Hey everyone,
It's working now!
Turns out I hadn't downloaded the opkg that allows TTL mangling, so none of the custom firewall rules were taking effect at all
. This rule ended up being effective:
Code: Select all
# update packages
opkg update
# download mod package
opkg install iptables-mod-ipopt
# Start-IP4-TTL-Fix
iptables -t mangle -I POSTROUTING -o eth0.2 -j TTL --ttl-set 66
# End-IP4-TTL-Fix
(I included the update and package install steps in case someone else copies it for a fresh router)
Once I did that and set up Mullvad Wireguard VPN on the router, everything started working perfectly, no throttling. Special thanks again to everyone who contributed (mtl26637, tetranz, and especially gscheb), you guys are the real MVPs.
I also wanted to post my full solution in case someone has similar problems. Not super sure on the correct forum etiquette, should I post this directly to the Tutorials board?
Unlimited, unthrottled Visible 4G LTE Wi-Fi data on multiple devices for 30$/mo
Overview
Average DL 50-100mbps in an urbanized city, with some deprioritization during the day. Some troubleshooting tips at the end as well!
Brief Summary of Steps:
- Order LTE modem and OpenWRT-compatible router
- Change IMEI of modem to Visible phone IMEI via DC-Unlocker 2
- Setup LTE connection from modem to router
- Change TTL via custom firewall scripts to 66
- Setup router VPN (Mullvad).
(for some of these steps, a Windows laptop and a secondary or open wifi connection will be necessary for "bootstrapping" purposes)
Hardware Purchase and Setup
1. Purchase
MR1100 Netgear M1 Nighthawk Mobile Hotspot (hereafter "Nighthawk" or "the modem") approx. $350, and
GL.iNet GL-AR750S-Ext (Slate) Travel Router (hereafter "AR750S" or "the router") approx. $70. This may be possible with other devices, but these were the ones I used based on the tutorials I watched. Just make sure the router is
OpenWRT compatible, which you can check
here on OpenWRT's website.
This setup may also work by simply USB tethering the Visible-compatible phone directly to the AR750S, which would save you some money, but I haven't tested this, so if you wanted to use this tutorial and substitute the mobile modem with the tethered phone handset, I would encourage it.
You may also want to purchase a NanoSIM to MicroSIM adapter, such as
this one, approx. $5, if you want the nano SIM to fit snugly in the Micro SIM slot of the modem.
1.1 While you wait for your gear to come in the mail, you can set up DC-Unlocker in Step 9 and get 29€ worth of credits while you're there, as well as download the appropriate OpenWRT installation file for your router (I used
this one for the AR750S).
2. Sign up for
Visible Wireless unlimited 5G data and 5MB/s hotspot plan. I didn't have any phones that were compatible with their service, so I also bought a cheap compatible ZTE phone for activation/testing/emergency hotspot purposes. You can join a public plan group by going to
r/VisiblePartyPay on Reddit and joining one of the groups posted to get the group rate. I just joined the huge one stickied on the front page, I don't see any benefit to joining a smaller group.
3. Once the SIM arrives, put it in the compatible phone and activate the SIM through the Visible app. This step is important, as the service will not work until the SIM is activated. (You may be able to activate the service with the SIM directly in the LTE modem, but I haven't tested this). Make sure after your phone is activated that you are joined to the group you found on r/VisiblePartyPay, so that you pay the group rate ($25/mo as of 21 SEP 2021).
4. Verify that the service is functioning on the phone. This is also a good time to benchmark the DL/UL speed for your area on
speedtest.net.
5. Place the SIM into the modem. Since the Visible SIM is a nanoSIM and the SIM slot of the Nighthawk is Micro, you will have to line up the SIM with the contacts in the middle-left of the slot, or you can use a MicroSIM adapter (recommended).
6. Connect the modem to a computer via USB and sign on to the Administrator panel at
192.168.1.1 , default login is
admin//admin. (I saw in the forums that the default password can also sometimes be password). Set up your password and dashboard.
6.1 You may also want to verify that the 5MB/s hotspot works through the modem at this stage by connecting to the modem's Wi-Fi. In
Advanced Settings-> Cellular,
add the APN for Visible, which is:
APN Name: Visible
APN: vsblinternet
PDP: IPv4
PDP Roaming: IPv4
Login to the modem's default Wi-Fi gateway and verify that you can connect to the LTE.
Changing the Modem's IMEI
7. Go to
Advanced Settings->Cellular->Uncheck DATA and ROAMING DATA-> APPLY. This turns off the mobile data to prevent it from connecting while we modify the modem's IMEI in Step #
8. Go to
Mobile Router Setup->IP PASSTHROUGH->ON->SAVE. Note that this means you will only be able to access the modem's administration panel via USB until you disable IP PASSTHROUGH, since the wifi will be disabled.
9. Create an account with DC-Unlocker and download the client from the website. You will need to charge the account with ~29€ (euros) in order to fund the IMEI modification (current as of 21 SEP 2021).
10. Connect the modem to the Windows laptop and start the DC-Unlocker 2 client. Click the server tab on the right (blue earth icon) and
Check login to the account your created with the appropriate number of credits.
11. On the left panel of the DC-Unlocker 2 Client you should see a
Select manufacturer dropdown. Use this to select
Sierra Wireless/NETGEAR. Leave
Select model on
Auto-detect and click the magnifying glass button to search for your connected modem. Note the IMEI of the connected modem should match the corresponding IMEI printed on the bottom of the modem itself.
12. Pull the IMEI number from the phone you used to setup the service by going into the
Settings->About phone (for Android). You could potentially use another phone IMEI if it is compatible with Visible/Verizon service, but I haven't tested this, I used the phone direct from Visible to ensure compatibility.
13. On DC-Unlocker 2, select the
Advanced tab, press
Repair IMEI, and enter your phone's IMEI. You can check that your change was successful by repeating Step 11.
Setting Up Router Firmware
14. Setup the modem's APN, if you haven't already (Step 6.1).
15. Flash the router with OpenWRT (instructions are on the OpenWRT website). For the AR750S, I had to put the router first into the debricking interface. I used
this tutorial and
this release of OpenWRT for my setup.
From the OpenWRT AR750S page:
Note: As of OpenWrt 19.07.4, gl-ar750s-squashfs-sysupgrade.bin still gives an unsupported format error on the web UI and sysupgrade command, but works fine through the router's debricking interface: power down, ensure only 1 network cable is plugged in, hold the reset button, power on, wait until the led blinks 5 times and stays on, then release reset button. Change your IP to 192.168.1.2 and connect to http://192.168.1.1, where you can upload and flash the sysupgrade.bin image.
16. Once OpenWRT is loaded in the router firmware, connect the modem to the WAN port of the router via Ethernet.
17. Configure your wireless access point (AP) as necessary. Once I had the modem APN settings finalized the router AP just worked, but you may have to cruise the OpenWRT forums for some troubleshooting to get it working and verify that your current (5MB/s throttled) AP functions normally.
Throttle Bypass Settings
18. In OpenWRT, log-in and navigate to
Network->Firewall->Custom Rules and place the following code:
Code: Select all
# update packages
opkg update
# download mod package for TTL mangling
opkg install iptables-mod-ipopt
# Start-IP4-TTL-Fix
iptables -t mangle -I POSTROUTING -o eth0.2 -j TTL --ttl-set 66
# End-IP4-TTL-Fix
19. Verify your rules took effect by going to
Status->Firewall->Restart Firewall, your TTL changes should be visible at the bottom of the page under
Table:Mangle, Chain POSTROUTING, TTL set to 66.
20. Set up a VPN on the router for all traffic. I used Mullvad Wireguard VPN, following this video as a guide:
https://www.youtube.com/watch?v=04q41GEPvKA.
21. After setting up the VPN I now experience full DL speeds on all devices that connect to the router AP. Woohoo!
Troubleshooting
- The modem display flashes "Your data connection is disconnected". This usually when I am doing some tests to the firewall or other settings. In these cases, I turn off the router, connect the SIM into the carrier phone used for the IMEI repair, and run a speedtest.net through the phone via the Android app a few times before connecting it back into the modem. If this doesn't solve the problem you can also connect the phone directly to the router temporarily as a tethered hotspot connection and try to reconnect in a few hours, though you may want to configure this usb tethered hotspot connection through OpenWRT before this problem occurs, to ensure a smooth transition in an emergency.
- The ping is very high (150-200 ms). Yes, it is
. You are routing traffic through two different devices, as well as through a VPN, so the ping with this setup is going to be quite high. This setup is notable for how inexpensive it is on a monthly basis, not on it's efficiency, so if you require a shorter ping for gaming or other applications requiring fast response times, unfortunately this may not be the setup for you.
- The data is still throttled. I can't guarantee that this method will be effective, I can only say that this is what worked for me. Your best bet is to try different TTL values in your custom firewall rules and verify that your VPN is functioning correctly. You can also post your setup/problems as a separate thread and request some assistance, but include the model numbers of the hardware you're using in your post, as well as the custom firewall rules your are using as well.
I welcome any comments, tips, or critiques!
