OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: stefan21 on August 21, 2023, 08:44:56 pm
-
Assuming my standard ISP connection is down.
I connect my android smartphone in USB tethering mode to my OPNSense hardware (not a VM). An ue interface is showing up, which can be configured.
Can anybody provide a setup for this scenario? I only want to setup a very standard firewall with the WAN interface on the tethered phone. What IP's have to be used? Probably static. What MRU? No need to configure failover.
Any help is appreciated.
Thank's in advance,
stefan
-
Sorry to push this up again.
Nobody using an android gateway in usb tethering mode?
-
Android USB tethering emulates a USB NIC. For OPNsense, it's just an Ethernet interface with DHCPv4 and SLAAC. Starting with a default installation, all you have to do is switch the WAN interface assignment to the ue interface.
For IPv4, you may have to change the LAN subnet. Android phones often use 192.168.1.0/24 for tethering and you want to avoid having the same subnet on LAN and WAN.
For IPv6, you'll unfortunately need outbound NAT since no prefix delegation is available on mobile and OPNsense doesn't have an ND proxy.
Cheers
Maurice
-
Thank you for hopping on and your reply.
I'll give that a try and will report.
regards,
stefan
-
Thank you Maurice, it's a little tricky, but I got it to work.
It's really - and ONLY - meant to use a WAN connection as a failover if the ISP is down for a few hours.
For the test I used a nano image on a USB flash drive on my laptop. Connecting via smartphone does work if blocking private networks on the WAN-interface is disabled. The phone passes an IP of the private range to the WAN interface. The firewall is up and if imported a backup from the real OPNsense everything on the LAN works as expected. After connecting the phone to the laptop and assigning the ue interface, I reloaded the services. I did this all on the console. Well - later I disabled zenarmor and also IDS in the web-gui ... At least the allowed clients in the LAN are able to reach the internet.
We have one static IP for the WAN. Behind the OPNsense is a Nethserver running our own email-server. If the static IP is not reachable, you'll not be able to send (usually the dynamic IP from the phone is blacklisted) or receive any email with the email server. If you can't wait receiving and sending email until your ISP has fixed the problem, a solution could be configuring temporarily an email relay on the server. And an email account at your webhoster space for a catchall account of your domain. You have to adjust the DNS records for your domain... and reverse it later as it was before. Or you could use a webmail portal to communicate and send your email.
I don't want to do this - as a business customer we do have a reaction time of 8 hours 7/24. We can hold this... So all this is meant to keep the LAN clients connected to the internet.
Thank's again for pointing me in the right direction.
regards,
stefan
-
Yeah, keeping an email server connected over mobile data would be rather tricky without additional measures (VPN tunnel, external email relay etc.). Inbound connections are typically blocked by the operators and you can't configure RDNS.
You still might want to consider using a 4G USB modem instead of the phone. Some emulate a USB Ethernet adapter just like Android does. Then you can permanently set up a secondary WAN connection and use default gateway switching and / or a gateway group for automatic failover.
Cheers
Maurice
-
Hello, I have the same question as op. Can someone actually provide a guide as to how to do this in a simple manner.(I only found on old iphone guide that didn't make much sense, and I have an android phone ..)
Do we just plug in the phone after enabling share internet over usb or..? (I also have usb c to ethernet but did some digging at it seems to me that this is a no go to plug into wan)
Then something should show up in interfaces->assignments you mean?
How do we configure everything correctly as close to a fast on off solution as possible if ISP goes down?
Feel free to elaborate would be greatly appreciated since I'd rather not plug in the phone directly to computer anymore now that I got this thing up and running :)
-
Do we just plug in the phone after enabling share internet over usb or..?
Yes, and then assign the new port. You could temporarily change the assignment of the existing WAN interface. Very simple, but requires manual intervention every time you need to switch the connection.
Or create a second WAN interface and setup failover. A little bit more advanced, but automatic once configured. Check the docs for multi WAN and default gateway switching.
I also have usb c to ethernet but did some digging at it seems to me that this is a no go to plug into wan
This works with some Android phones, but not all. You'll need to check whether the "Ethernet tethering" setting is available. This uses a physical USB Ethernet adapter (phone is USB host) instead of the emulation (phone is USB device and emulates USB Ethernet adapter).
-
I will surely test both and see how far it goes, will report back
-
text
It immediately worked simply by choosing share internet with Ethernet Tethering (from usb to ethernet adaptor plug ethernet cable into wan port obviously on firewall) which is a default option in android lol, so didn't have to set up a thing simply plug in and go problem solved, thanks for pointing this out great job! 8)
-
May I ask a follow-up question regarding this?
I have a dedicated OpnSense setup running on a older PC. The primary WAN is a Cable Internet service.
I have a working "Failover" WAN using my Android Phone connected using USB tether.
When I drop my phone in the USB cradle, OpnSense detects it, but I always have to manually go to "Interfaces", select the "WAN Failover" device, then click "Save", "Apply Changes" for it to become live as my secondary "Failover" connection.
My question is, how do I make it automatically configured when I connect my Phone (without having to "Save" "Apply Changes" every time)?
Do I always have to manually configure it each time?