Ah, if it's a limitation of the Entry 2, fair enough then. I just see the two-cable solution promoted a lot in general and our VMG1312 specifically ... and at least for us it doesn't hold true.
Yeah, there really doesn't seem to be cheap Broadcom-based gigabit devices in the wild. For a little while I thought of maybe getting a Zyxel VMG3006, but I just can't bring myself to spend €100+ for it.
+1: I am with you on this, much tidier to just run one cable between router and modem (especially since the monitoring traffic should be minuscule in size).
Thank you, both, for your hints ! I have a switch with 8 ports (SG108PE) between the router and the modem anyway (the router is Raspi4 with only one ethernet port!), and yeah, I can dedicate one port for LAN2 of entry 2. "Modem's address" in this context is whatever the IP address assigned by the router (I would probably do static lease), and not 169.254.. thing, right ?
Now, this two-cable thing is very new to me and I would need to study a lot. Is it something that I could do later without interrupting the internet connection ? Or should I let FB7360+4020 keep working till I figure that all out, if I really want to do it at some point ?
On the other hand, it's not that I understand a lot of what DSL-Info says on FB. Only, when the internet is acting weird, I would look and if there are a lot of errors at Vermittlungsstelle, I would know that APs are not guilty, and if it gets too much, I would call Telekom. The connection is sometimes not very good, I myself experienced only once, where a video conference was disturbed for 1 hour or so, but I sometimes hear similar stories from guests. But I have never seen any nicht behebbare Fehler.
Aside from this issue, I didn't think about setting something in router mode so that I can have it in modem mode: I was actually wondering if I can set things like "Störsicherheit" like in FB. I am going to look at the config of the router mode in any case, before putting it in use.
No, the Entry2 is configured in a restrictive/secure way, and will require your router to use an address in the 169.254.2.1/24 range (so 169.254.2.2 should be fine). The trick then is to add another interface on the router using the same ethernet/VLAN as wan, but configure it with a static address if 169.254.2.2 and a netmask of 255.255.255.0 (and no gateway this really only ever should be used to reach the modem's status page).
Your choice, hard to say, I wiud reserve some time for testing with little customer traffic.
Well, with G.INP even fixed by retransmission errors can/will cause increased latency jitter, which ca make some interactive use-cases hard, ever without ever getting to the CRC error level that hides behind "nicht behebbare Fehler" IIRC.
This will not work, modem mode will reset everything to what ever DT considered sane. So the device acts as dumb bridged-modem and offers zero configurability (that said nothing should be needed for a dumb modem).
I believe none of the speedports offer this. But broadcom modems are said to be maybe not the fastest, but typically pretty stable so with my zyxel I never missed such an option (with my HH5A before however I would have, but that is a story for another time 
)
Thank you very much for the info and your opinion ! I wanted to see your description of entry 2 again, then realized that I'm on a wrong thread 
My posting starting with "I got Speedport...." should have been posted to the other one with "Draytek..." Too late ;;
So entry 2 has Broadcom (as well as your zyxel) and is very stable, so I should not worry about DSL Info, then, even if I don't manage to get it. That's good. With FB, it didn't actually make any difference whether I watched it or adjusted Störsicherheit anyway. And if the modem is 0-configurable, at least I know that I didn't anything wrong there, that's also good.
On the other hand, my entry 2 came with 1 month return policy, so in case you feel like recommending zyxel instead, I could still swap.
Regarding connecting to LAN2 of entry2, in that setting, where should the script from
https://www.onlinekosten.de/forum/showthread.php?p=2432917
be stored/run ? Still on my laptop, or in OpenWRT ? Then I should do chmod +x and ./whatever.sh, and comes the output ? If it's easy enough, I might get it done when I swap the whole thing.
Now I wrote here something that doesn't make much sense, I erased it;;
Since I have not used the Entry2 I can really not tell. I git the Zyxel since my line was quite unstable with the lantig/xrx200/HH5A and I really wanted to monitor the line state (I had written something for the lantiq, but that was a bit cumbersome, especially compared to a ready-made solution like DSLstats). It just turned out that after the modem change and removing 12 meters of bad quality cable in my internal wiring from APL to TAE the link is just extremely stable, so all my monitoring just confirms that (okay, I still occasionally look over the plots/data, but nothing actionable is coming out of that).
So if you want monitoring, the zyxel is a viable option, both the entry2 and the zyxel are limited to 100 Mbps fast-ethernet, while Telekom provisions up tp ~116 Mbps sync resulting in a goodput of >= 100 Mbps, both modems limit that to a goodput of approximately <= 94 Mbps.
That script is designed for a linux host computer that occasionally is connected to LAN2 with a dedicated ethernet-cable. In your situation I would try to set-up a persistent connection to LAN with the required IP address/netmask, in which case the script potentially could be shortened considerably (removing all the linux specific stuff) and the left-over script might actually be runnable on a mac (with a few strategic homebrew/macports packages installed to supply the missing binaries).
Thank you for your reply ! I think for now I'm going to stay with entry 2. After all, it's an "ISP router" of Telekom, and I bought it used from a dealer, can't be wrong in terms of modem functionality.
As for monitoring with two cables, I still haven't quite understood the mechanism: I did understand the setup between OpenWRT and the modem, but the rest I'm not sure. Suppose I had a linux computer, I will put this xxx.sh file in my laptop, and connect with OpenWRT lan interface as usual, either over Ethernet or WLAN. Then run the script. Then the result should come. Is that correct ?
Did you mean by "persistent connection" that I would connect my Mac permanently (i.e. let it sit by the modem all the time)? Mine is a laptop, the modem is in the basement with no heating (It's in a patchpanel cabinet), I'm here a lot now because it's cool and I'm working on routers, but when it's done, I'm not here so much...
But speaking of it, I am preparing another Raspi with the purpose of installing Unifi controller. That's then going to be permanently there in the basement, supposedly connected to the switch between entry 2 and Raspi(OpenWrt). If I do the two cabling thing, and put the xxx.sh to this raspi, can I perhaps ssh to the raspi and execute it ? (I just installed Raspi OS and don't know anything about it yet.)
So the Entry2 (E2 for short) will only supply its webpage on 169.254.2.1 on Lan-port2, so to get to that information you need to connect LAN2 somehow to a computer that is configured in the same network 169.254.2.0/24. Any such machine can then access the router's GUI/status page.
The options are to use a dedicated computer for that purpose, like a Linux laptop that you connect to LAN2 only when you want to access the status page. In that case the posted script on that other forum should more or less work.
But half of the script deals with getting the Linux computer temporarily configured for the 169.254.2.0/24 network and that is something that might be avoidable, if you make a connection from the router with a fixed address in 169.254.2.0/24 (or it might not, but I naively? assume that the E@ will not evaluate the TTL field to assertain tat the web client is directly connected to LAN2).
For starters I would probably try to first get that script working as intended and only then start to see whether that can be streamlined.
If you do that you need to connect that computers ethernet to the E2's LAN2 port, as half of the script just deals with configuring the linix host to use an interface with address 169.254.2.2...
If you want that, you need to add an interface for 169.254.2.2/24 on the router and wire it up correctly, and then you need ot comment out/delete the lines in the script that deal with interfaces...
No, but that any machine in your network (modulo some firewall rules so your customer's machines can not access the modem's status page) can access the modem status page by browsing to https://169.254.2.1 or similar.
Yes, so I would either configure things such that any computer in your network can access the status page as described above, or I would just run a new >= cat5E ethernet cable from the modem to the place where you typically work. I would probably do both, the long cable as quick and dirty work-around to buy enough time to set-up the better solution without time pressure...
Anything between your OpenWrt router and the modem is not going t have access to the internet or to your internal network... (okay with a raspberry pi with single ethernet interface and managed switch, things look slightly different, but conceptually it stays true, machines outside the PPPoE tunnel will only see the router's external address). I would assume that a unifi controller would need to either live inside your network or somewhere ou in the internet...
In theory that might work, but it is not going to be ideal either...
Thank you very much for the explanation ! I think, as you say, I'm just going to try out with using the script and modifying it to make it work with my laptop set with static address. (and connected to LAN2 of the modem) I must say I have never written a script nor learned how to write, I hope I can figure out what to do (I did manage to modify a few scripts in the past, though.)
Yesterday I finished setting up unifi controller (and openspeedtest) on the other Raspi: I swapped them so that OpenWRT gets 2GB RAM and the Unifi gets 4GB RAM, since I ended up installing the OS with all the recommended applications, including free Wolfram Mathematica:) A router wont even need 2GB, I guess ? Once I understand the script as well as Raspi (regarding VLAN: one should be "normal", the other one for the second cable, I guess?), I can try to do the two cable thing, and perhaps make Raspi do the script. And yes, Raspi-Unifi is "conceptually" outside of OpenWRT ("LAN side" ?)
I am out of town next week, I'm going to put entry2-Raspi system into business after I come home, and try to work on DSL status thing. I still haven't given up on mwan3, may be I should learn that first, too. I should organize things so that the Internet-babysitter can do at least minor trouble shooting.... with Unifi on Raspi I can now do remote management at least for Unifi APs
Mmh, in my nomenclature inside would be LAN, outside would be WAN (or semi-WAN, like the proposed fixed address/interface way of addressing the modem on LAN2, but I see no rationale for putting the unifi controller there).
+1.
+1; sounds like a good approach.
Hello! just an update: I did manage to learn mwan3, so I set up two wans for failover (though now I just have one contract: at least I can quickly switch to a router in case entry 2 dies), entry2-Raspi system is now in business 
I am going to study remote access to OpenWRT (if you have some recommendation in this respect I would appreciate that!), then will study DSL-error.sh ! So far DSL seems to be doing well, but I don't use zoom as much as before, so it's hard to tell.
I am wondering, since entry2 as a modem doesn't take care of VLAN7, the router has to be able to tag VLAN7 on WAN. Is it something that any router can do ?
So I have currently two options I use:
A) I have an internal Linux-host that I configured to allow ssh/mosh/X2Go access to and for which I added port forwarding rules to the firewall. If I need to access the router from the outside I can ssh into the linux host and ssh from there to the router, Or using X2Go I can remote control the Linux graphical user interface and can use that to browse to the router's LUCI GUI exposed to the LAN. I use DDNS hosted on duckdns.org to be able to figure out my public IPv4 address from the outside...
B) I added OpenVPN as a service so I can connect remotely into my home network and access the router's GUI from my main laptop's OS.... But I am not a big believer in OpenVPN and use that rarely, but have not yet spend the time to configure wireguard as VPN server on my router...
I mostly use A)...
Thank you for your info !
Did you mean by
that you have a linux computer at home always on-line with the router, which mediates your remote access to the router ?
I guess I should try to learn wireguard. I have no computer which can be constantly on-line... o, unless my raspberry pi with Unifi Controller can do the same ! It does have normal linux, with libre office and so on. Would that work ?
Yes, I have a number of machines that a constantly running, and I set-up firewall rules that allows me to SSH into those machines from outside of my network.
Yes, as long as it sits on the LAN side of your router that should work. If you are using raspian you need to enable ssh access via the raspi-config command line application (or the GUI version of the same tool)
The SSH toggle lives inside "3 Interfaces"... Make sure you use a decent password and preferably also change the user name from the default pi, AND try to set-up login via pre shared keys to lower the risk of some outsude actors taking over your Pi.
Thank you for your info ! I was looking around a way to ssh or remote-use vnc viewer to Raspi, and found remote.it. Just set it up and tried to ssh to the router from guest-SSID (i.e. blocked otherwise) inside remote-VNC viewer, it worked ! I hope it's something safe: it claims that it is safer than other VPN: I have never used VPN so I don't know;; But it's easy and nice For now I do plan to stay with Unifi APs, thus I will have a rapsberry pi at every site, so this method is going to do the job for me, for free
And at least it is two steps into the router, so I feel a bit safer: I should probably not let the browser remember Luci password there.
I am a bit afraid of pre-shared keys, because my laptop is old and can die suddenly. Then I can't ssh from another computer. (or, perhaps I can burn the key on CD or something for emergency?)
Yes, you should be able to keep copies of the relevant keys... (and you certainly should have back-ups of your laptop, so once it dies you can quickly set-up a replacement)...
At this point using a roadwarrior-style VPN is almost always a better/ easier (and often safer) option, if talking to non-public devices on your home network is desired (but of course not the only one, if you know what you're doing - and why).
Thank you for your comments !
I am backing my laptop up but it goes super slow, I'm not sure if I finish backing up before it dies ! As to roadwarrier-style VPN, I looked around what that is, wireguard is one of them, so you mean that would be still better than remote.it, then... ?
In terms of easiness, remote.it was pretty easy, so if it's safe enough, I would stay with it...