Google fibre network notes
Google Fiber account
An incognito window/tab must be used if using Google Chrome to reach the fiber
account because, otherwise, the Google identity in force in your Chrome session
will poison your ability to reach your fiber account.
http://googlefiber.com/myfiber
To change your credit card, you'll see the first page, Google fiber ,
list links:
MANAGE PROFILE
MANAGE BILL
MANAGE PLAN
Click MANAGE BILL , then click MANAGE PAYMENT METHODS .
I struggled for two weeks and 4 support engineers to get port-forwarding set up.
This is becuase I had too much respect for them to do stuff behind their back.
I did take the leap of performing a software reset of the router; this accomplished
nothing. Finally, I told the last one that I'd like to do a hard-reset of the
router before giving up and returning to Comcast. He told me "Yes, I usually
recommend using the red reset button on the device. Hold it down for 10 seconds."
Really? Given that I explained the problem and jumped through the same hoops under
the auspices of 4 engineers, none of the reached the conclusion that a hard reset
would be the answer until I suggested it myself?
I had not done this because I feared it would destroy whatever they set up in
the firmware when the original installer came out, and because they hadn't told
me to do it, I figured I shouldn't go around them. So much for blind respect!
12 June 2020: anothet network outage
Last night, my network was in tatters. I first thought it might be the Google
box, but, this morning, I reran some of the patch cables and it works fine.
I don't have Julene working yet (usually via Lorien), but here's how the rest
of my morning has gone so far:
I unplugged the patch cable from Russell's Den and plugged directly into
the Google box. It comes from the black, TPLink router.
gondolin works, eno1 is 192.168.0.100 ,
which is right (see /etc/hosts ).
gondolin strikes me as slower, especially the browser.
I added a blue patch cable from Russell's Den to Google box.
I cannot reach HP 5520 for scanning now.
Printing worked at MX492LAN once, I sent another job which is in queue,
but not printing.
I can reach Plex tol-eressea and nargothrond from a
browser on gondolin .
Upstairs televison gets Disney+, Netflix, etc., but on Plex, nothing is
available.
I'm operating on the assumption that the big, black TPLink router is
broken.
I disconnected the large, grey patch cable going to the small, GREENnet
hub from the black TPLing router and plugged it directly into the last
available slot of the Google box. I'm hoping to get the remainder of the
network up (including wireless access points).
Some observations:
Slack on gondolin gets no connection.
Thunderbird is fine.
Unable to browse to lds.org .
Random sites I try to get to in the browser can be reached.
Oddly enough, I can reach javahotchocolate.com ,
which can reach, for the locus communis notes, the JavaScript
code that supports the menuing I'm using.
I can reach bitbicket.org ; I can interact with it via
git .
I am able to open a Google Drive document that Moray shared reached
from a link in e-mail, so mail.google working.
The Perfect Search Corporation VPN no longer connects. Reconnecting,
I see:
russ@gondolin ~/.pki $ sudo openvpn ./helen.acme.com.ovpn
Fri Jun 12 09:00:51 2020 WARNING: file 'client-rbateman-key.pem' is group or others accessible
Fri Jun 12 09:00:51 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 19 2019
Fri Jun 12 09:00:51 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username:rbateman
Enter Auth Password:
Fri Jun 12 09:01:03 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jun 12 09:01:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]199.192.164.75:1194
Fri Jun 12 09:01:03 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 12 09:01:03 2020 UDP link local: (not bound)
Fri Jun 12 09:01:03 2020 UDP link remote: [AF_INET]199.192.164.75:1194
Fri Jun 12 09:01:03 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Jun 12 09:02:03 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jun 12 09:02:03 2020 TLS Error: TLS handshake failed
Fri Jun 12 09:02:03 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Jun 12 09:02:03 2020 Restart pause, 5 second(s)
Fri Jun 12 09:02:08 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jun 12 09:02:08 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]199.192.164.75:1194
Fri Jun 12 09:02:08 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 12 09:02:08 2020 UDP link local: (not bound)
Fri Jun 12 09:02:08 2020 UDP link remote: [AF_INET]199.192.164.75:1194
I'm unable to update software: the Synaptic Update Manager cannot
download all repository indices.
(I have not bounced gondolin yet.)
I can reach tol-eressea via ssh , but, from there, I'm
unable to get updates (5 packages are pending). it says that it cannot
reach Ubuntu's bionic archive.
Ditto for tuonela and Ubuntu's xenial archive.
From tuonela Slack is unable to connect as well.
Host /etc/hosts files...
...typically look like this. This is gondolin 's:
127.0.0.1 localhost
127.0.1.1 gondolin
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.0.100 gondolin static IP
192.168.0.101 tol-eressea static IP
192.168.0.102 tuonela static IP
192.168.0.131 nargothrond DHCP
Menegroth (192.168.0.1) port-forwarding
Short-circuited, turned off.
ID
Port
IP Address
Protocol
Status
1 80 192.168.0.101
TCP Enabled
2 22 192.168.0.101
TCP Enabled
3 32400 192.168.0.101
TCP Enabled
July 2017: I terminate the Google Box' use as a wireless access point...
To get into manage the Google Box, the interface has completely changed again.
This is annoying and one of the reasons I no longer try to manage anything I
don't have to like port-forwarding using it.
In browser, go to 192.168.1.1, the address of the Google Box.
Click Visit my Fiber .
Sign in...
Click the Fiber Account button.
Select the NetworkM menu on the left side.
Once I finished mucking around to figure out how to turn it off by...
Clicking Wi-Fi network to turn off.
Under Advanced → Admin , click RESTART NETWORK BOX .
At this point, I had lost my port forwarding (which has changed too). Here's what
I set up:
...and my TP-LINK router:
Plex Media server hiccup 8 July 2015
I experienced a Plex Media server-down event, perhaps as early as the evening of 6 July. It's
difficult to tell because we consume from inside the LAN, so unless the server hardware or software
is down, we're up. However, those outside may lose connection because of Google Fibre's Network
Box. It's hard to diagnose or know unless I'm outside, but then I can't fix it.
I've put the Plex application on my phone, but when I connect inside the house, it decides to go
through wireless, which again, puts me on the LAN. Then what I do is kill my phone's wireless
connection forcing it to use the phone's data services. That way I know whether it's really up or
down.
In my case right now, it's down.
Always revising instructions to get into Network Box...
Because Google keeps changing how this works.
To get to customer support, use this link:
https://fiber.google.com/myfiber/account .
Log in using your Google password, the same one you use to do mail.
Look for Customer Support, call, chat or email us and click.
However, to get to Network Box, do this:
Click the Network tab at page's top,
In Network Box Settings , click Network Box Advanced Interface → Enabled
The box expands, copy the password presented and click Go to Network Box Advanced
Interface .
Log in; the User name is "admin" and you replace the dots in Password with
what you just copied.
At this point, you can refer to the section entitled, "Soft-reset, but entirely rethought on
26 May 2015."
Resetting Google's Network Box
At this point, everything looks okay, but Plex isn't on-line. So what can I do, but reset?
Go to the System tab.
Click the Maintenance subtab.
Click OK to the question, "Are you sure you want to reboot GFRG?"
This is a soft reset; it shouldn't change my configurations as taking a paper clip to back of the
Network Box itself would.
Still failing
I see tol-eressea is still off-line for Plex according to my cell phone (whereas two others
I'm subscribed to are available). I'm going to have to think of something else.
Cogitating...
Description
Seen from inside LAN as
Notes
Google Network Box 192.168.1.1
TP-LINK Router 192.168.0.1 Seen by Network Box as 192.168.1.2
Still cogitating...
Maybe this is on Plex' end. The problem is that I don't have anyone standing by to verify that what
I see from my phone, which I have been counting on to diagnose this problem. I went to Plex in my
browser.
http://plex.tv
I sign in.
I click the big orange, Launch button.
Click Settings (the pile of tools in the top bar toward the right).
Then I click Server .
Then, Remote Access
Here I found a red-circled checkmark, which I investigated. It seems I need to authenticate, which
I did. Then it changed to a green checkmark. I rechecked my phone and I have access. This can't be
the solution to anyone but me.
So, I'm left wondering...
Why Helene was complaining about access last Monday evening?
Why, from work, I could not reach my Plex Media server via browser today?
Soft-reset, but entirely rethought on 26 May 2015
This will be the last time, I hope. Today, Jacob showed me that he had found a way to turn the
Google Network Box into nothing more than a modem allowing me to use my own router. I've been using
my own router all along. Jacob came across this solution last fall by trial and error: you cannot
"Google" and find it, it's not in any documents and Google support isn't going to tell you how to
do it.
What creates this problem is that Google Fiber is simply in beta, in three cities, with beta
hardware like the Network Box, and a beta organization. So Google doesn't have the system baked yet
and their support engineers don't have the bandwidth to work with other than mundane customer who
aren't trying to do what I am doing (serve up webpages, Plex Media, ssh into home, etc.).
One problem of instability has been how I've been doing the port-forwarding. Google support had me
forwarding, as shown in snapshots elsewhere on this page, but more or less reproduced here:
HTTP - TCP Any → 80
SSH - TCP Any → 22
Plex - TCP Any → 32400
This had the result of forwarding everything over TCP to ports 80, 22 and 32400 letting the
router sort it all out. Yeah, but that's what Google support told me to do.
What we did this time...
Go into the Network Box, there's an easier way, just go to
192.168.1.1
instead of
https://fiber.google.com/myfiber/account .
Go to Home (tab) Network Overview .
Ensure that the TP-LINK router is the only device connected to Google Network Box. You
should see something like this:
In the Services tab, IP Address Distribution , you should see something like
We went into Services → Firewall . This is where the real work is done.
Then into Port Forwarding . Here is where we tossed all the existing, broken settings.
Our goal is to tell Network Box to forward all TCP and UDP traffic from any port through to
the TP-LINK router on the same port.
Click to create a New Entry .
Establish Local Host as the TP-LINK router. This device should be listed in
the Add... drop-down.
Establish the Protocol as User Defined since you will not see
TCP in the drop-down list.
The previous action gets you a new page where you click on the plus sign under
Action to establish New Server Ports .
There you can set:
Protocol to TCP .
Source Ports to Any .
Destination Ports to Any .
Click OK .
Then do the same for UDP protocol. You should see something like this:
Click OK again.
Establish the Forward to Port setting as Same as Incoming Port .
Ensure that Schedule is Always .
Finally, click OK .
You should see something that looks like this:
Click Apply , Refresh and OK . This should get you up and
going.
We turned off wireless because my TP-LINK router is already a good one of those and having two
has confused everyone.
Soft-reset on 21 May 2015
Here we go again. And have I said that in 20 years of subscribing to various ISPs
I have never had the incessant troubles that I have with Google? And, they've
changed the port-forwarding interface again, making it even harder to use because
more obscure. They don't let you name the forwarded port any more, so I can't label
it "ssh" and "Plex Media server."
Use the steps here, just below to reach port forwarding.
While getting in, Google will reset the Network Box as a result of that
"yellow-background alert" thing that takes a couple of minutes. That appears
to be when Google updates the software on the Network Box and that's how you
get a worse and worse interface.
Click Services , then Firewall . This is where Port Forwarding
is now.
Click Port Forwarding tab. Make stuff look like below:
Hard-reset again in March 2015
Here are the steps this time.
Go to
https://fiber.google.com/myfiber/account/ .
Click on Network .
Click on Network Box .
Click on Enabled .
Copy the password bRjhEHDDthnW .
Click Save .
Click OK (there's a page screw-up, you might have to scroll, adjust, whatever
I saw a yellow-background alert, "Your Network Box is updating. This may take a couple of minutes."
I waited a bit.
This put me back at step #3.
Let's start back with step #5 above.
Copy the password bRjhEHDDthnW
Click button Go to Network Box Advanced Interface .
Click "Continue to Advanced Network Settings".
Log in, user admin / password bRjhEHDDthnW .
Click System tab.
Click WAN Status (to see IP address).
Click Services .
Click Port Forwarding tab.
Now I'm going to do a hard-reset. I used a paper clip which I held down on the
reset button for a long-ish cound of 10.
I waited for the lighting to recover. (The Ethernet ports on the back of the
router show activity.
I went back to my desktop and began to repeat steps 1-5 (second set).
After step 6, the browser went out to lunch on 192.168.1.1.
It came back and I clicked "Continue to Advanced Network Settings."
I went to set up Port Forwarding.
Reaching your Google fiber Network Overview page
Logging into the Advanced Network Interface is a matter of user
admin and a special password given when you enable that capability.
On those pages you can see everything of value.
Browse to
https://fiber.google.com/myfiber/account/
In the upper-right corner, click the Network tab.
Click Network Box .
In Network Box Settings , click Enabled button to
enable Network Box Advanced Interface .
Record the username (always admin ) and the password, something
like bRjhEHDDthnW .
Click the Go to Network Box Advanced Interface button.
Under Advanced network settings , enter admin
where it says "User name," clear the password and enter the one
recorded from the previous instruction.
Click the blue Login button.
The IP address Google assigns you (via DHCP)
To see this, reach the Advanced Interface page described in the
steps above. Then navigate to System →WAN Status
and,
under WAN Ethernet , look at IP Address .
You can also see there the default gateway and two DNS server addresses.
Note that under WAN Fiber , you'll see Status: Down .
Ignore this as meaningless.
Network Box administration paths
To get to these, go to Google fibre .
Content
Path
Notes
Network Overview
Home | Network Overview
Wireless point and connections, attached devices and connections
Firewall
Services | Firewall
Security overview, port forwarding and connection list
IP Address Distribution
Services | IP AddressDistribution
Device names and addresses
Overview
System | Overview
Up time
Users (admin account)
System | Users
WAN Status
System | WAN Status
MAC, IP, DNS addresses, etc.
WAN Status
System | WAN Status | WAN Ethernet
Specifically the public IP address assigned by DHCP
Sequence of action before calling Google
Power off the tiny, white fiber box that couples the fiber cable to
our category-5 cable. Power back on after 30 seconds. Wait to see the
indicator light change from red to flashing red to solid blue. Solid
blue indicates nominal condition.
Power off the large, black router. Power back on after 30 seconds. Look
at the long, thin light on the front of the cabinet to see it become
solid blue. Verify that the RJ-45 connectors on the back are all flashing
green and happy—all, that is, that are connected to happy computers
on the other end.
Examine computer hosts and try things that demonstrate they're connecting.
Examine the network configuration report:
# ifconfig
If necessary, bounce the network interface to see if it connects:
# ifconfig eth0 down
# ifconfig eth0 up
Manage wireless access point
The wireless access point is in fact your black Google router box.
Go to the Google fiber Network Overview page for
your network.
Please note that there are two, 5GHz and 2.4GHz, but they appear as a
single option to your house guests. Unless you know what you're doing,
don't much with these as being different.
Click Wireless near top of page.
Next to the Virtual Access Points at the bottom of the page, to the extreme
right of what's likely entitled,
Data - Wireless 802.11an Access Point , under Action ,
Click Edit (the pencil icon).
Change the name under which your wireless access point shows up for
wireless devices in your house.
Security —should be WPA2.
Pre-Shared Key —the password you tell your house guests.
You should make this challenging to guess. It cannot contain spaces or
special characters, only upper- and lowercase alphabetic and numeric.
Once finished, click Apply , then OK (or Cancel ).
How to establish that a host has a static IP address
Of course, we're talking about a static IP address on the LAN (behind the
firewall).
Go to the Google fiber Network Overview page for
your network.
Near the top, click Services .
A bit lower, above Firewall , click
IP Address Distribution .
Click Data LAN Bridge .
Find the device (computer) whose IP address you wish to make static, or,
if not listed, click New IP Reservation .
Under Action , click Edit (the pencil icon)
Enter the hostname as Description .
For Criteria choose Static Lease Type .
Type in the MAC Address .
(How to get this on Linux)
Type in the static IP address you'd like this node to have on the LAN.
Click OK .
Set this on your (Linux) host.
How to administrate LAN
Go to
https://fiber.google.com/myfiber/network/#
Click Network Overview in upper-lefthand corner.
This gives you a list of devices connected to the wireless and another of
devices connected via hard Ethernet cabling. About the devices have names that
are useless.
How to administrate wireless
This is done with an exceedingly cryptic password that you don't invent
yourself.
Go to
https://fiber.google.com/myfiber/network/#
Sign in (Google log-in with [email protected] )
See MyFiber page.
Click Network link in upper-right corner.
On page is "Network Box," click that.
Enable Advanced Interface.
See username admin and weird password; record password.
Go to
http://192.168.1.1 and use admin/weird password to get in.
How to set up port-forwarding
First we were looking at mucking with DNS, but that failed.
Go to Advanced network settings
Services
Dynamic DNS
New Dynamic DNS Entry
See drop-down list. Ugh, this is ugly.
No! ...
In the end, all we did was port-forwarding. To get there...
Find My Fiber.
Click Network (at far right near top).
Click on Network Box .
Copy password for admin user.
Click on Network Box Advanced Interface .
Log in using admin/copied password.
Click on Services .
Down to the top-center of the page, click on Port Forwarding .
Use red X to delete port or pencil to edit.
To configuring port forwarding, you can click New Entry , but
you must know the name of the computer which isn't likely to be the
one you know. If the computer is already in the list, click on its
left on Network Object and record its name just under "Local
Host."
Or, if it's already in the list, just click on Network Object
then below under the existing port, add a new one.
If you just want to add a New Entry , clicking there, then using the
drop-down Local Host Add... , you won't find your computer.
Instead, click on Overview , then squint for the name, which most of
the time won't be a real hostname, but you'll have to screw around in this
maze of interfaces to infer what Google thinks your computer's name is.
Once you've found that, look for Physical Address under the list
you get by clicking IP Address Distribution .
This is nasty, but what can you do?
Name the service, something like "Plex Media server."
Click New Server Ports .
Choose protocol (likely TCP).
Source Ports: choose Single , then fill in 32400.
Destination Ports: choose Single , the fill in 12943.
Click OK .
Click OK again unless you wish to add yet another port mapping.
(I mapped port 22 to 2222.)
Using New Entry
None of this ever really worked...
Find your computer, probably a hardware address, in the Local Host
Add... drop-down. If you got the right one, then the screen
changes and you see the (idiot) name Google thinks your computer is called
on the new page.
Select Protocol , likely User Defined .
Now you intersect the steps immediately above this section.
In the end, all we did was port-forwarding. Click on that on this page:
Note how tol-eressea , which has static IP address 192.168.1.101, has
ports 80, 22 and 32400 forwarded. HTTP works. The other two do not.
Setting up static IP address assignment?
Go back to having my own internal router
The idea is to recreate the succesful environment I had with Comcast which
consisted of their cable modem and my own router to manage the network.
So after two weeks, I gave up and bought a TP-LINK Gigabit Router that was
pretty easy to configure. However, it really appears that Google's Network Box
just won't let go. A good hour on a chat with a Google support engineer did not
help either although I think I got some good advice like how to configure
the port-forwarding of a user-defined port (32400 for my Plex Media server).
The Google support guy insisted that I had to open the same holes through
Google's Network Box as I wanted to reach the TP-LINK router. I told him I
just wanted Network Box completely out of the way, but I did set up the
port-forwarding he asked for. At his request, I sent screenshots for him
to verify.
Here are some illustrations:
Ports list...
Ditto, another view...
How to set up a User-defined port. This was more or less the only thing
the Google support guy told me that was new.
After continuing to play with the network all that afternoon and
evening I conceded defeat and made the preliminary determination
to return to Comcast.
State of things...
Internally, everything works identically to pre-Google fiber. All the
hosts I wanted to have static IP addresses have them. My web and
Plex Media server still functions perfectly in-house, but is invisible
outside. Static IP addresses and forwarded ports on the TP-LINK:
The 1 January 2015 outage...
During the night of 31 December to 1 January there was a power outage. Clocks
that were still running said about 2 minutes slower than actual time, so we
figured power was out for that long. We reset the clocks, but didn't check into
the WAN. We used Plex Media all day, but from inside the house (over the LAN).
Later, my father notified me that he couldn't get into his web pages. When I
got around to checking things out, I discovered that we were back in the same
situation as a month ago: no port-forwarding was working. The Network Box
showed this:
It was too late for me to want to stay up to fix it. So I looked into it once
home from work on the 2nd of January. I did a staged reboot of the concentrator
room components:
Powered down all modems, wireless access points, switches and routers.
Brought Google's Network Box on-line, verified status lights.
Brought my router on-line, verified status lights.
Brought my 8-port switch on-line, verified status lights.
Brought my Ooma modem on-line (don't care so much—we don't answer it).
Then, because I don't really care about them, I brought my two (old-speed)
wireless access points on-line, but I didn't fuss to make sure they
were working.
This time, port-forwarding began to work without my needing to reset the
Network Box and re-configure the settings.
The Google Legacy Suite end-of-life and transition...