commit 6864ed7938750cfba1f4678eb0ae8921de10f999 Author: pie Date: Sun Feb 6 16:47:35 2022 +0100 First commit diff --git a/README.assets/Capture-switch-hub-ws.png b/README.assets/Capture-switch-hub-ws.png new file mode 100644 index 0000000..965622b Binary files /dev/null and b/README.assets/Capture-switch-hub-ws.png differ diff --git a/README.assets/hub1.jpeg b/README.assets/hub1.jpeg new file mode 100644 index 0000000..88c014a Binary files /dev/null and b/README.assets/hub1.jpeg differ diff --git a/README.assets/hub2.jpeg b/README.assets/hub2.jpeg new file mode 100644 index 0000000..18a3243 Binary files /dev/null and b/README.assets/hub2.jpeg differ diff --git a/README.assets/packets.png b/README.assets/packets.png new file mode 100644 index 0000000..27b45a7 Binary files /dev/null and b/README.assets/packets.png differ diff --git a/README.md b/README.md new file mode 100644 index 0000000..cdc7d86 --- /dev/null +++ b/README.md @@ -0,0 +1,107 @@ +# FTTH Tiscali without modem + +This is a short guide on how to connect your Linux box to the Internet using directly the GPON provided by Tiscali. + +## TL;DR + +You just need `pppd` and a virtual Ethernet device. The latter is created with: + +`ip link add link eth0 name eth0.835 type vlan id 835` + +assuming your ethernet device is `eth0`. + +Credentials for PPPoE can be obtained [here for Tiscali](https://assistenza.tiscali.it/supporto/moduli/servizi/modem-libero/). You can also sniff the [CHAP](https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol) authentication and crack it, the password is just 6 numeric characters. + +To connect to the PPPoE server, install `pppd` and configure it + +##### /etc/ppp/peers/tiscali + +``` +plugin pppoe.so +# rp_pppoe_ac 'your ac name' +# rp_pppoe_service 'your service name' + +# network interface +eth0.835 +# login name +name "NAME.SURNAME@tiscali.it" +usepeerdns +persist +# Uncomment this if you want to enable dial on demand +#demand +#idle 180 +defaultroute +hide-password +noauth +``` + +and + +##### /etc/ppp/chap-secrets + +``` +# Secrets for authentication using CHAP +# client server secret IP addresses +"NAME.SURNAME@tiscali.it" * "123456" +``` + +(replace 123456 with your password) + +Finally you can switch on the service like: + +``` +ppp call tiscali +``` + +you can use `journalctl -f` and check whether things are going fine. + +Systemd automatization can be created with the help of [these scripts](https://gitlab.com/jimdigriz/debian-clearfog-gt-8k/-/blob/master/README.md). + +## Long Story + +The FFTH service comes with a **GPON** ([gigabit-capable passive optical network](https://en.wikipedia.org/wiki/G.984)), and I wanted to connect the PC with my self hosted services directly to its ethernet port, bypassing the big black box (ZTE H388X a.k.a. ZTE Modem Tim Hub+) customized with some mysterious proprietary firmware from TISCALI (I asked, of course they don't share it). + +Needless to say, using the credentials that TISCALI gave me directly with `pppd` on my ethernet interface did not work. The logs and the error messages are + +``` +pppd[1336]: Plugin pppoe.so loaded. +pppd[1336]: PPPoE plugin from pppd 2.4.9 +pppd[1337]: pppd 2.4.9 started by pie, uid 0 +kernel: NET: Registered PF_PPPOX protocol family +pppd[1337]: Timeout waiting for PADO packets +pppd[1337]: Unable to complete PPPoE Discovery +``` + + + +For some reason, nobody replied with an *Offer* (PADO) to my request for a PPP *Initiation* (PADI). Not much gained from the error message, so the only way to find how to talk to the PPPoE server is to collect a working setup. + +I managed to sniff the traffic between the modem and the GPON with this fantastic Ethernet Hub from the 90s! + +![HUB](README.assets/hub1.jpeg) + +The approach is [like this](https://wiki.wireshark.org/CaptureSetup/Ethernet#capture-using-an-ethernet-hub): + +![](README.assets/Capture-switch-hub-ws.png) + + + +The packets captured just after switching on the ZTE H388X are shown here: + +![packets](README.assets/packets.png) + +There are basically three steps: + +* Red box: a termination request. Probably to clean up everything before starting a new session. +* Yellow box: the PPP Initialization starts from the ZTE and is followed by an Offer from the Cisco server. +* Green box: the authentication, with CHAP protocol. + +When using `pppd` the first packet is a PADI, which looks exactly the same as the one in No. 7 above, except for the 802.1Q part shown by the blue arrow. That was indeed the trick: the server replies only is the PADI request comes from a VLAN with ID:835. + +Setting the PPP device to a newly created vlan with + +``` +`ip link add link eth0 name eth0.835 type vlan id 835` +``` + +makes the Cisco server happy and it promptly replies to our PADI packet. \ No newline at end of file