Unknown and partly hidden

Mobile broadband and OpenVPN on GNU/Linux

I wrote a short article on GPRS more than a year ago. Now I finally moved on to HSPA, after GPRS failed me in an emergency. I was unable to get OpenVPN working over it, and to make matters worse I found my (extremely expensive) accumulated bandwidth disappeared from the T-Com account. I decided to switch the provider, and technology, and bought a Huawei E180 mobile broadband modem from TELE2.

With a fairly recent Linux kernel the modem will be recognized correctly as storage (it has a MicroSD card slot), CD-ROM (read-only part of the stick with MS Windows software/driver) and a modem. So, usb_modeswitch is not needed. Modem can be plugged in and usbserial and ppp-generic modules should be loaded. As a PPP dialer I continue to use wvdial, configured like so:

; wvdial configuration
;   /etc/wvdial.conf
;
[Dialer tele2pin]
Modem = /dev/ttyUSB0
baud = 460800
Init1 = AT+CPIN=XYZW

[Dialer tele2]
Modem = /dev/ttyUSB0
baud = 460800
Stupid Mode = 1
Init2 = ATZ
Init3 = AT&F E1 V1 X1 &D2 &C1 S0=0
Init4 = AT+CGDCONT=1,"IP","data.tele2.hr"
Phone = *99#
Username = none
Password = none

Under the tele2pin dialer a PIN must be provided in place of "XYZW". Username and password in the tele2 dialer are not used, but must be provided. The APN "mobileinternet.tele2.hr" always produced a "No carrier detected" message so I switched to "data.tele2.hr". The Stupid mode is enabled so there's no time wasted waiting on the prompt, and that's about all you need to know.

To initiate a connection a PIN must be provided first, that's why there's a special dial section for it. Afterwords a connection can be established:

# wvdial tele2pin
# wvdial tele2

Unfortunately OpenVPN failed to work with this setup as well. Some mobile providers block ports, some do double NAT or otherwise mess with VPN connections... but not TELE2, and I eventually got it to work. I found it was a routing problem, after seeing the following pppd message in the syslog:

pppd: Could not determine remote IP address: defaulting to 10.64.64.64

The routing table would look like this:

Kernel IP routing table
Destination     Gateway Genmask         Flags Metric Ref Use Iface
10.64.64.64     *       255.255.255.255 UH    0      0     0 ppp0
default         *       0.0.0.0         U     0      0     0 ppp0

I determined the gateway by doing a simple traceroute to google.com, and a quick fix was:

# route del default gw 0.0.0.0
# route add -host 130.244.219.90 dev ppp0
# route add default gw 130.244.219.90
# route del -host 10.64.64.64
# /etc/rc.d/openvpn start

The packets will be properly routed now, but the DNS servers of the mobile provider can no longer be reached. Change your DNS servers to the ones provided by your (virtual)private network, or otherwise any DNS servers you would normally use.