DIY ONT with GPON SFP stick and openWRT

[BlonkBloink]

Anyone try before? How to get the gpon credentials(myrepublic)

 

[Fronsac]

I asked both viewqwest and myrepublic before, they do not support using your own GPON device.

 

[yosemi]

means in singapore cannot do something like this

 

[xiaofan]

means in singapore cannot do something like this

Correct. We can not replace the ISP issued ONT/ONR here in Singapore.

 

[Groudon]

Correct. We can not replace the ISP issued ONT/ONR here in Singapore.

I've actually had success using a GPON ONT SFP module with M1, and it was fairly straightforward. I believe it should be the same for StarHub too, or at least the telcos that are using Huawei OLTs. Unfortunately, the SFP module does run a little hot past my comfort level

 

[xiaofan]

I've actually had success using a GPON ONT SFP module with M1, and it was fairly straightforward. I believe it should be the same for StarHub too, or at least the telcos that are using Huawei OLTs. Unfortunately, the SFP module does run a little hot past my comfort level

Ah, that is very interesting to know. Thanks.

I though the ISPs are not given out the super admin password for the ONT so that it is difficult to replicate the settings in the GPON ONT SFP modules.

 

[rockyleong]

I've actually had success using a GPON ONT SFP module with M1, and it was fairly straightforward. I believe it should be the same for StarHub too, or at least the telcos that are using Huawei OLTs. Unfortunately, the SFP module does run a little hot past my comfort level

No extra stuff required? Mind sharing this over PM if its not comfortable?

 

[Groudon]

No extra stuff required? Mind sharing this over PM if its not comfortable?

There's some minor settings required:
1) You need to clone the GPON_SN from old ONT. I did this with the V2801F chip, you can find guides on Lowyat and on Github (https://github.com/Anime4000/RTL960x). [surprisingly they are quite active in this area]
2) VLAN 1103, priority 1. On Mikrotik devices, you can refer to this guide: https://www.cflee.com/posts/routeros-tagged-m1-fibre/ ; please note that doing this type of manipulation will be done in software on the Mikrotik devices, so FastTrack won't work [i.e. hopefully you have a fast enough CPU in your device so you can still get full/near-to-full speeds. Probably not much of a concern for pfSense/opnSense devices].

I didn't explore the voice VLAN config for now, which I believe is VL1107, since M1 has already locked down their ONTs further which makes it difficult to retrieve the SIP settings.

 

[BlonkBloink]

My ONT is Alcatel Lucent ONT from MR, what is the procudure? I cant even find thr managment page for the ONT

 

[Groudon]

My ONT is Alcatel Lucent ONT from MR, what is the procudure? I cant even find thr managment page for the ONT

Alcatel's procedure would be much different, you probably will need to retrieve the SLID from the current ONT as well.

 

[TanKianW]

There's some minor settings required:
1) You need to clone the GPON_SN from old ONT. I did this with the V2801F chip, you can find guides on Lowyat and on Github (https://github.com/Anime4000/RTL960x). [surprisingly they are quite active in this area]
2) VLAN 1103, priority 1. On Mikrotik devices, you can refer to this guide: https://www.cflee.com/posts/routeros-tagged-m1-fibre/ ; please note that doing this type of manipulation will be done in software on the Mikrotik devices, so FastTrack won't work [i.e. hopefully you have a fast enough CPU in your device so you can still get full/near-to-full speeds. Probably not much of a concern for pfSense/opnSense devices].

I didn't explore the voice VLAN config for now, which I believe is VL1107, since M1 has already locked down their ONTs further which makes it difficult to retrieve the SIP settings.

The MikroTik export script looks pretty straight forward (bridge, vlan), just a BR-filter will do the trick. Such routing might not run on software firewall which uses NICs (I may be wrong) unless it is direct handover (from ISP upstream) to client side equipment. So may end up still need to deploy your firewall behind the router.

If you going all out MikroTik without the firewall, really worth a shot.​

 

[Mach3.2]

There's some minor settings required:
1) You need to clone the GPON_SN from old ONT. I did this with the V2801F chip, you can find guides on Lowyat and on Github (https://github.com/Anime4000/RTL960x). [surprisingly they are quite active in this area]
2) VLAN 1103, priority 1. On Mikrotik devices, you can refer to this guide: https://www.cflee.com/posts/routeros-tagged-m1-fibre/ ; please note that doing this type of manipulation will be done in software on the Mikrotik devices, so FastTrack won't work [i.e. hopefully you have a fast enough CPU in your device so you can still get full/near-to-full speeds. Probably not much of a concern for pfSense/opnSense devices].

I didn't explore the voice VLAN config for now, which I believe is VL1107, since M1 has already locked down their ONTs further which makes it difficult to retrieve the SIP settings.

Just the GPON_SN from the label on the ONT?

No need root the ONT to retrieve credentials ah?

 

[Groudon]

The MikroTik export script looks pretty straight forward (bridge, vlan), just a BR-filter will do the trick. Such routing might not run on software firewall which uses NICs (I may be wrong) unless it is direct handover (from ISP upstream) to client side equipment. So may end up still need to deploy your firewall behind the router.

If you going all out MikroTik without the firewall, really worth a shot.​

yes, I believe you are right. Also, another issue is that these SFPs are not really very standard, and thus, not all devices accept it (so far no issues on an old Intel X520 NIC and plays well on the RB4011, but it won't work at all on the CCR1072 despite having both 10G/1.25G support).

Just the GPON_SN from the label on the ONT?

No need root the ONT to retrieve credentials ah?

Sent the commands from my end. Shouldn't be necessary.

 

[BlonkBloink]

Im sure my SLID got sth wrong
Im on static, port 1 is WAN port 4 ins management, Im on the management interface

 

[BlonkBloink]

The LOID, idk if this is private or not pls advise

 

[BlonkBloink]

SSH open, ran a ip addr to check if the management interface can access WAN, apparently not cos its in bridge mode

 

[BlonkBloink]

aiyo wth MR so insecure. the management interface can access other peoples ONT and all is default creds

 

[BlonkBloink]

also the ONT MR gave me was 2nd hand.... plastic all yellow and the seal was broken somemore.. anyone else experience this? cos last time singtel they give all relatively new one(ZTE/Huawei)

 

[BlonkBloink]

This is veryyyyyyy bad..... those interfaces arent secure and can even reboot other peoples things... MR needs to actually do something. shld do vuln reporting but im sure they know and jsut dont care

 

[xiaofan]

This is veryyyyyyy bad..... those interfaces arent secure and can even reboot other peoples things... MR needs to actually do something. shld do vuln reporting but im sure they know and jsut dont care

Maybe MyRepublic users need to take care.
@TanKianW