Skip to content

Instantly share code, notes, and snippets.

@madduci
Last active November 11, 2024 13:44
Show Gist options
  • Save madduci/8b8637b922e433d617261373220be44c to your computer and use it in GitHub Desktop.
Save madduci/8b8637b922e433d617261373220be44c to your computer and use it in GitHub Desktop.
Deutsche Telekom FTTH Access with OpenWRT

Configuring Deutsche Telekom FTTH Access with OpenWRT

After looking for alternatves to the suggested Router from Telekom (AVM FritzBox and HUawei Speedport), I've discovered the possibility of configuring my existing OpenWRT Router to act as gateway to the Telekom FTTH (Fiber To The Home) Magenta Zuhause package.

TL;DR

The WAN interface must be configured as follows (see your Telekom letter):

  • Protocol: PPPoE
  • PAP/CHAP username:
  • PAP/CHAP password: Zugangskenntwort
  • VLAN: 7
  • MTU: leave empty (delete the default value 1500)

Requirements

Access Data

Old Contracts (Before 2024)

It's important to know the following information, before attempting any connection:

  • Anschlusskennung
  • Zugangsnummer
  • Mitbenutzernummer
  • Zugangskenntwort

All the above information are typically sent by Telekom at home, when activating the Internet Access.

Newer Contracts (From 2024)

The "Easy Login" option is automatically activated for new contracts. If it is activated, you can use any username/password. Otherwise it can activated in the "Kundencenter".

Otherwise it's important to know the following information, before attempting any connection:

Anschlusskennung
Zugangsnummer
Mitbenutzernummer
Zugangskenntwort

All the above information can be found oin the "Kundencenter" at "Verträge" -> "Erweiterte Optionen" -> "Internetzugang".

Hardware

You need a OpenWRT-capable router (e.g. TP-Link Archer C7 works really well), see here for an exhaustive list of supported devices.

Make sure your Telekom Fiber Modem is working properly.

Configuration

Enable VLAN

The Telekom PPPoE access requires the VLAN-ID to be set to 7. In order to do so, you have to configure the Router Ethernet interface that refers to WAN. The configuration panel can be found under the Menu entry Network->Switch (on OpenWRT 22.03 is Network -> Devices -> Add Device Config)

In this panel, you can see a table showing the VLAN(s) configured for your Router (typically 2) and they have some comboboxes with status tagged/untagged/off. One of the VLANs configured should be configured with the following information:

Port Status CPU (eth0) LAN1 LAN2 LAN3 LAN4 WAN
1 tagged untagged untagged untagged untagged off
7 tagged off off off off tagged

In case of Routers with multiple Ethernet interfaces (e.g. TP-Link Archer C7), the panel should look like this:

Port Status CPU (eth0) CPU (eth0) LAN1 LAN2 LAN3 LAN4 WAN
1 tagged tagged untagged untagged untagged untagged off
7 tagged tagged off off off off tagged

Setup WAN Interface

In the Menu entry Network->Interfaces, select the WAN interface and set the following information in the General Setup tab:

  • Protocol: PPPoE
  • PAP/CHAP username: [email protected]
  • PAP/CHAP password: Zugangskenntwort

In the tab Physical Settings, select the interface Switch VLAN eth0.7 (the one corresponding to the VLAN-ID 7).

Beware: in case your "Zugangsnummer" has less than 12 digits, the PAP/CHAP username is in the form AnschlusskennungZugangsnummer#[email protected] (see https://telekomhilft.telekom.de/t5/Telefonie-Internet/PPPOE-Einwahl-ueber-einen-Router-herstellen/ta-p/3654990 for further details)

Performance Tuning

MTU should not be set to an MTU of 1500 in any WAN, PPPOE-WAN or VLAN 7 interface - it automatically negotiates an MTU of 1492 when dialing in. Make sure that in none of the above mentioned interfaces in the field MTU is a real value in it.

Check the /etc/config/network file or execute uci show network over ssh for any configured mtu:

config interface 'wan'
option proto 'pppoe'
option device 'eth0.7'
option username '[email protected]'
option password 'xxx'
option ipv6 'auto'

This change improves the performance with Applications/Services such as MS Teams, Speedtests and many other ones.

Happy surfing!

@madduci
Copy link
Author

madduci commented Sep 18, 2021 via email

@OkiCow
Copy link

OkiCow commented Dec 21, 2022

I have the Linksys 3200ACM and running [OpenWrt 22.03.2]. Note that in favor of DSA, this menu has since been removed. Is there "like" instructions for setting up FTTH with Telekom using the modified interface and latest kernel?

Dumb question? Yes probably. But seems to be a project that has me flailing about in Luci just now for the last few days.
Thank you in advance!

@madduci
Copy link
Author

madduci commented Dec 29, 2022

Hi

Thanks for the feedback. I haven't used the newest OpenWRT yet unfortunately (meanwhile I am using a Ubiquity router). I will update this guide as soon as I can.

@kebot
Copy link

kebot commented Mar 2, 2023

with the latest interface (v22.03.3),

First navigate to Network -> Devices -> Add Device Config, config something like this,

image

Second go back to Interface tab, Add new interface, choose the Device you just created:

image

Enter the username / password as described in the main article, and don't forgot to choose WAN in firewall settings:
image

It takes me some hours to figure that out, hope this information can help you landing here by Google Search.

@madduci
Copy link
Author

madduci commented Mar 3, 2023

thank you very much!

@LennyPenny
Copy link

LennyPenny commented Mar 21, 2023

hey @kebot thank you for your info! I tried to follow your steps for 22.03.3 but I get a "connection error" on the pppoe_telekom interface.

In your third screenshot you show the firewall settings for the "WAN" interface. Should that also be set in the created pppoe_telekom interface?
The physical wan interfaces are configured as "DHCP server" by default in the overview for me. Is that correct or should they be something else?
I also have a "bridge interface" that seems to connect all the normal LAN ports on my device. Does these somehow need to be connected to the vlan or the eth0/eth1 base device?

In general it would be cool if you could share more screenshots of all the things in the device/interface lists and screenhots of the configuration of the interfaces/devices (without the username/pass ofc)!

while trying random things I got a connection when I created the vlan device based on the wan port. Not sure if that is correct at all. It showed a plausible ip address in the routing overview, but I could not figure out how to get the normal lan ports to use that connection (if even possible)

@LennyPenny
Copy link

LennyPenny commented Mar 21, 2023

Okay through lots of tinkering an reading forum posts I figured out a solution that works for me (belkin rt3200):

  1. go to network -> interfaces -> devices
  • create a new device, type vlan 802.1q, base device: wan image
  1. goto network -> interfaces
  • change the default wan interface like this with the credentials explained in the OP:
    image
    image

Apply the changes and it should work \o/

@tofooNinja
Copy link

Thanks! Helped me a lot!
Telekom is not very clear about what settings one need to use....

@To6i
Copy link

To6i commented Aug 29, 2023

@madduci
Thank you so much for the documentation! You have saved from being offline multiple days.

@v01t
Copy link

v01t commented Aug 30, 2023

Thanks, for information above, that helps a lot!

does anyone of you experience significantly lower speed comparing to contractual one (20Mbps instead of 200Mbps) as result of using PPPoE?

In my case its gigabit switch (Zyxel GS1900-10HP) with no significant CPU load and Gigabit GPON SFP-Type SFU (PMG3000-D20B) and I'm trying to understand where is speed "bottle-neck" coming from

will appreciate any advice/hint that could help

@madduci
Copy link
Author

madduci commented Aug 30, 2023

You are welcome!

@v01t I have a Magenta Zuhause M (50 MBit/s) Package and I get ~55 MBit/s. I have an Ubiquiti Edge Router at the moment (without OpenWRT) and i don't see any load. Have you tried other Routers?

@tofooNinja
Copy link

@v01t
i have the "telekom speedport" fiber modem and using this config on a Fritz!Box 5590 connected by wan to the modem. my speeds are about the same of @madduci

@To6i
Copy link

To6i commented Aug 31, 2023

@v01t
Yes, my 10 year old router is not able to exceed ~300 Mbps but I can see that the CPU is pinned > 90%.
If you do not use SQM, you can enable "Software flow offloading" in the Network->Firewall settings within Luci. If your router is mt7621 based, you could also enable "Hardware flow offloading". That should increase your speeds if the router itself is the bottleneck.

@steffenvongrabau
Copy link

steffenvongrabau commented Nov 28, 2023

@v01t The hardware in these switches is designed for switching ethernet packets on L2. That means that the traffic does not pass through the CPU under normal circumstances, it is all handled by the switch fabric. While it certainly is possible to turn them into routers, the performance is very low as the packets now need to pass the CPU. In addition, the CPU does not have any optimizations for packet processing - something that router SoCs usually include.

Source: https://openwrt.org/supported_devices/openwrt_on_switches_faq

@nicoh88
Copy link

nicoh88 commented Jun 4, 2024

Had problems with MS Teams, Speedtests and many other services.

MTU should not be set to an MTU of 1500 in any WAN, PPPOE-WAN or VLAN 7 interface - it automatically negotiates an MTU of 1492 when dialing in.

It is confusing, because by default, grayed out, 1500 is in it, make sure that in none of the above mentioned interfaces in the field MTU is a real value in it.

check the /etc/config/network or uci show network over ssh for any configured mtu:

...
config interface 'wan'
option proto 'pppoe'
option device 'eth0.7'
option username '[email protected]'
option password 'xxx'
option ipv6 'auto'
...

@busti
Copy link

busti commented Sep 9, 2024

What do I do with the WAN6 interface that exists by default?

@wanne32
Copy link

wanne32 commented Oct 25, 2024

For new contracts, you do not get "Zugangsdaten" any more. Here is an updated version:
https://gist.github.com/wanne32/f24aed93ac29e5304a0f90b01bffb809

@madduci
Copy link
Author

madduci commented Oct 25, 2024

@wanne32 thank you very much for this information! Can i add your information in this gist?

@wanne32
Copy link

wanne32 commented Oct 25, 2024

@madduci Of course.

@Finnitio
Copy link

Finnitio commented Oct 31, 2024

Hello,

I am on 23.05 and trying to connect to the internet using a Linksys WRT1200AC and Draytek Vigor 130 firmware 3.8.5.1 v7 (Deutsche Telekom Version). The Internet works with another router and the same modem and credentials. The vlan tagging is enabled in the modem, unfortunately I don't get a connection. Anyone any suggestions what I need to make it work? I can not follow the steps in the ghist since my openwrt layout is different. I can not acces the vlan table that is mentioned, even if I ad an Device for the physical wan port, i can set that to wan.7 as mentioned in the comments above but don't get any connection. I also disabled vlan flagging in the modem but was not able to make it work.

This is my openwrt network config:

`
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd4c:e3ef:0e64::/48'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config device
option name 'wan'
option macaddr '62:38:e0:d9:2c:55'

config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username '@t-online.de'
option password '
'
option ipv6 'auto'

config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
`
Edit: Why is the code block not working?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment