ATT Uverse RG Bypass (0.2 BTC)
-
@jasonsansone
not possible. It's the ONT that sets your line rate so you better believe there is security in it else anyone could just bypass it and get full gig. -
Ya, after more thought and research I realized that being the DMARC, I shouldn’t screw with it. Thank you.
-
I'm able to get this working in bridge mode but when I try it in supplicant mode, the boot up looks like this.
code_text Loading configuration......done. pfatt: starting pfatt... pfatt: configuration: pfatt: ONT_IF = em0 pfatt: RG_ETHER_ADDR = xx:xx:xx:xx:xx:xx pfatt: EAP_MODE = supplicant pfatt: EAP_SUPPLICANT_IDENTITY = xx:xx:xx:xx:xx:xx pfatt: EAP_BRIDGE_IF = em1 pfatt: EAP_BRIDGE_5268AC = 0 pfatt: resetting netgraph... pfatt: configuring EAP environment for supplicant mode... pfatt: cabling should look like this: pfatt: ONT---[] [em0] pfatt: creating vlan node and ngeth0 interface... ngeth0: link state changed to UP pfatt: enabling promisc for em0... em0: permanently promiscuous mode enabled pfatt: starting wpa_supplicant... pfatt: wpa_supplicant running on PID 453... pfatt: setting wpa_supplicant network configuration... pfatt: waitng EAP for authorization... em0: link state changed to UP
code_text
Then it just sits there. I have the certs in /conf/pfatt/wpa and the MAC address is correct.
Any ideas of what might be wrong?Thanks!
-
Figured out the problem. The code is looking for:
ca.pem
client.pem
private.pemMy .pem files where named differently. Once I changed them I got supplicant mode working. One odd thing I noticed, download speeds are 500-600 while upload speeds are 920-940..
-
So I am not having luck. I have tried in both the dumb switch, bridge mode way and using the pfatt.sh add-on. On first bootup I never got prompted to adjust interfaces, but in the web GUI I was able to select the ngeth0 interface for my WAN.
DHCP never pulls down an IP and just displays 0.0.0.0. This is the same thing that happened when I tried it in dumb switch bridge mode.
Right now the connection from AT&T is directly plugged into igb4 and igb3 is plugged directly into my BGW210.
When I had tested dumb switch bridge mode I had tested with AT&T line going through my switch then to modem, all worked, but then unplugging mode and spoofing mac never seemed to work. Any ideas? We are a small office, but no way the 8k session limitation is doable for us so I must have a work around or we will end up paying the ETF and cancelling services.
Some info from my config.
There are 11 total nodes:
Name: igb0_366 Type: ether ID: 00000024 Num hooks: 0
Name: igb3 Type: ether ID: 00000004 Num hooks: 2
Name: snmpd Type: socket ID: 00000025 Num hooks: 0
Name: igb4 Type: ether ID: 00000005 Num hooks: 1
Name: <unnamed> Type: socket ID: 00000009 Num hooks: 0
Name: o2m Type: one2many ID: 0000000e Num hooks: 3
Name: vlan0 Type: vlan ID: 00000011 Num hooks: 2
Name: ngeth0 Type: eiface ID: 00000014 Num hooks: 1
Name: waneapfilter Type: etf ID: 00000018 Num hooks: 2
Name: ngctl25340 Type: socket ID: 0000003a Num hooks: 0
Name: eapfiltlaner Type: etf ID: 0000001c Num hooks: 3Log file
2019-10-16 13:19:45 :: [pfatt.sh] :: pfSense + AT&T U-verse Residential Gateway for true bridge mode
2019-10-16 13:19:45 :: [pfatt.sh] :: Configuration:
2019-10-16 13:19:45 :: [pfatt.sh] :: ONT_IF: igb4
2019-10-16 13:19:45 :: [pfatt.sh] :: RG_IF: igb3
2019-10-16 13:19:45 :: [pfatt.sh] :: RG_ETHER_ADDR: xxxxx
2019-10-16 13:19:45 :: [pfatt.sh] :: OPNSENSE: no
2019-10-16 13:19:45 :: [pfatt.sh] :: loading netgraph kernel modules... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: attaching interfaces to ng_ether... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: building netgraph nodes...
2019-10-16 13:19:45 :: [pfatt.sh] :: creating ng_one2many... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: creating vlan node and interface... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: defining etf for igb4 (ONT)... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: defining etf for igb3 (RG)... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: bridging etf for igb4 <-> igb3... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: defining filters for EAP traffic... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: enabling one2many links... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: removing waneapfilter:nomatch hook... OK!
2019-10-16 13:19:45 :: [pfatt.sh] :: enabling igb3 interface... OK!
2019-10-16 13:19:46 :: [pfatt.sh] :: enabling igb4 interface... OK!
2019-10-16 13:19:46 :: [pfatt.sh] :: enabling promiscuous mode on igb3... OK!
2019-10-16 13:19:46 :: [pfatt.sh] :: enabling promiscuous mode on igb4... OK!
2019-10-16 13:19:46 :: [pfatt.sh] :: ngeth0 should now be available to configure as your pfSense WAN
2019-10-16 13:19:46 :: [pfatt.sh] :: done!
2019-10-16 13:39:46 :: [pfatt.sh] :: pfSense + AT&T U-verse Residential Gateway for true bridge mode -
@phatty which method are you using to get the above log file?
-
Log is from pfatt.log, only thing I tweaked in the config for that was adding igb interface info and Mac. Then on first bootup I changed my wan interface to use the ngeth
-
@phatty The instructions are very good, I'd check the instructions again step-by-step.
FWIW, I set pfatt.sh aside several months ago after not finding significant performance enhancement and planned to return to it later for another try. During that time I have decided it may not be useful to me. As a home user and not running web services but with roughly 20 connections I do not readily fill up my BGW's nat table. In fact, since early August I have hardly made an impact on that table. Unless I'm missing some other useful functionality it appears that I can get along fine without pfatt.Also I had hoped it would improve my throughput since the default install is double NAT but after a number of speed tests with and w/o pfatt active I see an insignificant difference. That said, if I updated my hardware I might find different results and I am considering getting a newer Netgate appliance and a managed switch. Currently I am running pfSense on a netgate sg-2440 and have a dumb switch behind it.
-
@AiC0315 I suppose you were just looking for bridge mode vs supplicant, and right now its bridge mode as I followed the default readme instructions on github.
I am wondering if something else is at play, considering dumb switch and mac address modifications doesn't work, and neither is this. The modem authenticates directly through the dumb switch without any problems, its when I unplug the modem and then plugin pfsense with the forged MAC that things fail. For grins I just built another pfsense box from scratch, as previously I had been playing with my live environment. Still not getting anywhere on fresh build attempting the bridge method. DHCP never pulls anything down.
@JonH appreciate the input, but with a fresh pfsense build completed this morning not sure what I could have missed. It seems simple enough, copy around a file, make a file executable, config to run on startup, and modify wan to use the ngeth interface seems to about sum up the instructions.
Unfortunately I am trying to get running in an office with about 25 users, no way I can survive on 8k. It seems if the Cascade router feature would actually work on my BGW210, then I may be able to avoid all this, but support keeps pushing me to use IP Passthrough, and won't acknowledge that Cascaded Router is even a configuration on the modem.
-
@phatty in your reply it sounds like you are mixing methods. How many interfaces do you have on your pfsense box?
Nothing gets unplugged using the pfatt method. And if using the bridge mode, you need 3 interfaces on your pfsense box.
1 for the Ont, 1 for the ATT Gateway and 1 for your LAN -
@AiC0315 I am using bridge mode, 3 interfaces for the default pfatt method, my device is a SG-8860 so I have 6 ports, all in use. But I have my primary LAN, the Uverse WAN, and the Uverse 210 gateway device. On top of that are my other networks including my still functional AT&T Enterprise WAN, VOIP Lan, some VLANS, and a port dedicated for my CARP HA failover configurations. The unplugged method was my reference to attempting some dumb switch methods I have seen documented where you simply only plug the RG in when loosing connection and needing re-authentication. I am wondering if something has changed with the latest firmware, that is denying my Cascade Router feature, or if something could be different for being in a multi-tenant office building.
-
@phatty It wouldn't surprise me at all if something on ATT's end has changed. I was using the DMZ+ mode on my pace gateway and one day I had no internet, due to a firmware update.
I would go back and carefully look at the pfatt instructions. Bridge mode is very easy to get working.
FYI I never got the dumb switch method to work either.
-
@phatty Using the dumb switch method have you tried configuring the wan interface on your pfsense box statically with the ip assigned to your att modem during authentication?
-
@gfeiner said in ATT Uverse RG Bypass (0.2 BTC):
FYI. I'm doing this bypass on my netgate SG5100 and I can get in the 900-940Mb range with ATT UVERSE gigabit plan. So maybe it is your CPU.
Well, it appears you were right and thanks for the suggestion. Last week I retired my SG2440 for a SG5100. I still have not installed all the pkg's I was using in 2440 but I didn't run IDS stuff so I don't think what I haven't installed impacts my speed.
Using CLI speedtest I am getting 950-990 which is about 2x what I was getting before. I am not currently using the aus rg-bypass, just the BGW ip-passthrough.
-
I am getting a staggering amount of packet loss (10-13% spikes), is there anyway that the bypass is causing this? or should i look elsewhere? I'm new btw.
-
There is a hacky way around the RG by using a smart-dumb switch that supports vlan0, I use an inexpensive Netgear prosafe switch. PFSense WAN, ONT, and RG ONT, all 3 get plugged into the switch. The RG gets powered on for AUTH when needed, but mainly stays off. PFSense WAN mac clone of the RG WAN. With a battery backup on the ONT incase of rando power flickers, I go several months between needing to re-auth the RG.
-
@GoldServe said in ATT Uverse RG Bypass (0.2 BTC):
So I got things working by not using any netgraph scripts on my ESXi 6.7u2 virtualized pfSense instance. If you follow the instructions below, you should get things working.
- Set up a new VSWITCH, port group with VLAN(0) and uplink on a dedicated network uplink (Allow mac address spoofing and the other two just incase)
- Connect the ONT to this uplink
- Create a new e1000e interface that resides in the port group from 1) in pFsense (em0 for me). I tried vmxnet3 and didn't seem to work
- I just took the portion of the script below to start wpa_supplicant. Find all em0 below and change with your adapter.
/usr/bin/logger -st "pfatt" "starting wpa_supplicant..." WPA_PARAMS="\ set eapol_version 2,\ set fast_reauth 1,\ ap_scan 0,\ add_network,\ set_network 0 ca_cert \\\"/conf/pfatt/wpa/ca.pem\\\",\ set_network 0 client_cert \\\"/conf/pfatt/wpa/client.pem\\\",\ set_network 0 eap TLS,\ set_network 0 eapol_flags 0,\ set_network 0 identity \\\"$EAP_SUPPLICANT_IDENTITY\\\",\ set_network 0 key_mgmt IEEE8021X,\ set_network 0 phase1 \\\"allow_canned_success=1\\\",\ set_network 0 private_key \\\"/conf/pfatt/wpa/private.pem\\\",\ enable_network 0\ " WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -iem0 -B -C /var/run/wpa_supplicant" # kill any existing wpa_supplicant process PID=$(pgrep -f "wpa_supplicant.*em0") if [ ${PID} > 0 ]; then /usr/bin/logger -st "pfatt" "terminating existing wpa_supplicant on PID ${PID}..." RES=$(kill ${PID}) fi # start wpa_supplicant daemon RES=$(${WPA_DAEMON_CMD}) PID=$(pgrep -f "wpa_supplicant.*em0") /usr/bin/logger -st "pfatt" "wpa_supplicant running on PID ${PID}..." # Set WPA configuration parameters. /usr/bin/logger -st "pfatt" "setting wpa_supplicant network configuration..." IFS="," for STR in ${WPA_PARAMS}; do STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" RES=$(eval wpa_cli ${STR}) done # wait until wpa_cli has authenticated. WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" /usr/bin/logger -st "pfatt" "waiting EAP for authorization..." # TODO: blocking for bootup while true; do WPA_STATUS=$(eval ${WPA_STATUS_CMD}) if [ X${WPA_STATUS} = X"Authorized" ]; then /usr/bin/logger -st "pfatt" "EAP authorization completed..." break else sleep 1 fi done /usr/bin/logger -st "pfatt" "em0 should now be available to configure as your WAN..." /usr/bin/logger -st "pfatt" "done!" else /usr/bin/logger -st "pfatt" "error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." exit 1 fi
- Set em0 as your wan, DHCP, mac spoof (RG of cert MAC address)
- Voila!
I think this works because ESXI will strip and add VLAN0 tags on the port group so no need netgraph business. I don't think this would work by plugging into my Cisco SG500x because I can't define VLAN0 and so the switch would just drop everything. Too bad! Let me know if anyone has any ideas to improve on things.
I guess I have bad luck, my nic is also em0 and I made sure my certs were named the same as your script. Sadly I still get stuck at: pfatt: waiting EAP for authorization. No logs from pffat in /var/log either.
@GoldServe said in ATT Uverse RG Bypass (0.2 BTC):
So I got things working by not using any netgraph scripts on my ESXi 6.7u2 virtualized pfSense instance. If you follow the instructions below, you should get things working.
- Set up a new VSWITCH, port group with VLAN(0) and uplink on a dedicated network uplink (Allow mac address spoofing and the other two just incase)
- Connect the ONT to this uplink
- Create a new e1000e interface that resides in the port group from 1) in pFsense (em0 for me). I tried vmxnet3 and didn't seem to work
- I just took the portion of the script below to start wpa_supplicant. Find all em0 below and change with your adapter.
/usr/bin/logger -st "pfatt" "starting wpa_supplicant..." WPA_PARAMS="\ set eapol_version 2,\ set fast_reauth 1,\ ap_scan 0,\ add_network,\ set_network 0 ca_cert \\\"/conf/pfatt/wpa/ca.pem\\\",\ set_network 0 client_cert \\\"/conf/pfatt/wpa/client.pem\\\",\ set_network 0 eap TLS,\ set_network 0 eapol_flags 0,\ set_network 0 identity \\\"$EAP_SUPPLICANT_IDENTITY\\\",\ set_network 0 key_mgmt IEEE8021X,\ set_network 0 phase1 \\\"allow_canned_success=1\\\",\ set_network 0 private_key \\\"/conf/pfatt/wpa/private.pem\\\",\ enable_network 0\ " WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -iem0 -B -C /var/run/wpa_supplicant" # kill any existing wpa_supplicant process PID=$(pgrep -f "wpa_supplicant.*em0") if [ ${PID} > 0 ]; then /usr/bin/logger -st "pfatt" "terminating existing wpa_supplicant on PID ${PID}..." RES=$(kill ${PID}) fi # start wpa_supplicant daemon RES=$(${WPA_DAEMON_CMD}) PID=$(pgrep -f "wpa_supplicant.*em0") /usr/bin/logger -st "pfatt" "wpa_supplicant running on PID ${PID}..." # Set WPA configuration parameters. /usr/bin/logger -st "pfatt" "setting wpa_supplicant network configuration..." IFS="," for STR in ${WPA_PARAMS}; do STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" RES=$(eval wpa_cli ${STR}) done # wait until wpa_cli has authenticated. WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" /usr/bin/logger -st "pfatt" "waiting EAP for authorization..." # TODO: blocking for bootup while true; do WPA_STATUS=$(eval ${WPA_STATUS_CMD}) if [ X${WPA_STATUS} = X"Authorized" ]; then /usr/bin/logger -st "pfatt" "EAP authorization completed..." break else sleep 1 fi done /usr/bin/logger -st "pfatt" "em0 should now be available to configure as your WAN..." /usr/bin/logger -st "pfatt" "done!" else /usr/bin/logger -st "pfatt" "error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." exit 1 fi
- Set em0 as your wan, DHCP, mac spoof (RG of cert MAC address)
- Voila!
I think this works because ESXI will strip and add VLAN0 tags on the port group so no need netgraph business. I don't think this would work by plugging into my Cisco SG500x because I can't define VLAN0 and so the switch would just drop everything. Too bad! Let me know if anyone has any ideas to improve on things.
-
@archerious said in ATT Uverse RG Bypass (0.2 BTC):
@GoldServe said in ATT Uverse RG Bypass (0.2 BTC):
So I got things working by not using any netgraph scripts on my ESXi 6.7u2 virtualized pfSense instance. If you follow the instructions below, you should get things working.
- Set up a new VSWITCH, port group with VLAN(0) and uplink on a dedicated network uplink (Allow mac address spoofing and the other two just incase)
- Connect the ONT to this uplink
- Create a new e1000e interface that resides in the port group from 1) in pFsense (em0 for me). I tried vmxnet3 and didn't seem to work
- I just took the portion of the script below to start wpa_supplicant. Find all em0 below and change with your adapter.
/usr/bin/logger -st "pfatt" "starting wpa_supplicant..." WPA_PARAMS="\ set eapol_version 2,\ set fast_reauth 1,\ ap_scan 0,\ add_network,\ set_network 0 ca_cert \\\"/conf/pfatt/wpa/ca.pem\\\",\ set_network 0 client_cert \\\"/conf/pfatt/wpa/client.pem\\\",\ set_network 0 eap TLS,\ set_network 0 eapol_flags 0,\ set_network 0 identity \\\"$EAP_SUPPLICANT_IDENTITY\\\",\ set_network 0 key_mgmt IEEE8021X,\ set_network 0 phase1 \\\"allow_canned_success=1\\\",\ set_network 0 private_key \\\"/conf/pfatt/wpa/private.pem\\\",\ enable_network 0\ " WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -iem0 -B -C /var/run/wpa_supplicant" # kill any existing wpa_supplicant process PID=$(pgrep -f "wpa_supplicant.*em0") if [ ${PID} > 0 ]; then /usr/bin/logger -st "pfatt" "terminating existing wpa_supplicant on PID ${PID}..." RES=$(kill ${PID}) fi # start wpa_supplicant daemon RES=$(${WPA_DAEMON_CMD}) PID=$(pgrep -f "wpa_supplicant.*em0") /usr/bin/logger -st "pfatt" "wpa_supplicant running on PID ${PID}..." # Set WPA configuration parameters. /usr/bin/logger -st "pfatt" "setting wpa_supplicant network configuration..." IFS="," for STR in ${WPA_PARAMS}; do STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" RES=$(eval wpa_cli ${STR}) done # wait until wpa_cli has authenticated. WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" /usr/bin/logger -st "pfatt" "waiting EAP for authorization..." # TODO: blocking for bootup while true; do WPA_STATUS=$(eval ${WPA_STATUS_CMD}) if [ X${WPA_STATUS} = X"Authorized" ]; then /usr/bin/logger -st "pfatt" "EAP authorization completed..." break else sleep 1 fi done /usr/bin/logger -st "pfatt" "em0 should now be available to configure as your WAN..." /usr/bin/logger -st "pfatt" "done!" else /usr/bin/logger -st "pfatt" "error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." exit 1 fi
- Set em0 as your wan, DHCP, mac spoof (RG of cert MAC address)
- Voila!
I think this works because ESXI will strip and add VLAN0 tags on the port group so no need netgraph business. I don't think this would work by plugging into my Cisco SG500x because I can't define VLAN0 and so the switch would just drop everything. Too bad! Let me know if anyone has any ideas to improve on things.
I guess I have bad luck, my nic is also em0 and I made sure my certs were named the same as your script. Sadly I still get stuck at: pfatt: waiting EAP for authorization. No logs from pffat in /var/log either.
@GoldServe said in ATT Uverse RG Bypass (0.2 BTC):
So I got things working by not using any netgraph scripts on my ESXi 6.7u2 virtualized pfSense instance. If you follow the instructions below, you should get things working.
- Set up a new VSWITCH, port group with VLAN(0) and uplink on a dedicated network uplink (Allow mac address spoofing and the other two just incase)
- Connect the ONT to this uplink
- Create a new e1000e interface that resides in the port group from 1) in pFsense (em0 for me). I tried vmxnet3 and didn't seem to work
- I just took the portion of the script below to start wpa_supplicant. Find all em0 below and change with your adapter.
/usr/bin/logger -st "pfatt" "starting wpa_supplicant..." WPA_PARAMS="\ set eapol_version 2,\ set fast_reauth 1,\ ap_scan 0,\ add_network,\ set_network 0 ca_cert \\\"/conf/pfatt/wpa/ca.pem\\\",\ set_network 0 client_cert \\\"/conf/pfatt/wpa/client.pem\\\",\ set_network 0 eap TLS,\ set_network 0 eapol_flags 0,\ set_network 0 identity \\\"$EAP_SUPPLICANT_IDENTITY\\\",\ set_network 0 key_mgmt IEEE8021X,\ set_network 0 phase1 \\\"allow_canned_success=1\\\",\ set_network 0 private_key \\\"/conf/pfatt/wpa/private.pem\\\",\ enable_network 0\ " WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -iem0 -B -C /var/run/wpa_supplicant" # kill any existing wpa_supplicant process PID=$(pgrep -f "wpa_supplicant.*em0") if [ ${PID} > 0 ]; then /usr/bin/logger -st "pfatt" "terminating existing wpa_supplicant on PID ${PID}..." RES=$(kill ${PID}) fi # start wpa_supplicant daemon RES=$(${WPA_DAEMON_CMD}) PID=$(pgrep -f "wpa_supplicant.*em0") /usr/bin/logger -st "pfatt" "wpa_supplicant running on PID ${PID}..." # Set WPA configuration parameters. /usr/bin/logger -st "pfatt" "setting wpa_supplicant network configuration..." IFS="," for STR in ${WPA_PARAMS}; do STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" RES=$(eval wpa_cli ${STR}) done # wait until wpa_cli has authenticated. WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" /usr/bin/logger -st "pfatt" "waiting EAP for authorization..." # TODO: blocking for bootup while true; do WPA_STATUS=$(eval ${WPA_STATUS_CMD}) if [ X${WPA_STATUS} = X"Authorized" ]; then /usr/bin/logger -st "pfatt" "EAP authorization completed..." break else sleep 1 fi done /usr/bin/logger -st "pfatt" "em0 should now be available to configure as your WAN..." /usr/bin/logger -st "pfatt" "done!" else /usr/bin/logger -st "pfatt" "error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." exit 1 fi
- Set em0 as your wan, DHCP, mac spoof (RG of cert MAC address)
- Voila!
I think this works because ESXI will strip and add VLAN0 tags on the port group so no need netgraph business. I don't think this would work by plugging into my Cisco SG500x because I can't define VLAN0 and so the switch would just drop everything. Too bad! Let me know if anyone has any ideas to improve on things.
Can you post your ESXi vSwitch settings for your WAN device? I just setup this over the weekend and had no issues. Granted I edited the pfatt.sh script directly to change a few things but it worked for me without issues.
-
@GoldServe Got it working, had to modify the script and also modify vswitchWAN with the MAC address of the certs as well as put that MAC inside pfsense under WAN. Everything worked as soon as I did that. Not sure if that was to be assumed, but I didn't realize it until I noticed the e1000e interface in ESXI had assigned some odd MAC address.
-
anyone upgrade to 2.4.5 yet?