Thibault Maekelbergh

šŸ“” Configuring Unifi, Telenet Modem and the EOS TV Box

The backstory and the load of troubles

What follows in the section below is a detailed outline of what the problem is when you want to run Unifi in combination with Telenet's internet + TV offering. If you're already up-to-date on these issues, I recommend you skip to the following section to see that actual fix.

About a month or two ago, I moved to my very first own place together with my girlfriend. I used to live with my parents so tinkering too much with a network setup was a no-go, since they paid for the ISP subscription and mostly wanted to stick with the ISP provided hardware. But now I am fully in control and can look for more robust alternatives, which I can also experiment with and learn from.

I knew meshed networking was the new hip thing, and after only hearing positive things about Unifi and its SDN platform I decided to watch a bunch of videos and browse some sites to see how that all worked together. Their devices looked nice, well architected and reliable. Aside from that I was also looking for something I could plug in to Home Assistant and manage on my own. ISP provided hardware is often limited and junk. For example: I can not set static IP reservations on the router side of my Telenet Modem and can only open up 10 ports maximum.

So I bought a Unifi AP AC-LR to start out with and see how it could evolve. Boy, I was in for a rideā€¦

Belgian ISP Telenet makes it ridiculously hard to run your own networking gear in their internet (+tv) bundles. I suspect this is purely on purpose so they can lock you in and force certain restrictions on you as a customer. I knew they provided each new subscription with a piece of plastic called ā€œHome Gatewayā€ (HGW), which is essentially a modem/router/AP combo with no option to manage stuff on the router side and the AP coverage of a storage room. But, they also offer a modem-only (EMTA) model which you can use to run your own networking gear behind.

So that modem-only sounds like what I wanted, only downside is that it is ridiculously hard to get. Business customers can get this relatively easy, but if you are a non-business customer they will flat out refuse it over the phone, Twitter and in their shops. If you ask for a reason, there is no valid one that they can give. If you are lucky though, some subcontractors which perform the installation at your home might be willing to do this outside of Telenetā€™s knowledge but that all depends on how kind and willing your installer is.

I tried, but sadly, had to go with the crappy HGW option and find my way around it. AP functionality can be disabled on the HGW itself using the mijn.telenet.be webportal so I initially just turned that off and replaced the AP with my Unifi AP. It worked, I got great wifi coverage, and a nice interface to manage and view clients connected to the wireless network. From my previous articles you may know that I also have an Intel NUC running my ā€˜homelabā€™ services in Docker and has itself opened up to the internet. The immense unreliability of the HGW does not do the server great justice. No way to assign a static IP and the continuous random reboots, firmware upgrades and bugs on the HGW make your connection flaky and the DHCP server running on it constantly reassign a new local IP address to my server, which meant manually editing portforward rules.

There is even a bug in the firmware (a regression caused by an upgrade) which makes to modem crash everytime youā€™re trying to access the server via NAT loopback. Telenetā€™s official stance is basically this: not important enough to fix.

Truth lies in how one user puts it on Telenet's Netweters forum (Dutch):

Ik betaal niet graag ā‚¬ 117 per maand als dan blijkt dat het leeuwendeel waar ik de Telenet-diensten voor gebruik - het hosten van mijn eigen development server thuis met daarop broncode-repositories - het niet doet

Seriously, just fuck these guys with their abysmal service and zero interest in their power users. I could be advocating for Telenet but wonā€™t. They are very lucky that they offer the fastest network available here in Belgium, otherwise I think a lot of people would have switched already.

Anyway, I tried to go down the modem only route again and try to force them to give me one so I could run my own gear. But then I opened another one of Pandoraā€™s boxes. If (like many people) you have an internet + digital TV subscription, then running a modem only model with the most recent set-top box is impossible. Yes, impossible. Telenetā€™s stance: not possible now, maybe later / Administrative purposes. We all know what that means. Previous modem only models (pre EMTA) could run modem only + TV just fine, all you had to do was connect the set-top box directly to the modem, because the box needs an IP assigned by the modem. Iā€™m not completely sure why this is but I suppose this has something to do with media broadcasting rights?

So the newer set-top box (EOS) only works with the HGW. Another clear šŸ–•šŸ» to network admins, advanced home users and business customers wanting to be in control of their own network, while also being able to enjoy the digital TV offering.

I was seriously getting fucked over here by Telenet in every fucking way and was starting to get sick of it. I persisted and after several nights of browsing Unifi communities, the official Telenet community and reading up on network terminology I finally find a way which works.

So if you find yourself in the same scenario as I am, read up below on how to successfully combine Unifi + Telenet + TV using the default supplied hardware.

Running Unifi Controller in Docker

If you are proficient enough with networking, Docker or Unifi, you can probably skip this section.

Since I had the NUC always on (and not having to buy another CloudKey after already buying much of Unifiā€™s pricey hardware) I could run Unifi Controller in Docker. This article is already pretty lengthy so I will not go much into detail on how the Unifi SDN and UI Controller work (there are other resources for that) but I can say that to run a Unifi network you need both their hardware & software.

A typical router mostly has some firmware, software or a web interface embedded on the device so you can manage the settings on the router. Unifi gear on the other hand only ships with a very minimal Linux OS and gets ā€˜provisionedā€™. This means that you run the software called Unifi Controller somewhere and the settings will get sent to the hardware after which the hardware updates with the new settings. It works great because that way you could run it in the cloud and can manage ā€˜sitesā€™ across the world without physical access to the network.

I think Unifi probably ships their own Docker containers to run Unifi Controller (which is a Java app) but we are blessed to have linuxserver.io and their great stack of images, so I used that one. Below is the docker-compose config I used for setting up UI Controller. It is very important to note that I do not advise to change the default port mappings. I had Nextcloud running on 8080, and thought I could use something else for Unifi Controller, but their hardware hardcoded assumes that UI Controller is going to respond from port 8080. So if you have ports already taken by other containers, change them for those containers and not for UI Controller. Also make sure to review the Application Setup section on the Docker Hub page for linuxserver's image.

yaml
version: '2'


services:
  unifi:
    image: linuxserver/unifi-controller
    container_name: unifi-controller
    environment:
      - MEM_LIMIT=1024M
      - PGID=1000
      - PUID=1000
      - TZ=Europe/Brussels
    volumes:
      - ./data:/config
    ports:
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 8081:8081
      - 8443:8443
      - 8843:8843
      - 8880:8880
      - 9876:6789
    restart: unless-stopped

After you have created this container and logged in with your Unifi credentials you should be greeted with the UI Controller interface:

Screenshot 2019-10-13 at 17.45.37

Integrating your USG with Telenetā€™s HGW

  1. Make sure you have the AP functionality ("Draadloos Signaal") disabled on the HGW. This can be done by going to the settings page of your HGW in mijn.telenet.be

  2. Go deeper into the page (you might need to enable advanced settings) and change the subnet of your HGW. A Unifi USG (or most other routers) has its subnet set to 192.168.1.1/24 and changing it on the USG is more complex. If your HGW has its subnet set to .1/24, change it here and wait for the HGW to reboot. You can change it to anything really but I prefer .0/24

  3. Connect the WAN1 port of your USG to a LAN port of the modem. The HGW has 4 Gigabit LAN ports that you can use. Just pick one since we will probably never connect a device to this piece of worthless plastic ever again šŸ˜Š

  4. Boot up the USG. Connect your laptop either directly via the LAN2 port of the USG or connect to your AP (which should be connected via ethernet to your USG) and browse to the IP of your UI Controller or ui.unifi.com. Going to 192.168.1.1 should also work perfectly and show you the homepage of your USG where it says ā€œinternet connectedā€.

  5. You have successfully migrated to using Unifi for your home network! It is possible that your AP needs to be reprovisioned.

Opening up ports or your server to the internet via the USG

OK, so we have LAN and Wifi set up, but we want to open up some ports as well. I have a webserver and SSH that I want to access outside of my network so we need to take care of that in UI Controller. Before, we would have browsed to Mijn Telenet, and opened up our IPv4 ports. With the USG its going to be a bit different.

In order to let the USG do all our routing we need to be a bit smarter and find our way around the limitations of the HGW. If you now head to Mijn Telenet and view your connected devices, only one should be in the list: UBNT which is the USG. We are going to keep it that way and put our USG in the DMZ, which essentially means that we open up every port on the device with this IP. This is not bad, since now we can move the full routing to the USG and configure our protection from the internet on the USG. Add the ip of your USG (UBNT in connected devices) in the DMZ on Mijn Telenet and wait until the HGW reboots if necessary. If the USG would change IP, all you have to do is change the IP of your DMZ device, but I donā€™t expect this to happen a lot.

In UI Controller, you can now configure port forwarding rules and if you try to access your WAN IP (shown on Mijn Telenet) you should be able to access the ports opened up outside of your home network.

As of today I still havenā€™t figured out how to get NAT Loopback working with this hardware combination so I am not able to access my WAN IP or domain name from inside my network unfortunately šŸ˜ž

Making your Telenet EOS TV box work with a Unifi network

Alright! Our network is now configured as we want it and further tweaking of network settings can be done exclusively in UI Controller, neat šŸŒ¶

But we have another problem to sort out. If your set-top box is connected via ethernet to your USG you will not have access to a lot of features on your EOS box. Playback from previous days, recording and TV on demand will all be unavailable as the EOS box has no direct connection to Telenet.

Initially I thought I was shit out of luck but my fiddling with the settings on the EOS box I found I surprising fix: you just need to connect your EOS box to Wifi. For some reason, unbeknownst to me, connecting the EOS box over a wireless connection works and enables all the features like you would have it wired to the HGW directly. If you take speed into consideration, it should not be an issue here. It is true that the EOS box can output 4K streams, but this is only true for the YouTube and Netflix app on the EOS box. Telenet still only delivers streams for the Belgian television network in 720/1080p so pulling that over Wifi should not be an issue.

This method worked for me, but if Telenet would be to block it later or it would not work for your setup, here are a couple of fixes you could apply:

  • If you have the option to run an ethernet cable directly from your HGW to the EOS box, I would do that. My wall only has 1 ethernet socket and I need to connect my TV, Chromecast, PS4 and Unifi AP to that socket.

  • Buy 2 simple powerline adapters to put the HGW directly in link with the EOS box. Donā€™t get the crap ones Telenet sells, buy some Devolo or TP-Link ones. They will still suck but that is just a property of powerlines in general. You wonā€™t include the EOS box on your main home network but then again, how big of an issue is that? Unless youā€™re streaming DLNA content on the EOS box or using Spotify Connect to play music via your EOS box, this should not be an issue.

Conclusion

Alright, I was so glad I could get this working. It was really a pain to get find this solution and luckily I could combine a lot of resources on the internet to achieve my goal. I think if there is one thing we can learn from all of this, itā€™s that Telenet is certainly very limiting and crippled in their view and abilities to let advanced home users run their own networking gear. Itā€™s a rare case to see that, even for business customers, they are forcing HGWs onto users with the EMTA modem-only model that also want to enjoy TV.

I hope my article helped you solve the problem if you were in the same boat. Reach out to me over Twitter or email if you have any suggestions, comments or findings āœŒšŸ»