OpenWrt defaults to ising MSS clamping to deal with the PPPoE overhead. Reducing the interface MTU to 1492 is not the right solution, since you still need the 8byte pppeo header so the IPv4 MSS would be only be 1444 then.... the key issue is the PPPoE header needs to live inside the MTU. Typically the default MSS clamping does work andvyoy do not need to worry.
Here is a link to a german thread about using/configuring the speedport entry 2 as modem. A bit lengthy but probably worth your time?
https://www.onlinekosten.de/forum/showthread.php?t=145761
As I have personally not tried that I have no first hand experience to share, sorry.
@moeller0 Hello ! Thank you very much for your info ! I did try this morning, and it worked in principle with my VLAN7 tagged ! But I ran into another problem: on AP, I didn't get the right bandwidth: if I connect with the switch untagged over ethernet cable, I get about 80 Mbs, but on the AP I tried, I got just 7Mbs or so. At the location, with my FB7360--FB4020--AP setting, I get about 60Mbs. So I reversed the procedure quickly, now it's back to FB7360-4020 ;;
Since I got a decent speed through ethernet cable, it is very unlikely that speedport is guilty of it. I ran out of time and didn't manage to investigate further, but I don't understand what could cause this drop down to 10%: I would understand better if it didn't work at all: then I made a mistake. But how could it drop by mistake ?
By the way, another question, you mentioned earlier
...if I had not desired to see DSL error stats...
I would like to see DSL errors, too, like on FB. Could you tell me how to do it ?
According to https://www.onlinekosten.de/forum/showthread.php?p=2372354#post2372354 you can (assuming sufficiently recent firmware) use LAN port 2 to connect to the status page (169.254.2.1/html/login/modem.html, so you will need to make sure the interface connecting is in the proper subnet).
The following post claims one can get more information with some contortions: https://www.onlinekosten.de/forum/showthread.php?p=2432917#post2432917
But again, I have myself never used the speedport entry 2 and hence have no first hand experience to offer.
Thanks a lot for the links !
I had thought that you installed/configured something on your OpenWRT so that DSL error statistics shows up there. The status page over 169.254.2.1 didn't seem to have much info, but I looked it up before connecting it to DSL, perhaps something would show up once I actually connect it to DSL. I will also try the nice looking script from the other page (will see if it works on Mac...)
Anyway I have to first find out why I got only 7Mbs where I get 60Mbs with double NAT....
I run DSLstats (from a linux host inside my network) to monitor some stats from my zyxel vmg1312-b30a modem in bridge mode (also a broadcom modem suited for up to 100/40 profile 17a VDSL2 links), but that is considerably less restricted and hence DSLstats can get the required telnet login into the modem and then can run/collect/parse the output of broadcom's xdsl utility. I am pretty sure Deutsche Telekom had the manufacturer of the Entry 2 (Sercomm IIRC) nail down all hatches, so neither telnet not ssh login are likely to be available in modem mode, sorry.
(I also use @takimata's nice collectd script to get data from the modem into the openwrt GUI (which also requires telnet access), as well as his method to keep the RRDtool database persistent so I can look at aggregates over more than the current uptime of the router...)
That is unlikely, as it is tailored for linux binaries like "ip" from iputils2, but it should be possible to have that run from a linux machine... or as much as it pains me, being the one recommending the entry 2 as an option, switch to something less bolted down like a zyxel vmg1312-b30a...
Thank you for the reply !
I looked up "ip" it seems my mac has ip. Only, sometimes usage of a linux command is a bit different, I hope it's not that different that I can modify it to work. Otherwise, I can also try the circus of pressing Esc quickly etc, as it was originally suggested.
I have another project, now I know that I should consider telnetability into account in buying a modem 
I just tried speedtest on FB7360-Rp4 (with SG108PE)-AP, using an AP with no client, it did come out decently. So there is nothing wrong with Rp and the switch. I will try with Speedport again tomorrow: perhaps the last time I didn't wait long enough for it to "warm up" properly.
A linux running in a VM on the mac would work 
That's right. I had forgotten that I had installed linux on Virtualbox (as I started working on Internet thing). It hangs all the time so I haven't really gotten to use it. I have to figure out first why it hangs so much.
But may be it works also on Mac directly, that would be nice.
So, what I would do is set up a second cable from the router to LAN2 on the Entry 2, configure it correctly, such that the router will simply route packets to the modem's address as part of its normal work, in which case the script can be shortened considerably... as no interfaces need to be set up, it requires however that the router has one port available (on its switch) that can be dedicated for that purpose (or worst case a switch can be placed between router and modem, that "splits" the routers uplink to two cables into the modem)....
But I would first look whether the information supplied there is sufficient for your purposes, as I fear it might be a bit too thin... (then again, as long as a link is stable not much monitoring seems needed ;))
Out of curiosity, because I see this recommended all the time: Is there any appreciable benefit from running two cables?
I simply defined a modem interface on the same ethernet port as WAN (in my case eth0.2, my modem is set to 10.127.0.1/24, so my interface will use the next best IP):
config interface 'modem'
option ifname 'eth0.2'
option proto 'static'
option ipaddr '10.127.0.2'
option netmask '255.255.255.0'
and then I put the modem interface into the wan firewall zone.
If the WAN port is tagged it might very slightly complicate things, requiring another untagged VLAN on that same port for that purpose (I never tried, my modem tags the PPPoE connection on its own so I never had to tag my WAN port).
I think the issue is that the speedport entry 2 in 'modem-mode'apparently only bridges LAN1 with the dsl interface and only allows access to its webserver via LAN2. So two cables seem unavoidable, at least on the modem, no?
From the router one cable and two interface definitions on the same ethernet device should work elegantly, but that requires a bridge between router and modem, as far as I understand.
Mind you I never tested the entry2 so it might be possible to reach the the modem's webpage via lan1, but I just do not know.....
But as I understand the Entry 2 if set to modem mode allows zero configuration, but will bridge lan port LAN1 to the DSL modem and will also respond as 169.254.2.1 on LAN2 (apparently only there); if one wants to configure anything, one needs to reset the modem to convert it back to router mode (in which it accepts requests to its webserver on all LAN ports). All in all not a bad design, limited, sure, but inherently pretty safe by default. Alas, only 100Mbps fast ethernet ports (like the zyxel).
Ah, if it's a limitation of the Entry 2, fair enough then. I just see the two-cable solution promoted a lot in general and our VMG1312 specifically ... and at least for us it doesn't hold true.
Yeah, there really doesn't seem to be cheap Broadcom-based gigabit devices in the wild. For a little while I thought of maybe getting a Zyxel VMG3006, but I just can't bring myself to spend €100+ for it.
1 Like
+1: I am with you on this, much tidier to just run one cable between router and modem (especially since the monitoring traffic should be minuscule in size).
Thank you, both, for your hints ! I have a switch with 8 ports (SG108PE) between the router and the modem anyway (the router is Raspi4 with only one ethernet port!), and yeah, I can dedicate one port for LAN2 of entry 2. "Modem's address" in this context is whatever the IP address assigned by the router (I would probably do static lease), and not 169.254.. thing, right ?
Now, this two-cable thing is very new to me and I would need to study a lot. Is it something that I could do later without interrupting the internet connection ? Or should I let FB7360+4020 keep working till I figure that all out, if I really want to do it at some point ?
On the other hand, it's not that I understand a lot of what DSL-Info says on FB. Only, when the internet is acting weird, I would look and if there are a lot of errors at Vermittlungsstelle, I would know that APs are not guilty, and if it gets too much, I would call Telekom. The connection is sometimes not very good, I myself experienced only once, where a video conference was disturbed for 1 hour or so, but I sometimes hear similar stories from guests. But I have never seen any nicht behebbare Fehler.
Aside from this issue, I didn't think about setting something in router mode so that I can have it in modem mode: I was actually wondering if I can set things like "Störsicherheit" like in FB. I am going to look at the config of the router mode in any case, before putting it in use.
No, the Entry2 is configured in a restrictive/secure way, and will require your router to use an address in the 169.254.2.1/24 range (so 169.254.2.2 should be fine). The trick then is to add another interface on the router using the same ethernet/VLAN as wan, but configure it with a static address if 169.254.2.2 and a netmask of 255.255.255.0 (and no gateway this really only ever should be used to reach the modem's status page).
Your choice, hard to say, I wiud reserve some time for testing with little customer traffic.
Well, with G.INP even fixed by retransmission errors can/will cause increased latency jitter, which ca make some interactive use-cases hard, ever without ever getting to the CRC error level that hides behind "nicht behebbare Fehler" IIRC.
This will not work, modem mode will reset everything to what ever DT considered sane. So the device acts as dumb bridged-modem and offers zero configurability (that said nothing should be needed for a dumb modem).
I believe none of the speedports offer this. But broadcom modems are said to be maybe not the fastest, but typically pretty stable so with my zyxel I never missed such an option (with my HH5A before however I would have, but that is a story for another time )
Thank you very much for the info and your opinion ! I wanted to see your description of entry 2 again, then realized that I'm on a wrong thread My posting starting with "I got Speedport...." should have been posted to the other one with "Draytek..." Too late ;;
So entry 2 has Broadcom (as well as your zyxel) and is very stable, so I should not worry about DSL Info, then, even if I don't manage to get it. That's good. With FB, it didn't actually make any difference whether I watched it or adjusted Störsicherheit anyway. And if the modem is 0-configurable, at least I know that I didn't anything wrong there, that's also good.
On the other hand, my entry 2 came with 1 month return policy, so in case you feel like recommending zyxel instead, I could still swap.
Regarding connecting to LAN2 of entry2, in that setting, where should the script from
https://www.onlinekosten.de/forum/showthread.php?p=2432917
be stored/run ? Still on my laptop, or in OpenWRT ? Then I should do chmod +x and ./whatever.sh, and comes the output ? If it's easy enough, I might get it done when I swap the whole thing.
Now I wrote here something that doesn't make much sense, I erased it;;
Since I have not used the Entry2 I can really not tell. I git the Zyxel since my line was quite unstable with the lantig/xrx200/HH5A and I really wanted to monitor the line state (I had written something for the lantiq, but that was a bit cumbersome, especially compared to a ready-made solution like DSLstats). It just turned out that after the modem change and removing 12 meters of bad quality cable in my internal wiring from APL to TAE the link is just extremely stable, so all my monitoring just confirms that (okay, I still occasionally look over the plots/data, but nothing actionable is coming out of that).
So if you want monitoring, the zyxel is a viable option, both the entry2 and the zyxel are limited to 100 Mbps fast-ethernet, while Telekom provisions up tp ~116 Mbps sync resulting in a goodput of >= 100 Mbps, both modems limit that to a goodput of approximately <= 94 Mbps.
That script is designed for a linux host computer that occasionally is connected to LAN2 with a dedicated ethernet-cable. In your situation I would try to set-up a persistent connection to LAN with the required IP address/netmask, in which case the script potentially could be shortened considerably (removing all the linux specific stuff) and the left-over script might actually be runnable on a mac (with a few strategic homebrew/macports packages installed to supply the missing binaries).
Thank you for your reply ! I think for now I'm going to stay with entry 2. After all, it's an "ISP router" of Telekom, and I bought it used from a dealer, can't be wrong in terms of modem functionality.
As for monitoring with two cables, I still haven't quite understood the mechanism: I did understand the setup between OpenWRT and the modem, but the rest I'm not sure. Suppose I had a linux computer, I will put this xxx.sh file in my laptop, and connect with OpenWRT lan interface as usual, either over Ethernet or WLAN. Then run the script. Then the result should come. Is that correct ?
Did you mean by "persistent connection" that I would connect my Mac permanently (i.e. let it sit by the modem all the time)? Mine is a laptop, the modem is in the basement with no heating (It's in a patchpanel cabinet), I'm here a lot now because it's cool and I'm working on routers, but when it's done, I'm not here so much...
But speaking of it, I am preparing another Raspi with the purpose of installing Unifi controller. That's then going to be permanently there in the basement, supposedly connected to the switch between entry 2 and Raspi(OpenWrt). If I do the two cabling thing, and put the xxx.sh to this raspi, can I perhaps ssh to the raspi and execute it ? (I just installed Raspi OS and don't know anything about it yet.)