since I send almost all evening searching the internet and try&error, here is my summary of how to configure OpenWRT with german ISP Deutsche Glasfaser.
Facts first, Deutsche Glasfaser:
does not require Username/Password to access WAN
does not support PPPoE
does not require VLAN tagging on WAN
does not use DS-Lite but CGNAT
uses IPv6 6rd, but I managed without
The Network Terminator Device (Fiber to Ethernet converter) can enable a single device, computer, to access the internet. Plug in Ethernet and configure the computer to DHCP, you will get an IP v4 address and can browse the at least IP v4 resources. For IPv6 you need to request with a DHCPv6 client.
My working config on OpenWRT 19.07 (/etc/config/network - snip):
You don't even need reqaddress and reqprefix, OpenWrt defaults just work - but there is a quirk… Deutsche Glasfaser doesn't send RAs immediately after the connection has been established, it can take up to half an hour before you actually get an IPv6 connection/ prefix (which is very annoying while debugging or after reboots/ firmware upgrades, etc.). 6rd was apparently customary in older deployments, but current deployments just use native IPv6 (as in your example).
If you want to provide an example configuration, I'd suggest to drop the .40 VID, as that's specific to your in-house setup and not required to connect with your ISP.
DG has regionally different requirements, depending on the age of their deployment. At least the current deployments do not need VLAN tagging for internet or voice (never looked into the requirements for their IPTV though), plain DHCP/ DHCPv6 and off you go. If your SIP devices keep the SIP session open from the inside (by regularly pinging the SIP servers, iirc every 20-30s, you don't need any port forwardings, however if your devices can't do that, you will have to set up port forwardings accordingly
Hi,
I have recently updated to openwrt 21.02 and the configuration has changed a bit.
I live in an area where Deutsche Glasfaser has only setup infrastructure in 2021.
My WAN port eth0 is not part of any "switch device (VLAN 802.1q)" so not tagging any VLAN.
It is directly connected to the Firbre Optics Network terminator and WAN is setup to get IP via DHCP, while WAN6 is setup to get IP via DHCPv6. No username/password, PAP/CHAP, .. is required (which confused me initially). If your router fails or you need a fallback, attach a computer to the NT and it will pull DHCPv4/DHCPv6 and give you access to the internet.
I have never ordered a Router from DG, I have only ordered the NT:
While I do not assume you would have to announce changes in your own homenetwork, I have no fundamental knowledge of inner workings. However DG has a nice free hotline where you can make sure.
Honestly, I have never gotten round to installing my own Gigaset IP Phone. It sits here unused as most communication is done via rich messengers (Skype, Teams, webbased stuff) and mobile. I use Linphone (Voip Softphone for Linux), not with DG VoIP. I have a another provider.
I have gone over the fundamentals of installing the VoIP Phone, it is a network device that has an internal IP and communicates to WAN. I was told by Telecoms Experts that you should not/never expose (configuire inbound SIP 5060UDP) your VoIP endpoint. A properly build device will establish the connection to the provider and maintain it so inbound calls are routed correctly.
Hello bloop, hello slh!
Thanks for your replies and confirmation that no VLAN tagging is needed.
So configuration on WAN site looks clear to me and this way I prepared my router.
As I explained my contract and connection is running successful with a DG owned router. When attaching my own router it does not get any connection. So i am not able to test my configuration. Same with a laptop attached directly to the NT.
So it seems that i need to request at Deutsche Glasfaser to switch the connection from DG owned router to customer owned router to get connection.
This is interesting and very frustrating.
Do you have login data fro your contract?
Do you get any traffic from the NT? Can you wireshark / tcpdump waht you are getting when connectig to the NT directly?
Calling them to switch your connection over is necessary, yes.
It's totally fine to use your own router (and that option is mandated by law), but your connection needs to be provisioned differently based on that decision
That was the information i was looking for. Wihout that switching from provider it is not possible to run customer owned router. Thanks again for clarification on this.
This smells like DG designed and implemented its processes before Endgeraetefreiheit became law and decided to not fully embrace the new method yet. For a change Deutsche Telekom (on the copper side of its ISP business) demonstrates how to do this better, as it uses TR-069 on its rented Speedport routers, but allows the uses to a) disable TR-069 b) will just provision non-TR-069 enabled routers with its usual PPPoE method, so automatically detects the users router type and adjusts the back-end accordingly.
That seems to be the consensus, but in theory it must be possible to set-up a pretend-layer in a third-party router that assertions that the DG backend believes it is talking to a genuine DG router, in practice however, why bother if switching really just takes a phone call and an overnight change in provisioning method?
The only downside is that my current router provided by DG is called 'Basic'-Router which is without any monthly fee.
The device needs to be sent back to DG when switching to customer owned router.
If for some reason i should fail to get my customer owned router running and needed to switch back to DG owned router the only device they offer me is called a 'Classic'-Router which is for 2,00 Euros/month.
Which leads to my second agree: This smells like DG does not fully embrace 'Endgerätefreiheit'.
That's obviously the case, strictly speaking they are also obliged to allow you providing your own ONT, which is not going to work (on the plus side, their Nokia G-010G-P is rather unobtrusive and from a functional point of view not much more than a simple media converter).
OpenWrt's default of using plain DHCP && DHCPv6 will 'just work' (and you get the SIP access credentials, so you can easily set up your own VoIP/ SIP devices), but there are two gotchas:
The ONT locks onto your router MAC, so you can't change routers willy-nilly (or have to spoof the WAN MAC). You can still move to another router, but you will have to let their old DHCP lease expire (e.g. over night, the exact time is unclear), before connecting the new router.
DG doesn't send RAs after establishing the connecting, only in regular intervals - so you will have to wait 15-30 minutes before IPv6 becomes available.
cgNAT is not pretty, but at least you do get a usable semi-static /56 IPv6 prefix.
Disclaimer, I'm using DG (with my own OpenWrt router and my own SIP devices, but don't subscribe to their IPTV services) for almost 2 years now.
Sorry for my late reply - some family stuff kept me back on progress.
Following your recommendations I switched to customer owned connection and sent back the Classic Router to DG. All your promises came true.
Now I can confirm:
OpenWRTs default using plain DHCP and DHCPv6 works out of the box.
SIP phone Gigaset C430A Go works out of the box.
No tagged VLAN on WAN-Port
swapping the device will take a while to get connection - due to MAC address lookup
Connection is IPv6, clients don't have public IPv4 address
Thank you so much for your support and your fast responses. That helped me very much.
Can't determine exactly. First hour I checked all 5 -10 minutes. With the time I lost the hope on success and only checked sporadically. I believe it took 2 - 3 hours until connection was up.
Now it is even worse because after a restart it takes several hours to get the IPv6 PD. In my case, I scheduled the route to restart every Sunday for performance reasons. Any solutions? I tried also 6rd and VLAN too.
Receiving the RA still takes roughly up to 15 minutes for me, I basically only reboot the router for OpenWrt/ master upgrades (on average every 4-6 weeks).
I am seriously thinking of removing the restart scheduler. Apart from that, Last several days I didn't get any IPv6 PD at all. Several times restarted the OpenWrt router and reset the DG fiber modem (NT) too.
Is it possible for you to test that you are still getting the PD at least within an hour after restarting?
I read some German forums and it seems like many people are having this issue with DG, especially the people with the Bring Your Own Router option regardless of the router types (Fritz!Box, UDM, OpenWrt).
