9 days later
Hello everyone,
Gave myself a great zywall usg 20w on ricardo to finally configure a real network and above all IPSEC VPN access…and then I’m totally disappointed 😞
My config:
Internet-Box -//- Zywall -//- LAN1..LAN2..WAN
192.168.0.1 -//- 192.168.0.103 192.168.1.1 -//- 192.168.1.x
From the Zywall WAN I connect to the VPN-IPSec without problems but if I connect from the internet I have negotiation errors.
I tested the DMZ option and even deactivated all the firewalls…but nothing could be done for the VPN.
But no problem surfing or accessing my servers from the internet.
Before Zywall, everyone was in 192.168.1.x behind the box. I “just” wanted to insert the zywall.
Either I didn’t understand anything or I’m in the same situation as you and despair of having the IP passthrough option available.
If you have understood something and have a simple and inexpensive solution, I’M A TAKER!!!
Thank you 🙂
A+,
Mark
PS: I’m new to this forum..
Well… ok by rereading the thread better I understood that we can do without the swisscom box and use a router by adding a “media converter”… except for restrictions for swisscom TV and a certain DHCP setting 60…
I’m not super knowledgeable so in summary:
1) I throw away the swisscom internet box
2) I find a Media converter
3) help me configure the zywall to connect to Swisscom 🙂
PS: Is Media Converter just Swiss/France type adapters or does it do intelligent things?
[http://www.tp-link.com/en/products/details/cat-4793\_TL-SM321B.html](http://www.tp-link.com/en/products/details/cat- 4793_TL-SM321B.html)
[http://www.tp-link.com/en/products/details/cat-4793\_TL-SM321A.html](http://www.tp-link.com/en/products/details/cat- 4793_TL-SM321A.html)
or even
[http://www.tp-link.com/en/products/details/cat-4792\_MC220L.html](http://www.tp-link.com/en/products/details/cat-4792_MC220L. html)
Thank youiiiiiiiiiiiiiiiiii
Mark
Me again…
The converter that seems to work well: [https://www.digitec.ch/en/s1/product/zyxel-cvt-2512-ftth-zu-fast-ethernet-media-converter-network-accessories-400471](https://www.digitec. ch/en/s1/product/zyxel-cvt-2512-ftth-zu-fast-ethernet-media-converter-network-accessories-400471)
And the special configuration doc for swisscom and Zywall…well, ok it dates from June 2012 but it seems promising to me..
https://www.studerus.ch/fr/support/download/58517_1
I don’t understand anything in the doc but if you follow the instructions you should get there, right?
My feedback, I replaced the Internet Box with a Mikrotik router, it worked correctly for internet access but I encountered problems with multicast streams because the IGMP support is bad/incomplete with this router.
I then used a Pfsense firewall solution with a Fiber - Copper media converter which worked well for 6 months even if the initial configuration is not simple because you have to modify configuration files by hand without using the webgui to configure vlan and option 60 in DHCPRequest packets. Overnight without any change on my side it stopped working 😞 The message was:
"This connection is not yet activated.
For activation, please contact your telecommunications operator in advance.
Your Binding-ID is: xxx.xxx.xxx.xxx"
After registering via the web interface it worked for a few minutes and then the same message again.
Impossible to get support from Swisscom because I no longer used their router. To resolve this, I left the internet box plugged in and after a few hours the access worked stably again. Due to lack of time, I have not yet tried to connect my pfsense firewall directly again.
IHTH
I had the same problem with my Mikrotik it is linked I think to the loss of IP for a moment. You must also put the swisscom code in the DHCP options so that the swisscom DHCP server can authorize it.
Look HERE
[https://blog.dogan.ch/2013/10/20/pfsense-mit-swisscom-ftth/](https://blog.dogan.ch/2013/10/20/pfsense-mit-swisscom-ftth /)
send dhcp-class-identifier “100008,0001,pfSense dhclient 2.1”;
There I can’t do more ^^
If you’ve already done this before and you still have it, then I don’t know what your problem is ^^.
16 days later
Good morning,
I too have been looking for some time to replace the FTTH internet box which I am not satisfied with. I am ready to purchase equipment but would like to ask your advice before placing the order.
I don’t need telephony, I just need to keep my TV box 2.0 + firewall / get rid of the internet box
I am really determined to change the Swisscom router and will let you know the result.
I found this news on the zyxel website:
https://www.studerus.ch/fr/support/knowledgebase/detail/3582
Could anyone confirm for me that the following hardware will be compatible:
1. a fiber-optic converter
https://www.studerus.ch/fr/products/cts-cvt-3512-sc/
2a) https://www.studerus.ch/fr/products/zyxel-usg40/
Or
2b) https://www.studerus.ch/de/products/zyxel-zywall-110/
Do I need an additional switch, or can I connect my TV boxes directly to the firewall?
Thank you for your help
16 days later
jmurillo, for the fiber converter > RF45 part I think you will have no problem, for me with the “HES-3106” it works perfectly. On the other hand, to retrieve the correct IP, the router/FW must send a DHCP request with option 60 activated, something that unfortunately my router does not know how to do. So I couldn’t go any further with IGMP.
I haven’t been motivated enough to replace my router yet, but from everything I’ve read these models are the ones that offer the best support for the Swisscom network. I had already contacted them once, they responded well, I advise you to send them an email asking them if it works with tvbox 2.0.
If you take the plunge, keep us informed, I think we can no longer tolerate the instability of the base router :/
I managed to do without the Swisscom router, but it was a hassle and required some purchases. It’s been working fine for 4 months.
For this, I used a Zyxel media converter (3512), a small industrial PC designed to operate passively 24 hours a day which runs an IPFIRE distribution and, to be able to have Swisscom TV, a TP-LINK switch manageable behind IPFIRE.
It’s DIY. The VLAN is managed at the media converter level.
DHCP Option 60 can be programmed in IPFIRE by editing a configuration file.
The igmp for swisscom TV required modifying configuration files in IPFIRE and adding the managed switch, with IGMP function, because otherwise every time I looked at Swisscom TV, it disrupted the rest of the network. To be honest, I stopped using swisscom TV at the beginning of the year because I now don’t use satellite (this choice has nothing to do with the quality of swisscom TV). For the rest, nothing but happiness, the speed tests do not show any reduction compared to the swisscom router, I access my local network remotely very simply and very securely via OPENVPN managed directly by IPFIRE, which also manages a IDS system to prevent attacks, the firewall of course and a transparent proxy, all this with a 1 GPS connection. Port forwarding is obviously more efficient than on the swisscom router, once you understand the use of IPFIRE.
On the other hand, you must like to tinker and get by with the basics of Linux (modifying files in ipfire) and be able to read the forums in English. In addition, no guarantee regarding possible changes that will be made by Swisscom
I finally placed an order and received the following material this Friday:
- a Zyxel 3512 media converter (CTV-3512W2A more precisely, in fact perhaps Endymion could confirm to me that it is indeed the right converter because it seems that there are several models: https://www.studerus.ch/de/support/download/59740_1))
- A USG60 firewall finally
- a Zyxel GS1900-8 Smart Managed Switch
I plan to install this week but would like to be sure that the CTV-3512W2A is the right one. If anyone could confirm that would be great…
THANKS!
7 days later
Come on, I’ll add my rant post…
8 hours of tinkering so that my Netgear r7000 dd-wrt (kong) could cope with the bulk of the work. Impossible.
I tried almost everything:
* Live, r7000 directly on the wall: dhcp option 60 + vlan 10 tagged + mac cloning of piccolo, forcing physical port parameters to 100m/full duplex –> no link
* The piccolo in IP passthrough mode: where are the options? Simply a “User Configured PC”. The WAN port of my r7000 configured in DHCP mode does not catch anything. Even if I set the IP to static it doesn’t work.
* Manually tried to bridge the piccolo by following this post: [http://danielpocock.com/adapting-the-swisscom-piccolo-router-for-bridging-and-other-isps](http://danielpocock.com /adapting-the-swisscom-piccolo-router-for-bridging-and-other-isps)
--> Nothing
In short, it’s a bit ch*** all the same.
I tweeted swisscom_care, see if they can pass on any info. Quite responsive most of the time, to see if it will be the same on slightly more touchy subjects.
I will update if there is anything new, see I will probably write a tutorial.
++
16 days later
a month later
15 days later
I am a new Swissom Internet / TV customer…I unpacked and installed the Internet-Box yesterday…and I discovered the problem. I have a great, well-configured router, more solid and powerful than the internet-box and I can no longer use it???
I don’t believe it.:smileyfrustrated:
You need passthrough…it’s just obvious. Not all swisscom customers are ordinary users. It’s really a shame that you put us all in the same boat.
Perhaps a moderator could advise which Swisscom hardware allows IP passthrough to be used? THANKS