ISP Configurations

This page describes how to connect to networks of different commercial Internet service providers. At this time, most of the DSL configurations described below only apply to modem-router devices using Lantiq SoC. There is no DSL support for Broadcom devices.

the below config is tested with ADSL 8 mbps subscription and it is confirmed that is working under version OpenWrt 19.07.4

config atm-bridge 'atm'
        option encaps 'llc'
        option nameprefix 'dsl'
        option vpi '0'
        option vci '100'
        option payload 'bridged'

config dsl 'dsl'
        option annex 'a'
        option ds_snr_offset '0'

config interface 'wan'
        option ifname 'dsl0'
        option proto 'pppoe'
        option username 'YOURADSLUSERNAME'
        option password 'YOURADSLPASSWORD'
        option mtu '1492'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
        option peerdns '0'

Telstra (FTTN)

Place the supplied Telstra modem into bridge mode, and plug an openwrt router into one of the LAN ports. No special settings need to be applied, just DHCP. The Telstra modem will do the authentication for you. Note: It may be useful to assign a static IP to the OpenWrt router from the modem, and optionally place it into a DMZ

TPG (HFC)

Plug an openwrt router into the supplied simple DOCSIS modem (or replace modem and call support to authenticate new DOCSIS serial number). The network settings for openwrt router needs to use VLAN 2 (ethX.2), probably best to spoof MAC to match supplied router WAN interface.

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'pppoe'
	option username 'xxxx@tpg.com.au'
	option password 'zzzz'
	option mtu '1500'
	option macaddr 'xx:xx:xx:xx:xx:xx'
	option pppd_options 'debug'
	option ipv6 'auto'

TPG (FTTC)

Simply set the WAN port to use the PPPoE protocol and enter your TPG username and password. That's all. No VLAN configuration, such as setting WAN to use VLAN2 was required.

TPG (ADSL2+)

A good way to configure your internet is using two devices: A dedicated modem that just accepts all ATM traffic and bridges it to its ethernet port, and a second device that acts as a router to your internal LAN, and the WAN port authenticates to your ISP via pppoe, and is physically connected to the first device over ethernet cable.

Below, I show two configs, one config for the modem, (here Netgear DM200 ADSL2+/VDSL modem) and the second config showing the necessary authentication to TPG ISP for the second device (another OpenWrt router).

package network                                                                 
                                                                                
config atm-bridge 'atm'                                                         
        option vpi '8'                                                          
        option vci '35'                                                         
        option encaps 'llc'                                                     
        option payload 'bridged'                                                
                                                                                
config dsl 'dsl'                                                                
        option annex 'a2p'                                                      
        option fwannex 'a'                                                      
        option firmware '/lib/firmware/lantiq-vrx200-a.bin'                     
        option xfer_mode 'atm'                                                  
                                                                                
config interface 'lan'                                                          
        option type 'bridge'                                                    
        option ifname 'eth0 nas0'                                               
        option proto 'none'                                                     
        option auto '1'                                                         
                                                                                
config device 'lan_dev'                                                         
        option name 'eth0'                                                      
        option macaddr 'yy.yy.yy.yy.yy.yy'                                      
                                                                                
config device 'wan_dev'                                                         
        option name 'nas0'                                                      
        option macaddr 'xx.xx.xx.xx.xx.xx'

Second device authenticates to ISP with:

config interface 'wan'
	option ifname 'eth1'
	option proto 'pppoe'
	option username 'xxxx@tpg.com.au'
	option password 'zzzz'

on /etc/config/network we have to modify the WAN section to use vlan2

config interface 'wan'
        option ifname 'dsl0.2'
        option proto 'pppoe'
        option username '**********'
        option password '********'
        option ipv6 '1'
        option peerdns '0'
        option keepalive '0'

in the DSL section we use the annex b (and optional if you have/need it, the firmware for your modem. In this case I use a FRITZBox 7362 SL)

config dsl 'dsl'
        option annex 'b'
        option ds_snr_offset '0'
        option firmware '/lib/modules/vr9-B-dsl.bin'

Fonira provides the option to get rid of carrier-grade NAT by purchasing a static (and non-NATed) IPv4 address, and then also provides a fixed IPv6 prefix.

# /etc/config/network
config interface 'wan'
        option proto 'pppoe'
        option username '******@fonira.at'  # The PPPoE username provided by Fonira.
        option password '******'  # The PPPoE password provided by Fonira.
        option device 'eth<X>.31'  # The VLAN with the ID 31 has to be used.
        option delegate '0'
        option ipv6 '1'

config interface 'wan6'
        option device '@wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'no'
        option ip6prefix '.....::/60'  # The IPv6 prefix provided by Fonira.
        option delegate '1'

Using the settings above, the static IPv4 address and a dynamic IPv6 address is provided to the router's WAN port by the ISP, and the fixed IPv6 prefix is used on the LAN side.

Setting reqprefix to no is needed to prevent the router from requesting an additional (dynamic) IPv6 prefix from the ISP. However, with this option set to no, no IPv6 route to the internet is set. This can be worked around by adding a source-route for the fixed IPv6 prefix:

# /etc/config/network
config route6
        option interface 'wan6'
        option target '::/0'
        option source '.....::/60'  # The IPv6 prefix provided by Fonira.

More details and discussions on this topic can be found in this thread at LTEForum.at (in german).

EDPnet provides VDSL services through PPPoE and VLAN tagging. Keep in mind the DSL state monopolist (Proximus) still manages the backbone and keeps a whitelist of allowed modems (a few third party models, mostly AVM FRITZ!Box, and their own Proximus B-Box models).

The VLAN tagging is as follows:

  • Internet: PPPoE over VLAN 10.
  • VoIP: unclear.
  • TV: EDPnet does not offer TV.

The following works for an AVM FRITZ!Box 7362 SL running master (stable support won't appear with a post 18.06 release) with the whitelisted Lantiq blobs pulled off my 7490. Besides this, the default VDSL values OpenWrt uses seem to be OK. You get reset to a fallback profile after a while, so there might be some additional background checks going on that go beyond the Lantiq driver version.

Also a TPLink WR8890 was successfully tested with firmware taken from the xDarklight repository. Testing has shown that the 'certified' blobs perform worse on these models and should be avoided as they seem to make the line unstable. A patch can be done in the VDSL driver method to return a 'certified' version string so the modem can stay on a high speed profile.

config interface 'wan'
    option ifname 'dsl0.10'
    option proto 'pppoe'
    option username 'b1xxxxxx'
    option password 'xxxxxx'
    option ipv6 '1'

EDPnet provides Fiber services through PPPoE and VLAN tagging as well. The state monopolist (Proximus) still manages the backbone, as with VDSL, and will install an ONT to which you connect your router of choice (!) directly.

The following works on a MikroTik RB5009UG+S+IN with OpenWrt 22.03 and DSA. At this point `/etc/config/network` makes a distinction between 'device' and 'interface' definitions (the latter relying on the former). I am using port 8 as WAN port and am using 'fiber' as a fancy recognisable name instead of the mundane 'p8.10' (which would be default based on the port being port 8 tagged with VLAN 10).

config device                                                            
        option name 'p8'                                                 
                                                                         
config device                                                            
        option type '8021q'                                              
        option ifname 'p8'                                               
        option vid '10'                                                  
        option name 'fiber'

config interface 'wan'
	option proto 'pppoe'
	option username 'blabla@EDPNET'
	option password '..............'
	option ipv6 '1'
	option device 'fiber'

config interface 'wan6'
	option proto 'dhcpv6'
	option device '@wan'

Bell Canada Fibe provides for fiber to the home (FTTH).

They use VLAN tagging and PPPoE protocol.

The VLAN tagging is usually as follows:

  • Phone: VLAN 34
  • Internet: PPPoE over VLAN 35
  • TV: VLAN 36
config interface 'wan'
    option ifname 'eth1.35'
    option proto 'pppoe'
    option username 'b1xxxxxx'
    option password 'xxxxxx'
    option ipv6 'auto'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

Follow the MTU recommendations here:

  • Fiddle with your MTU settings to make sure that your router doesn't have to fragment IP packets. (IP fragmentation will use more CPU on your router, increase overhead on your WAN connection, slightly degrade performance, and cause problems when connecting to networks behind misconfigured firewalls on the Internet).
  • At first I used all the default settings and was getting an MTU of 1480.
  • I increased the MTU on both my SFP interface and VLAN to 1520 and then set the advertised MTU and MRU settings on my PPPoE interface to 1500 and was able to get an actual MTU of 1500 on my WAN link.
  • You can verify your MTU value using ping or a webservice such as the MTU test at Let Me Check.it.

Terrakom runs their own FTTH infrastructure and uses PPPoE to connect. Previously they required setting just the username and password, but for recent upgrades they also set the VLAN tag to 905:

config interface 'PPPoE'
	option proto 'pppoe'
	option username 'xxxxxx@terrakom.hr'
	option password 'xxxxxxxxxx'
	option peerdns '0'
	option ipv6 'auto'
	option device 'wan.905'

For the username and password, asking the customer support nicely will do the trick.

To discover the VLAN tag (in case it's not 905 anymore), you need to trick the provided modem into trying to connect with your own PPPoE server. Here's one way how to do that:

  1. Prepare a Kali Linux Live USB and boot into it
  2. Download and compile rp-pppoe
  3. Open wireshark and start listening on the ethernet port
  4. Connect the (initially powered down) modem (use the WAN/intenet port) to your computer running Kali Linux via ethernet cable
  5. Power the modem up and look at the packages sent by the modem, you should see some packages od type pppoed or similar, checking the details should give you the VLAN ID, mac address, service name and other parameters that may be important.

Another way to do this is to use a LAN hub to connect the modem (WAN/internet port), your computer running wireshark and the upstream connection. That way you can see packets for the whole process of establishing a session as exchanged between your modem and the operator infrastructure.

Both of these procedures should really work for any operator using PPPoE.

Epic provides VDSL2+ services through PPPoE and VLAN tagging (VLAN 35, but to be sure sniff for a while with tcpdum -e option).

Example configuration for AVM FritzBox 7360 V2:

config dsl 'dsl'
        option annex 'b'
        option ds_snr_offset '0'
        option firmware '/lib/firmware/vr9-B-dsl.bin' # Annex B Firmware for this device
        option tone 'av'
config interface 'wan'
	option proto 'pppoe'
	option ifname 'dsl0.35'
	option username 'bits*****@home'
	option password '*******'

Besides ADSL2+ and VDSL, Cyta provides Fiber services through PPPoE and VLAN tagging (VLAN 42, but to be sure sniff for a while with tcpdum -e option). For connection following devices are used:

  • ONT like Huawei OptiXstar HG8245X6
  • GPON Terminal like Huawei OptiXstar HG8010HV6 and provider's device like ZTE ZXHN H268A or your own device

Example configuration for Xiaomi Mi Router AC2100 with OpenWrt 21.02.1, DSA and settings missed in guide (username and password are really dummy but not empty fields):

config interface 'wan'
	option proto 'dhcp'
	option hostname '*'
	option device 'wan'
	option delegate '0'

config device
	option name 'wan'
	option ipv6 '0'

config device
	option type '8021q'
	option ifname 'wan'
	option vid '42'
	option name 'wan.42'

config interface 'cyta_eth'
	option proto 'pppoe'
	option device 'wan.42'
	option username 'cyta'
	option password 'cyta'
	option ipv6 '0'
	option mtu '1492'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '1.1.1.1'
	option delegate '0'

O2 provides documentation for Internet here.

VDSL

  • Protocol: PPPoE
  • VLAN: 848
  • Username: O2
  • Password: O2
config interface 'wan'
        option proto 'pppoe'
        option username 'O2'
        option ifname 'dsl0.848'
        option ipv6 'auto'
        option password 'O2'
        
config dsl 'dsl'
        option annex 'b'
        option ds_snr_offset '0'
        option line_mode 'vdsl'
        option tone 'bv'
        option xfer_mode 'ptm'        

O2TV (IPTV)

O2 provides documentation for IPTV here.

  • Bridge mode
  • VLAN: 835

Example configuration on TP-Link TD-W8980B / TD-9980B. IPTV is plugged in port 'LAN2'.

config interface 'iptv'
        option type 'bridge'
        option proto 'dhcp'
        option hostname 'O2TV'
        option peerdns '0'
        option defaultroute '0'
        option ifname 'dsl0.835 eth0.835'
        
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 5 2 4'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '835'
        option ports '6t 0'        

WE (TE Data)

(If using ISP-provided router-modem)

  • Delete the WAN connection form your ISP router. Create another one as Bridge. Use the following data for the connection:
    VPI/VCI: 0/35
    Encapsulation Type: LLC
    Service Type: UBR
    Type: Bridge Connection
  • For OpenWrt, you will need to add or edit the following in /etc/config/network for interface WAN. You should replace the username and password with those given to you by your ISP.
    config interface 'WAN'
            option proto 'pppoe'
            option ifname 'eth0.2'
            option username '******@tedata.net.eg'
            option password '********'
            option ipv6 'auto'
            option mtu '1500'
            option auto '0'

Note: Technical support say MTU should be 1420, but 1500 seem to do just fine.

FTTH

You have to use VLAN 100 and spoof the bbox MAC address.

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0.100'
	option clientid '0123456789AB'
	option vendorid 'BYGTELIAD'
	option macaddr '01:23:45:67:89:ab'

ADSL

  • ADSL LINK
  • ATM
    • VPI (Virtual Path Identifier): 1
    • VCI (Virtual Channel Identifier): 32
Deutsche Telekom BNG

BNG is short for Broadband Network Gateway and Deutsche Telekom's new platform. Customers are successively migrated and usually receive a letter in the mail announcing the change.

On the old platform the customer can just setup PPPOE and the Internet connection comes up. With BNG the traffic that leaves the WAN port needs to be tagged with VLAN 7 (Details).

As an example suppose you have a modem in bridge mode that is unable to handle VLAN tagging. The router connected to the modem needs to add the VLAN tag in this case. Example for Archer C7 V2 below.

Old platform:

config interface 'wan'
        option proto 'pppoe'
        option username '...@t-online.de'
        option password '...'
        option ipv6 'auto'
        option ifname 'eth0.2'

config switch_vlan             
        option device 'switch0'
        option vlan '2'        
        option ports '1 6t'

BNG platform:

config interface 'wan'
        option proto 'pppoe'
        option username '...@t-online.de'
        option password '...'
        option ipv6 'auto'
        option ifname 'eth0.7'

config switch_vlan
        option device 'switch0'
        option vlan '7'
        option ports '1t 6t'

So if you receive a letter about the platform change and your Internet access goes down, try adding the VLAN tag to the WAN port and see if it comes up again.

Some more details that may be of interest:

  • When you login into Telekom Kundencenter there are various configuration options available (DNS behavior, Easy Login, Auto Login, phone service configuration etc.).
  • When using a SIP client from your Telekom landline connection you usually don't need to authenticate. Details are available on the Internet, for instance here. That means when connected to your LAN you (or somebody else) may be able to configure one of your landline phone numbers (for instance your main phone number) on a SIP client and make calls without a valid password. This may be disturbing to some. LOL
TAL.de TALDSL MAX VDSL2 on a Telekom line
VPI1
VCI32
VLAN-ID7
DCHPv4n/a
DHCPv6n/a
EncapsulationPPPoE
IPv4 addressPPPoE
IPv4 gatewayPPPoE
IPv4 nameserverPPPoE
IPv6 addressPPPoE (link-local with dynamic sub-prefix)
IPv6 gatewayn/a (static route to WAN device needed)
IPv6 nameserver2a01:170::1
IPv6 prefix delegationn/a (assign 2a01:170:xxxx::/48 manually to LAN device(s))
config interface 'wan'
	option proto 'pppoe'
	option ifname 'eth0.7'
	option ipv6 '1'
	option username '...#tal@bsa-vdsl'
	option password '...'

config route6
	option interface 'wan'
	option target '::0/0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ifname 'br-lan'
	option ip6addr '2a01:170:xxxx:yyyy::1/64'
1&1 or O² on a Telekom line with Annex J

When migrating from Annex B to Annex J, connection properties seem to have changed to require using VLAN 7.

The complete username (as opposed to the simplified form used by Fritz!Boxes '1und1/1234-567@t-online.de') can be obtained from a packet capture from a Fritz!Box (if internet is so far provided via one).

  • Press start on the '1. Internetverbindung'
  • Log into the main Fritz!Box UI and press the reconnect button
  • Wait until the connection is re-established
  • Stop the capture and open it in Wireshark
  • Use 'pap' as filter. You should be able to read the complete username and password in the detail view

The configuration of the interfaces should look like this (tested on r6788-7ff31bed98):

config dsl 'dsl'
	option tone 'bv'
	option annex 'j'

config interface 'wan'
	option proto 'pppoe'
	option password '***'
	option delegate '0'
	option ipv6 'auto'
	option username '1und1/(***)1234-567@t-online.de'
#or     option username 'DSL***@s92.bbi-o2.de'
	option ifname 'dsl0.7'

config device 'wan_dev'
	option macaddr '***'
	option name 'dsl0'

VDSL

The network protocols are layered in this way:

  1. VDSL link (17a profile, G.993.5 depending on the DSLAM)
  2. PTM (Packet Transfer Mode)
  3. Ethernet with VLAN 7 (data + voice)
  4. PPPoE
    1. For some resale accounts an “H” has to be added in front of the pppoe user name, for 1und1 it looks like this “H1und1/1234-567@t-online.de”

You global routed IPv4 address and a some IPv6 subnets

When the network supports VDSL vectoring, but the VDSL modem does not support it, the device will be put into a fall back mode using only the lower 2.2 MHz of the band, this results in reduced rates like 13 MBit/s down and 1.4 MBit/s up instead of 50 MBit/s. Details: https://telekomhilft.telekom.de/t5/Telefonie-Internet/Fallbackprofil-bei-Vectoring/ta-p/2431567

Example VDSL configuration for Lantiq based devices:

config dsl 'dsl'
	option annex 'b'
	option tone 'bv'
	option xfer_mode 'ptm'

config interface 'wan'
	option proto 'pppoe'
	option _orig_ifname 'ptm0'
	option _orig_bridge 'false'
	option ifname 'dsl0.7' # OpenWrt 18
	# option ifname 'ptm0.7' # LEDE 17
        option username 'H1und1/1234-567@t-online.de'
	option password 'abcdefghijklm'
	option ipv6 'auto'

1&1 VDSL DS-Lite

1and1 is migrating (new customers) towards DSlite (Dual-Stack Lite RFC6333),

  1. PPPoe as above (VLAN7)
  2. package 'ds-lite' is needed
  3. the aftr address is negotiated automatically (at least since 19.07) by giving '::' as value.
  4. note: that an interface 'WAN6_4' will apprear in LUCI, which is created dynamically upon connection.
config interface 'wan'
        option ifname 'eth0.7'
        option proto 'pppoe'
        option password 'test123'
        option username '1und1/ui1234-567@t-online.de'
        option ipv6 '1'

config interface 'wan6'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option ifname 'pppoe-wan'

config interface 'wan4'
        option proto 'dslite'
        option peeraddr '::'
        option ifname 'wan'
        option encaplimit 'ignore'
        option mtu '0'
        option tunlink 'wan6'

(ifnames in example for router with external modem)

note: WAN-mtu could be 1452, but ds-lite module currently sets 1280 (as of 19.07.4), even if option 'mtu' is specified in the config above. For a hotfix: add to the end of hotplug-script

/etc/hotplug.d/iface/00-netstate [..]

if [ ifup = "$ACTION" ] && [ wan6_4 = "$INTERFACE" ] ; then
        ip link set ds-wan6_4 mtu 1452
fi

Vodafone SIRO 1G

* igmpproxy need to be installed for TV for my setup im using separated interface for STB, you can connect your and into LAN (but then plz change configuration of igmpproxy to point to LAN instead of eth3) config files:

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda0:8093:6a4c::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'
	option stp '1'
	option igmp_snooping '1'
	option ifname 'eth1 eth3'

config interface 'wan'
	option proto 'pppoe'
	option ifname 'eth0.10'
	option username 'VODAFONE_ROUTER_SERIAL@vfieftth.ie'
	option password 'broadband'
	option ipv6 'auto'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'


config interface 'iptv'
	option proto 'dhcp'
	option delegate '0'
	option broadcast '1'
	option defaultroute '0'
	option ifname 'eth0.10'

config interface 'stb'
	option proto 'static'
	option ifname 'eth2'
	option type 'bridge'
	option igmp_snooping '1'
	option ipaddr '192.168.2.1'
	option ip6assign '64'
	option netmask '255.255.255.128'

/etc/config/igmpproxy

config igmpproxy
	option quickleave 1
#	option verbose [0-3](none, minimal[default], more, maximum)

config phyint
	option network iptv
	option zone wan
	option direction upstream
	list altnet 0.0.0.0/0

config phyint
	option network stb
	option zone lan
	option direction downstream

Tiscali uses the following ADSL PPPoA connection settings: https://assistenza.tiscali.it/internet-telefono/modem/guida/parametri-connessione. In order to configure the connection and bring up the dsl port after having flashed the firmware you have to follow these steps:

  1. Check if there is a configuration entry that bridges the LAN and the dsl port by accessing the router in its default IP address, then in the LuCi menu “Interfaces”, tab “atm bridges”, delete any entry.
  2. In the tab “DSL” set Annex = Annex A G.992.1
  3. in the aforementioned tab set tone = auto
  4. set Encapsulation mode = ATM
  5. set DSL lne mode = “ADSL”
  6. leave Downstream SNR offset = 0.0db
  7. leave Firmware File with no entry.

NOTE: there`s no need to upload a firmware or specify its path: the DSL connection works even if you leave it blank.

Then, in the “interface” menu, if not already present, create an interface, with these specifications, beginning from the “General Settings” tab:

  1. Protocol = PPPoATM
  2. Bring Up on Boot = 1
  3. PPPoA Encapsulaltion = VC-Mux
  4. ATM device number = 0 (leave default)
  5. VCI = 35
  6. VPI = 8
  7. PAP/CHAP user = yourISPmail
  8. PAP/CHAP password = yourPassword

Then, proceeding to “Advanced Settings” tab:

  1. Use Built in IPv6 Management = 0
  2. Force Link = 1
  3. Obtain IPv6-Adress = disabled
  4. Use Default Gateway = 1
  5. Use DNS advertised by Peer = 1
  6. leave every other settings to default

NOTE: if you want, you can set the “Use DNS advertised by Peer” to disabled: you can enter the IP address of your favorite DNS provider.

Finally, you have to assign the firewall zone in the “firewall setting” tab. For security reasons you should assign it to the WAN zone.

A sample config should look like in OpenWrt version 19.07:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config dsl 'dsl'
	option ds_snr_offset '0'
	option annex 'admt'
	option xfer_mode 'atm'
	option line_mode 'adsl'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.1'

config device 'lan_eth0_dev'
	option name 'eth0'
	option macaddr 'XX:XX:XX:XX:XX:XX'

config interface 'wan'
	option ifname 'dsl0'
	option proto 'pppoa'
	option vpi '8'
	option encaps 'vc'
	option vci '35'
	option password 'YourISPpassword'
	option username 'YourISPUsername'
	option atmdev '0'
	option ipv6 '0'
	option delegate '0'
	option peerdns '1'

config device 'wan_dsl0_dev'
	option name 'dsl0'
	option macaddr 'XX:XX:XX:XX:XX:XX'

IMPORTANT: in the aforementioned configuration there`s a LAN bridge between two entries. This bridge has been created during the openWrt firmware installation because the target device is a Netgear DM200 modem/router with only one dsl interface and only one LAN port.

This brand new ISP in Italy is pretty easy to set up, and it is compliant to Italian law about the utilization of your own (compatible) modem/router. Also ipv6 works and ipv4 The only thig to setup is a PPPOE connection with a 835 vlan on the wan port. Note that user and password are not necessary for authentication and can be whatever.

With OpenWrt 21.02 (with DSA):

config interface 'wan'
	option proto 'pppoe'
	option username 'aruba'
	option password 'aruba'
	option ipv6 'auto'
	option device 'wan.835'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

With OpenWrt 19.07 (with swconfig):

config interface 'wan'
    option ifname 'eth0.835'
    option proto 'pppoe'
    option username 'aruba'
    option password 'aruba'
    option ipv6 'auto'

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

You can connect the WAN port of your router directly to the fiber termination box delivered by KPN using RJ-45. Internet will be delivered on VLAN 6 using PPPoE. The username/password combination is internet/internet. To get 1500 MTU (PPPoE is 1492 default due to 8 bytes overhead) you need to set the WAN port's MTU to 1508 bytes and then set the PPPoE interface to 1500 bytes. KPN is compliant with RFC4638.

This is an example configuration of /etc/config/network with eth1 as the WAN port:

config device
	option name 'eth1'
	option mtu '1508'

config device
	option type '8021q'
	option ifname 'eth1'
	option vid '6'
	option name 'eth1.6'

config interface 'wan'
	option proto 'pppoe'
	option device 'eth1.6'
	option username 'internet'
	option password 'internet'
	option mtu '1500'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'
	option ipv6 '1'
	option metric '1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'pppoe-kpn'
	option reqaddress 'none'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2001:4860:4860::8888'
	list dns '2001:4860:4860::8844'
	option metric '0'

Many DSL and Fiber ISPs use these settings. At least Telfort, Oxxio and Tweak use these. KPN, XS4ALL and Ziggo don't. Tweak provides settings for xDSL and glassfiber. They use VLAN tagging and IPoE protocol - so DHCP in OpenWrt.

VDSL

The network protocols are layered in this way:

  1. VDSL link (Annex B, Profile 17a, Line mode G.993.2)
  2. PTM (Packet Transfer Mode)
  3. Ethernet with VLAN 34
  4. IPTV with VLAN 4

A sample config for VDSL would look like in OpenWrt 18.06.1 r7258-5eb055306f

config atm-bridge 'atm'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'
        option vci '34'
        option vpi '0'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'dsl0.34'
        # option ifname 'ptm0.34' # LEDE 17
        option type 'bridge'        

A sample config for VDSL would look like in OpenWrt 19.07.6, r11278-8055e38794

config dsl 'dsl'
	option tone 'av'
	option annex 'b'
	option xfer_mode 'ptm'
	option line_mode 'vdsl'
	option ds_snr_offset '0'

config interface 'wan'
	option ifname 'dsl0.34'
	option proto 'dhcp'

Glassfiber

A sample config for Ethernet with VLAN 34 would look like

config interface 'wan'
        option ifname 'wan.34'
        option proto 'dhcp'
        option hwaddr 'AA:FB:BB:D7:CC:05'

config interface 'wan6'
        option ifname 'wan.34'
        option proto 'dhcpv6'
        option hwaddr 'AA:FB:BB:D7:CC:05'

Please note that the MAC address has to be set to a real one, this address is present on the physical Experia box, as well as visible via its web interface on the status page.

XS4ALL is another ISP from KPN like Telfort. They offer DSL and FTTH connections. For DSL it is possible to use your own router, but since latest techniques use profile 35b to get 200+ Mbit speeds over a single line, it's better (for speed) to put the provided FritzBox in bridge mode and use OpenWrt as if directly on FTTH connection.

Internet

FTTH (Fibre) and VDSL connections result in VLANs 6, and 4. That is, connecting the ethernet cable from the fibre's NTU or from the bridged VDSL modem, to your WAN port does nothing by itself. Internet is provided over a PPPoE connection over VLAN6, username and password don't matter here, as long as they are set. Thus, to bring up your WAN device which gets your public IP addresses (XS4ALL does both IPv4 and IPv6), configure like this:

config interface 'wan'
    option ifname 'eth0.6'
    option proto 'pppoe'
    option username 'FB7581@xs4all.nl'
    option password '1234'
    option ipv6 'auto'
    option mtu '1508'  # only works for FTTH since FritzBox doesn't support higher MTU

config interface 'wan6'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option ifname '@wan'

Telephony

If you use telephony and use FTTH, easiest is to connect the (unused) provided FritzBox as regular client to your OpenWrt lan. You can configure the FritzBox to take internet from there and provide telephony (which is just SIP).

IPTV

If you use TV, in the old setup (before March 2019) you could just bridge VLAN4 to your STBs (the black receivers provided by XS4ALL): this is called bridged mode. Since March 2019, bridged mode is no longer provided and instead, routed mode has to be setup. The obvious change visible is the additions of “interactive TV” in the STBs. Routed mode, is much like described in IPTV / UDP multicast. It has a small specific twist for XS4ALL though. The official documentation for this can be found at XS4ALL's modem setup (Dutch).

For this to work, you need to install igmpproxy. For clarity, we use 3 different zones: wan, iptv and stbitv.

  • wan: the ordinary internet connection, used for “interactive” features (e.g. YouTube)
  • iptv: VLAN4-based connection, mostly used for multicast based live-streams, and STB software, some 10.200.x.x/22
  • stbitv: the (client) network with the STBs in them, in this example 10.3.0.0/24

First, configure an interface, DHCP client for iptv, the VLAN 4 interface. Important, it needs to set Vendor Class Identifier to IPTV_RG, and ignore any default gateway or dns servers advertised. The DNS is bogus (per the docs), the default route is what we don't want to use, because we want to use our real internet connection. In the DHCP reply is an additional route, you don't see this in luci, but it's correctly added to your routing table, and it basically includes all the traffic that needs to go over VLAN 4. This is basically why we don't need the default route.

config interface 'iptv'
    option type 'bridge'
    option ifname 'eth0.4'
    option proto 'dhcp'
    option defaultroute '0'
    option peerdns '0'
    option vendorid 'IPTV_RG'

Also create a firewall zone for this interface, that sets masquerading (like wan, we need to NAT some traffic over this interface):

config zone
    option name 'iptv'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option network 'iptv'
    option masq '1'
    option mtu_fix '1'
    option forward 'REJECT'

Next, configure a new interface for the STBs. I isolated them on their own VLAN 7, but I think you could also plug them into an existing client network. Since there will be multicast traffic over this, you do want to separate the traffic using igmp snooping. Ensure you enable this, and if you use switches inbetween that they also enable this, else you'll flood your entire network. This is particularly bad if you have wlans in your network. The following is just what I used for this description.

config interface 'stbitv'
    option type 'bridge'
    option proto 'static'
    option ifname 'eth0.7'
    option ipaddr '10.3.0.1'
    option netmask '255.255.255.0'
    option igmp_snooping '1'

The STBs don't need any special DHCP tricks, so you just need to hand out IPs in the normal way. Only IPv4 is supported. Create firewall zone for this network, and “glue” that zone together with the iptv and wan zones, such that traffic can go both ways:

config zone
    option input 'ACCEPT'
    option forward 'REJECT'
    option output 'ACCEPT'
    option name 'stbitv'
    option network 'stbitv'

config forwarding
    option dest 'wan'
    option src 'stbitv'

config forwarding
    option dest 'iptv'
    option src 'stbitv'

Now, the last remaining bit needs to be done, which is forwarding the multicast packets that the STBs request. Since the OpenWrt router now is the terminating node as seen from the XS4ALL network, any multicast traffic arriving at the router, needs to be forwarded to the STB in the network that requested it. This is done by igmpproxy. For the proxy, upstream is the XS4ALL network, downstream the STBs in the client network. Quickleave feature is necessary to quickly terminate unnecessary streams (happening when switching between channels, “zapping”). As such, the following configuration is sufficient:

config igmpproxy
    option quickleave 1

config phyint
    option network iptv
    option zone iptv
    option direction upstream
    list altnet 0.0.0.0/0

config phyint
    option network stbitv
    option zone stbitv
    option direction downstream

Final remaining thing is to enable and start igmpproxy using /etc/init.d/igmpproxy enable and /etc/init.d/igmpproxy start.

Once you applied all this, ensure you got a 10.200.x.y IP address on the iptv interface. Check with netstat -rn that there is a route for destination 213.75.112.0 (could be slightly different) added with gateway your 10.200.x.1 IP address. Interface should be br-iptv if you followed above example. If that seems ok, and igmpproxy is running, shutdown your STBs and restart them. They should come up quite normal and settings/system should now report “routed mode”. If you get any errors reported by the devices, check the multicast traffic gets forwarded (it attempts this while STB boots) using tcpdump or something. Also check if regular internet works correctly from the STB client network.

  1. open Network → Interfaces
  2. edit your WAN device
  3. change Protocol to PPPoE then click on the button Switch protocol
  4. open the Device combo box and type 'eth0.6'
  5. enter PPP/CHAP username '98-42-xx-xx-xx-xx@internet' (use your KPN router MAC address), PPP/CHAP password 'ppp'
  6. hit Save
  7. in the Devices tab change the MAC address of eth0.6 to match your KPN router MAC address (this might be optional)
  8. hit Save&Apply
  9. if the WAN interface is in error state then reboot the modem

The WAN MTU will be 1492, don't try to change it, no other values work. A WAN_6 virtual dynamic interface will appear upon successful connection; you can delete any other WAN device and reset any other unused eth0 virtual device.

First put the modem in bridge mode (disabled routing options) via this website. Then use the following network config:

config interface 'wan'
	option proto 'dhcp'
	option device 'eth1'
	option hostname '*'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'eth1'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2001:4860:4860::8888'
	list dns '2001:4860:4860::8844'

Remove the 'peerdns' and 'list dns' if you want to use Ziggo's DNS servers. These servers, however, do impose censorship on certain domains.

config interface 'wan'
        option proto 'dhcp'
        option device 'wan.10'
        option hostname '*'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'wan.10'
        option reqaddress 'try'
        option reqprefix 'auto'

config device
        option type '8021q'
        option ifname 'wan'
        option vid '10'
        option name 'wan.10'

GlobalConnect Pack

This enterprise VoIP and Internet services package includes a Thomson/Technicolor gateway which can be configured (by the tecnician only) in bridge mode, at installation time. In this configuration, the connection presents itself untagged at the gateway's switch port 4. The Internet service is somewhat unusual, in the sense that it requires IP aliasing (it allows the provider to spare one public IP address per connection). The addressing is static, and the configuration provided is (as an example) something along these lines:

  • Local WAN IP: 100.64.194.2
  • Remote WAN IP: 100.64.194.1
  • Internet IP: 62.10.20.30/32

Both the Local and Remote WAN IP addresses belong to a /30 subnet. Inbound traffic arrives at the interface with the Internet IP address as the destination. To configure this connection on an OpenWrt device (let's assume interface eth1), on /etc/config/network, we need:

config interface 'wan'
	option ifname 'eth1'
	option proto 'static'
	list ipaddr '62.10.20.30/32'
	list ipaddr '100.64.194.2/30'
	option gateway '100.64.194.1'

Now, since the addressing is static, we can do source NAT instead of masquerading. To do so, we configure /etc/config/firewall as follows:

config nat
	option name 'MEO SNAT'
	option device 'eth1'
	option snat_ip '62.10.20.30'
	option src 'wan'
	option target 'SNAT'

Orange Slovensko (the owner is France-based multinational telecommunications company Orange S.A.) offers FTTH service for their customers through the end CPE device.

FTTH (Fiber)

Orange Slovensko uses the same IPv6 /64 prefix delegation method as AT&T does.

At the present moment (August 2022) there is no known way to get a /60 or /62 IPv6 prefix delegated from the LAN port of the operator's CPE device. It is only possible to send a multiple PD requests, and to get a pool of multiple /64 blocks to have them assigned into different LAN interfaces on the downstream device. So, it is possible to use these obtained /64 subnets within your OpenWrt configuration and downstream client subnets or VLANs.

Initial discussion and working OpenWrt configuration with the Orange Slovensko CPE device can be found in this post: Link to owrt forum.

Сonfiguration details are similar to the AT&T ISP configuration: all the 'magic' will be achieved by the kmod-macvlan that allows to create multiple wan6 virtual interfaces (hence to request and obtain multiple IPv6 /64 blocks), and to assign these virtual wan6 interfaces into appropriate DHCPv6 clients via ip6class and ip6assign 64 settings.

DIGI uses PPPoE for FTTH connections, just need to call to their support number and ask for the authentication data. They offer optionaly VoIP but at the date they don't provide a way to configure, you must use the provided router if you want to have VoIP.

FTTH (Fiber)

These settings are over a DSA switch and then over swconfig. You just need to, set VLAN 20 over WAN port and then configure the VLAN in the wan interface with PPPoE and the authentication data provided by technical support. No need to clone MAC address.

DSA:

Just set a VLAN 20 device over the wan port and then set the device for wan interface with the PPPoE authentication data.

config device
	option type '8021q'
	option ifname 'wan'
	option vid '20'
	option name 'wan.20'

config interface 'wan'
	option device 'wan.20'
	option proto 'pppoe'
	option username '*********@digi'
	option password '********'
	option ipv6 'auto'

With ipv6 auto a virtual interface wan_6 is spawned. If you want to rename it to wan6 or configure specific settings there is a way but out of scope in this page so you can refer to Native IPv6 connection.

swconfig:

You must check the switch name and also the eth# you have for the wan port, in this example switch0 and eth0:

config interface 'wan'
	option device 'eth0.20'
	option proto 'pppoe'
	option username '*********@digi'
	option password '********'
	option ipv6 'auto'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '1t 6t'
	option vid '20'

With ipv6 auto a virtual interface wan_6 is spawned. If you want to rename it to wan6 or configure specific settings there is a way but out of scope in this page so you can refer to Native IPv6 connection.

WIP: Vodafone doesn't provide PPPoE data, you must, capture it by factory resetting the router, accessing it with generic auth data over internet, configuring port mirroring for the ppp interface to lan1 port and then with wireshark or the tool you want get the autoconfiguration data when you plug the ont rj45 or fiber cable to the router. This can be done for their non-integrated and integrated ont actual routers.

Turknet uses PPPoE for both ADSL and VDSL connections.

VDSL

These settings based on this post Link to owrt forum

config dsl 'dsl'
	option annex 'b'
	option xfer_mode 'ptm'
	option line_mode 'vdsl'

config interface 'wan'
	option proto 'pppoe'
	option username '***************@turk.net'
	option password '****'
	option mtu '1492'
	option ifname 'dsl0.35'  # VLAN ID: 35

ADSL

config dsl 'dsl'
	option annex 'a'
	option xfer_mode 'atm'
	option line_mode 'adsl'

config atm-bridge 'atm'
	option encaps 'llc'
	option payload 'bridged'
	option vci '35'
	option vpi '8'

config interface 'wan'
	option proto 'pppoe'
	option username '***************@turk.net'
	option password '****'
	option mtu '1492'
	option ifname 'dsl0' 

Turk Telekom (a major ISP in Turkey, also known with the name TTNET) provides FTTH and FTTB services through PPPoE with VLAN tagging. You can ask customer support for your PPPoE username and password.

VLAN tagging is usually as follows:

  • VoIP: VLAN 46
  • Internet: PPPoE over VLAN 35
  • IPTV: VLAN 55 for tivibu

A sample config should look like on OpenWrt 21.02 (with DSA):

config interface 'wan'
    option device 'wan.35'
    option proto 'pppoe'
    option username 'xxxxxxx'
    option password 'xxxxxxx'
    option ipv6 'auto'

config device
    option name 'wan.35'
    option type '8021q'
    option ifname 'wan'
    option vid '35'

Turkcell Superonline provides FTTH and FTTB services through PPPoE with VLAN tagging. In addition, you have to spoof the WAN MAC address of the stock router.

VLAN tagging is usually as follows:

  • Internet: PPPoE (They only allow registered MAC addresses to authenticate with PPPoE. So you need to clone the WAN MAC address of the stock router)
  • IPTV: VLAN 103 (Priority 4) for TV+

A basic WAN config should look like on OpenWrt 21.02 and up w/ DSA:

config interface 'wan'
	option device 'wan'
	option proto 'pppoe'
	option username 'xxxxxxxxxxxx@fiber'
	option password 'xxxxxxx'
	option ipv6 'auto'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'

config device
	option name 'wan'
	option macaddr 'XX:XX:XX:XX:XX:XX'

Note: Turkcell Superonline does not share PPPoE credentials with you. So you have to capture them yourself from the stock router first.

The information below is reproduced from the 'OpenWrt/LEDE Installation Guide for the BT Home Hub 5A', which can be downloaded from: Ebilan forum Dropbox mirror

  • ADSL LINK
  • Annex A, Tone A
  • ATM
    • VPI (Virtual Path Identifier): 0
    • VCI (Virtual Channel Identifier): 38

Configuration examples for LEDE 17 and OpenWrt 18.

Virtually all ISPs in the UK use PPPoA protocol.

config dsl 'dsl'
    option annex 'a'
    option tone 'a'
    option xfer_mode 'atm'
    option line_mode 'adsl'

config interface 'wan'
    option proto 'pppoa'
    option username 'your username'
    option password 'your password'
    # option username 'bthomehub@btinternet.com' # BT ADSL
    # option password ' ' # Apparently requires any non-empty password such as a space character or 'BT'
    # option username 'install@o2broadband.co.uk' # Sky and NOW ADSL on ex-o2 enabled exchanges.
    # option password ''
    option vpi '0'
    option vci '38'
    option encaps 'vc'
    option ipv6 'auto' 

Ensure that ATM Bridge section has been deleted, otherwise PPPoA will not connect to broadband service. It can be deleted using LuCI.

config atm-bridge 'atm' # Remove entire section for PPPoA

BT group also supports PPPoE protocol.

config dsl 'dsl'
    option annex 'a'
    option tone 'a'
    option xfer_mode 'atm'
    option line_mode 'adsl'

config atm-bridge 'atm'
    option encaps 'llc'
    option payload 'bridged'
    option vci '38'
    option vpi '0'

config interface 'wan'
    option ifname 'dsl0'
    # option ifname 'nas0' # for LEDE 17.01
    option proto 'pppoe'
    option username 'your username'
    option password 'your password'
    # option username 'bthomehub@btinternet.com' # BT ADSL
    # option password ' ' # Apparently requires any non-empty password such as a space character or 'BT'

The network protocols are layered in this way:

  • VDSL link (17a profile, G.993.5)
  • PTM (Packet Transfer Mode)
  • Annex B, Tone A
  • VLAN 101 (GEA lines use VLAN 2 for voice)

Aquiss uses the PPPoE protocol with authentication required.

IPv6 is supported but disabled by default. Once a line goes active, you will need to enable IPv6 within the Aquiss ebilling area and wait for a prefix to be assigned.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option ipv6 '1' # Aquiss has IPv6 but it needs to be enabled on your line first. Replace '0' to disable IPv6
    option mtu '1458'
    option username 'abb-username@aquiss.com'
    option password 'XXXXXXX' # Provided by email or avaiable in Aquiss ebilling area (Circuit information)

BT Broadband uses PPPoE protocol.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option ipv6 '1' # BT Broadband has IPv6. Replace '0' to disable IPv6
    option mtu '1500'
    option username 'bthomehub@btinternet.com'
    option password ' ' # Apparently requires any non-empty password such as a space character or 'BT'.

EE uses PPPoE protocol.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option ipv6 '0' # EE has no IPv6. Replace '1' to enable IPv6
    option mtu '1492'
    option username '56@fs' ' # see https://ee.co.uk/help/help-new/broadband-and-landline/home-broadband/what-are-my-home-broadband-internet-settings
    option password 'XXXXX' # password that came with your EE router

Shell Energy *fibre* (G.993.2=VDSL2) uses the PPPoE protocol:

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option username '<username>' # this is usually "<yourTel>@first-utility.com"
    option password 'XXXXX' # password that came with your shell energy router

(Shell Energy *copper* (G.992.5=ADSL2+) uses PPPoA. For this, see the generic United Kingdom ADSL section above.)

Sky and NOW Broadband use DHCP aka. IPoE. Refer to following thread for additional instructions:

SkyUser - obsolete instructions

OpenWrt forum - newer instructions - see example config below Additional info for NOW Broadband

config dsl 'dsl'
        option annex 'b'
        option tone 'a'
        option xfer_mode 'ptm'
        option line_mode 'vdsl'


config interface 'wan'
        option ifname 'dsl0.101'
        # option ifname 'ptm0.101' # for LEDE 17.01
        option proto 'dhcp'
        option clientid 'anythingYouLike'   # Update: it may have to be in hexadecimal and/or of a minimum length
#        option macaddr 'AA:BB:CC:DD:EE:FF'  # optional, replace with your Sky/NOW hub's WAN mac if included

config device 'wan_dev'
        option name 'dsl0'

config interface 'wan6'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option ifname 'dsl0.101'
        option delegate '1'

TalkTalk uses DHCP protocol. They use automated network authentication so there is no need for a username and password - IGMP V2/V3 proxy needs to be installed for TalkTalk TV for my setup im using separated LAN interface for this.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'dhcp'
    option mtu '1500'
    option ipv6 '0' # TalkTalk has no IPv6 support. Replace '0' to '1' to enable IPv6 for feature

Vodafone UK uses PPPoE protocol with authentication needed.

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option ipv6 '0' # Vodafone UK has no IPv6. Replace '1' to enable IPv6
    option mtu '1492'
    option username 'XXX@broadband.vodafone.co.uk'
    #option username 'XXXX@businessbroadband.vodafone.co.uk # for business customers
    option password ' XXXXXX' # Need password for auth

Zen Internet uses PPPoE protocol with auth (Username and Password)

config dsl 'dsl'
    option annex 'b'
    option tone 'a'

config interface 'wan'
    option ifname 'dsl0.101'
    # option ifname 'ptm0.101' # for LEDE 17.01
    option proto 'pppoe'
    option ipv6 '1' # Zen has IPv6. Replace '0' to disable IPv6
    option mtu '1500'
    option username 'zenXXXXXX@zen'
    option password ' XXXXXX' # Need password for auth, can get this info from Zen Customer Portal or Mobile App.

Openreach Full Fibre (FTTP)

Openreach (a subsidiary owned by BT plc) provides fibre optic broadband to the home, with various ISPs reselling Openreach services to end users. Any provider using the Openreach FTTP network requires an ONT (Optical Network Terminal) device fitted by Openreach to provide the fibre connection to the premises. This acts as the modem that will then connect to some form of CPE or router at the customer end via ethernet.

Aquiss

Aquiss uses PPPoE and DHCPv6. A standard PPPoE network interface with your Aquiss abb-xxxxxx@aquiss.com and password should get you connected with your IPv4 address. IPv6 (if enabled) will be automatically configured by a virtual interface with Obtain IPv6 address set to Automatic. You can alternatively set this to manual and create your own alias interface if required.

IPv6 must be enabled on the broadband line within the Aquiss ebilling system with a prefix delegated before configuring IPv6.

Alternative networks

Outside of Openreach other connection providers in the UK are referred to as alternative networks (alt-nets), these include:

  • City Fibre
  • HyperOptic
  • Giganet
  • Virgin Media (Uses both HFC and FTTP in some areas with DOCSIS)
City Fibre

City Fibre provide fibre networks to business and residential customers, with selected ISPs reselling the connection to end users. These include ISPs such as Vodafone, Giganet, TalkTalk and Zen Internet.

VLAN: all traffic on the CityFibre network must be tagged as VLAN 911 or traffic will not flow.

Giganet

Giganet are a CityFibre and BT Openreach fibre reseller. They provide IPv4 and IPv6 connectivity to business and residential customers. They provide a static IPv4 address and a static IPv6 router address, with a /48 prefix for the client's network.

DHCPv6 is used to IPv6 prefix delegation, but the IPv6 prefix must be released by the router before the prefix will be issued again to either the same router or to another router. If this doesn't happen, an error of NoPrefixAvail during DHCPv6 negotiation, and odhcpd will complain that there is a local route, but no prefix, so it doesn't issue IPv6 addresses to LAN clients.

AT&T Internet no longer offers DSL connections, but is offering FTTH service in certain markets.

Fiber

These settings based on this post Link to owrt forum

AT&T Fiber connectivity with OpenWrt is most easily achieved via setting the AT&T gateway device into “IP passthrough” mode. The IP passthrough mode type should be set as DHCPS-fixed with the passthrough fixed MAC address set to the MAC address of the WAN interface to which your OpenWrt device is connected to the AT&T gateway device. In this configuration you will not be operating in a double-NAT mode as you would if you use the DHCPS-dynamic type of passthrough.

Additionally, if you intend for the AT&T gateway device to act as transparently as possible while allowing your OpenWrt device to perform all typical firewall, NAT, and routing functions, you will also want to disable packet filters and turn off all firewall advanced features within your AT&T gateway device's Firewall settings sections. This may vary by AT&T gateway model, so please refer to available guides online as to how to disable those features for your particular AT&T gateway device.

By default, AT&T enables IPv6 connectivity, but AT&T's IPv6 handling is suboptimal in that while it is DHCPv6-PD, the IPv6 subnet they provide to each customer is a /60 instead of a more desireable /56 (or even /48). Further, the AT&T gateway device is assigned the /60 prefix delegation (PD) and it does not pass that /60 PD down to the passthrough connected device. The AT&T gateway reserves eight (8) of the sixteen (16) /64 subnets within the /60 (64 - 60 = 4, so 2^4 = 16) for its own purposes. However, while certainly not as straight-forward as a true /56 PD granted to the OpenWrt WAN interface, it is possible to still use the remaining eight (8) /64 subnets within your OpenWrt configuration and downstream client subnets.

In order to achieve the goal of requesting the additional /64 subnets from the PD, a separate /64 PD request must be sent to the AT&T gateway device, with a unique MAC address, for each /64 you wish to obtain. To meet this objective with odhcp6c, you need to create additional devices and interfaces stemming from the OpenWrt WAN interface. This requires kmod-macvlan:

opkg update && opkg install kmod-macvlan

With kmod-macvlan installed, in your /etc/config/network file create a 'macvlan' type device for each /64 subnet you wish to pull from the AT&T gateway. In this example, we will pull and use three /64 subnets, each for a separate client VLAN/subnet that OpenWrt handles:

Note: The 'macaddr' values in this example are arbitrary and can be set to any MAC address you choose. The key is to ensure each is unique within your entire OpenWrt device.

config device 'vwan1'
	option name 'vwan1'
	option type 'macvlan'
	option ifname 'eth0'
	option macaddr '70:e7:cf:ae:f2:00'

config device 'vwan2'
	option name 'vwan2'
	option type 'macvlan'
	option ifname 'eth0'
	option macaddr '70:e7:cf:ae:f2:01'

config device 'vwan3'
	option name 'vwan3'
	option type 'macvlan'
	option ifname 'eth0'
	option macaddr '70:e7:cf:ae:f2:02'

The next step is to create a corresponding interface for each of the newly added devices. Again, in this example we are creating three where one is for 'LAN', one is for 'GUEST', and the third is for 'IOT':

config interface 'WAN6LAN'
	option proto 'dhcpv6'
	option peerdns '0'
	option device 'vwan1'
	option reqprefix '64'
	option reqaddress 'none'

config interface 'WAN6GUEST'
	option proto 'dhcpv6'
	option device 'vwan2'
	option reqprefix '64'
	option peerdns '0'
	option reqaddress 'none'

config interface 'WAN6IOT'
	option proto 'dhcpv6'
	option device 'vwan3'
	option reqaddress 'none'
	option reqprefix '64'
	option peerdns '0'

Finally, each of the client subnet interfaces needs to be set to hand out IPv6 addresses from its corresponding WAN6* IPv6 pool. This is achieved by using the list ip6class setting and option ip6assign option for a client facing interface in /etc/config/network:

config interface 'LAN'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.1'
	option device 'eth1'
	list ip6class 'WAN6LAN'
	option ip6assign '64'

config interface 'GUEST'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.9.1'
	option device 'eth1.9'
	list ip6class 'WAN6GUEST'
        option ip6assign '64'

config interface 'IOT'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.99.1'
	option device 'eth1.99'
	list ip6class 'WAN6IOT'
        option ip6assign '64'

Bonus step: Because you no longer will be assigning addresses based on your WAN interface's PD, you can disable the request to pull a PD on your WAN interface by adding this to your /etc/config/network file (on your WAN interface):

option reqprefix 'no'

Your WAN interface will still request a usable IPv6 (SLAAC) address from the AT&T gateway for OpenWrt purposes.

  1. Connect to box:
    ssh root@192.168.1.1
  2. (optional) Patch DSL Firmware to appropriate Annex (not at all boxes):
    cd /lib/firmware/
    ls
    bspatch lantiq-vrx200-a.bin firmware-b.bin lantiq-vrx200-a-to-b.bspatch

    Note that since March 2016, manually patching the “annex a” firmware is not necessary. Simply include:

    config dsl 'dsl'
      option annex 'b'

    in /etc/config/network, and the “annex a” firmware will be "automagically" patched when the wan interface is created.

  3. set Annex:
    vi /etc/config/network
    
    config dsl 'dsl'
    	option annex 'j'	# try 'b' or 'j' in Germany/Austria
    	option firmware '..'	# (optional) set to '/lib/firmware/firmware-b.bin'

    vi press: [d] → delete line; [i] → insert mode; [ESC] → [:] → [w][q] → [return] → write and quit

  4. Connect DSL → f.e. Germany: TAE middle port to box DSL port (cable both middle pins populated)
  5. Restart DSL-modem:
    /etc/init.d/dsl_control restart

    O²Box6431: did not need box reboot / SpeedportW504VTypeA: had to reboot box for DSL connection

  6. Check if firmware is loaded (if Annex is already set right there will be more values), repeat a few times:
    (O²Box6431)
    root@OpenWrt:~# /etc/init.d/dsl_control status
    
    ATU-C Vendor ID:                          
    ATU-C System Vendor ID:                   
    Chipset:                                  Lantiq-VRX200
    Firmware Version:                         5.7.9.9.0.6
    API Version:                              4.17.18.6
    XTSE Capabilities:                        , , , , , , , 
    Annex:                                    
    Line Mode:                                
    Profile:                                  
    Line State:                               DOWN [0x200: silent]
  7. Check connection attempts - repeat a few times:
    /etc/init.d/dsl_control status
    
    Line State:
    
    DOWN [0x100: idle]
    DOWN [0x200: silent]
    
    [..]
    DOWN [0x300: handshake]
    
    [..]
    DOWN [0xff: idle request]
    
    [..]
    DOWN [0x300: handshake]
    
    [..till]
    UP [0x801: showtime_tc_sync]

    Try an other Annex if it loops between idle and handshake → f.e. O²Box6431: AnnexA not working due AnnexB/J in Germany → Patch DSL Firmware to appropriate Annex

  8. Working DSL connection (SpeedportW504VTypeA, O² DSL):
    /etc/init.d/dsl_control status	
    
    ATU-C Vendor ID:                          Broadcom 178.17
    ATU-C System Vendor ID:                   0F,00,4E,4F,4B,42,00,00
    Chipset:                                  Ifx-Danube
    Firmware Version:                         2.4.1.7.0.2
    API Version:                              3.24.4.4
    XTSE Capabilities:                        0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0
    Annex:                                    J
    Line Mode:                                G.992.5 (ADSL2+)
    Profile:                                  
    Line State:                               UP [0x801: showtime_tc_sync]
    Forward Error Correction Seconds (FECS):  Near: 0 / Far: 1
    Errored seconds (ES):                     Near: 0 / Far: 2
    Severely Errored Seconds (SES):           Near: 0 / Far: 0
    Loss of Signal Seconds (LOSS):            Near: 0 / Far: 0
    Unavailable Seconds (UAS):                Near: 60 / Far: 60
    Header Error Code Errors (HEC):           Near: 0 / Far: 81
    Non Pre-emtive CRC errors (CRC_P):        Near:  / Far: 
    Pre-emtive CRC errors (CRCP_P):           Near:  / Far: 
    Power Management Mode:                    L0 - Synchronized
    Latency [Interleave Delay]:               8.0 ms [Interleave]   7.50 ms [Interleave]
    Data Rate:                                Down: 19.926 Mb/s / Up: 1.901 Mb/s
    Line Attenuation (LATN):                  Down: 15.2 dB / Up: 24.2 dB
    Signal Attenuation (SATN):                Down: 13.8 dB / Up: 9.8 dB
    Noise Margin (SNR):                       Down: 6.1 dB / Up: 24.2 dB
    Aggregate Transmit Power (ACTATP):        Down: 18.2 dB / Up: 12.8 dB
    Max. Attainable Data Rate (ATTNDR):       Down: 19.956 Mb/s / Up: 1.901 Mb/s
    Line Uptime Seconds:                      418
    Line Uptime:                              6m 58s
  9. Set specific ISP Configuration → :!: VLAN for working WAN/Uplink
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/10/16 10:30
  • by ulpian