IPhone Tethering to pfSense

YeahBaby

correct "ip" was a typo. It is not in ifconfig.

YeahBaby

So in order for FreeBSD/i386 (and subsequently pfSense) to recognize an iPhone the Ethernet driver for Apple devices has to be installed and loaded. The standard FreeBSD build shipped with pfSense has the default Ethernet driver, cdce for most older USB devices. The RNDIS driver (urndis) is normally used by Android devices. But Apple has it's own "special" driver, ipheth (as in iPhone Ethernet). All three of these drivers has shipped with FreeBSD since 8.2. But is neither not shipped with pfSense or is in other than usual location in their FreeBSD build.

If anyone knows if ipheth is already in pfSense's FreeBSD build, please post the path to it.

For ipheth to work the following work needs to be done.

First either compile the driver into the kernel by adding these lines in your kernel configuration file:

device uhci
device ohci
device usb
device miibus
device uether
device ipheth

Or load a compiled copy of ipheth onto your box and add the line: if_ipheth_load="YES" to /boot/loader.conf

/boot/loader.rc needs to have the following two lines lines in it.

include /boot/loader.4th
start

Conflicting reports say the iPhone has to be plugged in and Personal hotspot on before the machine boots, while other say it doesn't matter. However, once this is all done you can pick up at step 5 in AndrewZ's tutorial and all should be fine. Substitute "urndis" for "ipheth" in the prior for Android phone tethering.

See FreeBSD.org's doc on Advanced networking at: http://www.freebsd.org/doc/handbook/advanced-networking.html for your BSD networking needs.

Can I suggest adding these drivers to pfSense's future builds (or is that out-of-line for the forum's protocol) ?

[edit: typos]

eiger3970

So, pfSense moderators, does pfSense Version 2.4.4-RELEASE-p2 (amd64) built on Wed Dec 12 07:40:18 EST 2018 FreeBSD 11.2-RELEASE-p6 have software installed for iPhone tethering?

stephenw10

No. Neither does 2.4.4p3 which is the current version.

It's not hard to get working though. Copy the kernel module if_ipheth.ko from a FreeBSD ISO, 11.2 to match pfSense 2.4.4, put it in /boot/modules
Now add the line if_ipheth_load="YES" to the file /boot/loader.conf.local (create that file if necessary).
That will load the driver at boot, alternatively you can load it immediately to test at the command line with kldload if_ipheth.
According to this post you may need to chose a different usb config index for some models.

I don't have a current iphone to test that with. Let us know how you get on.

Steve

stephenw10

For reference this issue is covered by this: https://redmine.pfsense.org/issues/7467

Rico

Here you go: if_ipheth.zip

-Rico

eiger3970

Great Thanks stephenw10 and Rico.
That zip file really saved me headaches downloading some iso file.

Had some trouble copying the if_ipheth.ko file from local computer to pfSense...I had to use root rather than admin.
Will test physical connection tomorrow, now that the software should be ready.

stephenw10

Just be aware that when pfSense 2.4.5 is released that kernel module will probably fail and require a module from 11-stable instead.
If we can get those drivers included as modules that would not happen. I'm not entirely sure what the reasoning was for not including them, I do know it's been discussed before though. I have pinged our devs to see if we can do anything.

Steve

eiger3970

Thanks for the heads up.
Should be where the future is moving, so would be avante garde to include now.
Unless there's a conflict of interest with a networking business in control of the open source pfSense OS?

eiger3970

Not sure if a Proxmox or pfSense issue.
I allocated Proxmox's USB port to the pfSense VM ID.

pfSense dmesg and usbconfig don't show ue0?

stephenw10

Do you see a new device detected at all when it's connected?

I would probably try to get this working on real hardware first but I guess you could tackle it either way.

Steve

eiger3970

I have the USB connected to my local Linux Mint computer.
Moving hardware to the hypervisor is where the issue arises.
Hypervisor shell > $ lsusb > Enter > outputs the USB device.

root@proxmox:~# lsusb
Bus 002 Device 002: ID 8087:8000 Intel Corp. 
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:8008 Intel Corp. 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 05ac:12a8 Apple, Inc. 
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

I allocated the USB ID 05ac:12a8 to the pfSense VM ID 145.
From there, I don't see much confirmation of pfSense connected to the USB?

[2.4.4-RELEASE][admin@pfSense.localdomain]/root: ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
	ether 42:63:7c:e4:6c:e3
	hwaddr 42:63:7c:e4:6c:e3
	inet6 fe80::4063:7cff:fee4:6ce3%vtnet0 prefixlen 64 scopeid 0x1 
	inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
	ether a6:2d:d5:4f:6c:f3
	hwaddr a6:2d:d5:4f:6c:f3
	inet6 fe80::a42d:d5ff:fe4f:6cf3%vtnet1 prefixlen 64 scopeid 0x2 
	inet 192.168.1.170 netmask 0xffffff00 broadcast 192.168.1.255 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
enc0: flags=0<> metric 0 mtu 1536
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: enc 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo 
pflog0: flags=100<PROMISC> metric 0 mtu 33160
	groups: pflog 
pfsync0: flags=0<> metric 0 mtu 1500
	groups: pfsync 
	syncpeer: 224.0.0.240 maxupd: 128 defer: on
	syncok: 1

[2.4.4-RELEASE][admin@pfSense.localdomain]/root: usbconfig
ugen0.1: <Intel UHCI root HUB> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen0.2: <QEMU QEMU USB Tablet> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (100mA)

According to https://forum.netgate.com/topic/95174/huawei-k5160-4g-usb-mobile-broadband/6 > post 6 > point 5 > I should see ue0, however I don't see this yet?

eiger3970

I believe this is not a pfSense issue.
I'm working on the hypervisor to pass the USB through.

stephenw10

Yeah you should see it in usbconfig and dmesg after connecting it. You won't see it as an interface in ifconfig until a driver attaches to it.

Steve

eiger3970

Ok, finally have the hypervisor working and passing the USB to the pfSense VM.
Not sure on the config for the pfSense VM to use a USB modem, so will try this link.

[2.4.4-RELEASE][admin@pfSense.localdomain]/boot: usbconfig
ugen1.1: <Intel UHCI root HUB> at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen0.1: <Intel UHCI root HUB> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen3.1: <Intel UHCI root HUB> at usbus3, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen2.1: <Intel UHCI root HUB> at usbus2, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
ugen4.1: <Intel EHCI root HUB> at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <QEMU QEMU USB Tablet> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (100mA)
ugen4.2: <Apple Inc. iPhone> at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
[2.4.4-RELEASE][admin@pfSense.localdomain]/boot: ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
	ether 42:63:7c:e4:6c:e3
	hwaddr 42:63:7c:e4:6c:e3
	inet6 fe80::4063:7cff:fee4:6ce3%vtnet0 prefixlen 64 scopeid 0x1 
	inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=c00b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
	ether a6:2d:d5:4f:6c:f3
	hwaddr a6:2d:d5:4f:6c:f3
	inet6 fe80::a42d:d5ff:fe4f:6cf3%vtnet1 prefixlen 64 scopeid 0x2 
	inet 192.168.1.170 netmask 0xffffff00 broadcast 192.168.1.255 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet 10Gbase-T <full-duplex>
	status: active
enc0: flags=0<> metric 0 mtu 1536
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: enc 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	groups: lo 
pflog0: flags=100<PROMISC> metric 0 mtu 33160
	groups: pflog 
pfsync0: flags=0<> metric 0 mtu 1500
	groups: pfsync 
	syncpeer: 224.0.0.240 maxupd: 128 defer: on
	syncok: 1

Post 6, point 5, pfSense shows:
pfSense > Interfaces > Assign.
My pfSense 2.4.4 > Interfaces > Assignments > has no option to add OPT2. What do I need to do to add the USB?

stephenw10

If the phone is detected and you see a ue0 interface you should just be able to assign it and set it as dhcp.

Also: https://github.com/pfsense/pfsense/commit/41e09c2264bcc8067c349213eab5c0dadfb5681f

eiger3970

pfSense 2.4.4 has the kernel module if_ipheth.ko:

[2.4.4-RELEASE][admin@pfSense.localdomain]/boot/modules: ls
bwi_v3_ucode.ko if_ipheth.ko    linker.hints

pfSense 2.4.4 /boot has the loader.conf file:

[2.4.4-RELEASE][admin@pfSense.localdomain]/boot: ls
beastie.4th        brand.4th          frames.4th         loader.efi         menu-commands.4th  userboot.so
boot               cdboot             gptboot            loader.help        menu.4th           version.4th
boot0              check-password.4th gptzfsboot         loader.rc          menu.rc            zfs
boot0sio           color.4th          isoboot            logo-beastie.4th   menusets.4th       zfsboot
boot1              defaults           kernel             logo-beastiebw.4th modules            zfsloader
boot1.efi          delay.4th          kernel.old         logo-fbsdbw.4th    pmbr
boot1.efifat       device.hints       loader             logo-orb.4th       pxeboot
boot2              dtb                loader.4th         logo-orbbw.4th     screen.4th
brand-fbsd.4th     entropy            loader.conf        logo-pfSensebw.4th shortcuts.4th
brand-pfSense.4th  firmware           loader.conf.origin mbr                support.4th

pfSense 2.4.4 has the loader.conf file edited:

kern.cam.boot_delay=10000
kern.ipc.nmbclusters="1000000"
kern.ipc.nmbjumbop="524288"
kern.ipc.nmbjumbo9="524288"
if_ipheth_load="YES"
autoboot_delay="3"
hw.usb.no_pf="1"

Not sure why I can't edit the pfSense GUI to add the USB modem now?
usbconfig shows ugen4.2, rather than ue0, but not sure why and if it's an issue?

eiger3970

Not sure what to do with the GitHub code?
Think I'll file a bug report.

eiger3970

I thought this Cellular Wireless guide might help.

However, unable to type in the pfSense 2.4.4-RELEASE-p2 > Interfaces > PPPs > PPP Configuration > Link Interface(s): /dev/ugen4.2

stephenw10

I'm pretty sure ipheth does not provide any interfaces you could use with PPP. It will appear as a USB Ethernet device when it's working.

You should put that loader line in loader.conf.local to avoid it being overwritten. Create that file since you don't have it yet.

Try running kldstat to see that the module is loaded.

Connect the phone then check the system log or dmesg to see what pfSense did.

What phone are you connecting? ipgeth appears to have specific support for iphones 1-5:
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_5/sys/dev/usb/net/if_ipheth.c#L136

Though it also tries to match any Apple device with the correct interface class.

Steve