Back to Silas S. Brown's home page
Openreach broadband providersMany UK home Internet contracts are now sold by providers using the Openreach (ex-BT) infrastructure.
The following notes are from my experience; your mileage may vary, and no warranty is implied.
- We used them from mid-2016 to mid-2018
- They used both IPv6 and IPv4
- Our Raspberry Pi did work as a home server with Dynamic DNS when configured to use IPv4-only (i.e. we had a public IPv4 address not suppressed by carrier-grade NAT)
- The supplied router had both UPnP and DMZ options for setting up servers, and can reserve DHCP IPs for specific MAC addresses (useful for setting up wireless printers etc)
- We did not understand Sky's procedure for returning the router for recycling at the end of our contract, so we kept it (see below)
- The ISP traffic management included the blocking of outgoing SYN packets when the uplink is loaded---so if a large upload is in progress, you won't be able to create new connections but can use established SSH tunnels.
- It's a good idea to rate-limit large uploads on the client side anyway, so as to avoid completely saturating the uplink for other users in the home; the uplink is typically about 10 times slower than the downlink. You can 'throttle' some uploads with e.g. pv -L 64k < source | ssh server 'cat > dest'
- Sky offered us a large introductory discount for 2016/17 (with no installation fee for the new line), then when we asked to leave at the end of the discounted period, they offered a smaller discount for 2017/18. But the discount they offered us for 2018/19 was smaller still, and switching became noticeably cheaper.
- We used them from mid-2018 to mid-2019
- They used IPv4
- Our Raspberry Pi worked as a home server (not suppressed by carrier-grade NAT)
- TalkTalk's supplied router was vulnerable to CVE-2018-8898 and we didn't use it. But the procedure for returning it for recycling at the end of the contract was very straightforward---they automatically sent packaging and a label for us to take to a Post Office.
- Sky's router worked with TalkTalk after a simple restart; the only minor issue was its clock was stuck in 1970 because it came 'hardwired' to use Sky's internal NTP servers on startup and these were not available via TalkTalk.
- TalkTalk's customer database system was slightly annoying: during sign-up they wrote down my name wrongly, and then they weren't willing to fix it unless I submitted a certificate of Deed Poll or something (until I pointed out at the end of the contract that they were sending multiple "please renew at a smaller discount" letters with the wrongly-written name---evidently the customer-retentions team had the authority to fix it)
- and when we left, the synchronisation of our switch date to the end of the discounted contract didn't quite work and we had to pay a couple of pounds "early exit fee" for being off by a few days
Post Office Broadband
- We used them starting in mid-2019
- They used IPv4 (and shared some infrastructure with Talktalk)
- Sky's router did not work with GPO's service (the latter required a login, which can reportedly be extracted from GPO's router but cannot then be added in to Sky's without serious reflashing)
- but GPO's own router (a modified AMG1302-T11C) had all necessary UPnP, DMZ, IP-reservation functions etc: we were able to copy over all configuration from Sky's router, so no change was required on our client devices
- GPO's router did however have a poor WPS implementation: once you add a device (like a wireless printer) via WPS, all non-WPS devices are thrown off the WiFi until you restart the router, whereupon the WPS devices are locked out. So it's best to leave WPS disabled: use "WiFi Direct" (Simple AP) to access the new device's HTTP server and go from there.
- Our Raspberry Pi worked as a home server (not suppressed by carrier-grade NAT), but all incoming connections appeared to originate at our home's external IP address instead of the true outside address (it seems GPO's router did NAT in both directions)---this made server diagnostics (and IP-related rules) more difficult, as none of the logs said where outside connections really came from other than "outside".
- GPO's contract came with anytime landline calls to other Post Office Home Phone customers, and it was possible to share a referral bonus with one when signing up by telephone. The inclusive calls must not exceed one hour per call or they start billing extra.
- GPO's DNS server returned proxy addresses in Talktalk/Opal's 126.96.36.199/17 block for some hosts, including
github.com(interfering with SSH-based Git cloning) and
ssh.st0rage.org(interfering with SSH logins). This could sometimes be worked around by setting
.ssh/configto use alternate hosts (e.g.
github.com); it could also be worked around by using a public DNS server, or put the IP address into
/etc/hosts(e.g. 188.8.131.52 for GitHub) although this can change so you'll have to keep it updated. Alternatively you could use an SSH tunnel via the university.
All material © Silas S. Brown unless otherwise stated.
CVE is a registered trademark of The MITRE Corporation.
Git is a trademark of the Software Freedom Conservancy.
GitHub is a trademark of GitHub Inc.
Post Office is a registered trademark of Post Office Limited.
Raspberry Pi is a trademark of the Raspberry Pi Foundation.
Wi-Fi is a trademark of the Wi-Fi Alliance.
Any other trademarks I mentioned without realising are trademarks of their respective holders.