💾 Archived View for axionfield.space › gemlog › 20220830-librem5-wireguard-and-mms.gmi captured on 2023-09-08 at 15:51:49. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
I have a Librem 5 phone, running PureOS. It's always connected to my home VPN
using Wireguard. Everything works smooth and dandy but there's a problem. I
route all the traffic to my VPN and uses my own DNS server.
In that configuration, it is impossible to receive an MMS from T-Mobile because
the needed servers are on a private subnet that is only accessible through the
mobile interface. Also they have moving IPs and can only be resolved from that
interface.
So I went on finding a solution to work around this problem. Wireguard uses a
firewall mark and a special routing table to handle the "redirect all traffic"
feature. The trick is to make certain part of the traffic directly use the main
routing table.
The solution can be reduced to basically:
- Find the needed servers;
- Write a script to modfy the hostfile and the routing policy;
- Plug this in NetworkManager so it can call it based on the WireGuard status;
This is the tedious part. In order to get all of them, I first disconnected from
the VPN, then asked someone to send me some MMS. Reading the mmsd-tng daemon
logs (journalctl --user -fu mmsd-tng), I was able to find the following needed
servers:
10.177.0.34 (DNS)
mms.msg.eng.t-mobile.com (mms gateway)
mp.t-mobile.com (?)
me.t-mobile.com (?)
mt.t-mobile.com (?)
Once you have confirmed the used servers and you confirmed you can receive MMS,
time to script something up.
In order to be sure I would not use outdated IPs, I wrote a little script to
do all the work.
Let's create that file in /usr/local/bin/wgmms.sh:
#!/bin/bash DNS=10.177.0.34 HOSTS=( mms.msg.eng.t-mobile.com mp.t-mobile.com me.t-mobile.com mt.t-mobile.com ) function resolve() { dig $1 @$DNS +short | grep --line-buffered -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep --line-buffered -v "$DNS" } function remove_host() { hname=$1 if [ -n "$(grep $hname /etc/hosts)" ]; then sed -i".bak" "/$hname/d" /etc/hosts fi } function add_host() { ip=$1; hname=$2 if [ -z "$(grep $hname /etc/hosts)" ]; then echo "$ip $hname" >> /etc/hosts fi } for host in ${HOSTS[@]}; do remove_host $host done ip rule del pref 30 while [ $? -eq 0]; do ip rule del pref 30 done [[ $1 == "clean" ]] && exit 0 ip rule add from all to $DNS lookup main pref 30 for host in ${HOSTS[@]}; do ip=$(resolve $host) add_host $ip $host ip rule add from all to $ip lookup main pref 30 done
Now change the owner and mode:
chmod 755 /usr/local/bin/wgmms.sh chown root:root /usr/local/bin/wgmms.sh
It's important that this file is owned by root for security reasons as it will
get called by NetworkManager and you don't want a random account to be able to
change it.
Last thing to do is to make NetworkManager use this script when the wireguard
interface gets activated or deactivated.
To do so, just add a script in /etc/NetworkManager/dispatcher.d/99-wgmms:
#!/bin/bash iface=$1 event=$2 [[ $iface != "wg0" ]] && exit 0 case $event in up) /usr/local/bin/wgmms.sh ;; down) /usr/local/bin/wgmms.sh clean ;; esac
Change owner and mode:
chmod 755 /etc/NetworkManager/dispatcher.d/99-wgmms chown root:root /etc/NetworkManager/dispatcher.d/99-wgmms
Again, this is very important to chown to root. NetworkManager will simply
ignore the script if it's not owned by root.
Activate your wireguard connection and then check the host file:
$ cat /etc/hosts 127.0.0.1 librem-5 localhost 10.168.127.18 mms.msg.eng.t-mobile.com 10.175.198.137 mp.t-mobile.com 10.168.121.87 me.t-mobile.com
And check the rules:
$ ip rule list 0: from all lookup local 30: from all to 10.177.0.34 lookup main 30: from all to 10.168.127.18 lookup main 30: from all to 10.175.198.137 lookup main 30: from all to 10.168.121.87 lookup main 31296: from all lookup main suppress_prefixlength 0 31297: not from all fwmark 0xcbb8 lookup 52152 32766: from all lookup main 32767: from all lookup default
MMS should work. If you disable the wireguard interface, everything should be
cleaned up.
Enjoy.