I’ve been looking to implement a more sophisticated firewall solution at home for a while now. The likes of pfSense and OPNsense can happily authenticate with PPPoE via a suitable broadband modem, which takes care of your WAN interface cleanly.
If your modem can’t do this, then essentially you have to do it via IP bridging instead, and end up with a horrible ‘double NAT’ situation. I really wanted to avoid that.
You would hope that the shiny (Sagecom manufactured) Hub One from plusnet would support my desired bridging mode…. but no. It doesn’t. Could it be achieved with alternative firmware? Yes, but… There’s no way of flashing the firmware on these without getting your soldering iron out, and I didn’t fancy that.
Let’s go back to 2011…
Thankfully, modems exist that do support bridging mode. Some research revealed that a particularly well-regarded one is the Huawei EchoLife HG612. It dates back to 2011 and was the originally provided modem for the first fibre broadband installs in the UK.
When initially provided, they were very much locked down with no access to configure it. Custom firmware has since arisen which completely unlocks the GUI. Great news.
I picked one up from eBay: Go for one of the ‘3B’ models if you can as these solve a previous overheating (!) issue. They seem plentiful on there. Surprisingly, the one that arrived seemed brand new, so was either unused or had been very well looked after!
It arrived unlocked. This meant some work was needed.
Flash Attack!
Thankfully, the flashing procedure is straightforward. Power on the router while holding down the RESET switch, then connect up to a laptop via Ethernet. Upload new firmware and you are done.
The whole process is explained here.
This was successful. I obviously held my breath for the correct amount of time…
One step at a time…
My first test was to use this modem as a ‘drop-in’ replacement for my original Hub One router. This meant a few changes via the GUI:
- Change the LAN IP address: It defaults to 192.168.1.1, whereas the Hub One uses 192.168.1.254. I did not want to adjust the Gateway on my home network until I was sure the HG612 actually worked properly! (Note: DHCP is handled elsewhere in this scenario).
- Switch to Router mode: The HG612 comes with bridging selected by default. So it was a simple case of switching to ROUTER mode, and entering my Plusnet credentials. No other changes were needed.
With this done, the HG612 successfully negotiated everything and my network was working.
The Final Bridge
After an appropriate amount of soak testing (the line remained rock solid), it was time to go ‘full-on bridge’.
Thankfully, this was again straightforward:
- Switch the HG612 to PPPoE Bridged mode: This was as simple as changing the mode to ‘PPPoE Bridge’ in the GUI. I set Port binding to LAN1 only – this meant that LAN2 would remain free as a way to access the GUI should I need it.
- Configure firewall with my Plusnet credentials. Straightforward and no fiddling with any other parameters (e.g. MTU) required.
It worked first time and, touch wood, I have not observed any drop-outs to date.
Final thoughts…
It’s frustrating that there seems to be a trend of ISP-provided routers locking out this sort of functionality: Plusnet are not alone in this. Getting better functionality from a device from 9 years ago is not how these things should be.
Technology should always be an enabler to make things easier. Not making PPPoE available (even in Advanced Settings) just made things that bit harder.
Now get off my lawn.