Hi everyone,
I'm using a Fritzbox 7490 with FritzOS.
But I want to use a used Fritz 7520 as a DSL modem with openwrt for Wireguard VPN.
I'm not really an IT expert, but thanks to the great instructions here, I successfully flashed openwrt-24.10.1 on the Fritz 7520.
However, when I try to connect the Fritz 7520 to DSL, I get an error message stating that the connection attempt failed.
The port status is displayed as connected, but the bar below is red.
A few KB are displayed as upload and download, and I also get the data rate: 49.991 Mbps / 15.999 Mbps, but I can't get an internet connection.
Display in line mode: G.993.2 (VDSL2, Profile 17a, with downstream and upstream vectoring)
What could be the problem?
I'm sure I entered the correct access data for my 1&1 connection.
I noticed that when connecting the 7490 to FritzOS, the mode is displayed as ITU G.993.5 and G.Vector. Does this mean anything?
I think the Fritz!7520 should support G.Vector.
Can anyone help?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
The outputs are below.
To ask questions here in the forum, I disconnected the Fritz 7520 from the DSL connection and switched the LAN to DHCP client. The following outputs also occurred without a DSL connection.
I hope this still helps.
root@OpenWrt:~# ubus call system board
{
"kernel": "6.6.86",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "AVM FRITZ!Box 7530",
"board_name": "avm,fritzbox-7530",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "ipq40xx/generic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fe77:ed51f:be89::/48'
option packet_steering '1'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'j'
option tone 'b'
option ds_snr_offset '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option name 'dsl0'
option macaddr '74:92:7B:51:39:FA'
config interface 'wan'
option device 'dsl0'
option proto 'pppoe'
option username '1und1/1234-567@online.de'
option password 'abcdefg'
option ipv6 '1'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
Uncomment this line to disable ipv6 rules
option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
We need to accept udp packets on port 68,
see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
Allow DHCPv6 replies
see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
EXAMPLE CONFIG SECTIONS
do not allow a specific ip to access wan
#config rule
option src lan
option src_ip 192.168.45.2
option dest wan
option proto tcp
option target REJECT
block a specific mac on wan
#config rule
option dest wan
option src_mac 00:11:22:33:44:66
option target REJECT
block incoming ICMP traffic on a zone
#config rule
option src lan
option proto ICMP
option target DROP
port redirect port coming in on wan to lan
#config redirect
option src wan
option src_dport 80
option dest lan
option dest_ip 192.168.16.235
option dest_port 80
option proto tcp
port redirect of remapped ssh port (22001) on wan
#config redirect
option src wan
option src_dport 22001
option dest lan
option dest_port 22
option proto tcp
FULL CONFIG SECTIONS
#config rule
option src lan
option src_ip 192.168.45.2
option src_mac 00:11:22:33:44:55
option src_port 80
option dest wan
option dest_ip 194.25.2.129
option dest_port 120
option proto tcp
option target REJECT
#config redirect
option src lan
option src_ip 192.168.45.2
option src_mac 00:11:22:33:44:55
option src_port 1024
option src_dport 80
option dest_ip 194.25.2.129
option dest_port 120
option proto tcp
i've read around a bit but have no idea if it will work
it seems like people are saying 1&1 germany works over vlan id 7
so for your "wan" interface, you would put 'dsl0.7' as your device
if the mac address is important though you might need to create the vlan device yourself and make sure you set the mac address to what you have there for dsl0.7 instead of dsl0 maaaybe
eg
config device
option type '8021q'
option ifname 'dsl0'
option vid '7'
option name 'dsl0.7'
option macaddr '74:92:7B:51:39:FA'
Yes, I had read that too:
But after that, this should be when migrating from Annex B to Annex J.
According to my information about the functioning 7490, Annex B should definitely be running here?
Connection type: VDSL2 17a G.Vector (ITU G.993.5)
Line ID: 1UND1.DEU.DTAG.J03X8
arrow_downReceive: 49.99 Mbps
arrow_upSend: 16.00 Mbps
But I could give it a try, thanks.
Unfortunately, I can't select DSL0.
Please excuse me, but as I already mentioned, I'm not exactly an IT expert.
It's not necessary to create a VLAN device manually. Just put "dsl0.7" as device in the WAN interface (you will need to type this as it won't be listed). This is my wan interface with VLAN 31:
In your screenshot, dsl0 is probably not listed because it's not synchronized (you mentioned you were connected via LAN). You can still input the device manually.
OK, I'll test again this weekend. Thanks for the tips. But I'm generally interested in whether the Fritz 7520 (black 1&1 with Q4019) will even work productively as a DSL modem with OpenWrt, or whether it's not particularly reliable. Has anyone used this box in this way?
I use mine fine on the NBN in Australia. Fritz 7530 + Openwrt is the best there is, sure it could have better wireless but works and is reliable.
Also just one thing, don't be discouraged if it immediately doesn't work or you appear to login but can't browse. Some ISPs have a time out feature when the client mac address changes, so sometimes it can take a while to be able to actually log in or it lets you log in and you get an address but you can't browse for a while, but eventually the lock they have at their end gets forgotten, but you may need to refresh or 'restart' the wan connection every 15 mins or so to see.
Yes, the thing about the lock on the new MAC is plausible. I waited over 30 minutes and didn't get a valid login. Maybe that was too short, and maybe I should call my provider's support while I waited to get it activated. As soon as I have the chance, I'll try that and report the results here.
Unfortunately, I can't often crash the internet here for that long.
I use a 7520 as bridged modem on a 100/40 VDSL" link in Germany (O2, on basis of a telekom vdsl2 access line), works without any noticeable issues (but note I am on a short TAL and get full sync with line capacity to spare).
Note for 1&1 you need to use the correct username, which differs for ADSL, VDSL2, and apparently nowadays ds-lite over VDSL, here are examples:
ADSL: option username '1und1/(***)1234-567@t-online.de' # note no H prefix and no ui
VDSL: option username 'H1und1/1234-567@t-online.de' # note the H prefix!
ds-lite: option username '1und1/ui1234-567@t-online.de' # note the ui in there
I never used 1&1, but I remember this being an issue in the past, so maybe that helps...
The connection here is VDLS2. But in the original FritzOS, there's no need to prefix it with an H, which is strange that it should be with openwrt. Still, it can't hurt to try. Thanks.
Ah, since you use PPPoE, edit /etc/ppp/options and change #debug
to debug
, then run logread | grep ppp
after giving it a bit to connect, check the output for sensitive information, potentially redact that and post the rest here, that might tell us what goes wrong...