Mikrotik and LTE via Android
Each year, we go on a family holiday. The place we stay has no Internet (shocking, I know).
Over the last few years, this hasn’t been a big problem – just use our mobile devices, or just stay off the Internet for a week!
This year, the number of games which require some level of Internet connectivity has exceeded a critical point (basically all my son’s Lego games need to connect to a server to work – silly DRM). And, my son’s computer is a desktop with no WiFi device, so tethering is painful.
This article is based on this post by Tito Muntasa.
I’m not going to show any other configuration you may need for a Mikrotik device as a home router, but you’d need to do that as well.
I’m also assuming that the LTE will be the primary and sole Internet connection (no fail over, no duel connections).
- An Android device, minimum version 4.4.4
- A Mikrotik router with USB port, minimum RouterOS version 6.7 (see supported hardware)
- Mobile broadband on your Android device
0. Ensure your Android device can connect to the Internet
It’s no good if your Android can’t connect to the Internet.
I needed to go through the process of activating the service, and reboot my phone with the new SIM card.
If you’re using your main phone or tablet, this should already be working.
(Oh, and it’s worth disabling WiFi on your phone as well, as USB tethering will prefer WiFi over mobile broadband. Which causes confusion when testing).
1. Plug your phone into the router’s USB port
2. Enable USB tethering on your Android device
Before the Mikrotik router will recognise your phone / tablet, you need to enable USB tethering.
My old Galaxy Nexus is using a Cyanogen Mod 4.4.4 Android, which has USB tethering under Settings -> More -> Tethering & portable hotspot -> USB tethering. Yours may be in a different location.
Tethering & portable hotspot
Important note: I haven’t been able to figure out how to automatically enable USB tethering on my Android device. This means when you reboot the router the Internet will not automatically come back up. You must manually enable USB tethering again.
This is fine for my scenario (a week long holiday), but would pose problems for a longer term connection.
3. Check the LTE interface / USB device
On your Mikrotik, you should see a new interface lte1 and a new USB device.
LTE interface – that’s my phone!
A list of connected USB devices can be found in System -> Resources -> USB.
The Galaxy Nexus is my phone
4. Enable a DHCP client
Android USB tethering works by looking like a USB network device, which your router / computer connects to and gets access to the Internet via DHCP.
As with most things in Mikrotik, you need to explicitly add a DHCP client for your new 3G / LTE interface.
IP -> DHCP Client
You should enable a default route and Use Peer DNS. Other settings aren’t particularly important.
DHCP Client – config details
DHCP Client – in use
Its worth noting that there’s a double NAT going on here. The Android device is presenting a
192.168.42.xxx range to the router, and my Mikrotik is presenting the
10.46.10.xxx range to devices which connect to it. Each time, the devices will do a network address translation to make the Internet work.
This isn’t a problem for my scenario (downloading stuff, consuming content), but will pose problems if you’re trying to host a web server.
5. Check your route table
IP -> Routes
If all has gone well, you should see a new interface added which corresponds to the IP address in your DHCP client / LTE interface.
(Note: I’ve manually disabled a default route to my normal ADSL connection in this picture).
Routing the Internet via my phone
6. Tweak firewall rules
The default firewall rules assume the Internet is connected to the first ethernet port (
ether1). You’ll need to change those rules to use
I also add a few passthrough firewall rules to track bandwidth usage (in Australia, mobile Internet is an order of magnitude more expensive than fixed line connections, per GB).
|[admin@MikroTik] /ip firewall filter> printFlags: X – disabled, I – invalid, D – dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; Client Usage of LTE chain=forward action=passthrough out-interface=lte1 log=no log-prefix=”” 2 chain=forward action=passthrough in-interface=lte1 log=no log-prefix=”” 3 ;;; Router usage of LTE chain=output action=passthrough out-interface=lte1 log=no log-prefix=”” 4 chain=input action=passthrough in-interface=lte1 log=no log-prefix=”” 5 ;;; defconf: accept ICMP chain=input action=accept protocol=icmp 6 ;;; defconf: accept established,related chain=input action=accept connection-state=established,related 7 ;;; defconf: drop all from WAN chain=input action=drop in-interface=lte1 log=no log-prefix=”” 8 ;;; defconf: fasttrack chain=forward action=fasttrack-connection connection-state=established,related 9 ;;; defconf: accept established,related chain=forward action=accept connection-state=established,related 10 ;;; defconf: drop invalid chain=forward action=drop connection-state=invalid 11 ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=lte1 log=no log-prefix=”” [admin@MikroTik] /ip firewall filter>|
8. Test on the router
You can ping
188.8.131.52 from Tools -> Ping, and you should see the passthrough firewall rules tick up.
9. Connect devices and use the Internet!
At this point, all looks good, so connect a device and use the Internet!
First thing I do is a speed test. Mostly because its depressing how slow my ADSL is compared to LTE.
Internet working via LTE!
For reference – my ADSL connection speed
Although in this case, they’re both pretty ordinary. I guess I get what I pay for (cheapest mobile broadband and ~5 year old mobile device)!
Setting up a Mikrotik router to use an Android device is pretty straight forward. Nothing particularly special is needed for supporting Android phones.
The double NAT and manual enabling of USB tethering are handicaps, not severe enough for my use. If you want a more permanent LTE connection, check the Mikrotik list of supported hardware.