Neal Younger
home
stuff
TX V3
BLF
apostrophes
TG582 Telnet
TG VDSL
index » TG VDSL
Technicolor VDSL compatible modem/routers.
The models TG588v, TG589vac, TG589vac V2, DWA0120, DGA0122 and DGA4134.

Page under construction.

Sky Broadband, FTTC/VDSL MER authentication
Sky use a special DHCP Option 61 for authentication, not the usual PPP like most UK providers. If you'd like to use a Technicolor DWA0120 for example as an alternative to the Sky Hub. First of all you'll need to get the credentials normally used in the background.

To begin with, keep to the Sky hub in place. Follow a guide like this: https://www.georgebuckingham.com/sky-fibre-router-vdsl-password/ to get the MER authentication details. You should end up with something along the lines of: 24a7dc993844@skydsl d5f03cf8 or 24a7dc993844@skydsl|d5f03cf8 (note the pipe | in-between the username and password)

Use an online text (ascii) to HEX converter, for example www.rapidtables.com/convert/number/ascii-to-hex.html

Convert the authentication details. e.g. 24a7dc993844@skydsl | d5f03cf8 becomes 32346137646339393338343440736b7964736c 7c 6435663033636638 ( the pipe | is 7c )

In the Web Interface of the router set the Connection to be VDSL under the [i] icon. Set the connection type as DHCP instead of PPP, Bridge etc.

SSH in to the router (think this has to be engineer and the access key printed underneath)

To add DHCP Option 61 for Skys unusual Mer authentication, issue the command

set uci.network.interface.@wan.sendopts 61:32346137646339393338343440736b7964736c7c6435663033636638

and save.

Connect the DSL cable, give it a little while, and you should be online.

DWA0120 ideas, Firmware 18.3
get InternetGatewayDevice.User.

set InternetGatewayDevice.User.2.Password blah

set InternetGatewayDevice.User.3.Password blah

For remote web UI access from a trusted IP:

newsrpuser -u test -p test

add uci.web.sessionmgr. remotefixed

set uci.web.sessionmgr.@remotefixed.passpath /password

set uci.web.sessionmgr.@remotefixed.timeout 30

set uci.web.sessionmgr.@remotefixed.authpath /authenticate

set uci.web.sessionmgr.@remotefixed.ruleset ruleset_main

set uci.web.sessionmgr.@remotefixed.loginpath /login.lp

set uci.web.sessionmgr.@remotefixed.cookiepath /

add uci.web.sessionmgr.@remotefixed.users.

set uci.web.sessionmgr.@remotefixed.users.@1.value usr_remote

add uci.web.user. usr_remote

set uci.web.user.@usr_remote.role engineer

set uci.web.user.@usr_remote.name test

set uci.web.user.@usr_remote.srp_verifier HASHFROMABOVE

set uci.web.user.@usr_remote.srp_salt SALTFROMABOVE

add uci.firewall.rule. WAN_GUI

set uci.firewall.rule.@WAN_GUI.name GUI-WAN

set uci.firewall.rule.@WAN_GUI.src wan

set uci.firewall.rule.@WAN_GUI.enabled 1

add uci.firewall.rule.@WAN_GUI.proto.

set uci.firewall.rule.@WAN_GUI.proto.@1.value tcp

set uci.firewall.rule.@WAN_GUI.dest_port 8443

set uci.firewall.rule.@WAN_GUI.src_ip 1.1.1.1

set uci.firewall.rule.@WAN_GUI.family ipv4

set uci.firewall.rule.@WAN_GUI.target ACCEPT

apply

reload

TG58 unit ideas, Firmware 17.2
get InternetGatewayDevice.User.

set InternetGatewayDevice.User.2.Password blah

set InternetGatewayDevice.User.3.Password blah

For remote web UI access from a trusted IP:

newsrpuser -u test -p test

add uci.web.sessionmgr. remotefixed

set uci.web.sessionmgr.@remotefixed.passpath /password

set uci.web.sessionmgr.@remotefixed.timeout 30

set uci.web.sessionmgr.@remotefixed.authpath /authenticate

set uci.web.sessionmgr.@remotefixed.ruleset ruleset_main

set uci.web.sessionmgr.@remotefixed.loginpath /login.lp

set uci.web.sessionmgr.@remotefixed.cookiepath /

add uci.web.sessionmgr.@remotefixed.users.

set uci.web.sessionmgr.@remotefixed.users.@1.value usr_remote

add uci.web.user. usr_remote

set uci.web.user.@usr_remote.role engineer

set uci.web.user.@usr_remote.name test

set uci.web.user.@usr_remote.srp_verifier HASHFROMABOVE

set uci.web.user.@usr_remote.srp_salt SALTFROMABOVE

add uci.firewall.rule. WAN_GUI

add uci.firewall.rule.name GUI-WAN

set uci.firewall.rule.@WAN_GUI.src wan

set uci.firewall.rule.@WAN_GUI.enabled 1

set uci.firewall.rule.@WAN_GUI.proto tcp

set uci.firewall.rule.@WAN_GUI.dest_port 8443

set uci.firewall.rule.@WAN_GUI.src_ip 1.1.1.1

set uci.firewall.rule.@WAN_GUI.family ipv4

set uci.firewall.rule.@WAN_GUI.target ACCEPT

apply

reload

Allow a trusted wan IP through to a lan IP:

add uci.firewall.userredirect.

Created uci.firewall.userredirect.1

set uci.firewall.userredirect.1.target DNAT

set uci.firewall.userredirect.1.src wan

set uci.firewall.userredirect.1.src_ip 1.1.1.1

set uci.firewall.userredirect.1.dest_port 80

set uci.firewall.userredirect.1.enabled 1

set uci.firewall.userredirect.1.src_dport 80

set uci.firewall.userredirect.1.dest_ip 192.168.1.7

set uci.firewall.userredirect.1.name test

set uci.firewall.userredirect.1.family ipv4

set uci.firewall.userredirect.1.dest lan

add uci.firewall.userredirect.1.proto.

Created uci.firewall.userredirect.1.proto.1

set uci.firewall.userredirect.1.proto.@1.value tcp

add uci.firewall.userredirect.1.proto.

Created uci.firewall.userredirect.1.proto.2

set uci.firewall.userredirect.1.proto.@2.value udp

apply

reload

Further information may follow
NAT Helpers:

set uci.firewall.helper.@ftp.enable 0

set uci.firewall.helper.@irc.enable 0

set uci.firewall.helper.@pptp.enable 0

set uci.firewall.helper.@rtsp.enable 0

set uci.firewall.helper.@snmp.enable 0

set uci.firewall.helper.@tftp.enable 0

set uci.firewall.helper.@amanda.enable 0

Remind yourself that you were working on the CPE:

set uci.version.version.@version[0].marketing_name Neal

Remind user of the name of the ISP in dialogue boxes, messages etc.:

set uci.env.custovar.ISP brandname

GRE Tunnel backhaul problems:

set uci.env.custovar.mtu_eth 1476

set uci.env.custovar.mtu_adsl 1476

set uci.env.custovar.mtu_vdsl 1476

set uci.network.interface.@wan.mtu 1476

Set a DHCP lease reservation:

add uci.dhcp.host.

Created uci.dhcp.host.1

set uci.dhcp.host.1.mac ab:cd:ef:12:34:56

set uci.dhcp.host.1.name test

set uci.dhcp.host.1.ip 192.168.1.7

apply

Has Auto-WAN-sensing got its knickers in a twist?:

get uci.wansensing.global.enable

set uci.wansensing.global.enable 1

Change SIP Network to brand name:

set uci.mmpbxrvsipnet.network.@sip_net.user_friendly_name telco

cwmp check and change between line and mobile :

get uci.cwmpd.cwmpd_config.interface

uci.cwmpd.cwmpd_config.interface [string] = wan

change between wwan and wwan_4

apply

I can't remember which models and versions this TR069 string may work on:

set uci.cwmpd.cwmpd_config.state 0

Remove any outstanding customisations:

set sys.ispconfig.Delete 1

apply

Need 4G / 3G / 2G backup?
It is thought that the Huawei E3372 (several versions exist denoting different frequency ranges used, in the UK E3372h-153 is best) has broad compatibility. A non HiLink one worked when tested.

Not sure about regular HiLink ones - will of course have double NAT.

DGA0122 / 19.4 onwards
NAT Helpers updated commands:

Erase the list of of flippers on:

del uci.firewall.zone.@lan.helper.

Add an index (these increment automatically with each flipper/addition):

add uci.firewall.zone.@lan.helper.

Say which helper you want:

set uci.firewall.zone.@lan.helper.@1.value sip

DGA4134 format
get Device.Users.User.

set Device.Users.User.2.Password blah

set Device.Users.User.3.Password blah

For remote web UI access from a trusted IP:

newsrpuser -u test -p test

add uci.web.sessionmgr. remotefixed

set uci.web.sessionmgr.@remotefixed.passpath /password

set uci.web.sessionmgr.@remotefixed.timeout 30

set uci.web.sessionmgr.@remotefixed.authpath /authenticate

set uci.web.sessionmgr.@remotefixed.ruleset ruleset_main

set uci.web.sessionmgr.@remotefixed.loginpath /login.lp

set uci.web.sessionmgr.@remotefixed.cookiepath /

add uci.web.sessionmgr.@remotefixed.users.

set uci.web.sessionmgr.@remotefixed.users.@1.value usr_remote

add uci.web.user. usr_remote

set uci.web.user.@usr_remote.role engineer

set uci.web.user.@usr_remote.name test

set uci.web.user.@usr_remote.srp_verifier HASHFROMABOVE

set uci.web.user.@usr_remote.srp_salt SALTFROMABOVE

add uci.firewall.rule. WAN_GUI

set uci.firewall.rule.@WAN_GUI.name GUI-WAN

set uci.firewall.rule.@WAN_GUI.src wan

set uci.firewall.rule.@WAN_GUI.enabled 1

add uci.firewall.rule.@WAN_GUI.proto.

set uci.firewall.rule.@WAN_GUI.proto.@1.value tcp

set uci.firewall.rule.@WAN_GUI.dest_port 8443

set uci.firewall.rule.@WAN_GUI.src_ip 1.1.1.1

set uci.firewall.rule.@WAN_GUI.family ipv4

set uci.firewall.rule.@WAN_GUI.target ACCEPT

apply

reload

NAT Helpers:

Erase the list of of flippers on:

del uci.firewall.zone.@lan.helper.

Add an index (these increment automatically with each flipper/addition):

add uci.firewall.zone.@lan.helper.

Say which helper you want:

set uci.firewall.zone.@lan.helper.@1.value sip

Remind yourself that you did some work on the CPE:

set uci.version.version.@version[0].marketing_name Neal

Remind user of the name of the ISP in dialogue boxes, messages etc.:

set uci.env.custovar.ISP brandname

Change SIP Network to brand name:

set uci.mmpbxrvsipnet.network.@sip_net.user_friendly_name telco

Try to sleep TR069:

set uci.cwmpd.cwmpd_config.state 0

set uci.cwmpd.cwmpd_config.acs_url http://example.com

Other tidying:

set uci.samba.samba.enabled 0

set uci.samba.samba.filesharing 0

set uci.dlnad.config.enabled 0

set Device.WiFi.MultiAP.X_000E50_AgentEnabled 0

set Device.WiFi.MultiAP.X_000E50_ControllerEnabled 0

can't find set Backhaul Enabled?

Remove any outstanding customisations:

set sys.ispconfig.Delete 1

apply

GRE Tunnel network backhaul workaround:

set uci.env.custovar.mtu_eth 1476

set uci.env.custovar.mtu_adsl 1476

set uci.env.custovar.mtu_vdsl 1476

set uci.network.interface.@wan.mtu 1476

Web UI use gets Auto-WAN-sensing stuck?:

get uci.wansensing.global.enable

set uci.wansensing.global.enable 1

cwmp check and change between line and mobile :

get uci.cwmpd.cwmpd_config.interface

uci.cwmpd.cwmpd_config.interface [string] = wan

change between wwan and wwan_4

apply