How To Configure PPPoE Bypass On The Bell HH4000 Hardware

Since I got Bell Fibe 1.5 Gbps service installed, I’ve got a few questions about how I set up PPPoE bypass so that I can use my own router. I planned on doing a write up about that after I work out the speed issues that I had with my ASUS hardware, but since enough people asked about this I am doing this today.

First, let me explain why I want to use my own router rather the Bell HH4000 router, which stands for “Whole Home 4000”. I never, ever use the ISP supplied gear as that’s a way for the ISP to lock you in as it makes it difficult to switch providers. Because doing so would require you to basically tear down your network and rebuild it every time you switch. On top of that, ISP’s don’t have the best track record in terms of making their gear secure. Meanwhile most router companies spend more time and effort to make their gear secure. As long as you choose your vendor carefully, using a third party router is better from a security standpoint. Plus if you change ISP’s, at best it’s unplug one cable from the ISP’s hardware and plug the new ISP’s hardware in if you switch. At worst you have to do that and a bit of configuration on both the ISP’s hardware and your hardware. In the case of Bell, it’s the latter.

Now Bell’s HH4000 comes with the ability to do what’s called PPPoE bypass. In short, you type your PPPoE credentials into your router, and it passes them to the HH4000. Then assuming that they are correct, the HH4000 gives the router an external IP address and you’re good to go. It’s clean and simple and mostly works. I’ll explain the mostly part in a moment. But here’s all I had to do. Starting with the cabling:

  • Connect A CAT 5e or CAT 6 cable from HH4000 10Gbps Port which is the silver one on the right hand side on the back of the HH4000 to the WAN Port on the router

On the HH4000 side, I had to log into it and do some setup there:

  • Go to 192.168.2.1 and be prepared to type in your HH4000 password
  • Go to ‘Manage my Wi-Fi’ and do the following:
    • Change “Whole Home Wi-Fi” to OFF.
    • Under “Primary Wi-Fi network” click on “Advanced settings”.
    • Uncheck “Keep a common network name (SSID) and password for both 2.4 and 5 Ghz bands.”
    • Turn OFF the 2.4GHz network but leave the 5.0GHz on so that you can get back into the HH4000 if you need to.
    • Turn off Guest Network
    • Click “Save”
  • Click on “Advanced Tools and Settings”
  • Turn off UPnP, DLN and SIP ALG
  • Click “Save”

Next you have to log into your router and in the WAN section, set it up for PPPoE. How to do that varies by brand. But I will use my ASUS router as an example:

As you can see here, under “WAN Connection Type”, I have PPPoE selected. And under “Account Settings” I have my PPPoE username which starts with “b1” and password. Those have been redacted for security reasons. If you don’t have your “b1” PPPoE username and password, you can either get them from the Bell technician who does your install, or from the MyBell portal. You should also set up your PPPoE connection to connect automatically (in my case that’s the “Disconnect after time of inactivity” option) and make sure that PPP authentication is set to “auto”.

Once you do that, you should be able to connect to Bell’s network. If you get an WAN address that isn’t 192.168.2.xxx, then you’re good to go.

Here’s where I explain the “mostly” part. One thing that I noticed right away is that my upstream speed is way lower than the 1.06 Gbps that my connection is capable of. At the moment I am getting just over half that speed. And that’s likely because of how ASUS implements PPPoE. I say that because if I use DHCP to connect to the router, I get all the speed that I am paying for. Now some of you will say why don’t I use DHCP? That creates what’s called a double NAT which can play havoc with applications. If you really want to get into the weeds, you can read this but here’s what you need to know:

In a typical home network, you are allotted a single public IP address by your ISP, and this address gets issued to your router when you plug it into the ISP-provided gateway device (e.g. a cable or DSL modem). The router’s Wide Area Network (WAN) port gets the public IP address, and PCs and other devices that are connected to LAN ports (or via Wi-Fi) become part of a private network, usually in the 192.168.x.x address range. NAT manages the connectivity between the public Internet and your private network, and either UPnP or manual port forwarding ensures that incoming connections from the Internet (i.e. remote access requests) find their way through NAT to the appropriate private network PC or other device.

By contrast, when NAT is being performed not just on your router but also on another device that’s connected in front of it, you’ve got double NAT. In this case, the public/private network boundary doesn’t exist on your router — it’s on the other device, which means that both the WAN and LAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far — they arrive at the public IP address on the other device, where they’re promptly discarded.

Thus a double NAT is not optimal. Now to be fair to ASUS, they are likely not the only ones with a poor PPPoE implementation in their routers. I am just pointing the finger at ASUS as that’s the router that I have and I have clearly proven that it is at fault. Which is why I have opened a support ticket with ASUS to get them to address this as in the age of 1 Gbps or faster Internet connections, having a router do what I am describing isn’t acceptable. Thus the vendor of said router should be held accountable.

Now some of you will point out that another option other than to use PPPoE passthrough is to use Bell’s “Advanced DMZ” function along with DHCP. From what I can tell from experimenting with it, it moves your router into the HH4000’s DMZ or demilitarized zone where it can give the the device, in this case my router an external IP address. And this does work as it gives my router the full speed the I am paying for. But based on my research, Bell doesn’t implement this very well as many have reported that a router that sits in the DMZ can often lose Internet connectivity every day or two which is not good to say the least. Thus this option is likely one that you should avoid. Though I may try it for giggles just to find out if the instability of this option that has been noted by others is something that I see.

Now what would be better is if Bell much like Rogers implemented a proper bridge mode. That’s a mode where the device shuts off all routing functions and basically becomes a modem that served up an external IP address to the router. But Bell wants you using their gear for everything and I guess that by not having a proper bridge mode, they force the less technical down that path and lock them into using their service.

If you have any questions about any of this, please let me know in the comments. Or if you have a 100% reliable method to bypass the HH4000, I would love to hear from you as well.

UPDATE: I did some more experimentation with the “Advanced DMZ” functionality built into the HH4000. My conclusion is that it isn’t very stable based on the fact that it broke HomeKit support and VPN connections from my network to another network would not work at all or very well. Thus I would avoid this option entirely.

UPDATE #2: There is an alternate way of doing this that appears to be stable for me and might work for you. Details are available here.

18 Responses to “How To Configure PPPoE Bypass On The Bell HH4000 Hardware”

  1. […] to do PPPoE bypass if you want to use your own router. Instructions on how to do that can be found here. But most people who get this will run it as a model/router. Let’s walk through the Home Hub […]

  2. […] like it if you use it if you phone into their tech support, but it’s there. Bell has PPPoE passthrough that accomplishes something similar. Whatever your telco offers, you should use it. The advantages […]

  3. […] suppled gear for these reasons. Originally, I was using the PPPoE bypass method as described in this article to make this happen, which worked fine except for […]

  4. Thanks for all the details and research! I have pursued both DMZ and PPPOE. PPPOE only getting me to 600 up and down while I can’t make the DMZ work for me at all. I have the same ASUS router and the Bell Giga Hub and Fibe 3.0. Very similar set up – cat 6 cables.

    On bell’s hardware I’m getting 1000 up/down but on the ASUS I can’t move past 600 up and down. I’m hopeful DMZ can move me into the > 1000 territory.

    I suspect that the issue I have is in the WAN set up on the ASUS setting up dhcp. Do I have to pass in any account credentials? To my simple mind if I’m putting the router ahead of the modem it would need something the validate with Bell but I’m probably at the limit of my understanding. If you have any thoughts much appreciated – and thanks for all the heavy lifting – hoping to get

  5. Thanks for fast respond – followed it to a T (and the PPPOE walk through) but get no internet through to the ASUS router. Was there anything you did specifically for the WAN on the ASUS router side other than switch from PPPOE back to Automatic IP (DHCP).

    • No. I didn’t do anything special. I do note that in my guide, I say to power up the router first, then the HH4000 (I assume that is what you are using). Did you do that?

  6. Hmm I will try it again. It isn’t the HH4000 but the GigaHub which from what I’ve heard is essentially the same. I did do the router first! Will report back.

  7. Hi, thanks for writing up a detailed guide on how to use Asus XT8 with Bell without loosing around half the upload speed. Now, unfortunately after setting up the XT8 in DHCP mode,I am running into intermittent connection issues, and I wonder if that could be because of the10 minute connection lease assigned to the router. Any suggestions? Thanks a bunch!

    • Dumb question. When you powered everything up, did you power on the XT8 FIRST then the HH4000 (you are using the HH4000 and not the Gigahub, correct)? If you haven’t, you should try that and see if the behaviour changes.

  8. Hi Thanks for the quick response. I’m using HH4000, not Gigahub, and I powered on the XT8 first, waited for the status light to turn red and then turned on Home Hub. I also just did the whole setup from scratch, but still running into the same issues.

    • Odd. It’s pretty straightforward and I’ve implemented this for a number of my clients with no issues.

      IF you plug this in and set this up so that you only get a local IP address (192.168.2.x) and don’t use the advanced DMZ, do you get Internet access? What I am trying to determine here is if the issue is with your XT8 or with the Bell hardware.

      Also, are you sure you’ve set the WAN port to DHCP?

  9. Hi,
    Yes I do get internet access with a local IP address of my HH4000. WAN Connection type is set as Automatic IP

    • And yes WAN port (and not Ethernet) is set to do DHCP. Funny thing is that without Advanced DMZ on in the Bell Home Hub, my lease time on XT8 is for 2 days (instead of 10 minutes) and internet is stable, the issue being Double NAT of course.

  10. […] is was the Home Hub 4000 (AKA: HH4000) hardware, which I have effectively bypassed by using first this method and then this method to do it. But since Bell has been rolling out a new piece of hardware as they […]

  11. Kelly Greenwood Says:

    Thx for this. If you leave the 5Ghz channel open on the HH, are you still double NATd?

Leave a Reply

%d bloggers like this: