ATT Uverse RG Bypass (0.2 BTC)
-
@bulldog5 sounds like you are looking for the supplicant branch:
https://github.com/aus/pfatt/tree/supplicant
Edit pfatt.sh to use EAP_MODE="supplicant" - that should create a simpler netgraph and call wpa_supplicant.
What netgear switch are you using and does it do outgoing VLAN0 tagging? -
@t41k2m3
I'm using a GS105Ev2 switch currently. This switch handles the VLAN0 fine, which is why the esxi method also works. But i'm running my pfsense on baremetal, so that option doesn't really apply to me. It would be "nice" to eliminate the GS105E in the middle of my ONT and pfsense WAN. I'll give the link you sent a shot and see how it goes. Thanks -
@bulldog5 curious about the config for both pfS and GS105ev2 if you don't mind. Could not get it to work with latest firmware on GS108ev3 and bare metal pfS (should be pretty close to your GS105ev2 setup) - EAP would not go through and no DHCP or anything after. Is your pfS going out on WAN NIC or do you use VLAN (if so what #/priority)? Any special settings on the switch - not much seemed to be configurable beyond 802.1q tagging and (802.1p) CoS of 0?
-
GS105Ev2 settings
VLAN > 802.1Q TAB
Basic 802.1Q VLAN Status:
PORT 1 and 3 are both in VLAN ID 1. Those are my ONT and WAN ports.
Make sure you're not using Port Based and have that Disabled.
-
@bulldog5 is it possible that pfS is doing the tagging (how is pfS setup?) or that no tagging is required at your location? It's a bit odd because it looks like the switch is just passing traffic through on native VLAN without tagging (802.1q or p).
-
@t41k2m3 you have your MAC Address of your gateway set as your WAN interface in pfsense right?
-
@bulldog5 correct. is that all you did on your pfs and it's working?
-
When i was using the VLAN swap method; yes, I set my WAN interface to DHCP, and set the MAC Address to same as my gateway.
-
I've tried using the pfatt.sh script in supplicant mode, and I get the following No such file messages when I run it..
pfatt: starting pfatt...
pfatt: configuration:
pfatt: ONT_IF = igb1
pfatt: RG_ETHER_ADDR =XX:XX:XX:XX:XX:XX
pfatt: EAP_MODE = supplicant
pfatt: EAP_SUPPLICANT_IDENTITY = XX:XX:XX:XX:XX:XX
pfatt: EAP_BRIDGE_IF = igb1
pfatt: EAP_BRIDGE_5268AC = 0
pfatt: resetting netgraph...
pfatt: configuring EAP environment for supplicant mode...
pfatt: cabling should look like this:
pfatt: ONT---[] [igb1]pfSense
pfatt: creating vlan node and ngeth0 interface...
ngctl: send msg: No such file or directory
ngctl: send msg: No such file or directory
ngctl: send msg: No such file or directory
ngctl: send msg: No such file or directory
ngctl: send msg: No such file or directory
pfatt: enabling promisc for igb1...
pfatt: starting wpa_supplicant...
pfatt: wpa_supplicant running on PID ...
pfatt: setting wpa_supplicant network configuration...
pfatt: waiting EAP for authorization...
pfatt: EAP authorization completed...
ifconfig: interface ngeth0 does not exist
pfatt: no IP address assigned, force restarting DHCP...
dhclient not running? (check /var/run/dhclient.ngeth0.pid).
ifconfig: interface ngeth0 does not exist
ngeth0: not found
exiting.
ifconfig: interface ngeth0 does not exist
pfatt: IP address is ...
pfatt: ngeth0 should now be available to configure as your WAN...
pfatt: done! -
@bulldog5 When you issue ngctl list, do you see igb1 in the list below?
-
No my ONT/WAN is igb1 and LAN is igb0
There are 5 total nodes:
Name: igb2 Type: ether ID: 00000003 Num hooks: 0
Name: igb3 Type: ether ID: 00000004 Num hooks: 0
Name: ngctl92076 Type: socket ID: 00000017 Num hooks: 0
Name: <unnamed> Type: socket ID: 00000007 Num hooks: 0
Name: snmpd Type: socket ID: 00000009 Num hooks: 0 -
@bulldog5 Well, i don't see igb1 in that list you posted. That's your problem.
-
right, so how does it get in that list? I configured the pfatt.sh script and ran it. those are the errors i get.
-
@bulldog5 You get: ngctl: send msg: No such file or directory because ngctl doesn't find igb1, not the other way around. I don't know why it doesn't show for you but in my virtualized setup, vmxnet3 adapters did not show but e1000e adapters show up in ngctl.
-
@GoldServe
figured it out, had to be done on a fresh pfsense startup. -
@bulldog5 you got it, script needs to run at bootup (either get the Shellcmd package or manually edit /conf/config.xml to run it at <earlyshellcmd> stage). At/after first boot, a few more adjustments may need to be made once ngeth0 is available.
@aus posted code and instructions on github, if you follow those steps, you should be good to go. Take a backup of your config.xml in case anything goes wrong and reimaging may be needed. Still confused how your connection was working before without netgraph and VLAN0 (didn't look like switch config you posted was doing that). -
Not sure, i never had any issues with that GS105 switch, i set the VLAN ID to 1 for 2 ports, ONT and PFs WAN, and the Supplicant method worked fine going through that switch without NG. That particular switch version ignores VLANID 0 which is why it works. Try setting your PFSense WAN to static assign your IP as a test and see if it works?
-
@t41k2m3
So i noticed that the config.xml clears the <earlyshellcmd> part out after the initial restart from me adding it. Does it need to only be run that one time for NG to be setup? What keeps supplicant running in the future? -
@bulldog5 I'm no expert but that does not sound right to me. Maybe you are placing it in the wrong part of the config.
The first time I did this with a manual edit I placed the command incorrectly, after </earlyshellcmd>, Note the slash. This is the END of the directive (or whatever it is called). It needs to be before that statement.
<earlyshellcmd>
/usr/local/bin/php-cgi -f /usr/local/bin/apply_patches.php
[your command goes here].
</earlyshellcmd>There is a pkg you can use, download the Shell Command package. It has an option to select early and you can use it to insert your command. Run it from the Services menu.
-
@bulldog5 similar observation as @JonH insofar as this is not expected behavior. Not sure what may be causing it in this case, however, the netgraph script needs to run at every reboot (if not, ngeth0 won't be available). Shellcmd package seems to work well and it makes it easy to add/delete scripts to run at different bootup stages, you might want to give that a try and see if that fixes the issue.