How To Configure PPPoE Bypass On The Bell HH4000 Hardware

Since I got Bell Fibe 1.5 Gbps service installed, I’ve got a few questions about how I set up PPPoE bypass so that I can use my own router. I planned on doing a write up about that after I work out the speed issues that I had with my ASUS hardware, but since enough people asked about this I am doing this today.

First, let me explain why I want to use my own router rather the Bell HH4000 router, which stands for “Whole Home 4000”. I never, ever use the ISP supplied gear as that’s a way for the ISP to lock you in as it makes it difficult to switch providers. Because doing so would require you to basically tear down your network and rebuild it every time you switch. On top of that, ISP’s don’t have the best track record in terms of making their gear secure. Meanwhile most router companies spend more time and effort to make their gear secure. As long as you choose your vendor carefully, using a third party router is better from a security standpoint. Plus if you change ISP’s, at best it’s unplug one cable from the ISP’s hardware and plug the new ISP’s hardware in if you switch. At worst you have to do that and a bit of configuration on both the ISP’s hardware and your hardware. In the case of Bell, it’s the latter.

Now Bell’s HH4000 comes with the ability to do what’s called PPPoE bypass. In short, you type your PPPoE credentials into your router, and it passes them to the HH4000. Then assuming that they are correct, the HH4000 gives the router an external IP address and you’re good to go. It’s clean and simple and mostly works. I’ll explain the mostly part in a moment. But here’s all I had to do. Starting with the cabling:

  • Connect A CAT 5e or CAT 6 cable from HH4000 10Gbps Port which is the silver one on the right hand side on the back of the HH4000 to the WAN Port on the router

On the HH4000 side, I had to log into it and do some setup there:

  • Go to 192.168.2.1 and be prepared to type in your HH4000 password
  • Go to ‘Manage my Wi-Fi’ and do the following:
    • Change “Whole Home Wi-Fi” to OFF.
    • Under “Primary Wi-Fi network” click on “Advanced settings”.
    • Uncheck “Keep a common network name (SSID) and password for both 2.4 and 5 Ghz bands.”
    • Turn OFF the 2.4GHz network but leave the 5.0GHz on so that you can get back into the HH4000 if you need to.
    • Turn off Guest Network
    • Click “Save”
  • Click on “Advanced Tools and Settings”
  • Turn off UPnP, DLN and SIP ALG
  • Click “Save”

Next you have to log into your router and in the WAN section, set it up for PPPoE. How to do that varies by brand. But I will use my ASUS router as an example:

As you can see here, under “WAN Connection Type”, I have PPPoE selected. And under “Account Settings” I have my PPPoE username which starts with “b1” and password. Those have been redacted for security reasons. If you don’t have your “b1” PPPoE username and password, you can either get them from the Bell technician who does your install, or from the MyBell portal. You should also set up your PPPoE connection to connect automatically (in my case that’s the “Disconnect after time of inactivity” option) and make sure that PPP authentication is set to “auto”.

Once you do that, you should be able to connect to Bell’s network. If you get an WAN address that isn’t 192.168.2.xxx, then you’re good to go.

Here’s where I explain the “mostly” part. One thing that I noticed right away is that my upstream speed is way lower than the 1.06 Gbps that my connection is capable of. At the moment I am getting just over half that speed. And that’s likely because of how ASUS implements PPPoE. I say that because if I use DHCP to connect to the router, I get all the speed that I am paying for. Now some of you will say why don’t I use DHCP? That creates what’s called a double NAT which can play havoc with applications. If you really want to get into the weeds, you can read this but here’s what you need to know:

In a typical home network, you are allotted a single public IP address by your ISP, and this address gets issued to your router when you plug it into the ISP-provided gateway device (e.g. a cable or DSL modem). The router’s Wide Area Network (WAN) port gets the public IP address, and PCs and other devices that are connected to LAN ports (or via Wi-Fi) become part of a private network, usually in the 192.168.x.x address range. NAT manages the connectivity between the public Internet and your private network, and either UPnP or manual port forwarding ensures that incoming connections from the Internet (i.e. remote access requests) find their way through NAT to the appropriate private network PC or other device.

By contrast, when NAT is being performed not just on your router but also on another device that’s connected in front of it, you’ve got double NAT. In this case, the public/private network boundary doesn’t exist on your router — it’s on the other device, which means that both the WAN and LAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far — they arrive at the public IP address on the other device, where they’re promptly discarded.

Thus a double NAT is not optimal. Now to be fair to ASUS, they are likely not the only ones with a poor PPPoE implementation in their routers. I am just pointing the finger at ASUS as that’s the router that I have and I have clearly proven that it is at fault. Which is why I have opened a support ticket with ASUS to get them to address this as in the age of 1 Gbps or faster Internet connections, having a router do what I am describing isn’t acceptable. Thus the vendor of said router should be held accountable.

Now some of you will point out that another option other than to use PPPoE passthrough is to use Bell’s “Advanced DMZ” function along with DHCP. From what I can tell from experimenting with it, it moves your router into the HH4000’s DMZ or demilitarized zone where it can give the the device, in this case my router an external IP address. And this does work as it gives my router the full speed the I am paying for. But based on my research, Bell doesn’t implement this very well as many have reported that a router that sits in the DMZ can often lose Internet connectivity every day or two which is not good to say the least. Thus this option is likely one that you should avoid. Though I may try it for giggles just to find out if the instability of this option that has been noted by others is something that I see.

Now what would be better is if Bell much like Rogers implemented a proper bridge mode. That’s a mode where the device shuts off all routing functions and basically becomes a modem that served up an external IP address to the router. But Bell wants you using their gear for everything and I guess that by not having a proper bridge mode, they force the less technical down that path and lock them into using their service.

If you have any questions about any of this, please let me know in the comments. Or if you have a 100% reliable method to bypass the HH4000, I would love to hear from you as well.

UPDATE: I did some more experimentation with the “Advanced DMZ” functionality built into the HH4000. My conclusion is that it isn’t very stable based on the fact that it broke HomeKit support and VPN connections from my network to another network would not work at all or very well. Thus I would avoid this option entirely.

2 Responses to “How To Configure PPPoE Bypass On The Bell HH4000 Hardware”

  1. […] to do PPPoE bypass if you want to use your own router. Instructions on how to do that can be found here. But most people who get this will run it as a model/router. Let’s walk through the Home Hub […]

  2. […] like it if you use it if you phone into their tech support, but it’s there. Bell has PPPoE passthrough that accomplishes something similar. Whatever your telco offers, you should use it. The advantages […]

Leave a Reply

%d bloggers like this: