FULLY Open Source ADSL/VDSL Modem Suggestion

Hi

I am searching for an ADSL/VDSL capable modem or modem+router device to buy. But I have a strict criteria. The device should be able to run fully open source firmware. By fully open source I mean: I should be able to put together ALL the source code, compile it and flash it to the device on my own without any proprietary parts or binary blobs in the firmware. I will even use fully libre linux kernel in the process (I assume it is possible).

I am actually trying to achieve what LibreCMC project has done for routers. Unfortunately LibreCMC only supports routers, NOT modem or modem+router devices.

this page -> https://openwrt.org/docs/techref/hardware/xdsl?s[]=xdsl says that some lantiq based modems have foss ADSL2+ support and VDSL support is work in progress. From that table I understand that some lantiq based xDSL modem or modem+router devices can be used with fully open source software.

Capture.PNG1252×403 23.5 KB

But actually I am not completely sure about the table. Below are the cases between which I am bouncing:

1-) lantiq devices which have xDSL technology (I assume xDSL means both ADSL,VDSL capable) can be used with fully open source firmware when in ADSl2+ mode but can not be used with fully open source firmware when in VDSL mode.

Or

2-) a lantiq modem which only has ADSL2+ technology (no VDSL) can be used with fully open source and a lantiq modem which only have VDSL technology (No ADSL) can not be used with fully open source firmware.

Which one do you think or know is the case ?

If the first one is the case, MAYBE I can use a lantiq xDSL modem in ADSL2+ mode with fully open source firmware (stripping off unnecessary and proprietary parts of OpenWRT firmware by myself) and can wait for the fully open VDSL support to come.

Does this plan correct and possible ?

If it is possible, Can I do it with:

Tp-link wd8970
Tp-link wd8980
Tp-link wd9980
Netgear DM200
???

(these devices are the ones that I have narrowed my search down to)

I am open to other suggestions in terms of devices as well. I would like to invest money to a device which I will use for years and have complete control over it. Yes I am obsessed about running open source firmware in it

The lantiq SOC family is the only xDSL capable SOC that is fully supported by OpenWrt, for the vr9 (VRX268/ VRX288) generation (do yourself a favour, don't even think about the older generations (their blob state is roughly equivalent and the hardware much worse) - and the newer ones aren't supported yet), this covers all variants of ADSL and VDSL/ VDSL2 without vectoring out of the box. While Broadcom and Mediatek also offer some xDSL modem hardware, neither of them is supported (and most likely never will, nor were there free drivers for either of them).

Full source for kernel- and userspace components is available for these lantiq vr9 chipsets, but they do require a proprietary firmware blob for the xDSL modem to function (needed for ADSL and VDSL modes). The proprietary, but redistributable, versions of this firmware blob (which is preinstalled in the OpenWrt images for these devices) is not vectoring capable, but you can extract vectoring capable versions of these from various OEM firmware updates (these are not redistributable and only licensed to the OEMs who paid for the VDSL2+vectoring features, but they do work on all members of the vr9 generation).

Lantiq vr9 devices with FXS ("phone") ports will additionally need a second voice firmware, which will be uploaded and executed on the second mips core of the lantiq vr9 SOC (2*500 MHz mips 24Kc); if this VMMC unit is active, only a single core (and 2 MB less main RAM) will be left to the linux kernel. This voice firmware is also proprietary, but you can opt not to use it (DTS changes necessary) and regain control over the 'lost' mips core and RAM. You can use this voice core as a full featured SIP pbx with up to two FXS ports using asterisk and chan_lantiq (free drivers, connecting to the voice core (which in turn runs the proprietary voice firmware)).

DECT capability, if available on the device in question, is not supported by OpenWrt. It's theoretically possible to add this support (all knowledge and proof of concept code exists), but this would require serious efforts.

For most devices you will also need another firmware blob for the wlan cards used, the extent of this varies among devices. The common variants for this would be various RaLink wlan chipsets (light blob required, mediocre stability), RaLink iNIC chipsets (heavy blob, RTOS, unsupported but ancient kernel module source available), Atheros ath9k (no blob), Atheros ath10k (medium-heavy blob), lantiq XWAVE300 (unsupported, proprietary kernel module and firmware blob).

Using the lantiq chipset (and avoiding devices with bad wlan) it is possible to use only FOSS kernel- and userspace software you can actually compile (completely) from source, but xDSL, FXS, (DECT) and in most cases wlan support will require proprietary firmware blobs to function. On the other hand this is the only xDSL capable (up to ~100 MBit/s VDSL2+vectoring, profile 17a/ 30a, but not super-vectoring (profile 35b)!) SOC which is supported by OpenWrt at all - and the only one without proprietary kernel modules and/ or proprietary userspace components.

Your only other option would be using IPoAC according to RFC 1149.

Thank you very much for this detailed and enlightening answer. However, this did not alleviate my confusion about the table or xDSL technology in general.

I know some funtionality will reguire non-free code. I do not plan to use the modem for telephone communication. Thus, I will not need FXS (DECT) blobs. Also TP link devices I listed have atheros wlan hardware running ath9k drivers (I do not think I will need to utilize that additional lantiq wave wireless hardware in TPlink 8980 for example) and u-boot bootloader. So there is no problem in wlan hardware and bootloder too.

I do not really care about speed much. So I think I can wait for VDSL for now. I only care about having completely Foss firmware and a decent internet connection.

I specifically asked for cases 1 and 2 because this is where my problem lies. If I reiterate my problem as a question, it will be the following:

Can I buy lantiq xDSL modem and use it in ADSL2+ Mode with fully open source firmware without using its VDSL capability (because VDSL requires non free blobs and ADSL does not according to that table) ?

Or unfortunately, if the device has xDSL modem, one can not use ADSL or VDSL seperately because the xDSL technology requires one unified closed source binary for all DSL communications. Is this the case ?

I look forward for your answer.
Thank you.

You will always need a proprietary firmware blob for using the modem, regardless of ADSL or VDSL (yes, that are basically two blobs in one file, of which the matching one gets used - but it always needs a non-free firmware), the only way to avoid this is not using the modem functionality at all.

The page you're quoting from hasn't been touched (aside from general wiki maintenance) since 2013, at which point there was no VDSL support for OpenWrt. It only covers the kernel-/ userspace situation and ignored the (always necessary) firmware blob for the modem.

Thank you again.

The plan of buying xDSL modem, using it in ADSL mode (stripped off firmware) and waiting for VDSL support, is out of the window then. At least because I expect FULLY open source firmware.

I may be bothering you with my stupid questions because I am not fully knowledgable nor experienced about FOSS compatibility of these lantiq soc families ( i.e. VRX200 “VR9”, ARX100 “AR9”, DANUBE and so on..) listed in this page https://openwrt.org/docs/techref/hardware/soc/soc.lantiq . However I would like to end all the confusion and doubt I have.

You said I will always need a proprietary firmware blob for using the modem. Does this statement is for the devices which have xDSL modems ?

You know the table of hardware in OpenWRT page lists modem type for supported devices(full details). Some devices are listed as having xDSL modem, some are listed as having ADSL(with annexes and +2 for some) and some are listed as having VDSL (VDSL and VDSL2 for some).

modem.png82×535 4.25 KB

With that in mind,

if say I buy a lantiq device which is listed as having ADSL modem in the table of hardware. For example the Netgear DGN3500. It has uboot bootloader, lantiq ARX168 cpu, atheros wlan which runs ath9k and most importantly ADSL2+ modem (therefore neither xDSL nor VDSL).

Can I now have fully open source firmware for the modem part (for Netgear DGN3500) ?

Thank you for this post, it is very instructive. I just wanted to let people here know there was a similar discussion happening on the Turris forums here:

The goal there was to find any modem that would work in OpenWRT (or any Linux kernel really), but it should reach similar conclusions.

No.

ADSL needs a non-free firmware blob.
VDSL needs a non-free firmware blob.

There is no ADSL and/ or VDSL modem on the market (nor has there ever been) that doesn't need any non-free component to function, for lantiq you do at least have completely FOSS kernel- and userspace drivers - for broadcom or mediatek there are only non-free drivers and non-free firmwares (which lock you into ancient kernels and are non-redistributable/ unavailable as well).

Don't let perfection be the enemy of the (pretty) good. With lantiq devices you do at least free drivers and aren't locked to a specific, ancient kernel. Unless you're caught by RMS' reality distortion field -and claim that a firmware blob you don't see/ can't upgrade somehow wouldn't be a problem, while the very same hardware without the identical firmware in persistent/ hidden away flash, but uploaded as-is by the host kernel into the hardware, somehow would be a major problem- this gets you very far (and many lantiq devices are cheap, not very fast, but cheap and as free as it gets, in terms of ADSL/ VDSL modem capability). Would it really be preferable to buy a completely proprietary device, running a GPL violating ancient kernel (often 2.6.x based) without source, which loads proprietary firmware blobs into the modem ASIC hardware and comes with a completely locked down/ proprietary userspace - instead of an OpenWrt compatible device running kernel 4.14 (and 4.19 is already under development) with full source for kernel- and userspace available?!
Do they qualify for the FSF endorsement criterias? No, but you do get full source for kernel- and userspace under FOSS licensing terms.

@anarcat those VDSL modems in SFP+ form factor also run a proprietary firmware, with the only difference that you can't upgrade the firmware yourself (which would make them o.k. in RMS' view…), but need to send them to the vendor for upgrading (as many of the early turris omnia adopters of that hardware had to find out, when interoperability with ISP vectoring didn't quite work). Aside from that, they're quite power hungry (borderline too much for normal SFP+ ports) and run very hot (due to their tiny size), both of which creates quite some problems.

I fixed the wiki page, as it was not very clear in what is FOSS and what is not. That table was about support in OpenWrt (and Linux in general), through open source drivers. The modem hardware itself still needs a firmware to operate, which is not FOSS and will probably never be.

No modem hardware (the actual component talking with DSL infrastructure) is FOSS, be it DSL or fiber or 3G/LTE. I think it's pretty much impossible to get actual low-level network hardware certified if you are using an opensource firmware.

Technically speaking you would have a hard time getting any modern wifi card (wifi ac for example) to run without a firmware blob too, but it's tangential.

Anyway, the best thing you can do is to get a commercial (non-FOSS, off-the-shelf) modem that can be configured to run in full bridge mode, https://openwrt.org/docs/guide-user/network/wan/bridge-mode and buy a modem-less router device that can be truly FOSS.

This way you are isolating the proprietary infrastructure upstream to your actual router and reducing the modem's job to just dumb modem (i.e. just converting to/from DSL to ethernet), no firewall, no vpn, no dhcp no access to your actual LAN network.

The same goes for cable/ DOCSIS (which even needs a public key certificate infrastructure to authenticate the device's firmware integrity to the infrastructure).

Even with all-in-one devices, the modem is independent but closely coupled and controlled by the router.

The main difference here (and the reason why I recommended an external modem) is that all-in-one devices share the same RAM between the CPU and the modem and the wifi and anything else, (i.e. the modem has DMA, direct memory access) and afaik there is no true hardware-level sandboxing like with IOMMU or VT-d on AMD/Intel hardware (there is something also for ARM but I don't know if it is even built in SoCs for routers) that makes sure that even if they share the RAM they can't just go and do stuff everywhere if they feel like it.

This means that if the integrated modem is compromised by exploiting some decade-old well-known bug that you can't fix since it's not opensource, it can freely wreak havoc on your router.

A separate modem in bridge mode can't do much more than just screwing with raw upstream network traffic before it reaches your router's firewall, as gigabit ethernet does not allow DMA. That's a very big difference in attack surface right there.

Ok, didn't realise memory was accessible.

Edit:

For example here it shows ADSL goes through routing engine.

Is that accurate or just an abstraction ?

That's the path of network traffic coming from the WAN (or going to the WAN), that has to go through another controller.

But look at the large light grey rectangle encompassing all components, and the double arrow in the middle called "system bus". That's the SoC interconnect bus that joins all controllers (and the CPU) so they can communicate with each other and with the RAM to use as work area for their tasks (and to share data with each other). The "DSL engine" is still inside the rectangle, so it still has access to everything else.

At least in theory anyway, they might or might not have placed limits on what and how it can access things.

But if we look at smartphones or any other device with a 3G/LTE modem, then we clearly see none did make any such separation, and a 3G/LTE modem is a much more complex thing than a DSL modem, to the point of running a real-time proprietary OS like VxWorks. (so if they actually cared about making something safer they would have likely done some sandboxing)

That was my original plan. However, I wanted to make sure I buy a modem or modem+router device which have either completely open source firmware NOW or at least have the possibility in near future. But from what you shared in this topic, I regret I will not have this possibility in near future (never maybe). Nevertheless, I still want to invest to a modem which is supported by OpenWRT (truly FOSS userspace+kernel, but no foss DSL firmware). I am assuming lantiq "VR9" devices will be the correct choice because:

Also, I believe lantiq VR9 devices do have the highest chance (among others) of becoming truly FOSS firmware after the open DSL firmware comes out (if ever). Since the rest of the firmware is already open i.e.

• uboot bootloader
• ath9k wlan
• and completely open source kernel+userspace with OpenWRT
  (I assume I will never need telephone firmware FXS,DECT in a modem)

Am I correct on that belief ?

I have read the page you shared about the bridge mode https://openwrt.org/docs/guide-user/network/wan/bridge-mode . And now that is my only concern. I know you can not know for every device but do you have any idea for the devices I have listed in the first topic ? Meaning, do they have Full Bridge mode ?

Also if the device I buy happen to have no full bridge mode (the case of half bridge mode or no bridge mode at all), does installing OpenWRT can make the device go into full bridge mode ?

Bridging is done by the Linux firmware on the main CPU of the device, as long as the modem works at all you can do the bridging.
But of course the manufacturers may or may not have implemented it in their stock firmware.

You should always be able to do it in OpenWrt on "Lantiq" devices, but you may need to edit some text file configuration manually through ssh. I never did it so I can't say "it works for me", but there is some info in the device page of a popular modem-like device https://openwrt.org/toh/netgear/dm200
And this is a thread where people were doing it and posting their configs and they say it works for them, so you can see and decide for yourself. LEDE device as ADSL bridged modem - #64 by matrix200

A word of advice, since you want your device to last, please make sure it has AT LEAST 8MB of flash and 64MB of RAM. Devices that have less than that are becoming too constrained for newer OpenWrt firmware. https://openwrt.org/supported_devices/432_warning

Also, I'll give you a bonus warning about the Netgear DM200 as there was some activity about it in the mailing list https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg44997.html

While its specs are ok the bootloader as-is will not boot a kernel bigger than 2MB, so if you buy it and you plan to eventually update the firmware to the next OpenWrt version you will need to connect the serial console and change the uboot configuration to correct this, as said in the device page that I just updated.

Thank you for valuable advice and warning. I read the mailing list. This is an important problem and made me hesitate to buy the DM200 due to possible support problems in future (one guy has proposed to drop the support in the mailling-list). Aside from the kernel size problem, I understand that people who choose DM200 are those who do not want a radio interface in their modem device. I believe they think radio make the device less secure.

Can I not simply make modem+wifi-router device not use any radio peripheral when in full bridge mode by configuring the OpenWRT in them ? Does it really make my network more secure if I choose a modem-only device (for ex. DM200 (no wifi hardware)) for full bridging ?

One guy recently asked in this forum for VDSL modem+wifi-router and got adviced by @slh to buy BT HomeHub 5.0 Type A as the best device to buy for OpenWRT in there:

I was leaning towards these:
TP-link wd8970
TP-link wd8980
TP-link wd9980

but seeing @slh recommending BT HomeHub 5.0 Type A as the best device made me think again. What arguments would you tell me for choosing BT HomeHub5.0 over TP-link devices ?

For example:

• BT HomeHub seem to have more flash and ram
• TP-link being a Chinese company (like Huawei devices are known to be doing surveillance through backdoors in firmware and hardware for chinese government) ???
  (As an antithesis: Installing OpenWRT may nullify the surveillance technique (if there is any) like libreboot nullifies intel management engine in some thinkpad computers.)
• Looks
• ....

I know I am now overkilling it, but you may be aware of issues I am obviously not aware of

The reason for recommending the BT Home Hub 5 Type A in that thread is mostly down to the wlan cards in there (which was listed as part of the desired feature set). Lantiq and good dual-band/ dual-radio wlan cards are a rare combination among the supported devices (most others use cheaper wlan cards, less stable driver support, often single band, no 802.11ac, ...); flash and RAM sizes also make this a good option - and this is a good device(!).

If you don't intend to (ever) use wlan, wlan quality doesn't matter (although having the option never hurts, as requirements may change over time, especially as the price delta compared to other devcies is low - the only part that 'hurts' relative to the median price of other options are the shipping costs from the UK…) - and a wlan that's unconfigured (= switched off) isn't a security problem.

Using a lantiq device with OpenWrt as pure modem in bridge mode should be possible with any supported device (some with complex switch configurations, e.g. Easybox 904 xDSL (not recommended, unless you know what you're doing), might make this a little harder though).

The wifi interface is disabled by default so unless you specifically configure it and enable it, it's not doing anything.
You can even delete the wifi driver package if you want to be sure that it never comes up, no problem.

The only thing is that if you plan to use it only as a modem then there is no point in buying a bigger, more expensive device you will never really use to its true potential.

But still, decent devices with a supported modem in OpenWrt aren't particularly common so you don't have much choices.

For your main usecase (bridged modem) the only thing that really matters is the brand of the actual modem hardware itself and the basic hardware specs I mentioned above that won't obsolete the device within a few OpenWrt releases.

Different modem brands have different performance and strenghts/weaknesses, which may be useful or not depending on your DSL line's characteristics, but if you want to run OpenWrt in the device you can only chose one brand (XWAY/Lantiq), so that's a choice you don't need to make.

Embedded devices have no BIOS/UEFI you can replace with Libreboot. Linux runs raw on them, either the stock firmware or OpenWrt.

Any backdoor or vulnerability present in stock firmware will not affect the device if you install OpenWrt, as the stock firmware is erased and replaced whole with OpenWrt. The only thing that is left is the modem firmware.

OpenVPN performance of BT Home Hub Type A is 9 Mbps according to this table of hardware which I find very slow.

Will VPN performance increase if I configure BTHH5 to run in full bridge mode (dumb modem) and run the OpenVPN in a more powerful router such as WNDR3800 or even R7800 ?

Will BTHH5 remain as a bottleneck in this configuration ?

Also, as of May 2020,

• Is ath10k driver fully open source ?

• Is DSL modem of Netgear D7800 supported ? (If not, Is there any chance in near future ?)

The VPN performance will increase if you run it not on BTHH5, but on some other device behind it. However, I would suggest that you try some other VPN type (e.g. Wireguard or, if you are more conservative, StrongSwan IPSEC) first and maybe thay would save you from the need to buy a new router.

The ath10k driver itself is open-source, but it needs to copy "firmware" to the card's memory at startup. The firmware is closed-source.

The DSL modem of Netgear D7800 is not supported yet, and nobody is working on it.