Skip to content

Technicolor DGA4134 DMZ Gateway

The Technicolor DGA4134 sits between the Trooli ONT and the UniFi Cloud Gateway Ultra (UCG), handling PPPoE authentication and providing DMZ passthrough to the UCG.

Architecture

Internet
    |
    v
+-------------------------------------------------------------+
|                     Trooli ONT                               |
|                   (Fibre Terminal)                           |
+-----------------------------+-------------------------------+
                              | Ethernet
                              v
+-------------------------------------------------------------+
|              Technicolor DGA4134                             |
|                                                              |
|   WAN: PPPoE (98.96.161.226)                                |
|   LAN: 192.168.100.1/24                                     |
|   DMZ: All inbound -> 192.168.100.108                       |
|   WiFi: Disabled                                            |
|   UPnP: Disabled                                            |
+-----------------------------+-------------------------------+
                              | LAN Port -> UCG WAN Port
                              v
+-------------------------------------------------------------+
|              UniFi Cloud Gateway Ultra                       |
|                                                              |
|   WAN (eth4): 192.168.100.108 (DHCP from Technicolor)       |
|   WAN2 (eth3): 92.40.74.157 (Cellular Backup)               |
|   LAN: 10.44.1.1/24                                         |
|   WireGuard: 51821 (hub2 connects here)                     |
+-------------------------------------------------------------+

Why This Setup?

Trooli requires their equipment (or an approved router) to be directly connected for support purposes. The Technicolor handles PPPoE authentication while the UCG remains the network gateway via DMZ passthrough.

Benefits:

  • Trooli can see their router for diagnostics
  • UCG handles all firewall/routing as before
  • DMZ forwards ALL inbound traffic to UCG (no port forwarding needed)
  • Cellular failover still works on UCG

Device Details

Technicolor DGA4134

Property Value
Model DGA4134 (vcnt-j)
Firmware Damson 19.4
LAN IP 192.168.100.1
LAN Subnet 255.255.255.0
DHCP Range 192.168.100.100 - 192.168.100.249
Public IP 98.96.161.226 (via PPPoE)
DMZ Target 192.168.100.108
WiFi Disabled
UPnP Disabled

Access Credentials

Access Method Details
SSH ssh engineer@192.168.100.1
SSH Password Cc62PhaEcgbA
PPPoE Username 1119644@cfsbroadband.co.uk
PPPoE Password aLyFePl2
WiFi SSID 1119644_Trooli.uk (disabled)
WiFi Password yESyZTaS

Access Restriction

The Technicolor only accepts SSH connections from devices on its LAN (192.168.100.x). To access from the main network, SSH via the UCG: 

ssh root@10.44.1.1 "sshpass -p 'Cc62PhaEcgbA' ssh engineer@192.168.100.1 '<command>'"

Configuration Reference

CLI Commands

The Technicolor uses a TR-069 style CLI. Common commands:

# Get a value
get Device.IP.Interface.2.IPv4Address.1.IPAddress

# Set a value
set Device.IP.Interface.2.IPv4Address.1.IPAddress 192.168.100.1

# Apply changes (REQUIRED after set commands)
apply

# List available parameters
getpn Device.IP.Interface. true

# Show system info
showinfo

Key Configuration Paths

Setting Path
LAN IP Device.IP.Interface.2.IPv4Address.1.IPAddress
DHCP Pool Device.DHCPv4.Server.Pool.1.*
DMZ Target uci.firewall.dmzredirect.@dmzredirect.dest_ip
DMZ Enabled uci.firewall.dmzredirect.@dmzredirect.enabled
DMZ Group uci.firewall.redirectsgroup.@dmzredirects.enabled
UPnP Device.UPnP.Device.Enable
WiFi 2.4GHz uci.wireless.wifi-device.@radio_2G.state
WiFi 5GHz uci.wireless.wifi-device.@radio_5G.state
PPPoE User Device.PPP.Interface.1.Username
PPPoE Pass Device.PPP.Interface.1.Password

Current Settings Verification

# Via UCG (from px1 or other node):
ssh root@10.44.1.1 "sshpass -p 'Cc62PhaEcgbA' ssh engineer@192.168.100.1 '
get Device.IP.Interface.2.IPv4Address.1.IPAddress
get uci.firewall.dmzredirect.@dmzredirect.dest_ip
get uci.firewall.dmzredirect.@dmzredirect.enabled
get Device.UPnP.Device.Enable
'"

Troubleshooting

No Internet via Technicolor

  1. Check PPPoE status: 

    ssh engineer@192.168.100.1
top  # Look for pppd process with credentials
ifconfig pppoe-wan  # Should show public IP

  2. Check WAN link: 

    ifconfig eth0.101  # WAN interface

  3. Verify PPPoE credentials: 

    get Device.PPP.Interface.1.Username
# Password won't display but check pppd in 'top'

UCG Not Getting IP from Technicolor

  1. Check UCG WAN interface: 

    ssh root@10.44.1.1 "ip addr show eth4"

  2. Check Technicolor DHCP: 

    get Device.DHCPv4.Server.Pool.1.Enable  # Should be 1
get Device.DHCPv4.Server.Pool.1.MinAddress
get Device.DHCPv4.Server.Pool.1.MaxAddress

  3. Verify physical connection - UCG WAN port to Technicolor LAN port

DMZ Not Working (Inbound Traffic Blocked)

  1. Verify DMZ configuration: 

    get uci.firewall.dmzredirect.@dmzredirect.dest_ip    # Should match UCG IP
get uci.firewall.dmzredirect.@dmzredirect.enabled    # Should be 1
get uci.firewall.redirectsgroup.@dmzredirects.enabled  # Should be 1

  2. Update DMZ if UCG IP changed: 

    # Get current UCG IP
ssh root@10.44.1.1 "ip -br addr show eth4"

# Update DMZ target
set uci.firewall.dmzredirect.@dmzredirect.dest_ip <NEW_IP>
apply

hub2 WireGuard Not Connecting

The hub2 WireGuard tunnel connects to the UCG's public IP on port 51821. If the public IP changes:

  1. Get new public IP: 

    ssh root@10.44.1.1 "curl -s ifconfig.me"

  2. Update hub2 endpoint: 

    ssh hub2 "sudo wg set wg-uk peer b5NUl27Aw4BL5J21df4TBsUGNBIMyV8ObgiE85OL2Vs= endpoint <NEW_IP>:51821"

  3. Persist the change: 

    ssh hub2 "sudo sed -i 's/OLD_IP/NEW_IP/g' /etc/wireguard/wg-uk.conf"

Re-enable WiFi (Emergency Access)

If you need WiFi to access the Technicolor:

# Via UCG
ssh root@10.44.1.1 "sshpass -p 'Cc62PhaEcgbA' ssh engineer@192.168.100.1 '
set uci.wireless.wifi-device.@radio_2G.state 1
set uci.wireless.wifi-device.@radio_5G.state 1
apply
'"
  • SSID: 1119644_Trooli.uk
  • Password: yESyZTaS

Rollback Procedure

To revert to direct UCG PPPoE (bypass Technicolor):

  1. Disconnect Technicolor:
  2. Unplug ONT to Technicolor cable

  3. Unplug Technicolor to UCG cable

  4. Direct connect:

  5. Plug ONT directly into UCG WAN port

  6. Reconfigure UCG WAN:

  7. Change from DHCP to PPPoE
  8. Username: 1119644@cfsbroadband.co.uk
  9. Password: aLyFePl2

  10. MTU: 1492

  11. Update hub2 WireGuard: 

    # Get new UCG public IP and update hub2
ssh hub2 "sudo wg set wg-uk peer b5NUl27Aw4BL5J21df4TBsUGNBIMyV8ObgiE85OL2Vs= endpoint <UCG_PUBLIC_IP>:51821"
ssh hub2 "sudo sed -i 's/CURRENT_IP/NEW_IP/g' /etc/wireguard/wg-uk.conf"

Maintenance

Rebooting Technicolor

ssh engineer@192.168.100.1
reboot

Note

Internet will drop for 1-2 minutes during reboot. Cellular backup will take over.

Checking PPPoE Public IP

# From UCG
curl -s ifconfig.me

# Or check Technicolor directly
ssh engineer@192.168.100.1
ifconfig pppoe-wan | grep "inet addr"

Factory Reset (Emergency)

If the Technicolor becomes inaccessible:

  1. Hold reset button for 10+ seconds
  2. Default IP: 192.168.1.1
  3. Reconfigure all settings from scratch

Setup completed: 2026-01-24 Last verified: 2026-01-24