For Aussie users : Getting pfSense to work with Telstra Cable



  • I'm not sure what the problem is, but pfSense doesn't seem to load
    BPAlogin. (client required to make Telstra Cable work)…Maybe it was
    left off the boot list?

    The following is a temporary solution.

    In WebGUI => Diagnostics => Edit File
    Then, paste the following in the entry block...
    (we're creating a bpalogin.conf file, I got the contents for this
    from the BPAlogin source code for UNIX).

    **# Default debug level is 1. Values range from 0-2 with 0 being silent

    All information goes to the syslog.

    #debuglevel 1

    The user name you have for your BPA account

    username xxxxx

    Your BPA password

    password xxxxxxxxx

    The default auth server is "sm-server" You can override this value, but

    you would only do this if you have not set your default domain correctly

    in your /etc/resolv.conf

    authserver dce-server

    You can override the default domain if you have your

    resolv.conf set to not include the BPA domains.

    Domain is different in every state

    qld.bigpond.net.au for Queensland users

    nsw.bigpond.net.au for New South Wales users

    vic.bigpond.net.au for Victorian users

    sa.bigpond.net.au for South Australian users

    wa.bigpond.net.au for Western Australian users

    authdomain nsw.bigpond.net.au

    The loginprog will be executed whenever BPALogin connects successfully

    you could have it run a script to start a firewall, etc. The first

    parm to the program will be the port number

    #connectedprog /etc/rc.d/rc.masq
    #disconnectedprog /etc/rc.d/rc.masq

    If you want to bind BPALogin to a specific address rather than all

    sockets, you can do that here.

    #localaddress 0.0.0.0

    You can now define the listen port instead of a random port

    This will help with firewalls.

    localport 5050

    Logging can be sent to syslog or stdout.

    #logging syslog

    Set the minimum heartbeat interval. This can protect against

    DoS attacks.

    minheartbeatinterval 60

    Set the maximum heartbeat interval.  Sometimes the DCE server will not

    send a heartbeat for a long time (i.e. longer than seven minutes) but

    the connection is still open.  BPALogin will normally treat this as a

    failed connection unless you raise the maximum interval.

    #maxheartbeatinterval 420**

    Then save this as…
    => /usr/local/etc/bpalogin.conf

    Log-in to your pfSense box (you need keyboard and monitor)
    Select the 8th option => Shell

    Change directory to where bpalogin application resides...
    => cd /usr/sbin

    Run bpalogin application...
    => bpalogin -c /usr/local/etc/bpalogin.conf
    (You're just telling bpalogin where the configuration file is, when it loads.)

    Now if you look on the STATUS => SYSTEM LOGS, you will see this.

    Nov 24 13:28:31 bpalogin[10127]: Logged on as xxxxx - successful at Thu Nov 24 13:28:31 2005
    Nov 24 13:28:31 bpalogin[10127]: Listening on port 5050
    Nov 24 13:28:31 bpalogin[10127]: Auth host = dce-server.nsw.bigpond.net.au:5050
    Nov 24 13:28:31 bpalogin[10127]: BPALogin v2.0.2 - portable BigPond Broadband login client

    Now the connection should work with Telstra Cable.

    If not, be sure to add filter rules that open port 5050 UDP/TCP on IP of login server.
    (say for NSW, its 61.9.192.13 … See the ozcableguy.com link below for the one in your state.)

    I've talked to Scott about this issue, and I'm willing to help test bpalogin for
    pfSense. I think bpalogin was left off the boot list, but not sure...(?)

    (I'm not in any way a BSD guru. I'm a newbie, but a newbie that likes
    to dig around a bit to solve issues). :)

    PS : If you are not sure what you need to enter for BPAlogin or WebGUI entry...
    Look here => http://www.ozcableguy.com/dns.html

    NOTE : This is just a terminology thing...
    Login Servers (in link) => Authentication Server (in pfSense)
    DNS Suffixes (in link) => Authentication Domain (in pfSense)



  • I had a look at this, and it seems bpalogin in fully implemented. What happens when you configure it via gui ?
    I don't see anything wrong with the existing code.

    function interfaces_wan_bigpond_configure($curwanip) {
            global $config, $g;
    
            $bpcfg = $config['bigpond'];
    
            if (!$curwanip) {
                    /* IP address not configured yet, exit */
                    return 0;
            }
    
            /* kill bpalogin */
            killbyname("bpalogin");
    
            /* wait a moment */
            sleep(1);
    
            /* get the default domain */
            $nfd = @fopen("{$g['varetc_path']}/defaultdomain.conf", "r");
            if ($nfd) {
                    $defaultdomain = trim(fgets($nfd));
                    fclose($nfd);
            }
    
            /* generate bpalogin.conf */
            $fd = fopen("{$g['varetc_path']}/bpalogin.conf", "w");
            if (!$fd) {
                    printf("Error: cannot open bpalogin.conf in interfaces_wan_bigpond_configure().\n");
                    return 1;
            }
    
            if (!$bpcfg['authserver'])
                    $bpcfg['authserver'] = "dce-server";
            if (!$bpcfg['authdomain'])
                    $bpcfg['authdomain'] = $defaultdomain;
    
            $bpconf = <<<eod<br>username {$bpcfg['username']}
    password {$bpcfg['password']}
    authserver {$bpcfg['authserver']}
    authdomain {$bpcfg['authdomain']}
    localport 5050
    
    EOD;
    
            if ($bpcfg['minheartbeatinterval'])
                    $bpconf .= "minheartbeatinterval {$bpcfg['minheartbeatinterval']}\n";
    
            fwrite($fd, $bpconf);
            fclose($fd);
    
            /* fire up bpalogin */
            mwexec("/usr/local/sbin/bpalogin -c {$g['varetc_path']}/bpalogin.conf");
    
            return 0;
    }</eod<br> 
    


  • I agree about the code. I just compared the one you've posted to the M0n0Wall 1.2 code.
    They're exactly the same. (They both use interfaces.inc, right?)

    It must be something else.

    When I use WebGUI, I select bigpond for WAN and add the appropriate details.
    I click to apply and save the settings.

    On M0n0Wall 1.2, if you look in the System Logs in the Diagnostics section,
    you'll see the entry that bpalogin has initialized and you have successfully logged into the
    Telstra network.

    On pfSense, there's no indication of bpalogin being initialized in System Logs. The only thing
    you see is that the DHCP function is working, and you've received your IP, Gateway and the
    relevant DNS servers…But no bpalogin!

    It should be there, appearing in the System Logs. (this occurs when I manually initialize bpalogin)

    I know I'm not the only one experiencing this as I noticed that back in October, someone
    else have the same issue.

    Something isn't right, but I'm not sure what it is...I wish I were more knowledgeable with pfSense
    or M0n0Wall .  >:(

    Is there a command that allows me to record everything when I boot up or when I change the WAN
    from DCHP to bigpond? (I'm hoping we can catch any error messages that could indicate a problem
    somewhere).



  • See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions.  Testers needed!



  • @sullrich:

    See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions.  Testers needed!

    Does version 0.94.12 contain the update from cvs? (I just downloaded this, gonna install it)
    Or should I use update instructions anyway? (after installing 0.94.12)



  • @Aussie_Bear:

    @sullrich:

    See http://cvstrac.pfsense.com/tktview?tn=702,6 for update instructions.  Testers needed!

    Does version 0.94.12 contain the update from cvs? (I just downloaded this, gonna install it)
    Or should I use update instructions anyway? (after installing 0.94.12)

    Yes, it should.



  • This issue has been FIXED in pfSense ver 0.95

    NOTE : When setting your pfSense box to work with Telstra Cable, be sure
    to put dce-server in the BigPond Authentication Server: entry.

    Test Setup
    Celeron 1.2Ghz
    512MB RDRAM
    i820 chipset mobo (ASUS P3C-D)
    CD-ROM
    Floppy
    pfSense 0.95 LiveCD
    Telstra Broadband Cable



  • A sum up of the needed steps can now be found at the faq: http://faq.pfsense.org/index.php?sid=10900&lang=en&action=artikel&cat=10&id=100&artlang=en

    Thanky ou aussi_bear  :)



  • This is an update.

    Telstra have announced plans to DUMP their "heartbeat" solution.

    What does this mean for pfSense, M0n0Wall, and any other firewall solution?
    It means (when the transition is complete), you no longer need to set pfSense to "bigpond" mode.

    There will no longer be the need to login via your firewall OR software client. Authentication will be made at the MAC address of the cable modem.

    When the change is made (in about 1 to 2 month's time), set your pfsense box to DHCP. (NOT bigpond.)

    From a developer's (and a Telstra Cable user's) view, their life is now made easier!

    For now, you still need bigpond login client. This should change by the end of September or start of October.

    sources:

    BigPond Service Announcement
    http://www.bigpond.com/edm/crm/2006/1353/1162_M07_migration_eDM.htm

    Do I need to do anything to maintain my cable connection?
    http://bigpond.custhelp.com/cgi-bin/bigpond.cfg/php/enduser/std_adp.php?p_faqid=12138

    For pfSense Devs, you should drop "bigpond" client by November or so.



  • Thanks for the notification.


Locked