2011-10-24

You can sort our internet out, right?

Always fun when you get known to have some clue on any subject, and sadly when relatives know you have a clue it gets worse... I get a call to come and help sort the Internet for my daughter. She is living in a housing association block of flats with her boyfriend. She suggested that they have no Internet.

So I come along, and get through the security gates (which seem as much about keeping people in as keeping people out) and am shown the common room where, to my surprise, they have a phone socket, netgear wifi router, and extra netgear access point. The router has sync, and the wifi works giving a 192.168 address, but no Internet. Hmmm....

Sadly the staff have no idea at all - the manager is not there - they don't really know who does the Internet, and apparently it has not worked for months. It stops working quite regularly apparently and the residents think that the management don't pay the bill, but who knows? More to the point they have no idea on router passwords or DSL login or anything...

Well, as ever, FireBrick to the rescue, an FB2500 and a Vigor V.120. I put an Apple airport express as a good quality wifi, and set about trying to get some Internet working. They managed to come up with a couple of logins and passwords eventually - but they don't work. Now, thanks to the comprehensive logging on the FireBrick I can see they are on a BT 21CN BRAS (RED6.GI-B). So I try an A&A login, and get a very useful response - our DNS servers, a connection on dummy IP and "Unknown user" message. That means 21CN definitely does not have service selection barring and I can log in to any ISP regardless of who pays for the line - useful. We suspected this for a long time, but nice to see it in practice.

So, setting up on our systems, which usefully tell me the circuit ID on the L2TP connection, and bingo we have fixed IPv4 and IPv6.

Now, when someone works out which ISP they actually use, and works out if they are in a contract, and gets a migration code, we can properly move them over. In the mean time we are providing bandwidth and not a line, and they are paying some other ISP for the line and using no bandwidth. Well, they might be paying, who knows - if the ISP has blocked their login it does not matter now!

In the mean time this is effectively the fastest migration I have ever done, and all with no actual details of the existing service, just physical access to the line. A bit scary really.

10 comments:

  1. "So I try an A&A login, and get a very useful response - our DNS servers, a connection on dummy IP and "Unknown user" message."

    Hi Rev!

    I always wondered about this myself but thought I'd test this from an Orange line belonging to a friend (as you probably know, Orange LLU was phased out and everyone was moved over to BT Retail's own service).

    Oct 25 06:28:40.370: Vi2 CHAP: I CHALLENGE id 1 len 36 from "bras-red6.l-ste"
    Oct 25 06:28:40.374: Vi2 CHAP: Using hostname from interface CHAP
    Oct 25 06:28:40.374: Vi2 CHAP: Using password from interface CHAP
    Oct 25 06:28:40.374: Vi2 CHAP: O RESPONSE id 1 len 43 from "xxxxxxxx@spilsby.net.uk"
    Oct 25 06:28:40.434: Vi2 CHAP: I FAILURE id 1 len 43 msg is "CHAP authentication failure, unit 12087"
    Oct 25 06:28:44.458: Vi2 PPP: Authorization required
    Oct 25 06:28:44.458: Vi2 PPP: No remote authentication for call-out
    Oct 25 06:28:44.626: Vi2 PPP: No authorization without authentication
    Oct 25 06:28:44.638: Vi2 CHAP: I CHALLENGE id 1 len 36 from "bras-red6.l-ste"
    Oct 25 06:28:44.638: Vi2 CHAP: Using hostname from interface CHAP
    Oct 25 06:28:44.642: Vi2 CHAP: Using password from interface CHAP
    Oct 25 06:28:44.642: Vi2 CHAP: O RESPONSE id 1 len 43 from "xxxxxxxx@spilsby.net.uk"
    Oct 25 06:28:44.922: Vi2 CHAP: I FAILURE id 1 len 42 msg is "CHAP authentication failure, unit 4491"

    ... but the old Orange login works perfectly:

    Oct 25 06:29:41.535: Vi2 CHAP: I CHALLENGE id 1 len 36 from "bras-red6.l-ste"
    Oct 25 06:29:41.539: Vi2 CHAP: Using hostname from interface CHAP
    Oct 25 06:29:41.543: Vi2 CHAP: Using password from interface CHAP
    Oct 25 06:29:41.543: Vi2 CHAP: O RESPONSE id 1 len 47 from "xxxxxxxx.orangehome.co.uk@fs"
    Oct 25 06:29:41.623: Vi2 CHAP: I SUCCESS id 1 len 42 msg is "CHAP authentication success, unit 3895"
    Oct 25 06:29:42.623: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
    Oct 25 06:29:42.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
    Oct 25 06:29:42.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

    The login I used is one which allows access from any BBEU* circuit ID but I cannot find any evidence that I'm rejecting the login.

    Therefore, based on this, you either have a line for which the provider did indeed turn SSB off or there is some glitch which 'allows' it to work in your daughters' case and knowing BT, they will either fix said glitch in minutes or years :-)

    If you want to contact me via e-mail, I would be happy to provide you with a test login on our realm in case you want to test this a bit more thoroughly.

    ReplyDelete
  2. Interesting. Obviously to something we have been ale to test much, and unlike 20CN there is no formal SSB control. I think the line in question may have been using he BT central plus type service though so maybe that is more flexible. We will have to test when people migrate 21CN lines to us.. Fun eh?

    ReplyDelete
  3. Wow, typing on my iPad is worse than usual today!

    ReplyDelete
  4. Easy to find out who their ISP is.

    Plug a phone into the line.

    Dial 17070 to get the telephone number of the line.

    Use the tags on the line checker to find out who the ISP is.

    ReplyDelete
  5. Hi

    Are you available for a hint? I have some FB 2700 in use in different environments with static ip and connect via ppp over fttc. I understand what these are doing, but now I want to use one at home in a rig like I see in this picture, I'm stuck!

    I have a netgear also on 21cn with Plusnet, feeding an airport extreme and I want to put the fb2700 in between the two. I may be as thick as a whale omelette, but I can't see how best to do this with the netgear in the way.

    In your rig above, if the modem is doing dhcp and dns, and the airport is in bridge mode (?) how does the FB resolve inputs to outputs?

    Thx. Steve

    ReplyDelete
  6. The router there (Vigor V120) is PPPoE, so not IP or DNS or anything. The FireBrick has been configured so port 4 is for PPPoE only. The airport is on port 1 and bridging to the LAN. The FireBrick does DHCP for the LAN. Email or irc the support team for details. Very simple set up.

    ReplyDelete
  7. Lightbulb moment... Thanks very much for the swift and helpful response.
    Steve

    ReplyDelete
  8. What value is the Firebrick providing other than cool-factor and initial debugging? Can't the Airport Express do PPPoE to the Vigor directly as well as serve DNS and DHCP for the LAN side?

    ReplyDelete
  9. It is overkill for that install. Not sure about the PPPoE on the airport to be honest (not seen it in the menus but others have mentioned it) - the fire-walling would not be as configurable I am sure. So yes, mostly (a) coolness and (b) what we had to hand as I was thrown in the deep end!

    ReplyDelete
  10. Airport Express (and Extreme) will do PPPoE just fine but not, as far as I've been able to tell, PPPoE and native IPv6. PPPoE and tunnelled IPv6 works OK.

    ReplyDelete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...