Rpi zero usb ethernet to pfsense
-
There is no way to do that I know of.
pfSense can only route traffic to interfaces it knows about and that's mostly Ethernet. If you're not using Ethernet then it has to appear as some other interface type such as PPP or PPPoE.
That's the only way to avoid using the rndis adapter I can imagine.It looks like the Pi Zero can appear as a virtual com port also so you could potentially run some PPP connection across it. pfSense can cope with vanishing com ports far better, that's how 3g/4g modems appear.
Steve
-
well like how pfsense generates and routes it own localhost traffic if some how we can achieve this then it would be possible but lets see what i find or else having to create interfaces is the only option i guess
-
Internal routing between processes etc is very different to over USB.
I honestly think your best bet here is some varient of PPP connection unless you want to hack around with the code to make the virtual Ethernet connection work as you need it to.
It can work. You get the exactly the same deal with a tethered phone for example. There are a few threads detailing that for iphone and Android.
Steve
-
even if i use a ppp or serial connection etc i still need to initially create a interface in pfsense right? rpi can also emulate serial so in that case also a virtual com port will appear in pfsense to which i need to assign a interface then bridge to lan.
usb Ethernet mode would be better i guess compared to serial
-
the last option being connecting a wifi dongle to the rpi but i have tried that and it lags thats y i was trying this USB Ethernet method
-
You could potentially create a PPP connection via the virtual com port and then assign that. pfSense can cope with that disappearing since that's how many (now older) 3g devices appear.
A real USB/Ethernet adapter connected to the Pi would probably be better than USB wifi or emulated USB ethernet.
Steve
-
Why don't you just buy a dongle for the pi zero. I don't recall the one I got off the top of my head for mine.. But will take a look at it when get home.. I currently do not have it connected to anything or would look remotely.. But my zero is currently sitting in a cup on my desk at home ;) I needed its sd card for something else and have not gotten around to replacing and bringing it back up ;)
I will look in my my amazon orders to see if I can find out… BRB
edit: found it
https://smile.amazon.com/gp/product/B00RM3KXAU
Plugable USB 2.0 OTG Micro-B to 10/100 Fast Ethernet Adapter for Windows Tablets & Raspberry Pi Zero (ASIX AX88772A chipset) -
Yup. That. ^
I mean it's probably less fun…. but it will work much better!
Steve
-
Well to my testing the emulated Ethernet is very reliable so far, gives good speeds compared to a actual USB Ethernet adapter, btw I have a rpi zero w with built-in Wi-Fi but the drivers are a bit broken on it and I have reported it to the devs so till they fix I was trying this fun thing. The wifi drivers for the built-in Wi-Fi chip give inconsistent ping and network speeds and I need to run freeswitch on this for a project, a USB wifi dongle performs much better but I wanted to try this emulated Ethernet and it's good and gives almost no lag in calls through freeswitch.
-
Sounds great - could you provide some sort of guide or howto on how you got this up and running.. Be willing to give it a go on my pi zero..
-
sure, give me some time till i write down all the steps, will post it here soon
-
here r the steps but i have a few issues which i will mention below but for a start to configure the rpi zero as a RNDIS gadget using the otg port do the following:
in the /boot/config.txt add the below
dtoverlay=dwc2
in the /boot/cmdline.txt add the below after the part it says rootwait
modules-load=dwc2,g_ether g_ether.dev_addr=8e:7a:7e:37:6f:bb g_ether.host_addr=8e:7a:7e:37:6f:aa
the first problem im facing is it assigns the proper mac id to itself but the host mac id doesnt apply when connecting this to pfsense but it does when connecting to a windows machine so this causes pfsense to always see this device changing mac ids when the rpi reboots
then what i did was assign this adapter in interfaces to opt1 and enabled it with ip set to none and later bridged it to LAN and under rules added a UDP pass rule for DHCP to pass through.
the second issue is the rpi still isnt taking a ip from dhcp on LAN, i tried setting a static ip but still from LAN i cant ping it nor the rpi can ping anything on LAN
-
regarding pfsense not reading the actual mac that the rndis gadget supplies i was told on the rpi firmware github page to use g_ether.use_eem=0 but that too also doesnt work, on researching a bit found out its a driver issue in freebsd and quiet a few discussion on it already
-
regarding freebsd not reading mac id the devs there provided a patch to test but i have no clue on how to integrate it into pfsense, can some1 provide some help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220852
-
You would need to recompile the urndis module in FreeBSD and import it again to test in pfSense. Though you could test in FreeBSD directly instead.
I find it interesting that your device appears to be using the cdce driver. Connecting my Nexus 4 in a similar way gives log messages:
Apr 14 22:00:02 kernel ugen0.4: <lge>at usbus0 (disconnected) Apr 14 22:00:02 kernel ugen0.4: <lge>at usbus0 Apr 14 22:00:02 kernel urndis0: <rndis communications="" control="">on usbus0 Apr 14 22:00:02 kernel ue0: <usb ethernet="">on urndis0 Apr 14 22:00:02 kernel ue0: Ethernet address: 4a:aa:0d:9a:9b:59</usb></rndis></lge></lge>
Steve
-
Well this is raspberry pi so maybe the code is different to Nexus 4.
I can try it in freebsd directly but that patch provided isn't in the release so how do I add that and recompile and test, any guide would be helpful as I'm a beginner to this.
-
It's been a while but as I recall it should be pretty straight forward.
Bring up a FreeBSD 10.3 VM (or a real machine, whatever) and include the source code during the install.
Edit the five lines into the code at /usr/src/sys/dev/usb/net/if_urndis.c. It's only 5 lines so you can probably just edit them in manually or fetch and merge the .diff file.
Then go to: /usr/src/sys/modules/usb/urndis and run: make
The new modules should appear in that folder. You can sftp it out and into pfSense as you did with the original module.
Steve
-
thanks for the help, which location do i copy this module in pfsense or do i need to copy anywhere and add an entry to load it on boot?
-
i loaded up freebsd 11 in VM then added the patch and compiled and the resulting if_rndis.ko file i copied over to pfsense and loaded it on boot using the loader.conf file but im still seeing the same behavior
Enter an option: ugen0.2: <linux 4.9.37+="" with="" 20980000.usb=""> at usbus0 cdce0: <rndis communications="" control=""> on usbus0 cdce0: No valid alternate setting found device_attach: cdce0 attach returned 6 cdce0: <rndis ethernet="" data=""> on usbus0 cdce0: faking MAC address ue0: <usb ethernet=""> on cdce0 ue0: Ethernet address: 2a:c9:1a:f8:7f:00</usb></rndis></rndis></linux>
to check if the module i loaded from pfsense shell i typed kldload /boot/modules/if_urndis.ko and it says
kldload: can't load /boot/modules/if_urndis.ko: module already loaded or in kern el
so im a bit confused if my compiled ko is being used or the in kernel one in pfsense, if u think the above is correct shall i report it to the dev on freebsd that the patch doesnt work?
-
The if_urnidis kernel module is not included with pfSense either in the kernel or as a loadable module so if you are seeing that it means you have copied it across to the correct place (/boot/modules) and loaded it correctly at boot time with a line in loader.conf.local.
If that was the module created with the patched code rather than whatever you had there before then it looks like the patch did not work.
It still concerns me that the device created is cdce0 and not urndis0. It looks to me as though it's not even using the urndis driver. What happens if you remove the module entirely and boot without it?
Steve