Hello. First post on these forums. I apologize in advance for the wall of text.
I'm moving to Centurylink fiber, new out in my area. Centurylink provides a Zyxel C3000Z router with the service, but I'd like to use a WRT1900ACS with OpenWrt.
Centurylink authenticates the WAN connection using PPPoE, and needs the router to run with Vlan ID=201. No problems there. I can set up the Vlan ID in luci, and the server on Centurylink's end responds as expected.
However, I can't get PPPoE to authenticate correctly. The Zyxel router has an entry for the pppoe username and password in its setup screens. The username is displayed in plain text but it won't display the password.
I called customer support and they told me the password. I've tried the password that they gave me (in plaintext) via OpenWrt and it doesn't connect correctly. I've tried a few capitalization variations as well and it's the same.
There is a "configuration save" option on the Zyxel router. I downloaded the file and looked through for anything that might have been a password. Turns out there's a base64-encoded password with the XML tag "BackupPassword" under the X_404A03_DefaultPPPConfig tag, which seemed promising, so I went ahead and decoded it. It turns out to be 32 bytes long, the first 8 are the ASCII string "Salted__" and the rest looks like line noise (24 random-looking bytes).
I suspect that they hash the password in the router so that the original can't be found, and then the hash is used as the secret for CHAP authentication. Of course, I'm not sure if the "SALTED__" part is part of the secret, or if there is a salt in the other 24 bytes along with the hash of the password, or what hash function is used...
So I had a couple things to ask.
-
Is there a way via the CLI in OpenWrt to initiate a PPPoE connection? I'd prefer not to have to keep doing this testing via Luci if I can avoid it - I'd prefer to start the connection and then check the log files via an ssh connection.
-
How can I try to initiate a connection using a non-ASCII secret for CHAP authentication? I'm sure I can add a /etc/ppp/chap-secrets file but I have no idea how to represent that hashed password I got from the xml config file properly.
I'm going to try to escalate customer service at Centurylink to get a better idea of what's happening with their router to try to replicate it with my OpenWrt router. However, if you have any other ideas I might try, I'd sure appreciate it.
Thanks in advance.