IPhone Tethering to pfSense

stephenw10

The important part appears to be this though:

Configuration index 3

    bLength = 0x0009 
    bDescriptorType = 0x0002 
    wTotalLength = 0x0075 
    bNumInterfaces = 0x0003 
    bConfigurationValue = 0x0004 
    iConfiguration = 0x0008  <PTP + Apple Mobile Device + Apple USB Ethernet>
    bmAttributes = 0x00c0 
    bMaxPower = 0x00fa

It needs to be using index 3. Try:
usbconfig -d ugen4.2 set_config 3

Steve

stephenw10

@eiger3970 said in IPhone Tethering to pfSense:

idVendor = 0x05ac
idProduct = 0x12a8

That looks like it should be recognised as an iphone5 actually:
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_4_4/sys/dev/usb/usbdevs#L1168

eiger3970

Oh wow!
pfSense GUI > Interfaces > Interface Assignments > shows Available network ports: ue0

I will try to follow a GUI guide now for the final setup.

Yes, the USB device is an iPhone 5C.

'It' needs to be using index 3...is it referring to the iPhone or pfSense?

eiger3970

Ok, pfSense reboot needs the setup run each time. I won't be rebooting the router much, so that's ok, until perhaps the kernel module if_ipheth.ko udates the code?
I.e.:
usbconfig -d ugen4.2 set_config 3.

So, running the GUI:
pfSense 2.4.4-RELEASE-p2 > Interfaces > Assignments > Add ue0 (Ma:cA:dd:re:ss:00) > OPT1 ue0 appears > Save > Interfaces > OPT1 > General Configuration > Enable: tick Enable interface > IPv4 Configuration Type: DHCP > Save > Apply Changes > System > Routing > Gateways > OPT1_DHCP should be Default > pfSense shell: netstat -r > Enter > problem as ue0 is in Internet 6 and not in Internet?

eiger3970

If it helps, here are my network topologies from Ethernet modem to USB modem.
Ethernet modem:
alt text

USB modem:
alt text

Perhaps the USB modem topology needs the net0 = vmbr1 to be updated to OPT1 = vmbr1?

stephenw10

Ok great if config index 3 works you can have that set every time at boot using a usb quirk
https://www.freebsd.org/cgi/man.cgi?query=usb_quirk

Add to /boot/loader.conf.local:
hw.usb.quirk.0="0x05ac 0x12a8 0 0xffff UQ_CFG_INDEX_3"

There real issue with this type of setup is that if the phone switches off or is unplugged or in some other way is no longer present and you reboot pfSense it will fail to boot. It will stop at the interfaces assign screen because it has ue0 in it's config and it isn't there.

Steve

eiger3970

Thank you, that works after a reboot.
I updated file /boot/loader.conf, there was not file /boot/loader.conf.local.

So, the final thing is configuring pfSense GUI to pass data.
Interfaces > Assignments > OPT1 ue0 (53:f9:38:33:18:4f).
Interfaces > OPT > Enabled interface. IPv4 Configuration Type: DHCP.
System > Routing > Gateways > OPT1_DHCP is Default (IPv4).
Dashboard > Interfaces > OPT1 > green up arrow with IP 0.0.0.0.

stephenw10

Yeah, you will have to create the .local file but you should put both lines in there. The standard loader.conf file can be overwritten by changes in pfSense.

If it's not pulling an IP address that would seem to be some setting in the iphone. Is tethering actually enabled there?
Does it work as a wireless hotspot?

Steve

eiger3970

Oh, thank you.
Done.

Tethering is enabled. No wifi on the hypervisor.
I'll check the hardware tomorrow.

[2.4.4-RELEASE][admin@pfSense.localdomain]/boot: netstat -r
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
0.0.0.0/8          link#1             U        vtnet0
localhost          link#4             UH          lo0
192.168.1.0/24     link#2             U        vtnet1
pfSense            link#2             UHS         lo0

Internet6:
Destination        Gateway            Flags     Netif Expire
localhost          link#4             UH          lo0
fe80::%vtnet0/64   link#1             U        vtnet0
fe80::4063:7cff:fe link#1             UHS         lo0
fe80::%vtnet1/64   link#2             U        vtnet1
fe80::a42d:d5ff:fe link#2             UHS         lo0
fe80::%lo0/64      link#4             U           lo0
fe80::1%lo0        link#4             UHS         lo0
fe80::%ue0/64      link#7             U           ue0
fe80::5cf9:38ff:fe link#7             UHS         lo0

stephenw10

Yeah just to check the iphone is capable of doing this. Maybe connect it to something else, a laptop.

eiger3970

Yes, the iPhone is capable of providing tethered internet via USB.
The iPhone tethering worked on other machines previously, however I wanted to triple check before this response.

There's something in the pfSense configuration I don't know needs to be done?
According to post 6, point 8, the Default Gateway should be in IPv4, not IPv6 in my case.

stephenw10

Is it giving you an IP address now? You won't have a gateway on the iphone at all until it responds to dhcp.

eiger3970

OPT1 IP address 0.0.0.0.

On the iPhone, I do what I do to make the USB tether work on other machines.
iPhone > passcode > Settings > Hotspot > turn on > Enable USB: yes.

[2.4.4-RELEASE][root@pfSense.localdomain]/root: netstat -r
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
0.0.0.0/8          link#1             U        vtnet0
localhost          link#4             UH          lo0
192.168.1.0/24     link#2             U        vtnet1
pfSense            link#2             UHS         lo0

Internet6:
Destination        Gateway            Flags     Netif Expire
localhost          link#4             UH          lo0
fe80::%vtnet0/64   link#1             U        vtnet0
fe80::4063:7cff:fe link#1             UHS         lo0
fe80::%vtnet1/64   link#2             U        vtnet1
fe80::a42d:d5ff:fe link#2             UHS         lo0
fe80::%lo0/64      link#4             U           lo0
fe80::1%lo0        link#4             UHS         lo0
fe80::%ue0/64      link#7             U           ue0
fe80::5cf9:38ff:fe link#7             UHS         lo0

stephenw10

Hit renew/release on Status > Interfaces after doing that on the phone maybe?

I would probably run a packet capture on ue0 and hit renew and see it anything is happening.

Also check the dhcp logs for dhclient entries, you see an error there.

Steve

eiger3970

pfSense > Diagnostics > Packet Capture > Interface: WAN2 > Start > Status > Interfaces > WAN2 > DHCP: Release > DHCP: renew > Diagnostics > Packet Capture > Interface: WAN > Stop > View Capture.

16:32:42.061530 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:32:47.074104 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:32:47.074108 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:32:52.105408 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:32:52.105412 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:32:57.155403 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:33:02.175405 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:33:11.088430 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:33:30.070614 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:33:43.170645 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300

pfSense > Status > System Logs > DHCP > no errors, only data from 20200226.

Feb 26 20:37:25	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:37:26	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:37:27	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:37:28	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:37:29	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:37:30	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:37:32	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:37:34	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 5
Feb 26 20:37:39	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 10
Feb 26 20:37:49	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 18
Feb 26 20:38:01	dhclient		FAIL
Feb 26 20:38:07	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 12
Feb 26 20:38:19	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 7
Feb 26 20:38:26	dhclient	80005	No DHCPOFFERS received.
Feb 26 20:38:26	dhclient	80005	No working leases in persistent database - sleeping.
Feb 26 20:38:26	dhclient		FAIL
Feb 26 20:38:41	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:38:42	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:38:43	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:38:45	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:38:47	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 5
Feb 26 20:38:52	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 7
Feb 26 20:38:59	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 15
Feb 26 20:39:14	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 19
Feb 26 20:39:17	dhclient		FAIL
Feb 26 20:39:33	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 9
Feb 26 20:39:42	dhclient	80005	No DHCPOFFERS received.
Feb 26 20:39:42	dhclient	80005	No working leases in persistent database - sleeping.
Feb 26 20:39:42	dhclient		FAIL
Feb 26 20:39:57	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:39:58	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:40:00	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 5
Feb 26 20:40:05	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 5
Feb 26 20:40:10	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 13
Feb 26 20:40:23	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 15
Feb 26 20:40:34	dhclient		FAIL
Feb 26 20:40:38	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 12
Feb 26 20:40:50	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 7
Feb 26 20:40:57	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:40:58	dhclient	80005	No DHCPOFFERS received.
Feb 26 20:40:58	dhclient	80005	No working leases in persistent database - sleeping.
Feb 26 20:40:58	dhclient		FAIL
Feb 26 20:41:13	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:41:14	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:41:15	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 1
Feb 26 20:41:16	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 2
Feb 26 20:41:18	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 5
Feb 26 20:41:23	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 6
Feb 26 20:41:29	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 10
Feb 26 20:41:39	dhclient	80005	DHCPDISCOVER on ue0 to 255.255.255.255 port 67 interval 17

stephenw10

Hmm, so it looks like the phone is just not responding. Did you test it with a different device?

Maybe it needs some other setting.

eiger3970

Yes, the USB tether works fine on other machines.

stephenw10

Hmm, well maybe the fact we are having to force the config index is because it should be triggered to use USB Ethernet some other way and that also starts it's DHCP server.

Are you able to connect it to a Linux device and check the logs it produces? Assuming it works there that is...

eiger3970

The logs of the iPhone.
I have and can connect to Linux machines, works quite easily.
I would have to connect the phone to a Mac to see phone logs.

I'm wondering if I should be tethering the phone to the hypervisor/host machine and then the guest machine will receive internet from the hypervisor. This might need a NAT?

stephenw10

I meant the logs from Linux to see if the driver there is doing something different when it connects.

You could certainly do it via the hypervisor and it might remove some of the other issues as pfSense would not lose its interface entirely when the phone goes away.

Steve