, 8:47am

can't really aggregate, traffic will go through any of the interfaces, but not both, at the same time, from the client.

wlan0 shouldn't really be needed, since there would already be a radio in the wireless section,
unless you want to be able to connect as a wireless client, too ?

larsf · January 21, 2022, 9:43am

I just did a test... it works, but I have nooooo idea why. It seems crazy

When I connected to "My 4G" I got the IP 192.168.1.218, from my windows machine I can run ipconfig command and get:

   IPv4 Address. . . . . . . . . . . : 192.168.1.218
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.9

Not what I wanted but "okey", I've got the internetz.

frollic · January 21, 2022, 9:47am

and the problem with the IP is what exactly ?

larsf · January 21, 2022, 11:37am

Its not what I anticipated. I'm abit unsure on how the LTE E3372 Huawei modem works. Does that act as a DHCP?

The thing that I'm unsure of is the br-lan, I dont think I want it. Because now every wireless AND clients connecting thru eth0 will get a IP. I only want that for wifi clients. For eth0 I want a static IP so I can access it when I plug it into my home network.

frollic · January 21, 2022, 11:56am

If not by itself, then by ISP, there will always be a dynamic IP coming from it.
you might make things slightly better by removing the HiLink functionality, of your
LTE, if it's one of those actually using it.

don't plug in any ethernet cables ?

what is eth0 exactly ? WAN ? LAN ?

pavelgl · January 21, 2022, 12:49pm

Remove the wireless interface from the lan bridge:

uci delete wireless.default_radio0.network
uci set wireless.default_radio0.network='Wifi'

Modify the WiFi interface:

uci delete network.Wifi.device
uci set network.Wifi.proto='static'
uci set network.Wifi.ipaddr='192.168.254.1'
uci set network.Wifi.netmask='255.255.255.0'

Remove the default gateway and DNS servers on the lan interface. You should use those, provided via DHCP on the LTE interface.

uci delete network.lan.gateway
uci delete network.lan.dns

Create a dhcp pool for the wireless clients:

uci set dhcp.Wifi=dhcp
uci set dhcp.Wifi.interface='Wifi'
uci set dhcp.Wifi.start='100'
uci set dhcp.Wifi.limit='150'
uci set dhcp.Wifi.leasetime='12h'
uci set dhcp.Wifi.ra_flags='none'

Save the changes and restart the services

uci commit; /etc/init.d/network restart; /etc/init.d/dnsmasq restart; wifi

The wifi interface is assigned to the lan zone, the LTE to the wan, so you should be OK.

EDIT: Also disable the DHCP server on the lan interface:

uci set dhcp.lan.ignore='1'