Bell HH3000 pppoe setup with EdgeRouter, UniFi & DuckDNS

By | April 26, 2019

In my previous post on this topic I discussed the challenges I faced trying to get the HH3000 into bridge mode and ultimately why I ended up with a double NAT situation. The original post is here. Since that time, I have optimized my setup:


The highlight of this update is that I have finally gotten pppoe passthru to work and gotten rid my double NAT situation. A double NAT configuration is not necessarily a bad thing. As a matter of fact, some security experts propose double NAT for heightened LAN security. There is a link to an article on the subject from Steve Gibson (GRC). However, since LAN security is managed by my EdgeRouter, I would prefer if it is exposed to my public IP so that I can securely configure external access to certain LAN hosts.

As a refresher, the HH3000 does not support a bridge mode. Rather, there is some support for a DMZ configuration. However, in my testing I have found the DMZ configuration to be unreliable. My solution is to abandon all services on the HH3000 and limit its use to being simply an endpoint for my fiber circuit from Bell.

The HH3000 supports pppoe without any special configuration changes. You would need your b1 username and password. Contrary to many other posts that I have seen, VLAN tagging (VLAN 35) is not required in this configuration. The HH3000 takes care of the tagging. Also, I have seen some posts about Internet throughput being reduced with pppoe setups. I have not experienced this issue and I do get my full bandwidth throughput. Basically, you connect the WAN port of your router to any one of the LAN ports on the HH3000. That’s it 🙂

Next up is the setup of the pppoe interface of the EdgeRouter. Again, I have found that the available documentation on this was a bit questionable. However, key is to create the pppoe interface on the EdgeRouter as the connection for eth0 (typically the WAN interface). The configuration can be done via the GUI or CLI. The final configuration should look like this:

ethernet eth0 {
        description "Internet WAN"
        duplex auto
        pppoe 0 {
            firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
            }
            default-route auto
            mtu 1492
            name-server auto
            password xxxxxxxxxx
            user-id xxxxxxxxxxxxxx
        }

I suspect that part of the reason for other forum posts about speed issues with pppoe setups is the MTU values. EdgeOS (EdgeRouter operating system) addresses this by implementing a service to change the Message Segment Size (MSS) of all TCP packets to value lower than that of the Ethernet default of 1500. I have configured the mss-clamp value to 1412. The link to the post on the Ubiquiti support forum is here. The CLI configuration is;

configure
set firewall options mss-clamp mss 1412
commit ; save

With this configuration, the EdgeRouter happily gets a public IP from Bell via the HH3000 on eth0 and manages the firewall and routing for my LAN.

I use DuckDNS to keep track of my public IP so that I can conveniently access certain LAN hosts. However, DuckDNS is not one of the pre-defined services on the EdgeRouter. Therefore, a custom setup is required. This is done via the CLI as follows:

set service dns dynamic interface eth0 service custom-duckdns
set service dns dynamic interface eth0 service custom-duckdns host-name myduckdnsdomain (created during DuckDNS setup))
set service dns dynamic interface eth0 service custom-duckdns login nouser (DO NOT put your username here)
set service dns dynamic interface eth0 service custom-duckdns password my-token-here
set service dns dynamic interface eth0 service custom-duckdns protocol dyndns2
set service dns dynamic interface eth0 service custom-duckdns server www.duckdns.org
commit
save
exit

DuckDNS will be updated by the EdgeRouter if your public IP changes. However, you can force an update and verify your configuration with the following CLI:

update dns dynamic interface eth0
show dns dynamic status

Hope this helps 🙂

4 thoughts on “Bell HH3000 pppoe setup with EdgeRouter, UniFi & DuckDNS

  1. Pete Gemakas

    Thanks for this article, Nigel. Do you offhand know if the configuration would be similar if I were to use Ubiquiti USG instead of the EdgeRouter? Trying to decide which one to purchase. Also, have you run into any issues with this since publishing this updated configuration? Thanks!

    Reply
    1. Nigel Post author

      The Ubiquiti USG is a bit of overkill for my home network but I imagine that the configuration would be similar. No problems with the setup so far.

      Reply
  2. Pete

    Hi Nigel,

    I had a bit of time to get started on this and I was wondering if you ran into an issue where your EdgeRouter could ping say Google (8.8.8.8) but a connected laptop could only ping the gateway on the EdgeRouter (192.168.1.1) but the laptop couldn’t reach Google?

    I had things connected as follows: (I’m using a USG but it appears the OS is the same as the EdgeRouter)
    Internet: Bell home hub-LAN1 — > USG WAN port
    LAN: PC ethernet port — > USG LAN port

    Is there anything on the home hub that needs to be changed? (ie. the subnet used on the LAN ports?). I get the impression you simply plug the Ubuqiti device into the Bell home hub and that’s all that is needed.

    I didn’t have much time to look further into this but thought I would enquire to see if maybe you encountered the same issue.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.