Android Phone WAN USB Tether


  • Based on an older post here https://forum.pfsense.org/index.php?topic=41067.0, I would like to know the feasibility of using an Android phone as a WAN interface for pfSense.  One person asked for some output from pfSense.  Specifically, he asked for this:

    I wonder what USB device the iPhone pretends to be when it is USB-tethering. Could you enable USB tethering mode on your iPhone then
    1.  connect your iPhone to your pfSense system and post the ouput of the pfSense shell command
    Code: [Select]

    usbconfig show_ifdrv

    #usbconfig dump_device_desc
    OR
    2.  connect your iPhone to a linux system and post the output of the Linux shell command
    Code: [Select]

    lsusb

    dmesg | tail -10

    lsusb -v

    When I have my Android phone in USB tethering mode and connect it to my Linux netbook the system reports a new cdc-ether interface. OpenBSD appears to have the cdce and cdcef drivers which MIGHT be "relatively" easy to port to FreeBSD.

    Here are the results of the commands for my Nexus 5:

    
    [2.1-RELEASE][admin@pfsense]/boot/kernel(19): usbconfig show_ifdrv
    ugen0.1: <uhci root="" hub="" intel="">at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
    ugen0.1.0: uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen1.1: <uhci root="" hub="" intel="">at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
    ugen1.1.0: uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen2.1: <uhci root="" hub="" intel="">at usbus2, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
    ugen2.1.0: uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen3.1: <uhci root="" hub="" intel="">at usbus3, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE
    ugen3.1.0: uhub3: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">ugen4.1: <ehci root="" hub="" intel="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE
    ugen4.1.0: uhub4: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">ugen4.2: <nexus 5="" lge="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON
    [2.1-RELEASE][admin@pfsense]/boot/kernel(20): 
    
    [2.1-RELEASE][admin@pfsense]/boot/kernel(20): usbconfig dump_device_desc
    
    ...
    ugen4.2: <nexus 5="" lge="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON
    
      bLength = 0x0012 
      bDescriptorType = 0x0001 
      bcdUSB = 0x0210 
      bDeviceClass = 0x00ef 
      bDeviceSubClass = 0x0002 
      bDeviceProtocol = 0x0001 
      bMaxPacketSize0 = 0x0040 
      idVendor = 0x18d1 
      idProduct = 0x4ee4 
      bcdDevice = 0x0232 
      iManufacturer = 0x0001  <lge>iProduct = 0x0002  <nexus 5="">iSerialNumber = 0x0003  <don't_think_this_is_needed>bNumConfigurations = 0x0001 
    
    [2.1-RELEASE][admin@pfsense]/boot/kernel(21):</don't_think_this_is_needed></nexus></lge></nexus></nexus></intel></ehci></intel></uhci></intel></uhci></intel></uhci></intel></uhci> 
    

    The Nexus 5 is in USB tether mode.  Here are the results of ifconfig:

    
    [2.1-RELEASE][admin@pfsense]/boot/kernel(21): ifconfig
    em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether HW_ExtMAC_HERE
    	inet My_Ext_IP_HERE netmask 0xfffffe00 broadcast 255.255.255.255
    	inet6 My_Ext_IPv6_HERE%em0 prefixlen 64 scopeid 0x1 
    	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether HW_IntMAC_HERE
    	inet6 MY_Int_IPv6_HERE%em1 prefixlen 64 scopeid 0x2 
    	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
    	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    enc0: flags=0<> metric 0 mtu 1536
    pflog0: flags=100 <promisc>metric 0 mtu 33192
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
    	inet6 ::1 prefixlen 128 
    	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
    	nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
    	syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    em1_vlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=3 <rxcsum,txcsum>ether NOPE
    	inet6 More_Nope%em1_vlan2 prefixlen 64 scopeid 0x7 
    	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    	vlan: 2 vlanpcp: 0 parent interface: em1
    em0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=3 <rxcsum,txcsum>ether NOPE
    	inet6 NOPE%em0_vlan1 prefixlen 64 scopeid 0x8 
    	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
    	status: active
    	vlan: 1 vlanpcp: 0 parent interface: em0
    tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
    	options=80000 <linkstate>[2.1-RELEASE][admin@pfsense]/boot/kernel(22):</linkstate></pointopoint,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast> 
    

    I'm not seeing the interface created at all for the phone.  Any ideas on what I can do next?  Thanks!

  • Netgate Administrator

    Ok, so your device appears as:
    https://usb-ids.gowdy.us/read/UD/18d1/4ee4
    Which is what we exepect to see. It's not recognised because 2.1 is built on FreeBSD 8.3 which doesn't list that device here:
    http://svnweb.freebsd.org/base/release/8.3.0/sys/dev/usb/usbdevs?revision=234063&view=markup
    It lists only the Nexus One. Worse it still only list the Nexus One in head which is the most recent code.
    The only devices recognised as CDC ethernet are listed in the driver. From head:

    static const STRUCT_USB_HOST_ID cdce_host_devs[] = {
    {USB_VPI(USB_VENDOR_ACERLABS, USB_PRODUCT_ACERLABS_M5632, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_AMBIT, USB_PRODUCT_AMBIT_NTL_250, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_COMPAQ, USB_PRODUCT_COMPAQ_IPAQLINUX, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_GMATE, USB_PRODUCT_GMATE_YP3X00, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_MOTOROLA2, USB_PRODUCT_MOTOROLA2_USBLAN, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_MOTOROLA2, USB_PRODUCT_MOTOROLA2_USBLAN2, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_NETCHIP, USB_PRODUCT_NETCHIP_ETHERNETGADGET, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_PROLIFIC, USB_PRODUCT_PROLIFIC_PL2501, CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SL5500, CDCE_FLAG_ZAURUS)},
    {USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SL5600, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLA300, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLC700, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    {USB_VPI(USB_VENDOR_SHARP, USB_PRODUCT_SHARP_SLC750, CDCE_FLAG_ZAURUS | CDCE_FLAG_NO_UNION)},
    };
    

    Nothing very new.  :-\

    To make this work, if indeed it is a CDC eth device you would have to add the appropriate code to the cdc driver and usbdevs files. Then compile on a FreeBSD 8.3 box and move the driver across.
    Not straight forward.

    Even if you did get it to recognise the Nexus 5 as an Ethernet device and assign it as an interface you would likely have problems when you disconnected it.

    Two alternatives to that:
    Use wifi to share the connection.

    Use an intermediate device to bridge the usb connection to real Ethernet. One such device might be the TP-Link TL-WR703N (or similar) loaded with Openwrt. http://wiki.openwrt.org/toh/tp-link/tl-wr703n

    Steve


  • What would be the best way to verify that it is a CDC device?  Could Linux tell me that?  I'd be willing to take a stab at the drivers.  Is there a good reference I could read to help me?  I can create a FreeBSD8.3 VM on my home ESXi server and go from there.

    There is a thread on RootzWiki about a Nexus 7 Tablet that has a ROM (USBROM) that can take a USB tether from a phone, and use it as it's internet gateway.  Wouldn't that ROM need to know the same MAC address for the gateway or is it more a layer 3 thing?  That's probably a stupid question as you've most likely never even heard of that ROM.

    Thanks for your help!


  • @joltman:

    What would be the best way to verify that it is a CDC device?  Could Linux tell me that?  I'd be willing to take a stab at the drivers.  Is there a good reference I could read to help me?  I can create a FreeBSD8.3 VM on my home ESXi server and go from there.

    There is a thread on RootzWiki about a Nexus 7 Tablet that has a ROM (USBROM) that can take a USB tether from a phone, and use it as it's internet gateway.  Wouldn't that ROM need to know the same MAC address for the gateway or is it more a layer 3 thing?  That's probably a stupid question as you've most likely never even heard of that ROM.

    Thanks for your help!

    You need to give us your dmesg after you plug it in.

  • Netgate Administrator

    Yes you could use Linux (Ubuntu appears to have support) to verify that it's using the cdc driver and that it doesn't need to be 'modeswitched' or anything like that. However I'm warning  you that even if you got it working in FreeBSD withe the cdce driver it's likely you would see problems in pfSense. I have done this with a Sharp Zaurus, which as you can see is supported, and it worked OK. I was able to assign it as a new interface and talk to the Zaurus as any other client. However when I later removed the zaurus from it's cradle and tried to reboot the pfSense box it failed to boot. pfSense is simply not designed to have interfaces that regularly appear and disappear which is exactly what happend every time your device goes to standby or is unplugged.

    Can you not use wifi?

    Steve


  • In my configuration right now, my AP is an Asus RT-AC66U in AP mode (non-routing/firewall).  It sits behind my pfSense box.  I suppose I could build a pfSense Alix box for my folks that has built in WiFi.  I'd have to be sure it can also successfully run an OpenVPN back to my pfSense box.

    Either way, adding more compatible devices could lead to more devs wanting to get the Android USB tether to work successfully.

    Here's the Ubuntu (13.04) lsusb -v output:

    
    Bus 001 Device 009: ID 18d1:4ee4 Google Inc. 
    Device Descriptor:
      bLength                18
      bDescriptorType         1
      bcdUSB               2.10
      bDeviceClass          239 Miscellaneous Device
      bDeviceSubClass         2 ?
      bDeviceProtocol         1 Interface Association
      bMaxPacketSize0        64
      idVendor           0x18d1 Google Inc.
      idProduct          0x4ee4 
      bcdDevice            2.32
      iManufacturer           1 LGE
      iProduct                2 Nexus 5
      iSerial                 3 No....No....No
    
    

    Here's the relevant dmesg output:

    
    [154227.784027] usb 1-7: new high-speed USB device number 9 using ehci-pci
    [154227.917257] usb 1-7: New USB device found, idVendor=18d1, idProduct=4ee4
    [154227.917262] usb 1-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3
    [154227.917264] usb 1-7: Product: Nexus 5
    [154227.917266] usb 1-7: Manufacturer: LGE
    [154227.917268] usb 1-7: SerialNumber: No.....No.....No....
    [154229.017695] usbcore: registered new interface driver cdc_ether
    [154229.098906] rndis_host 1-7:1.0 usb0: register 'rndis_host' at usb-0000:00:1d.7-7, RNDIS device, MAC_ADDRESS_HERE
    [154229.099207] usbcore: registered new interface driver rndis_host
    [154232.733448] systemd-hostnamed[7415]: Warning: nss-myhostname is not installed. Changing the local hostname might make it unresolveable. Please install nss-myhostname!
    
    

    Looks like it is being recognized as a cdce device.  I'll see if I can get a FreeBSD 8.3 build environment setup.  That should be fun in itself!

  • Netgate Administrator

    Another possible option is to switch the phone to be a 3g/4g modem that presents a serial interface. This is possible with many older phones but I've not seen it done with an Android device. I've not been looking though so it might be quite straight forward. The advantage of that would be that pfSense is able to code with a serial port disappearing much better than a NIC. Additionally because pfSense is doing the PPP session it gets a public IP directly rather than being NATed behind the phone.

    When I ask you about wifi I meant connecting the phone to the pfSense box via wifi. Install a wifi card in the pfSense box and run it in client mode. Set the phone to wifi hotspot mode and connect the two.

    Steve


  • Steve,

    I got what you meant about the phone sharing it's WiFi.

    I'll look into if an Android phone can present a serial PPP over USB.  That would be interesting!  Thank you for your input!!

  • Netgate Administrator

    Having just Googled it I'm not sure it can be done, at least not in any rational way.  ;)
    It's a shame, you used to be able to do it will Windows Mobile devices.

    Steve