Bypassing Vodafone's FTTH router: part I Internet
We want to replace that boring Vodafone branded router with our full-featured tp-link Archer C7v2 running OpenWRT to manage our LAN and Internet access.
We don't know much about how all that FTTH stuff is configured, the fiber arrives to a little white box and then connects to the wan port of the router that we want to replace. There's also a iptv stb connected to a random LAN port.
You'll find lots of contradictory information on the net about vlans, pppoe and FTTH, your configuration may also change depending on your location. Lets gather some information with our Ubuntu laptop.
Just disconnect the WAN cable from the FTTH box and connect-it to our Ubuntu computer and launch tcpdump.
$ sudo tcpdump -i eth0 --vv -e vlan
19:24:25.345773 1a:3b:5c:cd:ef (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 24, p 0, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq "E0000ABCD00000"]
19:24:27.362832 1a:3b:5c:cd:ef (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 24, p 0, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq "E0000ABCD00000"]
19:24:31.368782 1a:3b:5c:cd:ef (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 60: vlan 24, p 0, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq "E0000ABCD00000"]
We can see that the router is trying to establish a PPPOE connection and sending a weird Host-Uniq tag with our router serial number E0000ABCD00000 to the VLAN 24. Maybe it's all we need to log-in, we can replicate that on OpenWRT.
We edit our /etc/config/network to change our vlans:
config switch_vlan option device 'switch0' option vlan '1' option ports '2 3 4 5 0' option igmp_snooping '1' config switch_vlan option device 'switch0' option vlan '24' option ports '1t 6t'
Our router has a configurable switch with 5 ports, 1 blue the one labeled as WAN and the rest are yellow meant for the LAN. Ports 0 and 6 are cpu ones and they appear as eth0 and eth1 on Openwrt. We can connect a CPU port to more than one lan if we tagg-it adding the t after the port number. In that case we will be able to use eth0 in vlan 24 using eth0.24 as our interface.
So let's run PPPoE and surf the net!
We edit our wan interface on /etc/config/network to use PPPoE and set that host_uniq tag. Note that we have to convert our host_uniq to hex, use your favorite online asccii2hex converter. ( don't have one? just google-it)
config interface 'wan' option ifname 'eth0.24' option proto 'pppoe' option ipv6 'auto' option host_uniq '4530303030414243443030303030'
So lets restart network and enjoy our broadband connection.
# /etc/init.d/network restart # logread -f 20:16:04 daemon.notice pppd: pppd 2.4.7 started by root, uid 0 20:16:04 daemon.info pppd: PPP session is 1 20:16:04 daemon.warn pppd: Connected to 00:00:1e:00:02:8e via interface eth0.24 20:16:04 kern.info kernel: [ 2365.660626] pppoe-wan: renamed from ppp0 20:16:04 daemon.info pppd: Using interface pppoe-wan 20:16:04 daemon.notice pppd: Connect: pppoe-wan <--> eth0.24 20:16:04 daemon.info odhcpd: Using a RA lifetime of 0 seconds on br-lan 20:16:07 daemon.notice pppd: peer from calling number 00:00:1E:00:02:8E authorized 20:16:07 daemon.info pppd: LCP terminated by peer 20:16:07 daemon.notice pppd: Modem hangup 20:16:07 daemon.notice pppd: Connection terminated. 20:16:07 daemon.info pppd: Sent PADT 20:16:07 daemon.info pppd: Exit.
As you can see Vodafone PPPoE server hasn't enough with our host_uniq tag and denies our connection. I found on the net that you can reset the router and sniff the configuration that's sent from Vodafone but that's too much work and we don't really need-it unless we want to get the voip configuration.
We need a way to to get that PPPoE user and password from our Vodafone router. Let's impersonate a PPPoE server on our ubuntu box and sniff the password. I got the idea from here.
Set-up a pppoe-server on ubuntu
We need a device to communicate in vlan 24 on eth0.
sudo apt-get install vlan sudo vconfig add eth0 24 # sudo ip addr add 10.0.0.1/24 dev eth0.24 sudo ip link set up eth0.24
Now impersonate the PPPoE server...
apt install -y pppoe tshark touch /etc/ppp/pppoe-server-options echo "require-pap" > /etc/ppp/pppoe-server-options echo "lcp-echo-interval 10" >> /etc/ppp/pppoe-server-options echo "lcp-echo-failure 2" >> /etc/ppp/pppoe-server-options echo "* * * *" > /etc/ppp/pap-secrets
All ready, connect the router wan port to our Ubuntu box and get the secrets:
/usr/sbin/pppoe-server -L 10.5.5.1 -R 10.5.5.10 -I eth0.24 -S yyf tshark -i eth0.24 -Y "pap.password" -l -T fields -e pap.peer_id -e pap.password
This will dump something like:
Now we can update our wan config with those values:
config interface 'wan' option ifname 'eth0.24' option proto 'pppoe' option ipv6 'auto' option host_uniq '4530303030414243443030303030' option username 'VFAB0000000000000@vodafone' option password 'AABBCCD0'
Restart our network /etc/network/restart and now we're done and surfing the web.