User Tools

Site Tools


docs:guide-user:network:wan:isp-configurations

ISP Configurations

This page describes how to connect to networks of different commercial Internet service providers. At this time, the DSL configurations described below only apply to devices using Lantiq SoC. There is no DSL support for Broadcom devices.

Australia

TPG (ADSL2+)

A good way to configure your internet is using two devices: A dedicated modem that just accepts all ATM traffic and bridges it to its ethernet port, and a second device that acts as a router to your internal LAN, and the WAN port authenticates to your ISP via pppoe, and is physically connected to the first device over ethernet cable.

Below, I show two configs, one config for the modem, (here Netgear DM200 ADSL2+/VDSL modem) and the second config showing the necessary authentication to TPG ISP for the second device (another OpenWRT router).

package network                                                                 
                                                                                
config atm-bridge 'atm'                                                         
        option vpi '8'                                                          
        option vci '35'                                                         
        option encaps 'llc'                                                     
        option payload 'bridged'                                                
                                                                                
config dsl 'dsl'                                                                
        option annex 'a2p'                                                      
        option fwannex 'a'                                                      
        option firmware '/lib/firmware/lantiq-vrx200-a.bin'                     
        option xfer_mode 'atm'                                                  
                                                                                
config interface 'lan'                                                          
        option type 'bridge'                                                    
        option ifname 'eth0 nas0'                                               
        option proto 'none'                                                     
        option auto '1'                                                         
                                                                                
config device 'lan_dev'                                                         
        option name 'eth0'                                                      
        option macaddr 'yy.yy.yy.yy.yy.yy'                                      
                                                                                
config device 'wan_dev'                                                         
        option name 'nas0'                                                      
        option macaddr 'xx.xx.xx.xx.xx.xx'

Second device authenticates to ISP with:

config interface 'wan'
	option ifname 'eth1'
	option proto 'pppoe'
	option username 'xxxx@tpg.com.au'
	option password 'zzzz'

Belgium

EDPnet (VDSL)

EDPnet provides VDSL services through PPPoE and VLAN tagging. Keep in mind the DSL state monopolist (Proximus) still manages the backbone and keeps a whitelist of allowed modems (a few third party models, mostly AVM FRITZ!Box, and their own Proximus B-Box models).

The VLAN tagging is as follows:

  • Internet: PPPoE over VLAN 10.
  • VoIP: unclear.
  • TV: EDPnet does not offer TV.

The following works for an AVM FRITZ!Box 7362 SL running master (stable support won't appear with a post 18.06 release) with the whitelisted Lantiq blobs pulled off my 7490. Besides this, the default VDSL values OpenWrt uses seem to be OK. You get reset to a fallback profile after a while, so there might be some additional background checks going on that go beyond the Lantiq driver version.

config interface 'wan'
    option ifname 'dsl0.10'
    option proto 'pppoe'
    option username 'b1xxxxxx'
    option password 'xxxxxx'
    option ipv6 '1'

Canada

Bell Canada Fibe

Bell Canada Fibe provides for fiber to the home (FTTH).

They use VLAN tagging and PPPoE protocol.

The VLAN tagging is usually as follows:

  • Phone: VLAN 34
  • Internet: PPPoE over VLAN 35
  • TV: VLAN 36
config interface 'wan'
    option ifname 'eth1.35'
    option proto 'pppoe'
    option username 'b1xxxxxx'
    option password 'xxxxxx'
    option ipv6 'auto'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

MTU Settings

Follow the MTU recommendations here:

  • Fiddle with your MTU settings to make sure that your router doesn't have to fragment IP packets. (IP fragmentation will use more CPU on your router, increase overhead on your WAN connection, slightly degrade performance, and cause problems when connecting to networks behind misconfigured firewalls on the Internet).
  • At first I used all the default settings and was getting an MTU of 1480.
  • I increased the MTU on both my SFP interface and VLAN to 1520 and then set the advertised MTU and MRU settings on my PPPoE interface to 1500 and was able to get an actual MTU of 1500 on my WAN link.
  • You can verify your MTU value using ping or a webservice such as the MTU test at Let Me Check.it.

References

Netherlands

Telfort

Telfort provides settings for xDSL and glassfiber. They use VLAN tagging and IPoE protocol - so DHCP in OpenWrt.

VDSL

The network protocols are layered in this way:

  1. VDSL link (Annex B, Profile 17a, Line mode G.993.2)
  2. PTM (Packet Transfer Mode)
  3. Ethernet with VLAN 34
  4. IPTV with VLAN 4

A sample config for VDSL would look like (Tested with OpenWrt 18.06.1 r7258-5eb055306f)

config atm-bridge 'atm'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'
        option vci '34'
        option vpi '0'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'dsl0.34'
        # option ifname 'ptm0.34' # LEDE 17
        option type 'bridge'        

XS4ALL

XS4ALL is another ISP from KPN like Telfort. They offer DSL and FTTH connections. For DSL it is possible to use your own router, but since latest techniques use profile 35b to get 200+ Mbit speeds over a single line, it's better (for speed) to put the provided FritzBox in bridge mode and use OpenWRT as if directly on FTTH connection.

Internet

FTTH (Fibre) and VDSL connections result in VLANs 6, and 4. That is, connecting the ethernet cable from the fibre's NTU or from the bridged VDSL modem, to your WAN port does nothing by itself. Internet is provided over a PPPoE connection over VLAN6, username and password don't matter here, as long as they are set. Thus, to bring up your WAN device which gets your public IP addresses (XS4ALL does both IPv4 and IPv6), configure like this:

config interface 'wan'
    option ifname 'eth0.6'
    option proto 'pppoe'
    option username 'FB7581@xs4all.nl'
    option password '1234'
    option ipv6 'auto'
    option mtu '1508'  # only works for FTTH since FritzBox doesn't support higher MTU

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

Telephony

If you use telephony and use FTTH, easiest is to connect the (unused) provided FritzBox as regular client to your OpenWRT lan. You can configure the FritzBox to take internet from there and provide telephony (which is just SIP).

IPTV

If you use TV, in the old setup (before March 2019) you could just bridge VLAN4 to your STBs (the black receivers provided by XS4ALL). This is called bridged mode. However, starting from March 2019, bridged mode is no longer provided and instead, routed mode has to be setup. The obvious change visible is the additions of “interactive TV” in the STBs. Routed mode, is much like described in IPTV / UDP multicast. It has a small specific twist for XS4ALL though. The official documentation for this can be found at XS4ALL's modem setup (Dutch).

For this to work, you need to install igmpproxy. For clarity, we use 3 different zones: wan, iptv and stbitv.

  • wan: the ordinary internet connection, used for “interactive” features (e.g. YouTube)
  • iptv: VLAN4-based connection, mostly used for multicast based live-streams, and STB software, some 10.200.x.x/22
  • stbitv: the (client) network with the STBs in them, in this example 10.3.0.0/24

First, configure an interface, DHCP client for iptv, the VLAN 4 interface. Important, it needs to set Vendor Class Identifier to IPTV_RG, and ignore any default gateway or dns servers advertised. The DNS is bogus (per the docs), the default route is what we don't want to use, because we want to use our real internet connection. In the DHCP reply is an additional route, you don't see this in luci, but it's correctly added to your routing table, and it basically includes all the traffic that needs to go over VLAN 4. This is basically why we don't need the default route.

config interface 'iptv'
    option type 'bridge'
    option ifname 'eth0.4'
    option proto 'dhcp'
    option defaultroute '0'
    option peerdns '0'
    option vendorid 'IPTV_RG'

Also create a firewall zone for this interface, that sets masquerading (like wan, we need to NAT some traffic over this interface):

config zone
    option name 'iptv'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option network 'iptv'
    option masq '1'
    option mtu_fix '1'
    option forward 'REJECT'

Next, configure a new interface for the STBs. I isolated them on their own VLAN 7, but I think you could also plug them into an existing client network. Since there will be multicast traffic over this, you do want to separate the traffic using igmp snooping. Ensure you enable this, and if you use switches inbetween that they also enable this, else you'll flood your entire network. This is particularly bad if you have wlans in your network. The following is just what I used for this description.

config interface 'stbitv'
    option type 'bridge'
    option proto 'static'
    option ifname 'eth0.7'
    option ipaddr '10.3.0.1'
    option netmask '255.255.255.0'
    option igmp_snooping '1'

The STBs don't need any special DHCP tricks, so you just need to hand out IPs in the normal way. Only IPv4 is supported. Create firewall zone for this network, and “glue” that zone together with the iptv and wan zones, such that traffic can go both ways:

config zone
    option input 'ACCEPT'
    option forward 'REJECT'
    option output 'ACCEPT'
    option name 'stbitv'
    option network 'stbitv'

config forwarding
    option dest 'wan'
    option src 'stbitv'

config forwarding
    option dest 'iptv'
    option src 'stbitv'

Now, the last remaining bit needs to be done, which is forwarding the multicast packets that the STBs request. Since the OpenWRT router now is the terminating node as seen from the XS4ALL network, any multicast traffic arriving at the router, needs to be forwarded to the STB in the network that requested it. This is done by igmpproxy. For the proxy, upstream is the XS4ALL network, downstream the STBs in the client network. Quickleave feature is necessary to quickly terminate unnecessary streams (happening when switching between channels, “zapping”). As such, the following configuration is sufficient:

config igmpproxy
    option quickleave 1

config phyint
    option network iptv
    option zone iptv
    option direction upstream
    list altnet 0.0.0.0/0

config phyint
    option network stbitv
    option zone stbitv
    option direction downstream

Final remaining thing is to enable and start igmpproxy using /etc/init.d/igmpproxy enable and /etc/init.d/igmpproxy start.

Once you applied all this, ensure you got a 10.200.x.y IP address on the iptv interface. Check with netstat -rn that there is a route for destination 213.75.112.0 (could be slightly different) added with gateway your 10.200.x.1 IP address. Interface should be br-iptv if you followed above example. If that seems ok, and igmpproxy is running, shutdown your STBs and restart them. They should come up quite normal and settings/system should now report “routed mode”. If you get any errors reported by the devices, check the multicast traffic gets forwarded (it attempts this while STB boots) using tcpdump or something. Also check if regular internet works correctly from the STB client network.

Portugal

MEO

GlobalConnect Pack

This enterprise VoIP and Internet services package includes a Thomson/Technicolor gateway which can be configured (by the tecnician only) in bridge mode, at installation time. In this configuration, the connection presents itself untagged at the gateway's switch port 4. The Internet service is somewhat unusual. The addressing is static, and the configuration provided is (as an example) something along these lines:

  • Local WAN IP: 100.64.194.2
  • Remote WAN IP: 100.64.194.1
  • Internet IP: 62.10.20.30/32

Both the Local and Remote WAN IP addresses belong to a /30 subnet. Inbound traffic arrives at the interface with the Internet IP address as the destination. To configure this connection on an OpenWrt device (let's assume interface eth1), on /etc/config/network, we need:

config interface 'wan'
	option ifname 'eth1'
	option proto 'static'
	list ipaddr '62.10.20.30/32'
	list ipaddr '100.64.194.2/30'
	option gateway '100.64.194.1'

Now, since the addressing is static, we can do source NAT instead of masquerading. To do so, we configure /etc/config/firewall as follows:

config redirect
	option name 'MEO SNAT'
	option src 'lan'
	option dest 'wan'
	option proto 'all'
	option src_dip '62.10.20.30'
	option target 'SNAT'

Germany

Deutsche Telekom

ADSL

  • ADSL LINK
  • ATM
    • VPI (Virtual Path Identifier): 1
    • VCI (Virtual Channel Identifier): 32
Deutsche Telekom BNG

BNG is short for Broadband Network Gateway and Deutsche Telekom's new platform. Customers are successively migrated and usually receive a letter in the mail announcing the change.

On the old platform the customer can just setup PPPOE and the Internet connection comes up. With BNG the traffic that leaves the WAN port needs to be tagged with VLAN 7 (Details).

As an example suppose you have a modem in bridge mode that is unable to handle VLAN tagging. The router connected to the modem needs to add the VLAN tag in this case. Example for Archer C7 V2 below.

Old platform:

config interface 'wan'
        option proto 'pppoe'
        option username '...@t-online.de'
        option password '...'
        option ipv6 'auto'
        option ifname 'eth0.2'

config switch_vlan             
        option device 'switch0'
        option vlan '2'        
        option ports '1 6t'

BNG platform:

config interface 'wan'
        option proto 'pppoe'
        option username '...@t-online.de'
        option password '...'
        option ipv6 'auto'
        option ifname 'eth0.7'

config switch_vlan
        option device 'switch0'
        option vlan '7'
        option ports '1t 6t'

So if you receive a letter about the platform change and your Internet access goes down, try adding the VLAN tag to the WAN port and see if it comes up again.

Some more details that may be of interest:

  • When you login into Telekom Kundencenter there are various configuration options available (DNS behavior, Easy Login, Auto Login, phone service configuration etc.).
  • When using a SIP client from your Telekom landline connection you usually don't need to authenticate. Details are available on the Internet, for instance here. That means when connected to your LAN you (or somebody else) may be able to configure one of your landline phone numbers (for instance your main phone number) on a SIP client and make calls without a valid password. This may be disturbing to some. LOL
TAL.de TALDSL MAX VDSL2 on a Telekom line
VPI1
VCI32
VLAN-ID7
DCHPv4n/a
DHCPv6n/a
EncapsulationPPPoE
IPv4 addressPPPoE
IPv4 gatewayPPPoE
IPv4 nameserverPPPoE
IPv6 addressPPPoE (link-local with dynamic sub-prefix)
IPv6 gatewayn/a (static route to WAN device needed)
IPv6 nameserver2a01:170::1
IPv6 prefix delegationn/a (assign 2a01:170:xxxx::/48 manually to LAN device(s))
config interface 'wan'
	option proto 'pppoe'
	option ifname 'eth0.7'
	option ipv6 '1'
	option username '...#tal@bsa-vdsl'
	option password '...'

config route6
	option interface 'wan'
	option target '::0/0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ifname 'br-lan'
	option ip6addr '2a01:170:xxxx:yyyy::1/64'
1&1 on a Telekom line with Annex J

When migrating from Annex B to Annex J, connection properties seem to have changed to require using VLAN 7.

The complete username (as opposed to the simplified form used by Fritz!Boxes '1und1/1234-567@online.de') can be obtained from a packet capture from a Fritz!Box (if internet is so far provided via one).

  • Press start on the '1. Internetverbindung'
  • Log into the main Fritz!Box UI and press the reconnect button
  • Wait until the connection is re-established
  • Stop the capture and open it in Wireshark
  • Use 'pap' as filter. You should be able to read the complete username and password in the detail view

The configuration of the interfaces should look like this (tested on r6788-7ff31bed98):

config dsl 'dsl'
	option tone 'bv'
	option annex 'j'

config interface 'wan'
	option proto 'pppoe'
	option password '***'
	option delegate '0'
	option ipv6 'auto'
	option username '1und1/(***)1234-567@online.de'
	option ifname 'dsl0.7'

config device 'wan_dev'
	option macaddr '***'
	option name 'dsl0'

VDSL

The network protocols are layered in this way:

  1. VDSL link (17a profile, G.993.5 depending on the DSLAM)
  2. PTM (Packet Transfer Mode)
  3. Ethernet with VLAN 7 (data + voice)
  4. PPPoE
    1. For some resale accounts an “H” has to be added in front of the pppoe user name, for 1und1 it looks like this “H1und1/1234-567@online.de”

You global routed IPv4 address and a some IPv6 subnets

When the network supports VDSL vectoring, but the VDSL modem does not support it, the device will be put into a fall back mode using only the lower 2.2 MHz of the band, this results in reduced rates like 13 MBit/s down and 1.4 MBit/s up instead of 50 MBit/s. Details: https://telekomhilft.telekom.de/t5/Telefonie-Internet/Fallbackprofil-bei-Vectoring/ta-p/2431567

Example VDSL configuration for Lantiq based devices:

config dsl 'dsl'
	option annex 'a'
	option tone 'av'
	option xfer_mode 'ptm'

config interface 'wan'
	option proto 'pppoe'
	option _orig_ifname 'ptm0'
	option _orig_bridge 'false'
	option ifname 'dsl0.7' # OpenWRT 18
	# option ifname 'ptm0.7' # LEDE 17
        option username 'H1und1/1234-567@online.de'
	option password 'abcdefghijklm'
	option ipv6 'auto'

United Kingdom

The information below is reproduced from the 'OpenWRT/LEDE Installation Guide for the BT Home Hub 5A', which can be downloaded from: Ebilan forum Dropbox mirror

ADSL

  • ADSL LINK
  • Annex A, Tone A
  • ATM
    • VPI (Virtual Path Identifier): 0
    • VCI (Virtual Channel Identifier): 38

Configuration examples for LEDE 17 and OpenWRT 18.

Virtually all ISPs in the UK use PPPoA protocol with the exception of Sky Broadband who use MER and also PPPoA on some exchanges.

config dsl 'dsl'
    option annex 'a'
    option tone 'a'
    option xfer_mode 'atm'
    option line_mode 'adsl'

config interface 'wan'
    option proto 'pppoa'
    option username 'your username'
    option password 'your password'
    # option username 'bthomehub@btinternet.com' # BT ADSL
    # option password ' ' # Apparently requires any non-empty password such as a space character.
    # option username 'install@o2broadband.co.uk' # Sky ADSL on ex-o2 enabled exchanges.
    # option password ''
    option vpi '0'
    option vci '38'
    option encaps 'vc'
    option ipv6 'auto' 

Ensure that ATM Bridge section has been deleted, otherwise PPPoA will not connect to broadband service. It can be deleted using LuCI.

config atm-bridge 'atm' # Remove entire section for PPPoA

BT group also supports PPPoE protocol.

config dsl 'dsl'
    option annex 'a'
    option tone 'a'
    option xfer_mode 'atm'
    option line_mode 'adsl'

config atm-bridge 'atm'
    option encaps 'llc'
    option payload 'bridged'
    option vci '38'
    option vpi '0'

config interface 'wan'
    option ifname 'dsl0'
    # option ifname 'nas0' # for LEDE 17.01
    option proto 'pppoe'
    option username 'your username'
    option password 'your password'
    # option username 'bthomehub@btinternet.com' # BT ADSL
    # option password ' '

VDSL

The network protocols are layered in this way:

  • VDSL link (17a profile, G.993.5)
  • PTM (Packet Transfer Mode)
  • Annex B, Tone A
  • VLAN 101

BT group and Vodafone uses PPPoE protocol.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option username 'bthomehub@btinternet.com'
    option password ' '

TalkTalk uses DHCP protocol.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'dhcp'

Sky and NOW uses MER protocol. Configure as for DHCP. Refer to following thread for additional instructions: SkyUser

Egypt

ADSL

TE Data

(If using ISP-provided router-modem)

* Delete the WAN connection form your ISP router. Create another one as Bridge. Use the following data for the connection:

VPI/VCI: 0/35
Encapsulation Type: LLC
Service Type: UBR
Type: Bridge Connection

* For OpenWrt, you will need to add or edit the following in /etc/config/networks for interface WAN. You should replace the username and password with those given to you by your ISP.

config interface 'WAN'
        option proto 'pppoe'
        option ifname 'eth0.2'
        option username '******@tedata.net.eg'
        option password '********'
        option ipv6 'auto'
        option mtu '1420'
        option auto '0'
docs/guide-user/network/wan/isp-configurations.txt · Last modified: 2019/05/23 13:25 by rsalvaterra