Android Phone WAN USB Tether

CNLiberal

Based on an older post here https://forum.pfsense.org/index.php?topic=41067.0, I would like to know the feasibility of using an Android phone as a WAN interface for pfSense.  One person asked for some output from pfSense.  Specifically, he asked for this:

I wonder what USB device the iPhone pretends to be when it is USB-tethering. Could you enable USB tethering mode on your iPhone then
1.  connect your iPhone to your pfSense system and post the ouput of the pfSense shell command
Code: [Select]

usbconfig show_ifdrv

#usbconfig dump_device_desc
OR
2.  connect your iPhone to a linux system and post the output of the Linux shell command
Code: [Select]

lsusb

dmesg | tail -10

lsusb -v

When I have my Android phone in USB tethering mode and connect it to my Linux netbook the system reports a new cdc-ether interface. OpenBSD appears to have the cdce and cdcef drivers which MIGHT be "relatively" easy to port to FreeBSD.

Here are the results of the commands for my Nexus 5:

[2.1-RELEASE][admin@pfsense]/boot/kernel(19): usbconfig show_ifdrv
ugen0.1: <uhci root="" hub="" intel="">at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen0.1.0: uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen1.1: <uhci root="" hub="" intel="">at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen1.1.0: uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen2.1: <uhci root="" hub="" intel="">at usbus2, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen2.1.0: uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen3.1: <uhci root="" hub="" intel="">at usbus3, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
ugen3.1.0: uhub3: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen4.1: <ehci root="" hub="" intel="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
ugen4.1.0: uhub4: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">ugen4.2: <nexus 5="" lge="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON
[2.1-RELEASE][admin@pfsense]/boot/kernel(20): 

[2.1-RELEASE][admin@pfsense]/boot/kernel(20): usbconfig dump_device_desc

...
ugen4.2: <nexus 5="" lge="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON

  bLength = 0x0012 
  bDescriptorType = 0x0001 
  bcdUSB = 0x0210 
  bDeviceClass = 0x00ef 
  bDeviceSubClass = 0x0002 
  bDeviceProtocol = 0x0001 
  bMaxPacketSize0 = 0x0040 
  idVendor = 0x18d1 
  idProduct = 0x4ee4 
  bcdDevice = 0x0232 
  iManufacturer = 0x0001  <lge>iProduct = 0x0002  <nexus 5="">iSerialNumber = 0x0003  <don't_think_this_is_needed>bNumConfigurations = 0x0001 

[2.1-RELEASE][admin@pfsense]/boot/kernel(21):</don't_think_this_is_needed></nexus></lge></nexus></nexus></intel></ehci></intel></uhci></intel></uhci></intel></uhci></intel></uhci> 

The Nexus 5 is in USB tether mode.  Here are the results of ifconfig:

[2.1-RELEASE][admin@pfsense]/boot/kernel(21): ifconfig
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether HW_ExtMAC_HERE
	inet My_Ext_IP_HERE netmask 0xfffffe00 broadcast 255.255.255.255
	inet6 My_Ext_IPv6_HERE%em0 prefixlen 64 scopeid 0x1 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether HW_IntMAC_HERE
	inet6 MY_Int_IPv6_HERE%em1 prefixlen 64 scopeid 0x2 
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
enc0: flags=0<> metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33192
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
	nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
em1_vlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=3 <rxcsum,txcsum>ether NOPE
	inet6 More_Nope%em1_vlan2 prefixlen 64 scopeid 0x7 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 2 vlanpcp: 0 parent interface: em1
em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=3 <rxcsum,txcsum>ether NOPE
	inet6 NOPE%em0_vlan1 prefixlen 64 scopeid 0x8 
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	vlan: 1 vlanpcp: 0 parent interface: em0
tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
	options=80000 <linkstate>[2.1-RELEASE][admin@pfsense]/boot/kernel(22):</linkstate></pointopoint,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast> 

I'm not seeing the interface created at all for the phone.  Any ideas on what I can do next?  Thanks!

stephenw10

Ok, so your device appears as:
https://usb-ids.gowdy.us/read/UD/18d1/4ee4
Which is what we exepect to see. It's not recognised because 2.1 is built on FreeBSD 8.3 which doesn't list that device here:
http://svnweb.freebsd.org/base/release/8.3.0/sys/dev/usb/usbdevs?revision=234063&view=markup
It lists only the Nexus One. Worse it still only list the Nexus One in head which is the most recent code.
The only devices recognised as CDC ethernet are listed in the driver. From head:

static const STRUCT_USB_HOST_ID cdce_host_devs[] = {
{USB_VPI(USB_VENDOR_ACERLABS, USB_PRODUCT_ACERLABS_M5632, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_AMBIT, USB_PRODUCT_AMBIT_NTL_250, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_COMPAQ, USB_PRODUCT_COMPAQ_IPAQLINUX, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_GMATE, USB_PRODUCT_GMATE_YP3X00, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_MOTOROLA2, USB_PRODUCT_MOTOROLA2_USBLAN, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_MOTOROLA2, USB_PRODUCT_MOTOROLA2_USBLAN2, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_NETCHIP, USB_PRODUCT_NETCHIP_ETHERNETGADGET, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_PROLIFIC, USB_PRODUCT_PROLIFIC_PL2501, CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SL5500, CDCE_FLAG_ZAURUS)},
{USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SL5600, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLA300, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLC700, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
{USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLC750, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
};

Nothing very new.  :-\

To make this work, if indeed it is a CDC eth device you would have to add the appropriate code to the cdc driver and usbdevs files. Then compile on a FreeBSD 8.3 box and move the driver across.
Not straight forward.

Even if you did get it to recognise the Nexus 5 as an Ethernet device and assign it as an interface you would likely have problems when you disconnected it.

Two alternatives to that:
Use wifi to share the connection.

Use an intermediate device to bridge the usb connection to real Ethernet. One such device might be the TP-Link TL-WR703N (or similar) loaded with Openwrt. http://wiki.openwrt.org/toh/tp-link/tl-wr703n

Steve

CNLiberal

What would be the best way to verify that it is a CDC device?  Could Linux tell me that?  I'd be willing to take a stab at the drivers.  Is there a good reference I could read to help me?  I can create a FreeBSD8.3 VM on my home ESXi server and go from there.

There is a thread on RootzWiki about a Nexus 7 Tablet that has a ROM (USBROM) that can take a USB tether from a phone, and use it as it's internet gateway.  Wouldn't that ROM need to know the same MAC address for the gateway or is it more a layer 3 thing?  That's probably a stupid question as you've most likely never even heard of that ROM.

Thanks for your help!

bryan.paradis

@joltman:

What would be the best way to verify that it is a CDC device?  Could Linux tell me that?  I'd be willing to take a stab at the drivers.  Is there a good reference I could read to help me?  I can create a FreeBSD8.3 VM on my home ESXi server and go from there.

There is a thread on RootzWiki about a Nexus 7 Tablet that has a ROM (USBROM) that can take a USB tether from a phone, and use it as it's internet gateway.  Wouldn't that ROM need to know the same MAC address for the gateway or is it more a layer 3 thing?  That's probably a stupid question as you've most likely never even heard of that ROM.

Thanks for your help!

You need to give us your dmesg after you plug it in.

stephenw10

Yes you could use Linux (Ubuntu appears to have support) to verify that it's using the cdc driver and that it doesn't need to be 'modeswitched' or anything like that. However I'm warning  you that even if you got it working in FreeBSD withe the cdce driver it's likely you would see problems in pfSense. I have done this with a Sharp Zaurus, which as you can see is supported, and it worked OK. I was able to assign it as a new interface and talk to the Zaurus as any other client. However when I later removed the zaurus from it's cradle and tried to reboot the pfSense box it failed to boot. pfSense is simply not designed to have interfaces that regularly appear and disappear which is exactly what happend every time your device goes to standby or is unplugged.

Can you not use wifi?

Steve

CNLiberal

In my configuration right now, my AP is an Asus RT-AC66U in AP mode (non-routing/firewall).  It sits behind my pfSense box.  I suppose I could build a pfSense Alix box for my folks that has built in WiFi.  I'd have to be sure it can also successfully run an OpenVPN back to my pfSense box.

Either way, adding more compatible devices could lead to more devs wanting to get the Android USB tether to work successfully.

Here's the Ubuntu (13.04) lsusb -v output:

Bus 001 Device 009: ID 18d1:4ee4 Google Inc. 
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.10
  bDeviceClass          239 Miscellaneous Device
  bDeviceSubClass         2 ?
  bDeviceProtocol         1 Interface Association
  bMaxPacketSize0        64
  idVendor           0x18d1 Google Inc.
  idProduct          0x4ee4 
  bcdDevice            2.32
  iManufacturer           1 LGE
  iProduct                2 Nexus 5
  iSerial                 3 No....No....No

Here's the relevant dmesg output:

[154227.784027] usb 1-7: new high-speed USB device number 9 using ehci-pci
[154227.917257] usb 1-7: New USB device found, idVendor=18d1, idProduct=4ee4
[154227.917262] usb 1-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[154227.917264] usb 1-7: Product: Nexus 5
[154227.917266] usb 1-7: Manufacturer: LGE
[154227.917268] usb 1-7: SerialNumber: No.....No.....No....
[154229.017695] usbcore: registered new interface driver cdc_ether
[154229.098906] rndis_host 1-7:1.0 usb0: register 'rndis_host' at usb-0000:00:1d.7-7, RNDIS device, MAC_ADDRESS_HERE
[154229.099207] usbcore: registered new interface driver rndis_host
[154232.733448] systemd-hostnamed[7415]: Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname!

Looks like it is being recognized as a cdce device.  I'll see if I can get a FreeBSD 8.3 build environment setup.  That should be fun in itself!

stephenw10

Another possible option is to switch the phone to be a 3g/4g modem that presents a serial interface. This is possible with many older phones but I've not seen it done with an Android device. I've not been looking though so it might be quite straight forward. The advantage of that would be that pfSense is able to code with a serial port disappearing much better than a NIC. Additionally because pfSense is doing the PPP session it gets a public IP directly rather than being NATed behind the phone.

When I ask you about wifi I meant connecting the phone to the pfSense box via wifi. Install a wifi card in the pfSense box and run it in client mode. Set the phone to wifi hotspot mode and connect the two.

Steve

CNLiberal

Steve,

I got what you meant about the phone sharing it's WiFi.

I'll look into if an Android phone can present a serial PPP over USB.  That would be interesting!  Thank you for your input!!

stephenw10

Having just Googled it I'm not sure it can be done, at least not in any rational way.  ;)
It's a shame, you used to be able to do it will Windows Mobile devices.

Steve