Sky Fibre to the Cabinet Rollout - PfSense support?

stephenw10

Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).

Steve

dLockers

Whilst the 7800N and the V120 are ADSL modems, that functionality isn't used.

Sky use BT Open Reach modems and then plug them into the switch port of the router, which handles connection via PPPoE.

http://imageshack.us/photo/my-images/818/20120221155404.jpg/

stephenw10

Ah Ok so same as BT Infinity, which sense. Sky don't have their own cabinets in the road.
Presumably though they are using MER instead of PPPoE? (seems like it)

Steve

dLockers

Kind of. Although the option is there, the MAC address doesn't need to be spoofed on the Billion routers to get a connection. It is simply the weird DHCP option number that needs to be resolved!

stephenw10

Indeed it looks like it need to see username and password information in the option 61 field: PPPUsername|PPPPassword

Should be possible. Do you have this service?

Steve

stephenw10

Just reading though the code I'm unsure if you can just set this information in the DHCP hostname field. This seems to be the client identifier but I can't see it labled '61' anywhere. No idea if it would need coding in hex or what.

Steve

canefield

Hi there,

The suggested underneath would more be welcome!
@stephenw10:

The real question seems to be can pfSense send DHCP client options? (specifically 60 and 61)
Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).
Steve

A GUI is always nice. Perhaps already any estimate/building plans?
Is there a building/wishlist availiable? If yes, can somebody move it towards and inform me?

Are there any examples how to configure 'dhclient.conf' in pfSense? Planning to use it soon.

Thx,
Canefield

stephenw10

I believe this can be done with the hostname field already present in the gui. Usually you would leave the hostname empty however if you set an interface (OPT5 here) to dhcp and fill in the field (I used testdhcphost) you then get a custom dhclient conf file. This is generated by pfSense so if you alter it manually it probably won't last long!

/var/etc/dhclient_opt5.conf

interface "fxp0" {
timeout 60;
retry 1;
select-timeout 0;
initial-interval 1;
	send dhcp-client-identifier "testdhcphost";
	send host-name "testdhcphost";

	script "/sbin/dhclient-script";
}

DHCP client identifier is 'option 61'. See: http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml#options

I can't test this since I'm not on Sky. Seems likely to work though.

Steve

dLockers

Thanks Stephen, very helpful. My install date isn't until May 04th, would be good to get some one to test this otherwise I will do it around then.

I assume we could always change the permission of the dhclient_opt5.conf file so it cannot be over written. A dirty fix, but should work at least.

stephenw10

That would be a bad idea since pfSense generates that file at boot or whenever the config is changed. If it couldn't do it for some reason I imagine some errors would result!  ;)
I'm sure a work around in the code that generates it would be relatively easy until something more permanent could be produced. If it's needed.

Steve

sandman06

I am also on sky and currently am using pppoe passthrough via my mode.
I fear that when i do upgrade to fibre my pfsense alix board will become redundant.

Is there a plan for pfsense to implement 1483 MER ?

dLockers

Pfsense supports MER, however we need to determine how to use option 61. The guys at billion have figured it out for their routers.

We simply need a way to add option 61 info to the DHCP that gets sent to the WAN.

sandman06

but on wan dhcp. there is a field for hostname authentication

I assume this is where you can paste the hex key to authenticate

stephenw10

That's what it looks like, yes.
You could check for sure by looking at a packet capture on the interface and see what the dhcp client is sending. Or just wait and try it!

Are either of you on sky already? From reading the forums it looks like they are running both authentication systems in parallel in existing adsl lines.

Steve

sandman06

I haven't ordered it yet, however i am using llu pppoa for normal adsl2+
which uses both methods for authentication either mer/pppoa.

dLockers

@stephenw10:

That's what it looks like, yes.
You could check for sure by looking at a packet capture on the interface and see what the dhcp client is sending. Or just wait and try it!

Are either of you on sky already? From reading the forums it looks like they are running both authentication systems in parallel in existing adsl lines.

Steve

May 4th. There is a guy on another forum who has fibre a little sooner than me, and Pfsense, so i'll pass him the link and see if he has any luck.

dLockers

Hey guys,

So the task has been completed by some clever folks:

–-------------------------------------------------------
WRT54G & Similar running Tomato
Some versions of Tomato support '-c' client ID option (option 61), however others do not. Where 'udhcpcd' supports '-c' then you may enter '-c PPPusername|PPPpassword' in DHCPC options. An alternate method using '-x' to specify additional DHCPC options (incl option 61) may be used. Where '-x' is used the username & password fields must be translated into a HEX string (see below)
It is not necessary to spoof your original Sky router's MAC address in order to obtain an IP address.

1. Convert your PPPusername|PPPpassword string into HEX - I used http://www.string-functions.com/string-hex.aspx
   e.g. 1a2b3c4d5e6f@skydsl|zzc7Zovbt5Fpa7B turns into 31613262336334643565366640736b7964736c7c7a7a63375a6f766274354670613742
2. In 'Advanced->DHCP/DNS DHCPC options enter '-x 61:00' immediately followed by the converted string from above. e.g. '-x 61:0031613262336334643565366640736b7964736c7c7a7a63375a6f766274354670613742' & save.
3. In 'Basic->Network set your network type to DHCP, default MTU & save

---

Does anyone know how I would go about implementing this on PfSense?

stephenw10

That's what I have been basing my speculation on.
To implement this on pfSense you need to enter your "PPPusername|PPPpassword" in the hostname field on the dhcp setup. Try it and see.
You will not have to enter it as HEX since pfSense sends this as '61', client identifier.

Steve

dLockers

Hey Stephen,

Unfortunately I am still without Sky fibre (roll on Friday!) however I may not attempt much messing about as it will cause the DLM (Sky line monitoring) to flag my connection as flapping and then get throttled.

There is an awesome plugin here tho:
http://forum.pfsense.org/index.php?topic=40194.0

That seems to fit the bill exactly to what we need to do to accomplish this if your suggestion doesn't work.

I will be trying to negotiate an MER connection tonight with my current unlimited broadband, however

stephenw10

Yes that mod will definitely do it but it shouldn't be required at the moment. However if Sky subsequently decide to require option 60 as well you can easily do it with that. Nice.  :)

DLM is done based on line disconnection i.e. actually unplugging the modem. There should be no need for you to that to test pfSense. You can leave the Openreach modem connected to the VDSL line and just replace Skys router with pfSense.

Steve