Easybox 904 xDSL OpenWrt installation

Installing and Using OpenWrt
1

Hey @Zuzia ,

I am still trying to use my EasyBox 904 xDSL on a 100/40 VVDSL-Access of a regional provider in germany.

Status
System
Hostname	EasyBOX
Model	Easybox 904xDSL
Architecture	xRX200 rev 1.2
Firmware Version	OpenWrt SNAPSHOT r16595-f4473baf6e / LuCI Master git-21.117.73295-1d44fec
Kernel Version	5.4.115
Local Time	2021-11-18 22:33:17
Uptime	4h 1m 27s
Load Average	0.19, 0.13, 0.15

Unfortunately I need to change IP-address to 192.168.230.2 instead of 192.168.1.1. I changed it via ssh in

/etc/config/network
/etc/config/uhttpd

To be honest I don't know what or if there is something wrong in /etc/config/dhcp

config dnsmasq                                                                  
        option localise_queries '1'                                             
        option local '/lan/'                                                    
        option domain 'lan'                                                     
        option expandhosts '1'                                                  
        option authoritative '1'                                                
        option readethers '1'                                                   
        option leasefile '/tmp/dhcp.leases'                                     
        list server '/162.159.200.1/127.0.0.1#5353'                             
        list server '127.0.0.1#5353'                                            
        option localservice '1'                                                 
        option localuse '1'                                                     
        option noresolv '1'                                                     
        option proxydnssec '1'                                                  
        option dnssec '1'                                                       
        option rebind_protection '1'                                            
        option dnsforwardmax '50'                                               
        option domainneeded '1'                                                 
                                                                                
config dhcp 'lan'                                                               
        option interface 'lan'                                                  
        option limit '150'                                                      
        option leasetime '12h'                                                  
        option force '1'                                                        
        option start '120'                                                      
        option ra 'server'                                                      
        option ra_management '1'                                                
        option dhcpv6 'server'                                                  
                                                                                
config dhcp 'wan'                                                               
        option interface 'wan'                                                  
        option ignore '1'                                                       
                                                                                
config dhcp 'wwan'                                                              
        option interface 'wwan'                                                 
        option ignore '1'

I can't remember, but changed also somewhere else from 192.168.1.1 to 192.168.230.2 the ip address.

Unfortunately I can't bring DHCP to work anymore. With standard ip 192.168.1.1 it offers the ip range from 192.168.1.100 to 192.168.1.150, but with changed ip address there is no possibility to bring it to work.

When I use static ip on my devices it works, but I also noticed it takes a long time after reboot until it is possible to be able to ping to google.de or something similar. It takes at least further 3 minutes after I can already ping 1.1.1.1. So I think there has to be some wrong configuration somewhere.

Here is my /etc/config/network


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option ipv6 '0'

config globals 'globals'
	option packet_steering '1'

config atm-bridge 'atm'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'
	option vci '32'
	option vpi '1'

config dsl 'dsl'
	option annex 'b'
	option xfer_mode 'ptm'
	option line_mode 'vdsl'
	option ds_snr_offset '0'
	option firmware '/lib/firmware/vr9-B-dsl_newest.bin'

config device
	option name 'eth0'
	option macaddr '88:03:55:e1:8f:b0'
	option ipv6 '0'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.230.2'
	option netmask '255.255.255.0'
	option ipv6 '0'
	list ifname 'eth0.1'
	list ifname 'eth0.66'
	option force_link '0'

config interface 'wan'
	option proto 'pppoe'
	option metric '20'
	option username 'USERNAME'
	option password 'PASSWORD'
	option ifname 'dsl0'
	option ipv6 'auto'

config device 'wan_dev'
	option name 'dsl0'
	option macaddr '88:03:55:e1:8f:bb'
	option peerdns '0'
	option dns '127.0.0.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option fid '1'
	option ports '0 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config switch
	option name 'switch1'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch1'
	option vlan '1'
	option ports '0 1 2 3 6t'

config device 'inic_dev'
	option name 'eth0.3'

config interface 'inic'
	option proto 'none'
	option ifname 'eth0.3'
	option ipv6 '0'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option fid '3'
	option ports '5 6t'

config device 'wlan_dev'
	option name 'eth0.66'
	option macaddr '88:03:55:e1:8f:bd'
	option ipv6 '0'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '66'
	option fid '4'
	option ports '5t 6t'

config interface 'hilink'
	option proto 'dhcp'
	option ipv6 '0'
	option metric '10'
	option ifname 'eth1'
	option delegate '0'
	option auto '0'

config interface 'upcwifree'
	option proto 'dhcp'
	option ipv6 '0'
	option auto '0'
	option ifname 'eth0.1'

config interface 'wwan'
	option proto 'dhcp'
	option ifname 'usb0'
	option ipv6 '0'
	option metric '10'
	option auto '0'

config interface 'umts'
	option proto '3g'
	option device '/dev/ttyUSB0'
	option service 'umts'
	option apn 'internet'
	option dialnumber '*99***1#'
	option ipv6 '0'
	option auto '0'
	option metric '10'

config interface 'PPTP'
	option proto 'pptp'
	option keepalive '0'
	option ipv6 '0'
	option auto '0'
	option server 'pl02.vpnonline.eu'
	option username 'twoj login'
	option password 'twoje haslo'
	option metric '10'

config interface 'TUN'
	option ifname 'tun0'
	option proto 'none'
	option delegate '0'
	option metric '10'
	option auto '0'

config interface 'wg0'
	option proto 'wireguard'
	option listen_port '55055'
	list addresses '10.9.0.1/24'
	option private_key '/='
	option ipv6 '0'
	option auto '0'

config wireguard_wg0
	option public_key '='
	option route_allowed_ips '1'
	list allowed_ips '10.9.0.3/32'
	option persistent_keepalive '25'
	option description 'android'
	option ipv6 '0'
	option auto '0'

config interface 'ipsec'
	option ifname 'ipsec0'
	option proto 'none'
	option defaultroute '0'
	option peerdns '0'
	option ipv6 '0'
	option auto '0'
	option metric '10'

config interface 'NCM'
	option proto 'ncm'
	option delegate '0'
	option device '/dev/ttyUSB0'
	option service 'preferlte'
	option pdptype 'IP'
	option apn 'internet'
	option ipv6 '0'
	option auto '0'
	option metric '10'

/etc/config/uhttpd


config uhttpd 'main'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option http_keepalive '0'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'
	option listen_http '192.168.230.2:80'
	option script_timeout '120'
	option max_requests '1'
	option network_timeout '40'

config cert 'defaults'
	option days '730'
	option key_type 'ec'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'
2

First of all, be aware that you've just leaked your private wireguard keys, which is highly dangerous and you should immediately rekey your device.

Your configuration is pretty complex, some things definitively look weird, but it's hard to see the wood for the trees… My suggestion would be to do a factory reset, configure the minimum (the VDSL connection) and then to slowly extends the bits and pieces you really need (wireguard and ipsec?).

3

Hey @slh , thanks for the hint, but anyway, I don't use wireguard for now and I will regenerate the keys.

To be honest I am a bit dissapointed that none is really trying to help to setup a proper odhcpd. I was very confused and I am still, but noticed it has a lot to do with dnsmasq.

After a while I found the problem:

In /etc/dnsmasq.conf I also needed to change the IP from 192.168.1.1 to 192.168.230.2

no-resolv                                                                       
#proxy-dnssec                                                                   
dnssec                                                                          
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE3
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
dnssec-check-unsigned                                                           
conf-file=/usr/share/dnsmasq/trust-anchors.conf                                 
server=127.0.0.1#5453                                                           
listen-address=127.0.0.1,192.168.230.2                                          
#except-interface=eth0.7                                                        
#except-interface=eth0.2                                                        
except-interface=pppoe-wan                                                      
port=5353                                                                       
local=/lan/                                                                     
domain=lan                                                                      
#interface=lo                                                                   
#interface=br-lan                                                               
#bind-interfaces                                                                
#bind-dynamic                                                                   
domain-needed                                                                   
bogus-priv                                                                      
#strict-order                                                                   
all-servers

finally I get again via DHCP on my devices IP-Adresses and correct gateway, but no DNS-Address. Could someone please let me know how or where I usually have to type it in and how it works with adblock? - I deactivated adblock.

I also saw that DNSSEC is activated for some reason.

When I try to type manually 1.1.1.1 for example I can't get the adresses solved, just if I type manually 192.168.230.2 than it works and is not satisfying at the moment. - Also I can't get full speed except of wired gigabit connection to the device, but with another wifi-ac-router connected with 867 Mbit/s and tested iperf3-througput to the EB904 I messured around 100 Mbit/s down and 90 -Mbit/s up, but just 25 Mbit/s down and 25 Mbit/s up into the internet.

With connected cable to EB904 I get around 81 Mbit/s down and 27 Mbit/s up. DSL-Rate is shown as here:

DSL
DSL Status
Line State:Showtime with TC-Layer sync
Line Mode:G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)
Line Uptime:14h 32m 53s
Annex:B
Data Rate:92.456 Mb/s / 28.823 Mb/s
Max. Attainable Data Rate (ATTNDR):89.555 Mb/s / 32.942 Mb/s
Latency:5.00 ms / 7.00 ms
Line Attenuation (LATN):8.8 dB / 7.8 dB
Signal Attenuation (SATN):9.0 dB / 7.7 dB
Noise Margin (SNR):7.8 dB / 9.6 dB
Aggregate Transmit Power (ACTATP):-14.7 dB / 12.3 dB
Forward Error Correction Seconds (FECS):67 / 1060
Errored seconds (ES):1 / 78
Severely Errored Seconds (SES):0 / 11
Loss of Signal Seconds (LOSS):0 / 4
Unavailable Seconds (UAS):151 / 151
Header Error Code Errors (HEC):0 / 0
Non Pre-emptive CRC errors (CRC_P):1 / 0
Pre-emptive CRC errors (CRCP_P):0 / 0
Power Management Mode:L0 - Synchronized
4

In my own testing with the eb904, I couldn't get beyond ~55 MBit/s on a 100/40 MBit/s VDSL2+vectoring line (while a bthub5 could achieve full speed with flow-offloading).

The complexity of your setup really makes it hard to find these issues, e.g. dnsmasq.conf is empty by default, in favour of a uci based dynamic comfiguration - I wouldn't have thought about that...

5

As far as I know XRX200 chipset is the same like in BThub5, which is also in my boxes somewhere, it should achieve the same results with kernel 5.4 and software-offloading which is hardware accellerated since kernel 4.1x something as far as I can remember... as I said, I just got 81 Mbit/s down with cable on it.

I am just not sure what to do which my ISP. I got my line just 2 days ago and an attenuation of < 10dB for the cuper line, gives me the impression it should achieve full speed with 100/40...

So any other ideas? - Btw. for now I achived the dns-problem solved with entry in /etc/config/dhcp:

config dhcp 'lan'                         
        option interface 'lan'            
        option start '100'                
        option limit '150'                
        option leasetime '12h'            
        list dhcp_option '6,192.168.230.2'

I mean it's not really nice, but it works somehow... Just wondering why the hell this is so freaking heavy compared to all of my other devices just to change system ip of EB904....

6

Yes, but my slightly dated tests (~2 years ago) still suggest otherwise. I tested with SMP (VMMC disabled) and without it (VMMC enabled), without software flow-offloading and after enabling it - in neither case I could get beyond ~65 MBit/s. Sorry, but I can't test this anymore (no more VDSL/ nor PPPoE).

7

Hey,

I found another point to adjust. You need to edit also /etc/dnsmasqc.conf and edit the IP-Adresses on "Listen-Address". So my DHCP ist working again.

Unfortunately the line is getting worse. I just get around 90/28 at 9 dB down Attenuation /9 dB up Attenuation. My provider said my line has 187m, that means it should sync near 122/42 like the card is able to sync.

Anyway... I will check all connection points within the next days.

Another question is, how to configure may wan for ipv6 correctly? - I read and tested a few configs, but weren't able to get an public ipv6. My ISP offers dual-stack. I verified this already with a FritzBox7112 which has the same chipset and sync with the same gross data-rate.

Is there something special how to configure dual-stack PPPoE?

8

Depends on the ISP, at least for DTAG the default wan6 configuration alongside PPPoE over wan works fine.

E.g. (from my bthub5 backups):

config interface 'wan'
        option ifname 'dsl0.7'
        option proto 'pppoe'
        option username 'user@t-online.de'
        option password 'pass'
        option ipv6 'auto'

config interface 'wan6'
        option ifname '@wan'
        option proto 'dhcpv6'
        option reqaddress 'none'
        option reqprefix 'auto'
9

Hey,

unfortunately my ISP is called Habnet and a small one without VLAN7 support. That means, I can't use any speedports which I have here around. I used also some FritzBox 7412 and FritzBox 7560, bot of them are unfortunately not faster. Line-length is around 187m and i am absolutly dissapointed. The linecard is possible to handle 122 Mbit/s Down 42 Mbit/s up in DSL-Info-Tab of FritzBox 7560.

Now I bought another EB904 and put there the newest SMP-Image of Zuzia.

Unfortunately I can't resolve any DNS-request. I have my established internet connection and can ping 1.1.1.1, but no ping answer from google.de for example.

Is it possible to give me a howto for DNS-requests and which packets are necessary and so on?

I couldn't find any mistakes in /etc/dnsmasqc.conf or /etc/config/dhcp nor /etc/config/network.

The device is much more aggressiv and responsible with SMP than with VPE-Images, so I would love to get a working SMP-Version with new kernel and long openwrt 21.02 support like @Zuzia implemented in my optionen.