[RndTbl] Issues encountered with the Shaw BlueCurve modem and app

David Milton david at dmilton.ca
Tue Nov 22 15:13:19 CST 2022 

Hi Brian,

I had similar problems with the Blue Curve modem in bridge mode with a firewall however there are additional issues.

1. The modem appears to block various tunnel protocols. I was unable to get an IP-IP tunnel up to Hurricane Electric and I was unable to get a GRE tunnel up to MRnet. So IPv6 is not possible through a tunnelling protocol.

2. If you get an IPv6 delegation it’s broken. You get the RA containing the /56 delegation but another RA which should contain your default route is never sent. That means you have IPv6 addresses but nowhere to forward packets. So IPv6 is not available through a delegation. We ultimately verified this with packet traces and were never able to figure out why my firewall never received the RA containing the interface link and next-hop router. Even explicit RA discovery requests were unanswered. Our final take between myself and the Shaw tech(s) was that IPv6 does not work in bridge mode. In router mode you can get a single /64 which it will configure for use with SLAAC but that takes out my firewall, internal network, and apparently also static IPv6 address assignments.

For me, IPv6 is a requirement, not an option so I was completely unable to use the Shaw service with the Blue Curve modem. I cannot remember exactly but I think at the time I started with a version 6 modem and then given a version 7 modem. Neither worked any different.

I found their support was excellent. I spent numerous hours (better part of two days) working with their support to try and resolve the above issues. The first one is apparently a known problem that dates back _years_! The second issue is also likely a bug in the Blue Curve firmware.

I would be open to virtually any alternative modem but it seems this is the only one Shaw will hand out. Instead I’m using a cable modem from TekSavvy where all of the above works fine over the same cable infrastructure. So the basic cable infrastructure is more than capable but the Blue Curve cable modem is junk.

Cheers,
  Dave.

> On Nov 21, 2022, at 22:31, Brian Lowe <brian2 at groupbcl.ca> wrote:
> 
> Hi all,
> 
> Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
> 
> The intent is to add this as a detailed attachment to a short (paper) letter I intend to send to Paul McAleese, president of Shaw Communications, outlining my disappointment with the BlueCurve service and asking him to follow up with his residential internet division to implement improvements.
> 
> Also, after much discussion with various Shaw technical support departments, it looks like I finally have a way forward:
> 
>  1. Switch out the current WiFi-only TV player device for an older coax unit
>  2. Put the BlueCurve gateway into bridged mode and use the D-Link router Alberto gave me to act as my home router.
> 
> For those willing to wade through its 1,250 words, I'd appreciate any comments you have. Remember, it's intended to be an attachment to the main letter. I'm not expecting Paul McAleese to read through it, although he may glance at it. I am hoping he'll pass it along to the residential internet services division.
> 
> Brian
> 
> 
> Issues Encountered with the Shaw BlueCurve Gateway and App
> 
> * I was supplied with a CGM4141SHW gateway with custom Shaw firmware; the device's Hardware page reports it's a CGM4140COM and the Software page says it's running CGM4140COM_5.3p16s3_PROD_sey.
> 
> * The gateway's built-in DHCP server cannot be disabled. This is a big problem for me because I want to run my own DHCP server that tracks devices to which it has assigned IP addresses, and supplies the IP address of my ad-blocking DNS server instead of Shaw's servers. I've managed a partial work-around by running my own DHCP server along side Shaw's, but giving the Shaw DHCP server a range of only two IP addresses and ensuring both of them are assigned. However, often times my devices end up getting no IP address, Shaw's DNS servers, and a bad default route. (The inability to disable the DHCP server is probably needed for the Shaw BlueCurve Home app to work—much more on that later.)
> 
> * Some very important configuration items on the gateway--SSID and password, port forwarding, DMZ, parental control--are not available through its web interface and must be managed using the Shaw BlueCurve Home app. The app is available only for Apple iOS and Android devices, and specifically not available for Windows, MacOS, or Linux.
> 
> * Using an Apple/Android app is suboptimal because the standard way to configure a modern gateway/router device is to use its built-in web interface. This works for pretty much any modern small computer operating system such as Windows, MacOS, Linux, BSD, legacy UNIX (HP-UX and AIX), VMS, Android, and iOS, because they all have access to capable web browsers. But this is not an option with the CGM4141 because its web interface has been eviscerated.
> 
> * The app is available only on Apple's App Store or (officially) Google Play.  However, the only way to get the app from Google Play is to set up a Google account and link it with an Android device. This is a problem for me because I see Google as a huge user-hostile American advertising company that's not subject   to Canadian privacy laws, and I desire to do as little business with them as possible. To me it is unacceptable that Shaw, a Canadian company, is compelling its customers to business with American companies in order to use basic functionality for its services.
> 
> * There is an unstated assumption that all users have access to a device that will run the app. While it's likely a safe assumption for today's parents and computer-savvy users, as usual it fails to take into account various edge cases:
>     - People who are uncomfortable with smartphones and use a feature phone instead
>     - People who have a supposedly compatible device but its operating system has fallen behind and can't run the app
>     - People who value their privacy and don't want to download an app that can't be audited so see if it's sending information to servers outside of Shaw, or even sending information to Shaw that's not related to the application's use
> 
> * Shaw support can set the SSID and password for the customer, but by policy cannot assist with port forwarding and DMZ issues. For this they always tell the customer to use the app.
> 
> * Additionally, the app has issues:
>     - It's enormous! It weighs in at 204 megabytes, making it one of the largest non-game apps I've ever seen. By comparison:
>         - WhatsApp: 41 MB
>         - Facebook: 56 MB
>         - Instagram: 63 MB
>         - Facebook Messenger: 72 MB
>         - SnapChat: 126 MB
>         - TikTok: 183 MB
>     - As a seasoned programmer, the app's size in relation to its capabilities raises red flags:
>         - It looks like the development team has pulled in a huge number of libraries from all over the Android development ecosystem. I wonder why they used so many libraries instead of developing at least some of the functionality in-house. It makes me wonder about the overall capability of the development team.
>         - The large number of libraries runs the risk of becoming a maintenance nightmare down the road because inevitably some of these libraries will become outdated, deprecated, and possibly disappear altogether.  The development team could end up spending as much time or more trying to keep on top of the library dependencies as they will making improvements to the app.
>     - Bug: Setting port forwarding in the app appeared to work, but packets were not getting through to the forwarded device (more on this 3 points down the list.)
>     - Bug: Attempts to set up a DMZ were consistently met with "We're Having Some Trouble. Please try again. If the problem persists, check back later." (more on this 3 points down the list)
> 
> * On Google Play, complaints about the app are legion:
>     - Overall, the app is buggy, difficult to use, and does not work as advertised
>     - Users are often unable to sign in
>     - App often shows the BlueCurve gateway as being offline when in fact it is not
>     - App forgets configuration options that were previously set
>     - Parental controls are unreliable
>     - A video showing how the app works has not been updated for newer versions
> 
> * Google Play gives the app a score of 3.5/5. Independently, I computed an overall approve/disapprove score based on 1,318 reviews. Reviews with 1, 2, or 3 stars were "disapprove" (even three star reviews had a tendency to point out problems) while 4 and 5 star reviews were "approve." The result was 287 approve and 1,031 disapprove, for an overall disapproval rate of 78%. The average rating from those 1,318 reviews was only 2.1, well below Google's 3.5.
> 
> * Attempts to engage various Shaw support departments on the port forwarding and DMZ portions of the app were consistently met with "Port forwarding/DMZ is something we don't support because we haven't been trained on it," even though the problem I was attempting to report was with the failure of the app to work as advertised.
> 
> * With respect to the port forwarding, it works only when packets arrive on the WAN port; that is, from the internet at large. The gateway is unable to route packets from the local network to the WAN port. It can route to any other available IP address on the internet except for the IP address of the WAN port. Those packets never arrive at their intended destination (confirmed by tcpdump.)
> 
> * Another option is to put the gateway into bridged mode. However, doing so stops the TV player device from working because it uses a special WiFi connection with the gateway, and putting the gateway into bridged mode disables WiFi altogether.
> 
> * A conversation with one Shaw department revealed there would be an additional charge if I wanted to swap out the gateway I was supplied with for a more capable device. From a customer point of view, the company is punishing its customers for being an advanced user. Perhaps that's deliberate: such customers can be difficult to deal with.
> 
> * In the end, it took a considerable amount of time working with various support departments to determine the solution to my problems was the following:
>     - Swap out the WiFi TV player device with one that uses co-ax instead
>     - That done, put the gateway into bridged mode and use a third party WiFi router to regain functionality lost with the BlueCurve gateway
> 
> * The gateway has plenty of firmware space.  It's using only 143 MiB of the 2 GiB available, so there is plenty of room to add advanced functionality.
> 
> 
> 
> 
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca <mailto:Roundtable at muug.ca>
> https://muug.ca/mailman/listinfo/roundtable <https://muug.ca/mailman/listinfo/roundtable>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20221122/b028723f/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://muug.ca/pipermail/roundtable/attachments/20221122/b028723f/attachment-0001.sig>

More information about the Roundtable mailing list