Google fibre network notes


Google Fiber account

An incognito window/tab must be used if using Google Chrome to reach the fiber account because, otherwise, the Google identity in force in your Chrome session will poison your ability to reach your fiber account.

http://googlefiber.com/myfiber

To change your credit card, you'll see the first page, Google fiber, list links:

Click MANAGE BILL, then click MANAGE PAYMENT METHODS.



I struggled for two weeks and 4 support engineers to get port-forwarding set up. This is becuase I had too much respect for them to do stuff behind their back. I did take the leap of performing a software reset of the router; this accomplished nothing. Finally, I told the last one that I'd like to do a hard-reset of the router before giving up and returning to Comcast. He told me "Yes, I usually recommend using the red reset button on the device. Hold it down for 10 seconds."

Really? Given that I explained the problem and jumped through the same hoops under the auspices of 4 engineers, none of the reached the conclusion that a hard reset would be the answer until I suggested it myself?

I had not done this because I feared it would destroy whatever they set up in the firmware when the original installer came out, and because they hadn't told me to do it, I figured I shouldn't go around them. So much for blind respect!


12 June 2020: anothet network outage

Last night, my network was in tatters. I first thought it might be the Google box, but, this morning, I reran some of the patch cables and it works fine.

I don't have Julene working yet (usually via Lorien), but here's how the rest of my morning has gone so far:


  1. I unplugged the patch cable from Russell's Den and plugged directly into the Google box. It comes from the black, TPLink router.
  2. gondolin works, eno1 is 192.168.0.100, which is right (see /etc/hosts).
  3. gondolin strikes me as slower, especially the browser.

  4. I added a blue patch cable from Russell's Den to Google box.
  5. I cannot reach HP 5520 for scanning now.
  6. Printing worked at MX492LAN once, I sent another job which is in queue, but not printing.
  7. I can reach Plex tol-eressea and nargothrond from a browser on gondolin.
  8. Upstairs televison gets Disney+, Netflix, etc., but on Plex, nothing is available.
  9. I'm operating on the assumption that the big, black TPLink router is broken.

  10. I disconnected the large, grey patch cable going to the small, GREENnet hub from the black TPLing router and plugged it directly into the last available slot of the Google box. I'm hoping to get the remainder of the network up (including wireless access points).
  11. Some observations:
    • Slack on gondolin gets no connection.
    • Thunderbird is fine.
    • Unable to browse to lds.org.
    • Random sites I try to get to in the browser can be reached.
    • Oddly enough, I can reach javahotchocolate.com, which can reach, for the locus communis notes, the JavaScript code that supports the menuing I'm using.
    • I can reach bitbicket.org; I can interact with it via git.
    • I am able to open a Google Drive document that Moray shared reached from a link in e-mail, so mail.google working.
    • The Perfect Search Corporation VPN no longer connects. Reconnecting, I see:
      russ@gondolin ~/.pki $ sudo openvpn ./helen.acme.com.ovpn
      Fri Jun 12 09:00:51 2020 WARNING: file 'client-rbateman-key.pem' is group or others accessible
      Fri Jun 12 09:00:51 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 19 2019
      Fri Jun 12 09:00:51 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
      Enter Auth Username:rbateman
      Enter Auth Password:
      Fri Jun 12 09:01:03 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
      Fri Jun 12 09:01:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]199.192.164.75:1194
      Fri Jun 12 09:01:03 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
      Fri Jun 12 09:01:03 2020 UDP link local: (not bound)
      Fri Jun 12 09:01:03 2020 UDP link remote: [AF_INET]199.192.164.75:1194
      Fri Jun 12 09:01:03 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
      Fri Jun 12 09:02:03 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Fri Jun 12 09:02:03 2020 TLS Error: TLS handshake failed
      Fri Jun 12 09:02:03 2020 SIGUSR1[soft,tls-error] received, process restarting
      Fri Jun 12 09:02:03 2020 Restart pause, 5 second(s)
      Fri Jun 12 09:02:08 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
      Fri Jun 12 09:02:08 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]199.192.164.75:1194
      Fri Jun 12 09:02:08 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
      Fri Jun 12 09:02:08 2020 UDP link local: (not bound)
      Fri Jun 12 09:02:08 2020 UDP link remote: [AF_INET]199.192.164.75:1194
      
    • I'm unable to update software: the Synaptic Update Manager cannot download all repository indices.
    • (I have not bounced gondolin yet.)
  12. I can reach tol-eressea via ssh, but, from there, I'm unable to get updates (5 packages are pending). it says that it cannot reach Ubuntu's bionic archive.
  13. Ditto for tuonela and Ubuntu's xenial archive.
  14. From tuonela Slack is unable to connect as well.

Host /etc/hosts files...

...typically look like this. This is gondolin's:

127.0.0.1	localhost
127.0.1.1	gondolin

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.0.100 gondolin      static IP
192.168.0.101 tol-eressea   static IP
192.168.0.102 tuonela       static IP
192.168.0.131 nargothrond   DHCP

Menegroth (192.168.0.1) port-forwarding

Short-circuited, turned off.

ID Port IP Address Protocol Status
1 80 192.168.0.101 TCP Enabled
2 22 192.168.0.101 TCP Enabled
3 32400 192.168.0.101 TCP Enabled



July 2017: I terminate the Google Box' use as a wireless access point...

To get into manage the Google Box, the interface has completely changed again. This is annoying and one of the reasons I no longer try to manage anything I don't have to like port-forwarding using it.

  1. In browser, go to 192.168.1.1, the address of the Google Box.
  2. Click Visit my Fiber.
  3. Sign in...
  4. Click the Fiber Account button.
  5. Select the NetworkM menu on the left side.

Once I finished mucking around to figure out how to turn it off by...

  1. Clicking Wi-Fi network to turn off.
  2. Under Advanced → Admin, click RESTART NETWORK BOX.

At this point, I had lost my port forwarding (which has changed too). Here's what I set up:

...and my TP-LINK router:


Plex Media server hiccup 8 July 2015

I experienced a Plex Media server-down event, perhaps as early as the evening of 6 July. It's difficult to tell because we consume from inside the LAN, so unless the server hardware or software is down, we're up. However, those outside may lose connection because of Google Fibre's Network Box. It's hard to diagnose or know unless I'm outside, but then I can't fix it.

I've put the Plex application on my phone, but when I connect inside the house, it decides to go through wireless, which again, puts me on the LAN. Then what I do is kill my phone's wireless connection forcing it to use the phone's data services. That way I know whether it's really up or down.

In my case right now, it's down.

Always revising instructions to get into Network Box...

Because Google keeps changing how this works.

To get to customer support, use this link: https://fiber.google.com/myfiber/account.

  1. Log in using your Google password, the same one you use to do mail.
  2. Look for Customer Support, call, chat or email us and click.

However, to get to Network Box, do this:

  1. Click the Network tab at page's top,
  2. In Network Box Settings, click Network Box Advanced Interface → Enabled
  3. The box expands, copy the password presented and click Go to Network Box Advanced Interface.
  4. Log in; the User name is "admin" and you replace the dots in Password with what you just copied.
  5. At this point, you can refer to the section entitled, "Soft-reset, but entirely rethought on 26 May 2015."

Resetting Google's Network Box

At this point, everything looks okay, but Plex isn't on-line. So what can I do, but reset?

  1. Go to the System tab.
  2. Click the Maintenance subtab.
  3. Click OK to the question, "Are you sure you want to reboot GFRG?"

This is a soft reset; it shouldn't change my configurations as taking a paper clip to back of the Network Box itself would.

Still failing

I see tol-eressea is still off-line for Plex according to my cell phone (whereas two others I'm subscribed to are available). I'm going to have to think of something else.

Cogitating...

Description Seen from inside LAN as Notes
Google Network Box 192.168.1.1
TP-LINK Router 192.168.0.1 Seen by Network Box as 192.168.1.2

Still cogitating...

Maybe this is on Plex' end. The problem is that I don't have anyone standing by to verify that what I see from my phone, which I have been counting on to diagnose this problem. I went to Plex in my browser.

  1. http://plex.tv
  2. I sign in.
  3. I click the big orange, Launch button.
  4. Click Settings (the pile of tools in the top bar toward the right).
  5. Then I click Server.
  6. Then, Remote Access

Here I found a red-circled checkmark, which I investigated. It seems I need to authenticate, which I did. Then it changed to a green checkmark. I rechecked my phone and I have access. This can't be the solution to anyone but me.

So, I'm left wondering...

  1. Why Helene was complaining about access last Monday evening?
  2. Why, from work, I could not reach my Plex Media server via browser today?

Soft-reset, but entirely rethought on 26 May 2015

This will be the last time, I hope. Today, Jacob showed me that he had found a way to turn the Google Network Box into nothing more than a modem allowing me to use my own router. I've been using my own router all along. Jacob came across this solution last fall by trial and error: you cannot "Google" and find it, it's not in any documents and Google support isn't going to tell you how to do it.

What creates this problem is that Google Fiber is simply in beta, in three cities, with beta hardware like the Network Box, and a beta organization. So Google doesn't have the system baked yet and their support engineers don't have the bandwidth to work with other than mundane customer who aren't trying to do what I am doing (serve up webpages, Plex Media, ssh into home, etc.).

One problem of instability has been how I've been doing the port-forwarding. Google support had me forwarding, as shown in snapshots elsewhere on this page, but more or less reproduced here:

HTTP - TCP Any → 80
SSH  - TCP Any → 22
Plex - TCP Any → 32400

This had the result of forwarding everything over TCP to ports 80, 22 and 32400 letting the router sort it all out. Yeah, but that's what Google support told me to do.

What we did this time...

  1. Go into the Network Box, there's an easier way, just go to 192.168.1.1 instead of https://fiber.google.com/myfiber/account.

  2. Go to Home (tab) Network Overview.

  3. Ensure that the TP-LINK router is the only device connected to Google Network Box. You should see something like this:

  4. In the Services tab, IP Address Distribution, you should see something like

  5. We went into Services → Firewall. This is where the real work is done.

  6. Then into Port Forwarding. Here is where we tossed all the existing, broken settings.

  7. Our goal is to tell Network Box to forward all TCP and UDP traffic from any port through to the TP-LINK router on the same port.
    1. Click to create a New Entry.
    2. Establish Local Host as the TP-LINK router. This device should be listed in the Add... drop-down.
    3. Establish the Protocol as User Defined since you will not see TCP in the drop-down list.
    4. The previous action gets you a new page where you click on the plus sign under Action to establish New Server Ports.
    5. There you can set:
      1. Protocol to TCP.
      2. Source Ports to Any.
      3. Destination Ports to Any.
      4. Click OK.
      Then do the same for UDP protocol. You should see something like this:

    6. Click OK again.
    7. Establish the Forward to Port setting as Same as Incoming Port.
    8. Ensure that Schedule is Always.

    9. Finally, click OK. You should see something that looks like this:

    10. Click Apply, Refresh and OK. This should get you up and going.

  8. We turned off wireless because my TP-LINK router is already a good one of those and having two has confused everyone.

Soft-reset on 21 May 2015

Here we go again. And have I said that in 20 years of subscribing to various ISPs I have never had the incessant troubles that I have with Google? And, they've changed the port-forwarding interface again, making it even harder to use because more obscure. They don't let you name the forwarded port any more, so I can't label it "ssh" and "Plex Media server."

  1. Use the steps here, just below to reach port forwarding.
  2. While getting in, Google will reset the Network Box as a result of that "yellow-background alert" thing that takes a couple of minutes. That appears to be when Google updates the software on the Network Box and that's how you get a worse and worse interface.
  3. Click Services, then Firewall. This is where Port Forwarding is now.
  4. Click Port Forwarding tab. Make stuff look like below:


Hard-reset again in March 2015

Here are the steps this time.

  1. Go to https://fiber.google.com/myfiber/account/.
  2. Click on Network.
  3. Click on Network Box.
  4. Click on Enabled.
  5. Copy the password bRjhEHDDthnW.
  6. Click Save.
  7. Click OK (there's a page screw-up, you might have to scroll, adjust, whatever
  8. I saw a yellow-background alert, "Your Network Box is updating. This may take a couple of minutes."
  9. I waited a bit.
  10. This put me back at step #3.

Let's start back with step #5 above.

  1. Copy the password bRjhEHDDthnW
  2. Click button Go to Network Box Advanced Interface.
  3. Click "Continue to Advanced Network Settings".
  4. Log in, user admin / password bRjhEHDDthnW.
  5. Click System tab.
  6. Click WAN Status (to see IP address).
  7. Click Services.
  8. Click Port Forwarding tab.

Now I'm going to do a hard-reset. I used a paper clip which I held down on the reset button for a long-ish cound of 10.

  1. I waited for the lighting to recover. (The Ethernet ports on the back of the router show activity.
  2. I went back to my desktop and began to repeat steps 1-5 (second set).
  3. After step 6, the browser went out to lunch on 192.168.1.1.
  4. It came back and I clicked "Continue to Advanced Network Settings."
  5. I went to set up Port Forwarding.

Reaching your Google fiber Network Overview page

Logging into the Advanced Network Interface is a matter of user admin and a special password given when you enable that capability. On those pages you can see everything of value.

  1. Browse to https://fiber.google.com/myfiber/account/
  2. In the upper-right corner, click the Network tab.
  3. Click Network Box.
  4. In Network Box Settings, click Enabled button to enable Network Box Advanced Interface.
  5. Record the username (always admin) and the password, something like bRjhEHDDthnW.
  6. Click the Go to Network Box Advanced Interface button.
  7. Under Advanced network settings, enter admin where it says "User name," clear the password and enter the one recorded from the previous instruction.
  8. Click the blue Login button.

The IP address Google assigns you (via DHCP)

To see this, reach the Advanced Interface page described in the steps above. Then navigate to System →WAN Status and, under WAN Ethernet, look at IP Address.

You can also see there the default gateway and two DNS server addresses.

Note that under WAN Fiber, you'll see Status: Down. Ignore this as meaningless.


Network Box administration paths

To get to these, go to Google fibre.

Content Path Notes
Network Overview Home | Network Overview Wireless point and connections, attached devices and connections
Firewall Services | Firewall Security overview, port forwarding and connection list
IP Address Distribution Services | IP AddressDistribution Device names and addresses
Overview System | Overview Up time
Users (admin account) System | Users
WAN Status System | WAN Status MAC, IP, DNS addresses, etc.
WAN Status System | WAN Status | WAN Ethernet Specifically the public IP address assigned by DHCP

Sequence of action before calling Google
  1. Power off the tiny, white fiber box that couples the fiber cable to our category-5 cable. Power back on after 30 seconds. Wait to see the indicator light change from red to flashing red to solid blue. Solid blue indicates nominal condition.
  2. Power off the large, black router. Power back on after 30 seconds. Look at the long, thin light on the front of the cabinet to see it become solid blue. Verify that the RJ-45 connectors on the back are all flashing green and happy—all, that is, that are connected to happy computers on the other end.
  3. Examine computer hosts and try things that demonstrate they're connecting. Examine the network configuration report:
    # ifconfig
    
    If necessary, bounce the network interface to see if it connects:
    # ifconfig eth0 down
    # ifconfig eth0 up
    

Manage wireless access point

The wireless access point is in fact your black Google router box.

  1. Go to the Google fiber Network Overview page for your network.
  2. Please note that there are two, 5GHz and 2.4GHz, but they appear as a single option to your house guests. Unless you know what you're doing, don't much with these as being different.
  3. Click Wireless near top of page.
  4. Next to the Virtual Access Points at the bottom of the page, to the extreme right of what's likely entitled, Data - Wireless 802.11an Access Point, under Action, Click Edit (the pencil icon).
  5. Change the name under which your wireless access point shows up for wireless devices in your house.
  6. Security —should be WPA2.
  7. Pre-Shared Key —the password you tell your house guests. You should make this challenging to guess. It cannot contain spaces or special characters, only upper- and lowercase alphabetic and numeric.
  8. Once finished, click Apply, then OK (or Cancel).

How to establish that a host has a static IP address

Of course, we're talking about a static IP address on the LAN (behind the firewall).

  1. Go to the Google fiber Network Overview page for your network.
  2. Near the top, click Services.
  3. A bit lower, above Firewall, click IP Address Distribution.
  4. Click Data LAN Bridge.
  5. Find the device (computer) whose IP address you wish to make static, or, if not listed, click New IP Reservation.
  6. Under Action, click Edit (the pencil icon)
  7. Enter the hostname as Description.
  8. For Criteria choose Static Lease Type.
  9. Type in the MAC Address. (How to get this on Linux)
  10. Type in the static IP address you'd like this node to have on the LAN.
  11. Click OK.
  12.  
  13. Set this on your (Linux) host.

How to administrate LAN
  1. Go to https://fiber.google.com/myfiber/network/#
  2. Click Network Overview in upper-lefthand corner.

This gives you a list of devices connected to the wireless and another of devices connected via hard Ethernet cabling. About the devices have names that are useless.


How to administrate wireless

This is done with an exceedingly cryptic password that you don't invent yourself.

  1. Go to https://fiber.google.com/myfiber/network/#
  2. Sign in (Google log-in with [email protected])
  3. See MyFiber page.
  4. Click Network link in upper-right corner.
  5. On page is "Network Box," click that.
  6. Enable Advanced Interface.
  7. See username admin and weird password; record password.
  8. Go to http://192.168.1.1 and use admin/weird password to get in.

How to set up port-forwarding

First we were looking at mucking with DNS, but that failed.

  1. Go to Advanced network settings
  2. Services
  3. Dynamic DNS
  4. New Dynamic DNS Entry
  5. See drop-down list. Ugh, this is ugly.
  6. No! ...

In the end, all we did was port-forwarding. To get there...

  1. Find My Fiber.
  2. Click Network (at far right near top).
  3. Click on Network Box.
  4. Copy password for admin user.
  5. Click on Network Box Advanced Interface.
  6. Log in using admin/copied password.
  7. Click on Services.
  8. Down to the top-center of the page, click on Port Forwarding.
  9. Use red X to delete port or pencil to edit.

To configuring port forwarding, you can click New Entry, but you must know the name of the computer which isn't likely to be the one you know. If the computer is already in the list, click on its left on Network Object and record its name just under "Local Host."

Or, if it's already in the list, just click on Network Object then below under the existing port, add a new one.

If you just want to add a New Entry, clicking there, then using the drop-down Local Host Add..., you won't find your computer. Instead, click on Overview, then squint for the name, which most of the time won't be a real hostname, but you'll have to screw around in this maze of interfaces to infer what Google thinks your computer's name is. Once you've found that, look for Physical Address under the list you get by clicking IP Address Distribution.

This is nasty, but what can you do?

  1. Name the service, something like "Plex Media server."
  2. Click New Server Ports.
  3. Choose protocol (likely TCP).
  4. Source Ports: choose Single, then fill in 32400.
  5. Destination Ports: choose Single, the fill in 12943.
  6. Click OK.
  7. Click OK again unless you wish to add yet another port mapping.
  8. (I mapped port 22 to 2222.)

Using New Entry

None of this ever really worked...

  1. Find your computer, probably a hardware address, in the Local Host Add... drop-down. If you got the right one, then the screen changes and you see the (idiot) name Google thinks your computer is called on the new page.
  2. Select Protocol, likely User Defined.
  3. Now you intersect the steps immediately above this section.

In the end, all we did was port-forwarding. Click on that on this page:

Note how tol-eressea, which has static IP address 192.168.1.101, has ports 80, 22 and 32400 forwarded. HTTP works. The other two do not.


Setting up static IP address assignment?


Go back to having my own internal router

The idea is to recreate the succesful environment I had with Comcast which consisted of their cable modem and my own router to manage the network.

So after two weeks, I gave up and bought a TP-LINK Gigabit Router that was pretty easy to configure. However, it really appears that Google's Network Box just won't let go. A good hour on a chat with a Google support engineer did not help either although I think I got some good advice like how to configure the port-forwarding of a user-defined port (32400 for my Plex Media server).

The Google support guy insisted that I had to open the same holes through Google's Network Box as I wanted to reach the TP-LINK router. I told him I just wanted Network Box completely out of the way, but I did set up the port-forwarding he asked for. At his request, I sent screenshots for him to verify.

Here are some illustrations:

Ports list...

Ditto, another view...

How to set up a User-defined port. This was more or less the only thing the Google support guy told me that was new.

After continuing to play with the network all that afternoon and evening I conceded defeat and made the preliminary determination to return to Comcast.

State of things...

Internally, everything works identically to pre-Google fiber. All the hosts I wanted to have static IP addresses have them. My web and Plex Media server still functions perfectly in-house, but is invisible outside. Static IP addresses and forwarded ports on the TP-LINK:


The 1 January 2015 outage...

During the night of 31 December to 1 January there was a power outage. Clocks that were still running said about 2 minutes slower than actual time, so we figured power was out for that long. We reset the clocks, but didn't check into the WAN. We used Plex Media all day, but from inside the house (over the LAN).

Later, my father notified me that he couldn't get into his web pages. When I got around to checking things out, I discovered that we were back in the same situation as a month ago: no port-forwarding was working. The Network Box showed this:

It was too late for me to want to stay up to fix it. So I looked into it once home from work on the 2nd of January. I did a staged reboot of the concentrator room components:

  1. Powered down all modems, wireless access points, switches and routers.
  2. Brought Google's Network Box on-line, verified status lights.
  3. Brought my router on-line, verified status lights.
  4. Brought my 8-port switch on-line, verified status lights.
  5. Brought my Ooma modem on-line (don't care so much—we don't answer it).
  6. Then, because I don't really care about them, I brought my two (old-speed) wireless access points on-line, but I didn't fuss to make sure they were working.

This time, port-forwarding began to work without my needing to reset the Network Box and re-configure the settings.


The Google Legacy Suite end-of-life and transition...