Georgia, DFP-34X-2C2 and SilkNet

Vladimir Stoliarov

Guide about replacing stock ONU with more reilable hardware

Reasons to replace:

Lack of 5Ghz Wi-Fi and 100Mbit/s ethernet ports - less throughput than tariff limits
Lack of features: VPN clients, etc.
Probably more, but it's enough for me

ODI DFP-34X-2C2 - GPON SFP module. There are a lot of similar devices (RTL960x chips based). But this module firmeare comes with bunch of hacks and knobs that makes it suitable for nearly all ISPs.

Buying hardware

Stick (GPON module) itself: https://www.aliexpress.com/item/1005003515662920.html (choose "XPON")
Optionally: APC-UPC converter if your fiber cable has "green" (APC) connector because module has "blue" (UPC) port: https://www.aliexpress.com/item/4000935308811.html (choose "0DB APC TO UPC"). My cable has UPC connector, but it still may be useful i.e. when you decide to change ISP.

Difference between APC and UPC polishing type. "SC" here is a connector type - Standard Connector. Source: https://hack-gpon.org/quick-start

Device with SFP port. There are two ways:

Buy mediaconverter like this https://aliexpress.com/item/33020903298.html (choose "no sfp module") and connect it to your PC or router's WAN port.
Buy router with SFP port. I will use Mikrotik hAP AC (don't mess with "hAP AC lite" or "hAP AC 2", they doesn't have SFP port). It's a bit obsolete (i.e. has no WPA3 and Wi-Fi 6), but compact. Probably something like Banana Pi BPI-R3 (available on Amazon) will be better (more powerful CPU, Wi-Fi 6 onboard) but has more complicated setup.

Backup stock ONU config

Go to http://192.168.100.1 with following credentials:

username: Silknet

password: Silknet@dmin

Save following information from status page: Firmware Version, Hardware Version, MAC Address, Product Class

Go to "Interface setup" and save "VLAN ID" in "802.1q" section.

Go to "Maintainance" -> "Firmware" and click "ROMFILE BACKUP". This is actually config file in xml format. Find "VendorId" attribute in "GPON" -> "ONU". Mine is "HWTC". This file contains a lot of information that may be used later.

Download necessary files

New firmware for GPON module: https://github.com/Anime4000/RTL960x/blob/7dbe251734b497c7221e55212dda06443c84e744/Firmware/DFP-34X-2C2/M110_sfp_ODI_220923.tar (my module already had this out of the box)
New firmware for Mikrotik if bought: https://mikrotik.com/product/RB962UiGS-5HacT2HnT#fndtn-downloads (choose "RouterOS current release")
Python script to generate MAC_KEY: https://gist.github.com/rajkosto/29c513b96ea6262d2fb1f965a52ce16f. Not required but more convenient than manual calculation with md5sum

Connecting all together

It's imprortant to do this before setting up because GPON module won't work without fiber cable plugged in.

Plug GPON module into SFP port
Unplug stock ONU's power supply
Remove protection cover from stock ONU to get access to connector
Remove rubber cap from GPON module
Unplug fiber cable from stock ONU and plug it into GPON module
Put rubber cap into stock ONU's optical port to protect it from dust, etc.
Put stock ONU's protection cover back

Setting up Mikrotik

This part can be skipped if you use mediaconverter. In this case just connect it to your PC and manually assign IP like 192.168.1.65 with subnet 255.255.255.0 and gateway 192.168.1.1 to ethernet interface.

After powering up router will beep. Wait until "PWR" led stops blinking, "SFP" led lights up and default Wi-Fi networks appear.

Connect to one of these networks and go to http://192.168.88.1. Login/password - admin/ admin

Upgrade firmware:

Go to "WebFig" (top right corner) -> "Files" (left menu) and upload firmware file (.npk)
Reboot router ("System" -> "Reboot")
Wait for start, firmware will be upgraded automatically

Perform basic settings to make GPON module's web interface accessible:

In "QuickFig" (first page after login) choose "sfp1" instead of "ether1" as internet interface
Optionally check "Bridge all ethernet interfaces". This makes first port (WAN) part of local network.
Rename Wi-Fi networks, choose "2GHZ-only-N" for 2.4Ghz network and "5Ghz-only-AC" for 5Ghz network to achieve maximum speed and set up network passwords
Change admin password
Click "Apply", connect to one of new protected Wi-Fi network and login to router's web-interface again.
In "WebFig" -> "IP" -> "Addresses" click "Add New", select "sfp1" interface, enter 192.168.1.65/32 as "Address" and 192.168.1.1 as "Network"

Manual IP address assignment to access GPON module

Also verify that "sfp1" is in "WAN" list in "WebFig" -> "Interfaces" -> "Interface lists" and not in "WebFig" -> "Bridge" -> "Ports". Without this GPON module will be inaccessible.

Here is the list of CLI commands. Use telnet of "Terminal" tab in web interface and run one-by-one because some of them requires parameters from output of previous command (anything after # is a comment):

# make "sfp1" WAN port
/interface bridge port remove [find bridge=bridge interface=ether1]
/interface list member add list=WAN interface=sfp1
# make "wan" port local
/interface bridge port add bridge=bridge interface=ether1
/interface list member remove [find list=WAN interface=ether1]
# assign ip to "sfp1" to access GPON module
/ip address add interface=sfp1 address=192.168.1.65/32 network=192.168.1.1
# change admin password
/password old-password="admin" new-password="<new password>" confirm-new-password="<new password>"
# rename, secure Wi-Fi (note that after each command you may need to reconnect to network)
/interface wireless security-profiles set 0 authentication-types=wpa2-psk wpa2-pre-shared-key="<wi-fi password>"
/interface wireless set wlan1 ssid="<2ghz ssid>" band=2ghz-onlyn channel-width=20/40mhz-XX
/interface wireless set wlan2 ssid="<5ghz ssid>" band=5ghz-onlyac channel-width=20/40/80mhz-XXXX

Setting up GPON module

Go to http://192.168.1.1. Login/password - admin/ admin

Verify that you have firmware version at least 220923 on "Firmware upgrade" page. If it's older - upgrade it.

Upgrade procedure: go to "Firmware Upgrade" page, select previously downloaded firmware (.tar) and press "Upgrade".

Go to "Password" page and change admin password.

Go to "VLAN Settings", select "Manual" -> "PVID" and enter previously recorded VLAN ID. Do not forget to "Apply Changes"

Go to "Settings" and enter data as shown

Notes:

PLOAM Password is 00000000000000000000 (20x "zero"). Another ones will also result in successful authorization but unstable connection.
Do not forget to "Apply Changes" after entering "PLOAM Password" and "GPON SN"
"GPON SN" from stock ONU is not used
We're using VLAN untagging at GPON module. It's also possible to untag VLAN on router side. And this is required if you want to use IPTV and VoIP which served through different VLAN IDs (200 and 300 in my case). But this setup will be much more complicated so I don't cover it.

Before applying changes for "Vendor ID" an lower fields you need to recalculate "MACKEY" by using Python script downloaded earlier or manually:

echo -n "hsgq1.9aFFFFFF000000" | md5sum

Where FFFFFF000000 is a "MAC ID", letters in upper case.

After all, go to "Commit and Reboot" page and click "Commit and Reboot".

If everything is OK you will see "O5" status in "PON" page after module reboot.

Also this module can be set up using CLI (all extra hacks available only from CLI). Telnet to module address, login and enter following (text after # is comment):

flash set SUSER_PASSWORD "<new admin password>"
flash set VLAN_CFG_TYPE 1
flash set VLAN_MANU_MODE 1
flash set VLAN_MANU_TAG_VID 100 # VLAN ID from stock ONU
flash set GPON_PLOAM_FORMAT 0
flash set GPON_PLOAM_PASSWD 00000000000000000000
flash set GPON_SN "<MAC ID from stock ONU>"
flash set PON_VENDOR_ID "HWTC"
flash set OMCI_SW_VER1 "TKI_1.00_R936" # software version from stock ONU status page
flash set OMCI_SW_VER2 "TKI_1.00_R936" # software version from stock ONU status page
flash set GPON_ONU_MODEL "GM203-7" # "Model No" from stock ONU
flash set HW_HWVER "J1" # "H/W Ver." from stock ONU
flash set OUI "7c5259" # first 6 chars of "MAC ID" of stock ONU
flash set ELAN_MAC_ADDR "<MAC ID from stock ONU>"
flash set MAC_KEY "<MAC KEY calculated from MAC ID>"
flash set HW_SERIAL_NO "<S/N from stock ONU>"
reboot

Setting up Mikrotik (again)

This part can be skipped if you use mediaconverter. In this case just switch to automatic address assignment via DHCP or connect it to router's WAN port.

Now we only have to set up DHCP client for "sfp1" port.

In "WebFig" -> "IP" -> "DHCP client" select "defconf" config (should be only one).

Change "Interface" to "sfp1" and click "Apply".

If everything is OK you should have internet access.

CLI command:

/ip dhcp-client set 0 interface=sfp1

Summary

Is replacement worth it? I made measurements via SpeedTest. First one - with stock ONU. Second one - after replacement.

As you can see upload speed increased dramatically. Download speed now matches tariff limits. Latencies during upload and download also dramatically decreased.

So my opinion - such replacement worth it. And due to "universality" of GPON module it can be easily used with another ISP.

Useful links

https://hack-gpon.org - resource about PON technology and devices hacking
https://github.com/Anime4000/RTL960x - repository with results of researches and hacking of RTL960x-based PON devices