What's new

ZenWiFi XT8 Double NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DeNeo

Occasional Visitor
I'm in the UK and my ISP is Sky (well, Now TV, but they're the same thing). The router they supply is fairly locked down - it can't be put into Bridge or Modem-only mode, and requires authentication via DHCP Option 61.

I used to have Google WiFi, but decided to upgrade due to poor signal - I live in a flat that runs the length of the building, making it hard to get signal from the 1st room (where the internet connection is) to the 3rd at the other end of the building. The wifi connection in the 3rd room was always weak, even though I was using 3 hubs.

I decided on the ZenWiFi XT8, as it looked like the dedicated back-haul would help the connection between the hubs. And it did! I'm really happy with the signal quality now - especially since I'm using just 2 hubs compared to 3.

One issue I've got is that connecting it to my Sky router creates a double NAT. It's something I had with my Google WiFi, but managed to get round it thanks to a guide in another forum. I tried to replicate this guide with the ZenWiFi, but after about an hour or so it started repeatedly disconnecting everything from the WiFi, so I just reverted back to the original settings.

Here's what I did:
- Set a fixed WAN IP in ZenWiFi
- Reserved the same IP in Sky router
- Turned off DHCP in Sky router
- Set ZenWiFi as a DMZ server in Sky router

Is there anything I missed, that would cause those repeated disconnections?

The double NAT isn't a massive issue, although I do have a Plex server that my family use, and my Roku stick keeps not connecting to the WiFi every so often (something that wasn't a problem with the Google WiFi, so I'm not sure if this is because of the double NAT or not), so I'd rather find a way to fix it if I can.

Having a read through threads on here, it seems like my other options are:
- Getting an RT-AX88U, as this can be flashed with Merlin (which includes a DHCP Option 61 setting) and having that connected to the Sky router
- Putting ZenWiFi into AP mode (I know this isn't recommended)
- SSHing into the ZenWiFi hubs to enable Option 61 (though this looks pretty tricky, and the guide I saw was for a different ASUS router)
- Moving to a different ISP. Which I think, ultimately, is the best long-term option

Thanks in advance for any help you can give! :)
 
I am not familiar with the Now TV router but if it is a WiFi router can you confirm that the WiFi has been disabled and the only device connected to it is the primary ZenWiFi router?
 
Sorry, yes, should've mentioned - the WiFi has been disabled on the Now TV/Sky router, and the only device connected to it is the ZenWiFi.
 
I can't think of any reason why having double NAT or not would have any effect on WiFi connectivity. If there was some fundamental mis-configuration of the network I'd expect it to be apparent immediately, not manifest itself an hour or so later.

BTW Putting a second router in the DMZ of the first router doesn't mean that you still don't have double NAT. It just means that you don't have to configure individual port forward rules on the first router.

Here's what I did:
- Set a fixed WAN IP in ZenWiFi
- Reserved the same IP in Sky router
- Turned off DHCP in Sky router
- Set ZenWiFi as a DMZ server in Sky router

Is there anything I missed, that would cause those repeated disconnections?
So are you saying that with these changes you get disconnections but with the default settings (no DMZ, DHCP enabled) you have no problems? If so try leaving DHCP enabled on the Sky router (but still have the reserved the IP for the ZenWiFi).
 
I can't think of any reason why having double NAT or not would have any effect on WiFi connectivity. If there was some fundamental mis-configuration of the network I'd expect it to be apparent immediately, not manifest itself an hour or so later.

Yeah, that's what I thought. I was wondering if one of the things I did to the Google WiFi was incorrect for the ZenWiFI, but it didn't seem like anything I'd done would have messed with the wifi.

So are you saying that with these changes you get disconnections but with the default settings (no DMZ, DHCP enabled) you have no problems? If so try leaving DHCP enabled on the Sky router (but still have the reserved the IP for the ZenWiFi).

The only connection issue I have with the default settings is with a Roku stick that's right next to the main hub - but I've read this could be to do with interference from its WiFi Direct remote. Everything else is working perfectly.

I'll have a go at what you suggest, thanks :)
 
It appears to me that you are in a mixed mode of bridge double NAT. If double NAT worked before for you then it should work now.

1. Put your Sky router back in router mode and enable DHCP and disable DMZ as you probably don't need it. Turn of its WiFi radios if you don't plan on using them.
2. Run an Ethernet cable from a LAN port on the Sky router to the WAN port on the ZenWiFI.
3. On the Zen set the WAN IP to automatic.
4. On the ZEN select an IP LAN subnet that is different from the subnet of Sky router and enable DHCP.
5. Power down both routers. Reboot the Sky router then after it is online power up the ZEN.

Done. If you decide to use the ZEN as an AP there is a complete tutorial on this site on how to repurpose a router into an AP.
 
Cool, thanks, I'll give that a go too and report back :)
If you need more explicit instructions here is a write up.
 

Attachments

  • How to double NAT two routers.txt
    4.9 KB · Views: 348
Can you get your broadband details from sky? I heard recently that Sky now support customers using their own routers etc. If so i would get a cheap modem and use that to terminate the broadband and use the ASUS in PPPoE. Modem wise you could get either a Technicolor TG588 or Draytek Vigor 130 and put them in Bridge mode and away you go.
 
@DeNeo I got this router and sky broadband working too, after I'd upgraded from an older router with merlin & option 61 enabled.
So I was a bit nervous whether it would work without a custom firmware, but it does ... here's what I did.

I got a refurb'd HG612 openreach modem from here https://www.mymemory.co.uk/bt-openreach-huawei-vdsl-fttc-fibre-modem-refurbished-hg612.html (which I was first using with my older router that had the option 61 enabled via merlin fw)

Make sure you've already captured your skydsl username/password using wireshark (I followed this https://www.georgebuckingham.com/sky-fibre-router-vdsl-password/)

Enable SSH access on the ZenWifFi router on the admin page, then ssh to it from a command/terminal window. Run the following (replace the placeholder with your sky user/password)

nvram set wan_clientid_type="0"

nvram set wan0_clientid_type="0"

nvram set wan_clientid="yourusename@skydsl|yourpassword"

nvram set wan0_clientid="yourusename@skydsl|yourpassword"

nvram commit

reboot

After that I was connected, and no double NAT. Hope that helps!

(I used the info I found here https://helpforum.sky.com/t5/Broadband/Asus-ax11000-rog-router-with-sky-Q-fibre/td-p/3025545# but found I did not need to worry about setting the vendor Id stuff)
 
Oh amazing! That's exactly what I was looking for! And luckily I already have that modem.

Thank you, I'll try that out this weekend :)
 
@Steve L Thanks so much for this - it worked perfectly!

If anyone stumbles across this thread and wants to do the same, I expanded on Steve's instructions for first-timers and using a couple of other details I found elsewhere:

Connect your HG612 modem. It needs no set-up – if the DSL light goes solid after a minute or 2, then it’s synced up on the VDSL side

Capture your Sky username/password using Wireshark (https://www.georgebuckingham.com/sky-fibre-router-vdsl-password/)

OR just use generic credentials (Username: abcdefgh@skydsl Password: 1234567890abcdef)

Enable SSH access on the ZenWiFi router on the admin page (Administration > System > Enable SSH)

Download KiTTY/PuTTY. Enter your router’s IP address and click Open

Login using username and password (the same as in the web admin panel of the router)

Run the following, one line at a time (replace the generic details with your Sky user/password if needed)

nvram set wan_clientid_type="0"

nvram set wan0_clientid_type="0"

nvram set wan_clientid="abcdefgh@skydsl|1234567890abcdef"

nvram set wan0_clientid="abcdefgh@skydsl|1234567890abcdef"

nvram commit

reboot


Make sure the WAN port is connected to the modem before rebooting the router

Once connected to your ISP, change DHCP query frequency from Aggressive Mode to Normal Mode
 
Oh, and I think I managed to sort the Roku connection issue out as well.
  • Go into the AiMesh settings
  • Click on the Roku in the client list
  • Switch on ‘MAC and IP Address Binding’
It flips out a bit when it first boots up, but then it connects just fine.
 
I have been using an rt-ac66u for about 5 years on sky, it got flakey and rebooting regularly, one time it erased settings, i went from merlin to stock and factory reset it. I wrongly assumed that stock doesn't use option 61 and since it worked i ordered zenwifi xt8 too knowing merlin not supported. Im glad i found this info. So i took a look at my nvram on old router and it has:
wan_clientid_type=0
wan1_clientid_type=0
wan0_clientid=7D4CA54BCE44@skydsl|aa4c56d2fb
wan_clientid=7D4CA54BCE44@skydsl|aa4c56d2fb

Note wan0 vs wan1 posted above, so nvram wasn't erased with factory reset, luckily for me.
 
I have been using an rt-ac66u for about 5 years on sky, it got flakey and rebooting regularly, one time it erased settings, i went from merlin to stock and factory reset it. I wrongly assumed that stock doesn't use option 61 and since it worked i ordered zenwifi xt8 too knowing merlin not supported. Im glad i found this info. So i took a look at my nvram on old router and it has:
wan_clientid_type=0
wan1_clientid_type=0
wan0_clientid=7D4CA54BCE44@skydsl|aa4c56d2fb
wan_clientid=7D4CA54BCE44@skydsl|aa4c56d2fb

Note wan0 vs wan1 posted above, so nvram wasn't erased with factory reset, luckily for me.
Hi, are you saying Option 61 is no longer needed... or that its supported in stock asus firmware?
 
Hi, are you saying Option 61 is no longer needed... or that its supported in stock asus firmware?
Merlin puts option 61 config in admin web. If merlin not supported on your model you use nvram to set options i put in my reply above and it magically connects with normal dhcp settings.
 
Please excuse what might be a dumb question, but I've just got a pair of XT8s and am currently running them in a double-NAT setup with my Sky hub. I've got an Openreach modem, and would love to get rid of the Sky hub.

So, if I use SSH to setup the authentication as described above, is that a permanent fix or would I need to do it every time the router was rebooted or the firmware upgraded?

many thanks
 
Actually, looking at the web interface for the XT8, there now seems to be a DHCP option 61 field in the stock firmware so it might be possible to get it connected without having to use SSH.
 
Actually, looking at the web interface for the XT8, there now seems to be a DHCP option 61 field in the stock firmware so it might be possible to get it connected without having to use SSH.
Thats cool - I posted a request in the beta testing thread asking for that - I just noticed it too after checking. The setting persists through upgrades so you only need to set it again after a factory reset. Enjoy removing your double NAT. If you have SkyQ boxes it seems with my network the main SkyQ box creates its own SSID on 5 and 2.4G which the SkyQmini uses, my main skyq box is wired to my XT8 so I dont need to give my SSID/password
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top