Atlantic Canada is very fortunate to have access to Bell Aliant FibreOP Internet. It is a legitimate Fibre-to-the-Home (FTTH) service, in the same price range as cable and DSL offerings. Speeds start at 50/30 (download/upload in Mbps) for $70/month without any promotions.
As great as the Internet itself is, the wireless router they include is the bottleneck. It is an Actiontec R1000H. Our biggest headaches with it were low WiFi throughput and frequent WiFi drop, but the interface was a little lacking in advanced features.
The logical solution is to use another router. Unfortunately, Bell has configured the service in a way that simply swapping in a new router will not work at all!
Through some research and my own trial and error, I was able to install pfSense to a spare computer, and take control of my Internet.
Disclaimer: Do not follow these steps if you have Bell’s IPTV service, as it will no longer work. There are other sites that describe how to keep those services working, but mine does not. As well, though there should be no impact, I advise against doing this if you have FiberOP Home Phone and rely on it for emergency communications.
This is not an easy task. It requires a very good understanding of computer networking, basic understanding of Linux networking terminology, and availability of network equipment (switches, wireless access points, cables, NICs). Chances are you found this page because you meet some of that description. Just know that if it isn’t working out, you can plug in the Actiontec and pretend it never happened.
First – LMGTFY
Step 1 is to always look online. It is very likely someone else has posted their experiences. Sure enough, I found some forum threads that helped point me in the right direction. In the end, the one that was the most help was post #73 in this one. However, if you don’t have a spare computer, here is a cheap but very effective alternative.
They key to getting it to work was to know that Bell sends all WAN traffic out of the fibre modem on a different VLAN. Specifically, VLAN 35. Knowing this, it becomes clear that no off-the-shelf consumer router is going to do the job out of the box.
You need a router that supports VLAN tagging, and the ability to treat a VLAN as the WAN connection.
I am a big fan of DD-WRT, and tried to accomplish the above using my DIR-615 with DD-WRT. Unfortunately, I could not get it to work with the options available in the web UI.
Instead of spending too much effort to get it to work on embedded hardware, I went the easy route: setup a pfSense Linux Router.
Creating a pfSense Router
pfSense is a distribution based on FreeBSD that allows you to easily create and manage a very powerful router, firewall, and other services device. It has an excellent UI with many, many features, and will let you dig into advanced features if you want to.
Here are the hardware requirements:
- A computer made within the last decade (CPU should be above 600 MHz)
- 2 Ethernet Cardbs
- Bootable pfSense installation media
To this end, this is what I had:
- HP Pavillion Desktop (2.4 GHz 64-bit AMD CPU, 2GB RAM, 250GB HDD)
- Integrated Ethernet + PCI Ethernet Card
- pfSense 2.0.3-RELEASE (amd64) ISO burnt to CD
pfSense Step 1: Install
Boot your computer from the pfSense ISO, and run through the installation process.
The simple install, with minimal questions, should be fine for most users, and saves a lot of questions you might not have answers for.
It may ask you which interface to assign as WAN, LAN, and Optional (you should skip this last one). Feel free to assign the roles to your 2 NICs as you see fit, but write it down!
This assumes both of your network cards are a minimum 100 Mbps. There is no point using slower 10 Mbit cards, as the Internet connection is 5 times that.
pfSense Step 2: Configure
Once pfSense boots up on its own, connect another computer to the port you designated as the LAN port, and in your web browser go to http://192.168.1.1. You are now connected to the management interface.
Navigate to the Interfaces -> WAN menu. In here, you will need to enter the WAN MAC address of your Actiontec router. Bell uses this to ensure that it is their router you are using. The MAC address is written on a sticker on your router, and can also be found on the router’s management page.
Be sure the enter the entire MAC address, and click save.
Now move to the Interfaces -> (assign) menu. Select the VLANs tab, and click the icon to create a new VLAN. It should look something like this:
We are creating a VLAN, tagged 35, which will allow us to communicate with the fibre modem provided by Bell. Again, click save, and head back to Interfaces -> (assign). Now, in the WAN drop-down menu, select VLAN 35 on ABx, which you just created. Click save again. You have just instructed pfSense to treat VLAN 35 as the WAN connection, or the source of Internet traffic.
This concludes the pfSense configuration. There are only a few small steps before inserting the pfSense router into your network for good.
Ending the Actiontec
One recommendation I read, before just unplugging the Actiontec, is to release the DHCP lease it has from the modem. To do this, from a computer connected to the Actiontec, visit http://192.168.2.1. Log in with your admin credentials, and Release the DHCP WAN lease. I don’t have a screenshot for this, but it shouldn’t be too difficult to find.
I didn’t do this, but I did encounter some issues at first getting my setup to work. Hopefully, this will make it go smoothly for you.
Once you Release the IP address, you can unplug the Actiontec.
Introducing the pfSense Router
Connect the cable entering the WAN port of the Actiontec to the network card you assigned as the WAN of the pfSense router. This is the cable coming from the Fibre modem installed by Bell.
With a computer still connected to the LAN port of the pfSense router, try to visit a webpage. Assuming everything is plugged in and powered on correctly, you should be presented the page you asked for.
At this point, you can add a switch for other computers, or a wireless access point. In my case, I have a switch connecting to three switches, where two are wireless.
Optionally, you may want a UPS for this, because even though the Bell modem will stay powered during a power outage, the pfSense computer will not.
My ping dropped significantly, and my throughput was exactly as advertised.
Using my DIR-615 routers with DD-WRT as access points, WiFi performance also jumped, with downloads up to 35 Mbps, vs. the 8 Mbps with the Actiontec.
Troubleshooting is a bit beyond the scope of this document, namely because there are so many things that could go wrong. The best troubleshooting is to make sure the steps are followed, that your set-up makes sense, and that if something seems wrong, investigate.
For me, I noticed that when the pfSense router in unplugged from the modem, or rebooted, I lose Internet. To fix it, I have to toggle the WAN assignment to another connection, then back to the VLAN. Not sure why, but with my UPS I hope it won’t be a task I do frequently.
This project was 100% worthwhile. As I host a lot of services for myself over the network (HTTP, RDP, VoIP, FTP), it is important to be able to have full control over my NAT and Firewall settings. As well, being able to monitor throughput and advanced logs allows me to keep learning and improving my network.
If you are ready to ditch the Actiontec router, and are keen to see routers in a different way, this project will throw you in head first.