Orange now offers FTTH via their whitelabelled Sagemcom router + ONT combo called Funbox 6. While this works amazingly great out of the box, if you’re like me, you’d like some more control over the experience - particularly if you already own a home networking setup you are happy with. This writeup describes how to get that done using MikroTik hardware. I’ve found MikroTik to be an excellent budget-oriented alternative to Ubiquiti’s Unifi (which has bricked some of the older APs I owned).
Getting the necessary hardware
Since the ONT (piece of hardware which acts as an interface converter between GPON and ethernet) is welded into the router, we want to get one which has an ethernet interface. If you ask the operator, they will supply one. Ensure that this ends up in the notes on the order and it will be delivered by the technician during installation. It is important that this must be supplied by the operator as it is provisioned over the network by them. If you buy a random ONT and hook it up, it will simply not work at all.
Cabling it up
The ONT has two sockets - one for the fiber and one for gigabit ethernet. The latter is connected to the WAN port (usually ether1, or port 1) of your router.
Configuration
The ethernet medium is used for multiplexing multiple services - internet access, TV and VoIP. This is accomplished by tagging each service with a different VLAN. Since we’re
interested in internet access, the VLAN tag is 35. Go to Interfaces | VLAN and create a new virtual interface with the following settings:
Name: orange-vlan35
MTU: 1500
VLAN ID: 35
Interface: ether1 (or your WAN interface)
Orange uses PPPoE as a transport mechanism for internet access. Once you connect an ONT, you can check if
the ONT works correctly by listening to PPPoE advertisements by going to PPP | PPPoE Scan and waiting a minute or so.
Configure your PPPoE connection by creating a new PPPoE client:
Name: pppoe-orange-v4
Max MRU: 1540
Interfaces: orange-vlan35
User: (username)@neostrada.pl
Password: (your password)
Profile: default
Use Peer DNS: Yes
Add Default Route: Yes
After creating the interface you should see the local and remote address fields being populated.
The last remaining step is to ensure there’s a NAT rule to translate outgoing traffic from your network onto their supplied external IP address. Go to IP | Firewall | NAT and
make sure there’s a rule in place:
Chain: srcnat
Src. Address: (your internal network subnet)
Out. Interface: pppoe-orange-v4
Action: masquerade
That’s it. If you’ve set up everything properly you should be able to access the internet from your internal network.
Extra credit - IPv6
To set up IPv6, you need to ensure that the ipv6 package is installed - see if that’s the case and install it by going to System | Packages. Once you’ve installed
it and rebooted the router, you’ll need to set up another PPPoE connection:
Name: pppoe-orange-v6
Max MRU: 1540
Interfaces: orange-vlan35
User: (username)@neostrada.pl/ipv6
Password: (your password, same as above)
Profile: default
Use Peer DNS: Yes
Create a new pool via IPv6 | Pool:
Name: orange
Prefix: ::/0
Prefix Length: 56
The mechanism for getting an IP address here is slightly different - you need to set up a DHCP client, by going to IPv6 | DHCP Client. Create a new client with the
following configuration:
Interface: pppoe-orange-v6
Request: prefix
Pool Name: orange
Pool Prefix Length: 64
Prefix Hint: ::/0
Use Peer DNS: Yes
Rapid Commit: Yes
If this is successful, you will see that a prefix has been acquired in the DHCP Client view.
After you apply these settings you should see that the interface is bound and that you’ve received a prefix. Go to IPv6 | ND and enable neighbor discovery:
Interface: bridge
RA Interval 200-600
Advertise MAC Address: Yes
Advertise DNS: Yes
Ensure that your IPv6 stack is configured for IP forwarding - go to IPv6 | Settings:
IPv6 Forward: Yes
Accept Redirects should not be enabled for routers, so we want to unmark it.
