ATT Uverse RG Bypass (0.2 BTC)
-
Apparently the people who had their just stop working with any method of bypass is most likely due to upgrades in your area to XGS-PON. Supposedly the certificate isn’t enough anymore and looks like AT&T has added more checks to TR-069 that exists on the RG. Smart people are looking into it but as AT&T moves away from the separate ONT and to a combo RG/ONT this maybe dead on the vine.
-
@pyrodex
I had read about that over on the dsl forums. It's a shame, it was working very well. I am hoping someone figures out the magic solution to the new ONT/RG. Even though it has WIFI 6, i just dont want their crap in the way. -
If supplicant mode still works for you in 2.4.5-p1, has anyone tried if it still works in pfsense+ 21.02 (or pfsense ce 2.5.0)?
-
@t41k2m3 I was able to just update from 2.4.5 to 2.5.0 using the update button in the web config and everything continued to work. System updated, rebooted, and automatically reconnected.
-
This is great news. Are you using the WPA supplicant or the bridging approach with the RG?
-
@fresnoboy I'm using wpa_supplicant with extracted certificates at the moment. RG continues to sit in a box in the closet.
I did double-check my previous tweaks to pfatt.sh mentioned earlier in this thread, and they are still required for wpa_supplicant to work for me (notably, wpa_supplicant has to run on the raw interface, not the
ngeth0interface that has vlan0 headers stripped).I've been trying to further tweak the script so that it no longer hangs on bootup if the router can't get an IP for any reason, which I've found to be a particular annoyance, but luckily everything has been super stable so it's mostly only an issue when I'm tinkering with things. If I get something working I'll upload/post it.
-
@darth-android said in ATT Uverse RG Bypass (0.2 BTC):
@fresnoboy I'm using wpa_supplicant with extracted certificates at the moment. RG continues to sit in a box in the closet.
I did double-check my previous tweaks to pfatt.sh mentioned earlier in this thread, and they are still required for wpa_supplicant to work for me (notably, wpa_supplicant has to run on the raw interface, not the
ngeth0interface that has vlan0 headers stripped).I've been trying to further tweak the script so that it no longer hangs on bootup if the router can't get an IP for any reason, which I've found to be a particular annoyance, but luckily everything has been super stable so it's mostly only an issue when I'm tinkering with things. If I get something working I'll upload/post it.
That sounds great. I run pfsense as a VM under a vmware host, so I deal with the vlan0 tagging that way and don't use ngeth at all anymore.
As a VM it's easy to take a snapshot and revert, so I'll try the upgrade and see if I have the same success. Thanks for posting here!
-
I did the upgrade to 2.5.0 today. Went fine, and no issues with the pfatt WPA supplicant working in 2.5.0. Pretty smooth overall.
Hopefully this solves the occasional mbuf panics I was seeing in 2.4.5p1
-
So there is an issue. the wpa_supplicant on my system is showing 100% CPU utilization on one if the 4 CPUs. are other people seeing this too?
Note in my situation I am not using ngeth0 at all - just a pure bypass with the certs, and vmware doing the vlan0 processing.
This actually may have been going on before - as CPU usage seemed high before I made the transition earlier.
-
That's actually the issue that has been going on. That's why i haven't upgraded yet, i noticed in the github issues. There hasn't been an update in a bit. I was waiting for the next incremental release to see if anything changes.
-
And just FYI, 2.5.1 doesn't fix the wpa supplicant CPU locked at 100% problem. But so far, no mbuf panic either.
-
I think I may have figured out the problem. See here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252844 It seems this is the likely issue with the wpa-supplicant running at 100%, since we start it before the routing table is populated as well. The fix there would may solve our problem as well.
-
@fresnoboy said in ATT Uverse RG Bypass (0.2 BTC):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252844
So does the kill and restart of supplicant fix the issue?
-
@fresnoboy I did notice this as well after upgrading, but I simply killed & restarted wpa_supplicant and things seem to be holding fine. I’ve not rebooted the box since then, so perhaps I’ll re-encounter it at such a time. Things are still working at the moment, so I’m inclined to just not touch anything, but if there’s a fix to test ping me and I can take a look.
-
@fresnoboy have you looked into applying the patch to pfs or would that not be easy/possible?
-
I haven't tried it yet. I don't have a build environment for PFSense set up (I do have a FreeBSD VM I can play with), but the patch there looks like it's been committed to the production environment, so it should be easy for the Netgate guys to cherry pick this and include it in a beta update.
Anyone from Netgate want to comment?
-
I have written a list of easy mitigation steps for cpu usage issue. Credits go to all ppl who root caused the issue.
https://github.com/MonkWho/pfatt/issues/41#issuecomment-830450022
-
Do you have steps of how to get vlan0 working on esxi?
-
@netnerdy Thanks, that was the one hurdle which was keeping me from upgrading.
-
You need to create a new switch (it can't be the same switch as your LAN). For the Switch, set the VLAN ID to (0) None. This will strip the VLAN tags off that interface. Make sure your physical adapter is mapped to that switch, and then connect that WAN switch to an interface on your PFSense VM. Enjoy.
BTW, the snapshotting feature is super useful when updates are having issues. :)
