I have a Sierra Wireless EM7455 LTE modem in my VyOS box. I use the following configuration to enable the LTE modem:
interfaces {
wwan wwan0 {
address dhcp
address dhcpv6
apn telia
}
}
Using mmcli -m 0, I can see that ModemManager successfully connects to the mobile network.
# mmcli -m 0
--------------------------------
General | path: /org/freedesktop/ModemManager1/Modem/0
| device id: <REDACTED>
--------------------------------
Hardware | manufacturer: Sierra Wireless, Incorporated
| model: Sierra Wireless EM7455 Qualcomm Snapdragon X7 LTE-A
| firmware revision: SWI9X30C_02.39.00.00
| carrier config: default
| h/w revision: EM7455
| supported: gsm-umts, lte
| current: gsm-umts, lte
| equipment id: <REDACTED>
--------------------------------
System | device: /sys/devices/pci0000:00/0000:00:14.0/usb3/3-1
| drivers: qcserial, cdc_mbim
| plugin: sierra
| primary port: cdc-wdm0
| ports: cdc-wdm0 (mbim), ttyUSB0 (qcdm), ttyUSB2 (at), wwan0 (net)
--------------------------------
Status | lock: sim-pin2
| unlock retries: sim-pin2 (3)
| state: connected
| power state: on
| access tech: lte
| signal quality: 16% (cached)
--------------------------------
Modes | supported: allowed: 3g; preferred: none
| allowed: 4g; preferred: none
| allowed: 3g, 4g; preferred: 4g
| allowed: 3g, 4g; preferred: 3g
| current: allowed: 3g, 4g; preferred: 4g
--------------------------------
Bands | supported: utran-1, utran-3, utran-4, utran-5, utran-8, utran-2,
| eutran-1, eutran-2, eutran-3, eutran-4, eutran-5, eutran-7, eutran-8,
| eutran-12, eutran-13, eutran-20, eutran-25, eutran-26, eutran-41
| current: utran-1, utran-3, utran-4, utran-5, utran-8, utran-2,
| eutran-1, eutran-2, eutran-3, eutran-4, eutran-5, eutran-7, eutran-8,
| eutran-12, eutran-13, eutran-20, eutran-25, eutran-26, eutran-41
--------------------------------
IP | supported: ipv4, ipv6, ipv4v6
--------------------------------
3GPP | imei: <REDACTED>
| enabled locks: fixed-dialing
| operator id: 24202
| operator name: Telia N
| registration: home
| packet service state: attached
--------------------------------
3GPP EPS | ue mode of operation: csps-2
--------------------------------
SIM | primary sim path: /org/freedesktop/ModemManager1/SIM/0
| sim slot paths: slot 1: /org/freedesktop/ModemManager1/SIM/0 (active)
| slot 2: none
--------------------------------
Bearer | paths: /org/freedesktop/ModemManager1/Bearer/0
I can also see that the ModemManager bearer has both IPv4 and IPv6 address:
# mmcli -b 0
------------------------------------
General | path: /org/freedesktop/ModemManager1/Bearer/0
| type: default
------------------------------------
Status | connected: yes
| suspended: no
| multiplexed: no
| interface: wwan0
| ip timeout: 20
------------------------------------
Properties | apn: telia
| roaming: allowed
| ip type: ipv4v6
------------------------------------
IPv4 configuration | method: static
| address: 100.x.x.x
| prefix: 28
| gateway: 100.x.x.x
| dns: 89.9.255.24, 89.9.255.25
| mtu: 1500
------------------------------------
IPv6 configuration | method: static
| address: 2001:x::x
| prefix: 64
| gateway: 2001:x::x
| dns: 2001:2020:82ff:8006::1, 2001:2020:82ff:8007::1
| mtu: 1500
------------------------------------
Statistics | start date: 2026-05-25T12:34:00Z
| duration: 270
| uplink-speed: 50000000
| downlink-speed: 300000000
| attempts: 1
| total-duration: 270
The problem is that the VyOS wwan0 interface does not get an IP address at all:
# ip addr
6: wwan0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1430 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 6e:37:a9:d0:70:1d brd ff:ff:ff:ff:ff:ff
inet6 fe80::6c37:a9ff:fed0:701d/64 scope link
valid_lft forever preferred_lft forever
I found the following VyOS forum post: Wwan not getting an IP on vuos 1.5 - #2 by tjjh89017
If the bearer shows “static method”, VyOS doesn’t support this currently.
I can see in my bearer configuration that I get method: static. So I guess I am out of luck on automatic VyOS configuration of this modem. Keep in mind that I have not configured this static stuff. It comes from my mobile ISP. I do not know why it uses a static configuration instead of DHCP or PPPoE.
What would be the recommended way to configure this modem such that I get a working WWAN connection? I can run mmcli -m 0 --simple-connect “apn=telia,ip-type=ipv4v6” to start the ModemManager connection, but I do not know how to further integrate that connection into VyOS (IP address, routing, failover, etc.).
I have attempted to write a Python script that pulls information from mmcli and runs a few ip address add x.x.x.x dev wwan0 commands. That sets IP addresses on the wwan0 interface, but it feels like a very hacky way to do this. And it would be a nightmare to handle IP address changes and other state changes. I guess I am basically reinventing NetworkManager here… And I have zero experience with configuring routing stuff. Is there a better way to do this with VyOS commands?
Another small snag is also that VyOS seems unable to find the wwan0 interface during boot after a restart, so it automatically removes it from the configuration. If I re-add it to the configuration after boot it finds it again. I guess the modem might not have booted yet. Is there a good way to make VyOS wait for the modem to become available?
Sanitized VyOS configuration:
firewall {
group {
interface-group WAN {
interface "eth0"
interface "wwan0"
}
}
ipv4 {
name LAN-LOCAL {
default-action "accept"
}
name LAN-WAN {
default-action "accept"
rule 6 {
action "drop"
state "invalid"
}
}
name LOCAL-LAN {
default-action "accept"
}
name LOCAL-WAN {
default-action "accept"
}
name WAN-LAN {
default-action "drop"
rule 5 {
action "accept"
description "Allow Established/Related traffic from WAN to LAN"
state "established"
state "related"
}
rule 6 {
action "drop"
state "invalid"
}
rule 10 {
action "accept"
connection-status {
nat "destination"
}
description "Allow all destination NAT (DNAT) port forwarding connections."
}
rule 20 {
action "accept"
protocol "icmp"
}
}
name WAN-LOCAL {
default-action "drop"
rule 5 {
action "accept"
description "Allow Established/Related traffic to LOCAL from WAN."
state "established"
state "related"
}
rule 6 {
action "drop"
state "invalid"
}
rule 10 {
action "accept"
connection-status {
nat "destination"
}
description "Allow all estination NAT (DNAT) port forwarding connections."
}
rule 20 {
action "accept"
protocol "icmp"
}
}
}
ipv6 {
name LAN-LOCAL {
default-action "accept"
}
name LAN-WAN {
default-action "accept"
rule 6 {
action "drop"
state "invalid"
}
}
name LOCAL-LAN {
default-action "accept"
}
name LOCAL-WAN {
default-action "accept"
}
name WAN-LAN {
default-action "drop"
rule 5 {
action "accept"
state "established"
state "related"
}
rule 6 {
action "drop"
state "invalid"
}
rule 20 {
action "accept"
protocol "ipv6-icmp"
}
}
name WAN-LOCAL {
default-action "drop"
rule 5 {
action "accept"
state "established"
state "related"
}
rule 6 {
action "drop"
state "invalid"
}
rule 20 {
action "accept"
protocol "ipv6-icmp"
}
rule 30 {
action "accept"
description "Allow DHCPv6 configuration"
destination {
port "546"
}
protocol "udp"
source {
port "547"
}
}
}
}
zone LAN {
default-action "drop"
description "Zone for LAN"
from LOCAL {
firewall {
ipv6-name "LOCAL-LAN"
name "LOCAL-LAN"
}
}
from WAN {
firewall {
ipv6-name "WAN-LAN"
name "WAN-LAN"
}
}
member {
interface "eth1"
interface "wg1"
}
}
zone LOCAL {
default-action "drop"
description "Zone for LOCAL (router-internal)"
from LAN {
firewall {
ipv6-name "LAN-LOCAL"
name "LAN-LOCAL"
}
}
from WAN {
firewall {
ipv6-name "WAN-LOCAL"
name "WAN-LOCAL"
}
}
local-zone
}
zone WAN {
default-action "drop"
description "Zone for WAN (big internet)"
from LAN {
firewall {
ipv6-name "LAN-WAN"
name "LAN-WAN"
}
}
from LOCAL {
firewall {
ipv6-name "LOCAL-WAN"
name "LOCAL-WAN"
}
}
member {
interface "eth0"
interface "wwan0"
}
}
}
interfaces {
ethernet eth0 {
address "dhcp"
address "dhcpv6"
description "WAN"
dhcp-options {
default-route-distance "10"
}
dhcpv6-options {
pd 0 {
interface eth1 {
address "1"
sla-id "16"
}
length "48"
}
}
hw-id "00:d0:b4:05:c5:90"
ipv6 {
address {
autoconf
}
}
mac "fc:ec:da:43:fd:b8"
offload {
gro
gso
sg
tso
}
}
ethernet eth1 {
address "192.168.10.1/24"
address "fd00:10::1/64"
description "LAN"
hw-id "00:d0:b4:05:c5:91"
ipv6 {
address {
autoconf
}
}
offload {
gro
gso
sg
tso
}
}
loopback lo {
}
wwan wwan0 {
address "dhcp"
address "dhcpv6"
apn "telia"
}
}
nat {
source {
rule 100 {
description "NAT of regular LAN traffic to WAN."
outbound-interface {
group "WAN"
}
source {
address "192.168.10.0/24"
}
translation {
address "masquerade"
}
}
}
}
service {
dhcp-server {
hostfile-update
shared-network-name LAN {
authoritative
option {
domain-name "home.arpa"
domain-search "home.arpa"
name-server "192.168.10.1"
}
subnet 192.168.10.0/23 {
lease "86400"
option {
bootfile-name "netboot.xyz-snponly.efi"
bootfile-server "192.168.10.10"
default-router "192.168.10.1"
tftp-server-name "192.168.10.10"
}
range 0 {
start "192.168.10.64"
stop "192.168.10.250"
}
subnet-id "1"
}
}
}
dns {
forwarding {
allow-from "192.168.10.0/24"
allow-from "10.2.0.0/24"
allow-from "fd00:10::/64"
listen-address "192.168.10.1"
listen-address "10.2.0.1"
listen-address "fd00:10::1"
system
}
}
ntp {
allow-client {
address "127.0.0.0/8"
address "169.254.0.0/16"
address "10.0.0.0/8"
address "172.16.0.0/12"
address "192.168.0.0/16"
address "::1/128"
address "fe80::/10"
address "fc00::/7"
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
router-advert {
interface eth1 {
dnssl "home.arpa"
name-server "fd00:10::1"
prefix ::/64 {
}
prefix fd00:10::/64 {
}
}
}
}
system {
domain-name "home.arpa"
host-name "vyos-router"
name-server "1.1.1.1"
name-server "8.8.8.8"
name-server "2606:4700:4700::1111"
name-server "2001:4860:4860::8888"
option {
kernel {
disable-mitigations
}
keyboard-layout "no"
reboot-on-upgrade-failure "5"
startup-beep
}
syslog {
local {
facility all {
level "info"
}
facility local7 {
level "debug"
}
}
}
time-zone "Europe/Oslo"
}
