Starry Internet Station Replacement with pfSense?



  • I currently have starry internet which uses two pieces of hardware, the starry link and the starry station wifi router. This router does not allow bridged mode and I have been running in double-nat for some time. I will need to in the near future get rid of this double-nat due to the necessity of using Parsec to work. This doesn't allow for double-nat.

    I have attempted to trick the starry link into using my pfSense box by spoofing starry station wifi router's mac address and hostname on my pfsense WAN connection. This worked for someone successfully on reddit (using OpenWRT), where i brought this issue up, but it didn't work for me. I'm curious if there might be some other limitation or setting that I would need to change?

    If anyone has any suggestions that would be great. Thanks!


  • Netgate Administrator

    You have a link to that? If it worked in OpenWRT it can probably be made to work with pfSense.

    Edit: This? https://www.reddit.com/r/Starry/comments/fqsxwy/starry_with_a_pfsense_router/


  • Netgate Administrator

    Yes, that looks like your question. 😀

    So it looks like it works but requires the MAC be spoofed and the host name be correct for DHCP.

    What have you tried? What happened?

    Are you sure you're using the correct MAC, how did you get it?

    Steve



  • @stephenw10

    Thanks for the quick response! I essentially did what he said that he did. I went into the WAN interface and changed the mac address and the hostname in there. The both of those values I was able to get directly from the starry wifi router itself. One of them is "name" which ended up being "Home" (I tried starry like the person in that thread suggested as well) and the mac address was listed there as well.

    After doing that I tried rebooting pfsense and that didn't even help. So it seems that it wasn't getting what was needed.


  • Netgate Administrator

    A wifi router like that will have several MAC addresses and it's not uncommon to find the one listed on the label is not the WAN. Just to be clear are you sure that was the WAN MAC and not the wifi MAC for example? I have seen others hit that issue before.

    Is the wifi router sending the 'name' value as the 'hostname'?

    Ultimately you could put something between their modem and router and capture the DHCP exchange to see exactly what is needed.

    Steve



  • I was thinking I could do that and just do a wireshark of some kind. I'm not certain that it is the WAN mac address, but the guy on the other thread said that worked so I assumed those were the correct values.

    I'll have to try and do that later today. Curious what would be good to put between it? I have a couple different systems I could do that with...


  • Netgate Administrator

    A switch with mirror port configured or pfSense with two ports bridged is what I would do there.



  • @stephenw10 Might be a bit out of my realm! I don't have an extra switch and my pfsense has extra ports but not sure how to use wireshark on freebsd...or how to bridge those ports.


  • Netgate Administrator

    Bridging the ports is pretty easy. Just enble the two extra ports as interfaces but leave them as IPv4 type 'none'. Now go to Interfaces > Assignments > Bridges and create a new bridge with those ports in it. Now add allow all firewall rules on both those interfaces. Don't use, for example, OPT1net in the rules as that is invalid for an interface without an IP. True pass any, any , any.

    Now connect the modem to one and the wifi router to the other. Start a packet capture on the modem side port filter for port 67, set it to promiscuous mode and set the packets to, say, 1000. Reboot the wifi router and wait for it to pull an IP.

    Steve



  • @stephenw10 Thank you for the quick rundown. Might try this later today as i have 2x realtek onboard connections that aren't in use at all (because realtek kinda sucks).


Log in to reply