• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ATT Uverse RG Bypass (0.2 BTC)

Bounties
80
555
1.2m
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MonkWho @csburroughs
    last edited by Aug 3, 2020, 7:47 PM

    @csburroughs said in ATT Uverse RG Bypass (0.2 BTC):

    @MonkWho I'm having the same issue as andrew_241. I've attached a screenshot of a ngctl list command and the "restting netgraph" commands. The other screenshot displays the console errors when -s is added to WPA_DAEMON_CMD. I had to CTRL-C to get to a command prompt to run the commands. Any guidance would be appreciated. Thanks!

    It sounds like there is something strange going on with netgraph on your server. I'm not really an expert in it.

    Try running "kldstat -v" and see is these are on the list:
    netgraph
    ng_ether
    ng_eiface
    ng_one2many
    ng_vlan
    ng_etf

    Also try running "ngctl list" and see if there are any issues with the nodes on the list.

    S 1 Reply Last reply Aug 10, 2020, 8:19 PM Reply Quote 0
    • S
      Selcouth @MonkWho
      last edited by Aug 10, 2020, 8:19 PM

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • S
        Selcouth
        last edited by Aug 10, 2020, 8:22 PM

        Count me as yet another user with bridge working and supplicant not. I'm running 2.4.5-p1 on bare metal. I've verified my certificates, verified my paths, and stepped through the supplicant code in pfatt.sh manually. wpa_cli shows CONNECTING and then FAILED.

        To confirm, has anyone reported a working supplicant configuration without virtualization? I've tried on my Intel 82576 and I217-LM cards. I may take some time to spin up ESXi and virtualize pfSense to get around keeping the RG plugged in.

        G B 2 Replies Last reply Aug 10, 2020, 8:24 PM Reply Quote 0
        • G
          GPz1100 @Selcouth
          last edited by Aug 10, 2020, 8:24 PM

          @Selcouth You should be able to confirm a working config by connecting the ONT to pfsense by way of a dumb switch (t o filter out the vlan 0 tags). ONT goes to one port, pfsense's wan goes to another.

          S 1 Reply Last reply Aug 10, 2020, 9:45 PM Reply Quote 0
          • B
            bk150 @Selcouth
            last edited by Aug 10, 2020, 8:37 PM

            @Selcouth I'm running supplicant mode on an SG-5100 on 2.4.5-RELEASE-p1 (amd64). I purchased the certificates from maczrcool on eBay and followed the guide in the README in the supplicant branch of MonkWho's pfatt fork: https://github.com/MonkWho/pfatt/tree/supplicant

            G 1 Reply Last reply Aug 10, 2020, 8:43 PM Reply Quote 0
            • G
              GPz1100 @bk150
              last edited by Aug 10, 2020, 8:43 PM

              @bk150 It looks like that method is funneling all wan traffic through ngeth0 for the vlan0 tagging. First off are you able to attain full line speed (during speed tests)? Is the pfsense cpu usage very high during this event?

              B 1 Reply Last reply Aug 10, 2020, 8:48 PM Reply Quote 0
              • B
                bk150 @GPz1100
                last edited by bk150 Aug 10, 2020, 8:49 PM Aug 10, 2020, 8:48 PM

                @GPz1100 Here is a result from just a few moments ago:

                alt text

                Here's a screenshot of CPU usage and load average on the system during the test:

                alt text

                1 Reply Last reply Reply Quote 0
                • G
                  GPz1100
                  last edited by Aug 10, 2020, 9:35 PM

                  I wonder if the usage would be that high if a dumb switch was placed inline in between ont and pfsense wan?

                  B 1 Reply Last reply Aug 12, 2020, 8:18 PM Reply Quote 0
                  • S
                    Selcouth @GPz1100
                    last edited by Aug 10, 2020, 9:45 PM

                    @GPz1100 I'm not authenticating with a dumb switch in line either. I must have some other problem. Maybe I'll start fresh to double check everything.

                    1 Reply Last reply Reply Quote 0
                    • B
                      bk150 @GPz1100
                      last edited by Aug 12, 2020, 8:18 PM

                      @GPz1100 I'll find a day/evening when my girlfriend doesn't need internet and try the dumbswitch method. I can post my results back here

                      1 Reply Last reply Reply Quote 0
                      • B
                        bkatt
                        last edited by bkatt Aug 13, 2020, 6:57 PM Aug 13, 2020, 6:56 PM

                        Hello All.
                        I am able to get this script working via bridge mode, but having issues getting it to work via supplicant mode. It is running on bare metal.

                        The script seems to hang at "Waiting EAP for authorization"

                        I have root and wheel group full permission to the 3 certs. I got them from ebay and converted them into the correct format using some tools suggested online. Is there anything easy I could be missing? Been through the guide multiple times but cannot seem to figure it out thus far.

                        I have checked the configuration inside pfatt.sh multiple times and appears to be correct.

                        S 1 Reply Last reply Aug 26, 2020, 8:19 PM Reply Quote 0
                        • ?
                          A Former User
                          last edited by Aug 21, 2020, 11:59 AM

                          i following this thread with lot of interest

                          1 Reply Last reply Reply Quote 0
                          • N
                            netman89
                            last edited by Aug 23, 2020, 2:20 PM

                            I had the same issue as above with the 'no such file or directory' errors and resolved it by adding the following lines in the pfatt.sh script around line 144:

                            /usr/bin/logger -st "pfatt" "attaching interfaces to ng_ether..."
                            /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');"

                            The lines were added right after:
                            /usr/bin/logger -st "pfatt" " ONT---[] [$ONT_IF]$HOST"

                            I had to set the WAN interface back to ngeth0, but after a reboot, I was getting an IP address and was able to browse the net. Hope this helps.

                            1 Reply Last reply Reply Quote 0
                            • I
                              Ican'treadorwrite @Dade
                              last edited by Aug 24, 2020, 2:43 AM

                              @Dade I realize you posted this a long time ago, so sorry for bringing this up again. I also have ATT with 5 extra static IPs (/29). I made another lan interface and assigned the "Gateway IP" from ATT to this interface. I don't have any problem using 1:1 NAT to assign public IPs to specific devices on my LAN.

                              I am also using the static "Gateway IP" from ATT as the IP address for a VPN server--which works except for one thing. My ATT static Gateway IP is 75.xxx.xxx.78. My dynamic ATT IP is 68.xxx.xxx.29. I can connect to the VPN using the address 75.xxx.xxx.78, but while connected to this VPN, if I google "what is my IP address" the response is 68.xxx.xxx.29, when it should be 75.xxx.xxx.78.

                              Using your method, were you able to resolve this? Either way, could you describe the firewall/NAT rules that you used?

                              Thanks!

                              F 1 Reply Last reply Aug 24, 2020, 11:08 AM Reply Quote 0
                              • F
                                foxide @Ican'treadorwrite
                                last edited by Aug 24, 2020, 11:08 AM

                                @Ican-treadorwrite The IP you're going to see on a "what's my IP" query is going to be the NAT IP that applies to that traffic. You'll have to create a new NAT rule ONLY for the internal IP addresses of your VPN clients specifying that that specific IP (your static IP) is the "NAT address" for that traffic.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  shad0wca7 @bkatt
                                  last edited by Aug 26, 2020, 8:19 PM

                                  @bkatt said in ATT Uverse RG Bypass (0.2 BTC):

                                  Hello All.
                                  I am able to get this script working via bridge mode, but having issues getting it to work via supplicant mode. It is running on bare metal.

                                  The script seems to hang at "Waiting EAP for authorization"

                                  I have root and wheel group full permission to the 3 certs. I got them from ebay and converted them into the correct format using some tools suggested online. Is there anything easy I could be missing? Been through the guide multiple times but cannot seem to figure it out thus far.

                                  I have checked the configuration inside pfatt.sh multiple times and appears to be correct.

                                  I am having this exact same situation. Permissions, names, etc all look fine - it just hangs at 'waiting EAP for authorisation'....

                                  A 1 Reply Last reply Aug 26, 2020, 8:51 PM Reply Quote 0
                                  • A
                                    AiC0315 @shad0wca7
                                    last edited by Aug 26, 2020, 8:51 PM

                                    @shad0wca7
                                    What are your file names and file type?
                                    I have my permissions set to 755

                                    S B 2 Replies Last reply Aug 26, 2020, 10:26 PM Reply Quote 0
                                    • B
                                      bk150
                                      last edited by Aug 26, 2020, 8:59 PM

                                      I really hope the underlying issue people are having isn't related to this: https://www.dslreports.com/forum/r32839785-AT-T-Fiber-Gateway-bypass-with-WPA-supplicant-stopped-working-2-days-ago

                                      A 1 Reply Last reply Aug 26, 2020, 9:02 PM Reply Quote 0
                                      • A
                                        AiC0315 @bk150
                                        last edited by Aug 26, 2020, 9:02 PM

                                        @bk150
                                        I'm running 2.4.5 and rebooted just the other day with no problems.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          shad0wca7 @AiC0315
                                          last edited by Aug 26, 2020, 10:26 PM

                                          @AiC0315

                                          -rw-------  1 root  wheel  6431 Aug 22 16:46 ca.pem
                                          -rw-------  1 root  wheel  1131 Aug 22 16:46 client.pem
                                          -rw-------  1 root  wheel   887 Aug 22 16:46 private.pem
                                          
                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.