Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

Quite correct. Same as me: PPPoE, bridge modem-only modems.

[bignose2]

Hi,
I was the OP.
I think sorted all the network problems, a big combination of small but wrong settings in the modem, switch, even putting another ethernet into the modem when trying to access it to test, not just the 1 to the FB. removed now.

This question is about accessing the modem stat's via the lan, on a different subnet to the modems. I have seen most of you contributed on an old & then even older 2016 forum but thought ask here in the hope its more straight forward now.
because ..
after my initial delight of double speeds etc etc every 24 hours or so, no set time or pattern it would drop out usually with massive packet loss. A simple re-start of one of the modems would fix, no specific one but trying to monitor frequently and easy access is important.

both modems 192.168.1.1 & access is meant to be via ports 192.168.1.1:81 & :82
The strange thing is I can via :81 but nothing on :82

A&A actually spent a long time trying to help but partially as trying to get access to one of the modems themselves, suspected faulty in the end & replaced, they can now get access but I still can't. Since then did have the packet loss so not that at fault for the data problems.

Any ideas?

Code: [Select]

</services>
 <port name="WAN1"
       ports="1"/>
 <port name="WAN2"
       ports="2"/>
 <port name="LAN"
       ports="3 4"/>
 <interface name="Modem_1"
            port="WAN1"
            table="1"
            comment="Interface to get to Modem 1">
  <subnet ip="192.168.1.33/24"/>
 </interface>
 <interface name="Modem_2"
            port="WAN2"
            table="2"
            comment="Interface to get to Modem 2">
  <subnet ip="192.168.1.33/24"/>
 </interface>
 <interface name="LAN"
            port="LAN"
            graph="LAN">
  <subnet ip="192.168.2.1/23 2001:8b0:dcf3:4eed::/64"
          ra="true"
          nat="true"/>
  <dhcp ip="192.168.2.101-254"
        lease="2:00:00"/>
  <dhcp ip="192.168.3.101-254"
        lease="2:25:00"/>
 </interface>
 <ppp name="WAN1"
      port="WAN1"
      username="xxxxxxxx"
      password="xxxxxxxxxxxxx"
      auto-percent="95"
      graph="Line 1"
      lcp-rate="1"
      lcp-timeout="10"
      remote="xxxxxxxxxxx"/>
 <ppp name="WAN2"
      port="WAN2"
      username="xxxxxxxxxxxxxx"
      password="xxxxxxxxxxxxx"
      auto-percent="95"
      graph="Line 2"
      lcp-rate="1"
      lcp-timeout="10"
      remote="xxxxxxxxxxxxx"/>
 <usb>
  <dongle name="backup"
          nat="true"
          graph="Backup"
          comment="3G Backup"/>
 </usb>
 <rule-set name="Portmaps"
           source-interface="LAN"
           target-ip="192.168.1.1"
           target-port="81-82"
           no-match-action="continue">
  <rule name="Modem1"
        target-port="81"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="1"
        action="accept"
        comment="LAN access to Modems"/>
  <rule name="Modem2"
        target-port="82"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-table="2"
        action="accept"
        comment="LAN access to Modems"/>
 </rule-set>
 <rule-set name="Modems"
           source-ip="xxxxxxxxxxx xxxxxxxx xxxxxxxxxx/24 xxxxxxxxxxx/24"   .....WAN IP's
           target-ip="xxxxxxxxxx"     ..... FB WAN IP
           target-port="81-82"
           no-match-action="continue">
  <rule name="Modem_1"
        target-port="81"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="1"
        action="accept"
        comment="Get to Modem 1"/>
  <rule name="Modem_2"
        target-port="82"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="2"
        action="accept"
        comment="Get to Modem 2"/>
 </rule-set>

The packet loss is weird.
I will mention but more interested in getting access to the modem at the moment, to help diagnose below.

before migration had both lines so same wiring etc and never, ever had a problem, 70+ Mbps without fail. Perhaps 1 disconnection a month but always re-sync full speed. I would never have known apart from looking at the log's.

e.g. day before yesterday 5.20pm sudden huge packet loss (can't' see stat's from previous day, just graph, is there a way to enlarge the charts?) but 15 to 20% dripping red on Modem/Line 1. max DL test speed 0.6Mbps !!
I checked stats and the modem SNR was 6.5 up & down, sync speed still usual 76Mbps.
Been like it for 50 minutes.
I watched for a little longer and packet loss continued, all bad & speed bad.
Then did a software restart, not even a power cycle of Modem 1
Immediately 70Mbps speed test obviously from Modem 2

When the Line 1/Modem 1 came back full speed again all good?

This makes me think nothing wrong with the line itself, at that point anyway, so why report continued packet loss?
If the FB was reporting to the control 10% packet loss when surely there was none anymore on the line, what could be the problem.

I could understand perhaps a large blip on the line, cause SNR to drop & connection to drop & sync v.slow. This would only be recovered by a restart but this would be in the modem stats, low sync speed, perhaps the SNR would be back up but the sync does not auto adjust.

I do not understand quite how the FB interprets issues, if a problem for a few seconds does it get stuck reporting the bad stuff, I am use to combined modem/router & may be this behaviour is normal & could still be a multiple causes including continued line but I keep coming back to, if a restart fixed it so easy is it more likely the modem/FB that the line?

[Weaver]

Sounds like the modem might be at fault.

[bignose2]

HI,

I think it was the modem, finally managed to configure my VR600 and 3 days in, no drop out/speed reductions but still slightly too early to be sure, would not be good for both zyxtel modems to arrive faulty.

Different subject now but figured keep on this thread with so much AAisp experience here.

Is there a simple walk through to set up a VPN, I want as easy as possible method to access a pc on my LAN from Android phone via WAN.
Its just a PC running blueiris CCTV IP cameras but don't really want to open a port.

Had on my old Zen Fritzbox as simple password & code & matched on the Andoird App, done in 2 minutes.

Rather confused by the AAisp instructions, Road warrior & StrongSwan.
I downloaded StrongSwan, ....
-------------------------
"From the Android device, log in to the FireBrick
Go to Config - Certificates (Screenshot below)
Download the CA certificate in PEM format (or email it to yourself)
Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it."
-------------------------
It says the Certificate is invalid.

I am guessing got to do a lot more on the FB side but a lot of different procedure which just seems complicated, also getting into rules & NAT rules.

"Using FireBrick's built in ACME feature makes installing and maintaining a Let's Encrypt certificate easy. This certificate will be renewed by the FireBrick itself, and can then be used for https access to its web interface and also for ipsec."

My VR600 although just in bridge mode now, I can see that can set up a VPN would have been pretty easy if it was the router also.

Is there a easy to follow method?

thanks I/A