Skip to content

Instantly share code, notes, and snippets.

@Alexlambertz

Alexlambertz/README.md

Created June 26, 2021 21:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Alexlambertz/2fee2502aefb9550f906170054bc68d2 to your computer and use it in GitHub Desktop.
Save Alexlambertz/2fee2502aefb9550f906170054bc68d2 to your computer and use it in GitHub Desktop.
Download ZIP
Connect Unifi Security Gateway (USG) to a Media Converter - Wilhelm.Tel
Raw
README.md

Connect Unifi Security Gateway (USG) to a Media Converter - Wilhelm.Tel

Initial Setup

  • Controller running on a Cloud Key
  • Fritz!Box provided & provisioned by Provider (Wilhelm.Tel) connected to Media Converter (Fiber to the home)
  • USG connected behind Fritz!Box

Resulted in Double NAT bringing some rare connection issues.

1. PPPoE Credentials

Use FB Tool to retrieve PPPoE Credentials from Fritz!Box. (https://www.mengelke.de/Projekte/FritzBox-Tools)

curl -o fb_tools.php.gz 'http://www.mengelke.de'`curl -s http://www.mengelke.de/Projekte/FritzBox-Tools.html | grep -a -o -E '/Projekte/FritzBox;fb_tools.php.gz\?[a-f0-9]+'`
gzip -d fb_tools.php.gz
chmod +x fb_tools.php
./fb_tools.php <USERNAME>:<PASSWORD>@<IP> konfig export-decrypt -d

Error: Keine Konfig erhalten - Möglichlichweise ist noch die Sicherheits-Bestätigungsfunktion aktiviert?

You need to disable 2 step verification temporarily:

  1. Open Fritz!Box Webinterface
  2. Select System / Fritz!Box Users / Additional Confirmation

2. Wilhelm.Tel Information

Link: https://www.wilhelm-tel.de/privatkunden/service/technikoffensive/schnittstellenbeschreibung/

b. Das Internet-Interface benötigt ein VLAN 1002 mit der ID nach RFC 3069 (https://tools.ietf.org/html/rfc3069)
Die Einwahl erfolgt per PPPoE nach RFC 2516 (https://tools.ietf.org/html/rfc2516)
Die Zugangsart ist IPv6 dual-stack lite nach RFC 6333 (https://tools.ietf.org/html/rfc6333)

3. Configure USG using Controller

  1. Double check the following file for possible conflicts in the configuration (Using SSH to Controller) ;)
/usr/lib/unifi/data/site

(Otherwise this might result in your new settings being overwritten by the Controller.)

  1. Open Controller Webinterface

  2. Settings / Internet / WAN

  3. Set the following settings:

Setting Value Description
VLAN ID selected / true
ID 1002 As described in the documentation from Wilhelm.Tel
IPv4 Connection PPPoE
Username From export in (1)
Password From export in (1)
IPv6 Connection DHCPv6 As described in the documentation from Wilhelm.Tel
Prefix Delegation Size 56 Taken from IPv6 Address provided in Freitz!Box UI

4. Port Configuration

USG Port Target
WAN Media Converter
LAN Switch / Local Network

5. VoIP Fritz!Box

You can still proceed to use the Fritz!Box from the provider for VoIP. You need to change the setting Home Network / Network / Network Settings / IP-Client and change the cable connection to a local network port.

6. Debugging

Common commands for SSH in Firewall:

show log
show interfaces
configure
set <Setting Path>
show <Setting Path>
commit
save
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment