[SOLVED] Can't connect to ISP via VDSL2 SFP module

I have received my VDSL2SFP Module and configured TO2 as described here.
Unfortunately, I can’t connect to my ISP NetCologne (Germany). When I called their support, they told me they couldn’t see any device trying to log on.
Here’s a screenshot from LuCI:


Does anyone have any advice?

Please post the output of running logread | grep ppp on the console, make sure to redact any password/username that might be contained in that output.

Thank you for replying.
Output of logread | grep ppp:

Sep 15 20:37:26 turris insmod: module is already loaded - ppp_generic
Sep 15 20:37:26 turris insmod: module is already loaded - pppox
Sep 15 20:37:26 turris insmod: module is already loaded - pppoe
Sep 15 20:37:26 turris netifd: wan (8867): ppp: warning: Sleeping for ‘10’ seconds
Sep 15 20:37:36 turris pppd[9199]: Plugin rp-pppoe.so loaded.
Sep 15 20:37:36 turris pppd[9199]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
Sep 15 20:37:37 turris pppd[9199]: pppd 2.4.7 started by root, uid 0
Sep 15 20:37:52 turris pppd[9199]: Timeout waiting for PADO packets
Sep 15 20:37:52 turris pppd[9199]: Unable to complete PPPoE Discovery
Sep 15 20:37:52 turris pppd[9199]: Exit.

What strikes me as odd is the time. Last line was actually at 22:37:52. In Foris timezone is set as Europe/Berlin. As far as I know, non-matching time data is never a good thing.
Here’s the output of cat /etc/config/network:

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fd35:5642:7aa0::/48’

config interface ‘lan’
option type ‘bridge’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option bridge_empty ‘1’
option ipaddr ‘192.168.2.1’
list ifname ‘lan0’
list ifname ‘lan1’
list ifname ‘lan2’
list ifname ‘lan3’
list ifname ‘lan4’

config interface ‘wan’
option ifname ‘eth1.7’
option proto ‘pppoe’
option password ‘XXX’
option ipv6 ‘auto’
option username ‘YYY’

config interface ‘guest_turris’
option enabled ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘10.111.222.1’
option netmask ‘255.255.255.0’
option bridge_empty ‘1’

config route6
option target ‘2001:4dd0:af0e:230d:ca0e:14ff:fe07:b312’
option interface ‘wan’
option gateway '2001:4dd0:230d::/48`

And these are my ISPs requirement:

Data VLAN 10 with IP-Distribution via PPPoE (PAP)
Voice VLAN 20 with IP-Distribution via DHCP
VDSL2 ITU-T G.993.2, Annex-B/-J
Vectoring ITU-T G.993.5 (> 50 Mbit/s)
VDSL-Profile 17A
VDSL-Profile 30A (> 50 Mbit/s)
Dual-Stack Lite nach RFC-6333
DHCPv6 Option for Dual-Stack Lite nach RFC-6334

Unfortunately, I cannot ssh to my TO. Process /usr/sbin/sshd -D is running and my PC is all set - I can ssh to my laptop and back. Yet ssh root@192.168.1.1 returns

kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.1 port 22

Silly question, if your ISP requires VLAN 10, why are you using VLAN 7?

I’m new to networking and simply took over omni’s settings which were for Telekom. I’m learning as I’m going and your not-so-silly question led me to find out what my mistake was. Nevertheless logread | grep ppp returns no visible change:

Sep 18 15:24:03 turris pppd[24698]: Plugin rp-pppoe.so loaded.
Sep 18 15:24:03 turris pppd[24698]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
Sep 18 15:24:03 turris pppd[24698]: pppd 2.4.7 started by root, uid 0
Sep 18 15:24:18 turris pppd[24698]: Timeout waiting for PADO packets
Sep 18 15:24:18 turris pppd[24698]: Unable to complete PPPoE Discovery
Sep 18 15:24:18 turris pppd[24698]: Exit.
Sep 18 15:24:18 turris insmod: module is already loaded - ppp_generic
Sep 18 15:24:18 turris insmod: module is already loaded - pppox
Sep 18 15:24:18 turris insmod: module is already loaded - pppoe
Sep 18 15:24:18 turris netifd: wan (24764): ppp: warning: Sleeping for ‘10’ seconds
Time is still 2hrs off.

My /etc/config/network:

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fd35:5642:7aa0::/48’

config interface ‘lan’
option type ‘bridge’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option bridge_empty ‘1’
option ipaddr ‘192.168.2.1’
list ifname ‘lan0’
list ifname ‘lan1’
list ifname ‘lan2’
list ifname ‘lan3’
list ifname ‘lan4’

config interface ‘wan’
option proto ‘pppoe’
option password ‘XXX’
option ipv6 ‘auto’
option username ‘YYY’
option ifname ‘eth1.10’

config interface ‘guest_turris’
option enabled ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘10.111.222.1’
option netmask ‘255.255.255.0’
option bridge_empty ‘1’

config route6
option target ‘2001:4dd0:af0e:230d:ca0e:14ff:fe07:b312’
option interface ‘wan’
option gateway ‘2001:4dd0:230d::/48’

… and I am still unable to ssh …
What else am I doing wrong?

I wonder whether eth1 is the correct interface to use, with my omina, running TOS5.1 the ethernet wan interface is eth2. Also did you do the magic required to get the FP module recognized? I believe that this requires some active steps to switch the wan port from the ethernet socket to the SFP cage.

(I use a dedicated VDSL2 modem, connected via ethernet so have no first hand experience in how to use the SFP cage instead)

1 Like

It worked!

You were wondering correctly. WAN is now set on interface eth2.10.

After a little search I found these magic words:
/etc/init.d/sfpswitch enable; /etc/init.d/sfpswitch restart && /etc/init.d/network reload && echo 'Success' || echo 'Failed'
So my TO is connected. Thank you, moeller0, for pointing me in the right direction.
I still have two questions though:

  1. What needs to be done to establish a SSH connection?

~ >>> ssh root@192.168.1.1
ssh: connect to host 192.168.1.1 port 22: Connection timed out

  1. How would I connect a VoIP-Phone with
1 Like

Mmmh, typically nothing special, just connect a computer via one on the LAN ports and you should be fine (I am not sure whether it is possible to do the first login vie WiFI, at least OpenWrt stock defaults to no password, but disables the WiFi until after the first login via a LAN cable the user was forced/asked to create a password and to activate the WiFi, not sure about turris OS, as I installed that years ago and it seems to simply carry my configuration along flawlessly (good job, team turris, thanks!)).

I am not 100% sure, but what I would try to do is:

  1. log into the “LuCI OpenWrt advance web configuration”
  2. navigate to Network -> Interfaces
  3. click the “Add new interface…” button
  4. Give it a name, e.g. VoIP-WAN
  5. under Protocol select “DHCP Client”
  6. under Interface, add eth2.20 on the last line saying “custom”
  7. click “Create interface”

Now that should allow your router to get access to the VoIP VLAN of your ISP, but you still need to make this accessible on your internal network.
I believe the easiest solution would be to bridge VoIP-WAN with one of the LAN ports of the switch and use that as dedicated VoIP network port on which to access your VoIP base station. But I have never done this with the omnia’s DSA architecture so have no first hand experience and will refrain from proposing exact methods (without having tested them they will almost be guaranteed to be wrong).
Alternatively would be to try to distribute VLAN 20 over all ports, but then each device intended for VoIP needs to be configured to use VLAN 20, and I am not sure whether the omnia’s switch will allow untagged and tagged packets on all ports.

Alternatively, contact your ISP and ask why they can’t simply follow the incumbent’s model and allow access to their SIP servers over the PPPoE negotiated link…

1 Like

Again, you set me on the right path. Thank you for that!
Using trial-and-error, I deviated from your ideas like this:

Using my ISP’s SIP login data, I can now use my phone. So I can now disconnect my FritzBox. SSH’ing still doesn’t work but that is not a pressing matter nor the primary question of this thread. Thanks again for your help, moeller0!

1 Like

Excellent work! Glad you got it working. Did you need to configure anything in the phone?

Nothing specific, if you refer to the different VLAN tags. I just had to connect to wifi, enter SIP server address and login data (username, password). After rebooting the phone, it was ready to use.

BTW, the SSH-related problem

is also solved. After spending hours of reading guides and postings, and trying with no success, it occurred to me to use

~ >>> ssh root@turris.local

and was finally prompted for my password. It turns out my TO’s reached via 192.168.2.1. Might the interface eth2.xx be the cause for this? Anyway, I thought I’d share this. May help prevent someone else having to spend hours of troubleshooting.

1 Like