Vodafone Germany DSL: Static IP via PPPoE doesnt work

Septem9er · September 5, 2023, 4:50pm

Hey,
I have problems using the Turris Omnia on my Vodafone DSL connection.

Setup:
I am using the Turris Omnia with the Draytec Vigor167 as Modem.

Problem description:
I got different credentials for a dynamic ip and for the static ip. It does work on the turris omnia with the credentials for the dynamic IP (at least for IPv4), but it doesn’t work with the credentials for the static IP.

What I tried:
I also tried it with the FritzBox Router which was provided to me by Vodafone and here the static IP does work, so the credentials seam to be all right.

I tried to use the FritzBox with the Draytec as modem, to make sure this isn’t somehow the issue, and that worked as well.

Configuring the MAC-Adress of the FritzBox at the turris omnia didn’t help either.

Log File:
Here is what I think is the relevant part of the log file. If you need anything else, please let me know.

Sep  5 16:21:55 turris netifd: Interface 'wan' has link connectivity 
Sep  5 16:22:00 turris pppd[14041]: Plugin rp-pppoe.so loaded.
Sep  5 16:22:00 turris pppd[14041]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Sep  5 16:22:00 turris pppd[14041]: pppd 2.4.8 started by root, uid 0
Sep  5 16:22:00 turris pppd[14041]: PPP session is 5901
Sep  5 16:22:00 turris pppd[14041]: Connected to 40:7c:7d:dd:b4:a8 via interface eth2.7
Sep  5 18:22:00 turris kernel: [ 1609.253795] pppoe-wan: renamed from ppp0
Sep  5 16:22:00 turris pppd[14041]: Renamed interface ppp0 to pppoe-wan
Sep  5 16:22:00 turris pppd[14041]: Using interface pppoe-wan
Sep  5 16:22:00 turris pppd[14041]: Connect: pppoe-wan <--> eth2.7
Sep  5 16:22:05 turris pppd[14041]: No response to 5 echo-requests
Sep  5 16:22:05 turris pppd[14041]: Serial link appears to be disconnected.
Sep  5 16:22:05 turris pppd[14041]: Connection terminated.
Sep  5 16:22:05 turris pppd[14041]: Sent PADT
Sep  5 16:22:05 turris pppd[14041]: Exit.
Sep  5 16:22:05 turris netifd: Interface 'wan' is now down
Sep  5 18:22:06 turris kernel: [ 1614.500514] mvneta f1034000.ethernet eth2: Link is Down
Sep  5 16:22:06 turris netifd: Interface 'wan' is disabled

Anyone an idea what the issue might be?

bamf · September 5, 2023, 6:27pm

Are you sure VLAN 7 is correct? This is usually the case with Deutsche Telekom lines or reseller contracts that use Deutsche Telekom lines. With a Vodafone connection, you may need to enter something different here.

Septem9er · September 6, 2023, 1:39am

Yes, that is definitely correct. It’s a Telekom line, VLAN Tag 7 works with the credentials for the dynamic IP, the FritzBox uses this as well, and I tried 132 (the ones for Vodafone Lines) as well and it didn’t work.

moeller0 · September 6, 2023, 6:27am

Mmmh, I remember I had to check the “force link” checkbox in the advanced options for pppoe-wan (not exactly sure where)… But the issue here is “No response to 5 echo-requests” which might mean things are not as they should and your client might not reach the pppoe server, or the server does not do keep alive heartbeat packets…

Septem9er · September 8, 2023, 11:01am

I tried it with “force link” set to true as well, but that didn’t help.

And regarding the No response to echo requests: Like I said, it does work with another router (the fritz.box), so there must be an (configuration) issue on the turris omnia side.

moeller0 · September 8, 2023, 11:18am

Well, who knows FritzOS might not set up a 5 echo-request threshold… I think under luci you can configure this, also if you have not already, edit /etc/ppp/options to enable debug output and potentially also a specific pppoe logfile, this might give you more clues…, also take a packet capture to see what packets come in from the pppoe server…

I am not doubting your report that the FB works out of the box…

Septem9er · September 8, 2023, 2:04pm

Thanks, for the hints on how to debug this, that was helpfull!

I enabled debug output, and in the log it seems that, for some reason, the CHAP authentication is not successfull. So it is not about the echo requests. However, the credentials are the same as on the fritzbox, for sure. I even tested the CHAP challenge/response with hashcat against the correct password to sure if something is wrong there, but hashcat confirms that the challenge/response is for the correct password. So I don’t know why the authentication is not successfull than… Any idea?

Part of the Log:

sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xbf257b90>]
rcvd [LCP ConfReq id=0x7a <mru 1492> <auth chap MD5> <magic 0x3e9b7e3a>]
sent [LCP ConfAck id=0x7a <mru 1492> <auth chap MD5> <magic 0x3e9b7e3a>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xbf257b90>]
sent [LCP EchoReq id=0x0 magic=0xbf257b90]
rcvd [CHAP Challenge id=0x1 <*redacted*>, name = "DARCOS00701"]
sent [CHAP Response id=0x1 <*redacted*>, name = "vodafone-vdsl.komplett/*redacted*-static"]
sent [LCP EchoReq id=0x1 magic=0xbf257b90]
sent [LCP EchoReq id=0x2 magic=0xbf257b90]
sent [LCP EchoReq id=0x3 magic=0xbf257b90]

With the credentials for the dynamic ip, I get a succuess response:

rcvd [CHAP Success id=0x1 "access accepted : vodafone-vdsl.komplett/*redacted*"]

Strangely when I try it with the fritzbox, it sometimes doesn’t work directly either. The fritzbox reports timeouts in PPPoE. But after waiting a bit, restarting, etc. it works.

moeller0 · September 8, 2023, 2:13pm

Septem9er:

sent [CHAP Response id=0x1 <*redacted*>, name = "vodafone-vdsl.komplett/*redacted*-static"]
sent [LCP EchoReq id=0x1 magic=0xbf257b90]
sent [LCP EchoReq id=0x2 magic=0xbf257b90]
sent [LCP EchoReq id=0x3 magic=0xbf257b90]

Still possible that the process simply takes longer than the 5 LCP echo request and while the PPPoE server is still meddling with your CHAP data your OpenWrt router hangs up, since it did not get anything back from the server for longer than the permitted time-out…

Really just for the fun of it try to disable the echo requests or set them for a considerably higher timeout.

Septem9er · September 8, 2023, 2:42pm

Okay, that did actually help. But, if I understand it correctly, not because the CHAP server takes that long. But because now the connection is not disconnected before it tries the CHAP authentication with a different Name. Don’t really know a lot about this, but this still doesn’t seem like it should be this way.

However, there still is an issue: The connection resets every minute. Don’t know if it does that because of the timeout in sending the IPv6 config-request… But this also means that while IPv4 is temporarily working, IPv6 isn’t.

Plugin rp-pppoe.so loaded.
RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff  src d8:58:d7:01:94:87
 [service-name] [host-uniq  4f 10 00 00]
Recv PPPOE Discovery V1T1 PADO session 0x0 length 47
 dst d8:58:d7:01:94:87  src 40:7c:7d:dd:b4:a8
 [service-name] [AC-name DARCOS00701] [host-uniq  4f 10 00 00] [AC-cookie  40 0c fa 94 76 58 a7 bb 27 2f 21 16 17 86 3f 0a]
Send PPPOE Discovery V1T1 PADR session 0x0 length 32
 dst 40:7c:7d:dd:b4:a8  src d8:58:d7:01:94:87
 [service-name] [host-uniq  4f 10 00 00] [AC-cookie  40 0c fa 94 76 58 a7 bb 27 2f 21 16 17 86 3f 0a]
Recv PPPOE Discovery V1T1 PADS session 0x1d0c length 12
 dst d8:58:d7:01:94:87  src 40:7c:7d:dd:b4:a8
 [service-name] [host-uniq  4f 10 00 00]
PADS: Service-Name: ''
PPP session is 7436
Connected to 40:7c:7d:dd:b4:a8 via interface eth2.7
using channel 52
Renamed interface ppp0 to pppoe-wan
Using interface pppoe-wan
Connect: pppoe-wan <--> eth2.7
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xdfda3c7d>]
rcvd [LCP ConfReq id=0x1b <mru 1492> <auth chap MD5> <magic 0x2572d31>]
sent [LCP ConfAck id=0x1b <mru 1492> <auth chap MD5> <magic 0x2572d31>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xdfda3c7d>]
sent [LCP EchoReq id=0x0 magic=0xdfda3c7d]
rcvd [*redacted*CHAP Challenge id=0x1 <*redacted*>, name = "DARCOS00701"]
sent [*redacted*CHAP Challenge id=0x1 <*redacted*>, name = "vodafone-vdsl.komplett/*redacted*-static"]
sent [LCP EchoReq id=0x1 magic=0xdfda3c7d]
sent [LCP EchoReq id=0x2 magic=0xdfda3c7d]
sent [LCP EchoReq id=0x3 magic=0xdfda3c7d]
sent [LCP EchoReq id=0x4 magic=0xdfda3c7d]
sent [LCP EchoReq id=0x5 magic=0xdfda3c7d]
rcvd [LCP ConfReq id=0x2 <mru 1492> <auth chap MD5> <magic 0xf3e20515>]
sent [LCP ConfReq id=0x2 <mru 1492> <magic 0xd0637b60>]
sent [LCP ConfAck id=0x2 <mru 1492> <auth chap MD5> <magic 0xf3e20515>]
rcvd [LCP ConfAck id=0x2 <mru 1492> <magic 0xd0637b60>]
sent [LCP EchoReq id=0x0 magic=0xd0637b60]
rcvd [*redacted*CHAP Challenge id=0x1 <*redacted*>, name = "ffmebr021"]
sent [*redacted*CHAP Challenge id=0x1 <*redacted*>, name = "vodafone-vdsl.komplett/*redacted*-static"]
rcvd [LCP EchoRep id=0x0 magic=0xf3e20515]
rcvd [CHAP Success id=0x1 "access accepted : vodafone-vdsl.komplett/*redacted*-static"]
CHAP authentication succeeded: access accepted : vodafone-vdsl.komplett/*redacted*-static
CHAP authentication succeeded
peer from calling number 40:7C:7D:DD:B4:A8 authorized
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPCP ConfReq id=0x1 <addr 84.58.120.1>]
sent [IPCP ConfAck id=0x1 <addr 84.58.120.1>]
rcvd [IPV6CP ConfReq id=0x1 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x1 <addr fe80::2a31:52ff:fe5a:7778>]
rcvd [IPCP ConfNak id=0x1 <addr 176.95.*redacted*> <ms-dns1 176.95.16.250> <ms-dns2 176.95.16.251>]
sent [IPCP ConfReq id=0x2 <addr 176.95.*redacted*> <ms-dns1 176.95.16.250> <ms-dns2 176.95.16.251>]
rcvd [IPCP ConfAck id=0x2 <addr 176.95.*redacted*> <ms-dns1 176.95.16.250> <ms-dns2 176.95.16.251>]
local  IP address 176.95.*redacted*
remote IP address 84.58.120.1
primary   DNS address 176.95.16.250
secondary DNS address 176.95.16.251
Script /lib/netifd/ppp-up started (pid 4214)
Script /lib/netifd/ppp-up finished (pid 4214), status = 0x1
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPV6CP ConfReq id=0x2 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x2 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPV6CP ConfReq id=0x3 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x3 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPV6CP ConfReq id=0x4 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x4 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPV6CP ConfReq id=0x5 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x5 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
rcvd [IPV6CP ConfReq id=0x6 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x6 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::388c:f753:2aa0:e77c>]
IPV6CP: timeout sending Config-Requests
rcvd [IPV6CP ConfReq id=0x8 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfAck id=0x8 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
rcvd [IPV6CP ConfReq id=0x9 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0x9 <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
rcvd [IPV6CP ConfReq id=0xa <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfAck id=0xa <addr fe80::2a31:52ff:fe5a:7778>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
sent [IPV6CP ConfReq id=0x2 <addr fe80::687f:dacd:247c:10a1>]
IPV6CP: timeout sending Config-Requests
Connect time 1.1 minutes.
Sent 75741 bytes, received 136599 bytes.
Script /lib/netifd/ppp-down started (pid 4904)
sent [LCP TermReq id=0x3 "No network protocols running"]
rcvd [LCP TermAck id=0x3]
Connection terminated.
Send PPPOE Discovery V1T1 PADT session 0x1d0c length 28
 dst 40:7c:7d:dd:b4:a8  src d8:58:d7:01:94:87
 [host-uniq  4f 10 00 00] [AC-cookie  40 0c fa 94 76 58 a7 bb 27 2f 21 16 17 86 3f 0a]
Sent PADT
Script /lib/netifd/ppp-down finished (pid 4904), status = 0x1
Plugin rp-pppoe.so loaded.

Septem9er · September 8, 2023, 5:41pm

Adding that with the credentials for the dynamic connection, IPv6 also times out, but the connection does not reset every minute.

When disabling IPv6 it is the same as well. My ISP does support IPv6, and I want it enabled as well.

I do get errors from odhcp6c:

odhcp6c[16857]: Failed to send RS (Permission denied)
odhcp6c[16857]: Failed to send SOLICIT message to ff02::1:2 (Permission denied)

I did read somewhere, that ip -6 route add default dev pppoe-wan resolves the Permission denied error, which it does (not permanent that way). However, it still fails with (Address not available) afterwards.