OpenWrt - Failover Router
Build your own 4G router for network failover.
I recently ran into a problem with frequent network outages because my area is only served by one ISP. I decided to set up a secondary failover connection using a Raspberry Pi and an LTE dongle. This setup creates a secondary uplink to my WAN 2 on my UDM Pro using OpenWrt, relying on 4G signal.
OpenWrt is an open-source firmware for embedded devices like routers, offering extensive customization for users. It allows for the installation of only necessary software packages through its package management system, optimizing device resource use. The firmware includes a web interface called LuCI and support for advanced configuration through a command-line interface. As a plus, it is also regularly updated with security patches.
This project leverages OpenWrt to create a virtual bridge between the LTE dongle and routers that do not support USB pass-through.
- Raspberry Pi: I used a 4B model with 1GB RAM.
- Storage: An 8GB SD card is sufficient.
- LTE Dongle: An LTE dongle with an active data SIM. I bought an unlocked Vodafone K5161z dongle from Amazon, which turned out to be a modem and a router. This caused an issue later on, as I could not make my existing VPN service work behind a double-NAT, and the dongle is extremely limited in terms of configuration settings (no way to port forward, for example), but this is addressed below.
Configuration
Flash OpenWrt
- Use OpenWrt's firmware selector at firmware-selector.openwrt.org and choose the appropriate model for your device, such as Raspberry Pi 4B/400/CM4 (32bit).
- To enable communication between the LTE dongle and the Raspberry Pi, we must include several packages not found in the base image. Although it's not necessary to use all these modules, because I wasn't sure which ones my generic LTE dongle required, I included the following list. Despite adding these packages, the final image size is still quite small, only 18.3 megabytes. Here are the packages needed:
base-files bcm27xx-gpu-fw brcmfmac-nvram-43430-sdio brcmfmac-nvram-43455-sdio busybox ca-bundle cypress-firmware-43430-sdio cypress-firmware-43455-sdio dnsmasq dropbear e2fsprogs firewall4 fstools iwinfo kmod-brcmfmac kmod-fs-vfat kmod-nft-offload kmod-nls-cp437 kmod-nls-iso8859-1 kmod-sound-arm-bcm2835 kmod-sound-core kmod-usb-hid libc libgcc libustream-mbedtls logd luci mkf2fs mtd netifd nftables odhcp6c odhcpd-ipv6only opkg partx-utils ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uci uclient-fetch urandom-seed wpad-basic-mbedtls kmod-usb-net-qmi-wwan uqmi kmod-usb-net-cdc-mbim umbim luci-proto-qmi luci-proto-mbim kmod-usb-serial-option kmod-usb-serial-qualcomm usb-modeswitch picocom kmod-usb-net-cdc-ether
- Click "Request Build" on the firmware selector page and wait for the build process to complete.
- Download the FACTORY (EXT4) image once it's ready.
- Use Etcher or the Raspberry Pi Imager to flash the custom image onto the SD card.
- Insert the SD card into the Raspberry Pi, connect the LTE dongle, and also connect a client device (for initial configuration) to the Raspberry Pi's ethernet port.
- Power up the Raspberry Pi. The device will automatically run OpenWrt's DHCP server to assign an IP to the connected client device.
- Access the router admin interface by navigating to
192.168.1.1
in a web browser, log in with the usernameroot
, and set a strong password under System > Administration.
Configure the 4G Dongle
- Start a new ssh connection via [email protected] to access OpenWrt.
- Start an SSH session to [email protected] and determine the interface assigned to the dongle using the
dmesg
command. Mine appeared aseth1
.
- Return to the web interface, go to Network > Interfaces > Add new interface:
- Name: LTE (or anything else)
- Protocol: I had to select DHCP client as the 4G dongle was unfortunately routing the network already. If you are following along and are lucky enough to find a "dumb" modem, follow this to configure the dongle in QMI or MDM mode.
- Device: select the interface found earlier, in my case, eth1
- Click Create interface.
- Edit the new LTE interface and click Firewall settings> Assign firwall-zone:
wan
- Disable DHCP on the LAN bridge interface: Network >Interfaces ->Edit on LAN interface and click "Ignore this interface" next to DHCP.
- Once configured, connect the Raspberry Pi to your main router.
- Test the connection and configure failover on your main router. On the UDM Pro, this is under Settings > Internet > Load Balancing > Failover.
There is still one last thing I wanted to do: As I run Wireguard on WAN 1, due to the lack of automatic DDNS failover to WAN 2, if my primary network goes down, so does my VPN connection. I addressed this concern in this post.
Conclusion
Setting up a failover internet connection with a Raspberry Pi and an LTE dongle using OpenWrt is a viable solution for areas with unreliable ISP service, albeit the speeds depend on the signal strength, but it can help with unpredictable network environments.