ATT Uverse RG Bypass (0.2 BTC)

GPz1100

@snelly  Given my results with the dumb switch, I don't think vlan 0 plays much of a role if any.

Are you doing your testing in a VM or bare metal?  If the former, make sure the nics (or vswitches) are in promiscuous mode.  On my esxi setup, even with the dumb switch, I had to enable the following to make the mac spoofing work.  I don't have promiscuous mode on because there's no eap traffic.

https://i.imgur.com/AactcPF.png

snelly

I'm doing my work on a Netgate 8-port router running PFSense.  The dumb switch is an interesting idea but I wonder if they can really handle bidirectional, line-rate gigabit traffic flows.

bulldog5

How long does the dumb switch method work for before it wants a reauth?

pyrodex

@bulldog5:

How long does the dumb switch method work for before it wants a reauth?

Mine work with a TPL2000 switch for about a year and I think my switch is failing personally since I started experiencing packet loss issues. I did the IP passthrough method on my BGW210 and seeing if that resolves the issues before moving back over to another switch or moving the ports around.

nathanbradshaw

I've been following this thread with a lot of interest - I also have AT&T fiber 1gbit/1gbit and would love to bypass the RG unit with pfSense hardware.

I agree we're getting very close, and the remaining issue is VLAN0 support under FreeBSD.

I'm not capable of doing much dev in this area, although I have a Netgate SG-3100 and would be happy to assist with testing.

I also have an older Netgate APU4 pfSense hardware router.  If it is useful to anyone working on this solution, I would be happy to mail it to you - just reply or email me.

bulldog5

@nathanbradshaw:

I've been following this thread with a lot of interest - I also have AT&T fiber 1gbit/1gbit and would love to bypass the RG unit with pfSense hardware.

I agree we're getting very close, and the remaining issue is VLAN0 support under FreeBSD.

I'm not capable of doing much dev in this area, although I have a Netgate SG-3100 and would be happy to assist with testing.

I also have an older Netgate APU4 pfSense hardware router.  If it is useful to anyone working on this solution, I would be happy to mail it to you - just reply or email me.

I just tried the dumb switch method this evening and got it working with netgear gs105.  However, I had to statically assign my IP to the pfsense WAN, it wouldn't pull anything with DHCP.  What am I doing wrong?  I'm assuming when the lease expires its going to try to re-auth and i'll lose the connection?  My main switch is a procurve 2800 48port. I tried Tagging 3 ports with the same VLAN ID and the modem wouldn't AUTH at all going through there.

GPz1100

^^Try it with a basic dumb switch.

bulldog5

@GPz1100:

^^Try it with a basic dumb switch.

I did? a netgear GS105 is an unmanaged dumb switch.

GPz1100

Strange.  I've tested this successfully with a cheap dlink 5 port switch and an asus rt-ac68u.  What color is the broadband light flashing on the rgw?

bulldog5

@GPz1100:

Strange.  I've tested this successfully with a cheap dlink 5 port switch and an asus rt-ac68u.  What color is the broadband light flashing on the rgw?

I set my pfsense wan interface MAC to the same as the rgw and left as DHCP. I plug the rgw and ONT in the netgear switch. Let the broadband light go solid green, then unplug the RGW and plug the pfsense WAN nic in. pfsense WAN stays 0.0.0.0, never pulled an IP. So i tried it a 2nd time but used Static and that worked.

GPz1100

I haven't implemented pfsense yet, but under sophos utm it pulls an ip via dhcp within seconds.

Maybe pfsense has some advance options for dhcp that need to be adjusted?

Is your pfsense running baremetal or as a vm?

bulldog5

baremetal

pyrodex

@bulldog5:

@nathanbradshaw:

I've been following this thread with a lot of interest - I also have AT&T fiber 1gbit/1gbit and would love to bypass the RG unit with pfSense hardware.

I agree we're getting very close, and the remaining issue is VLAN0 support under FreeBSD.

I'm not capable of doing much dev in this area, although I have a Netgate SG-3100 and would be happy to assist with testing.

I also have an older Netgate APU4 pfSense hardware router.  If it is useful to anyone working on this solution, I would be happy to mail it to you - just reply or email me.

I just tried the dumb switch method this evening and got it working with netgear gs105.  However, I had to statically assign my IP to the pfsense WAN, it wouldn't pull anything with DHCP.  What am I doing wrong?  I'm assuming when the lease expires its going to try to re-auth and i'll lose the connection?  My main switch is a procurve 2800 48port. I tried Tagging 3 ports with the same VLAN ID and the modem wouldn't AUTH at all going through there.

You have to set your pfSense wan Mac to the Att RG MAC.

bulldog5

@pyrodex:

@bulldog5:

@nathanbradshaw:

I've been following this thread with a lot of interest - I also have AT&T fiber 1gbit/1gbit and would love to bypass the RG unit with pfSense hardware.

I agree we're getting very close, and the remaining issue is VLAN0 support under FreeBSD.

I'm not capable of doing much dev in this area, although I have a Netgate SG-3100 and would be happy to assist with testing.

I also have an older Netgate APU4 pfSense hardware router.  If it is useful to anyone working on this solution, I would be happy to mail it to you - just reply or email me.

I just tried the dumb switch method this evening and got it working with netgear gs105.  However, I had to statically assign my IP to the pfsense WAN, it wouldn't pull anything with DHCP.  What am I doing wrong?  I'm assuming when the lease expires its going to try to re-auth and i'll lose the connection?  My main switch is a procurve 2800 48port. I tried Tagging 3 ports with the same VLAN ID and the modem wouldn't AUTH at all going through there.

You have to set your pfSense wan Mac to the Att RG MAC.

Please see my previous post – this is the steps i took.

"I set my pfsense wan interface MAC to the same as the rgw and left as DHCP. I plug the rgw and ONT in the netgear switch. Let the broadband light go solid green, then unplug the RGW and plug the pfsense WAN nic in. pfsense WAN stays 0.0.0.0, never pulled an IP. So i tried it a 2nd time but used Static and that worked."

Kaasalisk

I have the same issue, cloned mac set to DHCP and only get 0.0.0.0. setting a static IP works.  I wanted to set it up as dhcp because I think that is what's required to stop the 14 day de-auth issue?

bulldog5

Same reason i'm trying to use DHCP, but nothing. Just tried it again yesterday evening, tried disabling, restarting the WAN interface.

GPz1100

If you have a spare hd, try installing opnsense or sophos utm.  I'm running the latter which is able to acquire ip via dhcp without issue.  Same with using an asus rt-ac68u router (by spoofing mac).

bulldog5

If i'm changing OS, its going to be because the EAP_PROXY works without swapping cables.

Kaasalisk

I purchased a gs105ev2 to do the vlan flop and instantly pulled an IP via DHCP. Now I just have to figure out how to get DHCP6 working so I can use ipv6 too.

bulldog5

so DHCP doesn't work with a dumb switch then. its the vlan tagging playing part of it.