Using Router behind CGNAT, behind ONR (Double NAT), ONR bridging, ONR replacement with ONU or PON Stick

[xiaofan]

More advanced users can try to replace ONT/ONR with GPON Stick or ONU.

More info for Singtel ONR replacement here.
https://forums.hardwarezone.com.sg/threads/bypassing-singtel-onr.6993877/
https://forums.hardwarezone.com.sg/threads/singtel-1-gbps-fibre.5930834/page-219
https://forums.hardwarezone.com.sg/threads/diy-ont-with-gpon-sfp-stick-and-openwrt.6771940/page-2
https://forums.hardwarezone.com.sg/threads/fully-utilize-singtel-2gbps-network.7041131/ (using VSOL GPON ONU)

1. GPON--互操作兼容设置--基本认证设置
GPON SN: 12 letters S/N on back of your Singtel ONR
LOID: Fiber Broadband ID on your Singtel contract/bill
LOID CheckCode & Ploam Password: leave blank

2. GPON--互操作兼容设置--VLAN相关设置
互操作兼容模式：tick
默认PVID(for internet)：10
下行组播VLAN(for IPTV)：1281
下行组播VLAN转换(for IPTV)：20
VLAN转换/绑定：leave blank

click 保存&应用

3. 系统--重启 （reboot) and you should now see 注册状态 5 under GPON状态

 

[xiaofan]

ZTE F620 ONR bridging method posted in the WC thread.

https://forums.hardwarezone.com.sg/...band-provider.5494964/page-101#post-152464114

I managed to successfully bridge the ZTE F620 ONR twice (replicated on two separate ONRs).

==============
Firstly, you have to reset the ONR.
Login with support or root account then click on Management & Diagnosis > System Management > Factory Reset.

After ONR has been reset, login with support account then click on FastSetting and ensure ONR is ticked. Also tick LAN1 under Bridge Port. Then can be seen in the image below. (I have to repost an image as I am unable to upload images).

==============
Initially when I accessed support account FastSetting, the Bridge Port options were not displayed. These only appeared after the ONR was reset.

==============
The support account password is the root account password reversed.

If you are not able to login with support account, just login with root account first and do a reset.


Image taken from xiaofan. Thanks!

 

[xiaofan]

Guide to take advantage of WC 2.5Gbps plan, including bridging guide for the Huawei HG8244H ONR. The same guide should work for Huawei HG8240T5 ONR.

https://forums.hardwarezone.com.sg/...band-provider.5494964/page-104#post-152639185

Guide to take advantage of 2.5GB plan for HG8244H:

1) If your router is set to ONT, reset it by putting a pin thru the hole while it is turned on. when the light disappears, leave it for 1min to reboot. If you already have ONR, no need to reset and skip ahead to step 7

2) connect directly to one of the ONR ports, go to the management address located underneath eg 192.168.1.254

3) login using telecomadmin/admintelecom

4) Skip fast setting setup, go to main page

5) click gear icon, wan configuration

6) The default is already route wan, TR069_INTERNET this is already sufficient. You will have 1 public IP on all 4 lan ports. You can bind to certain ports, or create another INTERNET. as long as VLAN 10 you will have internet access. You can select another internet connection with vlan 10 to get another public IP, but this is not necessary

7) Now if you have 2 computers and test 2 ports simultaneously, you should be able to get 1GB+1GB download results, but upload is limited to 1.25GB, probably due to ONR?

8) Connect both ports to your other router which supports dual wan. Ensure your other router using different subnet instead of 192.168.1.x which is used by ONR

9) ... enable that round robin function on your consumer router ...
For opnsense can follow this guide.


initially when i use priority 1, 1:1 weight, default pool: only 1 wan was used instead of both during speedtest.

So the only difference I do is i set both single gateway priority to 254, different weights of 5 and 4 instead of 1:1.

Gateway group, both tier 1, trigger packet loss or high latency, pool round robin.

10) Do speedtest to check if everything works

 

[xiaofan]

Singtel XGS-PON ONR later FW version is said to be able to be bridged by the user.
https://forums.hardwarezone.com.sg/...0-wifi-7-router-users.7003498/#post-151425415

More details here in this thread: how to bridge the ZTE F8648 XGS-PON ONR for Singtel 5Gbps/10Gbps plan.
https://forums.hardwarezone.com.sg/threads/singtel-10gbps-zte-f8648p-superadmin-password.6946718/

 

[xiaofan]

Summary for Singtel/WC ONR

• Huawei HG8244H ONR -- can be bridged, methods posted in this forum
• Huawei HG8240T5 ONR -- can be bridged, methods posted in this forum
• Nokia G240 ONR -- can be bridged. Superadmin login info not posted in this forum.
• ZTE F8648P ONR -- Singtel XGS-PON ONR for 5Gbps/10Gbps plan, can be bridged with later FW, methods posted in this forum
• ZTE ZXHN F620 ONR -- can be bridged, methods posted in this forum
• Huawei OptiXstar V183 ONR, Singtel FTTR, no point to bridge even if you can bridge it since then your 10Gbps FTTR plan will become 1Gbps plan (the ONR has only 1G LAN ports)

 

[xiaofan]

From the following thread.
https://forums.hardwarezone.com.sg/...zte-f8648p-superadmin-password.6946718/page-4

Saw this notification on my phone:

Need to tick the check box only to proceed

And I quit the whole process not wanting them to snoop on my bridge ONR

1. That is the one of the main reason people like @firesong thinks Singtel ONR is a privacy/security risks.

ONT vs ONR
https://forums.hardwarezone.com.sg/...cs-of-home-networking.6653421/#post-138363236

Some people have some concerns about security and privacy of using an ONR where the ISP can access the router configuration through features like TR-069. Example posts from firesong.
https://forums.hardwarezone.com.sg/...-the-difference.5768534/page-3#post-128639402
https://forums.hardwarezone.com.sg/...-the-difference.5768534/page-6#post-130548173

2. Even if you bridge the ONR, your HB810 in router mode will still be under the control of Singtel.

If you worry about this, you have to ditch HB810 as well.

3. Technically it is the same for the Nokia XGS-PON all in one ONR used by Starhub 5Gbps users (but you can request to use ONT) as well as the TP-Link EB810v routers used by Starhub 5Gbps/10Gbps users (even if using XGS-PON ONT).

4. Reference:
1) EB810v: https://www.tp-link.com/sg/service-provider/wifi-router/eb810v/
Remote Management: TR-069 and TR-369 protocols and TAUC (TP-Link Aginet Unified Cloud) are supported.

2) HB810: https://www.tp-link.com/sg/service-provider/wifi-router/hb810/
Remote Management: TR-069 and TR-369 protocols and TAUC (TP-Link Aginet Unified Cloud) are supported.

The edge device in your house should never be under the full control of the ISP. Especially when that device also consists of your DHCP assignments (all devices at home). Your ISP also can build a patten of when you are home and out by mapping when your devices are connected.

More importantly, if your ISP can access and control it, it follows that anyone on the internet can control it with the right access information. That's a direct breach to your home network with total control. It's a sobering thought.

For Singtel and Starhub 5Gbps/10Gbps users, if you are worried, then you may want to get rid of EB810v and HB810. You also do not want to use unbridged Nokia XGS-PON all-in-one ONR or unbridged Singtel ZTE XGS-PON ONR.

If you are not worried, just continue using them.

1) EB810v: https://www.tp-link.com/sg/service-provider/wifi-router/eb810v/
Remote Management: TR-069 and TR-369 protocols and TAUC (TP-Link Aginet Unified Cloud) are supported.

2) HB810: https://www.tp-link.com/sg/service-provider/wifi-router/hb810/
Remote Management: TR-069 and TR-369 protocols and TAUC (TP-Link Aginet Unified Cloud) are supported.

 

[xiaofan]

More advanced users can try to replace Singtel/WC ONR with GPON Stick or ONU.

More info for Singtel ONR replacement here.
https://forums.hardwarezone.com.sg/threads/bypassing-singtel-onr.6993877/
https://forums.hardwarezone.com.sg/threads/singtel-1-gbps-fibre.5930834/page-219
https://forums.hardwarezone.com.sg/threads/diy-ont-with-gpon-sfp-stick-and-openwrt.6771940/page-2

Methods posted in this forum.

1. GPON--互操作兼容设置--基本认证设置
GPON SN: 12 letters S/N on back of your Singtel ONR
LOID: Fiber Broadband ID on your Singtel contract/bill
LOID CheckCode & Ploam Password: leave blank

2. GPON--互操作兼容设置--VLAN相关设置
互操作兼容模式：tick
默认PVID(for internet)：10
下行组播VLAN(for IPTV)：1281
下行组播VLAN转换(for IPTV)：20
VLAN转换/绑定：leave blank

click 保存&应用

3. 系统--重启 （reboot) and you should now see 注册状态 5 under GPON状态

His speedtest result with Singtel 1Gbps plan (looks like a loophole that Singtel does not throttle the speed for 1Gbps user now).
https://forums.hardwarezone.com.sg/threads/singtel-1-gbps-fibre.5930834/page-238#post-152950414

Another post -- using an GPON ONU (VSOL V2802RH) to replace Singtel ONR.
https://forums.hardwarezone.com.sg/threads/fully-utilize-singtel-2gbps-network.7041131/

Maybe this can be helpful for someone who also contracted the 2 Gbps plan. I did lots of searching on Internet and found a very affordable solution. The cost is less than 30 SGD.

I recently subscribed to Singtel's 2Gbps Enhanced plan because the price difference between 1 Gbps and 2 Gbps for new user is marginal. However, the Ethernet ports on the installed ONR by Singtel only support 1 Gbps speed. In order to fully utilize the 2 Gbps speed, you need to change the ONR from Singtel.

I purchased a VSOL V2802RH ONT from Taobao (only costs ~150 RMB, or ~28 SGD) with 1*2.5 Gb + 1* 1 Gb Ethernet ports. (https://www.vsolcn.com/product/25gbe-1ge-ont-v2802rh)

I use the Bridge mode for this ONT. You can also configure this ONT as a router, then you need to use IPoE in Channel Mode as described below. You should do the setup below without plugging in your fiber, because the ISP will push some settings to your ONT after you plug in your fiber. Therefore, you should only plug in your fiber after you complete the setup.

1. Under Setup | WAN | GPON Settings, mirror your LOID, LOID Password, PLOAM Password from your ONR. For Singtel, you just need to set PLOAM Password as your Fibre ID, and LOID, LOID password you can put anything like 123456789 and 123456.

2. Open the telnet port under Firewall | ACL, then use telnet login to the ONT and then write the GPON_SN of your old ONR to this ONT. You can find relevant information on the Internet. One of the examples is: https://www.odbook.com/1215.html (in Chinese) I think GPON_SN and PLOAM Password are used for PON authentication by Singtel.

3. Under Setup | WAN | WAN Settings, add a new WAN interface by clicking "Add" with following settings:
Default Route Selection -> Specified
Channel Mode -> Bridge <- if you use this ONT as a router, you should set this to IPoE
Enable IGMP -> checked
VLAN -> Enable
VLAN ID -> 10 <- type "10," here if you see VLAN ID = 10 is reserved
VLAN Cos -> 0
Multicast VLAN ID -> 0
Application Mode -> INTERNET
Request DNS -> Enable
Default Route -> Enable <- I found it always goes back to "Disable" automatically
LAN -> tick LAN2 <- LAN2 is the 2.5 Gb port

4. Under Setup | LAN | DHCP, set DHCP Mode to None. <- If you use this ONT as a router, you should leave this on

If everything goes well, you will see "Registered,Certificated" under Status | Device Info | PON | Connect state, and "O5" under Status | Device Info | PON | ONU status. Then you can configure the IP of your router or computer using DHCP to get IP address and DNS Servers automatically.

Now you can see the download speed is over 2 Gbps: https://i.ibb.co/fXXCrRK/Screenshot-2024-06-23-at-10-20-25-PM.png
However, I found the upload speed is still 1 Gbps. Maybe this is limited by the ISP.

 

[rtf]

@xiaofan Hi Master, I am using starhub 10G Nokia XS-2426X-A ONR. How could I change it to bridge mode? Now I am facing double NAT issue.

 

[xiaofan]

@xiaofan
Hi Master, I am using starhub 10G Nokia XS-2426X-A ONR. How could I change it to bridge mode? Now I am facing double NAT issue.

Nothing you can do with the ONR now if you missed the chance to get the superadmin password from the installer during the installation time.

It is better to try your negotiation power to convince Starhub to change your Nokia ONR to ONT, if you hit into the limitation of Nokia XS-2426X-A ONR.

For those who managed to get the super-admin password, there is a way to bridge the Nokia XS-2426X-A ONR.

Detailed bridging instruction: you need to have the super-admin password which is generated during installation time.
https://forums.hardwarezone.com.sg/...lved-by-upgrading-onr-firmware.6916918/page-9

Here are the screenshots from the Nokia ONR web GUI on https:// 192.168.18.1

WAN Services overview, got 4 profiles.

Access Control, seems like can deny TR-069 here for WAN.

WAN Profile 1 TR-069, seems like we can disable the profile, or turn off the TR-069 toggle below.

WAN Profile 2 part 1. Can see the "Connection Mode" : "Route Mode". Changed to "Bridge Mode", then below need to set VLAN to "Tunnel", the VLAN ID and PRI were auto copied over for me.

WAN Profile 2 part 2

 

[gundamkitten]

@xiaofan Hi Master, I am using starhub 10G Nokia XS-2426X-A ONR. How could I change it to bridge mode? Now I am facing double NAT issue.

what you can do without the ONR superadmin password is to set any wifi router to access point mode in the router settings, which will turn off the NAT function of the router.

 

[xiaofan]

Nokia G240 ONR bridging -- but no public login info for the super-admin password info

https://forums.hardwarezone.com.sg/...zte-f8648p-superadmin-password.6946718/page-4

Hi XiaoFan,

I am using Nokia G240 ONR.

please see my screenshot

Should I change it it bridge mode?

Hi Xiao Fan,

my second screenshot is the LAN page where i can choose which port to bridge leaving the rest as unbridge.

I log in via the support as shared by another member / if i logged in via the usual admin mode, i am not able to select any ports to bridge mode.

Ah, sorry I missed that. I tend to think now you can just bridge Port 4 to see how it goes. That is what Singtel 1+1 Gamer Bundle plan is doing (Port 4 bridged, Port 1/2/3 not bridged). If successful, you can connect your own router to Port 4 and then it should get a public IPv4 address (and not 192.168.1.x private IPv4 address).

Again standard disclaim: proceed at your own risk. YMMV. Some users may brick their ONR when bridging.

 

[Xherion]

Hmm I am on Starhub ONR then connected to Unifi UDR. When I looked at the UDR WAN IP it is a private IP (192.168.XX.XX) so that confirms I am on double NAT?

I did not connect anything by wired or wifi to the ONR, all my devices are connected to UDR or the switch/AP which are connected to UDR, so far I have no issue, running home assistant and HA can see all my devices.

So nothing to worry about for now?

 

[xiaofan]

Hmm I am on Starhub ONR then connected to Unifi UDR. When I looked at the UDR WAN IP it is a private IP (192.168.XX.XX) so that confirms I am on double NAT?
I did not connect anything by wired or wifi to the ONR, all my devices are connected to UDR or the switch/AP which are connected to UDR, so far I have no issue, running home assistant and HA can see all my devices.
So nothing to worry about for now?

Yes, you should be fine in this case even with Double NAT.

 

[Matt_Max]

Anyone can share the superadmin password for nokia G240?

 

[eggy]

@xiaofan Hi Master, I am using starhub 10G Nokia XS-2426X-A ONR. How could I change it to bridge mode? Now I am facing double NAT issue.

For those with Starhub and using the Nokia XS-2426X-A ONR in bridged mode, is it possible to replace it with a GPON Stick or ONU?

 

[xiaofan]

For those with Starhub and using the Nokia XS-2426X-A ONR in bridged mode, is it possible to replace it with a GPON Stick or ONU?

In theory, yes. In reality, no one has done any replacement of the XGS-PON ONR in this forum, as XGS-PON ONU is not cheap and no guarantee for success.

The easier way for Starhub Nokia XS-2426X-A all-in-one ONR is to bug Starhub until they agree to change to XGS-PON ONT, quite some users have done that.

VQ has now offered XGS-PON stick for power users with their new 3Gbps/5Gbps/10Gbps plan at S$99 top-up. Usual price is S$300 from VQ.
https://viewqwest.com/sg/residential/broadband/
https://e-store.viewqwest.com/products/huawei-optixstar-s800e-xgs-pon-sfp-onu

 

[xiaofan]

Anyone can share the superadmin password for nokia G240?

@blurnard

Just wondering if you can help here. Thanks.

 

[xiaofan]

More info about VSOL ONU.
https://forums.hardwarezone.com.sg/...band-provider.5494964/page-113#post-153144052

1. Example GPON ONU from VSOL with 2.5G LAN port Taobao, RMB 185. This will work usually for 1G/2G/2.5Gbps plans if you configure it properly (with potential exception for Singtel TV box).

https://item.taobao.com/item.htm?spm=a21xtw.29178619.product_shelf.1.17a62472jCAJSz&id=749364212240

2. Example XGS-PON ONU with 10G LAN port from VSOL Taobao, RMB590, one of the cheapest XGS-PON ONU that I know of. This may be an option to replace the XGS-PON ONR provided by Starhub/Singtel but no one has done that. Not guarantee to work.

https://item.taobao.com/item.htm?spm=a21n57.1.item.2.317951bfOOj9FE

 

[blurnard]

@blurnard

Just wondering if you can help here. Thanks.

PM him liao

 

[xiaofan]

PM him liao

Nice!