Because of the need to tether via USB with an iPhone, I decided to give a GL.inet travel router a try.
I’m not a fan of most pre-packaged NAT / firewalling devices for various reasons. The most compelling reason for me is the fact that most consumer devices have strange, arbitrary NAT timeouts that more often than not can’t be disabled. As someone who works primarily in the shell, this drives me nuts, and stuff like TCPKeepAlive isn’t a fix (fixing symptoms isn’t the same as fixing a problem). Anyone saying it’s for “security” immediately loses all credibility.
I’d like a way to connect one or more devices in my car to the Internet via an iPhone. I know that NAT done on an iPhone will time out, too, but I also know that connections via T-Mobile over IPv6 don’t use NAT and use real IPv6 addresses. While incoming connections via IPv6 are blocked, outgoing aren’t kept in a state table that times out.
To get IPv4 without NAT timeout, I plan to just get a public IPv4 address over a tinc tunnel and do NAT locally.
I bought a GL-SFT1200, AKA Opal. It seems small enough, flexible enough and cheap enough. Here are some notes and thoughts:
Without Internet, the firmware information doesn’t update for quite a long time, so I thought there was no way to find out what version I was running. Once the information populated, I saw the firmware was a few versions old and upgraded from 3.212 to 3.216.
USB tethering has some quirks that’re good to know about. Apparently, if the Opal is either not getting enough power or if its power socket is connected to a data port (I don’t know which), it will neither charge nor tether via an iPhone connected to its USB port. Likewise, it won’t tether if the iPhone is plugged in when the Opal is powered on unless / until the iPhone is unplugged and plugged back in (toggling tethering doesn’t do anything).
After enabling IPv6, setting IPv6 type to “Native” and setting the interface to “tethering” (eth1), my NetBSD machine got an IPv6 address and could communicate via IPv6 with the Internet. However, my MacBook Pro running Monterey would get IPv6 addresses, but couldn’t communicate with the Internet.
Just for testing, I tried “NAT6”, but the Opal’s NAT times out too quickly for me to bother to want to check how long it is, and I immediately switched back to “Native”
One thing I noticed is that under “CLIENTS”, with “Enable real-time speed and traffic statistics” on, nothing is incremented for IPv6 traffic. I did some scp tests with IPv6 and IPv4, and IPv4 shows up properly. Just a note for others.
I wanted to see if I could get IPv6 working with my MacBook Pro, but the web interface has hardly any options, so I tried to install / enable LuCi. Unfortunately, no matter how many times I tried, I’d only get 500 server errors on the LuCi web URL.
So, instead, I decided to try firmware 4.3.7. LuCi and tethering both worked immediately. However, even though the Opal got IPv6 and could talk to the Internet via IPv6, neither NetBSD nor MacBook could get IPv6 from the Opal. This was true for both “Native” and “Passthrough” modes. Assigning a static IPv6 address and gateway on either MacBook or NetBSD didn’t work, either.
I reverted to version 3.216.
So my impression is that this device is decent for the price, but has these shortcomings:
If the device doesn’t have enough power (or detects that it’s connected to a data port) and therefore won’t activate USB, it should tell us.
NAT timeout should always be an option, even though I won’t be using NAT on this device. I might if it wasn’t so janky.
IPv6 should Just Work. Pretty much all of the major phone networks are on IPv6, and there’s no good reason this shouldn’t be tested and working in 2023.
There are many new options in version 4 of the Opal firmware, and it’s generally nicer and more informative, but, again, IPv6 should Just Work.
A nice option would be bridge mode which could bridge a USB tethered interface with wifi or ethernet.
The button / switch should be configurable to toggle tethering, and/or for reconnecting. Once the tether connection goes idle and drops (from the perspective of the Opal, since the iPhone still says someone’s connected), there’s apparently no way to reenable aside from unplugging and replugging. I’d love to know if there is!
The options in firmware version 4 for multiple active WAN connections are nice, but not as flexible as I’d like. For instance, there’s no easy way I could find to switch the IPv6 interface from one WAN to another automatically. It’d be nice to have the tether active and have the wifi be preferred, so when I’m home the Opal would connect to wifi and send all traffic through it, then when I leave traffic, including IPv6, would automatically switch to the tether.
It’d be nice if the Opal continued to identify itself to the iPhone consistently, so that I wouldn’t have to click, “Trust”, every time I (re)connect the phone.
So I’d use this, except there’s apparently no programmatic way to bring up the tether without physically unplugging and replugging, and I’m not about to set up a set of relays to pretend to this along with a solenoid that’d tap “Trust” after doing this. It’s just not practical as it is.
If anyone has any thoughts, suggestions or fixes for anything above, please let me know