Virgin Media Hub 3.0: Separate router WAN setup, and accessing servers behind both

runswithascript

I have the WebUI and a SSHD running on my router which is connected to a Virgin Media Hub 3.0. The hub was running the latest Virgin firmware with IPv6, and although the SSHD would load from my LAN, it would not using the external IP address. I have the WAN connection of my Netgear Nighthawk DD-WRT set to DHCP.

I read online the issue may be because the hub needs to be downgraded to their IPv4 firmware and set to modem only mode, which it now is, but my router then had no Internet access, despite rebooting both devices.

Only after disabling modem mode on the hub, did my Netgear router have Internet access, and then only after manually forwarding the ports on the hub was I able to connect to SSH server using the external IP, but there is still no response from WebUI with the external IP - and it is set up to listen on the WAN side in DD-WRT.

What is the best way to do this, and if I set the hub to modem only mode again, is there something I need to change in the WAN settings on DD-WRT to make it work this way? I would like my router to basically have the external IP address, almost like the hub modem is in bridged mode, though Virgin fibre does not authenticate like DSL so this is not the correct term.

ED E

Modem and bridged are the same thing, how you lease over that is irrelevant (DHCP, PPPoE, IPoE). Turning off DSLite (IPV6 + NAT'd IPv4) was the correct procedure.

Enable Modem mode, reboot the Hub. Then connect the Netgear then turn the netgear on and wait. Sometimes DHCP is a little slow. If after 4 mins it hasnt been assigned change the MAC address of the Netgear and let it run again.


If you want to expose the WebUI of DDWRT keep it updated or you will get owned sooner or later.

runswithascript

ED E wrote: »

Modem and bridged are the same thing, how you lease over that is irrelevant (DHCP, PPPoE, IPoE). Turning off DSLite (IPV6 + NAT'd IPv4) was the correct procedure.

Enable Modem mode, reboot the Hub. Then connect the Netgear then turn the netgear on and wait. Sometimes DHCP is a little slow. If after 4 mins it hasnt been assigned change the MAC address of the Netgear and let it run again.


If you want to expose the WebUI of DDWRT keep it updated or you will get owned sooner or later.

ED E, good man, thank you, that did the trick 🙌 I was up late with it, due to other DD-WRT issues, but got it going in the early hours 😊

I read in another guide yesterday you should have local gateway and local DNS set also for this to work, and I had it set to the hub local IP but it seemed to slow down Internet access a lot, every page took many seconds. After removing these everything is working great.

Yes, I read online you can leave the WebUI disabled WAN side and only activate it remotely via SSH when necessary - perhaps I can create a nice alias for DD-WRT so a one word command will enable this, no output from alias input last night although no error either. I did not try to actually set one as it was very late.

How are you on SSH tunneling with Android? I'm about to create a thread 😊

uck51js9zml2yt

ED E wrote: »

Modem and bridged are the same thing, how you lease over that is irrelevant (DHCP, PPPoE, IPoE). Turning off DSLite (IPV6 + NAT'd IPv4) was the correct procedure.

Enable Modem mode, reboot the Hub. Then connect the Netgear then turn the netgear on and wait. Sometimes DHCP is a little slow. If after 4 mins it hasnt been assigned change the MAC address of the Netgear and let it run again.


If you want to expose the WebUI of DDWRT keep it updated or you will get owned sooner or later.

can I but in?....how do put it into bridging mode. I bought a tp link ac. 750

ED E

dusf wrote: »

How are you on SSH tunneling with Android? I'm about to create a thread ��

Everything comes in over OpenVPN (MS RDP on top mainly).

Ronnie Polite Nitrate wrote: »

can I but in?....how do put it into bridging mode. I bought a tp link ac. 750

1. Make sure the reps turn DSLite off on your account
2. RESET the Hub3.0
3. Click menu option
4. Attach your TP to Hub and your devices to TP.

uck51js9zml2yt

ED E wrote: »

Everything comes in over OpenVPN (MS RDP on top mainly).



1. Make sure the reps turn DSLite off on your account
2. RESET the Hub3.0
3. Click menu option
4. Attach your TP to Hub and your devices to TP.

where is the menu option. I don't see it!

runswithascript

ED E wrote: »

Everything comes in over OpenVPN (MS RDP on top mainly).

I love SSH tunneling, especially as I use the command line, and I value the encryption and ability to get around firewalls, but I have been searching for an Android app that will automatically connect the tunnel and proxy everything to it at boot, or when switching Wi-Fi network or to mobile data. All the solutions I have tested are either no longer being developed, like SSH tunnel, or like Ki4a, which works great but you need to open the app and press the button every time.

I basically want to turn on my solution and never have to think about it. I suspect a VPN may be the way to go here, but I would have liked to get my geek on with the option to use both

ED_E, any particular reason you use OpenVPN over PPTP? DD-WRT comes through again here with an option for both.

Ronnie Polite Nitrate wrote: »

where is the menu option. I don't see it!

Sounds like you still need to get Virgin to downgrade your modem. I asked on their forum here, and I called. I asked for them to 'downgrade to the IPv4 modem only mode' version. You then access it through the IP address printed on the bottom of the hub.

ED E

dusf wrote: »

ED_E, any particular reason you use OpenVPN over PPTP? DD-WRT comes through again here with an option for both.

PPTP is latex gloves, OpenVPN is a biohazard suit

runswithascript

ED E wrote: »

PPTP is latex gloves, OpenVPN is a biohazard suit

Good analogy, I have mentioned it was said to me on boards.ie I have been in touch with the Andorid dev for Ki4a, and he is going to put something in place so the SSH tunnel is a persistent always on and autostart at boot connection, but I want to setup OpenVPN also, you know, just for street-cred :pac:

I am tunnelling away fine now like Rocksteady and Bebop, but there are two minor issues I would like to iron out.

Firstly, I would like to be able to run a remote speedtest through the tunnel (in fact through three tunnels), and I have whitelisted speedtest.net, and many other speedtest sites to go through these three tunnels, and although the test completes, it seems to giving me the speed based on my local connection. By this I do not mean my local connection is 50mbps, and bottlenecking the speedtest at a remote device where the backhaul is 100mbps, I in fact get the opposite outcome where I can be connected to a remote device with say 12mbps DSL, and get near 50mbps on the speedtest result. I thought the issue may be Java or Flash using local settings on my PC, but I have tried HTML5 speedtest sites and observed the same results.

Secondly, I have DD-WRT at home set with only the HTTP WebUI on for the LAN, there is no remote management set up other than SSHD listening. This way I can just SSH tunnel home to open up the WebUI on 192.168.1.1 in browser.

My setup is this.

1. I connect home to DD-WRT using PuTTY on port 443 (gets me around firewalls), with the following SSH port forwarding setup

L1111 localhost:1111
D3333

2. From DD-WRT I connect to another remoter server with the command:

ssh -L 1111:localhost:2222 username@remoteserver1.blah

3. From remoteserver1 I then connect to another remoteserver with the command:

ssh -C -q -D 2222 root@remoteserver2.blah

In FoxyProxy, I have configured the following whitelist rules:

1. URL pattern match for *essentialwebsite.com/*, to send traffic through 127.0.0.1:3333 SOCKS5, and this works great, and sends this traffic just through my tunnel home to DD-WRT, and out to the Internet.

2. URL pattern match for *172.22.5.*/*, to access the WebUIs of switches etc. at remotesite2, to send traffic through 127.0.0.1:1111 SOCKS5, and this also works great!

If I then add another URL pattern to the first rule, for *192.168.1.*/*, I should be able to load my DD-WRT WebUI, but it is not working. STRANGELY - if I turn FoxyProxy off completely, and edit the standard network settings of Firefox to send all traffic down 127.0.0.1:3333, it works fine!