Bypassing Bell Canada's Router Provided With Their FIBE Service


Answer :

Not sure if the question is still relevant, but still wanted to share the result of my investigation..

I just switched from a Cable ISP to Bell Fibe, for both TV and Internet. Bell still don't have Fibre to home in my area, so is is still somewhat a DSL type connection. Bell provided a HUB2000 integrated modem/router. the device is very user friendly, but all advanced network features are blocked.... as expected.

I had my entire network already set up as with my previous internet provider (Videotron only provided a cable modem) and i wanted to maintain the same configuration (firewall, IPs, etc)..

So this is what I have done:

  1. TV receiver is connected via a network cable to the HUB2000 LAN port (as per the original Bell set up)
  2. HUB 2000 is connected to the phone line to act as a DSL modem (as per the original set up)
  3. WAN port of my MikroTik router is connected to one of the LAN ports of the HUB 2000. Now here is the trick, in my Mikrotik WAN configuration, instead of using DHCP client I am actually using a PPPoE client with the credentials provided by Bell for my internet account (b1xxxx user and password).

With this configuration, my Router obtains an External IP from Bell, so HUB2000 acts as a bridge.

Next step, I have disabled the WIFI on HUB2000 and went back to using the other access point I had within my local network. so all clients are behind the same firewall.

The above did not affect the TV receiver and there was no need to make any changed to the HUB2000 or the TV receiver. I have also left DHCP running on the HUB2000.

Summary:

  1. I did not have to make any changes to the TV receiver or the router (HUB2000)
  2. I did not lose WIFI on HUB2000, it was still functional and i was able to connect to internet through WIFI
  3. as soon as I connected using PPPoE client, my home router disappeared form DHCP lease of HUB2000 as it was no longer getting an IP from the HUB2000 DHCP server
  4. HUB2000 remained connected to internet via its own PPPoE connection. so now I had 3 different external IP assigned to:

    1.TV

    2.WAN port of HUB2000

    3.WAN port of my Mikrotik

  5. MikroTik was not visible from HUB2000 and vise versa.

  6. surely you have to run FW, DHCP server and anything else you need on your router as HUB2000 is not in your way any longer..

I hope this helps :+)


After a little wiresharking and some hair loss, I figured out why regular routers can't bypass the god-awful Bell-provided Sagemcom Home Hub 2000 router, connecting directly to Bell through the ONT using PPPoE. It's because the Bell router connects to Bell's servers through an 802.1Q VLAN! VLAN id #35, to be exact.

So, to do this yourself:

  • Connect your computer/router directly to the ethernet port of the ONT.
  • Use 802.1Q VLAN 35.
  • Use PPPoE.

Most civilian routers (including my Linksys EA6300v1) do not support 802.1Q, so you're still kind of screwed there, unless you install custom firmware, get a better router, or connect the ONT directly to a computer. (Alternatively, if the router you want to use doesn't support 802.1Q, you can do the 802.1Q bit using a managed switch. See grawity's comment.) Even if your router does support 802.1Q, the setup instructions are going to vary from router to router, so I can't help you any further, but with those three pieces of information above and hardware that supports 802.1Q and PPPoE, you should be able to get it done.

In Linux

This is how you set this up in linux. Again, you must have your linux computer (/router) connected directly to the ethernet port of your ONT. You'll need the ip command (provided by iproute2, in case you don't already have it) and rp-pppoe. Replace enp3s0 with your actual interface name. All commands must be run as root.

First you have to make the VLAN:

# ip link add link enp3s0 name enp3s0.35 type vlan id 35 

That creates a new virtual network interface called enp3s0.35. All traffic sent on that interface will get encapsulated into VLAN id 35 before being sent on enp3s0. What actually happens is basically the number 35 will actually get added to every packet before getting sent. Without this extra number, Bell will just ignore you.

Now, you need to configure rp-pppoe. Modify /etc/ppp/pppoe.conf, changing the following lines:

ETH=enp3s0.35 USER=bxxxxxxx@bellnet.ca 

Now, modify /etc/ppp/pap-secrets, adding the following line:

bxxxxxxx@bellnet.ca * your_ppp_password 

Now, you can start pppoe using pppoe-start. If it works, the command should return after a few seconds. You can also check using ip a. A new interface should be made called ppp0 with your global IP. The command to stop it is pppoe-stop. Here's an example of a successful start and stop:

[user@host ~]% sudo pppoe-start . Connected! [user@host ~]% ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:21:70:71:82:b9 brd ff:ff:ff:ff:ff:ff 3: enp3s0.35@enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:21:70:71:82:b9 brd ff:ff:ff:ff:ff:ff     inet6 fe80::221:70ff:fe71:82b9/64 scope link        valid_lft forever preferred_lft forever 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3     link/ppp     inet 70.27.234.242 peer 10.11.2.201/32 scope global ppp0        valid_lft forever preferred_lft forever [user@host ~]% sudo pppoe-stop Killing pppd (4102) Killing pppoe-connect (4080) 

The method of running the ip link and pppoe-start commands automatically on boot will vary with your distribution. Again, I can't help you any further here. Router and firewall distributions should have good support for all this stuff. systemd-networkd supports 802.1Q setups at boot. And it is very likely your distro's rp-pppoe package came with a way to start it on boot automatically as well, but you may need to modify it, forbidding it to start until after the 802.1Q interface is up.

Once you have 802.1Q and PPPoE starting automatically on boot, it is now safe to set your Bell router on fire. If you do, please do so in a well-ventilated area and send me a picture. Do not set the ONT on fire.

Bonus Round: openwrt/ea6300v1

As was alluded to before, openwrt has no trouble with weird configurations—that's kind of its thing, really. Even if your router doesn't support 802.1Q, there is a very good chance that it will after having installed openwrt. This is the /etc/config/network for my ea6300v1:

config interface 'loopback'         option ifname 'lo'         option proto 'static'         option ipaddr '127.0.0.1'         option netmask '255.0.0.0'  config globals 'globals'         option ula_prefix 'fc00::/48'  config interface 'lan'         option type 'bridge'         option ifname 'eth0.1'         option proto 'static'         option ipaddr '10.0.0.1'         option netmask '255.255.255.0'         option ip6assign '60'  config interface 'wan'         option ifname 'eth0.35'  # <----         option proto 'pppoe'  # <----         option username 'bxxxxxxx@bellnet.ca'  # <----         option password 'your ppp passphrase'  # <----  config switch         option name 'switch0'         option reset '1'         option enable_vlan '1'  config switch_vlan         option device 'switch0'         option vlan '1'         option ports '0 1 2 3 5t'  config switch_vlan         option device 'switch0'         option vlan '35'  # <----         option ports '4t 5t'  # <---- 

I put # <---- next to all of the lines I had to modify to get Bell Fibre to work. In the last one I added a t to port 4, telling the switch to tag everything coming out of port 4 (the WAN port) with 802.1Q tags. So that t is supposed to be there. It's not a mistake.

The process will (probably) be very similar for your consumer-grade router. Bear in mind different routers use different switch architectures and port numberings, so you may have to actually put a little thought into it. For example, maybe your WAN port is port 0—not port 4. So, definitely do not copy and paste unless by some wild coincidence your router actually is an ea6300v1. I believe in you.


I got a part of the answer talking to someone technical at Bell that is not on customer tech support. I got extremely lucky! It's extremely rare to get to talk to someone very technical at BELL Canada. I found the rest by wise guess and here is the whole recipe. Connect the FTTU RJ45 port to the BELL Home 2000 WAN port. Configure the BELL 2000 FIBER port with the 1B ID and password BELL gave you (as recommended). Then Connect one of the 4 BELL 2000 router LAN port to your own Router WAN port. Configure your Router with WAN as PPPOE with the exact same 1B ID and password you entered in the BELL 2000. Leave all the other BELL 2000 setting on default values. (DHCP enabled==> very important for TV). This sounds crazy but this way, the BELL 2000 act as a passthrough and any DHCP request on your LAN is caught by your own router.

Now the tricky part is to get the TV terminal working from the RJ-45 port. If I connect it to my router, it does not work at all. The TV terminal complain not seeing "TV signal". The trick I found is to connect the TV terminal to a second BELL 2000 LAN port. The very weird thing about that is it killed completely the WIFI network on my router. My guess is it somehow woke up something in the BELL 2000 and conflicts appeared. The final fix is to go disable the BELL 2000 WIFI interface even though, it had a different SSID than mine.
This is how I got a full local network hooked-up to internet with an advanced router with TV as well on FIBE internet connection.

An interesting note is BELL 2000 router has 192.168.2.1 as IP address. My own router also has that same address and seems not entering any conflict. In fact, my router does not see the BELL TV on the local network (and that's fine with me). It looks like the BELL 2000 just pass any data packet straight to and from my router and any IP TV straight to the TV terminal and consider that as two different subnets.

Hope it helps others.


Comments

Popular posts from this blog

Converting A String To Int In Groovy

"Cannot Create Cache Directory /home//.composer/cache/repo/https---packagist.org/, Or Directory Is Not Writable. Proceeding Without Cache"

Android How Can I Convert A String To A Editable