ATT Uverse RG Bypass (0.2 BTC)
-
@t41k2m3 I definitely have it working. Nothing to do extra. I'm using the beta version 2.7.
2.7.0-DEVELOPMENT (amd64)
built on Mon Jan 02 06:04:33 UTC 2023
FreeBSD 14.0-CURRENTAnd actually you don't need pfatt anymore at all. I don't even run it anymore. If you have gpon you just need a certain sfp+ plug, if you have xgspon (which I have, the 5gbps) you can purchase a fiber modem clone it to your current att router and you are good. I don't use the bgw320-505 ont/modem combo anymore.
-
Yeah, that feature request is to allow VLAN0 traffic and that is now working in 23.01 and 2.7. You can connect to an ISP that sends priority tagged DHCP replies and they will be passed. You will be able to pull a lease.
That doesn't mean the authentication stuff that AT&T required has changed. If your WAN still requires that you still need the pfatt script to make it happen. At least for now.
Internally we are testing with bridge-to that should make it much easier to accomplish. However if AT&T are removing the need for it that solves the problem anyway.Steve
-
@stephenw10 said in ATT Uverse RG Bypass (0.2 BTC):
Yeah, that feature request is to allow VLAN0 traffic and that is now working in 23.01 and 2.7. You can connect to an ISP that sends priority tagged DHCP replies and they will be passed. You will be able to pull a lease.
That doesn't mean the authentication stuff that AT&T required has changed. If your WAN still requires that you still need the pfatt script to make it happen. At least for now.
Internally we are testing with bridge-to that should make it much easier to accomplish. However if AT&T are removing the need for it that solves the problem anyway.Steve
I have tried this personally using multiple pcp values (0,1,2) and have never been able to get an DHCP lease.
I do have an Intel e1000 based NIC and I have been disabling hwvlanfiltering before attemping to set the PCP value and run the wpa supplicant.
If someone who has done this successfully please post exactly what commands you ran to get it to work.
-
If you're connecting to AT&T and they still require auth then I expect to need the pfatt script.
If you're connecting to one of the other ISPs who use priority tagged DHCP where the cut-down script was required that should no longer be necessary in 23.01/2.7.
-
@stephenw10 said in ATT Uverse RG Bypass (0.2 BTC):
If you're connecting to AT&T and they still require auth then I expect to need the pfatt script.
If you're connecting to one of the other ISPs who use priority tagged DHCP where the cut-down script was required that should no longer be necessary in 23.01/2.7.
Thanks Stephen, I tried posting in this thread https://redmine.pfsense.org/issues/12070 asking Christopher Cope to share what he used to get att bypass working without netgraph but he hasn't responded yet and I can't find anyway to reach out to him directly.
If there is a way to get it to work with att there are quite a few people who would love to know.
-
We have a discord that most of the folks from DSLreports have migrated to regarding discussion about AT&T specific bypass methods. There is a working GPON and XGS-PON bypass method. I can't speak much to the GPON method as I have XGS-PON but the XGS-PON method entails simply buying an Azores WAG-D20 and setting a handful of values on it. Once the device gets O5.1 status to the upstream OLT, you can send a DHCP request with the use of Netgraph on pfsense 2.7/23.01.
Hopefully it's not against the rules to post a link to the Discord (dm me if it gets removed): https://discord.gg/6TwFBquMTT
-
@bk150 Let me check out the gpon method and see if it works for me, currently my ONT is terminated in the garage and I have a copper base NIC on my pfsense box so I would require a separate ONT to be able to work with current hardware.
-
@bigjohns97 @stephenw10
thank you for your replies. in this use case (as it seems may be true for others), the old pfatt script with both netgraph and wpa_supplicant for auth continue to work in 23.01.The question as @bigjohns97 indicated is if and how it may work without netgraph (running wpa auth directly on WAN with no other devices involved). Unless the VLAN 0 new feature does not actually work as initially described, in which case that would be good to clarify.
-
@bk150 discord link says invite expired, is there another way to join?
-
@bigjohns97
Hey. Sorry for the confusion over the redmine post. I was mainly confirming the VLAN 0 was working. The bits to get ATT in particular working aren't tied into the GUI yet. There is work being done on that.I am currently running a custom patch that hard codes some of the values for testing purposes, so it requires manual editing for each setup and isn't production ready yet.
-
@ccope Thanks, if you ever need someone to test a possible implementation of this let me know :)
-
Hey All!
Just wanted to clear up some confusion I'm seeing in these last few posts.
-
AT&T is definitely not removing the need for 802.1X. There just happens to be another workaround that, for some, has eliminated the need.
-
We definitely still need the script for 802.1X, but the desire is to remove the netgraph portions that previously enabled VLAN 0 communication, and use the new native methods. This is the piece a few of us are struggling with.
Hope it helps!
-
-
@bk150 said in ATT Uverse RG Bypass (0.2 BTC):
We have a discord that most of the folks from DSLreports have migrated to regarding discussion about AT&T specific bypass methods. There is a working GPON and XGS-PON bypass method. I can't speak much to the GPON method as I have XGS-PON but the XGS-PON method entails simply buying an Azores WAG-D20 and setting a handful of values on it. Once the device gets O5.1 status to the upstream OLT, you can send a DHCP request with the use of Netgraph on pfsense 2.7/23.01.
Hopefully it's not against the rules to post a link to the Discord (dm me if it gets removed): https://discord.gg/6TwFBquMTT
Did some research on this and this doesn't help me as I don't have XGS-PON nor do I have a newer 320 Att supplied RG. If I should ever upgrade to multi-gig service which would require a 320 based integration ONT/RG then I would have to do these GPON stick tricks and upgrade my NIC hardware on my PfSense box to accommodate. Even after that I would still be left having to send wpa_supplicant based authentication over VLAN 0.
At the end of the day we still have to send 802.1x over VLAN 0 which is what historically netgraph has been used for and what we are trying to get away from if possible with this new 2.7 PfSense implementation.
-
@bigjohns97 with the 2.7 devel you don't have to use netgraph anymore. The supplicant is completely unnecessary. The only part you need is the netgraph if you choose not to use 2.7
-
I have the azore wagd20, there are no certs needed. Netgraph is only for vlan0 detection. Once you clone your device to your router. There is not authentication necessary except for AT&t verifying the MAC address
-
https://www.balticnetworks.com/products/azores-1x-10gbe-1x-2-5gbe-intel-based-xgspon-ont
This shows xgspon which to my understanding is not compatible with old gpon installs.
-
@bigjohns97 Yes, that's correct for the xgspon, for regular gpon, all you need is a device with a sfp+ and to change the fiber connected at the ont.
-
@bigjohns97 Help me decide on this product: 2.5GBase-T SFP RJ45 Copper Module, Wiitek 2.5Gb Gigabit SFP to RJ45 Transceivers 100m, Compatible for Cisco SFP-2.5G-T, TP-Link Switch (Have to Pluginto The 2.5G SFP Port) https://a.co/d/j9k53Mscolored text
-
@untamedgorilla @bigjohns97 .. Just a reminder some people using the GPON SFP are still needing to do 802.1X auth, which requires a script still.
-
@nedyah700 it no longer requires authentication. That's what they have found. Certs are completely unnecessary now. What it was is that some connectors didn't connect at the 2.5gig that the ont uses. But people found out which connectors actually can work and the one I posted earlier is one of the ones that can work. You can literally plug it straight into your PF sense if you have 2.7 and it will get a wan IP. If you don't use 2.7 you have to use net graph to get it to get the vlan0 ip