{"id":205,"date":"2017-04-18T02:31:04","date_gmt":"2017-04-18T02:31:04","guid":{"rendered":"http:\/\/blog.warbel.net\/?p=205"},"modified":"2017-04-18T02:31:04","modified_gmt":"2017-04-18T02:31:04","slug":"configuring-a-raspberry-pi-2-with-a-huwei-k4203-usb-3g-modem","status":"publish","type":"post","link":"https:\/\/blog.warbel.net\/index.php\/2017\/04\/18\/configuring-a-raspberry-pi-2-with-a-huwei-k4203-usb-3g-modem\/","title":{"rendered":"Configuring a Raspberry Pi 2 with a Huwei K4203 USB 3G Modem"},"content":{"rendered":"

Background\/Overview:<\/h1>\n

My Wife and I like to travel overseas and we both have multiple devices when we travel. Over the years we’ve tried different solutions. From buying ‘travel’ sims before we leave that end up costing a fortune, to just enabling roaming on our phones and again, paying heavily for international data roaming.<\/p>\n

After doing a little research on the best deal and wanting a flexible option, I bought a 3G dongle from Vodafone. A Huawei K4204 to be precise. My goal is to create a Raspberry Pi that will connect to the hotel WiFi when available and will have it’s own AP running on a different channel so that our devices only have to remember one Access Point. \u00a0This will circumvent certain hotels that only allow you to connect a single device to their network. It will also mean that if we have a Google Chromecast I only have to program a single network into it and use it when we travel. The Raspberry Pi will have a 3G data connection when no Hotel WiFi is available or we’re out and about. When we arrive at our destination (the UK) we will buy a local sim with local (read: cheap) data.<\/p>\n

The below steps are how I achieved the above:<\/p>\n

Part 1: Initial Setup<\/h1>\n

Install Raspbian<\/a> in any way you prefer. I’ve installed the lite version that has no gui.<\/p>\n

Use dd to write to the disk, in my case the microSD card was at \/dev\/sdd:<\/p>\n

sudo dd if=2017-04-10-raspbian-jessie-lite.img\u00a0of=\/dev\/sdd bs=2M<\/pre>\n
log in as pi, password: raspberry<\/p>\n
add a new user and add the user to the sudo group so you can edit system files:<\/p>\n
sudo adduser wargus;sudo usermod -a -G sudo USERNAME<\/pre>\n
log in as your new user, remove pi<\/p>\n
sudo deluser pi<\/pre>\n
enable ssh by default using raspi-config<\/p>\n
sudo raspi-config<\/pre>\n
Under Interfacing Options, 2, Enable SSH:<\/p>\n
\"\"<\/p>\n
Check the IP address of the raspberry pi, it should be set to dhcp automatically.<\/p>\n
ifconfig \r\neth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 \r\n inet addr:10.60.204.182 Bcast:10.60.204.255 Mask:255.255.255.128\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:7511 errors:0 dropped:12 overruns:0 frame:0\r\n TX packets:2759 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000 \r\n RX bytes:669438 (653.7 KiB) TX bytes:604742 (590.5 KiB)<\/pre>\n
At this point you can disconnect the terminal and use SSH to connect to your raspberry device.<\/p>\n
Configuring usb_modeswitch<\/h1>\n
I used this site<\/a> as a reference. It was mostly right for me, although I did have to do a lot troubleshooting before I had it completely right.<\/p>\n
cd \/tmp\r\ntar -xzvf \/usr\/share\/usb_modeswitch\/configPack.tar.gz 19d2<\/strong>\\:1f1c\r\n\r\n<\/b><\/pre>\n
Will create a new file in the tmp directory it will need to be further edited to look like this:<\/p>\n
# Vodafone \/ Huawei K4203\r\nDefaultVendor=0x12d1\r\nDefaultProduct=0x1f1c\r\nTargetVendor=0x12d1\r\nTargetProductList=\"157a,1590\"\r\nHuaweiNewMode=1<\/pre>\n
Copy or move that file to \/etc\/usb_modeswitch.d\/<\/p>\n
At this point with a fresh install, you should be able to plug in the dongle. Switch the usb mode by running :<\/p>\n
sudo usb_modeswitch -c \/etc\/usb_modeswitch.d\/12d1\\:1f1c<\/pre>\n
Check the switch by using lsusb, as the output suggests.<\/p>\n
lsusb\r\nBus 001 Device 007: ID 12d1:1590 Huawei Technologies Co., Ltd.<\/strong> \r\nBus 001 Device 004: ID 0bda:8178 Realtek Semiconductor Corp. RTL8192CU 802.11n WLAN Adapter\r\nBus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512\/9514 Fast Ethernet Adapter\r\nBus 001 Device 002: ID 0424:9514 Standard Microsystems Corp. \r\nBus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub<\/pre>\n
In my setup, the dongle flashed green, flashed blue, then goes solid blue. A quick check of ifconfig at this point shows that the dongle presents itself as a new Ethernet adaptor:<\/p>\n
ifconfig \r\n...\r\neth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00 \r\ninet addr:192.168.9.100 Bcast:192.168.9.255 Mask:255.255.255.0\r\nUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\nRX packets:55 errors:0 dropped:0 overruns:0 frame:0\r\nTX packets:38 errors:0 dropped:0 overruns:0 carrier:0\r\ncollisions:0 txqueuelen:1000 \r\nRX bytes:16310 (15.9 KiB) TX bytes:7400 (7.2 KiB)<\/pre>\n
The dongle automagically configures itself and connects to the internet. \ud83d\ude42 Remember that at this point to connect to the internet will require you to manually set the dongle to the correct mode.<\/p>\n
Test the connection by pinging over the interface:<\/p>\n
ping www.google.com -I eth1\r\nPING www.google.com (203.219.197.210) from 192.168.9.100 eth1: 56(84) bytes of data.\r\n64 bytes from cache.google.com (203.219.197.210): icmp_seq=1 ttl=55 time=2254 ms\r\n64 bytes from cache.google.com (203.219.197.210): icmp_seq=2 ttl=55 time=1248 ms\r\n64 bytes from cache.google.com (203.219.197.210): icmp_seq=3 ttl=55 time=248 ms\r\n\r\nping www.google.com -I eth0\r\nPING www.google.com (203.219.197.245) from 10.60.204.182 eth0: 56(84) bytes of data.\r\n64 bytes from cache.google.com (203.219.197.245): icmp_seq=1 ttl=60 time=1.85 ms\r\n64 bytes from cache.google.com (203.219.197.245): icmp_seq=2 ttl=60 time=1.50 ms\r\n64 bytes from cache.google.com (203.219.197.245): icmp_seq=3 ttl=60 time=2.33 ms<\/pre>\n
Part 2: Routing Configuration<\/h1>\n
At this point, we have a very smart little independently internet connected Raspberry Pi. What we want to do next is a little more complicated. We’re going to configure it to be an access point that will hand out IP addresses and handle NAT. unfortunately it won’t be smart enough to switch between wifi and 3G automatically however you can connect and do that yourself. \ud83d\ude09<\/p>\n
Linux by default does not know that it is a router. We need to enable that functionality and, while we’re there, disable IPv6 (which is something of a security concern).<\/p>\n
Edit \/etc\/sysctl.conf with your favourite editor and uncomment the line:<\/p>\n
net.ipv4.ip_forward=1<\/pre>\n
Add the following lines:<\/p>\n
net.ipv6.conf.all.disable_ipv6=1\r\nnet.ipv6.conf.default.disable_ipv6=1<\/pre>\n
Then run the following command to make the changes apply:<\/p>\n
sudo sysctl -p<\/pre>\n
Install hostapd and configure your wifi dongle to be an access point:<\/h2>\n
sudo apt-get install hostapd -y<\/pre>\n
Edit the primary wifi dongle to be an access point by editing \/etc\/hostapd.conf<\/p>\n
channel=3\r\ncountry_code=AU\r\nhw_mode=g\r\ninterface=wlan0\r\nssid=SSIDNAME\r\nwpa=2\r\nwpa_key_mgmt= WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256\r\nwpa_passphrase=PASSPHRASE<\/pre>\n
You will need to edit the above to suit. Be sure to check what channels are being used and pick one that does not have too much interference.<\/p>\n
Now edit the \/etc\/network\/interfaces file and change wlan0’s settings:<\/p>\n
auto wlan0\r\nallow-hotplug wlan0\r\niface wlan0 inet static\r\nhostapd \/etc\/hostapd\/hostapd.conf\r\naddress 10.60.205.129\r\nnetmask 255.255.255.128\r\nbroadcast 10.60.205.255\r\ndns-nameservers 8.8.8.8 8.8.4.4<\/pre>\n
To save heartache later, edit the default settings for eth0 to:<\/p>\n
iface eth0 inet dhcp<\/pre>\n
To explain the above: I’ve gone with a small 10.60.205.128\/25 IP range and I’ve set google’s name servers to be my defaults. It is necessary to change eth0’s settings as it will fail to come up when we change some service settings below.<\/p>\n
Finally, setup a dhcp server. I tend to prefer a more robust dhcp server:<\/p>\n
sudo apt-get install isc-dhcp-server<\/pre>\n
Configure it to only operate on the wlan0 interface by editing \/etc\/default\/isc-dhcp-server and changing the line INTERFACES=”” to<\/p>\n
INTERFACES=\"wlan0\"<\/pre>\n
Edit the configuration file for the dhcp server in\u00a0\/etc\/dhcp\/dhcpd.conf Change various options at the top to match your own configuration, the important points to recognise are:<\/p>\n
# option definitions common to all supported networks...\r\noption domain-name \"yourdomain.local\";\r\noption domain-name-servers 8.8.8.8, 8.8.4.4;\r\n\r\nsubnet 10.60.205.128 netmask 255.255.255.128 {\r\nrange 10.60.205.150 10.60.205.190;\r\noption routers 10.60.205.129;\r\noption broadcast-address 10.60.205.255;\r\n}\r\n\r\n<\/pre>\n
This will create a range of IP addresses to assign to devices as needed from 150 to 190. \u00a0We still won’t have routing yet, but we’re nearly there! Enable the dhcp service:<\/p>\n
sudo systemctl enable isc-dhcp-server.service\r\n<\/pre>\n
Start the dhcp server:<\/p>\n
sudo service isc-dhcp-server start<\/pre>\n
It should be safe to start the service now, and test \u00a0everything be restarting it. if you connect a device to the network it will be able to get an IP address, it just won’t have any internet access.<\/p>\n
If you have another wifi dongle, as I do, it can also be configured to be a client to another wireless network. This is handy if your hotel only allows one device to be connected to their wifi and you have many devices. Connect the Raspberry Pi to their network and have it do NAT to your devices.<\/p>\n
The Configuration at home may be different to the hotel, which is why I’ve included the note in the configuration below to remind me where to look for information. Remember, if you need to find more information you can always use the 3G dongle to get access to the internet \ud83d\ude42<\/p>\n
#Configure the roaming interface\r\n#Use 'sudo iwlist scan' to find an AP to join\r\nauto wlan1\r\nallow-hotplug wlan1\r\niface wlan1 inet dhcp\r\nwpa-ssid SSID_OF_NETWORK\r\nwpa-psk PASSWORD<\/pre>\n
The Final Steps: Routing and Firewalling.<\/h1>\n
At this point we can write a simple script called firewall to allow routing. It can be placed in \/etc\/init.d\/.<\/p>\n
#!\/bin\/bash\r\n\r\n# Iptables Location\r\nIPTABLES=\"\/sbin\/iptables\"\r\n#Load Modules#\r\n\r\n##########################################################\r\n#\r\n# Don't Touch anything below this line!\r\n#\r\n\r\ncase \"$1\" in start)\r\n\r\necho \"Starting Firewall Services\"\r\necho \"Firewall: Configuring firewall rules using iptables\"\r\n\r\n#BEGIN FIREWALL ROUTING HERE\r\n\r\n#We want the 3G router to start when the firewall does. So we use usb switch here:\r\nusb_modeswitch -c \/etc\/usb_modeswitch.d\/12d1\\:1f1c\r\n\r\n#Flush Routing Table\r\n$IPTABLES -F\r\n$IPTABLES -t nat -F\r\n$IPTABLES -t mangle -F\r\n$IPTABLES -t mangle -X\r\n$IPTABLES -X\r\n\r\n# default policy\r\n $IPTABLES -P INPUT ACCEPT\r\n $IPTABLES -P FORWARD ACCEPT\r\n $IPTABLES -P OUTPUT ACCEPT\r\n\r\n# allow established,related\r\n $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\n# Masquerade over both routes\r\n $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE\r\n $IPTABLES -t nat -A POSTROUTING -o wlan1 -j MASQUERADE\r\n#END FIREWALL ROUTING HERE\r\n\r\ntouch \/var\/lock\/firewall\r\n;;\r\nstatus)\r\n if [ -f \/var\/lock\/firewall ]; then\r\n echo \"Firewall started and configured\"\r\n else\r\n echo \"Firewall stopped\"\r\n fi\r\n exit 0\r\n ;;\r\n\r\nrestart|reload)\r\n $0 stop\r\n $0 start\r\n ;;\r\n\r\nstop)\r\n echo \"Shutting down Firewall services\"\r\n\r\n#Flush Routing Table\r\n$IPTABLES -F\r\n$IPTABLES -t nat -F\r\n$IPTABLES -t mangle -F\r\n$IPTABLES -t mangle -X\r\n$IPTABLES -X\r\n\r\n# default policy\r\n $IPTABLES -P INPUT ACCEPT\r\n $IPTABLES -P FORWARD ACCEPT\r\n $IPTABLES -P OUTPUT ACCEPT\r\n\r\n rm -f \/var\/lock\/firewall\r\n echo\r\n ;;\r\n *)\r\n echo \"Usage: \/etc\/init.d\/firewall {start|stop|status|restart|reload}\"\r\n exit 1\r\nesac\r\nexit 0\r\n\r\n<\/pre>\n
I’ve noticed that by default the router will route traffic over the wlan1 before eth1, even if eth1 exists and has internet access. This is useful as it means that we can have a single firewall\/routing script for both connections. It will fail-over to the 3G dongle when no appropriate WiFi AP can be found.<\/p>\n
Install the script with:<\/p>\n
sudo update-rc.d firewall defaults<\/pre>\n
At this point I was able to power down the Raspberry Pi. On coming back online the two dongles didn’t work, but the 3G dongle did. As hotplug is enabled on those two wifi dongles, removing and re-inserting them got them working again. I was then able to connect to the internet (and the Pi) over WiFi. Removing the dongle connecting to my home network immediately failed over to the 3G dongle.<\/p>\n
Which brings us to the end!<\/p>\n
\"\"<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Background\/Overview: My Wife and I like to travel overseas and we both have multiple devices when we travel. Over the years we’ve tried different solutions. From buying ‘travel’ sims before we leave that end up costing a fortune, to just … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[11,10,9,7,6,5,8],"class_list":["post-205","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-huawei","tag-k4203","tag-mobile-broadband","tag-raspberry-pi","tag-router","tag-travel","tag-vodafone"],"_links":{"self":[{"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/posts\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/comments?post=205"}],"version-history":[{"count":5,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/posts\/205\/revisions"}],"predecessor-version":[{"id":212,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/posts\/205\/revisions\/212"}],"wp:attachment":[{"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/media?parent=205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/categories?post=205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.warbel.net\/index.php\/wp-json\/wp\/v2\/tags?post=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}