Wifi mesh systems

Gooey Looey

dam099 wrote: »

Ah right.

I can also reach my Home Automation server on a RPI if I forward the port on my main router.

Is there a continuous connection kept open from the server to the cloud?

Carrier grade NAT isn't the same as double NAT. It does complicate things though
https://en.wikipedia.org/wiki/Carrier-grade_NAT

dam099

Gooey Looey wrote: »

Is there a continuous connection kept open from the server to the cloud?

There is a link to a cloud service for remote sensor status and it also looks up to Darksky.

Tried another port forward for an non cloud enabled application on another Pi though and it worked too.

Edit: Just saw your update on CGN not quite being the same.

54and56

dam099 wrote: »

Below is an example of double NAT.

I haven't experienced any real problems but I have taken some steps to mitigate the impact i.e. turned of DHCP and WiFi on the ISP router and put my own 3rd party router into the DMZ of the ISP router.

Hi Dam099,

Are you saying my Trace route shows double Nat?

RangeR

54and56 wrote: »

Hi Dam099,

Are you saying my Trace route shows double Nat?

It looks to be not double NAT. This is normal if you have your VM router bridged. Your TaoTronics is hop 1. Hop 2 ntlworld.ie [89.101.x.x] appears to be the VM gateway [they bought over NTL Ireland], not your router. Your router would show up as something like 192.168.0.1.

54and56

RangeR wrote: »

It looks to be not double NAT. This is normal if you have your VM router bridged. Your TaoTronics is hop 1. Hop 2 ntlworld.ie [89.101.x.x] appears to be the VM gateway [they bought over NTL Ireland], not your router. Your router would show up as something like 192.168.0.1.

So the trace actually looks good?

If that's the case I guess the challenge is to find a way to change it from router to bridge/modem setting.

I haven't tried the hack linked to above yet, might give that a crack over the weekend.

Would prefer to not have to go messing about with code!!

Blowheads

Gooey Looey wrote: »

You need to set vlan10 on the wan interface.

Thanks, are there other settings / login details necessary?

cruizer101

Wondering has anyone else bought the deco M5 and what the power connector was.
I bought some from Komplett on which the image shows the connector being a usb c socket. However they arrived with a barrel connector.
They have the power plugs but they are euro plugs meaning need to use a travel adapter. I had thought they would be euro plugs as when I ordered travel adapters were added to my cart automatically for €0. But I had planned just using some of my own usb power sources to power them instead, and also to get some 90 degree adaptors so I could keep the cables neat and tidy.

Bit of a pain and not sure whether to return and try order some others with the usb c socket or just use them.

Gooey Looey

Blowheads wrote: »

Thanks, are there other settings / login details necessary?

I honestly don't know as I haven't done it myself. I'm pretty sure you just enable DHCP on the wan interface but maybe they use pppoe. Someone with Vodafone FTTH will have to answer that.

Cyrus

Blowheads wrote: »

Thanks, are there other settings / login details necessary?

yes see here

password is vodafone i think (or maybe it doesnt matter)

54and56

RangeR wrote: »

It looks to be not double NAT. This is normal if you have your VM router bridged. Your TaoTronics is hop 1. Hop 2 ntlworld.ie [89.101.x.x] appears to be the VM gateway [they bought over NTL Ireland], not your router. Your router would show up as something like 192.168.0.1.

Sorry to be a squeaky hinge here but I got up earlier to do the VM Modem hack and it just crossed my mind that if my VM modem is stuck in router mode I should be getting a Double NAT result when I run a trace and it doesn't look like I am. Here's another trace just now.



Two other things spring to mind before I attempt this hack.

1. If the VM being in Router mode is what is preventing my ability to port forward why didn't it prevent port forwarding on my old Asus Router which was port forwarding fine before I installed the TT Mesh system?

2. Is the default gateway IP (local IP address) on VM's Cisco EPC3925 modem 89.101.211.41? Should that be set to something else?

RangeR

54and56 wrote: »

Sorry to be a squeaky hinge here but...

OK, so after I said it didn't appear to be double NATTED, you came back and same your VM was in router mode. That had me puzzled. I would expect the second hop to be the local IP of the VM box but it appeared to be your VM gateway ip. So here is my tracert to google.com. My VM is definitely bridged. But I have two other routers so double NAT'd. It's just a little different to yours.

C:\Users\RangeR>tracert google.com

Tracing route to google.com [216.58.204.46]
over a maximum of 30 hops:

1 2 ms 3 ms 2 ms 192.168.86.1 <-Google WIFI
2 3 ms 3 ms 2 ms GL-MV1000 [192.168.0.1] <- Second router
3 14 ms 21 ms 13 ms 46.7.34.1 <- Virgin Media gateway [similar but different to my public IP Address]
4 16 ms 14 ms 13 ms 109.255.255.49
5 14 ms 18 ms 27 ms ie-dub01a-rc1-ae-44-0.aorta.net [84.116.238.158]
6 273 ms 39 ms 19 ms ie-dub02a-ri1-ae-73-0.aorta.net [84.116.134.110]
7 13 ms 14 ms 13 ms 74.125.118.8
8 20 ms 28 ms 19 ms 74.125.243.241
9 27 ms 14 ms 16 ms 74.125.243.247
10 26 ms 14 ms 17 ms 209.85.143.235
11 28 ms 32 ms 28 ms 172.253.71.195
12 1148 ms 83 ms 28 ms 216.239.58.132
13 23 ms 32 ms 32 ms 108.170.246.129
14 24 ms 30 ms 22 ms 108.170.238.117
15 31 ms 34 ms 30 ms lhr25s12-in-f46.1e100.net [216.58.204.46]

Trace complete.

On your trace, I don't see two internal private IP Addresses. I'm just not seeing two routers in your setup. Your first hop is your Tao. Your second hop is the VM Gateway [outside your house, VM edge network]. It just looks to me that your vm router is not in the mix.


If you search "what is my ip address", do you get similar or exactly the same as your second hop, 89.100.xxx.xx?

And don't apologise. It's good to workout tech issues

Just to be absolutely clear. I have a VM Hub 3. The front light goes pink when in bridged mode. When it's not in bridged mode, I think it goes green but it's been a while. I didn't have to hack the box. The setting was just there in the web UI. It's weird that some people have to hack the interface. Maybe VM are cracking down on unneeded support calls . Rather than hacking, maybe give them a call and ask them to bridge it remotely. I know they do this for business customers.

54and56

Thanks RangeR, sure what else would I be doing on a miserable wet freezing cold Sunday in the middle of a pandemic lockdown

RangeR wrote: »

OK, so after I said it didn't appear to be double NATTED, you came back and same your VM was in router mode. That had me puzzled. I would expect the second hop to be the local IP of the VM box but it appeared to be your VM gateway ip.

The 2nd hop is both the IP address of the VM box AND the gateway address specified on the TT Mesh Router. If that is a duplication / transcribe error on my part I guess it could be (or be part of) the problem?



On the VM modem Gateway tab there's a section called "Internet IPv4 Connection" and two things stick out there:-

1. The "Internet IP address" is a 10.100.xx.xxx number (never sure what IP's I can share on a public forum)
2. The "Default Gateway" IP address is the same as the "Internet IP Address" but the final digit is one less.

RangeR wrote: »

If you search "what is my ip address", do you get similar or exactly the same as your second hop, 89.100.xxx.xx?[/IMG]

I assume you meant 101 not 100?

I get the Static IP address of the TT Router which is also 89.101.xxx.xx but not the exact 89.101.211.41 that the 2nd hop is.

RangeR wrote: »

Just to be absolutely clear. I have a VM Hub 3. [/IMG]

I have the Cisco EPC3925 Modem which is the one referred to in the hack thread. I actually have 3 of them. The top one handles Broadband, the bottom two handle VOIP.

RangeR wrote: »

Rather than hacking, maybe give them a call and ask them to bridge it remotely. I know they do this for business customers.[/IMG]

I am a business customer as I have a home office with 4 landlines etc so I might give them a call tomorrow but there's 2 reasons I'd prefer to sort this myself:-

1. I'd like to learn / understand and be more in control of the setup / network myself than rely on increasingly outsourced and templated support from VM or or similar.

2. The quality of Business Support can be very patchy. I've had some great assistance over the years with in house based support but I've increasingly found that as support gets outsourced, whether to a local or international call centre, it gets really dumbed down and if your problem can't be fixed by reference to a set number of prescribed steps you can end up making things worse.

RangeR

54and56 wrote: »

Thanks RangeR, sure what else would I be doing on a miserable wet freezing cold Sunday in the middle of a pandemic lockdown

Drinking?

54and56 wrote: »

The 2nd hop is both the IP address of the VM box AND the gateway address specified on the TT Mesh Router. If that is a duplication / transcribe error on my part I guess it could be (or be part of) the problem?

Your public IP cannot be the same as VM's gateway. They have to be different so your devices can find a route to the internet. Is your TAO set for DHCP? I think it should. VM will assign you an IP. Unless you are on a static address. In that case, VM should have given you your IP, subnet mask and maybe gateway address. If you're not on static, ask then for a static. It's free. While your on, get them to bridge it for you. Unless you REALLY want to mess around.

54and56 wrote: »

On the VM modem Gateway tab there's a section called "Internet IPv4 Connection" and two things stick out there:-

1. The "Internet IP address" is a 10.100.xx.xxx number (never sure what IP's I can share on a public forum)
2. The "Default Gateway" IP address is the same as the "Internet IP Address" but the final digit is one less.

You can share any internal address. Don't share publics. Internals are ALWAYS...


10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255


Anything else is public and could identify you.

54and56 wrote: »

I assume you meant 101 not 100?

Of course. Fat fingers syndrome. From one side of the keyboard to the other.

54and56 wrote: »

I get the Static IP address of the TT Router which is also 89.101.xxx.xx but not the exact 89.101.211.41 that the 2nd hop is.


I have the Cisco EPC3925 Modem which is the one referred to in the hack thread. I actually have 3 of them. The top one handles Broadband, the bottom two handle VOIP.


I am a business customer as I have a home office with 4 landlines etc so I might give them a call tomorrow but there's 2 reasons I'd prefer to sort this myself:-

Similar to what I have in all my business sites [maybe not cisco but look similar. Hitel maybe] but I think they are called. Ring them. It should be painless. Static IP and bridged.

54and56 wrote: »

1. I'd like to learn / understand and be more in control of the setup / network myself than rely on increasingly outsourced and templated support from VM or or similar.

2. The quality of Business Support can be very patchy. I've had some great assistance over the years with in house based support but I've increasingly found that as support gets outsourced, whether to a local or international call centre, it gets really dumbed down and if your problem can't be fixed by reference to a set number of prescribed steps you can end up making things worse.

Understood and totally agree. But these devices aren't designed or configured to mess around with. They are designed to go straight into bridged mode [for business]. No idea why they used them for domestic [costs mainly, I suppose]. I had one of these a few years ago as a domestic customer, one device for both internet and phone. They obviously split them over two devices for business.

54and56

Hi RangeR,

Really appreciate your input thanks.

I'll give VM Support a bell and see if they can sort me out. That would be much preferable to trying the hack as that's waaaaayyyyyyy outside my comfort zone!!

Hurrache

There's no need for any Virgin Media hack. I'd factory reset the modem and get in touch with Virgin Media support via WhatsApp asking for an IPv4 address so you can put the modem into bridge mode, and you're done.

Redsoxfan

So my parents have an Eir Fibre Box 1A 1.0

As far as I know, they don't actually have FTTH, Eir just replaced their router for some reason.

There have been ongoing issues with coverage with the new router.

I was looking into Google WiFi, which I have and works very well with Virgin Media, but it seems thus might not be suitable with this Eir router?

Or is that just the case with FTTH?

If Google is not recommended in this case, what's the next best alternative for ease of use and installation?

I was thinking of the Deco M5 from Komplett.

54and56

Hurrache wrote: »

There's no need for any Virgin Media hack. I'd factory reset the modem and get in touch with Virgin Media support via WhatsApp asking for an IPv4 address so you can put the modem into bridge mode, and you're done.

So I got in touch with VM via WhatsApp who wouldn't deal with me as they are consumer/residential support only and I have a business account.

Called their business support line and they confirmed that despite the Cisco router admin showing the modem is in Router Mode it's actually hard set my them in the firmware to Bridge Mode and can't be changed via the Modem interface hence the VM modem is doing nothing more than channelling internet to the devices which are directly connected to it by Ethernet LAN.



I have two devices connected directly to the VM Modem:-

1. A family PC which doubles as a Plex Server. It has a static IP address assigned to it from the 5 static IP addresses VM gave me years ago.

2. My TT Mesh Router which is set up with another of the Static IP addresses.

As far as VM are concerned as long as their modem is set to bridge mode port forwarding is a matter for the TT Mesh system to handle and not something they can assist with

I've tried engaging with TT Support but it's only available by email and tortiously slow.

I'll get there eventually................I hope.

Other than the port forwarding issue I have to say the TT MEsh System is working flawlessly throughout the house.

RangeR

54and56 wrote: »

I have two devices connected directly to the VM Modem:-

1. A family PC which doubles as a Plex Server. It has a static IP address assigned to it from the 5 static IP addresses VM gave me years ago.

2. My TT Mesh Router which is set up with another of the Static IP addresses.

Connect nothing to the VM Bridged modem except the TT Mesh Router, unless you really, really, REALLY know what you are doing. There are no protection on those ports. Windows built in protections are designed to protect your computer assuming you are behind a strong firewall/NAT.

Your Plex server doesn't need a public IP. Reset that to an internal static DCHP reservation with port forwarding. It's exactly the same if your primary IP is static and you're not doing any funny abuse stuff I've had that running for years with no problems, accessing externally.

Actually, I'd blow your plex server out of the water. Maybe back up your plex database and other documents but I wouldn't keep anything else. Reformat and reinstall. But that PC is no longer safe.

I remember tests about 10 years ago, where a pc was put on the internet without protection. It was infected and fitly within 30 minutes. You can't rely on windows 7/10 firewall as there could be various zero day exploits that we aren't even aware of yet.

54and56

RangeR wrote: »

Connect nothing to the VM Bridged modem except the TT Mesh Router, unless you really, really, REALLY know what you are doing. There are no protection on those ports. Windows built in protections are designed to protect your computer assuming you are behind a strong firewall/NAT.

Your Plex server doesn't need a public IP. Reset that to an internal static DCHP reservation with port forwarding. It's exactly the same if your primary IP is static and you're not doing any funny abuse stuff I've had that running for years with no problems, accessing externally.

Actually, I'd blow your plex server out of the water. Maybe back up your plex database and other documents but I wouldn't keep anything else. Reformat and reinstall. But that PC is no longer safe.

I remember tests about 10 years ago, where a pc was put on the internet without protection. It was infected and fitly within 30 minutes. You can't rely on windows 7/10 firewall as there could be various zero day exploits that we aren't even aware of yet.

Crap, didn't cross my mind connecting the Plex server to the modem directly would be a problem.

Does the fact the PC has a static IP address mitigate the risk in any way?

RangeR

54and56 wrote: »

Crap, didn't cross my mind connecting the Plex server to the modem directly would be a problem.

Does the fact the PC has a static IP address mitigate the risk in any way?

None whatsoever. In fact it would make it more susceptible to attack as every port to that IP will hit your PC. anything attached to your VM modem in bridged mode is effectively out there on the internet without protection.


Static address just makes the pc more visible.

54and56

RangeR wrote: »

Actually, I'd blow your plex server out of the water. Maybe back up your plex database and other documents but I wouldn't keep anything else. Reformat and reinstall. But that PC is no longer safe.

Is there any viable option to doing a full reformat and reinstall as backing up 6TB of content isn't something I can just do. Even if I start an online backup now it'll take at least a week.

Are there virus / malware scanners I can run daily which will (eventually) pick up anything that might be on the PC today but which is a "Zero Day Exploit" yesterday / today?

Ran Malwarebytes and this is the result.

RangeR

54and56 wrote: »

Is there any viable option to doing a full reformat and reinstall as backing up 6TB of content isn't something I can just do. Even if I start an online backup now it'll take at least a week.

Are there virus / malware scanners I can run daily which will (eventually) pick up anything that might be on the PC today but which is a "Zero Day Exploit" yesterday / today?

Ran Malwarebytes and this is the result.

A Zero Day Exploit is basically an exploit that hasn't been made public yet. It could be found after a few days or could be months or years. Once it's found, it can be patched by the good guys but the bad guys don't usually announce that they have found a security vulnerability.


I don't have any easy answers for you. You obviously don't have to format the PC. I would.


As for backing up. If it was me, I'd assume that the pc is compromised so most files are potentially compromised. Payloads can be injected into images, word documents etc and you would never know.


Now, to be fair. I'm painting you a grim, worst case scenario. It's probably not that bad in reality, but the chance is there.


If you aren't risk averse, you can shrink your hard drive partition by about 10TB. Create a new, second, 10TB partition and put your data there. To be honest, I'd always have at least two partitions. one for Windows and programs and another for data. This allows you to scrub your machine at will. just, when reinstalling Windows, don't delete the data partition It's in the back of my mind, though, if your pc is compromised, this has a high risk of not getting rid of the problem.



I have three partitions. Dual boot Windows [one gaming, one work] and a shared data partition [and NAS].

*EDIT* nice piece of free partition software. Quite easy to use. https://www.easeus.com/partition-manager/epm-free.html

B_ecke_r

I've got 1gb Fibre with Pure Telecom but due to the position of the modem weren't getting great speeds in main living area of the house so bought the Deco M5 3 unit from Amazon and it's unbelievable.

Pretty much anywhere in the house my speed test is 850mb plus.
Definitely recommend.

Cyrus

B_ecke_r wrote: »

I've got 1gb Fibre with Pure Telecom but due to the position of the modem weren't getting great speeds in main living area of the house so bought the Deco M5 3 unit from Amazon and it's unbelievable.

Pretty much anywhere in the house my speed test is 850mb plus.
Definitely recommend.

Impressive over WiFi !

rodneytrotter15

B_ecke_r wrote: »

I've got 1gb Fibre with Pure Telecom but due to the position of the modem weren't getting great speeds in main living area of the house so bought the Deco M5 3 unit from Amazon and it's unbelievable.

Pretty much anywhere in the house my speed test is 850mb plus.
Definitely recommend.

I have the same setup but would assume 850MB is the speed you are showing from the Deco app, mine is similar. That is not the actual line speed you are getting and am told that is max available. Would be interested to hear what speed you are getting from the Speedtest or similar app. I get 400mb down and 100mb up from the room where the first Deco is set as the router. Everywhere else in the house is around 140 down and 50mb in the garden ( Needed it out there to support a Ring floodlight.

B_ecke_r

rodneytrotter15 wrote: »

I have the same setup but would assume 850MB is the speed you are showing from the Deco app, mine is similar. That is not the actual line speed you are getting and am told that is max available. Would be interested to hear what speed you are getting from the Speedtest or similar app. I get 400mb down and 100mb up from the room where the first Deco is set as the router. Everywhere else in the house is around 140 down and 50mb in the garden ( Needed it out there to support a Ring floodlight.

Yeah that's right.

Got 677 and 102 there on my One Plus 8

Some impressive speeds from Ps5 too on wifi

Uneccesary speeds but just really happy no more black spots around the house

rodneytrotter15

B_ecke_r wrote: »

Yeah that's right.

Got 677 and 102 there on my One Plus 8

Some impressive speeds from Ps5 too on wifi

Uneccesary speeds but just really happy no more black spots around the house

When you checked on the One Plus was it from the Deco app speedtest or from a generic speedtest app ? I'm happy enough with mine but if I can alter the setup to get a higher speed I will look at it. Not that I need it to be fair, just a serious case of much wants more

B_ecke_r

rodneytrotter15 wrote: »

When you checked on the One Plus was it from the Deco app speedtest or from a generic speedtest app ? I'm happy enough with mine but if I can alter the setup to get a higher speed I will look at it. Not that I need it to be fair, just a serious case of much wants more

This was on the speed test by ookla app

rodneytrotter15

B_ecke_r wrote: »

This was on the speed test by ookla app

Wow, that is much faster using the same FTTH Pure Telecom 1gig connection I'm supposed to have. Did you change anything after you setup the Deco's ? Mine is setup in Router mode and I have the wireless on the Fritz box turned off and I think I turned off IPv6 at some point because someone recommended it..

B_ecke_r

I Still have the wireless on my Fritz box turned on as for some reason my work laptop won't stay connected to the M5 keeps losing IP address so I need to work from that connection but other than that I didn't change anything.

My settings are below

IPv4
Dynamic IP

IPv6
Disabled

IPTV/VLAN
Disabled

MAC Clone
Disabled

TP-Link DDNS
Disabled

SIP ALG
Enabled

UPNP
Enabled

Fast Roaming
Disabled

Beamforming
Enabled

Operating Mode
Router