HFC NBN Connection Using Linux PPPoe

The NBN is being forced onto Australian internet subscribers in a fairly haphazard way, depending on history and politics.

I have been quite happy with ADSL, and have had no reason to change to NBN other than the facts that my phone line had become unreliable, and that the ADSL service is soon to be discontinued.
I was also forced to change ISP, since my old provider no longer offers a fixed IP address with its NBN plans.

It is difficult to find information as to how the NBN connection functions. The reality is quite simple. "HFC" and "Fibre to Premises" provide an ethernet pppoe interface and do not need an extra modem, FTTN and "Fibre to the Kerb" have a VDSL interface, and require a VDSL modem. See Dean Scarff's post

The ISP's generally provide or sell preconfigured VDSL modems in all four cases, although the VDSL modem is not required in the first two cases, where it is only used as a router.

For HFC the NBN company provides and installs a "Cable Box" (aka "Cable Modem") which has a pppoe ethernet connection to the user.

It seemed a good idea to see if my existing firewall/NAT PC with its attached devices and Wifi hubs could simply be plugged into the HFC Cable Box. Fortunately this proved easy, once I got the details (passwords etc) from my ISP.

In the case of my ISP modems are sold configured for remote setup by the ISP.

The ISP staff were surprised when asked for the configuration details, and at first suggested that I provide configuration access to them. I did not wish to do this, and they eventually gave me the information.

The ethernet connection to the "Cable Box" operates in exactly the same way using pppoe as the previous connection to the ADSL modem. The file /etc/ppp/pap-secrets must be edited to have the correct username and password. In the case of my ISP both of these had to be explicitly written, even though the password is simply the numeric leftmost part of the username.

It was necessary to set an iptables rule by issuing shell commands:

$IPTABLES -A FORWARD -o $EXTIF -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Without this some websites had issues with TLS handshaking. Simply setting the MTU did not help. See Linux Advanced Routing & Traffic Control HOWTO

centered image

Wiring of Firewall PC

VOIP Telephone Connection

The NBN completely removes the old telephone service, and suggests VOIP+SIP as a substitute. Most ISP's offer access to an SIP server and a maintained phone number as part of their package. Usually the connection to the sip server is provided by the VDSL modem.

Although I mostly use my mobile phone these days, I wished to keep my landline phone number,but not use a VDSL modem.
Two possibilities seemed viable:
Firstly, to use an app such as "Linphone" on the Firewall PC.
Secondly, to find a VOIP phone adaptor to connect to the LAN.

The second path seemed much more suitable, because it meant that the phone could be left where it was, and works mostly in the same way as a plain old telephone (POT).

The adaptor I chose was a Linksys SPA1001 through Ebay. These sell for $30 to $40. Mine arrived with a faulty power supply , but worked after getting another supply and making a power cable adaptor.
The telephone socket of the SPA1001 works well with an ordinary touchtone handset.

It took some effort (literally, a bicycle ride to my ISP's office) to get the secure VOIP setup details from my ISP. The details required were domain,proxy,password and DNS host. Once these four details were entered it worked without trouble.

It is worth noting that the NBN reports a phone number as invalid or disconnected to a caller if the VOIP modem is not active. This message ought be changed as it is incorrect and misleading.