Using your own Tomato router with Vodafone Spain

While Spain has great broadband, with most of the country being covered by FTTH (Fibre To The Home), it is no different to other countries in providing you with terrible equipment to access it.

Vodafone Sercomm H-500-s

In my case with Vodafone, I received a Vodafone branded Sercomm H-500-s and a Nokia Alcatel-Lucent G-010G-P ONT. This has some advantages, as it means that you can in theory just plug in your own router into the ONT and not allow Vodafone to remote in to your home network. The other thing that massively annoyed me that the router claims the IP address 1.1.1.1, which is actually the IP address of Cloudflare's DNS service, thus making it unusable.

With me staying home with the whole Covid-19 situation, I had some time to set up my Tomato Firmware router properly and remove the Vodafone router completely and have it connect directly to the ONT.

PPPoE Credentials

Vodafone (and probably all Spanish ISPs) uses PPPoE to authenticate the internet session. However, Vodafone will not share these credentials with you, so you'll have to extract them from the router. For this, we'll be using Wireshark.

  1. Plug into the Vodafone router directly with a cable into port 1.
  2. Turn off / unplug the ONT
  3. Reset the Vodafone Sercomm Router.
  4. Configure your device with a static IP address in 192.168.0.0/24.
    IP: 192.168.0.2
    Mask: 255.255.255.0
    Gateway: 192.168.0.1
  5. Login to the interface (192.168.0.1) with the default user:
    User: admin
    Password: VF-ESVodafone-H-500-s
  6. Once logged in, click Status & Support in the top right and then select Port Mirroring.
  7. In the command field enter:  -i ppp1 and hit Start.

Now you're ready to start capturing traffic, so fire up Wireshark and start capturing packets on your ethernet device. Now that it's capturing, you can turn on the ONT again, at which point your router will ask for the configuration data from Vodafone.

In Wireshark go to Find Packet and enter your landline number. This will search all incoming packets for it and ultimately come up with your credentials.

In the HTTP packet, you will find all the credentials you'll need.

The first one you should write down is the Router's Admin password (the red box is the value you want to extract:

Router Admin Password

And then the crucial PPPoE credentials:

PPPoE credentials

Now that we have all the credentials, we're ready to configure our Tomato router.

VLAN all the things

Spain's FTTH network using VLAN tags per operator and type of connection. In my case, this is Vodafone Indirect, aka NEBA, meaning VLAN 24 with priority 0.

You can find a great list of all operators and their VLANs here.

On your Tomato Router, go to Advanced > VLAN and configure your WAN bridge to be VID: 24 and selecting Tagged for the WAN Port. This will tell Tomato to tag the WAN interface traffic with VLAN 24.

PPPoE credentials

Save that - wait for your router to reboot - and then it's time to configure your PPPoE credentials.

On the Basic > Network page, configure the following fields:

  • Type: PPPoE
  • Username: The username you extracted above
  • Password: The password you extracted above
  • Service Name: vodafone
  • Redial Interval: 10
  • LCP Echo Interval: 10
  • LCP Echo Link fail limit: 5
  • MTU: 1492 / Default
  • Use DHCP: Disabled

Save your configuration and you should be good to go.

You should now be connected to the internet, directly from your Tomato router.

If you want to also use your Vodafone TV box, check out the next post on how to configure that.