I just set up OpenWrt on a Fritz!Box 4040 and now I try to configure internet access (ISP is Deutsche Telekom).
I know that I need to configure VLAN tagging with ID 7. I already found a German explanation on the ISP's forum.
Unfortunately I cannot follow the instructions because the WAN interface (eth1) does not occur on the switch configuration page. Only the LAN ports associated to eth0 are there.
Therefore, I just opened the "Physical Settings" page of the WAN interface and typed in the "Custom Interface" eth1.7. (I did this for WAN and WAN6)
This does not seem to work since I only get "Connection attempt failed".
The first question is, what kind of Link are you using, FTTH/fiber, DOCSIS/cable or FTTC/VDSL2? Then what other device sits between your FB4040 and the Internetsocket?
I think it is the only interface in WAN. but WAN and WAN6 are configured equally. That means I gave them both the login data and set custom interface to eth1.7. See screenshots:
When I look at the system log, I see the following:
Thu Aug 16 13:25:01 2018 daemon.notice pppd[10336]: pppd 2.4.7 started by root, uid 0
Thu Aug 16 13:25:13 2018 daemon.warn pppd[10281]: Timeout waiting for PADO packets
Thu Aug 16 13:25:14 2018 daemon.err pppd[10281]: Unable to complete PPPoE Discovery
Thu Aug 16 13:25:14 2018 daemon.info pppd[10281]: Exit.
EDIT: I thought maybe the ISP is blocking me due to malformed connection attempts in the beginning. But waiting an hour and trying again did not solve the problem. I flashed the AVM stock image back to the FB4040, restored the settings and internet is working again. I captured the PPPoE traffic. There, the PADI request is regularly answered with PADO and the protocol flow continues. Don't know what's wrong with my OpenWrt setup.
That is not required, DTAG uses the IPv4 PPPoE Session to also negotiate the IPv6 Prefix for the router and also the homenetwork. Here is what I se on a DTAG VDSL2 link:
That by itself got me IPv4 connectivity. Please note that I use a vdsl2-router in bridge-mode to get from the eth1 wan interface onto the true VDSL2/PTM link.
Any hick-up in the connectivity will result in PADO timeouts...
Besides, I wanted to capture the connection attempt with tcpdump for comparision with a stock firmware. But I did not find the tcpdump ipk in the repository. Don't know how to get it.
Regarding tcpdump, I found that base packages are in a different repository.
Now I have network dumps of AVM firmware and OpenWrt. I will explain what I observed:
In the traffic flow, AVM has a little bit DHCP mixed in, while OpenWrt likes to speak ICMPv6 early. I hope that's irrelevant, so let's focus on PPPoED.
OpenWrt sends 3 identical PADI requests, whereas AVM also sends 3 identical PADI requests plus one from another MAC without VLAN tagging. Since the latter is never answered, let's focus on the others.
The PADI requests from AVM and OpenWrt look similar but there is one difference: AVM sets the PPPoE Tag Host-Uniq to a 30 bytes long value, also containing the MAC address and the string "F!Box". OpenWrt does not set the Host-Uniq tag.
AVM receives an PADO answer after 8.7 seconds containing the PPPoE Tags AC-Name, Host-Uniq (replayed from PADI) and AC-Cookie. On the other hand, OpenWrt times out after 10 seconds without a reply.
May it be the case that the Host-Uniq tag is important? Or what else is going on?! I'm a bit clueless now.
Well on a VDSL50/100 Telekom VDSL2@BNG link I was facing similar issues, and I also noted the difference in the host_uniq tag, but it turned out that I could happily live with that after getting the VLAN to work properly.
Ok, I think I know why there is no PADO answer. The PADI is actually never going out! Now I need your help figuring out why.
I sniffed the traffic at three points:
tcpdump for eth1 on OpenWrt: I see the PADI packets with VLAN ID 7
tcpdump for eth1.7 on OpenWrt: I see the PADI packets but without VLAN header (guess this is expected?!)
Hardware TAP between router and modem, alternatively direct connection from router to laptop: There are no PPPoE packets on the wire! Only some IPv6 discovery.
So for some reason, it seems the PPPoE packets (maybe because they are VLAN tagged) do not leave the WAN interface, despite tcpdump shows them on the sender device.
What is going on there?! oO
Besides, I noticed the WAN interface goes regularly down and up again (after the PPPoE timeout). Is this normal? Example:
Thu Aug 16 08:18:55 2018 daemon.warn pppd[7460]: Timeout waiting for PADO packets
Thu Aug 16 08:18:55 2018 daemon.err pppd[7460]: Unable to complete PPPoE Discovery
Thu Aug 16 08:18:55 2018 daemon.info pppd[7460]: Exit.
Thu Aug 16 08:18:55 2018 daemon.notice netifd: Interface 'wan' is now down
Thu Aug 16 08:18:55 2018 kern.info kernel: [ 1671.594374] IPv6: ADDRCONF(NETDEV_UP): eth1.7: link is not ready
Thu Aug 16 08:18:55 2018 daemon.notice netifd: Interface 'wan' is disabled
Thu Aug 16 08:18:55 2018 kern.info kernel: [ 1671.677790] device eth1 left promiscuous mode
Thu Aug 16 08:18:55 2018 kern.info kernel: [ 1671.680162] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Thu Aug 16 08:18:55 2018 daemon.notice netifd: Interface 'wan' is enabled
Thu Aug 16 08:18:55 2018 daemon.notice netifd: Interface 'wan' is setting up now
Thu Aug 16 08:18:55 2018 kern.info kernel: [ 1671.682434] ess_edma c080000.edma: eth1: GMAC Link is up with phy_speed=1000
Thu Aug 16 08:18:55 2018 kern.info kernel: [ 1671.687678] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
Yes. I also was in doubt but I tried with AVM firmware and OpenWrt and my laptop with Wireshark received VLAN tagged PPPoE packets from AVM but not from OpenWrt. The latter emitted just some IPv6 discovery stuff.
So I guess either there is still something wrong with my VLAN setup (maybe because it does not appear in the switch config?!) or there is a bug somewhere.
Good idea. I already thought about how I could do this at best. Any ideas? The thing is, I guess when I send something with a packet crafting tool, it will probably be injected that low in the networking stack that it will be sent. Probably I need an application similar to pppd that I can tell to send something via eth1.7. Do you have a suitable application in mind? Otherwise I need to play around a bit..
could you further confirm that this is not due to firewall rules? (accept on default and/or wan output)
confirm this behaviour with the most default config on latest 18.06 as well as with the lede-17 branch.
then probably make bugreport along the lines vlan not working ...
I already tried latest snapshot for the previous test run. I did not test lede-17 because my device is only supported since 18.06.
I checked the firewall settings in LUCI, changed everything to accept and in the end I even flushed iptables completely. No packets go through eth1.7...
For reference here the default iptables output before I changed anything.
Same problem as before.