Fritz 7520 VDSL connection failed

Rorschach · June 29, 2025, 10:00am

Hi everyone,
I'm using a Fritzbox 7490 with FritzOS.
But I want to use a used Fritz 7520 as a DSL modem with openwrt for Wireguard VPN.
I'm not really an IT expert, but thanks to the great instructions here, I successfully flashed openwrt-24.10.1 on the Fritz 7520.
However, when I try to connect the Fritz 7520 to DSL, I get an error message stating that the connection attempt failed.
The port status is displayed as connected, but the bar below is red.
A few KB are displayed as upload and download, and I also get the data rate: 49.991 Mbps / 15.999 Mbps, but I can't get an internet connection.
Display in line mode: G.993.2 (VDSL2, Profile 17a, with downstream and upstream vectoring)
What could be the problem?
I'm sure I entered the correct access data for my 1&1 connection.
I noticed that when connecting the 7490 to FritzOS, the mode is displayed as ITU G.993.5 and G.Vector. Does this mean anything?
I think the Fritz!7520 should support G.Vector.
Can anyone help?

frollic · June 29, 2025, 10:03am

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall

Rorschach · June 29, 2025, 12:18pm

The outputs are below.
To ask questions here in the forum, I disconnected the Fritz 7520 from the DSL connection and switched the LAN to DHCP client. The following outputs also occurred without a DSL connection.
I hope this still helps.

root@OpenWrt:~# ubus call system board
{
"kernel": "6.6.86",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "AVM FRITZ!Box 7530",
"board_name": "avm,fritzbox-7530",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "ipq40xx/generic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fe77:ed51f:be89::/48'
option packet_steering '1'

config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'

config dsl 'dsl'
option annex 'j'
option tone 'b'
option ds_snr_offset '0'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config interface 'lan'
option device 'br-lan'
option proto 'dhcp'

config device
option name 'dsl0'
option macaddr '74:92:7B:51:39:FA'

config interface 'wan'
option device 'dsl0'
option proto 'pppoe'
option username '1und1/1234-567@online.de'
option password 'abcdefg'
option ipv6 '1'

config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT

Uncomment this line to disable ipv6 rules

option disable_ipv6 1

config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT

config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1

config forwarding
option src lan
option dest wan

We need to accept udp packets on port 68,

see https://dev.openwrt.org/ticket/4108

config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4

Allow IPv4 ping

config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT

config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT

Allow DHCPv6 replies

see https://github.com/openwrt/openwrt/issues/5066

config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT

config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT

Allow essential incoming IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT

Allow essential forwarded IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT

config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT

config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT

EXAMPLE CONFIG SECTIONS

do not allow a specific ip to access wan

#config rule

option src lan

option src_ip 192.168.45.2

option dest wan

option proto tcp

option target REJECT

block a specific mac on wan

#config rule

option dest wan

option src_mac 00:11:22:33:44:66

option target REJECT

block incoming ICMP traffic on a zone

#config rule

option src lan

option proto ICMP

option target DROP

port redirect port coming in on wan to lan

#config redirect

option src wan

option src_dport 80

option dest lan

option dest_ip 192.168.16.235

option dest_port 80

option proto tcp

port redirect of remapped ssh port (22001) on wan

#config redirect

option src wan

option src_dport 22001

option dest lan

option dest_port 22

option proto tcp

FULL CONFIG SECTIONS

#config rule

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 80

option dest wan

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

option target REJECT

#config redirect

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 1024

option src_dport 80

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

wilsonyan · June 29, 2025, 12:39pm

i've read around a bit but have no idea if it will work
it seems like people are saying 1&1 germany works over vlan id 7

so for your "wan" interface, you would put 'dsl0.7' as your device

if the mac address is important though you might need to create the vlan device yourself and make sure you set the mac address to what you have there for dsl0.7 instead of dsl0 maaaybe

eg

config device
        option type '8021q'
        option ifname 'dsl0'
        option vid '7'
        option name 'dsl0.7'
        option macaddr '74:92:7B:51:39:FA'

Rorschach · June 29, 2025, 12:55pm

Yes, I had read that too:

But after that, this should be when migrating from Annex B to Annex J.
According to my information about the functioning 7490, Annex B should definitely be running here?
Connection type: VDSL2 17a G.Vector (ITU G.993.5)
Line ID: 1UND1.DEU.DTAG.J03X8
arrow_downReceive: 49.99 Mbps
arrow_upSend: 16.00 Mbps

But I could give it a try, thanks.

Rorschach · June 29, 2025, 1:33pm

Unfortunately, I can't select DSL0.
Please excuse me, but as I already mentioned, I'm not exactly an IT expert.

andyboeh · June 29, 2025, 7:48pm

It's not necessary to create a VLAN device manually. Just put "dsl0.7" as device in the WAN interface (you will need to type this as it won't be listed). This is my wan interface with VLAN 31:

In your screenshot, dsl0 is probably not listed because it's not synchronized (you mentioned you were connected via LAN). You can still input the device manually.

Rorschach · June 30, 2025, 5:54am

OK, I'll test again this weekend. Thanks for the tips. But I'm generally interested in whether the Fritz 7520 (black 1&1 with Q4019) will even work productively as a DSL modem with OpenWrt, or whether it's not particularly reliable. Has anyone used this box in this way?

wilsonyan · June 30, 2025, 8:21am

I use mine fine on the NBN in Australia. Fritz 7530 + Openwrt is the best there is, sure it could have better wireless but works and is reliable.

Also just one thing, don't be discouraged if it immediately doesn't work or you appear to login but can't browse. Some ISPs have a time out feature when the client mac address changes, so sometimes it can take a while to be able to actually log in or it lets you log in and you get an address but you can't browse for a while, but eventually the lock they have at their end gets forgotten, but you may need to refresh or 'restart' the wan connection every 15 mins or so to see.

Rorschach · June 30, 2025, 9:40am

Yes, the thing about the lock on the new MAC is plausible. I waited over 30 minutes and didn't get a valid login. Maybe that was too short, and maybe I should call my provider's support while I waited to get it activated. As soon as I have the chance, I'll try that and report the results here.
Unfortunately, I can't often crash the internet here for that long.

moeller0 · June 30, 2025, 12:08pm

I use a 7520 as bridged modem on a 100/40 VDSL" link in Germany (O2, on basis of a telekom vdsl2 access line), works without any noticeable issues (but note I am on a short TAL and get full sync with line capacity to spare).

Note for 1&1 you need to use the correct username, which differs for ADSL, VDSL2, and apparently nowadays ds-lite over VDSL, here are examples:

ADSL: option username '1und1/(***)1234-567@t-online.de' # note no H prefix and no ui
VDSL: option username 'H1und1/1234-567@t-online.de' # note the H prefix!
ds-lite: option username '1und1/ui1234-567@t-online.de' # note the ui in there

I never used 1&1, but I remember this being an issue in the past, so maybe that helps...

Rorschach · June 30, 2025, 12:34pm

The connection here is VDLS2. But in the original FritzOS, there's no need to prefix it with an H, which is strange that it should be with openwrt. Still, it can't hurt to try. Thanks.

moeller0 · June 30, 2025, 12:38pm

Ah, since you use PPPoE, edit /etc/ppp/options and change #debug to debug, then run logread | grep ppp after giving it a bit to connect, check the output for sensitive information, potentially redact that and post the rest here, that might tell us what goes wrong...