A technical moan, I’m afraid.
Since upgrading from 3/0.4Mbps ADSL to 40/10Mbps FTTC Internet today, I’ve had to use a new router to replace my very aged ZyXEL Prestige 660R which has, aside from no recent software updates, been pretty reliable.
So I’ve had a new ZyXEL VMG1312-B10A running on the line for about 24 hours, and first impressions are not good. Not that it’s not working as a VDSL modem, just that it’s not really working as much else.
There are enough things wrong that it’s worth listing them somewhere so I can remind myself how painful this thing is.
I should comment that I’ve managed to get it working in bridge mode enough that the line is usable, and I’m getting better speeds through it than with the previous ADSL line, which is one good thing!
Software version is 1.00(AAJZ.5)C0. There’s apparently a newer version, but the release notes don’t indicate that any of the below have been fixed, and given its current state I’m not sure I want to risk flashing it.
An unexpected feature as I only needed a router, but turns out it won’t do WPA-Enterprise, so totally useless. Even 5 year old Netgear boxes at the same price can do that.
The User’s Guide is really helpful in giving information on what RADIUS, 802.1X (though they use a lowercase x) and EAP are, even though the product doesn’t do them.
RIP works, which is nice. It even plants routes in the routing table. The router can ping out to IP addresses on those routes, and the destination responds.
But the firewall on the router drops any packets that aren’t on the immediate subnet. “Disabling” the firewall actually leaves it running and the broken rules in place.
Workaround is that, as a bonus, the iptables command works at the CLI (undocumented), so the following will remove the broken rules:
> iptables -F LAN_ONLY_FORWARD
> iptables -F LAN_ONLY_INPUT
sadly, they come back at boot time. So this thing is only barely usable as a “router”.
Mem: 57188K used, 1696K free, 0K shrd, 0K buff, 18736K cached
CPU: 0.0% usr 50.0% sys 0.0% nic 50.0% idle 0.0% io 0.0% irq 0.0% sirq
Load average: 3.94 3.72 3.76 3/73 7641
PID PPID USER STAT VSZ %MEM CPU %CPU COMMAND
7624 257 supervis R 10604 17.9 1 45.7 httpd -m 0 -s
7640 7638 supervis R 2148 3.6 1 4.1 top
260 257 supervis S 8272 14.0 0 0.0 ssk
7603 7582 supervis S 8060 13.6 1 0.0 sshd -m 0
but, unthankfully, kill isn’t.
Looking at the syslog data isn’t very reassuring either:
> syslog dump brcm
2015-10-06T22:56:10 (none) daemon.warn System: BadVA : 00000000
2015-10-06T22:56:10 (none) daemon.warn System: PrId : 0002a080 (Broadcom4350)
2015-10-06T22:56:10 (none) daemon.warn System: httpd/3318: potentially unexpected fatal signal 11.
2015-10-06T22:56:10 (none) daemon.warn System: Cpu 1
2015-10-06T22:56:10 (none) daemon.warn System: $ 0 : 00000000 00000001 004fbc1f 2ab50014
2015-10-06T22:56:10 (none) daemon.warn System: $ 4 : 004fbc1e 00000000 00000000 00000000
2015-10-06T22:56:10 (none) daemon.warn System: $ 8 : 07ab9b5b 00000001 00000297 00000000
(repeated many times) So it looks like httpd is stuck in a segfault/restart loop eating up CPU resources and power.
The web server was usable before switching into bridge mode, so I’m suspecting that has something to do with it, but I can’t yet work out how to disable bridge mode from the CLI…
…which leads me neatly on to:
help helpfully lists all the available commands. Unhelpfully, several of them don’t work
sshd:error:95.474:processInput:544:unrecognized command tr69c
I have no idea what the tr69c command is there to do, and it looks like I’m not going to find out either. TR-69 looks like the protocol used by the ISP to configure the router, so I probably want this off anyway, but no chance now that the web server is broken.
What’s more, there are extra commands not listed in the help, such as iptables, top and ps. But being the really useful thing it is, sh and/or bash are apparently missing.
This thing runs Linux. Just give us a shell or write a decent CLI for it; don’t leave us with a few working commands, a few Linux commands to save writing replacements, and the rest just broken.
Ah! A way to get shell access of sorts. The echo command works, and takes backtick expansion:
> echo hi
> echo `whoami`
> echo `ls /`
bin data dev etc home lib linuxrc log mnt opt proc sbin sys tmp usr var vmlinux.lz webs
cat also works, which makes things a little easier:
> cat /proc/version
Linux version 2.6.30 (root@CjLai2Ubuntu) (gcc version 4.4.2 (Buildroot 2010.02-git) ) #1 SMP PREEMPT Wed Mar 25 15:37:10 CST 2015
You can even pipe into commands:
> ps | ls /
bin etc linuxrc opt sys var
data home log proc tmp vmlinux.lz
dev lib mnt sbin usr webs
So we can now get shell access with:
> cat | sh
Root shell, not bad. Why not make it easier?
[update: login as user “supervisor” rather than “admin”, and you can then type sh at the prompt to get a shell!]
Trying out a few commands, you don’t expect to hit this in production code.
Aiee, segfault! You should probably report this as a bug to the developer
Connection to a.b.c.d closed.
So I happily got my new DSL line working and headed off into work. An hour later, the router dropped the line. When I get home I look at its log and it just reports that the Internet link went down. Then it sat there for the rest of the day without trying to reconnect. This might be a first time fluke, but I need a router that will keep trying to connect as fast as its little CPU can cope, not that gives up at the first try.
Extensive, but gives no information about the CLI at all that I can see. Maybe they were too embarrassed to mention it…
So far my only advice is to turn off everything and put it into bridge mode, run pppoe on an internal server to terminate the connection and forget about the router.
Come on ZyXEL, you can do better than this! I know, because I’ve been using a P660R for the last 10 years.
2 Thoughts on “First experiences of the ZyXEL VMG1312-B10A”
Got itself so screwed up I did a configuration reset, disabled TR-069 from the (now working) web interface, configured it all manually and for the time being it is working in bridge mode with the web interface quite sprightly. We’ll see how long it lasts…
Nice article dude, I have a seriuos issue to start a ssh session into my VMG1312-B10A, but if I can to change the supervisor password using echo `passwd supervisor`, then can’t login with that account named supervisor. What can wrong do ?
Regards, and thanks your indeed.