One of our customers recently asked for a backup internet access for his office. He works in a small office in an area where broadband really isn't that fast or even reliable. We were asked to provide a solution for resilient internet access. As landline was out of the picture, we were thinking wireless. Now, this was a small business using SOHO devices, so everything had to be cheap. We love a good challenge, so we got to it. Here's what we did, I hope you'll find this article useful, maybe you'll need it some day.
The existing office used a noname router with a normal DSL connection. No real opportunity here, so our initial idea was to get rid of this, and to put in an old and used, but otherwise excellent Cisco 1841 modular router. This router is quite cheap to get as it has reached its End-of-Sales status and newer, faster and more powerful routers have been around for quite some time now. The Cisco 1841 is capable of routing above 30 Mbit/s, which is about five times the actual bandwidth of this customer. So it's allright. Normally what we'd been offering is a module here, called HWIC-3G-GSM, which is basically a 3G GSM modem to use with a SIM card from a local cellular provider. Although this card is not new, it's been around for several years now, it's still quite expensive, so it was out of the question. We had to find a cheaper solution, not to mention, that it's only 3G capable and the customer wanted 4G. So the Cisco may still remain in place, but we need something to terminate the 4G/LTE connection on.
We have then decided to mix Cisco with open source solutions. Looking for a linux-compatible 4G USB stick, and a cheap router, that can run some sort of a linux yielded a ZTE MF 823 4G/LTE USB stick, and a TL-WR710N tplink travel router. OpenWrt is a linux-based software for supported soho routers and it really works well and gives great freedom. The TL-710N has one USB port, normally for charging phones, but it also works with this 4G USB device.
Normally, when you do 3G, all sorts of configuration (usb_modeswitch, ppp, login credentials etc.) is required on the router. There is another article detailing this, however using 4G with this particular stick is completely different. This USB stick is a mini router on its own. The tplink will get an IP address from the USB stick using DHCP on a new interface called 'usb0' which is an ethernet interface provided by the stick itself. Quite neat. The IP range between the tplink and the ZTE USB stick is 192.168.0.0/24, with 192.168.0.1 being the stick itself. It has a web interface as well. This can be accessed from the command line using wget, or from a normal browser located on the LAN side, behind the router.
For the modem to start working, you need to install the kmod-usb-net-cdc-ether module, as follows (as you can see, for this test I've been using Barrier Breaker):
root@tplink:~# opkg install kmod-usb-net-cdc-ether Installing kmod-usb-net-cdc-ether (3.10.49-1) to root... Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/kmod-usb-net-cdc-ether_3.10.49-1_ar71xx.ipk. Installing kmod-usb-net (3.10.49-1) to root... Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/kmod-usb-net_3.10.49-1_ar71xx.ipk. Installing kmod-mii (3.10.49-1) to root... Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/kmod-mii_3.10.49-1_ar71xx.ipk. Configuring kmod-mii. Configuring kmod-usb-net. Configuring kmod-usb-net-cdc-ether. root@tplink:~#
After this, paste the following into the /etc/config/network file to enable the new network interface to come up automatically after boot:
config interface 'usbnet' option ifname 'usb0' option proto 'dhcp'
After restarting networking on the router, or restarting the box itself, you should see a network interface named 'usb0' to come up, with a dynamic address received from the 192.168.0.0/24 subnet. It's the USB stick that is assigning the address to the linux, along with the default gateway. Check these using the 'ifconfig' and 'route -n' commands. The fun comes after this. The 4G connection is not enabled by default, so at this point, you do have an interface to be used as 'WAN', you have been given an IP address, and a default gateway. But the connection may not work just yet. If you have a browser, you want to point it to 192.168.0.1 which is the internal IP address of the stick. It has a web interface, quite a good one actually. Altough there is also a telnet interface, you can choose whichever you prefer. When using telnet, the default credentials are root / zte9x15, and you can telnet directly from the router.
root@tplink:~# telnet 192.168.0.1 Entering character mode Escape character is '^]'. OpenEmbedded Linux 9615-cdp msm 20140710 9615-cdp 9615-cdp login: root Password: zte9x15 root@9615-cdp:~#
Don't forget to MASQ your connections coming from behind your soho router, but I guess this is pretty basic, as you'd need this for basic internet connectivity as well. Speaking of which, it is time to get connected. I assume you're a normal human being with better than average skills, so the web interface doesn't need explaining. Set the APN (obtain details from your provider) and that's pretty much it. Initiating the connection is simple. You can do it manually or have it done automatically. And it's best to use wget or any other CLI-based browser to initiate the connection, so you can script it. Use the following command line for initiating the connection, and I've also included the command to verify the results:
root@tplink:~# wget --header 'Referer: http://192.168.0.1/index.html' http://192.168.0.1/goform/goform_set_cmd_process?goformId=CONNECT_NETWORK Connecting to 192.168.0.1 (192.168.0.1:80) goform_set_cmd_proce 100% |***************************************************| 20 0:00:00 ETA root@tplink:~# cat goform_set_cmd_process?goformId\=CONNECT_NETWORK {"result":"success"} root@tplink:~#
Wget saves the output to a filename based on the URL, hence the funny filename. It's the contents that matter, you want to see a result / success message. If you have it, boom, you're connected to the internet! Only the small cleanup is left: installing floating static routes, enabling VPN, adding routing... the bits that you'd normally do can also apply here. With one significant exception: almost all telcos use CGNAT - Carrier Grade NAT. This means that traffic can not be initiated from the outside even though you appear to be coming from a valid, routeable IPv4 address. If you want reachability, you need to use some sort of a VPN solution, such as ipsec, webvpn/sslvpn or openvpn (which is again, a form of ssl/tls vpn). This however is not in scope for today, and also, there are tons of guides out there to help you create this. Enjoy!