[SOLVED] Mochabin WAN over SFP VDSL2 Modem Deutsche Telekom


I received shortly before Christmas my Indiegogo contribution for the Mochabin OpenWRT.
I have tried so set up the well known ALLNET SFP-VDSL2 on the WAN port.

But honestly, after hours of trying, I gave this one up. I know, that I have to tag the WAN Port with VLAN ID 7, but at the moment, I am totally unsure, if:

  • The Mochabin supports the Allnet 4781 SFP VDSL2 (I worked on a previous Sophos Firewall)
  • I am not sure, if I set up the WAN correctly, as the OpenWRT version supports DSA only

To set up the WAN, here is, what I have done:

  • The br-wan default device includes eth0 and eth2, which are the two SFP port of the device
  • Create a VLAN on br-wan, which assigned to both interfaces (eth0 and eth2) the number 7 as tagged
  • In the main view for network, I edited the wan entry to use br-wan.7 and set up the PPPoE connection with the credentials of Telekom
  • I have set the MTU to 1492, but I am not sure, if br-wan.7 is the correct place for this

If anybody is having some clue, some configuration to look at, I would give it another try. Otherwise...I would offer the device on something like eBay.


At first glance, this sounds wrong or at least overly complicated. You should not have to have a br-wan device at all because you actually don't need to bridge eth0 and eth2 (you only have a modem in one of the ports, right?). Assuming your modem is at eth0, directly using it as eth0.7 for WAN should be enough:

config interface 'wan'
        option device 'eth0.7'
        option proto 'pppoe'
        (and the other settings and credentials here)

OpenWrt's defaults will mostly solve the "MTU" issue for you so generally nothing to do

Do I have to apply any special settings to eth0 to make this work?

No, just use it directly. By simply adressing eth0 as eth0.7 it will automatically be tagged with VLAN 7.

It finally worked out with the following setting to get the SFP Modem Up and Running.
I added the two lines for "option device" and "option proto" via SSH manually in file /etc/config/network.
After the reboot, I added the Telekom credentials via GUI.

Thanks for your support.

config interface 'loopback'                                                                                                                
        option device 'lo'                                                                                                                 
        option proto 'static'                                                                                                              
        option ipaddr ''                                                                                                          
        option netmask ''                                                                                                         
config globals 'globals'                                                                                                                   
        option ula_prefix 'fd06:ea47:0330::/48'                                                                                            
config device                                                                                                                              
        option name 'br-lan'                                                                                                               
        option type 'bridge'                                                                                                               
        list ports 'eth1'                                                                                                                  
        list ports 'lan0'                                                                                                                  
        list ports 'lan1'                                                                                                                  
        list ports 'lan2'                                                                                                                  
        list ports 'lan3'                                                                                                                  
config interface 'lan'                                                                                                                     
        option device 'br-lan'                                                                                                             
        option proto 'static'                                                                                                              
        option ipaddr ''                                                                                                        
        option netmask ''                                                                                                     
        option ip6assign '60'                                                                                                              
config device                                                                                                                              
        option name 'br-wan'                                                                                                               
        option type 'bridge'                                                                                                               
        list ports 'eth0'                                                                                                                  
        list ports 'eth2'                                                                                                                  
config interface 'wan'                                                                                                                     
        option device 'eth0.7'                                                                                                             
        option proto 'pppoe'                                                                                                               
        option username '******************0001@t-online.de'                                                                         
        option password '*************************'                                                                         
        option ipv6 'auto'                                                                                                                 
        option mtu '1500'                                                                                                                  
config interface 'wan6'                                                                                                                    
        option device 'br-wan'                                                                                                             
        option proto 'dhcpv6'

Why do you bridge eth0 and eth2?

1 Like

You're very welcome, glad it works now.

I agree with @moeller0, this section here:

is completely superfluous and can, maybe eben should, be removed. Not only do you not need to bridge eth0 and eth2(your two SFP ports), it prevents you from using eth2 for something else (e.g., you could stick another ethernet adapter in and add it to br-lan).

You should also change this to device '@wan', an alias that refers to "wherever-you-get-wan-from",

Start the new year with a tidy configuration. :wink:

1 Like

The br-wan element is the default configuration of Mochabin.
The quick start guide states:
ETH2 is a SFP+/RJ45 WAN ports, which can power up the entire Router with PoE (PoE in, not out).
The ETH0 interface is intended as failback and becomes active, when ETH2 fails.

The SFP/VDSL is behind my previous FritzBox. 105/42 (on a 17a, 100/50 line) vs. 72/36 with the SFP.
Somehow, it takes longer to resolve DNS entries….

…sometimes, the modem doesn’t connect via DSL after power up the router. Error states „USER_REQUEST“).

Mmmh, why use the SFP module then? 105/42 looks considerably higher than 72/36...
BTW, in Germany the 17a lines from Deutsche Telekom are nominally 100/40 with a true maximum sync of 116.800 / 46.720 Mbps (this is documented in the standard contracts for bit stream access). 100/50 is only used for FTTH/GPON links...

Interesting approach, my turris omina also has an 8P8C connector (for RJ45 plugs) as well as an SFP cage, but only one can be used at any time, but both report as eth2 IIRC and need to be switched somehow. Having both available is not all that bad, even though it is a bit of a waste if the SFP cage is used.

Oh, so Mochabin's OpenWrt distribution does some fancy multi-wan failover? That would have been nice to know, it's not how vanilla OpenWrt does things.

I'm thoroughly confused as to how it works in practice, though. How would both the FritzBox and the SFP VDSL modem get their uplink? Someone please correct me if I'm completely wrong here, but I always thought the DSL "bellphone wire" can be hooked up to one modem, not to two modems simultaneously.

My reading was that these where mutually exclusive options?

And for multiwan like mwan3 I assumed the interfaces should not be bridged....

Of course, there are possibilities two have to DSL lines available. This would be suitable for some SOHO environments.

Actually, I am having this SFP modem, wanted to use it on my previous SOPHOS firewall, where I faced several Internet drops, approx. 3 times every hour.
The FritzBox devices are well-designed consumer devices, which are missing only a few key features:

  • VPN Client feature to connect NordVPN / Cyberghost / ...
  • Multiple DNS addresses provided via the DHCP settings (AdGuard)
  • VLAN support to separate IoT devices like my vacuum cleaner from more sensitive devices (I am aware of the Guest WLAN/LAN feature, but I don't want to open another Wireless network)

So, by contributing to the Mochabin OpenWRT router, I hoped to:

  • have no external modem, occupying a power socket
  • bringing services like RADIUS, SNMP, VLAN, AdGuard, URL-based VPN-Connection to one device

For the Wireless LAN I am preferring Standalone Access Point, to place them in a better position and benefit from the specific features. But this approached failed more or less, as I am having now the fourth brand at my department:

  • Ubiquiti / Unifi (good design for an apartment, but having no on-device-controller)
  • Mikrotik (a hell of configuration, late on Wifi6)
  • Ruckus (great engineered devices, had the same signal strength by less power, but I face some drop outs on the 5Ghz band)
  • HPE Aruba (poor options, but good design, also drop outs on the 5Ghz band - more than Ruckus)

I am still waiting for another device, a TPLink Router (ER7212PC). This one is another try, to at least combine router and 8-port-POE-Switch into one device...

Oh I am not saying you should use the FritzBox as router but as modem... instead of the somewhat disappointingly syncing SFP-modem.

Mmmh, fair enough, integrating the modem might help save some watts od continuous power draw.

Well that would be the same with an OpenWrt router behind a bridged-modem? (As far as I know DT does not support SNMP to the DSLAM.)

Ah, thanks, for a hot minute I questioned my sanity. Especially since your initial attempt was to apply the same protocol and credentials (PPPoE) to both the ports in the bridge.

I have talked with Allnet, the vendor of the modem. They argued, that the modem is on such small place constructed, that it is more affected by signal interference.
Besides that, a strong reliable DSL connection is one of the arguments to go for an AVM FritzBox.

I have captured myself a small VDSL2 modem from Allnet, external as new approach. This one can be powered up by a PoE splitter with DC connector. It consumes 12V / 0.5A, so quite low.

Returning to the Mochabin: I cannot setup the Wifi Access Point, there's no entry in the menu. The device is using an NXP 88W9098, if my information is correctly. Further more, a cannot detect any entry for the included 5G Cellular module. Is anybody having experiences on these two issues?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.