I'm not sure if this is the right place for this, but I'm going to ask anyway and hope for some direction.
I've been trying to find a way to use my unlocked/rooted moto g osprey on metro pcs as a USB modem for my pi3 that is acting as a wireless AP. I started with these two guides:
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
and
https://pimylifeup.com/raspberry-pi-wireless-access-point/
They didn't work. So I did some digging and modified a few of the steps to this:
# Add usb0 to /etc/network/interfaces
sudo nano /etc/network/interfaces
# Add
allow-hotplug usb0
iface usb0 inet dhcp
# Install openvpn
sudo apt-get install openvpn
# Using PIA
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip -d openvpn
# Copy certs
sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/
sudo cp openvpn/US New York.ovpn /etc/openvpn/US.conf
# Create login file
sudo nano /etc/openvpn/login
username
password
# Point config to right location
sudo nano /etc/openvpn/US.conf
# Change:
auth-user-pass
to
auth-user-pass /etc/openvpn/login
# Change:
ca ca.rsa.2048.crt
to
ca /etc/openvpn/ca.rsa.2048.crt
# Change:
crl-verify crl.rsa.2048.pem
to
crl-verify /etc/openvpn/crl.rsa.2048.pem
# Reboot
sudo reboot
# Test VPN
sudo openvpn --config /etc/openvpn/US.conf
# Ctrl+C to exit
# Enable at boot
sudo systemctl enable openvpn@US
# Enable forwarading
sudo nano /etc/sysctl.conf
# Uncomment
net.ipv4.ip_forward=1
# Enable service
sudo sysctl -p
# Edit IPTables rules(paste commands into command line)
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT
sudo iptables -I INPUT -i usb0 -m comment --comment "In from LAN" -j ACCEPT
sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT
sudo iptables -A OUTPUT -o usb0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o usb0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT
sudo iptables -A OUTPUT -o usb0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i usb0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
# Make IPTables rules persistent
sudo apt-gt install iptables-persistent
# Answer yes to both questions
# Apply everything to startup
sudo systemctl enable netfilter-persistent
# Install packages to turn pi3 into hotspot
sudo apt-get install hostapd
sudo apt-get install dnsmasq
# Stop anything else from using wlan0
sudo nano /etc/dhcpcd.conf
#Add to bottom of file, but above any other interfaces in file
denyinterfaces wlan0
# Configure static ip
sudo nano /etc/network/interfaces
#Change wlan0 entry to:
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Restart dhcpd
sudo service dhcpcd restart
sudo ifdown wlan0; sudo ifup wlan0
# Configure hostapd(ssid and wpa_passphrase can be whatever you want)
sudo nano /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
# Use WPA2
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
# This is the name of the network
ssid=Pi3-AP
# The network passphrase
wpa_passphrase=raspberry
# Tell hostapd where to find config
sudo nano /etc/default/hostapd
# Change
#DAEMON_CONF=""
to
DAEMON_CONF="/etc/hostapd/hostapd.conf"
# Again tell hostapd where to find config
sudo nano /etc/init.d/hostapd
# Change
DAEMON_CONF=
to
DAEMON_CONF=/etc/hostapd/hostapd.conf
# Backup dnsmasq.conf
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
# Create new dnsmasq.conf
sudo nano /etc/dnsmasq.conf
# Add
interface=wlan0 # Use interface wlan0
listen-address=192.168.220.1 # Specify the address to listen on
bind-interfaces # Bind to the interface
server=8.8.8.8 # Use Google DNS
domain-needed # Don't forward short names
-priv # Drop the non-routed address spaces.
dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time
# Activate forwarding
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
# More IPTables rules(paste into command line)
sudo iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
sudo iptables -A FORWARD -i usb0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o usb0 -j ACCEPT
# Save new rules
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
# Load rules at boot
sudo nano /etc/rc/local
# Find "exit 0" at bottom of file and above that line add
iptables-restore < /etc/iptables.ipv4.nat
# Start services
sudo service hostapd start
sudo service dnsmasq start
# Reboot
sudo reboot
It still doesn't work. I end up not being able to load the page or getting redirected to a metropcs.com page telling me that my plan doesn't support tethering. I have everything working using my phone as a wifi hotspot, firing up openvpn connect, and then using vpn tether from the google playstore, but my DNS leaks and I end up going through tmobile DNS servers rather than my VPNs. The phone as a hotspot does what I need it to, but I've spent so much time trying to get the pi to do what I want that I don't want to give up.