Sky Fibre to the Cabinet Rollout - PfSense support?
-
Hi all,
Over in the UK Sky have released their fibre service, which uses MER authentication.
The guys over at Billion have already modified their routers firmware to allow it to connect: http://www.billion.uk.com/forum/viewtopic.php?f=9&t=343
Sky use a modified 1483MER encapsulation method. Normal connections do negotiate successfully but fail to get an IP.
Does anyone on this board know whether PfSense has support for this type of encapsulation? Or has anyone tried it with Sky fibre?
Many thanks
Edit: Someone has put an excellent guide here detailing the specifics:
http://wiki.ph-mb.com/wiki/MER -
This is interesting!
The Billion 7800N and the Draytek V120 (mentioned on the page you linked to) are both ADSL2+ devices and hence capable of 24Mbps. It seems unlikely either of those would be used with a FTTC service.
Since pfSense doesn't support XXXoA directly you would need some other device. MER seems to be be a combination of MPoA and sending DHCP client options.The real question seems to be can pfSense send DHCP client options? (specifically 60 and 61)
Steve
-
Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).
Steve
-
Whilst the 7800N and the V120 are ADSL modems, that functionality isn't used.
Sky use BT Open Reach modems and then plug them into the switch port of the router, which handles connection via PPPoE.
http://imageshack.us/photo/my-images/818/20120221155404.jpg/
-
Ah Ok so same as BT Infinity, which sense. Sky don't have their own cabinets in the road.
Presumably though they are using MER instead of PPPoE? (seems like it)Steve
-
Kind of. Although the option is there, the MAC address doesn't need to be spoofed on the Billion routers to get a connection. It is simply the weird DHCP option number that needs to be resolved!
-
Indeed it looks like it need to see username and password information in the option 61 field: PPPUsername|PPPPassword
Should be possible. Do you have this service?
Steve
-
Just reading though the code I'm unsure if you can just set this information in the DHCP hostname field. This seems to be the client identifier but I can't see it labled '61' anywhere. No idea if it would need coding in hex or what.
Steve
-
Hi there,
The suggested underneath would more be welcome!
@stephenw10:The real question seems to be can pfSense send DHCP client options? (specifically 60 and 61)
Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).
SteveA GUI is always nice. Perhaps already any estimate/building plans?
Is there a building/wishlist availiable? If yes, can somebody move it towards and inform me?Are there any examples how to configure 'dhclient.conf' in pfSense? Planning to use it soon.
Thx,
Canefield -
I believe this can be done with the hostname field already present in the gui. Usually you would leave the hostname empty however if you set an interface (OPT5 here) to dhcp and fill in the field (I used testdhcphost) you then get a custom dhclient conf file. This is generated by pfSense so if you alter it manually it probably won't last long!
/var/etc/dhclient_opt5.conf
interface "fxp0" { timeout 60; retry 1; select-timeout 0; initial-interval 1; send dhcp-client-identifier "testdhcphost"; send host-name "testdhcphost"; script "/sbin/dhclient-script"; }
DHCP client identifier is 'option 61'. See: http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml#options
I can't test this since I'm not on Sky. Seems likely to work though.
Steve
-
Thanks Stephen, very helpful. My install date isn't until May 04th, would be good to get some one to test this otherwise I will do it around then.
I assume we could always change the permission of the dhclient_opt5.conf file so it cannot be over written. A dirty fix, but should work at least.
-
That would be a bad idea since pfSense generates that file at boot or whenever the config is changed. If it couldn't do it for some reason I imagine some errors would result! ;)
I'm sure a work around in the code that generates it would be relatively easy until something more permanent could be produced. If it's needed.Steve
-
I am also on sky and currently am using pppoe passthrough via my mode.
I fear that when i do upgrade to fibre my pfsense alix board will become redundant.Is there a plan for pfsense to implement 1483 MER ?
-
Pfsense supports MER, however we need to determine how to use option 61. The guys at billion have figured it out for their routers.
We simply need a way to add option 61 info to the DHCP that gets sent to the WAN.
-
but on wan dhcp. there is a field for hostname authentication
I assume this is where you can paste the hex key to authenticate
-
That's what it looks like, yes.
You could check for sure by looking at a packet capture on the interface and see what the dhcp client is sending. Or just wait and try it!Are either of you on sky already? From reading the forums it looks like they are running both authentication systems in parallel in existing adsl lines.
Steve
-
I haven't ordered it yet, however i am using llu pppoa for normal adsl2+
which uses both methods for authentication either mer/pppoa. -
That's what it looks like, yes.
You could check for sure by looking at a packet capture on the interface and see what the dhcp client is sending. Or just wait and try it!Are either of you on sky already? From reading the forums it looks like they are running both authentication systems in parallel in existing adsl lines.
Steve
May 4th. There is a guy on another forum who has fibre a little sooner than me, and Pfsense, so i'll pass him the link and see if he has any luck.
-
Hey guys,
So the task has been completed by some clever folks:
–-------------------------------------------------------
WRT54G & Similar running Tomato
Some versions of Tomato support '-c' client ID option (option 61), however others do not. Where 'udhcpcd' supports '-c' then you may enter '-c PPPusername|PPPpassword' in DHCPC options. An alternate method using '-x' to specify additional DHCPC options (incl option 61) may be used. Where '-x' is used the username & password fields must be translated into a HEX string (see below)
It is not necessary to spoof your original Sky router's MAC address in order to obtain an IP address.- Convert your PPPusername|PPPpassword string into HEX - I used http://www.string-functions.com/string-hex.aspx
e.g. 1a2b3c4d5e6f@skydsl|zzc7Zovbt5Fpa7B turns into 31613262336334643565366640736b7964736c7c7a7a63375a6f766274354670613742 - In 'Advanced->DHCP/DNS DHCPC options enter '-x 61:00' immediately followed by the converted string from above. e.g. '-x 61:0031613262336334643565366640736b7964736c7c7a7a63375a6f766274354670613742' & save.
- In 'Basic->Network set your network type to DHCP, default MTU & save
Does anyone know how I would go about implementing this on PfSense?
- Convert your PPPusername|PPPpassword string into HEX - I used http://www.string-functions.com/string-hex.aspx
-
That's what I have been basing my speculation on.
To implement this on pfSense you need to enter your "PPPusername|PPPpassword" in the hostname field on the dhcp setup. Try it and see.
You will not have to enter it as HEX since pfSense sends this as '61', client identifier.Steve