đž Archived View for gemini.ctrl-c.club âş ~ssb22 âş openreach.gmi captured on 2023-03-20 at 19:00:20. Gemini links have been rewritten to link to archived content
View Raw
More Information
âŹ
ď¸ Previous capture (2023-01-29)
âĄď¸ Next capture (2023-05-24)
đ§ View Differences
-=-=-=-=-=-=-
Openreach broadband providers
Many UK home ADSL Internet contracts are now sold by providers using the Openreach (ex-BT) infrastructure.
The following notes are from my experience; your mileage may vary, and no warranty is implied.
Sky
- We used them from mid-2016 to mid-2018
- They used both IPv6 and IPv4
- Our Raspberry Pi did work as a home server with Dynamic DNS when configured to use IPv4-only (i.e. we had a public IPv4 address not suppressed by carrier-grade NAT)
- The supplied router had both UPnP and DMZ options for setting up servers, and can reserve DHCP IPs for specific MAC addresses (useful for setting up wireless printers etc)
- We did not understand Skyâs procedure for returning the router for recycling at the end of our contract, so we kept it (see below)
- The ISP traffic management included the blocking of outgoing SYN packets when the uplink is loadedâso if a large upload is in progress, you wonât be able to create new connections but can use established SSH tunnels.
- Itâs a good idea to rate-limit large uploads on the client side anyway, so as to avoid completely saturating the uplink for other users in the home; the uplink is typically about 10Â times slower than the downlink.âYou can âthrottleâ some uploads with e.g. pv -L 64k < source | ssh server 'cat > dest'
- Sky offered us a large introductory discount for 2016/17 (with no installation fee for the new line), then when we asked to leave at the end of the discounted period, they offered a smaller discount for 2017/18.âBut the discount they offered us for 2018/19 was smaller still, and switching became noticeably cheaper.
TalkTalk
- We used them from mid-2018 to mid-2019
- They used IPv4
- Our Raspberry Pi worked as a home server (not suppressed by carrier-grade NAT)
- TalkTalkâs supplied router was vulnerable to CVE-2018-8898 and we didnât use it.âBut the procedure for returning it for recycling at the end of the contract was very straightforwardâthey automatically sent packaging and a label for us to take to a Post Office.
- Skyâs router worked with TalkTalk after a simple restart; the only minor issue was its clock was stuck in 1970 because it came âhardwiredâ to use Skyâs internal NTP servers on startup and these were not available via TalkTalk.
- TalkTalkâs customer database system was slightly annoying: during sign-up they wrote down my name wrongly, and then they werenât willing to fix it unless I submitted a certificate of Deed Poll or something (until I pointed out at the end of the contract that they were sending multiple âplease renew at a smaller discountâ letters with the wrongly-written nameâevidently the customer-retentions team had the authority to fix it)
- and when we left, the synchronisation of our switch date to the end of the discounted contract didnât quite work and we had to pay a couple of pounds âearly exit feeâ for being off by a few days
- They also seemed to get a bit confused by our attempt to give notice to leave.âIt turns out that if you want to change from one Openreach provider to another at the end of your contract, this is internally called a âworking line takeoverâ and is not to be confused with cancelling the line altogether.âSo be sure to use the words âworking line takeoverâ when talking about switching.
Post Office Broadband
- We used them from mid-2019 to mid-2022
- In March 2021 they passed the business to Shell Energy but still with Post Office branding
- They used IPv4 and shared some infrastructure with Talktalk.âOur IP address was changed 4 to 6 times each week, with a few minutesâ outage each time; changes were more frequent when our usage was high (but pre-resetting the router before an expected period of use did not noticeably affect the odds of an outage).âGeolocation services mapped these addresses to various towns in East Anglia; I *donât* recommend submitting updates unless you can cope with potential vigilantes thinking theyâve âtracked downâ future users of each IP to your locationâyou might be OK if itâs a large block of flats.
- Skyâs router did *not* work with GPOâs service (the latter required a login, which can reportedly be extracted from GPOâs router but cannot then be added in to Skyâs without serious reflashing)
- but GPOâs own router (a modified AMG1302-T11C) had all necessary UPnP, DMZ, IP-reservation functions etc: we were able to copy over all configuration from Skyâs router, so no change was required on our client devices
- Despite being shipped in 2019, the router had no support for the 2018 âWPA3â standard, and its âWPA2â is apparently a WPA1/WPA2 mixed mode, the security of which had been broken (but we werenât worried with TLS/SSH on top)
- GPOâs router had a poor WPS implementation: once you add a device (like a wireless printer) via WPS, all non-WPS devices are thrown off the WiFi until you restart the router, whereupon the WPS devices are locked out.âSo itâs best to leave WPS disabled: use âWiFi Directâ (Simple AP) to access the new deviceâs HTTP server and go from there.
- Our Raspberry Pi worked as a home server (not suppressed by carrier-grade NAT), but all incoming connections appeared to originate at our homeâs external IP address instead of the true outside address (it seems GPOâs router did NAT in *both* directions)âthis made server diagnostics (and IP-related rules) more difficult, as none of the logs said where outside connections really came from other than âoutsideâ.
- GPOâs DNS server returned proxy addresses in Talktalk/Opalâs 62.24.128.0/17 block for some hosts, including github.com (interfering with SSH-based Git cloning), ssh.st0rage.org (interfering with SSH logins), and from late 2021 tilde.pink (interfering with Gemini protocol experiments).âThis could sometimes be worked around by setting .ssh/config to use alternate hosts (e.g. st0rage.org instead of ssh.st0rage.org, and ssh.github.com instead of github.com); it could also be worked around by using a public DNS server, or put the IP address into .ssh/config or /etc/hosts although this can change so youâll have to keep it updated.âOn Android, Termuxâs host command uses 8.8.8.8 but the Gemini clients donât, so youâd need to use mobile data instead of WiFi to access tilde.pink on that platform.
- GPOâs contract came with anytime landline calls to other Post Office Home Phone customers, and it was possible to share a referral bonus with one when signing up by telephone.âBut calls were *not* inclusive in *both* directions: only new customers starting after the end of January 2019 received the anytime inclusive calls to other Post Office numbers; they were *not* automatically granted for customers whoâd started their contracts earlier.âThis led to a minor âbill shockâ incident after we mistakenly told a relative that calls between us would be free in either direction.
- The inclusive calls must not exceed one hour per call or they start billing extra.
- The subset of customers who could make these inclusive calls continued to be able to do so after the Shell takeover in March 2021.âWe did not test if other customers were retrospectively added as a result of that takeover or not.
- For renewal in 2020, we received a paper letter 2½ weeks before our end date, inviting us to log in to our account on their website and renew at the same discount given to new customers (unlike Sky and Talktalk who had offered us a smaller discount than their new customers).âConfusingly, the renewal option was called âUpgradeâ by the Web interface.âGPOâs discounted price had increased by 13% for everyone (but that was still competitive as the whole industry had reduced their discounts), and they offered a 2-year price-fix for an additional 11%, which was worth it if and only if you expected the *following* yearâs increase to exceed 22% (because theyâd promised no mid-contract rises, making the basic contract a 1-year fix); although we hadnât seen any publicity about âdiscount erosionâ from the press (which tended to write about *un*discounted prices) we still doubted GPO would think they could get away with a 22% hike one year after a 13% hike, so we went for the 1-year renewal.â(As it turned out, the following year had no price increase at all.)âWe set the âgo liveâ date to the first day after our original contract expired, which resulted in their system generating one un-discounted bill (it processed the billing a few hours before it processed the new contracts) but we were given credit for the overpayment.
- For the 2021 renewal, the information offered beforehand did not confirm that the free calls to other Post Office numbers would still be included, but a call-centre operator said they would (and the letter sent immediately after listed these first)âbut going via the call centre meant we were not controlling the âgo liveâ date ourselves, and the operator set it 13Â days too late, increasing one bill by a third.
- In 2022 we moved, and were told that taking the service with us would require starting a new contract with Shell (not Post Office) and it would be 18 months with a mid-contract price hike, but theyâd waive the installation charge.âWe cancelled this, as for various reasons we already had a Virgin Broadband contract at the new property with 4 months left on it, and 4 months of a spurious Shell service would exceed the installation charge they were waiving.
- Failure to return a router is chargeable.âWe had *two* to return: a new one Shell had sent to our new address, which we returned (using an enclosed return postage label) without taking it out of its box, and the previous one which they said theyâd email us a label to print but their system didnât (even after an operator said heâd overridden it on a 46-minute phone call) but weâve not yet been charged.âThey no longer supplied packaging for old routers, changing the Post Officeâs condition 7.12.1 âuse the pre-paid packaging that we will send youâ even though theyâd said theyâd keep the conditions the same for existing contracts after the takeover.
Shell Energy Broadband
- We used them starting in late 2022 after Virgin failed to retain us at the end of the contract (Virgin did call with an actually-good discount 6 days into our notice period, but the operator was unable to confirm the exit fee would be waived if we moved to a non-Virgin property, which *was* a possibility so we declined).âShell had recently increased prices but were still competitive; they were undercut by the non-fibre version of Now Broadband but that one wouldnât install a line if you didnât already have one.
- Shellâs was an 18-month contract, with a price hike in month 8 that turned out to be 13%.
- They were able to send an Openreach engineer to connect a new line at no extra costâbut *after* the 14-day âcooling-offâ period, so you couldnât check the line speed first (ours turned out to be *much* slower than that of a flat 300Â metres awayâthe line route may have been less direct than we thought), but they did allow early contract renewal with an upgrade to fibre-to-the-cabinet at ~15% extra cost after another 14-day delay (the switchover itself took about 90Â seconds of downtime).
- They supplied a Technicolor DGA0122NLK (an OpenWrt-based router; we found it more reliable if set to âsplitâ the dual-band and manually set only permanently-nearby devices to 5GHz)
- They used IPv4 and shared some infrastructure with Talktalk.âOur Raspberry Pi worked as a home server (not suppressed by carrier-grade NAT), and source IPs of incoming connections were correctly preserved.âTheir DNS server appeared to be behaving normally, not redirecting GitHub etc.
Legal
All material Š Silas S. Brown unless otherwise stated. Android is a trademark of Google LLC. CVE is a registered trademark of The MITRE Corporation. Git is a trademark of the Software Freedom Conservancy. GitHub is a trademark of GitHub Inc. Post Office is a registered trademark of Post Office Limited. Technicolor is a registered trademark and trade name of Technicolor Group Company. Wi-Fi is a trademark of the Wi-Fi Alliance. Any other trademarks I mentioned without realising are trademarks of their respective holders.