[SOLVED] Turning a Xdsl lede router functionally into a bridged vdsl-modem

Dear All,
I just got my hands on a bt home hub 5a running LEDE 17.01.2 and this seemed like a nice replacement for my old VDSL modem and wndr3700v2 at the same time.
Unfortunately however, running the vdsl interface, NAT, PPPoE, sqm/cake for a 50/10Mbps link, and two wlan radios on that device seems to require more CPU cycles than this router has to spare.
Symptom: while running a taxing speedtest over the 5GHz radio or even a lan port, the router runs at a flat 0% idle and 95+% sirq.
Since I still have the old router that could do all of the above (modulo the vdsl interface/modem) with cycles to spare, I now plan to have the home hub just run the vdsl duty in bridge mode, so my old router will keep doing its job.
I would guess in principle, "all" I need to do is to disable the firewall and bridge the ptm interface with the lan switch (bonus points for allowing to pass vlan tags from the LAN ports to the ptm0 interface). That seems almost too easy conceptually (and yet I have no clue yet how to achieve that in practice).
If anyone has done that already or failed doing so I would love to hear about it... I have seen https://forum.openwrt.org/t/wan-dsl-bridge-mode/912 but that did not really end up successful (or at least the success report is missing).

{SOLUTION] thanks to @Trismo I got a working configuration (my ISP is deutsche telekom (DTAG), the link is a VDSL50 link @BRAS without vectoring, I expect I will need to get a vectoring capable firmware on the modem once vectoring is activated on my link, but I will cross that bridge once I get there... Anyway, DTAG uses PPPoE and VLAN7 between the modem and the BRAS/BNG):
on the home hub 5 a:
root@BTHH5A:~# cat /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd9:e73d:3c4a::/48'

config atm-bridge 'atm'
	option vpi '1'
	option vci '32'
	option encaps 'llc'
	option payload 'bridged'

config dsl 'dsl'
	option xfer_mode 'ptm'
	option annex 'b'
	option tone 'bv'
	option line_mode 'vdsl'

config device 'ptm_dev'
	option ifname 'ptm0'
	option name 'ptm0.7'
	option type '8021q'
	option mtu '1500'
	option mac 'AA:BB:CC:DD:EE:FF'
	option vid '7'

config interface 'modem'
	option type 'bridge'
	option delegate '0'
	option _orig_ifname 'eth0.2 ptm0.7'
	option _orig_bridge 'true'
	option ifname 'eth0.7 ptm0.7'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.100.1'
	option _orig_ifname 'eth0.1 wlan0 wlan1'
	option _orig_bridge 'true'
	option ifname 'eth0.1 eth0.2'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr 'c8:91:FF:FF:FF:FF'

config interface 'wan'
	option proto 'pppoe'
	option ipv6 '1'
	option pppd_options 'debug'
	option _orig_ifname 'ptm0.101'
	option _orig_bridge 'false'
	option ifname 'ptm0.7'
	option username '${SECRETNUMBER}@t-online.de'
	option password '${SECRETPASSWORD}'

config device 'wan_dev'
	option name 'ptm0'
	option macaddr 'AA:BB:CC:DD:EE:FF'

config interface 'wan6'
	option ifname '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0 1 2 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '5t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '5t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option ports '5t 6t'
	option vid '4'

config switch_vlan
	option device 'switch0'
	option vlan '5'
	option vid '5'
	option ports '5t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '6'
	option vid '6'
	option ports '5t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '7'
	option vid '7'
	option ports '5t 6t'

I left my wan pppoe stanza in there, in case I quickly want to turn the modem into a full router, but this is not connected.

The more critical part seems to have been to fill up all VLAN IDs up to the highest in use, other wise it seems neither the VLAN7 packets for the modem bridge nor the VLAN2 packets for the lan bridge were delivered correctly. On the wndr3700v2 I have the following noteworthy sections in /etc/config/network:

config interface 'wan'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'pppoe'
	option ipv6 'auto'
	option ifname 'eth1.7'
	option username '${SECRETNUMBER}@t-online.de'
	option password '${SECRETPASSWORD}'

config interface 'WAN4BTHH5A'
	option proto 'static'
	option ipaddr '192.168.100.2'
	option netmask '255.255.255.0'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option ifname 'eth1.2'

WAN4BTHH5A is also assigned to the wan firewall zone. And that basically seems to do what I want, offloading PPPoE&NAT&SQM from the home hub, but still allowing easy access to the home hub's LUCI GUI. I believe I learned a bit about VLANs, so thanks again @trismo.

What I am not too sure about is how save this is against attacks from the outside; but it certainly is nice to have a 'VDSL-modem" with all the bells and whistles LEDE can offer :wink:

Best Regards

A simple bridge should working.

/etc/config/network

config dsl 'dsl'
	option annex 'A' 
	option xfer_mode 'ptm'

config device 'ptm_dev'
	option ifname 'ptm0'
	option mtu '1508'
	option mac 'XX'

config interface 'modem'
	option type 'bridge'
	option ifname 'ethX.X ptm0'
	option mtu '1508'

/etc/config/firewall
...

config zone
	option name 'modem'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'modem

or disable firewall

And setup config switch & config switch_vlan
i dont know the switch config for this device but default is allways eth0.1 or eth1.1 for lan.

EDIT MTU 1508 for mini jumbo frame if you provider support it.

1 Like

Bad switch just can handle only mtu with 1500 and ptm0 dint work with bridge CONFIG_BRIDGE_VLAN_FILTERING not set

config device 'ptm0'
option type '8021q'
option name 'ptm0.7'

config interface 'modem'
option type 'bridge'
option ifname 'ethX.X ptm0.7'

this work

1 Like

Thanks for your help. Yesterday I went and tried, but I screwed up and needed to go the failsafe route to get things back into something resembling working order. After that I called it a day; I will try again. One question I have is how can I keep access to the "modemized home hub" via its LAN ports. So I would like to be able to access its GUI via say 192.168.100.1 via LAN (I would not care if I needed to create a dedicated VLAN to pull this off); as it is quite interesting to be able to watch/monitor the vdsl link parameters occasionally.
Again thank you very much.

Best Regards

P.S.: My ISP does not currently allow baby jumbo frames at all and for the future I believe they (DTAG) intend to get rid of PPPoE completely.

isolate the wan port H5A i think is safe way

config dsl 'dsl'
	option annex 'B' 
	option xfer_mode 'ptm'

config device 'ptm_dev'
	option ifname 'ptm0'
	option name 'ptm0.7'
	option type '8021q'
	option mtu '1500'
	option mac 'XX'
	option vid '7'

config interface 'modem'
	option type 'bridge'
	option ifname 'eth0.2 ptm0.7'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.100.1'
	option netmask '255.255.255.0'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 6t'

ok with this config you can get a connect with a 2nd lan cable easy
if you want to connect over your router wan port you can add eth0.1 on modem bridge
and add a interface on you router wd3700

config interface 'modem'
	option ifname 'eth0.2' # your wan port
	option proto 'static'
	option ipaddr '192.168.100.2'
	option netmask '255.255.255.0'

and add custom firewall rule

/usr/sbin/iptables -t nat -I postrouting_rule -s 192.168.1.0/24 -d 192.168.100.1 -j SNAT --to 192.168.100.2
/usr/sbin/iptables -I zone_lan_forward -s 192.168.1.0/24 -d 192.168.100.1 -j ACCEPT
1 Like

Hi Trismo,

wahoo, thank you very much. I will test this once I am back at the router.

Yepp, I have that for my old modem already, for the firewall I just added the interface to the WAN firewall zone, and that worked. I have not yet tried whether I can tunnel through that from the outside though (my old modem did not allow shell access so I could not test that, but the lede on the modemized home hub will allw this so I can and will test that!)

Best Regards

This is nice, and works for my ISPs static vlan7 quite nicely. Thanks a lot.

This started to work once I configured a /24 instead of a /32 on the WAN4BTHH5A interface, but interestingly the connection also works via the two (not yet disabled) wifi radios...

That is the next thing to tackle...

Thanks for your help.

Best Regards

I tried to get the red WAN port at the back to share the dsl to a 2nd external router:
Going through Luci:
http://192.168.5.1/cgi-bin/luci/admin/network/network/man
Interface
Ethernet Switch: "eth0" Ethernet Switch: "eth0"
Switch VLAN: "eth0.1" Switch VLAN: "eth0.1" (lan)
Switch VLAN: "eth0.2" Switch VLAN: "eth0.2" (man)
Ethernet Adapter: "ptm0" Ethernet Adapter: "ptm0" (man)
Software VLAN: "ptm0.35" Software VLAN: "ptm0.35" (wan)
but it doesn't work.
If I try to bridge ptm0.35 in with the man, the HH5A internet stops.
I enabled DHCP server on man and it works on the external router, verifying the connection.

I do not fully get what exactly you are trying to achieve here, and since I only just learned how to make this work (thanks again @trismo ) I believe I can not really help much...

Best Regards

I finally got the red WAN port at the back to share the dsl to an external router, using a third VLAN:
Going through Luci:
http://192.168.5.1/cgi-bin/luci/admin/network/network/man1
Interface
Ethernet Switch: “eth0” Ethernet Switch: "eth0"
Switch VLAN: “eth0.1” Switch VLAN: “eth0.1” (lan)
Switch VLAN: “eth0.2” Switch VLAN: “eth0.2” (wan)
Switch VLAN: “eth0.3” Switch VLAN: “eth0.3” (ptm035)
Software VLAN: “ptm0.35” Software VLAN: “ptm0.35” (br-ptm035)
Network Status Actions
PTM035 (eth0.3 ptm0.35) br-ptm035
Uptime: 3h 18m 35s
MAC-Address: :::::
RX: 1.60 KB (21 Pkts.)
TX: 738 B (7 Pkts.)
IPv4: 192.168.105.1/24
Connect Stop Edit Delete
LAN
(eth0.1Master "BTHub5AC"Master "BTHub5")
br-lan
Uptime: 3h 18m 35s
MAC-Address: :::::
RX: 774.86 KB (7404 Pkts.)
TX: 2.14 MB (6276 Pkts.)
IPv4: 192.168.5.1/24

Connect Stop Edit Delete
WAN eth0.2

not quite on the same subject, but on the same router and mentioned above; Has anyone tried to get the lantiq switch to do mini-jumbo frames? Latest stable 17.1.3 still complains if mtu is set > 1500. I did try to mod (it's on the forum somewhere) to allow 1508, but I'm pretty sure it did not actually work with 1508 bytes.
I'm very keen to use the hh5a with PPPoE and still achieve a full 1500 mtu to the internet via a hauwai GPON (8240).
(fyi. my hhv5a working direct with VDSL with 1508 byte mtu is working great....)

If it is not the same subject, why are you hijacking this thread?
Please create a new topic for your question (as you already have done: Good cheap router capable of 1508 byte mini jumbo frames on ethernet?)

Actually, it is kind of the same subject; as trismo pointed out, to run ptm0 over ethernet, 1508 is ideal if your ISP supports it, except the lantiq switch does not support it in current LEDE :(. As it had been discussed here, and discussion of 1508 byte packets is very rare on the forum, I thought it a very relevant addition to the thread, especially as it was the exact same hardware.