#This is copy of Coolhva's readme. I wil add/change the points were needed asap.
This repo contains the files you need to succesfully configure the USG with KPN FTTH with IPTV and IPv6 enabled.
-
Place config.gateway.json at the unifi controller (sites/default) via SCP
The config.gateway.json contains the main configuration with the different interfaces which are needed for internet (vlan 6) and IPTV (vlan 4). IPv4 is configured via PPPoE with the kpn/kpn username and password. KPN uses a TAG which is configured in the DSLAM to identify your connection and to give you your "permanent" public IPv4 address.
-
Place routes in /etc/dhcp3/dhclient-exit-hooks.d/ via SCP
-
Execute
sudo chmod +x /etc/dhcp3/dhclient-exit-hooks.d/routeson the USGKPN sends static routes via DHCP which the USG does not install by default. This script will install the DHCP routes when a DHCP lease is received. The chmod +x command allows the script to be executed. (source)
-
Place dhcp6.sh in /config/scripts/post-config.d/ via SCP
-
Execute
chmod +x /config/scripts/post-config.d/dhcp6.shon the USGIPv6 works natively in the USG, the problem with KPN is that the json nesting will go to deep (interface, vlan and pppoe) and the USG will hit a bug (source) when it tries to parse the json. To overcome this, after 2 minutes the USG will execute this script which will configure IPv6 on the PPPoE interface and will remove the task from the taskscheduler.
-
Place setroutes.sh in /config/scripts/post-config.d/ via SCP
-
Execute
chmod +x /config/scripts/post-config.d/setroutes.shon the USGAfter each firmware upgrade the routes file, used by the dhcp client at the exit hook (for the IPTV routes), is removed. To overcome this, after 2 minutes the USG will execute this script which will create the routes file, renews the DHCP lease, restart the IGMP Proxy and remove the task from the taskscheduler.
-
Place optimize.sh in /config/scripts/post-config.d/ via SCP
-
Execute
chmod +x /config/scripts/post-config.d/optimize.shon the USGThere are some settings which can cause issues when performed through the json, like MTU. This is handled in this optimize script.
-
The lan network (and portfowarding if needed) needs to be configured in the Unifi controller
-
Go to the USG in devices in the controller and force provisioning
After provisioning please reboot the USG. After two minutes IPv6 will be enabled. This can be checked by executing show interfaces on the USG.
The PPPOE interface has no "public" IPv6 address because it uses the link local IPv6 address to route traffic to KPN. To see the remote address execute the following command (source):
show interfaces pppoe pppoe2 log | match "IPV6|LL"
If you are using VLANs and have issues with the IPTV having hickups or being frozen you can try to change the config as follows:
At the "igmp-proxy" section replace "eth1" with "eth.{vlan}" where {vlan} would be the VLAN where your decoders are in.
"eth1.100": {
"alt-subnet": [
"0.0.0.0/0"
],
"role": "downstream",
"threshold": "1"
}
To prevent the IPTV from flooding other network interfaces it's best to explicitly disable the proxy for these interfaces:
"eth1": {
"role": "disabled",
"threshold": "1"
},
"eth1.200": {
"role": "disabled",
"threshold": "1"
},
"eth1.300": {
"role": "disabled",
"threshold": "1"
}
XS4ALL (a Dutch ISP which uses the KPN platform has more information regarding the technical details), more info can be found here
This config.gateway.json has been tested on the following versions:
UniFi Security Gateway 3P: 4.4.44.5213844 and above
Unifi Controller: 5.11.46 (Build: atag_5.11.46_12723) and above
My Unifi WAN settings in the controller are as follows:
At GoT I explain a little bit more about the MTU and troubleshooting:
Troubleshooting: https://gathering.tweakers.net/forum/list_message/60188896#60188896
MTU and IPv6 workaround: https://gathering.tweakers.net/forum/list_message/57023231#57023231