Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AT&T Gateway bypass/true bridge using new authbridge

    Scheduled Pinned Locked Moved
    General pfSense Questions
    10
    43
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matthewgcampbell @stephenw10
      last edited by

      @stephenw10 Resaving the WAN would bring it back, I haven't tried unplugging, but rebooting also fixed it.

      1 Reply Last reply Reply Quote 0
      • M
        matthewgcampbell @GPz1100
        last edited by

        @GPz1100 said in AT&T Gateway bypass/true bridge using new authbridge:

        In general, once eapol authenticated, you stay authenticated until the link is severed (wan cable disconnected), or att reboots the OLT requiring another auth. Otherwise, sessions can last weeks and months. As for wan dhcp; att dhcp servers issue leases good for 1 hr. They start renewing around the 30 min mark. As far as I know, ipv4 dhcp lease is needed before any data starts to flow, or ipv6 is available. Meaning you can't just set wan to the same static values and have it work.

        This is the part that has me confused, it seems to pass traffic for a little bit (5 minutes) and then stops. But according to this that shouldn't be possible.

        G 1 Reply Last reply Reply Quote 0
        • G
          GPz1100 @matthewgcampbell
          last edited by GPz1100

          @matthewgcampbell I have never experienced a scenario where it passes traffic for a short amount of time then stops, at least not in the context of eapol auth related. It either passes or it doesn't. Then again I've never done any proxy bypasses either, can't really comment on odd behavior as a result.

          I assume you're following this - https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html ?

          You might want to give a try to one of the proxy scripts here - https://github.com/MonkWho/pfatt/tree/master . This is what we used before vlan0 compliant wpa_supplicant and dhclient.

          Edit, one other idea to try is the old dumb switch bypass method.

          I can't find a good write up but in essence you connect ethernet from ont and gateway to a dumb switch (preferably not netgear). Wait until the lights on the modem are all green and stop flashing. Disconnect gateway cable while leaving ONT/switch connected. Connect cable from the modem to your pfsense wan port (again, you're not touching the ONT/switch cable). Pfsense should be configured for dhcp on wan.

          See if you experience the same disconnect issues after x amount of time. If you do, try a release /renew on the wan. If it doesn't pull an ip, try rebooting pfsense only. This whole time, the link between the ONT and switch should remain connect and as far as ONT concerned, remain authenticated.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post