PROXIMUS_AUTO_FON automatic connexion on linux using wpa_supplicant

If you understand this title, you don’t need more explanation :

/etc/network/interfaces
auto wlan1
iface wlan1 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant

network={
ssid="PROXIMUS_AUTO_FON"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="LOGIN@proximusfon.be"
password="PASS1234"
phase2="auth=MSCHAPV2"
}

Some may ask why some people would want to do that… I’m now using Voo, but I use my parent’s FON login when voo crash. My current project is towards aggregating the two links by load balancing, or at least have some kind of automatic failover. The more interesting part would be to switch to “FON only” when I reach my 100Gb limit…

Proximus BBOX 3 in bridge mode on Linux (ubuntu,debian,raspbian,centos,fedora,…)

Using bridge mode allows you to get a public IP address on one computer (which can serve as a router) behind your modem. This allows you to know your public IP address without using a third party service, and control more finely all your routing parameters inside your own Linux-based router (this tutorial) or a better router than the BBOX’s one (which is not that bad, now that I can unfortunately compare with Voo…). We’ll call “the router” the device you want to use behind the modem for clarity.

The bridge mode of the Proximus BBOX 3 is quite interesting. You connect normally to your BBOX using DHCP, but you can use PPP over Ethernet (PPPoE) to get a virtual interface inside your router. This virtual “ppp” interface will have a public IP address, and packets will flow IN and OUT the internet through that interface.

Proximus allows you to therefore maintain 2 PPP connection, one established in the BBOX (also used for the TV), and the other inside your router. It also means your home get 2 IP addresses.

I perfer that mode than the VOO one, where the external IP address is given by DHCP to only one host in the LAN, the first to ask it using DHCP (dangerous and prone to configuration errors…). Same and independently for IPv6 using DHCPv6. While Proximus not only gives you an IPv6 address but also a /64 prefix via PPPoE to get a direct connection without using a crappy NAT to all your PCs. For IPv6, Proxiumuss is much more simpler than setting up an independent DHCPv6 client which gives back the v6 prefix to your LAN side. The second downside is that VOO must use ugly hacks to allow connection to the box as there is no “modem internal network” anymore. You can access to your modem at the normally-ilegal 192.168.100.1 address as this is on the “public web” space from the router perspecrive. Moreover it seems that the modem stops responding at DHCP requests from time to time, loosing connectivity… VOO bridge mode is definitively not good… But this may be a temporary bug.

The bridge part

Edit /etc/network/interfaces to add the following lines , assuming that eth0 is the interface used to connect to your BBOX.
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up
provider dsl-provider

Install pppoe with sudo apt-get install pppoe on ubuntu/debian or sudo yum install pppoe centos/fedora

Then create a file named /etc/ppp/peers/dsl-provider and add the following lines :

noipdefault
defaultroute
replacedefaultroute
hide-password
noauth
persist
mtu 1492
plugin rp-pppoe.so eth0
user "fc0123456@skynet"
usepeerdns

Then edit the file /etc/ppp/chap-secrets and add the line :
"fc012345@skynet" * "password"

If you lost your skynet creditentials (personnaly, I just never received them), you can change them online on MyProximus. You’ll have to reboot your modem so it receives automatically the new credentials.

And that’s all, you can reboot or do a sudo pon dsl-provider and you’ll have a new inteface with a public IPv4 and a /64 IPv6.

The router part

To give connectivity in IPv4 for your hosts and use your linux host as a router, you’ll have to NAT. But you can delegate your IPv6 range and give public IPv6 addresses to all your PCs using SLAAC ! Remember to also install a firewall…

To do so, install radvd and add in /etc/radvd.conf (if br0 is the interface connected to your internal network) :

interface br0
{
AdvSendAdvert on;
prefix ::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
{
# AdvRDNSSLifetime 3600;
};
};

Then do a sudo radvd restart and that’s it.

The RDNSS line give the address of Google’s public DNS to your host. We could use Proximus one, but I don’t have the address on hand.

Note that I write this tuto only now but I did this month ago, I may have forgotten some steps, do not hesitate to contact me 😉