SG2100 - Unable to get DHCP WAN IP on GPON interface

stealthmode · Aug 4, 2024, 8:05 PM

@stephenw10 The router has a banner

"RDK (A Yocto Project based Distro) 2.0 GEN8"

I ran cd wan and then show

I've configured the PFSense wan interface in this way

On mvneta0.12 WAN interface, enabled Advanced Configuration and Configuration Override
Set the file as "/root/dhcp-config/dhcp.conf"
The file contents are the following:

interface "mvneta0.12" {
      timeout 60;
      retry 15;
      select-timeout 0;
      send dhcp-class-identifier "meods00";
}

Restarted PFsense
still don't appear to be getting the WAN IP

Do you think my configuration is correct here?

keyser · Aug 4, 2024, 8:19 PM

@stealthmode Probably, but it’s hard to tell if your setup works as intended unless you do a packet capture.

I would instead not enable configuration override, and just insert:

Dhcp-class-identifier “meods00”

In the send options dialog. Then we know it will be included in the standard DHCP process from pfSense (it will also be fully restorable from a config file if you ever reinstall or move to a different device)

stealthmode · Aug 4, 2024, 10:11 PM

@keyser Thank you!

I followed what you said, and the DHCP options are being sent in the request but I still don't get a WAN IP.

So it's back to the drawing board for me :|

login-to-view

JonathanLee · Aug 4, 2024, 10:16 PM

The ISP may require the MAC address of the ISP provided router. This would require you to spoof the MAC address into the WAN interface. Do you know if it is locked down to the original router MAC address?

stealthmode · Aug 4, 2024, 10:55 PM

@JonathanLee Thank you for your reply. I tried that now, and that didn't help either :(

The packet capture shows that I've spoofed the MAC address to that of the ISP router WAN interface

stealthmode · Aug 5, 2024, 5:25 AM

I took the static IP which was assigned to the ISP router and manually assigned it to the pfsense WAN interface. By changing the DHCP to Static.

After that, in "Status > Interface", I couldn't see any increments on the "In" packets counter. The out packets counter was increasing. Basically, I still didn't have internet access via PFsense.

This makes me think that the GPON ONU stick might still not be "fully" authenticated...

keyser · Aug 5, 2024, 5:25 AM

@stealthmode I don’t think the GPON ONU “authentication” is the issue. When you reach state 5 it is connected and accepted into the GPON tree. I’m pretty sure you are not passing authentication with your ISP on the protocol level. IPoE is specifically authentication via DHCP, and if your DHCP request frame does not pass authentication, the other end (ISP ONT) does not open/pass traffic, and to you that seems like a dead link (no traffic seen/passed).
Setting a static IP just makes sure you do not pass authentication - as you are not sending a DHCP frame to Authenticate on :-)

I’m quite sure the problem is you are not providing all the options needed. Usually IPoE also requires options that descibes the FX. The circuitID and a authentication password/code.

In my setup there is specifically two options that sends a deviceID and a anthentication code - which is why you need a capture of the ISP routers DHCP exchange - otherwise it will be impossible to replay the needed settings.

stealthmode · Aug 5, 2024, 6:14 AM

@keyser Thank you very much for your detailed insights... I really appreciate the information that you've provided. It makes sense.