Bell HH3000 pppoe setup with EdgeRouter, UniFi & DuckDNS

By | April 26, 2019

In my previous post on this topic I discussed the challenges I faced trying to get the HH3000 into bridge mode and ultimately why I ended up with a double NAT situation. The original post is here. Since that time, I have optimized my setup:


The highlight of this update is that I have finally gotten pppoe passthru to work and gotten rid my double NAT situation. A double NAT configuration is not necessarily a bad thing. As a matter of fact, some security experts propose double NAT for heightened LAN security. There is a link to an article on the subject from Steve Gibson (GRC). However, since LAN security is managed by my EdgeRouter, I would prefer if it is exposed to my public IP so that I can securely configure external access to certain LAN hosts.

As a refresher, the HH3000 does not support a bridge mode. Rather, there is some support for a DMZ configuration. However, in my testing I have found the DMZ configuration to be unreliable. My solution is to abandon all services on the HH3000 and limit its use to being simply an endpoint for my fiber circuit from Bell.

The HH3000 supports pppoe without any special configuration changes. You would need your b1 username and password. Contrary to many other posts that I have seen, VLAN tagging (VLAN 35) is not required in this configuration. The HH3000 takes care of the tagging. Also, I have seen some posts about Internet throughput being reduced with pppoe setups. I have not experienced this issue and I do get my full bandwidth throughput. Basically, you connect the WAN port of your router to any one of the LAN ports on the HH3000. That’s it 🙂

Next up is the setup of the pppoe interface of the EdgeRouter. Again, I have found that the available documentation on this was a bit questionable. However, key is to create the pppoe interface on the EdgeRouter as the connection for eth0 (typically the WAN interface). The configuration can be done via the GUI or CLI. The final configuration should look like this:

ethernet eth0 {
        description "Internet WAN"
        duplex auto
        pppoe 0 {
            firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
            }
            default-route auto
            mtu 1492
            name-server auto
            password xxxxxxxxxx
            user-id xxxxxxxxxxxxxx
        }

I suspect that part of the reason for other forum posts about speed issues with pppoe setups is the MTU values. EdgeOS (EdgeRouter operating system) addresses this by implementing a service to change the Message Segment Size (MSS) of all TCP packets to value lower than that of the Ethernet default of 1500. I have configured the mss-clamp value to 1412. The link to the post on the Ubiquiti support forum is here. The CLI configuration is;

configure
set firewall options mss-clamp mss 1412
commit ; save

With this configuration, the EdgeRouter happily gets a public IP from Bell via the HH3000 on eth0 and manages the firewall and routing for my LAN.

I use DuckDNS to keep track of my public IP so that I can conveniently access certain LAN hosts. However, DuckDNS is not one of the pre-defined services on the EdgeRouter. Therefore, a custom setup is required. This is done via the CLI as follows:

set service dns dynamic interface eth0 service custom-duckdns
set service dns dynamic interface eth0 service custom-duckdns host-name myduckdnsdomain (created during DuckDNS setup))
set service dns dynamic interface eth0 service custom-duckdns login nouser (DO NOT put your username here)
set service dns dynamic interface eth0 service custom-duckdns password my-token-here
set service dns dynamic interface eth0 service custom-duckdns protocol dyndns2
set service dns dynamic interface eth0 service custom-duckdns server www.duckdns.org
commit
save
exit

DuckDNS will be updated by the EdgeRouter if your public IP changes. However, you can force an update and verify your configuration with the following CLI:

update dns dynamic interface eth0
show dns dynamic status

Hope this helps 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.