cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1,755 Views
Message 11 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

Sorry, the link seemed to have a comma at the end, try this:

https://www.draytek.co.uk/support/guides/kb-btfttc-openreachmodem

Proprietary VoIP that can't be routed over a standard network router?  Why would anybody do that?

0 Ratings
Reply
1,750 Views
Message 12 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

SIP can be easily spoofed, DV is secure as the source is authenticated by the SH2.

The article isn't relevant as it is about configuring a router rather than modem.

1,738 Views
Message 13 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

In fact its more secure than the analogue PSTN network, as nobody can intercept your line by plugging a phone across your line.

0 Ratings
Reply
1,717 Views
Message 14 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

So it sounds like there is simply no way to have use a firewall router at home if I'm using BT Digital Voice?

0 Ratings
Reply
1,714 Views
Message 15 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

There is already an effective firewall in the SH2,  look at the firewall logs.

What exactly do you hope to block, as incoming traffic to your LAN is blocked, unless you have opened up ports?

0 Ratings
Reply
1,698 Views
Message 16 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

You should still be able to use the firewall as long as it is transparent to DV. It is the PPPoE device that needs to be first in line.

As said previously, not sure why you need to spend a lot of money on a firewall, but it's your money to throw away.

0 Ratings
Reply
1,691 Views
Message 17 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

The Firewalla https://firewalla.com/products/firewalla-purple-se can run in bridging mode.

So do you think of I can get the Draytek to work as a modem in bridging mode, I could connect that to the Firewalla in bridging mode and then connect that to the SH2 WAN port with FTTP enabled?

But then I'm back to where I started this thread from, because I have tried connecting the RJ11 to the Draytek, configure in bridging mode and connected it to the SH2 WAN port and I get no Internet.

I guess next test is to connect my Windows PC to the Draytek and configure PPPoE in Windows to see if I get Internet access that way.  Then at least I can prove it is an SH2 problem?

0 Ratings
Reply
1,683 Views
Message 18 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

I am sure that authentication is more complex that that, otherwise someone would have already cracked it. 

I would expect the BT network only authenticates against the SH2 if it sees a direct path (possibly a specific VLAN) back to the server. Similar to the way the public BT Wifi is established.

Anything in between, is going to break both of these.

0 Ratings
Reply
1,682 Views
Message 19 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

@bbc_owl Exactly, one step at a time

0 Ratings
Reply
1,664 Views
Message 20 of 28

Re: How to get SH2 working with Firewalla Purple SE and Draytek Vigor 160

@Keith_Beddoe this post on Kitz explains.

I've had a lot of spare time to continue this, and I have eventually made it work. My Asus router is now connected to the ONT and is acting as the router and the SH2 is connected to one of the LAN ports on the Asus router and is only used for Digital Voice phone and I am able to make phone calls.      I worked out that the SH2 makes a call to https://linediscovery.hub.bt.com/ and passes the PPPoE Host-Uniq tag value and the PPPoE Session ID and it is returned the SIP details which it then uses to initiate the SIP connection for phone calls. The local and remote IP addresses and MAC addresses, and the AC Name are not important. The SH2 changes the Host-Uniq value every time it makes a new connection which makes it more difficult to get this to work.      The Asus router is running a version of linux, the source code is freely available on the Asus web site, and it is possible to configure SSH access in order to run commands on the Asus router in order to reconfigure things.      I downloaded a copy of the open source PPPoE server https://dianne.skoll.ca/projects/rp-pppoe/ I changed it so that on receipt of the PADI message, it extracts the Host-Uniq tag, and reconfigures the Asus router to use this value on it's external PPPoE connection, and then makes the Asus router re-establish the PPPoE session. Once it is re-established, it gets the PPPoE Session ID and uses that later in the PADS message sent back to the SH2 so that the SH2 will use that, along with the host-Uniq value, when making a call to https://linediscovery.hub.bt.com/      In order to change the Host-Uniq tag on the Asus router and cause it to reconnect the following commands can be run on the Asus router:     nvram set wan0_pppoe_hostuniq=20EF000     nvram set rc_service="restart_wan_if 0"     kill -SIGUSR1 1      In order to get the PPPoE session ID on the Asus router, the following command can be run:     cat /proc/net/pppoe|cut -d" " -f1      A linux server (Raspberry Pi or other), needs to be running on the same LAN as the SH2. On this server, the changed RP-PPPOE needs to be installed and the file /etc/ppp/pppoe-server-options needs to contain the following (192.168.0.1 is the Asus LAN IP Address):     noauth     noproxyarp     ms-dns 192.168.0.1     lcp-echo-interval 10     lcp-echo-failure 2      IP forwarding needs to be enabled on the linux server :     echo 1 > /proc/sys/net/ipv4/ip_forward      A NAT rule needs to be added on the linux server to NAT the data coming from the SH2 to the internet. I use a bridge interface br0, but for most servers it will be eth0 or similar:     iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o br0 -j MASQUERADE      The Asus router needs to be configured to forward UDP traffic on port 5050 to an additional IP address which will be assigned to the linux server. The linux server will have 2 IP addresses - it's main one and the one used for PPP. I assigned 192.168.0.11 for this purpose.     A NAT rule needs to be added to the linux server to forward the voice data from the internet through the PPP connection to the SH2:     iptables -t nat -A PREROUTING -d 192.168.0.11 -p udp --dport 5050 -j DNAT --to-destination 192.168.1.1:5050      The hacked PPPoE server needs to be run (the -o 1 is ignored in my hacked server and be replaced with the Session ID):     pppoe-server -C acc-aln2.l-zzz -I br0 -L 192.168.0.11 -R 192.168.1.1 -o 1 -N 1 -k      The SH2 will then think it's connected to the ONT and connect the Digital Voice even though it's running on the LAN.  Report to moderator   Logged j0hn      Kitizen     ****     Posts: 4056         View Profile Personal Message (Offline)   Re: A possible solution to BT Digital Voice « Reply #1 on: November 09, 2022, 02:41:23 PM »      ReplyQuote  That was posted about a year ago on Thinkbroadband  You can do the same with Sky's digital voice. Unfortunately that also requires the Sky Hub just as the solution above requires the Smart Hub to still be connected. « Last Edit: November 09, 2022, 02:45:27 PM by j0hn » Report to moderator   Logged Alex Atkin UK      Addicted Kitizen     *****     Posts: 5151         View Profile Thinkbroadband Quality Monitors Personal Message (Offline)   Re: A possible solution to BT Digital Voice « Reply #2 on: November 10, 2022, 12:50:45 AM »      ReplyQuote  What a huge PITA. Report to moderator   Logged tubaman      Senior Kitizen     ******     Posts: 12059         View Profile Personal Message (Offline)   Re: A possible solution to BT Digital Voice « Reply #3 on: November 10, 2022, 07:43:04 AM »      ReplyQuote  I understand why BT want to have a simple plug and play solution for Digital Voice but why on earth have they done it in such a way that you can't use your own equipment if you so wish? I'd be happy to accept them asking me to plug in the Smart Hub if I wanted support in the same way I do with their Broadband service (admittedly somewhat grudgingly ::)).  Edited to add - a quick Google found this - https://community.bt.com/t5/Home-phone-including-Digital/Digital-Voice-with-different-Router/td-p/20... - where this setup is given:  "Smart Hub 2 > Netduma R1 > Asus AC68u as AP  On the Smart hub disable, DHCP, Firewall, UPNP,  Wifi and smart setup (everything disabled) - only connect the digital voice phone first.  Connect the Netduma to the Ethernet Port1 of the Smart Hub, then to the  WAN of the Netduma. Create a static IP on the WAN setup in the Netduma, i.e 192.168.1.1, Gateway 192.168.1.254 and both DNS as 192.168.1.254 and then add that static IP to the Smart Hub 2 (192.168.1.1)  place this in DMZ and also add a port fowarding Rule 1:65535 (BOTH) TCP and UDP to the static IP of the Netduma (192.168.1.1).  My Netduma then manages DHCP under 192.168.88.1  Save  Turn everything off  Turn on the Smart Hub 2 let it connect, check the phone is connected, the boot up the Netduma, this should then connect and allow internet access, you can then add a AP direct to the Netduma.  Any 3rd Party router should work so long as you can create a static WAN ip on that router, and then add this to the smart hub 2.  My setup has been like this for months and is working faultlessly."  Without fully understanding what has been done here I'm not in a position to know whether it gets around the double NAT issue or not - perhaps more network savvy members could comment.

@

0 Ratings
Reply