For Aussie users : Getting pfSense to work with Telstra Cable
-
I'm not sure what the problem is, but pfSense doesn't seem to load
BPAlogin. (client required to make Telstra Cable work)…Maybe it was
left off the boot list?The following is a temporary solution.
In WebGUI => Diagnostics => Edit File
Then, paste the following in the entry block...
(we're creating a bpalogin.conf file, I got the contents for this
from the BPAlogin source code for UNIX).**# Default debug level is 1. Values range from 0-2 with 0 being silent
All information goes to the syslog.
#debuglevel 1
The user name you have for your BPA account
username xxxxx
Your BPA password
password xxxxxxxxx
The default auth server is "sm-server" You can override this value, but
you would only do this if you have not set your default domain correctly
in your /etc/resolv.conf
authserver dce-server
You can override the default domain if you have your
resolv.conf set to not include the BPA domains.
Domain is different in every state
qld.bigpond.net.au for Queensland users
nsw.bigpond.net.au for New South Wales users
vic.bigpond.net.au for Victorian users
sa.bigpond.net.au for South Australian users
wa.bigpond.net.au for Western Australian users
authdomain nsw.bigpond.net.au
The loginprog will be executed whenever BPALogin connects successfully
you could have it run a script to start a firewall, etc. The first
parm to the program will be the port number
#connectedprog /etc/rc.d/rc.masq
#disconnectedprog /etc/rc.d/rc.masqIf you want to bind BPALogin to a specific address rather than all
sockets, you can do that here.
#localaddress 0.0.0.0
You can now define the listen port instead of a random port
This will help with firewalls.
localport 5050
Logging can be sent to syslog or stdout.
#logging syslog
Set the minimum heartbeat interval. This can protect against
DoS attacks.
minheartbeatinterval 60
Set the maximum heartbeat interval. Sometimes the DCE server will not
send a heartbeat for a long time (i.e. longer than seven minutes) but
the connection is still open. BPALogin will normally treat this as a
failed connection unless you raise the maximum interval.
#maxheartbeatinterval 420**
Then save this as…
=> /usr/local/etc/bpalogin.confLog-in to your pfSense box (you need keyboard and monitor)
Select the 8th option => ShellChange directory to where bpalogin application resides...
=> cd /usr/sbinRun bpalogin application...
=> bpalogin -c /usr/local/etc/bpalogin.conf
(You're just telling bpalogin where the configuration file is, when it loads.)Now if you look on the STATUS => SYSTEM LOGS, you will see this.
Nov 24 13:28:31 bpalogin[10127]: Logged on as xxxxx - successful at Thu Nov 24 13:28:31 2005
Nov 24 13:28:31 bpalogin[10127]: Listening on port 5050
Nov 24 13:28:31 bpalogin[10127]: Auth host = dce-server.nsw.bigpond.net.au:5050
Nov 24 13:28:31 bpalogin[10127]: BPALogin v2.0.2 - portable BigPond Broadband login clientNow the connection should work with Telstra Cable.
If not, be sure to add filter rules that open port 5050 UDP/TCP on IP of login server.
(say for NSW, its 61.9.192.13 … See the ozcableguy.com link below for the one in your state.)I've talked to Scott about this issue, and I'm willing to help test bpalogin for
pfSense. I think bpalogin was left off the boot list, but not sure...(?)(I'm not in any way a BSD guru. I'm a newbie, but a newbie that likes
to dig around a bit to solve issues). :)PS : If you are not sure what you need to enter for BPAlogin or WebGUI entry...
Look here => http://www.ozcableguy.com/dns.htmlNOTE : This is just a terminology thing...
Login Servers (in link) => Authentication Server (in pfSense)
DNS Suffixes (in link) => Authentication Domain (in pfSense) -
I had a look at this, and it seems bpalogin in fully implemented. What happens when you configure it via gui ?
I don't see anything wrong with the existing code.function interfaces_wan_bigpond_configure($curwanip) { global $config, $g; $bpcfg = $config['bigpond']; if (!$curwanip) { /* IP address not configured yet, exit */ return 0; } /* kill bpalogin */ killbyname("bpalogin"); /* wait a moment */ sleep(1); /* get the default domain */ $nfd = @fopen("{$g['varetc_path']}/defaultdomain.conf", "r"); if ($nfd) { $defaultdomain = trim(fgets($nfd)); fclose($nfd); } /* generate bpalogin.conf */ $fd = fopen("{$g['varetc_path']}/bpalogin.conf", "w"); if (!$fd) { printf("Error: cannot open bpalogin.conf in interfaces_wan_bigpond_configure().\n"); return 1; } if (!$bpcfg['authserver']) $bpcfg['authserver'] = "dce-server"; if (!$bpcfg['authdomain']) $bpcfg['authdomain'] = $defaultdomain; $bpconf = <<<eod<br>username {$bpcfg['username']} password {$bpcfg['password']} authserver {$bpcfg['authserver']} authdomain {$bpcfg['authdomain']} localport 5050 EOD; if ($bpcfg['minheartbeatinterval']) $bpconf .= "minheartbeatinterval {$bpcfg['minheartbeatinterval']}\n"; fwrite($fd, $bpconf); fclose($fd); /* fire up bpalogin */ mwexec("/usr/local/sbin/bpalogin -c {$g['varetc_path']}/bpalogin.conf"); return 0; }</eod<br> -
I agree about the code. I just compared the one you've posted to the M0n0Wall 1.2 code.
They're exactly the same. (They both use interfaces.inc, right?)It must be something else.
When I use WebGUI, I select bigpond for WAN and add the appropriate details.
I click to apply and save the settings.On M0n0Wall 1.2, if you look in the System Logs in the Diagnostics section,
you'll see the entry that bpalogin has initialized and you have successfully logged into the
Telstra network.On pfSense, there's no indication of bpalogin being initialized in System Logs. The only thing
you see is that the DHCP function is working, and you've received your IP, Gateway and the
relevant DNS servers…But no bpalogin!It should be there, appearing in the System Logs. (this occurs when I manually initialize bpalogin)
I know I'm not the only one experiencing this as I noticed that back in October, someone
else have the same issue.Something isn't right, but I'm not sure what it is...I wish I were more knowledgeable with pfSense
or M0n0Wall . >:(Is there a command that allows me to record everything when I boot up or when I change the WAN
from DCHP to bigpond? (I'm hoping we can catch any error messages that could indicate a problem
somewhere). -
See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions. Testers needed!
-
See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions. Testers needed!
Does version 0.94.12 contain the update from cvs? (I just downloaded this, gonna install it)
Or should I use update instructions anyway? (after installing 0.94.12) -
See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions. Testers needed!
Does version 0.94.12 contain the update from cvs? (I just downloaded this, gonna install it)
Or should I use update instructions anyway? (after installing 0.94.12)Yes, it should.
-
This issue has been FIXED in pfSense ver 0.95
NOTE : When setting your pfSense box to work with Telstra Cable, be sure
to put dce-server in the BigPond Authentication Server: entry.Test Setup
Celeron 1.2Ghz
512MB RDRAM
i820 chipset mobo (ASUS P3C-D)
CD-ROM
Floppy
pfSense 0.95 LiveCD
Telstra Broadband Cable -
A sum up of the needed steps can now be found at the faq: http://faq.pfsense.org/index.php?sid=10900&lang=en&action=artikel&cat=10&id=100&artlang=en
Thanky ou aussi_bear :)
-
This is an update.
Telstra have announced plans to DUMP their "heartbeat" solution.
What does this mean for pfSense, M0n0Wall, and any other firewall solution?
It means (when the transition is complete), you no longer need to set pfSense to "bigpond" mode.There will no longer be the need to login via your firewall OR software client. Authentication will be made at the MAC address of the cable modem.
When the change is made (in about 1 to 2 month's time), set your pfsense box to DHCP. (NOT bigpond.)
From a developer's (and a Telstra Cable user's) view, their life is now made easier!
For now, you still need bigpond login client. This should change by the end of September or start of October.
sources:
BigPond Service Announcement
http://www.bigpond.com/edm/crm/2006/1353/1162_M07_migration_eDM.htmDo I need to do anything to maintain my cable connection?
http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/std_adp.php?p_faqid=12138For pfSense Devs, you should drop "bigpond" client by November or so.
-
Thanks for the notification.