· sysadmin hacking openbsd cisco pppoe dsl

OpenBSD with PlusNet VDSL

For a long time we’ve had a Cisco 887VA acting as our VDSL modem and gateway. We got this for the old flat when we moved in there in 2016 and took it with us to where we live now. It’s been quite reliable but the Ethernet interfaces are only 10/100Mbps and there are some limitations to the software where either features are hidden behind additional licenses or they are missing altogether. The software was last updated in 2016 and there’s no easy way to get hold of later firmware.

The replacement for this box is a PC Engines apu3c4. This board has an AMD Embedded G series CPU, 4GB RAM and 3 Gigabit Ethernet interfaces. For storage I have fitted a 16GB mSATA SSD and I’m planning to also fit a 4G modem to allow failover in the event of a broadband outage (as happened once before). This box is running OpenBSD 6.4 which was incredibly easy to install via the serial console, booted from a USB stick.

When the prompt appears after booting from the USB stick:

boot> stty com0 115200
boot> set tty com0
boot> boot

But wait, something is missing here. The Cisco box has a VDSL modem but the APU board does not. The original plan here was to use a Huawei HG612 as the modem and then bridge the connection to the APU board. Unfortunately, I had installed the one I had got for this purpose in the hackerspace, as they now have their sponsored VDSL line installed from Converged. Another hackerspace member had said they would provide me with a replacement, but when I went to install it, it was in fact an ECI Telecom B-FOCus V-2FUb/r Rev.B and not an HG612. These two devices look almost identical if you’re not paying attention. So the temporary solution is to use the Cisco box as a bridge.

The relevant configuration:

no ip routing
interface Ethernet0
 no ip address
interface Ethernet0.101
 encapsulation dot1Q 101
 bridge-group 1
interface Vlan200
 no ip address
 bridge-group 1
interface FastEthernet3
 switchport access vlan 200
 no ip address
bridge 1 protocol ieee

Essentially what this is doing is bridging the Ethernet interface that used to be used by the Cisco box for the PPPoE tunnel to FastEthernet3 instead. By connecting a cable between FastEthernet3 and em0 on the APU board (first Gigabit Ethernet port) it is then possible to terminate the PPPoE tunnel on the APU board instead.

In /etc/hostname.em0:


In /etc/hostname.pppoe0:

inet NONE \
        mtu 1492 \
        pppoedev em0 \
        authproto chap \
        authname 'username@plus.net' \
        authkey 'password' \
        peerproto chap \
        peerflag callin \
!/sbin/route add default -ifp pppoe0

The man pages for hostname.if(5), em(4) and pppoe(4) can give you more details on what is going on here. If you’re not doing this on an APU board you might find that your Ethernet interface is named differently in OpenBSD. Interface names are based on the driver they are using.

It took me a while to debug this because the PPPoE driver was attempting to authenticate the access concentrator. Adding peerflag callin fixed this:

The `callin’ flag will require the remote peer to authenticate only when he’s calling in, but not when the peer is called by the local client.

Annoyingly this is only described in ifconfig(8) and so I didn’t see it the first time reading through the documentation. Some combination of DuckDuckGo and the online man page browser did get me there in the end.

So now I have an OpenBSD box as my home network’s gateway. I’ve configured dhcpd(8), ntpd(8) (using an nmea(4) GPS device as a time source) and a bunch of other things that may or may not become other blog posts. I’m expecting the replacement HG612 modem will arrive soon and then the Cisco box will probably find its way to eBay.

If you would like to contact me with comments, please send me an email.
If you would like to support my free software work, you can donate via PayPal.

This post was syndicated on: