Hi guys. I have an ONT from my ISP G-240W-C (10.2.2.1) it is connected on fiber with PPPoE protocol. Right ahead I have a main router running OpenWrt (10.4.4.1).
I wish I could connect my router to my PPPoE router
DIR-878 A1
22.03.4
So you want to add a third router?
No, I just want to be able to authenticate PPPoE on my OpenWrt router, and my ONT would only pass fiber
Does your ONT support a bridge mode like that? And do you have the PPPoE credentials that are required (as well as any other details like VLANs, if applicable)? If so, it's easy to have OpenWrt handle the PPPoE connection.
2 Likes
Yes, I have the credentials and VLAN ID. yes it supports bridge
So it should be pretty simple to setup...
Here's a recent example of a working setup:
Let us know if you have other questions.
2 Likes
Thanks, that worked.
Now, I want to continue reaching my ONT through my router, typing in the IP address and being able to get into its GUI. How can I do this?
Now this message appears when I try to enter the ONT connected to my router (ERR_ADDRESS_UNREACHABLE)
With PPPoE connections, you often need to create an additional (sometimes alias) interface with a static IP in the appropriate subnet.
See this thread;
Let me see if I understand. I need in case to use 2 router ports. 1 for PPPoE and 2 for connecting to my ONT?
Since I am using my router authenticating PPPoE I am getting many logs of this message
DHCP packet received on wan.120 which has no address
DHCP packet received on wan.120 which has no address
No, two interfaces on the same physical port.
I tried, it didn't work that way. Can you help me?
Let's see what did you try.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
"kernel": "5.10.176",
"hostname": "DIR-878",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "D-Link DIR-878 A1",
"board_name": "dlink,dir-878-a1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.4",
"revision": "r20123-38ccc47687",
"target": "ramips/mt7621",
"description": "OpenWrt 22.03.4 r20123-38ccc47687"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fde7:9d17:304b::/48'
config device
option name 'br-lan'
option type 'bridge'
option igmp_snooping '1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.4.4.1'
config device
option type 'bridge'
option name 'br-vlan'
list ports 'lan4'
option igmp_snooping '1'
config bridge-vlan
option device 'br-vlan'
option vlan '10'
list ports 'lan4'
config interface 'vlan10'
option proto 'static'
option device 'br-vlan.10'
option ipaddr '10.5.5.1'
option netmask '255.255.255.0'
config device
option type 'bridge'
option name 'br-nonassign'
option igmp_snooping '1'
config bridge-vlan
option device 'br-nonassign'
option vlan '10'
config bridge-vlan
option device 'br-nonassign'
option vlan '20'
config interface 'guest'
option proto 'static'
option device 'br-nonassign.10'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option type 'bridge'
config interface 'vpn'
option proto 'static'
option device 'br-nonassign.20'
option netmask '255.255.255.0'
option ipaddr '192.168.7.1'
option type 'bridge'
config rule
option in 'vpn'
option lookup 'wireguard'
option priority '32765'
option dest '0.0.0.0/0'
config interface 'wan'
option proto 'pppoe'
option device 'wan.120'
option username 'xxx'
option password 'xxxx'
option ipv6 'auto'
config device
option type 'bridge'
option name 'br-ont'
list ports 'lan1'
config bridge-vlan
option device 'br-ont'
option vlan '10'
list ports 'lan1'
config device
option name 'br-ont.10'
option type '8021q'
option ifname 'br-ont'
option vid '10'
config interface 'ont'
option proto 'static'
option netmask '255.255.255.0'
option device 'br-ont.10'
option ipaddr '10.2.2.2'
config interface 'wg0'
option proto 'wireguard'
list addresses '10.2.0.2/32'
option private_key 'XXXXXXXXXXXXXXXXX'
config wireguard_wg0
option description 'US-840005'
list allowed_ips '0.0.0.0/0'
option endpoint_host '217.138.206.82'
option endpoint_port '51820'
option persistent_keepalive '25'
option public_key 'sO0hbNR4SdiWaLupXsP7KqP3g5Oyiovc+ggImLNIOGk='
config route
option interface 'wg0'
option target '0.0.0.0/0'
option table 'wireguard'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'ont'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
option name 'vlan'
list network 'vlan10'
config forwarding
option dest 'wan'
option src 'vlan'
config rule
list proto 'udp'
option dest_port '67'
option target 'ACCEPT'
option src 'vlan'
option name 'Allow-DHCP-vlan'
config rule
option dest_port '53'
option target 'ACCEPT'
option src 'vlan'
option name 'Allow-DNS-vlan'
config zone
option name 'guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Allow-DHCP-guest'
list proto 'udp'
option src 'guest'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-guest'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Deny-All-Ports-guest'
list proto 'all'
option src 'guest'
option target 'REJECT'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'vpn'
config zone
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option name 'wg'
list network 'wg0'
config rule
option name 'Allow-DHCP-vpn'
list proto 'udp'
option src 'vpn'
option dest_port '67'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-vpn'
option src 'vpn'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Deny-All-Ports-vpn'
list proto 'all'
option src 'vpn'
option target 'REJECT'
config rule
option dest 'vlan'
option src 'lan'
option name 'Remote-Access-LAN-to-VLAN'
option target 'ACCEPT'
config forwarding
option src 'vpn'
option dest 'wg'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 10.4.4.1/24 brd 10.4.4.255 scope global br-lan
valid_lft forever preferred_lft forever
12: br-ont.10@br-ont: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN qlen 1000
inet 10.2.2.2/24 brd 10.2.2.255 scope global br-ont.10
valid_lft forever preferred_lft forever
14: br-vlan.10@br-vlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 10.5.5.1/24 brd 10.5.5.255 scope global br-vlan.10
valid_lft forever preferred_lft forever
17: br-nonassign.10@br-nonassign: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.4.1/24 brd 192.168.4.255 scope global br-nonassign.10
valid_lft forever preferred_lft forever
18: br-nonassign.20@br-nonassign: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.7.1/24 brd 192.168.7.255 scope global br-nonassign.20
valid_lft forever preferred_lft forever
22: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
inet 100.64.6.149 peer 100.65.5.193/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
23: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
inet 10.2.0.2/32 brd 255.255.255.255 scope global wg0
valid_lft forever preferred_lft forever
default dev wg0 table wireguard scope link
default via 100.65.5.193 dev pppoe-wan
10.2.2.0/24 dev br-ont.10 scope link src 10.2.2.2
10.4.4.0/24 dev br-lan scope link src 10.4.4.1
10.5.5.0/24 dev br-vlan.10 scope link src 10.5.5.1
100.65.5.193 dev pppoe-wan scope link src 100.64.6.149
192.168.4.0/24 dev br-nonassign.10 scope link src 192.168.4.1
192.168.7.0/24 dev br-nonassign.20 scope link src 192.168.7.1
217.138.206.82 via 100.65.5.193 dev pppoe-wan
local 10.2.0.2 dev wg0 table local scope host src 10.2.0.2
broadcast 10.2.2.0 dev br-ont.10 table local scope link src 10.2.2.2
local 10.2.2.2 dev br-ont.10 table local scope host
src 10.2.2.2
broadcast 10.2.2.255 dev br-ont.10 table local scope link src 10.2.2.2
broadcast 10.4.4.0 dev br-lan table local scope link src 10.4.4.1
local 10.4.4.1 dev br-lan table local scope host src 10.4.4.1
broadcast 10.4.4.255 dev br-lan table local scope link src 10.4.4.1
broadcast 10.5.5.0 dev br-vlan.10 table local scope
link src 10.5.5.1
local 10.5.5.1 dev br-vlan.10 table local scope host src 10.5.5.1
broadcast 10.5.5.255 dev br-vlan.10 table local scope link src 10.5.5.1
local 100.64.6.149 dev pppoe-wan table local scope host src 100.64.6.149
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.4.0 dev br-nonassign.10 table local scope link src 192.168.4.1
local 192.168.4.1 dev br-nonassign.10 table local scope host src 192.168.4.1
broadcast 192.168.4.255 dev br-nonassign.10 table local scope link src 192.168.4.1
broadcast 192.168.7.0 dev br-nonassign.20 table local scope link src 192.168.7.1
local 192.168.7.1 dev br-nonassign.20 table local scope host src 192.168.7.1
broadcast 192.168.7.255 dev br-nonassign.20 table local scope link src 192.168.7.1
0: from all lookup local
32765: from all iif br-nonassign.20 lookup wireguard
32766: from all lookup main
32767: from all lookup default
root@DIR-878:~#
Does the ont expect to receive vlan 10 tagged frames? Morever it is using different interface.
Something like this should be enough
config interface 'ont'
option proto 'static'
option netmask '255.255.255.0'
option device 'wan'
option ipaddr '10.2.2.2'
1 Like
I get this response after changes ERR_CONNECTION_REFUSED
ONT port 1 is in a bridge that reaches port wan of my router that performs PPPoE authentication
Connection is blocked by the server, due to acl or firewall.
Verify by capturing some packets:
opkg update; opkg install tcpdump; tcpdump -i wan -c 10 -vn host 10.2.2.1
15:02:17.826284 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:18.866285 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:19.911286 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:20.946263 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:21.986293 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:28.096930 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:29.106285 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:30.146284 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
15:02:31.190752 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.2.2.1 tell 10.2.2.2, length 28
10 packets captured
22 packets received by filter
0 packets dropped by kernel
[1]+ Stopped tc