How to connect to Jio Fiber ONT router in bridge mode?

just navigate to the place where you made the changes [for bridging] and document the initial configuration that was there prior to your changes
Here is a sampe page:

h955×628 68.8 KB

Oh! I think I got it now, the WAN configuration on the ISP router should match my configuration when connecting via bridge mode, right?

This is the screen with the most useful information on WAN I could find:

image1071×511 39.5 KB

Looks like it is just using plain DHCP

But I tried that but it didn't work, perhaps I also had to restart the router? I was connected to it via WiFi when performing the operation, maybe that shouldn't work in bridge mode?

No, each ISP has its own methods. Some use direct DHCP, some require PPPoE, some use VLANs, some restrict the connection to one MAC, some just allow a pseudo-bridge mode, ...

If you tell us the ISP and country, perhaps someone around here already has all that info.

Sure, I am in India and the ISP is Jio Fiber.

I am afraid that might be the case with me, could I use this mode to disable NAT and avoid double NAT?

That is what I suspected, from the DNS on your screenshot. All the posts I could find in other forums say this ISP does not allow bridge mode.

Perhaps you could share some (redacted) screenshots from the configuration pages in the ISP router.

I did some research and I found this post on a forum thread:

In bridge settings Jio ONT has a VLAN ID. To enable bridge mode and have internet, you need a router that supports VLAN tagging for WAN port.

Someone also mentioned this on the same thread:

But considering the fact that Jio uses CGNAT (Carrier Grade NAT) where everyone shares the same WAN IP, it is pointless to have Bridge mode setup as you will not be able to port forward correctly.

If that is true, then I am f🤬ed.

I can't find a dedicated configuration page for WAN, the screenshot I posted has the most detailed info I could find... but someone in the thread I mentioned in the beginning has posted an older screenshot from the same ISP router with an older firmware where WAN settings are still present:

image1471×734 79.6 KB

You can run a traceroute to see if their network is CGNAT. From your OpenWrt router, the first line of the traceroute will be your ONT/router, then the second line will be their first router on the other end of the fiber from your house. If it is not a publicly routable IP, that means they are using CGNAT.

Thank you for the useful tip. The situation looks very bad... the first address after the ISP's router is in the single class A network private range

 1  _gateway (192.168.1.1)  1.920 ms  2.917 ms  2.879 ms
 2  192.168.29.1 (192.168.29.1)  5.461 ms  5.427 ms  5.392 ms
 3  10.196.8.1 (10.196.8.1)  6.791 ms  6.757 ms  6.725 ms

So is it impossible for me to run any kind of active server on this network since I don't have access to their CGNAT or whatever device they have on their end ?

Correct.

Technically in the fine print of most consumer ISP contracts, the customer isn't allowed to run an active public server on the line anyway, so you're not going to get any help from the ISP to do so.

There are ways you could pay a third party to expose a public IP and VPN tunnel it back to your house, but if you're going to involve a third party you could also just rent a server.

There may be a loophole if they offer IPv6 and they don't CGNAT it or block incoming connections.

True, but I am not running a public server, I am just trying to setup a private VPN tunnel that only I can access... so that I can connect to my local home devices from a non-local connection.

Absolutely...

They do offer IPv6 but I haven't been able to access it via my router, that's another issue though, perhaps I will create a new thread for it.

I just found more info about Jio Fiber on this reddit post:

Jio is using

1. Deep packet inspection
2. Carrier-grade NAT
3. Poorly configured stateful IPv6
   (...)

• WAN is assigned in a stateful manner, with only a /128 address being given to your router. Your LAN is by default configured to be stateless, with a /64 prefix length. However your LAN prefix is not assigned by the ISP, but is instead assigned from a reserved linked-local IPv6 range defined in an outdated RFC. So you literally get none of the benefits of IPv6, and all of the downsides of IPv4, as a NAT is involved in your connection.
• Bridging mode is completely broken. You still need to configure your WAN interface even when you want to bridge the Jio router to your own equipment.

It looks like the ISP is worse than I thought... at-least I used to get a dedicated dynamic IP with raw ethernet via PPPoE with my previous ISP

I've found Zerotier very useful as an ad-hoc VPN for remote access to equipment. It is an OpenWrt package. It works even when there is CGNAT on both ends of the link. They have a free account for small usage. Of course you have to fully trust the Zerotier company...

Thanks for mentioning, I may find it useful... I should also look into the IPv6 aspect as it could provide a potential outlet.

I have an ONT modem for my FTTP also but the authentication with my ISP done via PPPoE with a username password, My ISP was CGNAT but i pay an extra £5 for a Static IP Maybe ask Jio ISP for Static IP if they do.

One more i can think of is spoof MAC to match supplied router WAN interface (Your router) as here How to connect to Jio Fiber ONT router in bridge mode? - #11 by TheDcoder this tells me the router is doing DHCP but you may need to spoof MAC.

edit /etc/config/network

config interface 'wan'
option proto 'dhcp'
option macaddr 'xx:xx:xx:xx:xx:xx'
option ipv6 'auto'
`

Save, Reboot and Hopefully it works.

Thanks for the tips about MAC, I will try it.

That doesn't seem to be the case with Jio, a few users have reported using their own ONT modem but couldn't get it to work, I guess it is because they might be using some proprietary method that they developed in-house.

I checked, there are no customer offerings for a dedicated or static IP on a residential level, an employee of the ISP said that it is only available to enterprise/business clients (it was an answer to a Quroa question).

I chose this ISP because of their cheap price and bundled streaming services offerings.

For anyone still wondering how to set it up on bridge mode.

Under Advanced -> Networks you have bridge mode settings.

You turn it on, set it to whichever LAN port you want and set VLAN ID as 1015

Next in your own router you tag your WAN port to the same VLAN ID and use DHCP to fetch IP directly from JIO.

@nilava Thanks for the instructions! How did you obtain the information about setting VLAN ID to 1015?

Does anyone know how it's done via the LuCI web interface? Do I just update the VLAN ID 2 to 1015 in the "Network -> Switch" menu?

Hey, did this solution work for you?
The concerns you have raised here also bother me.. i am planning to give jio fiber a try..
let me know if you found a solution.

I have not tried this yet. Perhaps I'll be able to test it soon.

Hi, any luck?