Using a RPI as a 4G/LTE modem

Hardware :

Optional hardware

Base setup

Download and flash the last version of RaspiOS lite. Plug, boot to command prompt.

Disable bluetooth and wifi

echo -e "dtoverlay=disable-wifi\ndtoverlay=disable-bt" | sudo tee -a /boot/config.txt 

Update Upgrade

sudo apt-get update
sudo apt-get upgrade -y

Install dependencies

sudo apt-get install --no-install-recommends git raspberrypi-kernel-headers dnsmasq iptables-persistent vnstat

Sixfab LTE hat

Install driver module

Make sure to do it with no hat connected

# OLD version : wget
sudo chmod +x
sudo ./

Install the auto-reconnect service

# OLD version : wget
sudo chmod +x
sudo ./

WWAN to ethernet

Fixed IP

Edit /etc/dhcpcd.conf and set your LAN settings by uncommenting and adapting lines 44 to 48 :

interface eth0
static ip_address=192.168.xx.1/24
static routers=192.168.xx.1
static domain_name_servers=192.168.xx.1

Remember to edit 192.168.xx.1 to a valid range.

DHCP server : dnsmasq

Edit /etc/dnsmasq.conf and set your dhcp server's address by adding:


Create /etc/dnsmasq.d/090_lan.conf :


# optionnal - add fixed lease
# dhcp-host=00:11:22:33:44:55,192.168.xx.xx

#DNS servers
# Use custom resolv.conf
# resolv-file=/path/to/custom/resolv.conf

Routing and IP masquerading

These steps allow clients on eth0 to access computers on the wwan0 network, and from there the internet. Begin by enabling IP forwarding with the following commands:

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/90_wwantolan.conf > /dev/null
sudo sysctl -p /etc/sysctl.d/90_wwantolan.conf
sudo /etc/init.d/procps restart

To enable traffic between clients on the LAN and the internet, we add two iptables network address translation (NAT) "masquerade" firewall rules. Create these rules and persist them with the following:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.xx.xx/24 ! -d 192.168.xx.xx/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4

192.168.xx.xx/24 should match the network range you set in your dhcpcd config.

Optionnal steps


Optionally, you may install OpenVPN, enabling openvpn-client service:

sudo apt-get install openvpn
sudo systemctl enable openvpn-client@client

Put your openvpn config and auth files in /etc/openvpn/client. After that, you can use :

sudo systemctl start openvpn-client@configfile.service

to use the VPN connection that corresponds to /etc/openvpn/client/configfile.

Ad blocking

Download the block list :

sudo wget -O /etc/dnsmasq.blacklist.txt

Add the following line to your dnsmasq.conf :


Use cronjob to update the list automatically

#write out current crontab
sudo crontab -l > mycron
#echo new cron into cron file
# run at 3am every sunday
echo "00 3 * * 7 wget -O /etc/dnsmasq.blacklist.txt" >> mycron
#install new cron file
sudo crontab mycron
rm mycron

One-liner public IP and Current month total data comsumption

Should be run on the Rpi. If you want to be able to run it from your station, you can put the following command in a bash script, set the execution bit on that, and run it via ssh; e.g : ssh foo@ltemodemIP /path/to/the/
In the following command, date +"%Y-%m-10" will result in the current year and month, followed by whatever value you put. You should edit the 10 to reflect the actual day of the month your data plan is reset to 0.

wget -O - -q ; echo && echo " | " && vnstat -i wwan0 -d --begin `date +"%Y-%m-10"` --end `date +"%Y-%m-10" -d "next month"` | tail -1 | awk '{print $(NF-2),$(NF-1)}'

Diagnosing commands

If you have some connectivity issues, you can access the LTE modem via serial and use various commands to check your connection.

You can find the full manual for Quectel EC25 at commands here : Quectel_EC25&EC21_AT_Commands_Manual_V1.3.pdf

You need a terminal software to connect to the LTE modem via serial. We'll use minicom.

# Install the software
sudo apt-get install -y minicom
# Connect to the modem
sudo minicom -b 115200 -D /dev/ttyUSB3

You should see something along the lines of

Welcome to minicom 2.8

Compiled on Jan  9 2021, 12:42:45.
Port /dev/ttyUSB0, 11:54:09

Press CTRL-A Z for help on special keys

When you're done in minicom you can exit by pressing CTRL+A then X, then hit Enter.

Checking signal quality

To check the signal quality (RSSI) type at+csq, then hit enter.
You'll get an answer looking like that :

+CSQ: 19,99

Checking you're using LTE

You can request informations on the network you're connected to in order to make sure you're using 4G/LTE and not 3G/HS*PA.
In order to do that, type at+qnwinfo, then hit enter.
You'll get an answer looking like that :

+QNWINFO: "FDD LTE","20601","LTE BAND 3",1300

Preventing the 'qmi_reconnect' systemd service from flooding the logs

The script provided by 6fab for the qmi_reconnect service is rather crude and it can flood the logs with error messages, especially when encountering a weak signal.

A work around is to redirect the script's outputs to /dev/null by doing the following :

sudo systemctl --edit --full qmi_reconnect.service

and replacing :


with :


You can also edit '/usr/src/' and add 2> /dev/null after the sudo ./quectel-CM -s XXX line.

If you were hit by the daemon already flooding your logs, you might have to remove 'daemon.log' and 'syslog' :

sudo rm /var/log/syslog /var/log/daemon.log
# restart syslog service to free used files
sudo systemctl restart rsyslog.service

After that, you check journald usage and free additional space is you want :

# Show disk usage
sudo journalctl --disk-usage
# Only keep 10MB worth of logs
sudo journalctl --vacuum-size=10M

Links and notes


Write a comment