├── README.md
├── files
├── busybox-armv7l
├── lighttpd.user
├── qcmap_httpd.service
├── qcmap_web_client.service
├── ttl-override
└── ttl-override.service
├── images
└── 5G_M.2_TO_RJ45-KIT_mini_V2.0.webp
└── reference
├── Quectel_RG50xQ&RM5xxQ_Series_AT_Commands_Manual_V1.2.pdf
└── Quectel_RG520N&RG52xF&RG530F&RM520N&RM530N_Series_AT_Commands_Manual_V1.0.0_Preliminary_20220812.pdf
/README.md:
--------------------------------------------------------------------------------
1 | Quectel RGMII Configuration Notes
2 | =================================
3 |
4 | Many of Quectel's modems support directly connecting to a PCIe Ethernet chipset. This is useful to use the cellular connection as a WAN interface - you can just plug the modem into the WAN port on your router, do a bit of configuration, and you're good to go. Performance is good, and the modem's onboard connection management often works better than the scripts many routers use to try to keep the connection up.
5 |
6 | Downsides are that it's more difficult to monitor the connection state, and, well, that's about it!
7 |
8 | > :warning: **WARNING**: This documentation is incomplete! I will try to get back to finish it up later; otherwise, pull requests are accepted!
9 |
10 | If you would like to support my work to document this, and help me purchase additional hardware for more hacking (without having to take one of my active modems down), you can click the link below. To be clear, please only do this if you actually want to; any future work I do will always be publicly available, and I'm not going to gate anything behind this! Well, unless you want remote support to set something up, I suppose.
11 |
12 | 
13 |
14 | # Table of Contents
15 | - [Quectel RGMII Configuration Notes](#quectel-rgmii-configuration-notes)
16 | - [Table of Contents](#table-of-contents)
17 | - [Hardware Recommendations](#hardware-recommendations)
18 | - [Known issues](#known-issues)
19 | - [Modem does not automatically connect at startup](#modem-does-not-automatically-connect-at-startup)
20 | - [Basic configuration](#basic-configuration)
21 | - [Additional notes](#additional-notes)
22 | - [AT over Ethernet](#at-over-ethernet)
23 | - [Enabling IP Passthrough](#enabling-ip-passthrough)
24 | - [QMAP Method](#qmap-method)
25 | - [RGMII Method](#rgmii-method)
26 | - [Specifying a custom APN](#specifying-a-custom-apn)
27 | - [Changing modem IP address with AT command](#changing-modem-ip-address-with-at-command)
28 | - [Advanced configuration](#advanced-configuration)
29 | - [Getting ADB Access](#getting-adb-access)
30 | - [Starting an FTP server](#starting-an-ftp-server)
31 | - [Changing modem IP address](#changing-modem-ip-address)
32 | - [TTL Modification](#ttl-modification)
33 | - [Installing TTL Override:](#installing-ttl-override)
34 | - [Removing TTL Override](#removing-ttl-override)
35 | - [Enable Qualcomm Webserver](#enable-qualcomm-webserver)
36 | - [Enable journald logging](#enable-journald-logging)
37 | - [Other interesting things to check over ADB](#other-interesting-things-to-check-over-adb)
38 | - [Making sure you're connected to the right modem](#making-sure-youre-connected-to-the-right-modem)
39 | - [AT Command Access from ADB](#at-command-access-from-adb)
40 |
41 | # Hardware Recommendations
42 |
43 | I've only used one adapter personally; it's sold on Aliexpress as "5G M.2 To RJ45", and can either be purchased as a bare board or as a kit including an enclosure, pigtails, and antennas (all of dubious quality.)
44 |
45 | The only labelling on the board is:
46 | ```5G M.2 TO RJ45-KIT mini V2.0```
47 | As this is Aliexpress, there is no guarantee that the board will be the same when purchased from other sellers, or even the same seller.
48 |
49 | 
50 |
51 | Here's the seller I purchased from:
52 | https://www.aliexpress.us/item/3256804672394777.html
53 |
54 | Note that the descriptions all say gigabit, but the board that I (and others) received actually has the RTL8125 ethernet chipset, and works at 2.5gbit. Woohoo!
55 |
56 | The kit I linked above does include a heatsink. However, the enclosure doesn't allow any airflow, so the modem gets quite hot; I am running mine without the top on, and it does fine. It's also quite difficult to get the pieces of the case separated for the first time; I ended up using a putty knife to gently pry it apart (but be sure to pull the SIM tray first.) The SIM slot uses a standard "Mini SIM", and the tray is a pain to eject; I have been using the putty knife to pull that open too.
57 |
58 | You can install a 12V fan using the "12V/GND" PINs between the barrel connector and the PCIe slot.
59 |
60 | Side note - this is the same adapter that is/was used in early versions of the Invisagig product sold by Wireless Haven. Their product comes ready to go, in a larger case, including a 12V fan and a SIM card extender to make the sim card easier to deal with. They embed a custom GUI in the RM520N, which makes configuration simpler, no need for a USB connection at all. It's expensive compared to DIY, but they also offer a warranty and support. If you're interested:
61 | https://thewirelesshaven.com/shop/modems-hotspots/invisagig/
62 |
63 | (If you are using an Invisagig, please don't do any of the stuff mentioned below. Use their UI, or ask for support instead. You're paying a premium to not have to deal with this.)
64 |
65 | # Known issues
66 |
67 | ## Modem does not automatically connect at startup
68 |
69 | This is an issue that I'm working with two people on, both with RM520's.. when you reboot the modem, it will start in CFUN=0 (minimal function) mode. To get it to connect, you need to issue `AT+CFUN=1`.
70 |
71 | If you are running into this, a quick and easy hack is to install the ttl mod, but uncomment the line in `ttl-override` (which gets pushed to `/etc/initscripts/ttl-override`):
72 |
73 | ```bash
74 | # If your modem is starting in CFUN=0 mode, uncomment this to pass CFUN=1 to it. Hack, but we'll still keep working to figure out what is causing it.
75 | # echo -e "AT+CFUN=1\r\n" > /dev/smd7
76 | ```
77 |
78 | Remove the `# ` from before the echo line.
79 |
80 | # Basic configuration
81 |
82 | It doesn't take much to get this going!
83 |
84 | ```
85 | AT+QCFG="data_interface",1,0
86 | AT+QCFG="pcie/mode",1
87 | AT+QETH="eth_driver","r8125",1
88 | AT+QMAPWAC=1
89 | ```
90 |
91 | What these commands do:
92 | * `AT+QCFG="data_interface"`: Configures network port/diag port communication via PCIe and USB. First parameter is for network communication; 0 is USB and 1 is PCIe. Second parameter is for diagnostics port; only option is 0 for USB.
93 | * `AT+QCFG="pcie/mode"`: 1 = RC (Root Complex), IE host. 0 = EP (Endpoint), for use in a device that has the RC
94 | * `AT+QETH="eth_driver","r8125",1`: This configures which ethernet driver to load at module boot. You can run `AT+QETH="eth_driver"` to get a list of options; I believe only one can be enabled. The first parameter is the name of the driver, and the second parameter is a bool to enable or disable.
95 |
96 | If you want to be able to send AT commands via Ethernet, you can also add:
97 | ```
98 | AT+QETH="eth_at","enable"
99 | ```
100 |
101 | This will enable an AT interface on port 1555. See below section [AT over Ethernet](#at-over-ethernet) for more details.
102 |
103 | ..and then reboot the module with `AT+CFUN=1,1`.
104 |
105 | ## Additional notes
106 |
107 | It looks like there are multiple ways to configure these modules. This is the most widely-referenced method I've seen referenced, including in Quectel's documentation for the M.2 EVB board. Similar methods of configuring this feature appear to be `AT+QETH="rgmii"` and various functions of `AT+QMAP`. If someone has a good understanding of which mode to use when, please open an issue or pull request!
108 |
109 | ## AT over Ethernet
110 |
111 | If you enabled AT over Ethernet, anyone behind the modem will be able to send whatever AT commands they want to it -- there is no authentication for the protocol. Just to warn ya.
112 |
113 | Their interface is not like the Netgear Nighthawk interface, where you can just telnet into the port and start issuing commands; they use a not-complex-but-not-telnet protocol. They don't have official docs on it, and just released a sample C application. I have a hacked-up Python script that is a bit easier to use, available at:
114 | https://github.com/natecarlson/quectel-rgmii-at-command-client
115 |
116 | ## Enabling IP Passthrough
117 |
118 | By default, the modem acts as a true NAT router for IPv4, and serves addresses via IPv6. The modem's IPv4 address is 192.168.225.1 - this can't be changed via AT commands (and Quectel doesn't officially support changing it), but it is possible - see Advanced below.
119 |
120 | In any case, if you want to pass through the IPv4 (and possibly IPv6? Not sure if the modem passes through the v6 address and lets you use the delegated subnet behind your router or not; I will have to test.) addresses that are assigned, you can!
121 |
122 | As with enabling ethernet mode to start with, it appears there are multiple ways to enable IP Passthrough.
123 |
124 | > :warning: **BE CAREFUL**: I haven't managed to get either of these methods to work properly in my testing yet. If you have, feel free to share!
125 |
126 | ### QMAP Method
127 |
128 | > :warning: **BE CAREFUL**: I haven't managed to get either of these methods to work properly in my testing yet. If you have, feel free to share!
129 |
130 | This is the method that is documented in the RM520N AT command manual that I have, so I've tested this method.
131 |
132 | To enable IP passthrough:
133 | ```
134 | at+qmap="mpdn_rule",0,1,1,1,1,"FF:FF:FF:FF:FF:FF"
135 | ```
136 |
137 | Parameters:
138 | * First = mPDN rule number, range 0-3 (unless you're doing something complicated, you'll use 0.)
139 | * Second = APN Profile ID (CGDCONT) to use. You'll probably want 1.
140 | * Third = IP Passthrough mode. 0 = disabled, 1 = enabled for ethernet, 2 = enabled for WiFi, 3 = enabled for USB-ECM/RNDIS. You'll probably want 1.
141 | * Fourth = autoconnect. Use 1.
142 | * Fifth = IPPT Mode. If set to 0, disabled? 1 or 2 make the next field the MAC address you want to pass through to. If you don't specify this, but have IPPT enabled, the first computer to connect will get the pass-through address, and any additional computers will get a private NAT'd IP.
143 | * Sixth = MAC address to pass through to. `FF:FF:FF:FF:FF:FF` will select the first host that gets a DHCP lease.
144 |
145 |
146 | ### RGMII Method
147 |
148 | > :warning: **BE CAREFUL**: I haven't managed to get either of these methods to work properly in my testing yet. If you have, feel free to share!
149 |
150 | If we were using `AT+QETH="rgmii"` to enable Ethernet mode, we'd probably want to use that for this too. Note that this mode is documented in the AT command guide for the older RM50x modules, and is not documented in the AT command guide for the RM520 modules - at least the versions of the manuals I have.
151 |
152 | If you want to go that route, you can try:
153 |
154 | ```
155 | AT+QETH="ipptmac",XX:XX:XX:XX:XX:XX
156 | AT+QETH="rgmii","ENABLE",1,1,1
157 | ```
158 | * AT+QETH="ipptmac", the first parameter, formatted as `XX:XX:XX:XX:XX:XX`, should be the MAC address of the device you want to receive the IP passthrough.
159 | * AT+QETH="rgmii":
160 | * First parameter is "ENABLE" or "DISABLE", to enable or disable RGMII mode.
161 | * Second parameter is the voltage to use for RGMII. `0`=1.8v and `1`=2.5v. I would recommend running `AT+QETH="rgmii"`, and get the current version from the first line it prints: `+QETH: "RGMII","DISABLE",1,-1` -- it's the '1' after the disable.
162 | * Third parameter is for IP Passthrough. `-1` = no data call, `0` = COMMON-RGMII (not passthrough), `1` = IP Passthrough-RGMII
163 | * Optional fourth parameter is if you want to specify a CGDCONT profile to use for this. `0` = not configured, `1` = configured.
164 | * Optional fifth parameter is the CGDCONT profile ID, 1-8.
165 |
166 | ## Specifying a custom APN
167 |
168 | If the modem doesn't automatically connect, it's likely that you need to manually configure the APN. It's done the same way that you configure the APN on the modem when using it via USB/etc.
169 |
170 | > :warning: **TODO**: Finish filling out this section!
171 |
172 | ## Changing modem IP address with AT command
173 |
174 | There are plenty of reasons that you might need to change the IP of the modem.. IE, you might have multiple modems connected to the same router for WAN load balancing or bonding, or it might conflict with your internal network IP ranges, or (other reasons.) On recent modems, Quectel does have a command to do this!
175 |
176 | The command is:
177 | ```
178 | AT+QMAP="LANIP",,,,
179 | AT+QMAP="LANIP",192.168.227.20,192.168.227.100,192.168.227.1,1
180 | ```
181 |
182 | The 'apply?' is if the router should apply the changes immediately, or wait until reboot.
183 |
184 | # Advanced configuration
185 |
186 | These modems are a full-fledged Linux router under the hood. Once you've got access, you can modify anything you want on the filesystem. It's pretty cool, and also kind of dangerous.. but neat. The access is via 'adb' - the same tool used to do fun stuff to Android phones.
187 |
188 | ## Getting ADB Access
189 |
190 | To get access, you need to get a key salt from the modem, get the result from Quectel, unlock the modem, and then enable ADB.
191 |
192 | To get the key, run the AT command "AT+QADBKEY?". The modem will reply with:
193 | ```
194 | AT+QADBKEY?
195 | +QADBKEY: 12345678
196 | OK
197 | ```
198 |
199 | You then can head over to the Quectel forums (https://forums.quectel.com/), create an account, and post asking for the key. There are also tools available on the great wide internet that will generate the key for previous modems.. but they don't quite work for RM5XX's; the result is a little bit too long.
200 |
201 | Once you have received the unlock key, you apply it like:
202 | ```
203 | AT+QADBKEY="0jXKXQwSwMxYoeg"
204 | ```
205 |
206 | Then, to actually enable ADB, run `AT+QCFG="usbcfg"`, take the output, change the second-to-last 0 to 1, and then send the new usbcfg string to the modem (do _NOT_ just copy/paste what's below; the USB VID/PID for your modem are very likely different):
207 |
208 | ```control
209 | AT+QCFG="usbcfg"
210 | +QCFG: "usbcfg",0x2C7C,0x0801,1,1,1,1,1,0,0 // Initial response
211 | AT+QCFG="usbcfg",0x2C7C,0x0801,1,1,1,1,1,1,0 // Enable ADB
212 | ```
213 |
214 | And reboot with `AT+CFUN=1,1` to actually apply.
215 |
216 | Once the modem is back online, you should be able to use ADB to manage the modem on the host connect to it with USB. Basic commands:
217 |
218 | - `adb shell` - root shell on the modem
219 | - `adb pull /path/to/file` - download a file from the modem
220 | - `adb push /path/to/file` - upload a file to the modem
221 |
222 | So far, I have been unsuccessful with my attempts to get ADB to listen on the ethernet interface. Warning - `adb tcp ` will crash both ADB and all the other serial ports expoised via USB until the modem is restarted.
223 |
224 | ## Starting an FTP server
225 |
226 | Once you have root access to the modem, if you want you can start a temporary FTP server to let you transfer files over the network instead of adb. It will run until you ctrl-c it. Be careful here, it allows full unauthenticated access to the filesystem to whoever can access any of the IPs (if you have a routed public IP, vi that too unless you add firewall rules!) You can change the IP to the modem's LAN address (192.168.225.1 by default) if you'd like.
227 |
228 | ```bash
229 | tcpsvd -vE 0.0.0.0 21 ftpd /
230 | ```
231 |
232 | When you connect via FTP, you can just leave the username and password blank.
233 |
234 | Note that the BusyBox binary on the modem is compiled without FTP write support. If you would like to enable write support, you can copy files/busybox-armv7l somewhere on the modem (anything under /usrdata is persistent; for this example I created /usrdata/bin), and call that binary instead, with a '-w' flag between ftpd and /; I would also recommend using the current busybox for tcpsvd. You'll also need to add '-A' to ftpd for anonymous access. Example command:
235 |
236 | ```bash
237 | /usrdata/bin/busybox-armv7l tcpsvd -xE 0.0.0.0 21 /usrdata/bin/busybox-armv7l ftpd -wA /
238 | ```
239 |
240 | ## Changing modem IP address
241 |
242 | **NOTE**: I am leaving this here for reference sake, but on modern modems, you can indeed change the IP with an AT command. Please reference: [Changing modem IP address with AT command
243 | ](#changing-modem-ip-address-with-at-command)
244 |
245 | There are plenty of reasons that you might need to change the IP of the modem.. IE, you might have multiple modems connected to the same router for WAN load balancing or bonding, or it might conflict with your internal network IP ranges, or (other reasons.) Unfortunately, Quectel doesn't officially support this, and there is no AT command to do so. However, it's not hard to do.
246 |
247 | Make sure you've gained ADB access as described above.
248 |
249 | WARNING: You're modifying files on the modem's root filesystem here. If you break it, you buy it, and can keep both pieces!
250 |
251 | 1. Log into the modem via `adb shell` (If you have multiple modems connected via USB that have ADB enabled, you can get a list of modems with `adb devices`, and connect to the one you want via `adb -s shell`)
252 | 2. Change to the `/etc` directory
253 | 3. Open `/etc/data/mobileap_cfg.xml` in an editor, and change each occurence of 192.168.225 to whatever you want - for mine, I just went to 192.168.226.
254 | 4. Exit ADB, and reboot the router with `AT+CFUN=1,1`
255 |
256 | Note that the 192.168.225.1 address is also referenced in `/etc/ql_nf_preload.conf`; I haven't modified that file and everything seems to work, but just so ya know.
257 |
258 | ## TTL Modification
259 |
260 | This is a Linux router using iptables - so you can add iptables rules to override the outgoing TTL. Certain cell plans may require this for various reasons.
261 |
262 | It's probably worth noting that this will also work for modems connected via a USB enclosure.. what this does is directly change the TTL/HL when packets leave the modem, so it really doesn't matter how it's connected to your network.
263 |
264 | Make sure you've gained ADB access as described above.
265 |
266 | WARNING: You're modifying files on the modem's root filesystem here. If you break it, you buy it, and can keep both pieces!
267 |
268 | Files:
269 | * `files/ttl-override`: A simple shell script to start/stop the TTL override. Set the desired TTL with the 'TTLVALUE=' at the top of the script; the default is 64, which will make all packets appear as coming from the modem itself.
270 | * `files/ttl-override.service`: A systemd service to start said script
271 |
272 | ### Installing TTL Override:
273 |
274 | * Mount the root filesystem read-write:
275 | ```
276 | adb shell mount -o remount,rw /
277 | ```
278 | * Push the files to the system:
279 | ```
280 | adb push ttl-override /etc/initscripts
281 | adb push ttl-override.service /lib/systemd/system
282 | ```
283 | * symlink the systemd unit, reload systemd, start the service, and remount root as ro again:
284 | ```
285 | adb shell chmod +x /etc/initscripts/ttl-override
286 | adb shell ln -s /lib/systemd/system/ttl-override.service /lib/systemd/system/multi-user.target.wants/
287 | adb shell systemctl daemon-reload
288 | adb shell systemctl start ttl-override
289 | adb shell mount -o remount,ro /
290 | ```
291 | * The TTL rules will already be active - but you can reboot the modem with `AT+CFUN=1,1` and verify that the rules are automatically added at startup.
292 | * After it comes back up, you can verify the TTL:
293 | ```
294 | $ adb shell iptables -t mangle -vnL | grep TTL
295 | 1720 107K TTL all -- * rmnet+ 0.0.0.0/0 0.0.0.0/0 TTL set to 64
296 | $ adb shell ip6tables -t mangle -vnL | grep HL
297 | 0 0 HL all * rmnet+ ::/0 ::/0 HL set to 64
298 | ```
299 |
300 | If you want to validate that it's working, you can use "adb shell", and run tcpdump on the network-side interface, specifying that interface's IP as the source (feel free to do that instead of pasting my long ugly string):
301 | ```
302 | / # tcpdump -s0 -v -n -i rmnet_data1 src `ip addr show dev rmnet_data1 | grep '^ inet ' | awk '{ print $2 }' | awk -F'/' '{ print $1 }'`
303 | tcpdump: listening on rmnet_data1, link-type LINUX_SLL (Linux cooked v1), capture size 65535 bytes
304 | 17:12:03.064808 IP (tos 0x0, ttl 64, id 55285, offset 0, flags [DF], proto ICMP (1), length 212)
305 | 10.200.255.210 > 8.8.4.4: ICMP echo request, id 16940, seq 2, length 192
306 | ```
307 |
308 | Note the "ttl 64" - it's working, yay! (The traffic needs to be coming from a host behind the modem for it to really count, which this was.)
309 |
310 | ### Removing TTL Override
311 |
312 | If, for some reason, you want to remove the TTL override, you would need to run:
313 | ```
314 | adb shell /etc/initscripts/ttl-override stop
315 | adb shell mount -o remount,rw /
316 | adb shell rm -v /etc/initscripts/ttl-override /lib/systemd/system/ttl-override.service /lib/systemd/system/multi-user.target.wants/ttl-override.service
317 | adb shell mount -o remount,ro /
318 | adb shell systemctl daemon-reload
319 | ```
320 | ..no need to reboot.
321 |
322 | ## Enable Qualcomm Webserver
323 |
324 | > :bowtie: This section was contributed by [GitHub user aesthernr](https://github.com/aesthernr). Thanks for the contribution!
325 |
326 | Qualcomm provides their OEMs with a tool called QCMAP, which is used to manage the WAN connection, modem IP configuration, etc. They also provide a simple web interface that is supposed to be able to manage some features of the modem. On RM500Q's, it was enable by default, but didn't actually work. The pieces for it are present on the RM520, and it does work, it just needs some work to enable it!
327 |
328 | - Mount the root filesystem read-write:
329 |
330 | ```bash
331 | adb shell mount -o remount,rw /
332 | ```
333 |
334 | - Push the files to the system:
335 |
336 | ```bash
337 | cd /path/to/quectel-rgmii-configuration-notes/files
338 | adb push qcmap_httpd.service /lib/systemd/system
339 | adb push qcmap_web_client.service /lib/systemd/system
340 | ```
341 |
342 | - Reset the username/password to admin/admin. You will be able to update this after first login.
343 |
344 | ```bash
345 | adb push lighttpd.user /data/www
346 | adb shell chmod www-data:www-data /data/www/lighttpd.user
347 | ```
348 |
349 | - Symlink the systemd unit, reload systemd, start the service, and remount root as ro again:
350 |
351 | ```bash
352 | adb shell chmod +x /etc/initscripts/start_qcmap_httpd
353 | adb shell chmod +x /etc/initscripts/start_qcmap_web_client_le
354 | adb shell ln -s /lib/systemd/system/qcmap_httpd.service /lib/systemd/system/multi-user.target.wants/
355 | adb shell ln -s /lib/systemd/system/qcmap_web_client.service /lib/systemd/system/multi-user.target.wants/
356 | adb shell systemctl daemon-reload
357 | adb shell systemctl start qcmap_httpd
358 | adb shell systemctl start qcmap_web_client
359 | adb shell mount -o remount,ro /
360 | ```
361 |
362 | - Open your Browser to [http://192.168.225.1/QCMAP.html](http://192.168.225.1/QCMAP.html) (replace the IP if necessary) - you can authenicate as admin/admin. It will prompt you to change your password after login. Note that WLAN settings will not do anything unless you have a supported wireless card connected via PCIe; that is out of scope for this document. It's also unknown if all the other functions will work as expected - however, a factory reset should wipe out all of these settings.
363 |
364 | ## Enable journald logging
365 |
366 | By default, journald is masked on the modem - IE, nothing systemd does will end up having persistent logs. To fix this, we need to manually modify files in the root filesystem, as /etc isn't available at the point this is started.
367 |
368 | Before enabling, I would recommend modifying /lib/systemd/journald.conf.d/00-systemd-conf.conf with some tweaks to prevent it from using lots of space:
369 |
370 | ```bash
371 | adb shell mount -o remount,rw /
372 | adb shell
373 | # vi /lib/systemd/journald.conf.d/00-systemd-conf.conf
374 | ###edit params as below, and then save changes, and exit the shell###
375 | adb shell mount -o remount,ro /
376 | ```
377 |
378 | The config file by default has:
379 |
380 | ```bash
381 | [Journal]
382 | ForwardToSyslog=yes
383 | RuntimeMaxUse=64M
384 | ```
385 |
386 | I would recommend:
387 |
388 | ```bash
389 | [Journal]
390 | ForwardToSyslog=no
391 | RuntimeMaxUse=16M
392 | Storage=volatile
393 | # Lots of spammy units, so limit the logging bursts.
394 | RateLimitIntervalSec=5m
395 | RateLimitBurst=100
396 | ```
397 |
398 | This disables forwarding to the syslog daemon (to avoid taking up space twice), forces runtime (RAM) storage, and limits it to 16mb. It also enables fairly aggressive rate limiting, so that apps like ipacm won't force constant rotation. (Each service gets its own rate limit.)
399 |
400 | Here's how to enable the service:
401 |
402 | ```bash
403 | adb shell mount -o remount,rw /
404 | adb shell rm /lib/systemd/system/sysinit.target.wants/systemd-journald.service /lib/systemd/system/sockets.target.wants/systemd-journald.socket /lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket
405 | adb shell ln -s /lib/systemd/system/systemd-journald.service /lib/systemd/system/sysinit.target.wants/systemd-journald.service
406 | adb shell ln -s /lib/systemd/system/systemd-journald.socket /lib/systemd/system/sockets.target.wants/systemd-journald.socket
407 | adb shell systemctl daemon-reload
408 | adb shell systemctl start systemd-journald.socket systemd-journald.service systemd-journald-dev-log.socket
409 | # Also, to avoid lots of junk about write perms on unit files.. if you push the systemd units from a windows box, you might need to clean this up more often!
410 | adb shell chmod 644 /lib/systemd/system/*.service /lib/systemd/system/*.socket /lib/systemd/system/*.conf
411 | adb shell chmod 644 /lib/systemd/system/dbus.service.d/dbus.conf /lib/systemd/system/systemrw.mount.d/systemrw.conf
412 | adb shell mount -o remount,ro /
413 | ```
414 |
415 | Then, we have to unmount the mounted /etc directory, and remove the underlying masking of journald. We'll need to reboot the system to get the real /etc back:
416 |
417 | ```bash
418 | adb shell umount -l /etc
419 | adb shell mount -o remount,rw /
420 | adb shell rm /etc/systemd/system/systemd-journald.service
421 | adb shell mount -o remount,ro /
422 | adb shell sync
423 | adb shell reboot -f
424 | ```
425 |
426 | If you also want to enable audit logs, also do the following as part of the above:
427 |
428 | ```bash
429 | adb shell rm /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket
430 | adb shell ln -s /lib/systemd/system/systemd-journald-audit.socket /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket
431 | ```
432 |
433 | I am leaving systemd-journal-flush disabled (masked), as we don't want to write the logging data to persistent storage. Well - if you do you can change the Storage to "persistent" in the config file, and also symlink the systemd-journal-flush to actually switch from volitile to persistent storage on bootup.
434 |
435 | ## Other interesting things to check over ADB
436 |
437 | ### Making sure you're connected to the right modem
438 |
439 | If you have multiple modems connected to one host, as I do, it can be hard to remember which serial number is which modem. There is a file in /etc that at least shows you the model number:
440 |
441 | ```
442 | / # cat /etc/quectel-project-version
443 | Project Name: RM520NGL_VC
444 | Project Rev : RM520NGLAAR01A07M4G_01.201
445 | Branch Name: SDX6X
446 | Custom Name: STD
447 | Package Time: 2023-03-14,09:49
448 | ```
449 |
450 | ### AT Command Access from ADB
451 |
452 | It appears that the following processes are used to expose the serial ports via USB:
453 | ```
454 | 155 root 0:00 /usr/bin/port_bridge at_mdm0 at_usb0 0
455 | 162 root 0:00 /usr/bin/port_bridge smd7 at_usb2 1
456 | ```
457 |
458 | The daemon for AT over Ethernet also interfaces with smd7:
459 | ```
460 | /tmp # fuser /dev/smd7
461 | 162 809
462 | /tmp # ps | grep -E '(162|809)'
463 | 162 root 0:00 /usr/bin/port_bridge smd7 at_usb2 1
464 | 809 root 28:22 /usr/bin/ql_nw_service
465 | 23314 root 0:00 grep -E (162|809)
466 | /tmp # lsof -p 809 2>/dev/null | grep -Ev '/usr/bin|/lib/|/dev/null|/$'
467 | COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
468 | ql_nw_ser 809 0 3u unix 0x00000000 0t0 18565 type=SEQPACKET
469 | ql_nw_ser 809 0 4u sock 0,8 0t0 18740 protocol: QIPCRTR
470 | ql_nw_ser 809 0 5r FIFO 0,11 0t0 18741 pipe
471 | ql_nw_ser 809 0 6w FIFO 0,11 0t0 18741 pipe
472 | ql_nw_ser 809 0 7u sock 0,8 0t0 18863 protocol: QIPCRTR
473 | ql_nw_ser 809 0 8r FIFO 0,11 0t0 18864 pipe
474 | ql_nw_ser 809 0 9w FIFO 0,11 0t0 18864 pipe
475 | ql_nw_ser 809 0 10u CHR 246,4 0t0 6291 /dev/smd7
476 | ql_nw_ser 809 0 11u IPv4 20353 0t0 TCP *:1555 (LISTEN)
477 | ql_nw_ser 809 0 12u a_inode 0,12 0 6222 [eventpoll]
478 | ```
479 |
480 | So, a simple way to send/receive commands.. open two adb shell sessions to the modem, in one, run `cat /dev/smd7`. In the other, you run the AT commands. Example:
481 |
482 | Listening shell:
483 | ```
484 | / # cat /dev/smd7
485 | AT
486 | OK
487 | ATI
488 | Quectel
489 | RM520N-GL
490 | Revision: RM520NGLAAR01A07M4G
491 |
492 | OK
493 | ```
494 |
495 | Command shell:
496 | ```
497 | /tmp # echo -e 'AT \r' > /dev/smd7
498 | /tmp # echo -e 'ATI \r' > /dev/smd7
499 | ```
500 |
501 | It appears that smd11 and at_mdm0 can also be used for this. On a default-ish modem, it appears that smd7 and at_mdm0 are both used by running daemons, so I picked smd11 for my AT daemon. There is a service called 'quectel-uart-smd.service', in it's unit file it disables the quectel_uart_smd, and says that smd11 is used by MCM_atcop_svc. However, I see no signs of that on the system.. so I think it's probably the safest to use.
502 |
--------------------------------------------------------------------------------
/files/busybox-armv7l:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natecarlson/quectel-rgmii-configuration-notes/d7f7840a76d5d9408c7fdd19e533b652bba84d91/files/busybox-armv7l
--------------------------------------------------------------------------------
/files/lighttpd.user:
--------------------------------------------------------------------------------
1 | admin:$6$28780376880137ae$sy2ToGy3NjYEPTfOPZT7/IMEr0MN9F6gZbrt6e0881usmBPFGAKy1sYGNNz6GMcfqcx2aRJn95qm/551AIqNk/
--------------------------------------------------------------------------------
/files/qcmap_httpd.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=QCMAP httpd service
3 | After=ql-netd.service
4 |
5 | [Service]
6 | ExecStart=httpd -f -h /WEBSERVER/www -p 80
7 | Restart=always
8 | RestartSec=1
9 |
10 | [Install]
11 | WantedBy=multi-user.target
12 |
--------------------------------------------------------------------------------
/files/qcmap_web_client.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=QCMAP Web Client service
3 | After=ql-netd.service
4 |
5 | [Service]
6 | ExecStart=/usr/bin/QCMAP_Web_CLIENT
7 | Restart=yes
8 | Restart=always
9 |
10 | [Install]
11 | WantedBy=multi-user.target
12 |
--------------------------------------------------------------------------------
/files/ttl-override:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 |
3 | set -e
4 |
5 | # What value to override the TTL to?
6 | TTLVALUE=64
7 |
8 | case "$1" in
9 | start)
10 | echo -n "Adding TTL override rules: "
11 | iptables -t mangle -I POSTROUTING -o rmnet+ -j TTL --ttl-set ${TTLVALUE}
12 | ip6tables -t mangle -I POSTROUTING -o rmnet+ -j HL --hl-set ${TTLVALUE}
13 |
14 | # If your modem is starting in CFUN=0 mode, uncomment this to pass CFUN=1 to it. Hack, but we'll still keep working to figure out what is causing it.
15 | # echo -e "AT+CFUN=1\r\n" > /dev/smd7
16 |
17 | echo "done"
18 | ;;
19 | stop)
20 | echo -n "Removing TTL override rules: "
21 | iptables -t mangle -D POSTROUTING -o rmnet+ -j TTL --ttl-set ${TTLVALUE} &>/dev/null || true
22 | ip6tables -t mangle -D POSTROUTING -o rmnet+ -j HL --hl-set ${TTLVALUE} &>/dev/null || true
23 | echo "done"
24 | ;;
25 | restart)
26 | $0 stop
27 | $0 start
28 | ;;
29 | *)
30 | echo "Usage ttl-override { start | stop | restart }" >&2
31 | exit 1
32 | ;;
33 | esac
34 |
35 | exit 0
36 |
--------------------------------------------------------------------------------
/files/ttl-override.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=TTL Override
3 | After=ql-netd.service
4 | DefaultDependencies=no
5 |
6 | [Service]
7 | Type=oneshot
8 | ExecStart=/etc/initscripts/ttl-override start
9 | User=root
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/images/5G_M.2_TO_RJ45-KIT_mini_V2.0.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natecarlson/quectel-rgmii-configuration-notes/d7f7840a76d5d9408c7fdd19e533b652bba84d91/images/5G_M.2_TO_RJ45-KIT_mini_V2.0.webp
--------------------------------------------------------------------------------
/reference/Quectel_RG50xQ&RM5xxQ_Series_AT_Commands_Manual_V1.2.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natecarlson/quectel-rgmii-configuration-notes/d7f7840a76d5d9408c7fdd19e533b652bba84d91/reference/Quectel_RG50xQ&RM5xxQ_Series_AT_Commands_Manual_V1.2.pdf
--------------------------------------------------------------------------------
/reference/Quectel_RG520N&RG52xF&RG530F&RM520N&RM530N_Series_AT_Commands_Manual_V1.0.0_Preliminary_20220812.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natecarlson/quectel-rgmii-configuration-notes/d7f7840a76d5d9408c7fdd19e533b652bba84d91/reference/Quectel_RG520N&RG52xF&RG530F&RM520N&RM530N_Series_AT_Commands_Manual_V1.0.0_Preliminary_20220812.pdf
--------------------------------------------------------------------------------