Using a RPI as a 4G/LTE modem

Hardware :

Optional hardware

Base setup

Download and flash the last version of RaspiOS lite. Plug, boot to command prompt.

Disable bluetooth and wifi

echo -e "dtoverlay=disable-wifi\ndtoverlay=disable-bt" | sudo tee -a /boot/config.txt 

Update Upgrade

sudo apt-get update
sudo apt-get upgrade -y

Install dependencies

sudo apt-get install --no-install-recommends git raspberrypi-kernel-headers dnsmasq iptables-persistent vnstat

Sixfab LTE hat

Install driver module

Make sure to do it with no hat connected

wget https://raw.githubusercontent.com/sixfab/Sixfab_RPi_3G-4G-LTE_Base_Shield/master/tutorials/QMI_tutorial/qmi_install.sh
sudo chmod +x qmi_install.sh
sudo ./qmi_install.sh

Install the auto-reconnect service

wget https://raw.githubusercontent.com/sixfab/Sixfab_RPi_3G-4G-LTE_Base_Shield/master/tutorials/QMI_tutorial/install_auto_connect.sh
sudo chmod +x install_auto_connect.sh
sudo ./install_auto_connect.sh

WWAN to ethernet

Fixed IP

Edit /etc/dhcpcd.conf and set your LAN settings by uncommenting and adapting lines 44 to 48 :

interface eth0
static ip_address=192.168.xx.1/24
static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.xx.1
static domain_name_servers=192.168.xx.1 8.8.8.8 fd51:42f8:caae:d92e::1

Remember to edit 192.168.xx.1 to a valid range.

DHCP server : dnsmasq

Edit /etc/dnsmasq.conf and set your dhcp server's address by adding:

listen-address=192.168.xx.1

Create /etc/dnsmasq.d/090_lan.conf :

interface=eth0
dhcp-range=eth0,192.168.xx.0,192.168.xx.50,255.255.255.0,12h

# optionnal - add fixed lease
# dhcp-host=00:11:22:33:44:55,192.168.xx.xx

#DNS servers
server=8.8.8.8
server=4.4.4.4
log-dhcp
log-queries
dhcp-option=6,8.8.8.8,4.4.4.4
log-facility=/tmp/dnsmasq.log
conf-dir=/etc/dnsmasq.d
# Use custom resolv.conf
# resolv-file=/path/to/custom/resolv.conf

Routing and IP masquerading

These steps allow clients on eth0 to access computers on the wwan0 network, and from there the internet. Begin by enabling IP forwarding with the following commands:

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/90_wwantolan.conf > /dev/null
sudo sysctl -p /etc/sysctl.d/90_wwantolan.conf
sudo /etc/init.d/procps restart

To enable traffic between clients on the LAN and the internet, we add two iptables network address translation (NAT) "masquerade" firewall rules. Create these rules and persist them with the following:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.xx.xx/24 ! -d 192.168.xx.xx/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4

192.168.xx.xx/24 should match the network range you set in your dhcpcd config.

Optionnal steps

OpenVPN

Optionally, you may install OpenVPN, enabling openvpn-client service:

sudo apt-get install openvpn
sudo systemctl enable openvpn-client@client

Put your openvpn config and auth files in /etc/openvpn/client. After that, you can use :

sudo systemctl start openvpn-client@configfile.service

to use the VPN connection that corresponds to /etc/openvpn/client/configfile.

Ad blocking

Download the block list :

sudo wget https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -O /etc/dnsmasq.blacklist.txt

Add the following line to your dnsmasq.conf :

conf-file=/etc/dnsmasq.blacklist.txt

Use cronjob to update the list automatically

#write out current crontab
crontab -l > mycron
#echo new cron into cron file
# run at 3am every sunday
echo "00 3 * * 7 wget https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -O /etc/dnsmasq.blacklist.txt" >> mycron
#install new cron file
crontab mycron
rm mycron

Links and notes

https://docs.sixfab.com/page/qmi-interface-internet-connection-setup-using-sixfab-shield-hat

https://docs.raspap.com/manual/