来源 https://github.com/iamromulan/cellular-modem-wiki
Over the course of poking and prodding, many things were discovered. This will serve as a place to preserve that knowledge.
So, a simple way to send/receive commands.. open two adb shell sessions to the modem, in one, run cat /dev/smd7. In the other, you run the AT commands. Example:
Listening shell:
/ # cat /dev/smd11
AT
OK
ATI
Quectel
RM520N-GL
Revision: RM520NGLAAR01A07M4G
OK
Command shell:
/tmp # echo -e 'AT \r' > /dev/smd11
/tmp # echo -e 'ATI \r' > /dev/smd11
See the diagram for more info on this:
As you can see in the diagram above, 2 serial ports are exposed to the host over USB. Both can be used to send AT commands. The smd11 device is not linked to anything by default, and is meant for use with the API included in their QuecOpen SDK.
If you want to turn on IP passthrough where the IP address assigned form the cell carrier passes to what connects to the ethernet port, you can! The LAN IP addresses including the gateway are still accessible even while IPPT (IP Passthrough) is enabled.
There are 3 stages of IP Passthrough:
This method is not technically a true IP Passthrough, however it effectively gets rid of the double NAT as well. Basically what you are doing here is limiting your DHCP to assign only 1 IP address and then setting that as the DMZ, effectivity port forwarding every port to that internal IP.
AT+QMAP="LAN",192.168.225.2
AT+QMAP="DMZ",1,4,192.168.225.2
AT+CFUN=1,1 (reboot)
If the "LAN" command doesn't work then use "LANIP" to define the start range, end range, gateway,1 Make start and end range the same
This is the method that is documented on page 231 of the 2023-07-31 AT Manual
AT+QMAP="MPDN_rule",0,1,0,1,1,"FF:FF:FF:FF:FF:FF"
As soon as you send this command the Ethernet port should shut off for a second or 2 then come back up with IPV4 passthrough. Note: IPV6 assigns sometimes too? Was it just the DHCP IPV6? I'll look into this.
AT+QMAP="VLAN" to find out what it should be.FF:FF:FF:FF:FF:FF will pass the IP to the last connected ethernet device. ”00:00:00:00:00:00” will pass only to the first connected ethernet device. You can also specify a custom mac address instead.Turns the IPV4 DNS proxy on and off so the DNS from the carrier will passthrough as well. So... Internally there's a DNS server/proxy for setting the domain name by AT command and having it actually work. There's a way by adb shell/ssh shell to set a DNS override yourself to nameservers of your own. Tailscale does this on its own which I will talk about later.
AT+QMAP="DHCPV4DNS","disable"
AT+QMAP="MPDN_rule",0 (Ethernet port will shutoff and come back up)
AT+QMAPWAC=1 (if not in ECM mode)
AT+CFUN=1,1 (reboot)(optional)
OR
flash firmware
By default, the modem acts as a true NAT router for IPv4, and serves addresses via IPv6. The modem's IPv4 address is 192.168.225.1 - this CAN be changed via AT commands See page 228: AT+QMAP="LANIP"
There are plenty of reasons that you might need to change the IP of the modem.. IE, you might have multiple modems connected to the same router for WAN load balancing or bonding, or it might conflict with your internal network IP ranges, or (other reasons.) On recent firmware revisions a command can do this!
The command is:
AT+QMAP="LANIP",<dhcp-start>,<dhcp-end>,<router-ip>,<apply?>
AT+QMAP="LANIP",192.168.227.20,192.168.227.100,192.168.227.1,1
The 'apply?' is if the router should apply the changes immediately, or wait until reboot. 1 is yes 0 is no.
This is mostly useful for the RM521F-FL as it's firmware was never fully completed. I plan to experiment with using the sysfs.ubi from the RM520N-GL firmware when I have time to see if things are fixed.
There are plenty of reasons that you might need to change the IP of the modem.. IE, you might have multiple modems connected to the same router for WAN load balancing or bonding, or it might conflict with your internal network IP ranges, or (other reasons.) Unfortunately, Quectel doesn't officially support this, and there is no AT command to do so. However, it's not hard to do.
Make sure you've gained ADB access as described above.
adb shell (If you have multiple modems connected via USB that have ADB enabled, you can get a list of modems with adb devices, and connect to the one you want via adb -s <number> shell)/etc directory/etc/data/mobileap_cfg.xml in an editor, and change each occurrence of 192.168.225 to whatever you want - for mine, I just went to 192.168.226.AT+CFUN=1,1Note that the 192.168.225.1 address is also referenced in /etc/ql_nf_preload.conf; I haven't modified that file and everything seems to work, but just so ya know.
⚠️ Do not use this and Simpleadmin. Use either one or the other
This section was contributed by GitHub user aesthernr. Thanks for the contribution!
This is more of an honorable mention if you are curious. The QCMAP Web UI does not work quite right.
Qualcomm provides their OEMs with a tool called QCMAP, which is used to manage the WAN connection, modem IP configuration, etc. They also provide a simple web interface that is supposed to be able to manage some features of the modem. On RM500Q's, it was enable by default, but didn't actually work. The pieces for it are present on the RM520, and it does work, it just needs some work to enable it!
adb shell mount -o remount,rw /
cd /path/to/quectel-rgmii-configuration-notes/files
adb push qcmap_httpd.service /lib/systemd/system
adb push qcmap_web_client.service /lib/systemd/system
adb push lighttpd.user /data/www adb shell chown www-data:www-data /data/www/lighttpd.user
adb shell chmod +x /etc/initscripts/start_qcmap_httpd adb shell chmod +x /etc/initscripts/start_qcmap_web_client_le adb shell ln -s /lib/systemd/system/qcmap_httpd.service /lib/systemd/system/multi-user.target.wants/ adb shell ln -s /lib/systemd/system/qcmap_web_client.service /lib/systemd/system/multi-user.target.wants/ adb shell systemctl daemon-reload adb shell systemctl start qcmap_httpd adb shell systemctl start qcmap_web_client adb shell mount -o remount,ro /
By default, journald is masked on the modem - IE, nothing systemd does will end up having persistent logs. To fix this, we need to manually modify files in the root filesystem, as /etc isn't available at the point this is started.
Before enabling, I would recommend modifying /lib/systemd/journald.conf.d/00-systemd-conf.conf with some tweaks to prevent it from using lots of space:
adb shell mount -o remount,rw /
adb shell
# vi /lib/systemd/journald.conf.d/00-systemd-conf.conf
###edit params as below, and then save changes, and exit the shell###
adb shell mount -o remount,ro /
The config file by default has:
[Journal] ForwardToSyslog=yes RuntimeMaxUse=64M
I would recommend:
[Journal]
ForwardToSyslog=no
RuntimeMaxUse=16M
Storage=volatile
# Lots of spammy units, so limit the logging bursts.
RateLimitIntervalSec=5m
RateLimitBurst=100
This disables forwarding to the syslog daemon (to avoid taking up space twice), forces runtime (RAM) storage, and limits it to 16mb. It also enables fairly aggressive rate limiting, so that apps like ipacm won't force constant rotation. (Each service gets its own rate limit.)
Here's how to enable the service:
adb shell mount -o remount,rw /
adb shell rm /lib/systemd/system/sysinit.target.wants/systemd-journald.service /lib/systemd/system/sockets.target.wants/systemd-journald.socket /lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket
adb shell ln -s /lib/systemd/system/systemd-journald.service /lib/systemd/system/sysinit.target.wants/systemd-journald.service
adb shell ln -s /lib/systemd/system/systemd-journald.socket /lib/systemd/system/sockets.target.wants/systemd-journald.socket
adb shell systemctl daemon-reload
adb shell systemctl start systemd-journald.socket systemd-journald.service systemd-journald-dev-log.socket
# Also, to avoid lots of junk about write perms on unit files.. if you push the systemd units from a windows box, you might need to clean this up more often!
adb shell chmod 644 /lib/systemd/system/*.service /lib/systemd/system/*.socket /lib/systemd/system/*.conf
adb shell chmod 644 /lib/systemd/system/dbus.service.d/dbus.conf /lib/systemd/system/systemrw.mount.d/systemrw.conf
adb shell mount -o remount,ro /
Then, we have to unmount the mounted /etc directory, and remove the underlying masking of journald. We'll need to reboot the system to get the real /etc back:
adb shell umount -l /etc adb shell mount -o remount,rw / adb shell rm /etc/systemd/system/systemd-journald.service adb shell mount -o remount,ro / adb shell sync adb shell reboot -f
If you also want to enable audit logs, also do the following as part of the above:
adb shell rm /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket adb shell ln -s /lib/systemd/system/systemd-journald-audit.socket /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket
I am leaving systemd-journal-flush disabled (masked), as we don't want to write the logging data to persistent storage. Well - if you do you can change the Storage to "persistent" in the config file, and also symlink the systemd-journal-flush to actually switch from volitile to persistent storage on bootup.
Typically when you flash firmware the normal method you use Qflash and select the DM port. When you click start, Qflash tells the DM port (Diagnostics port) to reboot into EDL mode. When the module comes back up only one port will exist: The QDLoader port. This means the modem has entered EDL mode. Qflash will then proceed to flash.
It is also possible to enter EDL mode by using adb. The command is: adb reboot edl
However, if you have nothing showing up at all (the modem won't boot) then this is the manual way to enter EDL mode:
Find a m.2 board where the slot is on the edge. That way you can see the back of the module. For this example, I will use the Rework.Network Ethernet M.2 Board
It is also possible to take a regular M.2 to USB adapter and cut the board so the back of the modem will be visible. This is dependent on the circuity layout of the particular m.2 to USB adapter board.
Place the modem in the board and turn it upside down on a static free surface, and connect the USB cable to the board. Be prepared to connect it to you PC but don't do it yet.
For the RM500-RM530 series modems, you'll need a small wire or cable tie. I ended up striping the ends off a cable tie. See below.....
Open Device manager on your PC and keep and eye on the ports section. Using the tool from step 3, trip the 2 contacts on the back of the modem at the same time as plugging the USB to your PC. If you are successful, the QDLoader port should instantly appear. You do not need to keep the 2 contacts on the back tripped after you plug it in and see the QDLoader port. If the QDLoader port doesn't show up within 3 seconds, unplug the USB and try again.
For the RM500-RM530 modems these are the correct ports to jump:
Here is how I did it. Remember plug the USB in at the same time as doing this: 
At this point you should see the QDLoader port in device manager:
Follow the steps from the normal method and treat the QDLoader port as the DM port.
Many of Quectel's modems support directly connecting to a PCIe Ethernet chipset. This is useful to use the cellular connection as a WAN interface - you can just plug the modem into the WAN port on your router, do a bit of configuration, and you're good to go. Performance is good, and the modem's onboard connection management often works better than the scripts many routers use to try to keep the connection up.
This guide is written for the following modems:
RM520N-GL RM530N-GL (untested) RM521F-GL In theory any Quectel SDXLEMUR system utilized in an AP mode
Essentially what we are doing is placing the modem in PCIe Root Complex mode so it can utilize an ethernet chipset via PCIe. You will need a board that has an M.2 B-Key slot with Power, Ethernet, SIM slot(s), and USB on it along with a way to provide the modems 4 MHF4 connectors with the cell signal.
Here's the hardware I recommend for an indoor or on the go scenario:
Assembly Video:
(coming soon!)
Purchase Links:
Indoor Eth enclosure kit without modem: Dual-Q 5G2PHY
OR
With x62 RM520N-GL (AP version modified/converted to normal AA). Custom Arixolink firmware pre-flashed (Flash latest stock firmware if you want Simpleadmin 2.0 instead) Dual-Q 5G2PHY-RM520 (Currently Out of stock)
Standard Kit Includes:
Board and Case
40cm USB3.0 A Micro B Cable
2x 10cm MHF4 to SMA cable.
2x 15cm MHF4 to SMA cable.
1x 3x3.5x0.15 Silicone pad
1x 3x3x0.02 Silicone pad
Mounting Hardware
Small Heatsink for the onboard RTL8125 chipset
Does not include
You can buy the kit with the passive PoE adapter now included: https://www.rework.network/collections/lte-home-gateway/products/5g2phy-poe
Rework.network sells a set of antennae separately here: https://www.rework.network/collections/antenna-accessories/products/lot-of-4-quectel-ye0007aa
Key Features:
https://www.rework.network/collections/lte-home-gateway/products/5g-rgm-o
(Additional Photos and info coming soon)
Assembly Video:
(coming soon!)
Travel WiFi Router: GL.iNet Beryl AX
Rubber bands, zip ties, tape, Velcro, pick your favorite 
This Battery 12v3A DC out, USB 5v3A out with passthrough charging
Eth Patch cable or short ethernet cable
Result:
DC adapter: 12v 5A one from Amazon
Passive PoE: The one included with the outdoor antenna and indoor bundle is the best choice as they will link at 2.5gbps, but I would use a 24v passive injector if not.
Indoor antennae 4 Pack from Rework.Network (Untested; pick what you like)
Home WiFi router: GL.iNet Flint 2
Now that you have your modem setup assembled we can move on to setting it up the connection, then the software and settings portion.
For this process you'll need a Windows computer to set the modem up. I use Windows 11 for this but in theory this should work all the same for other versions. You can use Linux but you'll need to ensure that the option kernel module (driver) is installed.
⚠️ USB is not enough to power the modem on its own especially under load. ⚠️ 💡 Plug in extra power at the same time as USB. 💡
➡️ Download QuecDeploy⬅️
To makes things easier for everyone, I created an exe called QuecDeploy. It's a very basic tool that gives you a list of options to pick from to Quickly Install/Deploy Quectel Software/Firmware. Eventually I'll improve it to do even more so be sure to add it to your watchlist.
What you need from QuecDeploy to be successful:
You can find guides on how to flash firmware with Qflash and how to send AT commands with Qnavagator in the wiki as well.
💡 It is recommended to Flash the latest stock firmware available before continuing.
If you are using Windows Ensure you have the latest NDIS driver installed, Qflash, and Qnavagator installed. This can be done with QuecDeploy
For Linux you'll need the option.ko driver compiled and installed, minicom or microcom for AT commands, and Qfirehose for flashing firmware. More info on this to come. This guide is mainly for Windows users.
Connect to the modem by USB and run these AT Commands in Qnavagator.
💡 Hint: How to send AT commands with Qnavagator ⚠️ Remember to uncheck automatic initialization in Qnavagator!
To get the Ethernet port working:
AT+QCFG="data_interface",0,0
AT+QETH="eth_driver","r8125",1
AT+QCFG="pcie/mode",1
AT+QCFG="usbnet",1
AT+CFUN=1,1
Modem will reboot after sending AT+CFUN=1,1
To get your cellular connection up:
This process is dependent on the requirements of your provider and plan.
Basic:
AT+CGDCONT=1,"IPV4V6","apn-here-inside-of-quotes"
AT+EGMR=0,7
[Reads currently set IMEI to you]
AT+EGMR=1,7,"imeinumberhere"
[Repairs the IMEI to something else if incorrect]
AT+CFUN=1,1
Sometimes after a reboot a default MBN Profile will override the APN you set. Here are a few useful commands to help you figure out what's going on. By default the data call will happen with PDP context 1 (APN 1).
Further Connection troubleshooting:
AT+QSIMSTAT?
[Check if a SIM is detected in the selected slot. 0,0 no 0,1 yes]
AT+QUIMSLOT?
[Checks what SIM slot is selected]
AT+QUIMSLOT=1
[Switch to SIM Slot 1]
AT+QENG="servingcell"
[Will show you the signal info and connection status to the provider. NOCONN is normal and LIMSERV is not. LIMSERV usualy means the APN is wrong]
AT+QMAP="WWAN"
[Will show if you have an IP address assigned from your provider]
AT+CDGCONT?
[Will list currently set APN's in each PDP context]
AT+CGDCONT=1,"IPV4V6","apn-here-inside-of-quotes"
[Sets the APN you want in PDP Context 1]
AT+QMBNCFG="AutoSel"
[Check to see if automatic MBN selection is enabled. 1 yes 0 no]
AT+QMBNCFG="AutoSel",0
[Disable Automatic MBN selection]
AT+QMBNCFG="deactivate"
[Will deactivate the currently active MBN profile]
AT+QMBNCFG="list"
[Lists the MBN profiles avalble to pick. The first one is usualy the last used one or current one in use.]
AT+QMBNCFG="select","mbn_profile_name_here"
[Will set an MBN profile as active from the list]
AT+CFUN=0
[Module minimum function mode, will disconnect the radio]
AT+CFUN=1
[Module full function mode, will connect the radio]
It can be very useful to cfun 0 then 1 after changing the APN to avoid a full reboot. MBN edits need AT+CFUN=1,1 (full reboot) to take effect.
At this point you should be up and running with internet out the ethernet port. Keep USB plugged in for now as we will need it to continue.
By default, these modems do not have ADB over USB turned on, and they need to be unlocked when doing so for the first time.
To get access, you need to get a lock code from the modem, then give that to the python ADB unlock keygen, take the unlock key code it gives you, unlock ADB, and then actually enable ADB over USB. This only needs to be done once, as this survives firmware flashing.
To get the lock code, run the AT command "AT+QADBKEY?". The modem will reply with:
AT+QADBKEY?
+QADBKEY: 12345678
OK
12345678 being the lock code in this case
Replace the 12345678 with the response you got from running AT+QADBKEY? then click run. Under output your unlock key will be generated.
Once you have received the unlock key, you apply the key like this:
AT+QADBKEY="0jXKXQwSwMxYoeg"
Then, to actually enable ADB, run AT+QCFG="usbcfg", take the output, change the second-to-last 0 to 1, and then send the new usbcfg string to the modem
⚠️ DO NOT just copy/paste what's below; the USB VID/PID for your modem are very likely different) ⚠️
Example:
AT+QCFG="usbcfg"
+QCFG: "usbcfg",0x2C7C,0x0801,1,1,1,1,1,0,0 // Initial response
AT+QCFG="usbcfg",0x2C7C,0x0801,1,1,1,1,1,1,0 // Enable ADB
⚠️ The qcfg usbcfg command is very dangerous and can leave your modem inaccessible if used incorrectly. Those other 1s need to stay 1. They control what is enabled or disabled over USB.
And reboot with AT+CFUN=1,1 to actually apply.
The adb CLI tool must be available for use (installed) before continuing. If you installed Qflash with QuecDeploy then adb is available already.
In most cases you shouldn't need any additional drivers for adb to work but just in case you do then you can use this adb and fastboot driver installer bat I found.
adb is used in Command Prompt/PowerShell/Windows Terminal on Windows
On most versions of windows you can right click on start, then click either Terminal (Admin) or PowerShell (Admin)
Once you are at a command line:
adb devices to make sure your modem is detected by adbadb shell ping 8.8.8.8 to make sure the shell can access the internet. If you get an error, make sure the modem is connected to a cellular networkCTRL-C to stop it.adb shell
Then copy paste (right click in window to paste)
cd /tmp && wget -O RMxxx_rgmii_toolkit.sh https://raw.githubusercontent.com/iamromulan/quectel-rgmii-toolkit/SDXLEMUR/RMxxx_rgmii_toolkit.sh && chmod +x RMxxx_rgmii_toolkit.sh && ./RMxxx_rgmii_toolkit.sh && cd /
You should see:
You can set your TTL via option 3 (Simple Firewall Management) if needed but mainly, choose option 2 to install simpleadmin 2.0
There will be 2 points it asks you to set a password. It won't look like you are typing anything but you are. One is the admin password for login to simpleadmin and the other is the root password for accessing the console. You may set the same or different. Up to you.
Once that completes you should be able to go to https://192.168.225.1/ (ignore the security warning/proceed anyways) and use simpleadmin 2.0
⚠️ Your modem must already be connected to the internet for this to install
Open up the toolkit main menu and press 4 to enter the Tailscale menu
Press 1, wait for it to install. This is a very large file for the system so give it some time.
Once done and it says Tailscale installed successfully press 2/enter to configure it.
If you want to, enable the Tailscale Web UI on port 8088 for configuration from the browser later by pressing 1/enter.
To do it in the toolkit: First time connecting you'll be given a link to login with
That's it! From another device running tailscale you should be able to access your modem through the IP assigned to it by your tailnet. To access SSH from another device on the tailnet, open a terminal/command prompt and type
tailscale ssh root@(IP or Hostname)
IP or Hostname being the IP or hostname assigned to it in your tailnet
Simpleadmin 2.0 is going away eventually when I have time to revisit SDXLEMUR/SDXPRAIRIE. The plan is to improve the userspace and bring as much as I can from our adventures on SDXPINN. Hopefully I will even have a flash-able firmware out for these modems so we can skip adb.
If you are looking for the advanced stuff and some of the things I removed from this guide check out SDXLEMUR Advanced
========== End
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。