ATT Uverse RG Bypass (0.2 BTC)
-
@bigjohns97 @stephenw10
thank you for your replies. in this use case (as it seems may be true for others), the old pfatt script with both netgraph and wpa_supplicant for auth continue to work in 23.01.The question as @bigjohns97 indicated is if and how it may work without netgraph (running wpa auth directly on WAN with no other devices involved). Unless the VLAN 0 new feature does not actually work as initially described, in which case that would be good to clarify.
-
@bk150 discord link says invite expired, is there another way to join?
-
@bigjohns97
Hey. Sorry for the confusion over the redmine post. I was mainly confirming the VLAN 0 was working. The bits to get ATT in particular working aren't tied into the GUI yet. There is work being done on that.I am currently running a custom patch that hard codes some of the values for testing purposes, so it requires manual editing for each setup and isn't production ready yet.
-
@ccope Thanks, if you ever need someone to test a possible implementation of this let me know :)
-
Hey All!
Just wanted to clear up some confusion I'm seeing in these last few posts.
-
AT&T is definitely not removing the need for 802.1X. There just happens to be another workaround that, for some, has eliminated the need.
-
We definitely still need the script for 802.1X, but the desire is to remove the netgraph portions that previously enabled VLAN 0 communication, and use the new native methods. This is the piece a few of us are struggling with.
Hope it helps!
-
-
@bk150 said in ATT Uverse RG Bypass (0.2 BTC):
We have a discord that most of the folks from DSLreports have migrated to regarding discussion about AT&T specific bypass methods. There is a working GPON and XGS-PON bypass method. I can't speak much to the GPON method as I have XGS-PON but the XGS-PON method entails simply buying an Azores WAG-D20 and setting a handful of values on it. Once the device gets O5.1 status to the upstream OLT, you can send a DHCP request with the use of Netgraph on pfsense 2.7/23.01.
Hopefully it's not against the rules to post a link to the Discord (dm me if it gets removed): https://discord.gg/6TwFBquMTT
Did some research on this and this doesn't help me as I don't have XGS-PON nor do I have a newer 320 Att supplied RG. If I should ever upgrade to multi-gig service which would require a 320 based integration ONT/RG then I would have to do these GPON stick tricks and upgrade my NIC hardware on my PfSense box to accommodate. Even after that I would still be left having to send wpa_supplicant based authentication over VLAN 0.
At the end of the day we still have to send 802.1x over VLAN 0 which is what historically netgraph has been used for and what we are trying to get away from if possible with this new 2.7 PfSense implementation.
-
@bigjohns97 with the 2.7 devel you don't have to use netgraph anymore. The supplicant is completely unnecessary. The only part you need is the netgraph if you choose not to use 2.7
-
I have the azore wagd20, there are no certs needed. Netgraph is only for vlan0 detection. Once you clone your device to your router. There is not authentication necessary except for AT&t verifying the MAC address
-
https://www.balticnetworks.com/products/azores-1x-10gbe-1x-2-5gbe-intel-based-xgspon-ont
This shows xgspon which to my understanding is not compatible with old gpon installs.
-
@bigjohns97 Yes, that's correct for the xgspon, for regular gpon, all you need is a device with a sfp+ and to change the fiber connected at the ont.
-
@bigjohns97 Help me decide on this product: 2.5GBase-T SFP RJ45 Copper Module, Wiitek 2.5Gb Gigabit SFP to RJ45 Transceivers 100m, Compatible for Cisco SFP-2.5G-T, TP-Link Switch (Have to Pluginto The 2.5G SFP Port) https://a.co/d/j9k53Mscolored text
-
@untamedgorilla @bigjohns97 .. Just a reminder some people using the GPON SFP are still needing to do 802.1X auth, which requires a script still.
-
@nedyah700 it no longer requires authentication. That's what they have found. Certs are completely unnecessary now. What it was is that some connectors didn't connect at the 2.5gig that the ont uses. But people found out which connectors actually can work and the one I posted earlier is one of the ones that can work. You can literally plug it straight into your PF sense if you have 2.7 and it will get a wan IP. If you don't use 2.7 you have to use net graph to get it to get the vlan0 ip
-
@untamedgorilla said in ATT Uverse RG Bypass (0.2 BTC):
@nedyah700 it no longer requires authentication. That's what they have found. Certs are completely unnecessary now. What it was is that some connectors didn't connect at the 2.5gig that the ont uses. But people found out which connectors actually can work and the one I posted earlier is one of the ones that can work. You can literally plug it straight into your PF sense if you have 2.7 and it will get a wan IP. If you don't use 2.7 you have to use net graph to get it to get the vlan0 ip
So if I am understanding what you are saying if I plug in my fiber from the wall right in to my pf router this will work with 23.01. Has anyone tested this yet?
-
@sgc said in ATT Uverse RG Bypass (0.2 BTC):
@untamedgorilla said in ATT Uverse RG Bypass (0.2 BTC):
@nedyah700 it no longer requires authentication. That's what they have found. Certs are completely unnecessary now. What it was is that some connectors didn't connect at the 2.5gig that the ont uses. But people found out which connectors actually can work and the one I posted earlier is one of the ones that can work. You can literally plug it straight into your PF sense if you have 2.7 and it will get a wan IP. If you don't use 2.7 you have to use net graph to get it to get the vlan0 ip
So if I am understanding what you are saying if I plug in my fiber from the wall right in to my pf router this will work with 23.01. Has anyone tested this yet?
Everything I have read so far still states you have to run certificates through WPA on VLAN 0.
-
@untamedgorilla I am and following the discord chat. It's working for me, no certs needed. But, there were at least two people on GPON, who I think were using Lantiq based modules, still needed certs. Maybe they resolved it and I missed it.
-
@nedyah700 Check the pinned messages under the USA #gpon channel and you can see that everyone there says you still have to use the wpa_supp on VLAN 0.
-
This post is deleted! -
I'm using the GPON bypass method with a DFP-34X-2C2 directly in my pfSense 2.4.5 server via a Broadcom BCM57810S SFP card. I have working certs with supplicant method in pfatt.sh. How does this need to be configured to get a DHCP lease on (VLAN 962) now given by the DFP ONT?
I tried setting the ONT_IF="bxe0" which is the NIC of the DFP-34X-2C2 SFP ONT. VLANs don't seem to be enabled until later in the boot process after the wpa_supplicant process, but it obviously wont move forward because it fails EAP Auth.
-
@bulldog5 so if I am understanding what you were trying to do is to stop using the PFAT&T script. And you are still trying to use the script or some type of authorization?