# FTTH Tiscali without modem This is a short guide on how to connect your Linux box to the Internet using directly the GPON provided by Tiscali. ## TL;DR You just need `pppd` and a virtual Ethernet device. The latter is created with: `ip link add link eth0 name eth0.835 type vlan id 835` assuming your ethernet device is `eth0`. Credentials for PPPoE can be obtained [here for Tiscali](https://assistenza.tiscali.it/supporto/moduli/servizi/modem-libero/). You can also sniff the [CHAP](https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol) authentication and crack it, the password is just 6 numeric characters. To connect to the PPPoE server, install `pppd` and configure it ##### /etc/ppp/peers/tiscali ``` plugin pppoe.so # rp_pppoe_ac 'your ac name' # rp_pppoe_service 'your service name' # network interface eth0.835 # login name name "NAME.SURNAME@tiscali.it" usepeerdns persist # Uncomment this if you want to enable dial on demand #demand #idle 180 defaultroute hide-password noauth ``` and ##### /etc/ppp/chap-secrets ``` # Secrets for authentication using CHAP # client server secret IP addresses "NAME.SURNAME@tiscali.it" * "123456" ``` (replace 123456 with your password) Finally you can switch on the service like: ``` ppp call tiscali ``` you can use `journalctl -f` and check whether things are going fine. Systemd automatization can be created with the help of [these scripts](https://gitlab.com/jimdigriz/debian-clearfog-gt-8k/-/blob/master/README.md). ## Long Story The FFTH service comes with a **GPON** ([gigabit-capable passive optical network](https://en.wikipedia.org/wiki/G.984)), and I wanted to connect the PC with my self hosted services directly to its ethernet port, bypassing the big black box (ZTE H388X a.k.a. ZTE Modem Tim Hub+) customized with some mysterious proprietary firmware from TISCALI (I asked, of course they don't share it). Needless to say, using the credentials that TISCALI gave me directly with `pppd` on my ethernet interface did not work. The logs and the error messages are ``` pppd[1336]: Plugin pppoe.so loaded. pppd[1336]: PPPoE plugin from pppd 2.4.9 pppd[1337]: pppd 2.4.9 started by pie, uid 0 kernel: NET: Registered PF_PPPOX protocol family pppd[1337]: Timeout waiting for PADO packets pppd[1337]: Unable to complete PPPoE Discovery ``` For some reason, nobody replied with an *Offer* (PADO) to my request for a PPP *Initiation* (PADI). Not much gained from the error message, so the only way to find how to talk to the PPPoE server is to collect a working setup. I managed to sniff the traffic between the modem and the GPON with this fantastic Ethernet Hub from the 90s! ![HUB](README.assets/hub1.jpeg) The approach is [like this](https://wiki.wireshark.org/CaptureSetup/Ethernet#capture-using-an-ethernet-hub): ![](README.assets/Capture-switch-hub-ws.png) The packets captured just after switching on the ZTE H388X are shown here: ![packets](README.assets/packets.png) There are basically three steps: * Red box: a termination request. Probably to clean up everything before starting a new session. * Yellow box: the PPP Initialization starts from the ZTE and is followed by an Offer from the Cisco server. * Green box: the authentication, with CHAP protocol. When using `pppd` the first packet is a PADI, which looks exactly the same as the one in No. 7 above, except for the 802.1Q part shown by the blue arrow. That was indeed the trick: the server replies only is the PADI request comes from a VLAN with ID:835. Setting the PPP device to a newly created vlan with ``` `ip link add link eth0 name eth0.835 type vlan id 835` ``` makes the Cisco server happy and it promptly replies to our PADI packet.