How to bypass Lycamobile’s tethering block in Linux

I’ve been trying to get my Huawei E3276-150 4G/LTE USB modem to work with my PC Engines APU2 router board for quite a while. Once connected, the Huawei modem creates its own network thanks to its HiLink mode and is detected as an Ethernet over USB device in Linux. All I have to do is to ask the modem’s DHCP server for an IP address, use the modem as the default gateway and I should be all set. Right?

Not with a Lycamobile SIM card though. I just couldn’t access the Internet. Since I’m using a (very) limited Lycamobile prepaid data plan I didn’t expect to be a victim of anti-tethering measures and was looking in all other directions at first. But as it turned out, Lycamobile is using an IP-header-TTL-based tethering block. In my case, the APU2 was using Linux’s default IP header TTL value which is set to 64 in most current kernels. All network packets directly originating from within the Huawei’s default network using a TTL of 64 were dropped somewhere behind the modem’s WAN interface and never reached the Internet. However, watch what happens once I change the TTL to a different value.

TTL is set to 64, the kernel’s default value:

root@wopr:~# sysctl net.ipv4.ip_default_ttl
net.ipv4.ip_default_ttl = 64

ICMP requests don’t get replies:

root@wopr:~# ping -c 1
PING ( 56(84) bytes of data.
--- ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3022ms

Websites can’t be accessed:

root@wopr:~# curl -I 
curl: (7) Failed to connect to port 443: Connection timed out

Now, let’s set a different TTL:

root@wopr:~# sysctl net.ipv4.ip_default_ttl=65

Whoah, ping starts working:

root@wopr:~# ping -c 1
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=54 time=412 ms
--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 412.192/412.192/412.192/0.000 ms

Websites can be accessed:

root@wopr:~# curl -I
HTTP/1.1 200 OK
Date: Fri, 04 Mar 2016 16:18:24 GMT
Link: <>; rel=""
Cache-Control: private, must-revalidate
Expires: Fri, 04 Mar 2016 17:18:24 GMT
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=31536000; preload

I don’t know if Lycamobile statically blocks TTL 64 or if this is somehow dynamic, depending on the first TTL they see from a particular IMEI. If you’re having problems accessing the Internet when using a Lycamobile SIM card and Linux, play with different TTLs.

If setting a different TTL helps, adding it to /etc/sysctl.conf will make it persistent.

How to detect if you’re a victim of Lycamobile’s tethering block

Probably the easiest way to find out if you’re being tethering-blocked on Lycamobile’s network is:

Test #1: DNS

If you think everything has been set up properly but there still is no Internet connectivity, try if DNS works (assuming the modem’s LAN IP address is

root@wopr:~# dig @ +short

If you’re getting a valid response but can’t access anything on the Internet, you’re probably being blocked.

Test #2: MTR

root@wopr:~# mtr

                              My traceroute  [v0.85]
wopr (                                    Fri Mar  4 17:37:30 2016
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1.                           0.0%     8   19.8  16.2  12.7  19.8   2.0
 2. ???
 3.                    0.0%     8   67.0 205.8  65.1 1011. 330.3
 4.                      0.0%     8   63.3 189.3  63.3 1003. 329.4
 5.                     0.0%     7   70.2 190.2  64.8 910.3 317.6
 6.                       0.0%     7   68.7 176.8  65.3 809.8 279.2
 7.                       0.0%     7   67.2 162.9  67.2 712.2 242.2
 8.                     0.0%     7   63.7 169.9  63.7 609.0 202.5
 9.                     0.0%     6   80.4  81.9  64.0 138.6  28.4
10.                    0.0%     6   72.9  69.0  63.2  72.9   3.8
11.                           0.0%     6   71.5  69.1  65.5  74.4   3.3

If MTR works but you can’t access anything on the Internet, you’re probably being blocked.

10 replies on “How to bypass Lycamobile’s tethering block in Linux”

  1. I sometimes travel to Sweden and use a Swedish Lycamobile sim card. I have an ancient Symbian Nokia N95 with the Windows Nokia Data Suite. The phone connects at 3.5G and the Windows Nokia Data Suite provides fast internet access for my Windows 7 laptop via USB2. If I put the sim card in my Nexus 6P and try and USB tether the moment that tethering starts the sim card is barred and no phone calls can ever be made again and all my credit is lost. I have tried this three times with three different sim cards! The Nokia N95 works really well but I do feel a bit of a geek with a bag full of vintage phones and cables! 3.5G in Sweden is actually really fast, not like our congested networks in the UK. Do you think that if I root my 6P and edit the TTL value on my laptop that I will be able to avoid the sim killer feature of Lycamobile Sweden?

  2. Fyi the reason that this is the case is most likely that they are looking(and only passing) ttls of 64(the default for both Android and ios), the dongle is most likely acting as a router and decreseing the ttl as it passes so once it reaches the network it is at 63 and they can “tell” its from a teathered device.

  3. I get this block with a dlink 921 3g router , if I use a 3G modem I have no problems in
    windows 7. Any ideas ?

  4. Really wonderful post, I am getting inspired by the post and make it work
    on a windows. I changed by regedit the defaultTTL value. So it can use my mobile phone’s 3G network. I also try to connect another android phone to the phone with hotspot. I change the TTL with TTL Editor under android, and it works find as well.

    But does someone who knows an android program to edit ttl without root ?
    It can be useful to share the connection to friends who doesn’t want to root their mobile phone.

    Best regards.

  5. Everything you say is correct , nice find .

    changing ttl immediately gives internet access from a linux pc entering the hotspot .

Comments are closed.