‹ back home

OpenWrt with KPN fibre optics

2023-02-11 #networking #notes

I’ve always preferred to use my own router at home when possible, and was pleasantly surprised to learn that the EU actually has rules around router freedom. That is, each user is allowed to use their own hardware at home, rather than being imposed which hardware they can use by their service provider.

Additionally, the Netherlands has local legislation to reflect this, and KPN has a dedicated page explaining that they support this too.

Okay, maybe support is not the right word. They allow it and provide all necessary technical details, but any actual support requests should go to the community forums. Makes sense; they can’t realistically support any random permutation of devices. I can’t imagine trying to train tech support to handle calls from people running OpenBSD on their router.

Why use one’s own router

Running one’s own router for a home network has a few advantages. A big one is security and privacy: rather than have a device managed by a third party on one’s private home network, there’s just yet-another device managed by the owner.

That aside, there’s a few more quite practical usages. Because my own router is the publicly-facing device, I can easily expose services (i.e.: port forwarding), and have no issue with breaking through a black-box NAT. It’s also possible to run any lightweight services on the box itself.

Finally, a nice-to-have is having isolated guest or testing wireless networks. These are isolated from the “main” home network without having to add a second access point into the mix.

What is OpenWrt

OpenWrt is a Linux distribution aimed at routers and access points. It supports a variety of consumer hardware. It can be configured via SSH like a traditional Unix-like system, or via LuCI, the web-based graphical interface. It’s pretty end-user-friendly to be honest, and mostly edits configuration in /etc/config under the hood.

Technical details

The page linked above has a link to a PDF with all the technical details, though it’s actually very verbose, since it includes details on using your own fibre modem as well.

The important bits are:

Internet: VLAN = 6 met prioriteit P-bit = 1
Vast Bellen: VLAN = 7 met prioriteit P-bit = 5
TV: VLAN = 4 (DHCP gebaseerd die ook IGMPv2 moet ondersteunen) met prioriteit P-bit = 5


Technische details Internet
• PPPoE via VLAN 6 (802.1q).
• PPPoE authenticatie PAP met een gebruikersnaam en wachtwoord (bijv. internet / internet).
• Maximale pakket grote (mtu) 1500 bytes (rfc4638)
• IPv4 adres + DNS servers via PPPoE verkrijgen
• IPv6 adresreeks + DNS servers (IPv6) via DHCPv6-PD verzoek (in PPPoE). Een adres gebruiken uit reeks voor router.

Nothing unusual here, though I do admit I had to re-read on a lot of these concepts which I hadn’t touched in many years. Basically, it’s just VLAN6 with PPPOE, the default MTU (1500) and any username and password (e.g.: internet/internet). IPv4, IPv6 and both sets of DNS also come via PPPOE.

VLAN configuration in OpenWrt

VLAN (virtual LAN) is a technique run different networks on a same physical layer by tagging packets. The tag indicates to which VLAN each packet belongs. This is standardised in IEEE 802.1Q. You don’t need to understand much more about VLAN for this setup.

The Network menu has a Switch entry which allows configuring the VLAN.

By default there are two VLANs; one will have just the WAN port enabled and the other will have all the LAN ports enabled. The one with the WAN port needs to be set to VLAN ID = 6. This row should be the one which has all LAN ports set to off and the WAN port set to tagged (the CPU port should also remain tagged. This mostly covers the VLAN side of things.

After saving in LuCI, it’s possible to check that everything looks in order on the device. /etc/config/network should have something like this:

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '6'
	option ports '0t 5t'

PPPOE configuration in OpenWrt

In the Network menu pick Interfaces. If there are any existing WAN configurations that are not PPPoE (e.g.: from previous configurations), you probably want to delete them at this point.

Add a new interface, pick Protocol=PPPoE and Device=eth0.6. eth0 is the actual device, and 0.6 means “VLAN6 on eth0”. You probably want to leave Bring up on boot enabled and set username and password to “internet”. Any value should work, but leaving them empty does not work!

The relevant bits in /etc/config/network should have something like this:

config interface 'pppoe'
        option device 'eth0.6'
        option proto 'pppoe'
        option username 'internet'
        option password 'internet'
        option ipv6 'auto'
        option mtu '1500'

If you ever need to configure anything for the IPv6 aspect of this, it needs to be in a config interface 'pppoe_6' block.

Configuring custom DNS

By default, OpenWrt will pick up advertised DNS and use these as upstream. I don’t want this since I run my own DNS which does some basic adware filtering (mostly for “smart” devices which can’t run proper ad blockers).

The simplest way to disable using upstream DNS is to head over to Network menu, DHCP and DNS and in the Resolv and Hosts Files tab uncheck Ignore resolv file.

This is equivalent to editing /etc/config/dhcp with:

config dnsmasq
        # ... lots of other options ...
        option noresolv '1'

Make sure to configure the actually desired DNS in the DHCP and DNS section.

Have comments or want to discuss this topic?
Send an email to ~whynothugo/public-inbox@lists.sr.ht (mailing list etiquette)

— § —