trents_blog/docs/posts/raspberrypi-lte-failover-router-with-dns-caching.md

---
title: "RaspberryPi LTE-Failover Router With DNS Caching"
date: 2021-10-06
draft: false
tags: ["RaspberryPi", "Arch", "linux", "router", "tethering", "android", "winblows"]
summaryimage: PXL_20211006_142214161_672x504.png
summaryimagew: 672
summaryimageh: 504
authors: ["trent"]
post: 23
---
date: 2021-10-06


## Introduction
Apparently Windows has a problem resolving hosts when you tether from Mobile HotSpot.

The solution is to build a DNS-Caching router that tethers off the smartphone. This takes
advantage of Android's ability so transparently fail-over to LTE when residential
internet service goes down.

This solution also takes advantage of the RaspberryPi's incredibly low price,
the fact that LineageOS will run on cheap old phones that are no longer supported by the mfgr,
and the fact that GoogleFi will ship you a data-sim for free.

For instance, I just bought a brand-new, open-box Pixel phone for $85, and presumable the
MotoX4 can also be had for next to nothing.

## Materials
* [RaspberryPi](https://www.amazon.com/CanaKit-Raspberry-Starter-Premium-Black/dp/B07BCC8PK7){target="_blank"}
running [Arch Linux Arm](https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3){target="_blank"}
* Old Android Phone Running [LineageOS](https://wiki.lineageos.org/devices/){target="_blank"}
* [Free Data Sim Card From GoogleFi](https://support.google.com/fi/answer/6330195?hl=en#zippy=%2Corder-your-data-only-sim){target="_blank"}


<figure>
  <img src=../../photos/PXL_20211006_142214161_672x504.png width="100%" />
  <figcaption>RaspberryPi Router tethered off MotoX4 (running LineageOS)</figcaption>
</figure>

## Setup
Personally I would

* [secure the ssh server](https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication){target="_blank"}
* [generate and configure the locale](https://wiki.archlinux.org/title/locale){target="_blank"}
* [remove the default root password, and default user](https://wiki.archlinux.org/title/users_and_groups){target="_blank"}
* write your preferred hostname in `/etc/hostname`
* configure your preferred timezone:
  ```shell
  ln -sf /usr/share/zoneinfo/<Zone>/<SubZone> /etc/localtime
  ```

Additionally, the router won't be accessible for administrative tasks when it
is behind the _Android Tether_ ; for this I would use a
[wireguard vpn](https://wiki.archlinux.org/title/WireGuard){target="_blank"}.

## Configure The Router.
The entire configuration of the router consists of two `systemd-networkd`
interface definitions, as well as `/etc/resolv.conf`, and `/etc/dnsmasq.conf`.
### resolvconf
`systemd-resolved` is no use to us because it only listens on localhost.
```shell
# disable systemd-resolved
systemctl stop systemd-resolved
systemctl disable systemd-resolved
unlink /etc/resolv.conf
```
After unlinking the symlinked version of `/etc/resolv.conf`,
write your nameservers and options in a real `/etc/resolv.conf`.
```cfg
# the default timeout of 5 seconds is too slow
options timeout:1

# nameserver when connected to lan
nameserver 192.168.1.1
# nameserver when connected to mobile network
nameserver 8.8.8.8
```
### Interface Definitions For `systemd-networkd`
I believe the usb interfaces are numbered 1-4,
so either be careful which one you use, or maybe a wildcard name
will work, i.e. `Name=usb*`
```cfg
# uplink
# /etc/systemd/network/usb0.network
[Match]
Name=usb0

[Network]
DHCP=yes
DNSSEC=no
IPForward=yes
```
```cfg
# downlink, ethernet cable
# /etc/systemd/network/eth0.network
[Match]
Name=eth0

[Network]
Address=10.12.34.1/24
DHCPServer=yes
IPForward=yes
IPMasquerade=both
```
### Configuration For `dnsmasq`
Install [dnsmasq](https://wiki.archlinux.org/title/dnsmasq){target="_blank"},
and enable it `systemctl enable dnsmasq`.
```cfg
# /etc/dnsmasq.conf
resolv-file=/etc/resolv.conf
interface=eth0
no-dhcp-interface=eth0
```
## Reboot
Plug in the Android Phone, reboot the RaspberryPi, and when it comes back up
toggle on the USB tether on the Android Phone.

Plug ethernet cable into Windows Computer, open **CMD** prompt and type
`ping google.com` to test connectivity and name resolution. Or on a
Linux computer type `ping -c 3 google.com`.
## Alternate DHCP Service
You can use `dnsmasq` for DHCP Service instead of `systemd-networkd`.
```cfg
# downlink, ethernet cable
# /etc/systemd/network/eth0.network
[Match]
Name=eth0

[Network]
Address=10.12.34.1/24
# DHCPServer=yes
IPForward=yes
IPMasquerade=both
```
```cfg
# /etc/dnsmasq.conf
resolv-file=/etc/resolv.conf
interface=eth0
# no-dhcp-interface=eth0
dhcp-range=10.12.34.50,10.12.34.150
```
## Reference For `systemd-networkd`
* examples in `/usr/lib/systemd/network/`
* [Man Page](https://www.freedesktop.org/software/systemd/man/systemd.network.html){target="_blank"}

## Use With Multiple Computers
Just add an
[unmanaged switch](https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG108/dp/B00A121WN6){target="_blank"}.

## Wifi Instead of Ethernet
Use downlink definition for `wlan0` instead of `eth0`,
and install `hostapd`
```cfg
# /etc/hostapd/hostapd.conf
interface=wlan0
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=NETWORK
wpa_passphrase=PASSWORD
```
add raspberrypi-lte-failover-router-with-dns-caching.md 2021-10-06 14:22:07 -07:00			`---`
			`title: "RaspberryPi LTE-Failover Router With DNS Caching"`
			`date: 2021-10-06`
			`draft: false`
			`tags: ["RaspberryPi", "Arch", "linux", "router", "tethering", "android", "winblows"]`
			`summaryimage: PXL_20211006_142214161_672x504.png`
			`summaryimagew: 672`
			`summaryimageh: 504`
			`authors: ["trent"]`
			`post: 23`
			`---`
			`date: 2021-10-06`


			`## Introduction`
			`Apparently Windows has a problem resolving hosts when you tether from Mobile HotSpot.`

			`The solution is to build a DNS-Caching router that tethers off the smartphone. This takes`
			`advantage of Android's ability so transparently fail-over to LTE when residential`
			`internet service goes down.`

			`This solution also takes advantage of the RaspberryPi's incredibly low price,`
			`the fact that LineageOS will run on cheap old phones that are no longer supported by the mfgr,`
			`and the fact that GoogleFi will ship you a data-sim for free.`

			`For instance, I just bought a brand-new, open-box Pixel phone for $85, and presumable the`
			`MotoX4 can also be had for next to nothing.`

			`## Materials`
			`* [RaspberryPi](https://www.amazon.com/CanaKit-Raspberry-Starter-Premium-Black/dp/B07BCC8PK7){target="_blank"}`
			`running [Arch Linux Arm](https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3){target="_blank"}`
			`* Old Android Phone Running [LineageOS](https://wiki.lineageos.org/devices/){target="_blank"}`
			`* [Free Data Sim Card From GoogleFi](https://support.google.com/fi/answer/6330195?hl=en#zippy=%2Corder-your-data-only-sim){target="_blank"}`


			`<figure>`
			`<img src=../../photos/PXL_20211006_142214161_672x504.png width="100%" />`
			`<figcaption>RaspberryPi Router tethered off MotoX4 (running LineageOS)</figcaption>`
			`</figure>`

			`## Setup`
			`Personally I would`

			`* [secure the ssh server](https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication){target="_blank"}`
			`* [generate and configure the locale](https://wiki.archlinux.org/title/locale){target="_blank"}`
			`* [remove the default root password, and default user](https://wiki.archlinux.org/title/users_and_groups){target="_blank"}`
			* write your preferred hostname in `/etc/hostname`
			`* configure your preferred timezone:`
			```shell
			`ln -sf /usr/share/zoneinfo/<Zone>/<SubZone> /etc/localtime`
			```

			`Additionally, the router won't be accessible for administrative tasks when it`
			`is behind the _Android Tether_ ; for this I would use a`
			`[wireguard vpn](https://wiki.archlinux.org/title/WireGuard){target="_blank"}.`

			`## Configure The Router.`
			The entire configuration of the router consists of two `systemd-networkd`
			interface definitions, as well as `/etc/resolv.conf`, and `/etc/dnsmasq.conf`.
			`### resolvconf`
			`systemd-resolved` is no use to us because it only listens on localhost.
			```shell
			`# disable systemd-resolved`
			`systemctl stop systemd-resolved`
			`systemctl disable systemd-resolved`
			`unlink /etc/resolv.conf`
			```
			After unlinking the symlinked version of `/etc/resolv.conf`,
			write your nameservers and options in a real `/etc/resolv.conf`.
			```cfg
			`# the default timeout of 5 seconds is too slow`
			`options timeout:1`

			`# nameserver when connected to lan`
			`nameserver 192.168.1.1`
			`# nameserver when connected to mobile network`
			`nameserver 8.8.8.8`
			```
			### Interface Definitions For `systemd-networkd`
			`I believe the usb interfaces are numbered 1-4,`
			`so either be careful which one you use, or maybe a wildcard name`
			will work, i.e. `Name=usb*`
			```cfg
			`# uplink`
			`# /etc/systemd/network/usb0.network`
			`[Match]`
			`Name=usb0`

			`[Network]`
			`DHCP=yes`
			`DNSSEC=no`
			`IPForward=yes`
			```
			```cfg
			`# downlink, ethernet cable`
			`# /etc/systemd/network/eth0.network`
			`[Match]`
			`Name=eth0`

			`[Network]`
			`Address=10.12.34.1/24`
			`DHCPServer=yes`
			`IPForward=yes`
			`IPMasquerade=both`
			```
			### Configuration For `dnsmasq`
			`Install [dnsmasq](https://wiki.archlinux.org/title/dnsmasq){target="_blank"},`
			and enable it `systemctl enable dnsmasq`.
			```cfg
			`# /etc/dnsmasq.conf`
			`resolv-file=/etc/resolv.conf`
			`interface=eth0`
			`no-dhcp-interface=eth0`
			```
			`## Reboot`
			`Plug in the Android Phone, reboot the RaspberryPi, and when it comes back up`
			`toggle on the USB tether on the Android Phone.`

			`Plug ethernet cable into Windows Computer, open CMD prompt and type`
			`ping google.com` to test connectivity and name resolution. Or on a
			Linux computer type `ping -c 3 google.com`.
			`## Alternate DHCP Service`
			You can use `dnsmasq` for DHCP Service instead of `systemd-networkd`.
			```cfg
			`# downlink, ethernet cable`
			`# /etc/systemd/network/eth0.network`
			`[Match]`
			`Name=eth0`

			`[Network]`
			`Address=10.12.34.1/24`
			`# DHCPServer=yes`
			`IPForward=yes`
			`IPMasquerade=both`
			```
			```cfg
			`# /etc/dnsmasq.conf`
			`resolv-file=/etc/resolv.conf`
			`interface=eth0`
			`# no-dhcp-interface=eth0`
			`dhcp-range=10.12.34.50,10.12.34.150`
			```
			## Reference For `systemd-networkd`
			* examples in `/usr/lib/systemd/network/`
			`* [Man Page](https://www.freedesktop.org/software/systemd/man/systemd.network.html){target="_blank"}`

			`## Use With Multiple Computers`
			`Just add an`
			`[unmanaged switch](https://www.amazon.com/Ethernet-Splitter-Optimization-Unmanaged-TL-SG108/dp/B00A121WN6){target="_blank"}.`

			`## Wifi Instead of Ethernet`
			Use downlink definition for `wlan0` instead of `eth0`,
			and install `hostapd`
			```cfg
			`# /etc/hostapd/hostapd.conf`
			`interface=wlan0`
			`hw_mode=g`
			`channel=7`
			`wmm_enabled=0`
			`macaddr_acl=0`
			`auth_algs=1`
			`ignore_broadcast_ssid=0`
			`wpa=2`
			`wpa_key_mgmt=WPA-PSK`
			`wpa_pairwise=TKIP`
			`rsn_pairwise=CCMP`
			`ssid=NETWORK`
			`wpa_passphrase=PASSWORD`
			```