I don't understand what you mean, what are you trying to achieve? Why would you want PPPoE on your own router and also on the DIR-615?

I also never used WAN connection 4, I just modified 1 and 3 and applied 3 to a physical port. I believe I changed the VLAN ID of WAN connection 1 (the default PPPoE profile) to 700 to prevent some kind of conflict but I can't remember what that was.

This post has been edited by rizvanrp: Sep 2 2010, 03:50 PM

There's not enough ports and its not possible since the DIR-615 is wired into the WAN port of your router (which automatically blocks off all rfc1918 traffic).

You have a LAN cable between the floors?

Check your DIR-615 settings and make sure you did everything correctly (including using the exact LAN ports which I've specified).. if your router is sending a PADI with no PADO reply, your bridge is not configured properly.

Its hard to say it will 100% work if your PC can dial in because Windows automatically strips VLAN tags off tagged frames. Your DIR-615 could be accepting untagged traffic but sending out tagged traffic and it would still be able to dial in.

This post has been edited by rizvanrp: Sep 2 2010, 04:37 PM

Ask 76radius, he's doing that with the ZTE VDSL modem.

1. Vlan bridging still works, just ask for that admin account password from your installers while they're setting it up.
2. Use the DIR-615 in bridging mode or buy the RB250G, your choice but the new batch of DIR-615 seems to have an extremely high failure rate.

You bought an RB750G? That's a full fledged router You will need to setup NAT on the router so the computers can utilize the internet link. Not sure how you're going to do this as I'm not too familiar with RouterOS but you can google 'routeros pppoe nat' or something.

They came on your router and it worked?

TM does not want this because the security they have for maintaining user->stream access control is through the STB's firmware itself. I'm sure there are many exploits that still work but even if I (or someone else) continues to develop them, we'll keep it private as TM patched the last few ones using info from this thread within 24 hours.

Yeah, noticed it for a week+ already. Youtube getting capped

Nope still pulling 2.5MB/s easily

Not me but another user pmed me with the same problem. I think its recent?

I don't think having a gigabit enabled WAN port router is necessary as the current Unifi infra will have to be upgraded (BTUs, etc.) before we ever see those speeds. By then, newer and more powerful router platforms will be standard issue.

As for those of you who are having the corrupted file issues, try downloading through a SSH tunnel or encrypted VPN link. The encryption should act as an additional level of error checking and prevent your downloads from being corrupted.

It happened as predicted because TM does not give a rats ass about basic security. I mentioned a few pages back that all BTUs are vulnerable to being accessed using the VOIP network since TM just dumped a default user/pass in all of them.

I'm not too sure what they can achieve with your SIP login details as I don't use the technology much.. but causing a DoS on all 3 of your Unifi services is very easy just by accessing the BTU. They should not be able to use the BTU to break into your internal network as long as your router is secured properly.

I've just changed my Fiberhome admin login/pass and disabled its telnet daemon.. still figuring out how to write the changes to the startup config. I'd release a guide but many people will not be able to do it as it requires a Console cable. Do tell me if its possible to permanently secure the Huawei/Alcatel BTUs through the web UI though

Edit : The BTUs can only be accessed through the VOIP network AFAIK so if someone has changed your configuration (and it's not some glitch by TM), it's definitely being done by other Unifi users.

This post has been edited by rizvanrp: Sep 6 2010, 10:38 PM

Fiberhome ONT's need a Console cable and RS232-USB adapter (if you don't have a serial port on your computer).. only then can you log into it and secure the router by changing the admin account pass, router 'enable' pass and disabling the telnet daemon.

With the huawei you should be able to do all of this through the webUI alone. This is what happens when you use the default user/pass combination for every single piece of hardware you setup. Maybe you guys can spam their hotline so they get the message

EDIT: Also, the telnet daemon is enabled by default on the Huawei. If it's disabled, someone has changed it.

This post has been edited by rizvanrp: Sep 6 2010, 11:37 PM

@klgoh99

Thanks for the heads up I'll look into other potential daemons running on the BTU but it's going to be hard to determine the root cause of the problem as I'm using Fiboom/Fiberhome and most of you are using Huawei/Alcatel. If this is indeed the work of an individual and this person is accessing the network either by using the Huawei as a proxy or directly connecting himself via a VLAN bridge of sorts, the MAC address he's using will be directly visible to TM staff as it will be that of the BTU. Since MAC addresses of users are linked to individual units, they should be able to track him down easily unless he's using an unregistered piece of equipment (or is using another method I'm unaware of).

I simply don't have the tools to debug GPON links so most of this is going to be based on guesswork. If this guy has full access to the network there's nothing much you can do except backup/restore the running-config and attempt to lock down your router from remote access by changing the default username/passwords. FYI, the Huawei has two accounts.. both of which are a default user/pass combo and can be located by opening your config file in notepad.

There's really nothing much we as users can do about this except get TM to patch it up.

This post has been edited by rizvanrp: Sep 6 2010, 11:51 PM

Sohlican asked for the default VOIP settings a while back, all the variables you need should be located here --> http://forum.lowyat.net/index.php?showtopi...&#entry36045041

All BTUs are vulnerable but it seems that only Huawei users have been affected at the moment. Fiberhome can be secured via the Console port but you need additional hardware and the fix is only temporary (till the next reboot).

Pretty much, yeah. I would not rely on Unifi VOIP for critical services such as alarm system communications.. one issue being no power = no line and the other is this security hole which has been left open since day one.

It's always good to purchase the hardware though if you're on the Fiberhome.. a Console/rollover cable costs RM10-30+ (free if you have friends who work with hardware routers ) and a usb-rs232 adapter is also roughly the same price.

Don't worry about it. As long as you're behind NAT and you haven't set any matching port forwarding rules, the router will always drop those connections.

Yes, that's not supposed to be there. There should only be 1 active SIP profile. Guess the BTUs really are being broken into. Looks like TM is about to realize how important it is not to leave everything open.

Serves them right for not listening IMO

Edit : 'Jack' is not a valid authname at all and is likely just the tag this skiddy is leaving behind.

This post has been edited by rizvanrp: Sep 8 2010, 02:25 AM

If you're getting a 169.x.x.x IP, that means the DHCP server is not working properly (and you're being assigned a default dynamic IP by Windows itself). You have to manually set a static IP to match that of your BTU and then see if you can connect to it. No amount of 'ipconfig /renew's will work if the DHCP server is not up.

---

Also, for those of you who are experiencing packet loss + bad pingtests, which BTU are you using? Huawei, Fiberhome or Alcatel?



Mine's still rock solid stable on the Fiberhome

This post has been edited by rizvanrp: Sep 8 2010, 01:16 PM