Rpi zero usb ethernet to pfsense
-
raspberry pi zero has a USB otg port and if configured properly can work as a RNDISEthernet Gadget when the module is loaded, my question is i have connected it to pfsense and it displays as a usb Ethernet gadget and i can assign that in interfaces also and that works fine but my aim is to configure it such that pfsense sees it as a workstation so can get a ip from dhcp on the lan nic but the only difference is this rpi wont connect using a Ethernet jack but using usb directly to pfsense so is this possible?
like how we can share the internet connection from windows machine to this USB Ethernet adapter can we do the same in pfsense coz i find usb Ethernet speeds to be much better than connecting a wifi dongle to the rpi zero
-
Yes that is possible.
You can assign the RNDIS interface and then enable it and enable a DHCP server on it to give the Pi an IP.
You could try bridging the interface to LAN if you want it on the same subnet. You might have to add rules to pass the DHCP requests.
The problem with doing this is that pfSense is not setup to have one of its interfaces disappear during normal run-time. If the Pi is disconnected or the goes to sleep or USB/Ethernet driver crashes pfSense may behave unpredictably. It will certainly have a problem as shipped if you boot it without the Pi attached. It will dump you at the interfaces assign screen on the console as it will have an invalid assignment in the config. It's possible to exclude ue NICs from the boot check but its a hacky workaround and still may lead to unpredictable behaviour.
Steve
-
well i did assign a interface to the RNDIS gadget and bridged it to LAN but the problem u mentioned stands plus the RNDIS mac id keeps changing so my plan was to find a way to not use the RNDIS gadget as a interface but using some software like a client nic but over USB so pfsense can see it as a workstation on the LAN similar to how u plug a PC to the LAN nic, no idea if this is even possible.
-
What you're describing is exactly what it's doing. The Pi is running a driver that makes it look like a USB Ethernet device.
You can spoof the MAC address in pfSense to get around the fake MAC generated by the driver whcih, as you say, changes.
You can add the ue interface type to the list here to prevent it being checked at boot if that's the issue you're seeing: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.inc#L2156
Potentially you might try running a PPPoE connection there where the changing MAC wouldn't matter. You woul still need to start the PPPoE server on the USB ethernet device though and that may not be present. It may get past some of the issues though.
Otherwise you might try having it appear as a serial port and running a PPP link. No idea if that's possible with the Pi. ;)
Steve
-
actually there r 2 parts to this, it generates 2 mac ids, one is host mac id and second is the rpi device mac id so im guessing it creates like a virtual wire link between the 2 using the USB cable.
yes i understand it creates like a USB Ethernet device and i managed to get it to use fixed mac ids for host and dev mac ids so thats solved, my point was trying to avoid it creating a host mac id which would appear to pfsense, probably something i can run on pfsense which avoids to create an interface on pfsense and then deal with dhcp/bridge on it.
what i was looking for was run some emulation on pfsense etc where it can use the RDNIS from rpi and route internet to the rpi through it but to pfsense it appears as if the traffic is coming through its LAN nic.
the rpi zero will be powered through the usb port on pfsense so chances r less that the rpi will be powered off at all, there could be crashes but i tried with a PC for days and it works without any issues
-
There is no way to do that I know of.
pfSense can only route traffic to interfaces it knows about and that's mostly Ethernet. If you're not using Ethernet then it has to appear as some other interface type such as PPP or PPPoE.
That's the only way to avoid using the rndis adapter I can imagine.It looks like the Pi Zero can appear as a virtual com port also so you could potentially run some PPP connection across it. pfSense can cope with vanishing com ports far better, that's how 3g/4g modems appear.
Steve
-
well like how pfsense generates and routes it own localhost traffic if some how we can achieve this then it would be possible but lets see what i find or else having to create interfaces is the only option i guess
-
Internal routing between processes etc is very different to over USB.
I honestly think your best bet here is some varient of PPP connection unless you want to hack around with the code to make the virtual Ethernet connection work as you need it to.
It can work. You get the exactly the same deal with a tethered phone for example. There are a few threads detailing that for iphone and Android.
Steve
-
even if i use a ppp or serial connection etc i still need to initially create a interface in pfsense right? rpi can also emulate serial so in that case also a virtual com port will appear in pfsense to which i need to assign a interface then bridge to lan.
usb Ethernet mode would be better i guess compared to serial
-
the last option being connecting a wifi dongle to the rpi but i have tried that and it lags thats y i was trying this USB Ethernet method
-
You could potentially create a PPP connection via the virtual com port and then assign that. pfSense can cope with that disappearing since that's how many (now older) 3g devices appear.
A real USB/Ethernet adapter connected to the Pi would probably be better than USB wifi or emulated USB ethernet.
Steve
-
Why don't you just buy a dongle for the pi zero. I don't recall the one I got off the top of my head for mine.. But will take a look at it when get home.. I currently do not have it connected to anything or would look remotely.. But my zero is currently sitting in a cup on my desk at home ;) I needed its sd card for something else and have not gotten around to replacing and bringing it back up ;)
I will look in my my amazon orders to see if I can find out… BRB
edit: found it
https://smile.amazon.com/gp/product/B00RM3KXAU
Plugable USB 2.0 OTG Micro-B to 10/100 Fast Ethernet Adapter for Windows Tablets & Raspberry Pi Zero (ASIX AX88772A chipset) -
Yup. That. ^
I mean it's probably less fun…. but it will work much better!
Steve
-
Well to my testing the emulated Ethernet is very reliable so far, gives good speeds compared to a actual USB Ethernet adapter, btw I have a rpi zero w with built-in Wi-Fi but the drivers are a bit broken on it and I have reported it to the devs so till they fix I was trying this fun thing. The wifi drivers for the built-in Wi-Fi chip give inconsistent ping and network speeds and I need to run freeswitch on this for a project, a USB wifi dongle performs much better but I wanted to try this emulated Ethernet and it's good and gives almost no lag in calls through freeswitch.
-
Sounds great - could you provide some sort of guide or howto on how you got this up and running.. Be willing to give it a go on my pi zero..
-
sure, give me some time till i write down all the steps, will post it here soon
-
here r the steps but i have a few issues which i will mention below but for a start to configure the rpi zero as a RNDIS gadget using the otg port do the following:
in the /boot/config.txt add the below
dtoverlay=dwc2in the /boot/cmdline.txt add the below after the part it says rootwait
modules-load=dwc2,g_ether g_ether.dev_addr=8e:7a:7e:37:6f:bb g_ether.host_addr=8e:7a:7e:37:6f:aathe first problem im facing is it assigns the proper mac id to itself but the host mac id doesnt apply when connecting this to pfsense but it does when connecting to a windows machine so this causes pfsense to always see this device changing mac ids when the rpi reboots
then what i did was assign this adapter in interfaces to opt1 and enabled it with ip set to none and later bridged it to LAN and under rules added a UDP pass rule for DHCP to pass through.
the second issue is the rpi still isnt taking a ip from dhcp on LAN, i tried setting a static ip but still from LAN i cant ping it nor the rpi can ping anything on LAN
-
regarding pfsense not reading the actual mac that the rndis gadget supplies i was told on the rpi firmware github page to use g_ether.use_eem=0 but that too also doesnt work, on researching a bit found out its a driver issue in freebsd and quiet a few discussion on it already
-
regarding freebsd not reading mac id the devs there provided a patch to test but i have no clue on how to integrate it into pfsense, can some1 provide some help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220852
-
You would need to recompile the urndis module in FreeBSD and import it again to test in pfSense. Though you could test in FreeBSD directly instead.
I find it interesting that your device appears to be using the cdce driver. Connecting my Nexus 4 in a similar way gives log messages:
Apr 14 22:00:02 kernel ugen0.4: <lge>at usbus0 (disconnected) Apr 14 22:00:02 kernel ugen0.4: <lge>at usbus0 Apr 14 22:00:02 kernel urndis0: <rndis communications="" control="">on usbus0 Apr 14 22:00:02 kernel ue0: <usb ethernet="">on urndis0 Apr 14 22:00:02 kernel ue0: Ethernet address: 4a:aa:0d:9a:9b:59</usb></rndis></lge></lge>Steve
