Carrying VoIP from bridge-mode HGU (Movistar) to pfSense

Introduction

An HGU (which is a device that integrates ONT and router) from Movistar has been changed to work in bridge mode in a SOHO environment, and now the main router/firewall is a pfSense router as in the following topology (this is the same topology used on how to access Movistar/O2 HGU GUI from pfSense):

To understand the new topology, we must be aware that Movistar as an ISP uses the following VLANs to carry different types of traffic. The data and voice VLANs used can be seen in the following table:

In its normal operation, the three VLANs (aka triple-VLAN), 6 for data, 3 for VoIP and 2 for IPTV are carried over the fiber optic cable via GPON and onto the HGU's fiber optic port:

The router then divides this "raw" traffic into the three services or VLANs.

When the HGU is set to bridge-mode, only the data VLAN (VLAN 6) is bridged (which we should call a semi-bridge mode), untagged.

This "semi-bridging" itself means VLANs 3 and 2 are "terminated" at the HGU which still handles VoIP and IPTV services, respectively. But it no longer handles the VLAN 6 (data) services, instead bridging it to the Ethernet LAN ports, where you can connect another device, in this case a pfSense device, which is the one that will handle the PPPoE session formerly handled by the HGU.

The reason for calling this configuration a "semi-bridge" instead of a full bridge, is that only VLAN 6 is bridged. The other 2 VLANs (VoIP and IPTV) are not bridged and are still kept/managed at the HGU.

An independent ONT + router setup would need another configuration that the one explained in this post. An ONT works by default as a full bridge.

The configuration of the HGU router as a semi-bridge device is very simple and there are a lot of tutorials on the Internet (will make an easy tutorial of this on this site, just for completion, and will link it here).

Now onto the configuration needed on pfSense to make an analog phone work as if it was connected to the "Telf" RJ-11 port of the HGU.

Static routing configuration

The tutorial How to access Movistar/O2 HGU GUI from pfSense must be followed prior to continuing with the next steps, as we need connectivity to the HGU LAN.

If we access the web GUI of the HGU at 192.168.1.1, we will see at the advanced configuration routing section, that there are some static routes associated with the VoIP service:

These static routes must be added on the pfSense router with a next-hop address of 192.168.1.1 (which is the HGU device).

This can be done on the pfSense web GUI at System > Routing > Static Routes:

Beware that the next-hop address must be the HGU LAN gateway we had already defined:

Verification

For this verification section I will reuse the topology for the Configuring Cisco SPA122 to be used with a landline phone [O2 Spain] post, but now with the SPA122 ATA connected directly to a switch on the pfSense LAN, instead of directly connected to the HGU LAN.

At the pfSense web GUI, and on the Diagnostics > States submenu, we can filter by 10.31 and we will see that the IP of the SPA122 ATA adapter on the pfSense LAN (192.168.2.28) is being translated to 192.168.1.2 because we had already configured outbound NAT:

Also note the ports being used: source port 5060 and destination port 5070, which happens to be SIP ports.

Sources:

Modo monopuesto con VOIP e IPTV en el HGU
https://comunidad.movistar.es/t5/Soporte-Fibra-y-ADSL/Modo-monopuesto-con-VOIP-e-IPTV-en-el-HGU/td-p/4952876

¿Internet y IPTV por router propio y VoIP por router de Movistar?
https://bandaancha.eu/foros/internet-iptv-router-propio-voip-router-1746237

Identificadores VLAN operadores FTTH
https://wiki.bandaancha.st/Identificadores_VLAN_operadores_FTTH

Cómo configurar el router de Movistar en modo bridge
https://naseros.com/2017/08/03/como-configurar-el-router-de-movistar-en-modo-bridge/

hgu en modo Bridge
https://comunidad.movistar.es/t5/Soporte-Fibra-y-ADSL/hgu-en-modo-Bridge/td-p/4716420

Reinicios aleatorios en equipos VSP 4450

Some theory on Ethernet straight-through and crossover cabling for 10BASE-T, 100BASE-TX and 1000BASE-T

Auto MDI-X a prueba: cables straight-through, crossover, hubs, switch y PCs

Autonegotiation and duplex mismatch theory

How to make an RJ45 to RJ45 rollover cable

What is an ATA (Analog Telephone Adapter?

What is the Cisco SPA122 ATA with Router?

Cisco SPA122 factory reset and initial setup

Configuring Cisco SPA122 to be used with a landline phone [O2 Spain]

Configuring Cisco SPA122 to be used with a 56K modem

Getting an Spanish SIP number from Flash Telecom and using it for dial-up connectivity

Using a dial-up modem on Windows 98

Connecting to a BBS using a dial-up connection

Advanced US Robotics 56K modem configuration via AT commands

Reverse telnet theory + practical example

Configuring a modem on the AUX port of a Cisco router for EXEC dial-in connectivity

Reset Cisco Aironet 1700 Series LAP to factory defaults

Configuring an autonomous Cisco 1700 Series AP via CLI

Converting a Cisco Lightweight Access Point Back to Autonomous Mode

Reset WLC 2504 to factory defaults

Deploy the 2500 Series Wireless Controller

How to access Movistar/O2 HGU GUI from pfSense

Askey RTF3505VW-GV - Docs

Carrying VoIP from bridge-mode HGU (Movistar) to pfSense

OSPF lab

Carrying VoIP from bridge-mode HGU (Movistar) to pfSense

Introduction

Static routing configuration

Verification