[DHCP] WAN can't get a lease

[simba795]

Hi all,

Context
I am replacing my router with my custom hardware . I bought a Nokia ONT XS-010X-Q, spoofed the Serial number of the legacy router and it works (fixed green LED).

Then, I bought a Lenovo m720Q (PCIe slot) to become my new router/firewall, I have installed OPNSense on it. I have configured my WAN to spoof the MAC address of the legacy router, blocked all the private traffic coming. After that, I created a VLAN 10 on it (accordingly to my ISP requirements), with the same MAC address and option 60 for the DHCP request.

Problem
My ISP is using DHCP FFTH, after some headaches because it was not working, I sniffed the DHCP traffic from the legacy router. I saw that it sends the hostname and a class/client identifier. I spoofed these 3 values on the DHCP request of my OPNSense and tried again, but it does not work... 

Indeed, the DHCP requests parameters are different, so I tried to configure the VLAN 10 DHCP config to send the same, but I can't figure out how to do it (can't find the good options name etc). Is it possible that the DHCP server does not reply because of that? The padding is different too, is it an issue?

You can see the two different requests:




Do you have any idea please?

[meyergru]

If you do not get a DHCP answer at all, I would doubt that the fiber connection is "really" up in the first place, despite the LED telling you that it is.

You wrote that you spoofed the MAC address of your router. What do you mean by that? Before the router's MAC can even be detected, you have to have a running fiber connection. Usually, that is protected by either checking the S/N of your ONT (not its MAC) or the PLOAM password or a combination thereof. So did you copy over the S/N and the PLOAM password from your old ONT like described here? I.e., if you can even read those items from your ISP's equipment.

Even if you do that correctly, and if the ONT status is "O5" (which is often indicated by a green PON status LED), some OLTs are known to check even more parameters before they really let your packets flow to the BRAS / BNG. That may be LOID or certain OMCI parameters like the manufacturer ID or the software version. E.g. Huawei OLTs are known to do this per default. Been there - done that.

I highly doubt that the MAC of the router matters at all. Besides, I did not have much luck with spoofing a MAC on my hardware. OpnSense offers that, but for my NIC, it did not work.

Of course, you also to configure the correct VLAN to send your DHCP requests.

From what you wrote, you have sniffed the traffic from the router, so I assume that your ISP provides you an external ONT. Try to used that with your setup and eliminate the potential problem of the Nokia ONT not cutting it.

[simba795]

Hi,

Thank you for your answer!

I "spoofed it" by using it as the WAN/VLAN10 mac and using it in the parameters sent to the DHCP server. To get the MAC address I just sniffed it from the original router when it was doing the DHCP requests (the internet connection was already activated).

I did spoof the serial number from my previous ONT like described on Hack GPON, it was written on the router itself (Fritzbox) or in the Web menu (I don't remember) and after spoofing it the green led became fixed.

I have no external ONT, it is included in the Fritzbox itself and I don't think I can use it as an ONT.

FYI the ISP is green.ch which is using Swisscom network but I can't find anything online if they are checking other parameters.

By the way, I plugged the fiber cable to the fritzbox and plugged it back to the Nokia, it worked and I have an IP now, but I did not change anything?! I will finish my configuration and check if it keeps working after a reboot

[chemlud]

I have absolutely no experience with ONT or your provider, but would it work to simply configure  WAN static with the IP/Gateway obtained on the providers (? Fritte?) router? Asking for a friend... :-D

[simba795]

That's right, I think it could have been a good way to debug to put the static IP and gateway.
In my situation, after a reboot it still works, maybe it will not if I lose the lease... If it happens I will post a reply here

[chemlud]

...question is what happenz after 50% of the DHCP lease time, if no refresh is requested....

[meyergru]

OK, so green.ch provides you with a fiber Fritzbox and you can sniff packets there, but you obviously cannot use it as ONT "only".

As I said, there may be more parameters that green.ch checks. The green LED only states O5 status, which does not guarantee that your DHCP packets reach the BRAS.

That is a situation in which many customers are in countries except Germany. We have a law (the so-called "Endgerätefreiheit"), by which ISPs must accept any active network termination provided by the customer and cannot impose their own hardware.

I know that many italian fellows have that problem as well. They go great lengths to fake all the necessary parameters - you can look at the fibraclick forum, which is the source of most if not all of the information on the Hack GPON site. Not many devices allow setting those parameters, I assume even less for XGS-PON.