• Has anybody had any luck using a U620L as a backup Internet provider in PFSense?  I have found some Linuc instructions but they mention using some USB_Mode switch.  any help would be appreciated.

    thank you.

  • I have no experience with that device. Generally these devices show up as an USB ethernet interface ue0 in pfSense and you would set the interface to use DHCP for IP.

    Many of these devices have an internal landing page you must visit and disable CD-ROM or Mass Storage. This is a small storage drive for Window drivers to reside on. You must disable it to work. That is what usbmodeswitch does. Problem is that it is you must feed it a long string to disable..The string given on the Linux instructions will be exactly the same for pfSense and is device dependent..

    I would hotplug it into pfSense while console is up to see what the device shows up as. Perhaps post your output for a read.

  • I did find a way to make this work.  I installed the usb_modeswitch utility and the set the system to run 'usb_modeswitch -v 0x1410 -p 0x9020 -u 4'  at boot with an earlyshellcmd.  The card will then look like a USB ethernet device.

  • Where did you get that info at?

    Did you try this on 2.3?



    curl -O http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/usb_modeswitch-2.2.5.txz

    pkg install usb_modeswitch-2.2.5.txz

    Will try it on a device tommorow.

  • The earlyshellcmd is not working, I think the device takes too long to switch, anyone if I can make the system wait until it switches?  comment ; sleep 20?  Will this stop the system from continuing?

  • Ended up doing this (Pulled from here:  https://forum.pfsense.org/index.php?topic=111787.0):

    cd /etc/rc.d
    nano lte.sh

    /usr/local/sbin/usb_modeswitch -v 0x1410 -p 0x9020 -u 4
    sleep 60

    chmod +x /etc/rc.d/lte.sh

    60 seconds because the device takes forever to reset.

    Setup an earlyshellcmd (I do not know if this is really needed though):


    Works with two also:

    sleep 15
    /usr/local/sbin/usb_modeswitch -v 0x1410 -p 0x9020 -u 4
    sleep 5
    /usr/local/sbin/usb_modeswitch -v 0x1410 -p 0x9020 -u 4
    sleep 60

  • Does the modem need to be placed in tether mode first?

  • @kwestby:

    Does the modem need to be placed in tether mode first?

    They do not have this feature for this modem.  I called novatell and asked them if there is a setting to put this thing in enterprise mode (permanent tether mode) with a firmware flash, secret web page, or something like that and they said no.

    I tried to escalate the call to speak to an engineer and I get ignored (twice).  They say they will call me back in 24hours and I get no call and I was told that a customer is 'not allowed' to make requests or speak to an engineer.

    It is a pity because these devices would be perfect if they had this feature.

    Everytime I do call they speak of a new firmware update that is supposed to come out within the next few weeks and they try and talk to me like I am having issues with it because of this firmware update but it is unrelated.  It takes forever to get through to them what I want to do.

    I even called verizon and spoke to the Teir 2 support and after explaining what I want to do over and over they finally figure out that I need to speak to Novetell.

    You need to use the usb_modeswitch every time and I have posted a good script to make this happen.  You just have to be careful because if you set this interface up and then reboot the router after you remove the device, pfSense will not find all the interfaces that you have configured and it will halt at the setup script…which would really suck on an embedded device with no monitor or keyboard, or a remote device.

    The same thing would happen if the device failed, I wish there was a setting to make pfSense ignore missing interfaces.

  • Thanks, I was finally able to get it working :-).

    Anyone know if there is a way to automatically fail back to WAN1 when it becomes available (after a failover to WAN2)?

  • Thanks!

    I am attempting to configure my fail over so that when my connection fails over to WAN2, only a specific device on my network is able to use the WAN2 link….all other devices on my LAN should be prohibited from using the WAN2 link.

    Would the correct way to restrict that be to define firewall rules on the LAN interface along the following?

    Allow LAN * * * on the WAN1 interface
    Allow * * * on WAN2 interface
    Deny * * * * on WAN2 interface

  • It is just a firewall rule, you setup the one ip (device) to have a different gateway in the advanced section of a pass rule, everything else just uses default.

  • okay, thanks!

  • @kwestby:

    okay, thanks!

    You use the gateway that you setup for failover for the one device.  That is you want to setup a gateway with your main WAN connection as Tier 1 and your other connection as Tier 2.

    You may also want to consider alternative monitoring IP addresses and not just the one hop gateway.  I recently had a T1 that was down and the gateway was fine but we could not connect to everything else.

  • There is a better way I just did not post it.  It is also posted at my wiki (https://wiki.hackspherelabs.com/index.php?title=U620L_Novatel#U620L_-_Set_CDC-ECM_Permanently):

    ==Put into CDC-ECM Mode==

    Go to:

    Click Debug Mode

    You will have to restart your modem so unplug and re plug I usually wait at least 10 seconds before unplugging and 15-30 seconds before plugging back in

    By default the modem will not work in Windows as Windows does not like this mode.  Plug into a linux box or BSD box though and ask for a DHCP request and everything is cool!

    You should still be able to access the web interface after this.

    ==Take out of CDC-ECM Mode==

    Plug into linux box or a box that interacts with CDC-ECM mode.

    Grab a DHCP release so we have access to the correct network (I think it uses NAT redirection)

    Go to:

    Click End User Mode

    ==Research Study==
    I hope that they do not disable this feature in an update.  I also wonder if having the modem in diagnostic mode disables firmware upgrades so I am going to track some firmware versions:

    ===Modem A===
    Current Software Version:
    1.3 (L1.218.1 M9x25MET-2.44.3 1 [2015-05-13 13:56:54])

    Configuration Version:

    ===Modem S===

    Current Software Version:
    1.3 (L1.218.1 M9x25MET-2.44.3 1 [2015-05-13 13:56:54])

    Configuration Version:

    *I do not see a way to tell if the device is in debug mode
    **This also gives you serial access too:  screen /dev/ttyACM0 115200
    **I do not know the password

Log in to reply