Technicolor VDSL compatible modem/routers.
The models TG588v, TG589vac, TG589vac V2 and DWA0120.
Page under construction.
Sky Broadband, FTTC/VDSL MER authentication
Sky use a special DHCP Option 61 for authentication, not the usual PPP like most UK providers. If you'd like to use a Technicolor DWA0120 for example as an alternative to the Sky Hub.
First of all you'll need to get the credentials normally used in the background.
To begin with, keep to the Sky hub in place. Follow a guide like this: https://www.georgebuckingham.com/sky-fibre-router-vdsl-password/ to get the MER authentication details.
You should end up with something along the lines of:
24a7dc993844@skydsl
d5f03cf8
or
24a7dc993844@skydsl|d5f03cf8 (note the pipe | in-between the username and password)
Use an online text (ascii) to HEX converter, for example www.rapidtables.com/convert/number/ascii-to-hex.html
Convert the authentication details. e.g. 24a7dc993844@skydsl | d5f03cf8 becomes
32346137646339393338343440736b7964736c 7c 6435663033636638 ( the pipe | is 7c )
In the Web Interface of the router set the Connection to be VDSL under the [i] icon. Set the connection type as DHCP instead of PPP, Bridge etc.
SSH in to the router (think this has to be engineer and the access key printed underneath)
To add DHCP Option 61 for Skys unusual Mer authentication, issue the command
set uci.network.interface.@wan.sendopts 61:32346137646339393338343440736b7964736c7c6435663033636638
and save.
Connect the DSL cable, give it a little while, and you should be online.
DWA0120 ideas, Firmware 18.3
get InternetGatewayDevice.User.
set InternetGatewayDevice.User.2.Password blah
set InternetGatewayDevice.User.3.Password blah
For remote web UI access from a trusted IP:
newsrpuser -u test -p test
add uci.web.sessionmgr. remotefixed
set uci.web.sessionmgr.@remotefixed.passpath /password
set uci.web.sessionmgr.@remotefixed.timeout 30
set uci.web.sessionmgr.@remotefixed.authpath /authenticate
set uci.web.sessionmgr.@remotefixed.ruleset ruleset_main
set uci.web.sessionmgr.@remotefixed.loginpath /login.lp
set uci.web.sessionmgr.@remotefixed.cookiepath /
add uci.web.sessionmgr.@remotefixed.users.
set uci.web.sessionmgr.@remotefixed.users.@1.value usr_remote
add uci.web.user. usr_remote
set uci.web.user.@usr_remote.role engineer
set uci.web.user.@usr_remote.name test
set uci.web.user.@usr_remote.srp_verifier HASHFROMABOVE
set uci.web.user.@usr_remote.srp_salt SALTFROMABOVE
add uci.firewall.rule. WAN_GUI
set uci.firewall.rule.@WAN_GUI.name GUI-WAN
set uci.firewall.rule.@WAN_GUI.src wan
set uci.firewall.rule.@WAN_GUI.enabled 1
add uci.firewall.rule.@WAN_GUI.proto.
set uci.firewall.rule.@WAN_GUI.proto.@1.value tcp
set uci.firewall.rule.@WAN_GUI.dest_port 8443
set uci.firewall.rule.@WAN_GUI.src_ip 1.1.1.1
set uci.firewall.rule.@WAN_GUI.family ipv4
set uci.firewall.rule.@WAN_GUI.target ACCEPT
apply
reload
TG58 unit ideas, Firmware 17.2
get InternetGatewayDevice.User.
set InternetGatewayDevice.User.2.Password blah
set InternetGatewayDevice.User.3.Password blah
For remote web UI access from a trusted IP:
newsrpuser -u test -p test
add uci.web.sessionmgr. remotefixed
set uci.web.sessionmgr.@remotefixed.passpath /password
set uci.web.sessionmgr.@remotefixed.timeout 30
set uci.web.sessionmgr.@remotefixed.authpath /authenticate
set uci.web.sessionmgr.@remotefixed.ruleset ruleset_main
set uci.web.sessionmgr.@remotefixed.loginpath /login.lp
set uci.web.sessionmgr.@remotefixed.cookiepath /
add uci.web.sessionmgr.@remotefixed.users.
set uci.web.sessionmgr.@remotefixed.users.@1.value usr_remote
add uci.web.user. usr_remote
set uci.web.user.@usr_remote.role engineer
set uci.web.user.@usr_remote.name test
set uci.web.user.@usr_remote.srp_verifier HASHFROMABOVE
set uci.web.user.@usr_remote.srp_salt SALTFROMABOVE
add uci.firewall.rule. WAN_GUI
add uci.firewall.rule.name GUI-WAN
set uci.firewall.rule.@WAN_GUI.src wan
set uci.firewall.rule.@WAN_GUI.enabled 1
set uci.firewall.rule.@WAN_GUI.proto tcp
set uci.firewall.rule.@WAN_GUI.dest_port 8443
set uci.firewall.rule.@WAN_GUI.src_ip 1.1.1.1
set uci.firewall.rule.@WAN_GUI.family ipv4
set uci.firewall.rule.@WAN_GUI.target ACCEPT
apply
reload
Allow a trusted wan IP through to a lan IP:
add uci.firewall.userredirect.
Created uci.firewall.userredirect.1
set uci.firewall.userredirect.1.target DNAT
set uci.firewall.userredirect.1.src wan
set uci.firewall.userredirect.1.src_ip 1.1.1.1
set uci.firewall.userredirect.1.dest_port 80
set uci.firewall.userredirect.1.enabled 1
set uci.firewall.userredirect.1.src_dport 80
set uci.firewall.userredirect.1.dest_ip 192.168.1.7
set uci.firewall.userredirect.1.name test
set uci.firewall.userredirect.1.family ipv4
set uci.firewall.userredirect.1.dest lan
add uci.firewall.userredirect.1.proto.
Created uci.firewall.userredirect.1.proto.1
set uci.firewall.userredirect.1.proto.@1.value tcp
add uci.firewall.userredirect.1.proto.
Created uci.firewall.userredirect.1.proto.2
set uci.firewall.userredirect.1.proto.@2.value udp
apply
reload
Further information may follow
NAT Helpers:
set uci.firewall.helper.@ftp.enable 0
set uci.firewall.helper.@irc.enable 0
set uci.firewall.helper.@pptp.enable 0
set uci.firewall.helper.@rtsp.enable 0
set uci.firewall.helper.@snmp.enable 0
set uci.firewall.helper.@tftp.enable 0
set uci.firewall.helper.@amanda.enable 0
Remind yourself that you were working on the CPE:
set uci.version.version.@version[0].marketing_name Neal
Set a DHCP lease reservation:
add uci.dhcp.host.
Created uci.dhcp.host.1
set uci.dhcp.host.1.mac ab:cd:ef:12:34:56
set uci.dhcp.host.1.name test
set uci.dhcp.host.1.ip 192.168.1.7
apply
Has Auto-WAN-sensing got its knickers in a twist?:
get uci.wansensing.global.enable
set uci.wansensing.global.enable 1
Change SIP Network to brand name:
set uci.mmpbxrvsipnet.network.@sip_net.user_friendly_name telco
cwmp check and change between line and mobile :
get uci.cwmpd.cwmpd_config.interface
uci.cwmpd.cwmpd_config.interface [string] = wan
change between wwan and wwan_4
apply
Need 4G / 3G / 2G backup?
It is thought that the Huawei E3372 (several versions exist denoting different frequency ranges used, in the UK E3372h-153 is best) has broad compatibility. A non HiLink one worked when tested.
Not sure about regular HiLink ones - will of course have double NAT.
DGA0122 / 19.4 onwards
NAT Helpers updated commands:
Erase the list of of flippers on:
del uci.firewall.zone.@lan.helper.
Add an index (these increment automatically with each flipper/addition):
add uci.firewall.zone.@lan.helper.
Say which helper you want:
set uci.firewall.zone.@lan.helper.@1.value sip