[Guide] Tether w/ Bridged AP OpenWrt
Posted: Sun Apr 03, 2022 12:02 am
This is a guide for bridging your phone/modem's tether to an OpenWrt (21.02) router. This lets you connect clients through the router's wifi and ethernet, supports ipv4 and ipv6, and includes working rules to modify the TTL/HL of your traffic. On networks that do not use cgnat for ipv6, like T-Mobile, clients will be able to bind to ports and receive inbound traffic from the internet. If you choose to wifi tether, this does not bypass any client limits.
You will probably need to also bypass the APN on your device (example: pcweb.tmobile.com to fast.t-mobile.com for T-Mobile). Some Androids let you run 'settings put global tether_dun_required 0' or add 'dun' to APN type, but YMMV. With root, you can edit APN config file, which always works.
Dependencies:
Go to System -> Software, click 'Update lists', and then dismiss.
Filter and install iptables-mod-ipopt and iptables-mod-physdev
If you are USB tethering:
Also install kmod-usb-net-rndis
Setting Up the Bridge
Select Network -> Interfaces from the top drop-down menu.
Under Interfaces -> LAN, click 'edit'
Under the General Settings tab
Set Protocol to 'Static Address'
(Set an address in the modem's/phone's range, if possible)
Select the DHCP Server tab
Under the General Settings sub-tab
[*]Check the box for ignore interface
Select the IPv6 Settings sub-tab
[*]Set RA-Service to 'disabled'
[*]Set DHCPv6-Service to 'disabled'
[*]Set NDP-Proxy to 'disabled'
Click 'Save'
If you are USB tethering:
Select the Devices tab
Under Devices -> br-lan click 'Configure...'
Under the General device options tab
Add 'usb0' to Bridge ports
Click 'Save' and then 'Save & Apply'
If you are Ethernet tethering:
Delete the WAN and WAN6 interfaces
Select the Devices tab
Under Devices -> br-lan click 'Configure...'
Under the General device options tab
Add 'eth1' to Bridge ports
Click 'Save' and then 'Save & Apply'
Your modem/phone will need to plug into the wan port.
EDIT: Removed the bit on hotspotting as OpenWRT does not support wireless bridging. Would apply more to other firmwares like DD-WRT.
Modify TTL/HL for Bridged Traffic
Add in System -> Startup, under the Local Startup tab
This goes before "exit 0". The interface is set for USB tethering in this example. Change it if your tethering with a different interface(wlan0, eth1, etc)
The added '-m hl ! --hl-eq 255' with a hop limit of 255. Without it, IPv6 Neighbor Discovery does not work.
You will probably need to also bypass the APN on your device (example: pcweb.tmobile.com to fast.t-mobile.com for T-Mobile). Some Androids let you run 'settings put global tether_dun_required 0' or add 'dun' to APN type, but YMMV. With root, you can edit APN config file, which always works.
Dependencies:
Go to System -> Software, click 'Update lists', and then dismiss.
Filter and install iptables-mod-ipopt and iptables-mod-physdev
If you are USB tethering:
Also install kmod-usb-net-rndis
Setting Up the Bridge
Select Network -> Interfaces from the top drop-down menu.
Under Interfaces -> LAN, click 'edit'
Under the General Settings tab
Set Protocol to 'Static Address'
(Set an address in the modem's/phone's range, if possible)
Select the DHCP Server tab
Under the General Settings sub-tab
[*]Check the box for ignore interface
Select the IPv6 Settings sub-tab
[*]Set RA-Service to 'disabled'
[*]Set DHCPv6-Service to 'disabled'
[*]Set NDP-Proxy to 'disabled'
Click 'Save'
If you are USB tethering:
Select the Devices tab
Under Devices -> br-lan click 'Configure...'
Under the General device options tab
Add 'usb0' to Bridge ports
Click 'Save' and then 'Save & Apply'
If you are Ethernet tethering:
Delete the WAN and WAN6 interfaces
Select the Devices tab
Under Devices -> br-lan click 'Configure...'
Under the General device options tab
Add 'eth1' to Bridge ports
Click 'Save' and then 'Save & Apply'
Your modem/phone will need to plug into the wan port.
EDIT: Removed the bit on hotspotting as OpenWRT does not support wireless bridging. Would apply more to other firmwares like DD-WRT.
Modify TTL/HL for Bridged Traffic
Add in System -> Startup, under the Local Startup tab
Code: Select all
sysctl -w net.bridge.bridge-nf-call-arptables=1
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
iptables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -m ttl ! --ttl-eq 255 -j TTL --ttl-set 65
ip6tables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -m hl ! --hl-eq 255 -j HL --hl-set 65
The added '-m hl ! --hl-eq 255' with a hop limit of 255. Without it, IPv6 Neighbor Discovery does not work.