This is an old revision of the document!
The Netgear DM200 VDSL modem needs to be flashed to use OpenWRT, and some prep work needs to be started before we can take down the AT&T UVerse modem. The reason why we have to use OpenWRT for the DM200 modem is because AT&T uses EAPOL for authentication vs every other DSL provider that uses PPPoE. The stock firmware on the Netgear DM200 does have PPPoE support, but no EAPOL. Additionally, I have tried putting the modem into bridge mode and running wpa_supplicant
on my router, but no EAP packets are forwarded to AT&T's authenticator through the Netgear DM200 modem's bridge. From my tinkering, the Netgear DM200 uses a standard brctl Linux bridge. However, the standard brctl Linux bridge does not forward EAPOL packets due to it's design. It's possible to force the bridge to forward EAPOL packets but in testing this did not work, either with the stock DM200 firmware or OpenWRT firmware.
In this configuration, we are going to be running wpa_supplicant
on the DM200 itself, and bridge the DSL connection to the Ethernet connection. This allows a pure layer 2 bridge between the AT&T DSL network, no MTU shifting, and the DM200 does not use any resources managing or tracking connections besides the layer 2 bridge and running wpa_supplicant
.
eth0
interface to be a DHCP client. wpa-supplicant
ca-certificates
openssh-sftp-server
spTurquoise210-700_1.0.29.bin
tech
, just hit ENTER
. After the last command is executed, the UVerse RG will reboot. curl -k -u tech -H "User-Agent: blah" -H "Connection:Keep-Alive" -d "appid=001&set_data=| echo 28telnet stream tcp nowait root /usr/sbin/telnetd -i -l /bin/nsh > /var/etc/inetd.d/telnet28|" -v --http1.1 https://192.168.1.254:49955/caserver
curl -k -u tech -H "User-Agent: blah" -H "Connection:Keep-Alive" -d "appid=001&set_data=| pfs -a /var/etc/inetd.d/telnet28|" -v --http1.1 https://192.168.1.254:49955/caserver
curl -k -u tech -H "User-Agent: blah" -H "Connection:Keep-Alive" -d "appid=001&set_data=| pfs -s|" -v --http1.1 https://192.168.1.254:49955/caserver
curl -k -u tech -H "User-Agent: blah" -H "Connection:Keep-Alive" -d "appid=001&set_data=| reboot|" -v --http1.1 https://192.168.1.254:49955/caserver
root
file system as writeablemount -o remount,rw /dev/ubi0 /
mfg
partition which contains the certificatesmount mtd:mfg -t jffs2 /mfg
cp /mfg/mfg.dat /www/att/mfg.dat
tar -zcvf /www/att/certs.tar.gz /etc/rootcert/
mfg_dat_decode
utility that was downloaded earliercerts.tar.gz
archive that was downloaded earliermfg.dat
file into the folder with the mfg_dat_decode binary
certs.tar.gz
into the folder with the mfg_dat_decode
binarymfg_dat_decode
binary, which will extract and create a tar.gz containing certificates and a wpa_supplicant.conf
configuration file.pem
formatted certificates, a sample wpa_supplicant.conf
file, and a readme.txt
file. 99_dsl_eap.sh
#!/bin/sh logger -t DSL "$DSL_NOTIFICATION_TYPE $DSL_INTERFACE_STATUS" if [ "$DSL_NOTIFICATION_TYPE" = "DSL_INTERFACE_STATUS" ] && [ "$DSL_INTERFACE_STATUS" = "UP" ]; then logger -t DSL "DSL interface UP, starting wpa_supplicant..." /usr/sbin/wpa_supplicant -s -B -P /var/run/wpa_supplicant.pid -D wired -i dsl0 -b br-br0 -c /etc/wpa_supplicant/wpa_supplicant.conf ip link set eth0 down sleep 5 ip link set eth0 up fi if [ "$DSL_NOTIFICATION_TYPE" = "DSL_INTERFACE_STATUS" ] && [ "$DSL_INTERFACE_STATUS" = "DOWN" ]; then logger -t DSL "DSL interface DOWN, killing wpa_supplicant..." if [ -e /var/run/wpa_supplicant.pid ]; then kill $(cat /tmp/run/wpa_supplicant.pid) fi ip link set eth0 down fi
root
username and password/etc/wpa_supplicant
pem
formatted certificates and the wpa_supplicant.conf
file into the /etc/wpa_supplicant
directory