PfSense 2.3 and Huawei E8372 - Making it Work

Xamaba

For my home network I like using a small nano PC by Foxconn as my router. The down side is that the nano only has a single Ethernet port. My internet is an LTE connection and the carrier provides one of the new “smart” modems in my case the Huawei E8372. Because of the lack of a second Ethernet port and the risk of double NAT I want the LTE modem to be directly connected to the pfSense PC.
As the modem defaults to storage mode it was an interesting journey to get pfSense to make use of it. I am no expert in pfSense or FreeBSD and have trawled the forums and some websites for various bits I cobbled together into something that works for me. It may not be the best way so your mileage may vary. I just wanted my LTE modem to work with pfSense.

Some notes on the setup
pfSense does not like it when there are not two network adapters. You will be constantly stuck and the interfaces configuration prompt. I resolved this by using a USB Ethernet adapter for the curious Trendnet TU3-ETG.
I enable the Secure Shell and use Bitvise to SSH to the pfSense PC so I can easily copy and paste the contents of the configuration files.

What is needed:
usb_modeswitch (This needs to be installed from the FreeBSD repositories as it's not included in pfSense.)
Shellcmd (Available via the pfSense package manager)
Text editor (Nano is a nice editor you can install it from the shell with pkg install nano)

You will install two packages (Three if you want nano)
You will create two files; lte.cfg for the modem configuration & lte.sh which will be used by Shellcmd

Install usb_modechange

Beware this is not a supported configuration and this may break with updates but it is the only way I found to install usb_modeswitch

From the shell run the command below and install the package:

pkg add http://pkg.freebsd.org/freebsd:10:x86:64/release_3/All/usb_modeswitch-2.2.5.txz

Install Shellcmd

From the web GUI go to System / Package Manager then select Available Packages find Shellcmd and install it.

Create lte.cfg file for usb_modeswitch configuration for E8372

Use your prefered text editor to create the modem configuration file in cd /usr/local/sbin I named the file lte.cfg

Modem configuration for the E8372 was found here http://www.draisberghof.de/usb_modeswitch

Modem Configuration copy the text below and paste it in the lte.cfg file.

###################################################
#Huawei E8372
#Contributed by: ozonejunkie

DefaultVendor= 0x12d1
DefaultProduct=0x1f01

TargetVendor=  0x12d1
TargetProduct= 0x14db

MessageContent="55534243123456780000000000000a11062000000000000100000000000000"
NoDriverLoading=1
#
###################################################

Create lte.sh file for Script to modeswitch modem

The code to correctly switch your modem you can put a script file in /etc/rc.d.
I named mine lte.sh remember to chmod +x the lte.sh file

#!/bin/sh
/usr/local/sbin/usb_modeswitch -c /usr/local/sbin/lte.cfg
sleep 5

Any shell script can be placed in the /usr/local/etc/rc.d/ directory. The filename must end in .sh and it must be marked as executable (chmod +x lte.sh).

Configure Shellcmd

Via the web GUI go to the Services menu and select Shellcmd & click Add

Shellcmd Configuration

Command: /etc/rc.d/lte.sh
Shellcmd Type: earlyshellcmd
Description: LTE Start
Click Save

You should now be able to configure the interface via the interfaces menu.

AndrewZ

Use of usb_modeswitch may be excessive here. In most cases the internal CD-ROM may be disabled by AT-commands, this will result in PID change as well.

devianceluka

@Xamaba:

For my home network I like using a small nano PC by Foxconn as my router. The down side is that the nano only has a single Ethernet port. My internet is an LTE connection and the carrier provides one of the new “smart” modems in my case the Huawei E8372. Because of the lack of a second Ethernet port and the risk of double NAT I want the LTE modem to be directly connected to the pfSense PC.
As the modem defaults to storage mode it was an interesting journey to get pfSense to make use of it. I am no expert in pfSense or FreeBSD and have trawled the forums and some websites for various bits I cobbled together into something that works for me. It may not be the best way so your mileage may vary. I just wanted my LTE modem to work with pfSense.

I'm in exact same situation for the past 5 days. Can I ask you where you from?

1. You said you want to use LTE in your pfSense. With this configuration, did you even try speedtest? You are getting 40Mbps maximum, because it is "USB Ethernet" and not a true modem. I have LTE 150/50 from my provider and I only get around 4 MB/s this way, with HiLink wifi client I get 5-6MB/s.
2. Did you try to switch/convert it into modem mode?

@AndrewZ:

Use of usb_modeswitch may be excessive here. In most cases the internal CD-ROM may be disabled by AT-commands, this will result in PID change as well.

I'm in the same boat and my Huawei E8372h-153 is not responding to AT^SETPORT? command. It throws ERROR only, so I cannot change the mode. Got any clue? Already searched whole Google and I'm a solo case I guess. I have 2x E8372, both are identical (ERROR).

Please help ;-)

Xamaba

I'm in exact same situation for the past 5 days. Can I ask you where you from?

I am from Namibia

Yes I tried Speedtest and this being Africa I can only wish for 40Mbps, reliably I get speeds from 8Mbps to 29Mbps most times of the day, I have had outliers of over 30Mbps but that is rare.

I am not sure that the E8372 supports AT commands as it emulates an Ethernet port and searching did not bring up anything specific to this device. I managed to get the E8372 working on pfSense 2.2.x using usb_modeswitch but with 2.3 that package is no longer included so I did the workaround by installing usb_modeswitch from the FreeBSD repository.

AndrewZ

my Huawei E8372h-153 is not responding to AT^SETPORT? command. It throws ERROR only, so I cannot change the mode.

The following command is used to unlock some AT-commands, but result depends on the current firmware version loaded

AT^DATALOCK="OEM code"

I can try to generate a code for you if you will PM me an output of

AT^NVRDEX=50502,0,128 and AT^NVRDEX=50503,0,128

I do not own such a modem myself, so I can only try.

Xamaba

AT^NVRDEX=50502,0,128 and AT^NVRDEX=50503,0,128

I will setup a fresh install of 2.3 on a spare machine to test.

AndrewZ

@Xamaba:

I will setup a fresh install of 2.3 on a spare machine to test.

No need. For modem preparation you will need any computer running any terminal program.

devianceluka

@AndrewZ:

my Huawei E8372h-153 is not responding to AT^SETPORT? command. It throws ERROR only, so I cannot change the mode.

The following command is used to unlock some AT-commands, but result depends on the current firmware version loaded

AT^DATALOCK="OEM code"

I can try to generate a code for you if you will PM me an output of

AT^NVRDEX=50502,0,128 and AT^NVRDEX=50503,0,128

I do not own such a modem myself, so I can only try.

Send:AT^DATALOCK="OEM CODE"

Recieve: ERROR

Send:AT^DATALOCK?

Recieve: ^DATALOCK:1
Recieve: OK

Send:AT^NVRDEX=50502,0,128

Recieve: ERROR

Send:AT^NVRDEX=50503,0,128

Recieve: ERROR

Please reply as soon as possible, I'm waiting for you!

AndrewZ

@devianceluka:

Send:AT^NVRDEX=50503,0,128

Recieve: ERROR

This means that your particular modem is blocking access to this command as well. Without this information I have no idea how to generate the OEM code.
As I mentioned earlier, result depends on the firmware the modem is running. Please post the firmware version you're running (available from ATI command), just for our information.

devianceluka

@AndrewZ:

@devianceluka:

Send:AT^NVRDEX=50503,0,128

Recieve: ERROR

This means that your particular modem is blocking access to this command as well. Without this information I have no idea how to generate the OEM code.
As I mentioned earlier, result depends on the firmware the modem is running. Please post the firmware version you're running (available from ATI command), just for our information.

Recieve: Manufacturer: huawei
Recieve: Model: E8372
Recieve: Revision: 21.313.11.01.1241
Recieve: IMEI: xxx
Recieve: +GCAP: +CGSM,+DS,+ES
Recieve: OK

I finally got excited when I saw you could do it. Now I'm back to the starting point. :-(

AndrewZ

@devianceluka:

Recieve: Manufacturer: huawei
Recieve: Model: E8372
Recieve: Revision: 21.313.11.01.1241

As far as I know people were successful with datalock unlock on 21.xxx.99.xx.xx firmware.
I suggest to try changing the fw.

devianceluka

@AndrewZ:

@devianceluka:

Recieve: Manufacturer: huawei
Recieve: Model: E8372
Recieve: Revision: 21.313.11.01.1241

As far as I know people were successful with datalock unlock on 21.xxx.99.xx.xx firmware.
I suggest to try changing the fw.

What I do not fully understand is this:

1. for DATALOCK="OEM code", one should input OEM code from AT^NVRDEX command correct? So it's the NVRDEX command that is not working.
2. all I need is OEM code? With this code and DATALOCK command - I unlock other AT commands?

What if I write a small script that bruteforces OEM code in DATALOCK command?

Thanks for still sticking here and helping. I really appreciate it!

AndrewZ

@devianceluka:

1. for DATALOCK="OEM code", one should input OEM code from AT^NVRDEX command correct? So it's the NVRDEX command that is not working.
2. all I need is OEM code? With this code and DATALOCK command - I unlock other AT commands?

1. The output of AT^NVRDEX command is used to generate an OEM code by a special tool.
2. Generally - yes. Potentially one can reset or change the OEM code, but this requires ^NVWREX command being working.

devianceluka

@AndrewZ:

@devianceluka:

1. for DATALOCK="OEM code", one should input OEM code from AT^NVRDEX command correct? So it's the NVRDEX command that is not working.
2. all I need is OEM code? With this code and DATALOCK command - I unlock other AT commands?

1. The output of AT^NVRDEX command is used to generate an OEM code by a special tool.
2. Generally - yes. Potentially one can reset or change the OEM code, but this requires ^NVWREX command being working.

Andrew, how sure are you that AT^DATALOCK has a 8 digit code in it? My script, that tried every possible combination from 99999999 to 00000000 just finished and every single combination throws ERROR. Can you please help me on what to do next?

AndrewZ

I know that some commands are locked in some fw versions. I suppose that with particular 'bad' fw version the modem may just refuse the right code. I suggest to load the generic (non-operator, not branded) firmware.

devianceluka

@AndrewZ:

I know that some commands are locked in some fw versions. I suppose that with particular 'bad' fw version the modem may just refuse the right code. I suggest to load the generic (non-operator, not branded) firmware.

Good news, long story short: I got the OEM code and I get "OK" when I enter it with AT^DATALOCK.
But bad news is, that:
"
AT^SETPORT? = Recieve: ^SETPORT:A1,A2;A3,A2
"
AT^SETPORT=?
AT^SETPORT="A1,A2;1,2,3"
AT^SETPORT="A1,A2;A3,A2"
AT^U2DIAG=0
" = all throw ERROR

What now?

AndrewZ

I can only repeat what was said earlier:

I do not own such a modem myself, so I can only try to help basing on my previous experience with the similar modems.
I know that some commands are locked in some fw versions. I suggest to load the generic (non-operator, not branded) firmware. No guarantee it will help though.

And as always - please mention the firmware version used in all [un]success stories.

el-quique

It works on e3131 . Thank you

The only thing to work I had to modify the file lte.cfg

from
MessageContent="55534243123456780000000000000a1106200000000000010000000000000$

to
MessageContent="55534243123456780000000000000a11062000000000000100000000000000"

:)

Xamaba

Thank you I noticed the string was clipped when I pasted it.

@el-quique:

It works on e3131 . Thank you

The only thing to work I had to modify the file lte.cfg

from
MessageContent="55534243123456780000000000000a1106200000000000010000000000000$

to
MessageContent="55534243123456780000000000000a11062000000000000100000000000000"

:)