telia_gpon_conf.md

Introduction

I've finally sat down and completed my network migration from my ISP's (Telia LT) GPON terminal over to my own router using SFP module. This guide will provide step by step guide, how to do that.

To do that, you need a few things prior to starting, namely:

• GPON SFP(+) module with an unlocked serial number configuration (e.g. here),
• Router/Gateway to plug that module (e.g. UDM-Pro,

Disclamer

Please consider the following prior to proceeding,

• As my entire house runs on Unifi, this guide will be focused entirely on Unifi, but if you read through you should be able to customize it to fit your hardware.
• I'm not responsible for any damage to your equipment or loss of internet, do it at your own risk.
• My ISP provider is Telia and it is capable to provide internet of up to 2 gbit/s

High level description

I've managed to reverse engineer Telia's authentication setup. They are only dependant on Serial Number of your GPON terminal and nothing else. Knowing this, all we need is a GPON SFP module that allows changing Serial Number. We also need to know how to decode Serial Number from the GPON terminal label. Now let's proceed.

SSH to your router

To complete this guide successfully, you need to have SSH access enabled in your gateway and/or router. For Ubiquiti specific setups, you can follow the official documentation here on how to enable it. If you're using different devices, then you should look for guide at your vendors website. Then, we ssh to the UDM Pro:

# Notes:
# - replace 10.10.10.1 with your IP of the gateway
# - username is `root` normally (for all users), but in some cases might be ubnt - check your product manual
ssh root@10.10.10.1

Enter your password that you can find in UDM Console settings.

Plug the SFP(+) GPON module

Now we can plug the SFP GPON module to the UDM pro Wan port. In my example I used port 10 on the UDM Pro. One the module is plugged in, give it a few moments to boot up - you will be able to soon see it in the interface.

Important note: make sure that you also plug in your existing fibre to the SFP module. Otherwise it won't come up and you will not be able to ssh to it.

Configure SFP(+) GPON module access

We now need to configure access to the module, so we're able to access it. To do so, we need to perform a few specific steps in order to achieve that.

GPON modules from fs.com comes with preconfigured IP address of 192.168.1.10 All we need to do is tell UDM how to route traffic to that SFP module.

Assuming you use Ubiquiti, the ports you see in the interface are mapped to an eth interface if you subtract 1 from the displayed number. Namely Port 10 will be eth9 and so on... (at least under normal circumstances).

So because i've plugged SFP to Port 10 I'll use interface eth9.

Adding subnet to interface

Use the following command to bring up the required subnet to the associated interface. As per documentation (also on hack-gpon), our interface operates in the 192.168.1.x subnet() with a default IP address of 192.168.1.10.

Let's add the subnet to the eth9 interface,

ip addr add dev eth9 local 192.168.1.2/24

Route all traffic from that interface to the 192.168.1.2 gateway address we created above,

iptables -t nat -A POSTROUTING -o eth9 -d 192.168.1.0/24 -j SNAT --to 192.168.1.2

Removing subnet access

To reverse the above changes, do the following to remove the POSTROUTING,

iptables -t nat -D POSTROUTING -o eth9 -d 192.168.1.0/24 -j SNAT --to 192.168.1.2

and the actual subnet from eth9,

ip addr delete dev eth9 local 192.168.1.10/24

To ensure your changes got applied you can review the output of,

ip addr

and for iptables,

iptables -t nat -L POSTROUTING

Checking access

Now you should be able to access the GPON module by pinging its address from the UDM-Pro shell,

root@UDM-Pro:~# ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.656 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.259 ms
64 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.253 ms
64 bytes from 192.168.1.10: icmp_seq=5 ttl=64 time=0.266 ms

Configuring the SFP(+) GPON module

After ensuring you are able to ping the module, you should ssh to it. As mentioned previously the default parameters of the FS GPON module are as follows,

IP	192.168.1.10
user	ONTUSER
pass	7sp!lwUBz1

Therefore, based on the above parameters you can ssh to the GPON module by using the following command,

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 ONTUSER@192.168.1.10

Note: it is important to use that specific (and outdated) algorithm as newer ones are not supported by the module firmware -- and that is OK

Set serial

You need to get the device serial number which should be exactly 12 digits (normally). However in my case Tealia had place Huawei HG8010Hv6 ONT Terminal and on the backplate serial number consists of 16 characters.

That is because vendor ID is in Hex format. To properly format your Serial Number, use this website reference to decode HEX into ASCII. In my case because ONT is from Huawei, I can see that first 8 numbers should actually be written as "HWTC" and then you write what's remaining after first 8 numbers.

HWTC	48575443	Huawei

Example: Huawei SN: 48575443XXXXXXXX

So we turn this into HWTCXXXXXXXX

Now that we know the Serial Number we set it on our new SFP module.

set_serial_number HWTCXXXXXXXX

or,

sfp_i2c -i8 -s "HWTCXXXXXXXX"

Important note: you will not be able to see the updated serial number in the module without doing a reboot first.

Check parameters

After applying the above commands, you need to reboot the module -- you can do that by using the following command,

reboot

Then after waiting for a few minutes for the operation to complete you can check that the serial number is changed to the desired one,

fw_printenv | grep nSerial

or by using,

sfp_i2c -g | grep nSerial

Without the | grep nSerial you will get the dump of the entire configuration.

Conlusion

Once your SFP module reboots, you should automatically connect to the internet as this is the only check Telia does on their end. Now you can turn off your old terminal and you'll have connecticvity via your router.

Exact instructions might not work, but essentially you can replace Telia GPON with an SFP stick, as long as you can change Serial Number of your SFP and it uses same wavelengths as Telia. So if your router supports SFP stick, you need to create route to SSH into it. And then execute a command they changes serial number.

These instructions should work on your device, but if you were using Microtik then there's a bit different setup to SSH to the SFP stick.

Hey. So I have purchased GPON SFP ONT:
1.25/2.5G GPON Stick ONU 1310/1490 20km

I even ordered with modifed Serial Number, so it came with the one I needed:
ADTN00112233 (original device is Adtran SDX611 GPON ONT)

I have two devices to test UDM-SE and UDM-Pro-max.

So after plugging the SFP sometimes I saw these errors:

  219.064529] pca953x 0-0028: failed reading register
[  219.086411] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.570146] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.599902] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.685904] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.708080] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.761692] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  219.783805] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.118119] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.141430] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.163419] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.185436] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.207494] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.229568] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.255863] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.255871] pca953x 0-0028: failed reading register
[  220.283279] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.283286] pca953x 0-0028: failed reading register
[  220.305467] i2c_designware fd880000.i2c-pld: timeout waiting for bus ready
[  220.305474] pca953x 0-0028: failed reading register

Finally after reboots I was able to see the SFP adapter:

[   31.362655] tdts: tcp_conn_max = 32000
[   31.362657] tdts: tcp_conn_timeout = 300 sec
[   32.185316] al_mod_eth_lm_link_detection_step: New SFP mode detected AL_ETH_LM_MODE_DISCONNECTED -> AL_ETH_LM_MODE_1G
[   32.191294] Configured MAC to SGMII mode
[   32.191298] eth [al_mod_eth_0]: set link speed to 1000Mbps. full duplex.
[   32.195735] al_mod_eth_group_lm_link_manage: eth0 - link established successfully
[   32.195766] IPv6: ADDRCONF(NETDEV_CHANGE): eth9: link becomes ready
[   32.855591] al_eth 0000:00:00.0 eth9: al_mod_eth_lm_mode_change link down
[   34.263705] al_mod_eth_lm_link_detection_step: New SFP mode detected AL_ETH_LM_MODE_DISCONNECTED -> AL_ETH_LM_MODE_1G
[   34.269509] Configured MAC to SGMII mode
[   34.269512] eth [al_mod_eth_0]: set link speed to 1000Mbps. full duplex.
[   34.271719] al_mod_eth_group_lm_link_manage: eth0 - link established successfully
[   34.934301] al_eth 0000:00:00.0 eth9: al_mod_eth_lm_mode_change link down
[   36.345245] al_mod_eth_lm_link_detection_step: New SFP mode detected AL_ETH_LM_MODE_DISCONNECTED -> AL_ETH_LM_MODE_1G
[   36.351003] Configured MAC to SGMII mode
[   36.351007] eth [al_mod_eth_0]: set link speed to 1000Mbps. full duplex.
[   36.353533] al_mod_eth_group_lm_link_manage: eth0 - link established successfully
[   83.850910] device eth9 entered promiscuous mode

Also managed to login to SFP and confirm serial number corresponds the Adtran's SN printed on the Telia’s media converter.

ONTUSER@192.168.1.10's password:


BusyBox v1.22.1 (2021-09-18 10:30:59 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

 OpenWrt - (14.07_ltq) --- Lantiq Edition for GPON

But link was never working. Nor after reboot. Nor after unplug/plug power cable of UDM.
I did not see public IP on eth9 (web ui confirmed the same).

I made sure SFP port was marked as wan2. Also I tried making SFP wan1.

Also tried changing S/N of sfp module to something different and then back to the one Telia expects - same.

At some point web UI showed this error:
Faulty EEPROM detected. This SFP module may not function correctly, consider replacing it. Please check the cable connections and replace faulty cables or modules as needed.

Would be gratefull for any inputs or suggestions to debug further.
Plugging fiber cable back to media converter- was returning internet activity quiet fast.

Also when checking tcpdump -ni eth9 never shown any data flow.

I've been wanting to do this for my Ecofon ISP.

FYI ekofon will provide you with a sfp module if you ask nicely (and upgrade to the 2Gbps plan, even if just for a month.)

@huglester do you have auto negotiation enabled on your interface? UDM only supports 1gbit and 10gbit, but some SFP's will try to negotiate 2.5 and will not work so you have to manually set it to 1gbit.

I've had those EPROM errors too, also one more thing - sfp on UDM doesn't come alive unless it has fiber stuck in it.

Hello, do you know your HG8010Hv6 login details? I only have the IP address on the sticker, there is no login information. The options available online are not suitable..

I couldn't login to mine as well, looks like Telia changed default password.

But the serial number you need is on the label on the back of the device.

Do you speak Lithuanian "ketbla"? I would write my version in Lithuanian.

I've been wanting to do this for my Ecofon ISP.

FYI ekofon will provide you with a sfp module if you ask nicely (and upgrade to the 2Gbps plan, even if just for a month.)

Oh hell yeah. I'm down with easy mode. They also just configured 10 gig in my area 🔥

I think we need a Telegram group to discuss this topic further :)