Using the Huawei E3372 Hi-Link LTE Dongle with OpenWRT

Getting the Huawei E3372 LTE dongle to work on a router with OpenWRT 15.05 Chaos Calmer is very easy and requires two additional packages: kmod-usb-net-cdc-ether and usb-modeswitch. They can either be installed through the web interface (System > Software) or by running the following on the command line:

opkg update && opkg install kmod-usb-net-cdc-ether usb-modeswitch

A new network interface will show up (eth1 in my case), that just needs to be added to the wan firewall group (Network > Interfaces > eth1 > Edit > Firewall Settings > Assign firewall-zone). That’s it, the router is online! The web interface remains accessible through the browser at its usual IP address (192.168.8.1).

Installing the packages obviously requires an already existing internet connection. The router can be temporarily connected to another wifi network (Network > Wifi > Scan > Join Network), e.g. a hotspot from a smartphone. Don’t forget to disable or remove this network once finished (Network > Wifi > Disable/Remove).

Double NAT Configuration

When running server applications on the router or network, additional configuration is necessary to make them accessible from the internet.

Both the OpenWRT device and the Hi-Link dongle work in router mode and separate the internal from the external network through a NAT, and this double NAT is a pretty effective way to block incoming connections. Because the NAT cannot be deactivated on the dongle, the ugly and configuration intense solution is often to disable the OpenWRT NAT and use the dongle’s instead. This is a pretty bad workaround and there’s a much better solution for dongles with the DMZ feature available (which depends on the firmware version).

In the configuration interface of the dongle (192.168.8.1), locate the DMZ settings (Settings > Security > DMZ settings) and enable the DMZ feature with a target IP address of 192.168.8.100, which should be the IP of the eth1 network interface on the router that the dongle is connected to (double check in OpenWRT under Network > Interfaces > eth1 > IPv4). Form now on, all incoming connections are passed directly to OpenWRT. The firewall, SIP, and UPnP features of the dongle can be disabled. In contrast to what other guides say, the NAT setting can stay at its default (cone), because it does not have any influence on the DMZ behavior.