README.md

# FTTH Tiscali without modem

This is a short guide on how to connect your Linux box to the Internet using directly the GPON provided by Tiscali.

## TL;DR

You just need `pppd` and a virtual Ethernet device. The latter is created with:

`ip link add link eth0 name eth0.835 type vlan id 835`

assuming your ethernet device is `eth0`.

Credentials for PPPoE can  be obtained [here for Tiscali](https://assistenza.tiscali.it/supporto/moduli/servizi/modem-libero/). You can also sniff the [CHAP](https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol) authentication and crack it, the password is just 6 numeric characters.

To connect to the PPPoE server, install `pppd` and configure it

##### /etc/ppp/peers/tiscali

```
plugin pppoe.so
# rp_pppoe_ac 'your ac name'
# rp_pppoe_service 'your service name'

# network interface
eth0.835
# login name
name "NAME.SURNAME@tiscali.it"
usepeerdns
persist
# Uncomment this if you want to enable dial on demand
#demand
#idle 180
defaultroute
hide-password
noauth
```

and

##### /etc/ppp/chap-secrets

```
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
"NAME.SURNAME@tiscali.it"       *       "123456"
```

(replace 123456 with your password)

Finally you can switch on the service like:

```
ppp call tiscali
```

you can use `journalctl -f` and check whether things are going fine.

Systemd automatization can be created with the help of [these scripts](https://gitlab.com/jimdigriz/debian-clearfog-gt-8k/-/blob/master/README.md).

## Long Story

The FFTH service comes with a **GPON** ([gigabit-capable passive optical network](https://en.wikipedia.org/wiki/G.984)), and I wanted to connect the PC with my self hosted services directly to its ethernet port, bypassing the big black box (ZTE H388X a.k.a. ZTE Modem Tim Hub+) customized with some mysterious proprietary firmware from TISCALI (I asked, of course they don't share it).

Needless to say, using the credentials that TISCALI gave me directly with `pppd` on my ethernet interface did not work. The logs and the error messages are

```
pppd[1336]: Plugin pppoe.so loaded.
pppd[1336]: PPPoE plugin from pppd 2.4.9
pppd[1337]: pppd 2.4.9 started by pie, uid 0
kernel: NET: Registered PF_PPPOX protocol family
pppd[1337]: Timeout waiting for PADO packets
pppd[1337]: Unable to complete PPPoE Discovery
```


For some reason, nobody replied with an *Offer* (PADO) to my request for a PPP *Initiation* (PADI). Not much gained from the error message, so the only way to find how to talk to the PPPoE server is to collect a working setup.

I managed to sniff the traffic between the modem and the GPON with this fantastic Ethernet Hub from the 90s!

![HUB](README.assets/hub1.jpeg)

The approach is [like this](https://wiki.wireshark.org/CaptureSetup/Ethernet#capture-using-an-ethernet-hub):

![](README.assets/Capture-switch-hub-ws.png)


The packets captured just after switching on the ZTE H388X are shown here:

![packets](README.assets/packets.png)

There are basically three steps:

* Red box: a termination request. Probably to clean up everything before starting a new session.
* Yellow box: the PPP Initialization starts from the ZTE and is followed by an Offer from the Cisco server.
* Green box: the authentication, with CHAP protocol.

When using `pppd` the first packet is a PADI, which looks exactly the same as the one in No. 7 above, except for the 802.1Q part shown by the blue arrow. That was indeed the trick: the server replies only is the PADI request comes from a VLAN with ID:835.

Setting the PPP device to a newly created vlan with

```
`ip link add link eth0 name eth0.835 type vlan id 835`
```

makes the Cisco server happy and it promptly replies to our PADI packet.
First commit 2022-02-06 16:47:35 +01:00			`# FTTH Tiscali without modem`

			`This is a short guide on how to connect your Linux box to the Internet using directly the GPON provided by Tiscali.`

			`## TL;DR`

			You just need `pppd` and a virtual Ethernet device. The latter is created with:

			`ip link add link eth0 name eth0.835 type vlan id 835`

			assuming your ethernet device is `eth0`.

			`Credentials for PPPoE can be obtained [here for Tiscali](https://assistenza.tiscali.it/supporto/moduli/servizi/modem-libero/). You can also sniff the [CHAP](https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol) authentication and crack it, the password is just 6 numeric characters.`

			To connect to the PPPoE server, install `pppd` and configure it

			`##### /etc/ppp/peers/tiscali`

			```
			`plugin pppoe.so`
			`# rp_pppoe_ac 'your ac name'`
			`# rp_pppoe_service 'your service name'`

			`# network interface`
			`eth0.835`
			`# login name`
			`name "NAME.SURNAME@tiscali.it"`
			`usepeerdns`
			`persist`
			`# Uncomment this if you want to enable dial on demand`
			`#demand`
			`#idle 180`
			`defaultroute`
			`hide-password`
			`noauth`
			```

			`and`

			`##### /etc/ppp/chap-secrets`

			```
			`# Secrets for authentication using CHAP`
			`# client server secret IP addresses`
			`"NAME.SURNAME@tiscali.it" * "123456"`
			```

			`(replace 123456 with your password)`

			`Finally you can switch on the service like:`

			```
			`ppp call tiscali`
			```

			you can use `journalctl -f` and check whether things are going fine.

			`Systemd automatization can be created with the help of [these scripts](https://gitlab.com/jimdigriz/debian-clearfog-gt-8k/-/blob/master/README.md).`

			`## Long Story`

			`The FFTH service comes with a GPON ([gigabit-capable passive optical network](https://en.wikipedia.org/wiki/G.984)), and I wanted to connect the PC with my self hosted services directly to its ethernet port, bypassing the big black box (ZTE H388X a.k.a. ZTE Modem Tim Hub+) customized with some mysterious proprietary firmware from TISCALI (I asked, of course they don't share it).`

			Needless to say, using the credentials that TISCALI gave me directly with `pppd` on my ethernet interface did not work. The logs and the error messages are

			```
			`pppd[1336]: Plugin pppoe.so loaded.`
			`pppd[1336]: PPPoE plugin from pppd 2.4.9`
			`pppd[1337]: pppd 2.4.9 started by pie, uid 0`
			`kernel: NET: Registered PF_PPPOX protocol family`
			`pppd[1337]: Timeout waiting for PADO packets`
			`pppd[1337]: Unable to complete PPPoE Discovery`
			```



			`For some reason, nobody replied with an Offer (PADO) to my request for a PPP Initiation (PADI). Not much gained from the error message, so the only way to find how to talk to the PPPoE server is to collect a working setup.`

			`I managed to sniff the traffic between the modem and the GPON with this fantastic Ethernet Hub from the 90s!`

			`![HUB](README.assets/hub1.jpeg)`

			`The approach is [like this](https://wiki.wireshark.org/CaptureSetup/Ethernet#capture-using-an-ethernet-hub):`

			`![](README.assets/Capture-switch-hub-ws.png)`



			`The packets captured just after switching on the ZTE H388X are shown here:`

			`![packets](README.assets/packets.png)`

			`There are basically three steps:`

			`* Red box: a termination request. Probably to clean up everything before starting a new session.`
			`* Yellow box: the PPP Initialization starts from the ZTE and is followed by an Offer from the Cisco server.`
			`* Green box: the authentication, with CHAP protocol.`

			When using `pppd` the first packet is a PADI, which looks exactly the same as the one in No. 7 above, except for the 802.1Q part shown by the blue arrow. That was indeed the trick: the server replies only is the PADI request comes from a VLAN with ID:835.

			`Setting the PPP device to a newly created vlan with`

			```
			`ip link add link eth0 name eth0.835 type vlan id 835`
			```

			`makes the Cisco server happy and it promptly replies to our PADI packet.`