0

Discussion topic: Open Reach Modem, Netgear D7000, PfSense setup

Reply
Avatar for deprice
Level 1 icon
What's this?
This message was authored by: deprice

Message posted on ‎10 May 2024 09:15 PM

Open Reach Modem, Netgear D7000, PfSense setup

Good evening everyone, Here is my situation.

I have 3 boxes

BT Openreach ECI Fibre Modem
Netgear D7000 modem/router
Cisco ASA 5525 (flashed with PF sense) firewall

I was using the D7000 primarily as my internet source (got it all configured to get net from the DSL line) and came across Pfsense, have been playing around with it on the Cisco firewall and so far really loving it and eventually want it to replace the D7000 as my main firewall so i can use lots of features the Netgear just lacks. I picked up a BT openreach modem with the goal of connecting the modem to the PfSense and doing pppoe over ethernet and using the D7000 as an access point (eventually replacing the D7000 with a much better accesspoint with a stronger wifi signal).

Here is my issue, at the moment i'm not ready to use the PfSense as my main firewall (still learning) but i want to connect the BT openroach to the Netgear and then use the Netgear to sign into ppoe over ethernet. I have the BT open reach power light on and also DSL light on, i have connected an ethernet cable from the open reach to the red internet ethernet port on the Netgear but the internet light on the netgear is orange and not yellow. 

I have ran through the internet set up wizard on the Netgear and this is where it fails, it gets to the point it ask for as followed. 

ISP Username - Extracted from old Sky modem/router
Password - Extracted from old Sky modem/router
Use VLANID - 101

When i enter the user and password i extracted many years ago from my old Sky router it just says Incorrect ISP User name or Password. If i try again it just does the same. I initially thought is the Openreach router faulty or not getting the internet because the details work fine if i connect the net straight to the Netgear through the dsl line but the DSL light shows up on the openreach fine, i grabbed my old Sky router and connected it to the Openreach modem via Ethernet and within a minute or two of it booting the net just works and i can see Facebook so the modem works fine.

Am i doing something wrong when entering the details, is there a much more involved way of getting the Netgear to use pppoe other ethernet?

BTW i am using Sky superfast broadband

Thanks

 

Report post
Post 1 of 4
975 Views
0 Likes
Reply
Reply

All Replies

Avatar for Chrisee
Level 16 icon
What's this?
Superuser
This message was authored by: Chrisee

Message posted on ‎11 May 2024 08:37 AM

Re: Open Reach Modem, Netgear D7000, PfSense setup

Posted by a Superuser, not a Sky employee. Find out more

@deprice first point the Openreach modem has not been updated for many years and therefore should not be trusted to be secure and frankly belongs in a museum.

 

You should be able to connect the Netgear modem router directly to the incoming line. Most Netgear modem routers support Sky's aiuthentication system of DHCPv4 Option 61 as they dont use PPOE unlike other ISPs. Therecis no need to extract usernames and password as Sky identify customers using the line id however you do need a standard string for Option 61 which is in the form 

              anything@skydsl|anything


I think Netgear have a preset for Sky VDSL services but if not you will have to enter the settings yourself. 

Alternatively you can configure the D7000 to operate in bridge mode so it acts as a modem leaving the Cisco unit to handle routing and authentication if you can configure that correctly - personally I spent many years avoiding Cisco gear so can't help.

 

 

=========================================================
65inch Sky Glass, 3 Sky Streaming Pucks, Sky Ultrafast + and Sky SR213(white Wifi Max hub) main Wifi from 3 TP-Link Deco M4 units in access point mode
Report post
Post 2 of 4
941 Views
0 Likes
Reply
Avatar for mae-3
Level 14 icon
What's this?
This message was authored by: mae-3

Message posted on ‎11 May 2024 09:08 AM - last edited: ‎11 May 2024 09:11 AM

Re: Open Reach Modem, Netgear D7000, PfSense setup

@deprice 

 

The BT modem has the VLAN ID 101 hard-coded into its modem and only 1 device needs to VLAN ID 101 on the WAN port in the bridge to the Openreach network. Currently, you are VLAN IDing it twice, eg: once on the BT modem and the Netgear D7000 modem/router.

 

The BT modem should be connected to the Openreach broadband network and then the Netgear should be set up as a router with the VLAN ID unset, eg: usually set to zero (0) because it is already set in the BT modem.

 

Then this can be connected to the PfSense firewall or Netgear D7000 router by ethernet, and then the DHCPv4 Option 61 parameter can be set to anything@skydsl|anything to authenticate with Sky. 

-------

Zen internet on FTTP (900Mbps down, 100Mbps up). SAT> IP (Apple 4K 2nd gen TV to LG C1 OLED UHD TV/Dolby Atmos Denon AVR, DacMagic Plus for Hi-Res audio), hosting own blog/forum (cluster), OPNsense & Zenarmor L4/L7 NGFW & DPI IDS/IPS, Asus ET12 Pro Tri-Band wifi, Linux, Gamer: Xbox Series X/i7 laptop, round-robin DNS over HTTPS, non-proprietary VoIP HD AMR-WB (G.722.2) and more... Beta tester Apple iOS/watchOS/tvOS/iPadOS/macOS.
Report post
Post 3 of 4
935 Views
0 Likes
Reply
Avatar for deprice
Level 1 icon
What's this?
Topic Author
This message was authored by: deprice

Message posted on ‎11 May 2024 10:39 AM

Re: Open Reach Modem, Netgear D7000, PfSense setup

I figured it out, going to internet set up and setting as followed.

Country - UK
Provider - Sky
Transfer mode - VDSL(PTM)
DSL mode - VDSL2
Internet - Enable interface and 101 box ticked (it doesn't work when it isn't ticked) 
does your internet require a login - NO

Vendor class identifier string (option 60) - abcdefg@skydsl|qws14vfh5fgdb+Ke
Vendor identifier string - 61

Apply, wait for the light to turn white and it was connected.

The BT openreach was found in a charity shop and after a quick google to see if it was compatible with sky it said yes but didn't know it was old and no longer updated (if you have recommendations for a modern, small modem).

The Netgear modem/router was a replacement for an old Billion bipack 8800 (i realised i still have it) which when i got it to replace the old Sky router a number of years ago i needed to extract the user/password with wireshark to get connected to the net on the Billion before i eventually upgraded to the Netgear. The Netgear has a wizard you just choose your provider, make sure you have the 61 string entered in the in the DHCP box and it connects with no problem.

I could use the Netgear as modem only but it's just too big and bulky which is why i wanted a smaller modem without the large wifi fins (i have a shelf in my 12 U server rack that the modem is going to sit on and above this the Cisco PfSense flashed firewall is mounted by ears) 

My eventual goal is Modem = PFSense = wireless access point

The PfSense will do all the routing, firewall, adblocking and any other features i add, the modem just brings the net in and the wireless accesspoint will serv eall wifi devices. 

Currently the Netgear does an ok job at wifi but it's just not strong enough to reach the bathroom which is down a few stairs (i have a weird flat layout) so it has to go through a few walls to reach the bathroom (it's in the living room above the server rack on the wall) and in the bathroom i barely get 2 bars if i am lucky on any wifi device (the billion i got 1 and the sky router i get nothing anywhere other than the living room) and struggles to keep up hence why i need a much better and stronger access point. 

Thank you for all the info you have provided 

Report post
Post 4 of 4
916 Views
Reply
Reply