@a.jaeger72 wrote:
So here I am again with an update for you.
Today the old new router arrived again. So I immediately did the test with a Centro Grande and lo and behold, no problem at all. Under the network there is the IP forwarding function. Save the settings (which device should receive the official IP) and off you go. My firewall now really has the official public IP from Swisscom on the WAN port. TV and telephone also work, but why did I have to spend CHF 99 for an Internet box? Well, I will also clarify this point and hope for a credit.
I hope I can help some customers with my experience so that you don’t have to spend around 4 weeks spending endless amounts of time with tests, support, telephone calls, settings, configuring a new Internet box, etc.
Fortunately, most people don’t have these problems because they watch TV or want to use the WiFi. You want more than that and Swisscom is usually not in a position to help (support is not trained in this sort of thing) unless you are in the Business Internet Light department, but then TV won’t work. I installed my Internet box within 5 minutes with TV 2.0 on an Easter Monday morning at 8 a.m. and didn’t have to make a call.
If you have Vivo M and wanted an internet box, then it costs a discounted price of 99.–. Those who don’t want an Internet connection can get the Centro router for free when they sign up for a new subscription. I think you can safely exchange it back if you DON’T want an internet box.
@a.jaeger72 wrote:
I wanted an internet box because it has some good service and that’s why I paid the CHF 99.-. Unfortunately, the support and the hotline didn’t understand what my needs were and so I was given incorrect advice, which is a shame…
Maybe you as a customer should also assert your needs. And you can certainly return the Internet box (which would actually be much better than the Centro Grande) and get your money back.
When I hear external firewalls or things like that, a Bluewin-Swisscom router is usually not a good choice. You can neither bridge them nor get a fixed IP from the provider Bluewin. Swisscom separates its customers a bit into TV customers (with fewer needs) and more professional Internet users (companies) without TV. So if you “buy” a TV 2.0 somewhere, most people won’t ask you what you want to do with the router.
Conclusion: Once again, as a Swisscom customer who does not need 0815 products, you will be left out in the cold. You pay for a product that does not meet the requirements that were clearly stated. Top sales, support and adjustments flop…
I would hold back from making such statements. If most customers had their way, the supporters would have to be able to set up entire networks, of course on the free number 0800 800 800.
Swisscom Bluewin are 0815 products because customers usually also want (need) 0815 products. Do you think older customers have ever accessed a router via an interface? They want to watch TV, but they usually don’t even know that there’s a router somewhere. The supporters are “trained” in the same way and Swisscom also says very clearly that external matters do not affect their support, which is why you were also connected to AMICO, which solves problems like you have within Swisscom for money.
A small inquiry here in the forum from a specialist revealed that the Internet box, which you can have, cannot. So call support, say you would prefer to keep the Centro Grande and ask for credit after returning the Internet box. The support will make sure of this for you, which will definitely not be a flop just because you have something that doesn’t work for you. It’s easy to lump everyone together, but you shouldn’t forget that Swisscom has to offer 365-day support, and since there is a shortage of skilled workers, it’s not just computer scientists on the hotline who also have a certain understanding. And Swisscom sells you the signal, gives you a router, etc. - what you do (or can do) with it is not their responsibility.
If you want more, you just have to use AMICO or an external ITP (like me), which is not free and may not be able to do everything. Because if Tuxedo says the Internet box can’t do that, then you can be sure that it won’t work (unfortunately)
So thank you for your good tips. I won’t write anything else here because it has nothing to do with the problem anymore.
The solution to the problem is to use a Centro Grande and not an Internet box. You have to weigh up which services you want. If you want the official IP on the firewall you need a Centro Grande. If you want all the other goodies (time control for WiFi, guest WiFi, etc.) you need an Internet box. TV 2.0 works on both routers.
10 months later
Hello
Ask; Is there anything new on this question? I’m also waiting for the IP forwarding function on the InternetBox. I need this for the P-P VPN which terminates on firewalls.
Background: Currently P-P VPN with Zyxel USG, VDSL router and Centro Pccolo as well as ISDN. If ISDN is no longer available, I will probably have to switch to VoIP, then I need the InternetBox if I want to use all the functions of IP telephony, but how do I then do P-P VPN to permanently connect my two locations?
I’m looking forward to the solution.
Greetings
Neanderthals
Hello Neanderthals
There is no solution on the Internet box. Actually, we should be a business customer with this requirement.
I also use IP telephony and use a Centro Grande. As far as I know, I can do anything with it. The Grande is also available as a glass version.
Beate greetings
AJ
PS: I also do a VPN to two locations with USG from ZyXel.
Hello
Thank you very much for your answers.
I would like to use the DECT function DECT base station of the InternetBox, e.g. for using the current HD-IP telephones e.g. the Arosa type, which only works together with the InternetBox. In any case, Swisscom writes: “The HD-Phone Arosa only works on a landline connection (IP) with the Swisscom Internet-Box .”
As a business customer I don’t get an InternetBox, apart from that I’m a private customer. My site-to-site VPN (IPsec) is about the connection between the house and the holiday apartment.
@VTX
Are you sure that IP forwarding (1:1 NAT) is no longer needed for a permanent site-to-site VPN based on IPsec with Zyxel USG 20 and 50? Then it should work with the InternetBox, right?
Greetings
Neanderthals
Why 2 threads on the same topic? –> See answers here:
[https://community.swisscom.ch/scs/board/message?board.id=internet\_de&message.id=39210#M39210](https://community.swisscom.ch/scs/board/message?board. id=internet_de&message.id=39210#M39210)
Yes, the various answers are not so clear.
Just this much: The Internet box doesn’t have a bridge/IP passthrough mode and you’re apparently now using that with the old router.
I don’t know if there is another option. Ev. But another user who has implemented such a solution without a bridge/IP passthrough can answer this in detail. According to @XT it should be possible.
Hello
So in order for an IPSec VPN to be made on a ZyWall, I need the public IP on the WAN port of the ZyWall. In other words, the Internet box or the Centro Grande must be set to bright mode. This is the only way the IPSec VPN works.
I don’t know whether you can set up a VPN in another way or not. I need to apply this so I can make a VPN to another ZyWall.
Swisscom’s 3rd level support also informed me that there will be no bright mode for the Internet box. Even an approach from the group that takes care of the Internet box did not listen to this concern.
Now about telephony and I really don’t know much about that. I operate various telephones on my Centro Grande. They are all from the Gigaset brand, e.g. C780, C430 (IP Tel) and the 920.
9 months later
I just came across this topic.
Does this solution still work with the Centro Grande? Or are there better solutions now?
I was (unfortunately) assured by the support hotline that all my claims with DMZ had been resolved…
Which is unfortunately not the case… The firewall needs the public IP.
However, I would also like to use Swisscom TV and the telephone…
I don’t need the functions like WLAN and other things from the Swisscom IB - I do everything with my own hardware.
Greeting
Dominic
5 months later
@Dodooo Sorry, I only saw your question now, but I can assure you that P2P VPN (IPsec) still runs smoothly and stably over the old Centro Grande.
Unfortunately, the time is getting closer and closer when I will have to switch to an Internet box due to the discontinuation of ISDN. I now have two questions about this:
1. Is there any news about the timing and functions of the new Internet-Box plus? Especially of course functions like P2P VPN or IP forwarding?
2. Useful solutions for Internet Box and P2P VPN with e.g. Zyxel USG? or experience whether something like this works with the DMZ function, for example?
I am grateful for your help.
Greetings
Neanderthals
@Neandertaler wrote:
1. Is there any news about the timing and functions of the new Internet-Box plus? Especially, of course, functions such as P2P VPN or IP forwarding?-…
The Internetbox Plus has no longer been available since May. Afaik the successor IB2 will be released in November
Afaik no IP forwarding is offered until further notice…
….keep on rockin' 🤘🏼🤘🏼🤘🏼
a month later
I don’t want to tell you how things are going with my VPN solutions now that both locations are equipped with the new Internetbox2.
Site to Site VPN with IPsec (Zyxel USG 20 and USG 50)
Runs stably with the previous configuration!
Client to Site VPN with L2TP over IPsec (Zyxel USG 20 / 50)
Doesn’t run! I suspect a NAT traversal problem.
With the old Centro routers, the IP forwarding function worked without any problems. I haven’t changed anything in the config of the USG and the clients (so far). Does anyone have an idea how to get this working again?
For information again. The Zyxel USG are behind the Internetbox2. On the Internetbox2 I have so-called. DMZ function directs all ports to the USG (which also gets a fixed IP address from the Internet box). Swisscom TV and guest WLAN are accessed directly on or from the Internet box. Behind the Zyxel USG is the private (protected) LAN and a DMZ. The VPNs should all terminate in the private LAN behind the USG. The IP addresses are of course different, the Internet box on the 192.168.1.1 and behind the USG are 10.0.0.1 - 10.0.50.1 and 10.2.0.1 - 10.2.50.1 networks respectively.
The public IP is published via Dyndns from the USG. The IPv6 firewall is switched off on the Internet box as a precaution. CGNAT is not activated by Swisscom, so I have a normal IPv4 address. The VPN function provided by the Internetbox2 is of no use to me, as it then terminates in front of my private network and I therefore cannot access the applications, drives, NAS,… that are in the private LAN.
Would be glad for help with L2TP issue. @Anonymous
Greetings
Neanderthals
a month later
L2TP with USG40
I have a similar constellation, but a CentroBusiness2. Maybe the following information will help:
old configuration:
Location A: upc modem/bridge mode - Zyxel USG40, telephone ISDN
Location B: upc modem/bridge mode - Zyxel USG40, analog telephone
new configuration:
Location A: upc modem/bridge mode - Zyxel USG40, telephone ISDN
Location B: Fiber optic Vivo M (Internet and telephone) - CentroBusiness2 - Zyxel USG40
The CentroBusiness2 was set up as follows:
IP Passthrough Local Security Gateway
[http://documents.swisscom.com/product/1000260-Connectivity\_Geraete\_/Documents/ Specifications/Centro_Business2_IP_Passthrough-de.pdf](http://documents.swisscom.com/product/ 1000260-Connectivity_Geraete_/Documents/ Specifications/Centro_Business2_IP_Passthrough-de.pdf)
dyndns on
USG40 firewall:
- wan1 connected to port 1 of CentroBusiness2
- wan1
ip address 172.31.255.6
subnet mask 255.255.255.252
gateway 172.31.255.5
- DDNS off
(USG40 no longer receives the public IP as before with upc,
this is now done by the CB2)
VPN site to site
- Leave the configuration as upc, works
L2TP
- no longer works because the CB2 no longer receives the public IP as before with the upc modem
- Telephone call with Studerus Support, recommend the following setting:
https://studerus.ch/de/support/knowledgebase/detail/115090
- doesn’t work for me, after countless tests the following finally works:
1. Create Address Object CentroBusiness2_IP with public IP
2. in VPN Connection: change local-policy from wan1 to CentroBusiness2_IP
That’s it, L2TP works again!
Now I have three questions:
1.
It is unpleasant that no dyndns address (e.g. xyhome.dyndns.org) can be entered in VPN Connection, but only an IP address. If the CB2 receives a new public IP from Swisscom after a power failure/restart, the address object CentroBusiness2_IP is no longer correct and access from outside via L2TP would no longer be possible. Is there at most a solution with the dyndns address?
2.
How long does it take for CB2 to notify dyndns of a new public address? In my tests, the CB2 showed a working connection to dyndns, but did not communicate the new address. Since I didn’t want to wait for further setup, I entered the new IP directly at dyn.org. With the USG40, the DDNS status can be queried; the CB2 lacks this option.
3.
You write: The public IP is published via Dyndns from the USG. Does the Internetbox2 forward to the USG with DMZ activated? If that were the case, the IB2 could do more than the CB2…