IPhone Tethering to pfSense

  • Hello all. I am an extreme newbie here. Yes this question has been asked before, seems like once a year USB tethering of phones into pfSense comes up. Here is some new details I have not seen vetted on this forum regarding iPhones. If they have, please share the link.

    One question that comes up is, what does an iPhone show itself as? That answer appears to to be [pseudo] Ethernet with the IP address of See Attached screenshot from a Mac.

    Another question that comes up (on various forums) is how it is routed in the iPhone. Whether actually relevant is another issues. However, the iPhone USB tether channel is its own route. A quick test to show this is, run a VPN on the iPhone, then do a USB tether to a computer (which I am doing as I put this post together). Then open your favorite browser on the iPhone and go to your favorite IP address finder site. Note your phone based browser will present the VPN assigned IP Address. Then do the same on the computer. You will find that the computer is not being routed through the iPhone's VPN. But rather presents the IP Address your iPhone's LTE/4/3/2 G that is assigned by your Carrier.

    So if you want a tether to a computer AND a VPN serving that computer, both the iPhone and the computer need to run their own copies of the VPN client and connect independently.

    All that said, this Ethernet-ish connection is Ethernet route-able as is proven by doing an "Internet Share" of it, from almost any computer's USB to the computer's Ethernet jack. This works on almost every platform in service today, at least Mac, Linux and Windows for sure.

    When I plug my iPhone into my pfSense box (old Dell Inspiron 530S) the console sees it and confirms "ugen7.2: <apple inc.="">at usbus7"

    Given the above I believe there must be a very straight forward answer to using a USB port with a tethered iPhone as a WAN connection. Does anyone have that answer?

    Thanks in advance.

    [edit: typo]


  • Please read https://forum.pfsense.org/index.php?topic=106477.msg594536#msg594536
    Note the warning at the beginning, skip 1-4 and start from 5.

  • Perfect! Thanks.

  • So where i hit a "brick wall" is that in (I'm guessing) my installed version there is no "Interfaces - (assign) - add new" option. Nor is there a "System - Gateways" menu option. So are these options in older versions?

  • In the current version it looks slightly different:
    Interfaces - (assign) - Available network ports: - select ue0 - Add

    BTW, do you see ue0 in ifconfig output?

  • Okay Gateway is under System - Routing - Gateway

    Interface - (assign) - Interface Assignments - Interface/Network port  does not show ue0 and I do not see it in the ipconfig output.

  • @Yeah:

    I do not see it in the ipconfig output.

    It should be ifconfig, not ipconfig.
    Then we're coming back to my tutorial, step 5.
    It seems pfsense was not able to recognize the PID/VID of your USB device and create an interface for it.

  • correct "ip" was a typo. It is not in ifconfig.

  • So in order for FreeBSD/i386 (and subsequently pfSense) to recognize an iPhone the Ethernet driver for Apple devices has to be installed and loaded. The standard FreeBSD build shipped with pfSense has the default Ethernet driver, cdce for most older USB devices. The RNDIS driver (urndis) is normally used by Android devices. But Apple has it's own "special" driver, ipheth (as in iPhone Ethernet). All three of these drivers has shipped with FreeBSD since 8.2. But is neither not shipped with pfSense or is in other than usual location in their FreeBSD build.

    If anyone knows if ipheth is already in pfSense's FreeBSD build, please post the path to it.

    For ipheth to work the following work needs to be done.

    First either compile the driver into the kernel by adding these lines in your kernel configuration file:

    device uhci
    device ohci
    device usb
    device miibus
    device uether
    device ipheth

    Or load a compiled copy of ipheth onto your box and add the line: if_ipheth_load="YES" to /boot/loader.conf

    /boot/loader.rc needs to have the following two lines lines in it.

    include /boot/loader.4th

    Conflicting reports say the iPhone has to be plugged in and Personal hotspot on before the machine boots, while other say it doesn't matter. However, once this is all done you can pick up at step 5 in AndrewZ's tutorial and all should be fine. Substitute "urndis" for "ipheth" in the prior for Android phone tethering.

    See FreeBSD.org's doc on Advanced networking at: http://www.freebsd.org/doc/handbook/advanced-networking.html for your BSD networking needs.

    Can I suggest adding these drivers to pfSense's future builds (or is that out-of-line for the forum's protocol) ?

    [edit: typos]

Log in to reply