Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Sky Fibre to the home - 3rd party router

  • 03-12-2019 5:45pm
    #1
    Registered Users, Registered Users 2 Posts: 1


    Hi guys, I had a good search for the answer to this before posting and couldn't find anything — if it has been answered, apologies, a link to the thread would be great though.

    I have Sky Fibre to the home using Sky's SR200 router. I'd like to use my ASUS RT-AC68U router instead — stronger signal, configurable, etc.

    I know Sky don't want people to use a different router so I'm hopeful people can help with some of the setup configs.

    I believe I can plug the ethernet line into the router straight form the in-home fibre terminal (no need for a modem), and it looks like Sky Ireland piggy-backs on Eir's system meaning it's PPPOE, but I don't have the username and password. Sound correct?

    Has anyone configured this before? Any insight or help is appreciated.
    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 1,146 ✭✭✭Laphroaig52


    Hi guys, I had a good search for the answer to this before posting and couldn't find anything — if it has been answered, apologies, a link to the thread would be great though.

    I have Sky Fibre to the home using Sky's SR200 router. I'd like to use my ASUS RT-AC68U router instead — stronger signal, configurable, etc.

    I know Sky don't want people to use a different router so I'm hopeful people can help with some of the setup configs.

    I believe I can plug the ethernet line into the router straight form the in-home fibre terminal (no need for a modem), and it looks like Sky Ireland piggy-backs on Eir's system meaning it's PPPOE, but I don't have the username and password. Sound correct?

    Has anyone configured this before? Any insight or help is appreciated.
    Thanks

    Bump!
    I'm trying to figure this out too!
    Although the 'Wireless' section is probably not the right place to discuss this. Maybe a Mod could move it up a level?


  • Registered Users, Registered Users 2 Posts: 4 cheesemonster


    I created a proof-of-concept using a Raspberry PI4 as the router, replacing the Sky SR200 box. The SR200 establishes an PPPoE session for the WAN link.

    To summarise you need to do the following:

    1. Determine the user name for the PPPoE auth. The username is similar to ADSL/VDSL connections - macaddress @ skydsl - but contrary to other posts, you cannot sniff DHCP packets to find the auth info because there is no DHCP involved in establishing PPPoE sessions.

    First, discover the MAC address of your switch by looking at the label on the router (it is different to the MAC addresses shown in the router web-interface). It should be something like this: 24:A7:DC:11:22:F0.

    Username is therefore: 24a7dc1122f0 @ skydsl (remove the spaces)

    2. Create a VLAN 10 interface on the designated WAN interface on your router.

    3. Create your PPP config and make sure it is configured to use that VLAN interface. I was able to establish a PPP session without requiring a valid password for the account.

    # cat /etc/ppp/peers/sky
    plugin rp-pppoe.so
    extern0.10
    name "24a7dc1122f0 @ skydsl" # remove the spaces
    password "1234567"
    usepeerdns
    persist
    defaultroute
    # remain in foreground (for systemd)
    nodetach
    # don't require the peer to auth itself
    noauth


    4. Establish connection:

    pppd call sky


    5. If you wish to discover the PPP auth password, you will need to sniff the PPP session between the SR200 and the ISP and decrypt the CHAP packets:

    5a. create a server with two ethernet ports.
    5b. Configure a bridge and add the two ports so that traffic will flow freely across them (set net.ipv4.ip_forward=1).
    5c. Remove WAN link from SR200 router and plug it into one of the ports on this server
    5d. On server, start traffic sniffing: tcpdump -i ethX -w traffic.pcap
    5e. Feed ethernet cable from WAN port on SR200 to the other port on the server. The SR200 will now go through the process of re-establishing a PPPoE session. Wait for this to complete
    5f. Stop tcpdump. Copy traffic.pcap file to local PC and open in wireshark.
    5g. In the filter box, type 'chap' to get the auth traffic. There will be CHAP Challenge and Response packets. The NAME in the Response packet is the username
    5h. Proper authentication does not appear to be required, but if you wish to determine the password, then copy the VALUE fields from the Challenge/Response packets into a text file to look something like this:

    # Format: response-value:challenge-value:identifier
    4a9205c36c12a4522695125d10278a4b:fac22092d4dacda71b1267fa9fd6ad11c:01

    Decrypt with hashcat (this took about 2 minutes):
    hashcat -m 4800 -a 3 ./pppd.hashcat -O ?h?h?h?h?h?h?h

    The password is 7-digit hex, which you can then use in your PPP session config.


    6. Avoid using a RPi4 as a router. Whilst the GigE ethernet port is suitably fast, a USB-Ethernet interface will be required for the other side of the network. However the bandwidth will be limited to around 160MBit/sec because the IRQs saturate the CPU.


  • Registered Users, Registered Users 2 Posts: 756 ✭✭✭whowantstwoknow


    I created a proof-of-concept using a Raspberry PI4 as the router, replacing the Sky SR200 box. The SR200 establishes an PPPoE session for the WAN link.

    To summarise you need to do the following:

    1. Determine the user name for the PPPoE auth. The username is similar to ADSL/VDSL connections - macaddress @ skydsl - but contrary to other posts, you cannot sniff DHCP packets to find the auth info because there is no DHCP involved in establishing PPPoE sessions.

    First, discover the MAC address of your switch by looking at the label on the router (it is different to the MAC addresses shown in the router web-interface). It should be something like this: 24:A7:DC:11:22:F0.

    Username is therefore: 24a7dc1122f0 @ skydsl (remove the spaces)

    2. Create a VLAN 10 interface on the designated WAN interface on your router.

    3. Create your PPP config and make sure it is configured to use that VLAN interface. I was able to establish a PPP session without requiring a valid password for the account.

    # cat /etc/ppp/peers/sky
    plugin rp-pppoe.so
    extern0.10
    name "24a7dc1122f0 @ skydsl" # remove the spaces
    password "1234567"
    usepeerdns
    persist
    defaultroute
    # remain in foreground (for systemd)
    nodetach
    # don't require the peer to auth itself
    noauth


    4. Establish connection:

    pppd call sky


    5. If you wish to discover the PPP auth password, you will need to sniff the PPP session between the SR200 and the ISP and decrypt the CHAP packets:

    5a. create a server with two ethernet ports.
    5b. Configure a bridge and add the two ports so that traffic will flow freely across them (set net.ipv4.ip_forward=1).
    5c. Remove WAN link from SR200 router and plug it into one of the ports on this server
    5d. On server, start traffic sniffing: tcpdump -i ethX -w traffic.pcap
    5e. Feed ethernet cable from WAN port on SR200 to the other port on the server. The SR200 will now go through the process of re-establishing a PPPoE session. Wait for this to complete
    5f. Stop tcpdump. Copy traffic.pcap file to local PC and open in wireshark.
    5g. In the filter box, type 'chap' to get the auth traffic. There will be CHAP Challenge and Response packets. The NAME in the Response packet is the username
    5h. Proper authentication does not appear to be required, but if you wish to determine the password, then copy the VALUE fields from the Challenge/Response packets into a text file to look something like this:

    # Format: response-value:challenge-value:identifier
    4a9205c36c12a4522695125d10278a4b:fac22092d4dacda71b1267fa9fd6ad11c:01

    Decrypt with hashcat (this took about 2 minutes):
    hashcat -m 4800 -a 3 ./pppd.hashcat -O ?h?h?h?h?h?h?h

    The password is 7-digit hex, which you can then use in your PPP session config.


    6. Avoid using a RPi4 as a router. Whilst the GigE ethernet port is suitably fast, a USB-Ethernet interface will be required for the other side of the network. However the bandwidth will be limited to around 160MBit/sec because the IRQs saturate the CPU.

    Thanks for the detailed post. Looking to drop the Sky SR200 box from the ONT, Logically understand what you describe above (though obviously dont have your tech skills!)

    Dont have hardware to act as a bridge, but are you saying on the 3rd router's PPPoE setting the username is is got from step 5g) and not to use the mac address stamped on the SR200? And there isnt a need for a pwd?

    Thanks
    W.


  • Registered Users, Registered Users 2 Posts: 4 cheesemonster


    Thanks for the detailed post. Looking to drop the Sky SR200 box from the ONT, Logically understand what you describe above (though obviously dont have your tech skills!)

    Dont have hardware to act as a bridge, but are you saying on the 3rd router's PPPoE setting the username is is got from step 5g) and not to use the mac address stamped on the SR200? And there isnt a need for a pwd?

    Thanks
    W.

    Step 1 says that the MAC address is obtainable by looking at the router label.

    The password I used in Step 3 worked fine to connect the PPPoE session.

    Step 5 is optional and you can follow that if you want to obtain the password, but it is not important because any 7-digit password will work. I indicate that the MAC is also obtainable through the bridging method. This is more to help people cross-check the data their getting from their packet sniffing.

    I provided information about Step 5 because there are other instructions people were being pointed to concerning obtaining the router password that are not correct for the SIRO connections.

    Regards, Nick


  • Registered Users, Registered Users 2 Posts: 17,301 ✭✭✭✭banie01


    The router needs to be set to PPoE.
    The username is random @skydsl e.g abcde@skydsl
    The password is random e.g abcde

    The VLAN I'd needs to be set to 10.

    Then it will work fine, using an asus ac86u with that config and it's running fine.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,146 ✭✭✭Laphroaig52


    banie01 wrote: »
    The router needs to be set to PPoE.
    The username is random @skydsl e.g abcde@skydsl
    The password is random e.g abcde

    The VLAN I'd needs to be set to 10.

    Then it will work fine, using an asus ac86u with that config and it's running fine.

    What kind of speeds are you getting? I have a similar setup with an ASUS router but I can't get above 100 Mbps.


Advertisement