This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
uverse_hacking [2020/08/24 00:01] pengc99 |
uverse_hacking [2021/10/02 06:46] (current) pengc99 [Generate / Uplink wpa_supplicant Files] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | == Hardware Needed == | + | ====== Background ====== |
+ | AT&T Uverse service is a triple-play service (internet, phone, and TV) provided by AT&T - depending on what service is available in your area you may be getting FTTH (Fiber to the Home), FTTN (Fiber to the Node), or VDSL (either bonded or unbonded). | ||
+ | |||
+ | FTTN and VDSL both use VDSL2 connectivity from your house to the network. The advantage with FTTN over FTTH is reduced deployment costs for MDUs (Multiple Dwelling Units, such as duplexes or apartment complexes) - AT&T only has to run fiber to a local node that then serves VDSL2 to the customers. | ||
+ | |||
+ | The problem isn't the service, the problem is with the Residential Gateway that AT&T provides. It's a decently powerful unit that allows for triple play services. However, there are a lot of limitations in the RG, namely the limitation of ~8000 NAT sessions, a poor interface with very limited options, and no true passthrough. | ||
+ | |||
+ | But wait! IP Passthrough? | ||
+ | |||
+ | I've also had some instances where the RG will spontaneously reboot or crash and hang when under heavy usage. I needed to explore options on how to bypass the RG and use my own (hopefully more sane) DSL modem that doesn' | ||
+ | |||
+ | Doing some research, my particular VDSL service is unbonded so it only uses one pair of copper lines. This is important because the only DSL modem that is supported by OpenWRT is the Netgear DM200, which only supports unbonded VDSL. | ||
+ | |||
+ | **If you have bonded VDSL service, this will probably not work for you.** | ||
+ | |||
+ | Why do we have to use OpenWRT, and not just use the DM200 in bridge mode with the stock firmware? The reason is because AT&T uses EAPOL authentication instead of every other sane DSL provider that uses PPPoE. There are a few benefits to this, namely authentication is provided by certificates and not usernames and passwords, and also there is no need for MTU shifting. | ||
+ | |||
+ | The downside is that in my testing, the DM200 in bridge mode does not forward EAPOL / 802.1x packets to the DSL link. This is by design in bridged interfaces, but there is a workaround for it. However, testing the workaround did not solve the problem. | ||
+ | |||
+ | The solution was to run wpa_supplicant on the DM200 itself so the DM200 can authenticate using EAPOL, then bridge the DSL line to the Ethernet line so raw layer 2 traffic is sent to my router. | ||
+ | |||
+ | In this configuration, | ||
+ | |||
+ | ====== Hardware Needed | ||
*Netgear DM200 VDSL modem | *Netgear DM200 VDSL modem | ||
*AT&T Uverse Router / Gateway BGW210-700 | *AT&T Uverse Router / Gateway BGW210-700 | ||
*A router that is capable of setting VLANs on the WAN / Ethernet interface | *A router that is capable of setting VLANs on the WAN / Ethernet interface | ||
*I'm using a Ubiquiti Unifi Security Gateway Pro 4 port. Any prosumer or professional router should allow you to set the vlan on the WAN interface, but I haven' | *I'm using a Ubiquiti Unifi Security Gateway Pro 4 port. Any prosumer or professional router should allow you to set the vlan on the WAN interface, but I haven' | ||
- | == Software Needed == | + | ====== Software Needed |
*curl (already installed on recent Windows 10 builds) | *curl (already installed on recent Windows 10 builds) | ||
*7zip - https:// | *7zip - https:// | ||
Line 28: | Line 51: | ||
-'' | -'' | ||
- | == Extract Certificates From AT&T UVerse RG == | + | ====== Extract Certificates From AT&T UVerse RG ====== |
-Unzip AT&T RG Uverse firmware package - we're looking for '' | -Unzip AT&T RG Uverse firmware package - we're looking for '' | ||
-Disconnect the DSL cable from the UVerse RG. | -Disconnect the DSL cable from the UVerse RG. | ||
Line 62: | Line 85: | ||
-Extract the tar.gz file - you'll end up with a directory that contains three '' | -Extract the tar.gz file - you'll end up with a directory that contains three '' | ||
- | == Generate / Uplink wpa_supplicant Files == | + | ====== Generate / Uplink wpa_supplicant Files ====== |
-Create a new text file, and paste the following into it and save it as '' | -Create a new text file, and paste the following into it and save it as '' | ||
Line 90: | Line 113: | ||
identity=" | identity=" | ||
key_mgmt=IEEE8021X | key_mgmt=IEEE8021X | ||
- | phase1=" | + | phase1=" |
private_key="/ | private_key="/ | ||
-Open FileZilla and connect to the DM200 modem using the sftp protocol as the '' | -Open FileZilla and connect to the DM200 modem using the sftp protocol as the '' | ||
Line 97: | Line 120: | ||
-Upload the '' | -Upload the '' | ||
-**Do not reboot the DM200 from now on, otherwise you will need to factory reset the DM200 and start over** | -**Do not reboot the DM200 from now on, otherwise you will need to factory reset the DM200 and start over** | ||
- | == Configure the DM200 == | + | == Configure the DM200 And Go Online! |
-Log into the web interface for the DM200, and delete all of the interfaces. On my default configuration, | -Log into the web interface for the DM200, and delete all of the interfaces. On my default configuration, | ||
- | -Create a new eth0 interface and set it to unmanaged | + | -Create a new '' |
- | -Create a new dsl0 interface and set it to unmanaged | + | -Create a new '' |
- | -Create a new br0 bridge interface with eth0 and dsl0 as slave interfaces, and set it to unmanaged | + | -Create a new '' |
-Apply changes **without verification** - at this point the modem will disappear from the network. Wait a few minutes, and then turn it off. | -Apply changes **without verification** - at this point the modem will disappear from the network. Wait a few minutes, and then turn it off. | ||
-Connect the Ethernet cable to your router and the DSL cable to the phone line. | -Connect the Ethernet cable to your router and the DSL cable to the phone line. | ||
- | -Set the WAN interface on your router to use vlan 0 | + | -Set the WAN interface on your router to use '' |
-Turn on the DM200. After a few minutes it should synchronize and train the DSL line. When training is complete, the DSL light will stop blinking and turn solid green. | -Turn on the DM200. After a few minutes it should synchronize and train the DSL line. When training is complete, the DSL light will stop blinking and turn solid green. | ||
-A few seconds after the DSL light turns solid green, the Ethernet light should turn off and then back on after 5 seconds. | -A few seconds after the DSL light turns solid green, the Ethernet light should turn off and then back on after 5 seconds. | ||
- | -At this point the DSL modem should have authenticated using EAPOL using wpa_supplicant, | + | -At this point the DSL modem should have authenticated using EAPOL using '' |
+ | |||
+ | ====== Known Problems ====== | ||
+ | *DSL training sometimes gets hung up on the DM200. This only happens with the OpenWRT firmware and I haven' | ||
+ | *Currently there is no way to access the DM200 to configure or view settings. On most DSL / cable modems, it is accessible on a static IP address such as '' | ||
+ | *The only way to get into the modem now is through the UART, which is documented [[https:// | ||
+ | *The DM200 gets HOT in usage. Probably worth investigating how to cool it better, some scattered reports that the DM200 might not be the most reliable DSL modem because of the heat it generates. | ||
== Sources and References == | == Sources and References == | ||
* https:// | * https:// |