ATT Uverse RG Bypass (0.2 BTC)
-
@fresnoboy said in ATT Uverse RG Bypass (0.2 BTC):
Can you send support @Netgate a request to get a the cherry picked patch put into the main distribution? They really should just put the fix into the next release of the code so folks don't have to manually patch it, esp for appliance users.
How do I reach them? I don't have a paid support package...
--Edit-- I figured it out and opened a ticket. I'll reply with any feedback.
-
It looks like it should be possible to include this, it's a one line patch, but because it's not in 12-stable we would need to review what impact it might have.
Steve
-
Thanks for looking into this. It would be a blessing to many users to get this incorporated, but especially those on your appliances, as it's more painful to build a manual patch for them.
The patch has been successfully installed on many user's machines and had no issues reported so far.
Please let us know what you guys decide.
-
When you say 'patch' I assume you mean the patched SSL libs since this is not something that can be patched on an installed system directly.
-
Sorry if I wasn't clear. By "cherrypick", I meant take the patch from the v13 version of wpa_supplicant and apply it to the current pfsense wpa_supplicant code. It's an easy one line change: https://cgit.freebsd.org/src/commit/?id=d70886d063166786ded0007af8cdcbf57b7b4827
-
That should now be in current 21.09/2.6 snapshots if anyone is able to test.
https://github.com/pfsense/FreeBSD-src/commit/61c7d15d84f80ae1d92b42dc2da56ad94a80b46bSteve
-
This is now also in 2.5.2 snaps. Feedback appreciated.
-
Hi All,
I'm using frontier 1gb fiber service for my internet and I have a strange issue when using the netgraph script.
Currently my setup is using a pfsense instance on a Hyper-V server which is great because the virtual switch strips the vlan tags so my pfsense works great natively. My speed test show about 940mbp up and down on my hyper v instance.
If I use a use pfsense on comparable hardware directly on a metal box using the netgraph script I get speed tests of about 750mbs down and 840 up consistently. CPU and memory aren't even breaking a sweat. I would have expected speeds of around the same as my Hyper-V since that PC is actually using more resources. Not to mention other than adding the netgraph script I'm using pfsense straight from installation without making any other changes.
I'm happy to post any benchmarks and would love to hear this groups thoughts on this.
Thanks -
@michaellacroix recommend you look through and tune/test interface settings eg:
NIC Flow Control
NIC Offload
NIC Rx Buffer
NIC Tx BufferThese being out of tune for best performance on your particular platform likely would explain that amount of speed discrepancy.
-
Great idea! I will try that as soon as I get home. These are intel em cards.
-
@stephenw10 I upgraded from 2.4.4 with no issues. I'm using supplicant mode.
-
I'm using the latest 2.5.2 release.
-
So I tried making changes to tune my interface settings which made no difference in speed.
I did however remove netgraph from the equation and set a static IP from the dhcp pool and it also made very little difference in regard to speed. I think the hyper-v vmswitch is just stripping out all the crap from my ISP's connection allowing for the best connection and performance.
If that's the case I guess I'm stuck using pfsense as a vm. I would have much rather preferred using dedicated equipment instead. -
Mmm, yeah if you're going through a v-switch and trying to use vlan0 I could certainly see that causing problems!
-
I got the "joy" of receiving the BGW320-500 device in my new house. Let me know if anyone wants me to test anything regarding a potential bypass. I'm reasonably strong with Linux/UNIX and have a fair bit of hardware laying around that can run pfsense and others.
-
I have been running supplicant mode with ngeth for a while now successfully but would love to be able to just use a switch to handle the VLAN 0 piece and take ngeth out of the chain and then just use my certs and wpa_supplicant to authenticate to the At&t network.
Would it be possible to get a smart switch and then have the port going to my pfsense WAN port as untagged VLAN 0 and then the port going to the ONT as a tagged VLAN 0 port and not have to use ngeth anymore and just use the wpa_supplicant and extracted certs to authenticate?
I really don't want to go the virtualization route and always hear about people using a dumb switch but don't want to have to plugin the RG whenever there is an issue.
Will this untagged / tagged combo work with a switch like the Netgear GS108Ev3?
-
@bigjohns97 You can use a managed netgear switch and use its mac based vlan feature to do what you want. I use ms510tx to do exactly what you are asking for. I see some other switches which has this capability on this page. link
Check the user manual of your switch to see if you have it.
-
@netnerdy said in ATT Uverse RG Bypass (0.2 BTC):
@bigjohns97 You can use a managed netgear switch and use its mac based vlan feature to do what you want. I use ms510tx to do exactly what you are asking for. I see some other switches which has this capability on this page. link
Check the user manual of your switch to see if you have it.
@netnerdy that is a pretty expensive option, I am guessing you used MAC based VLAN to have flexibility to plug into any port?
I was looking to use the GS108Ev3 model which has port based VLAN but when I go into the user manual online it says VLAN ID 1-4096. This is a little concerning.
I am guessing you are using that switch for more than just bypassing the Att RG?
I might just order the GS108Ev3 from somewhere with a good return policy and give this a shot.
Thanks for confirming the tagged / untagged combo would work for me.
-
@netnerdy said in ATT Uverse RG Bypass (0.2 BTC):
ms510tx
That switch will tag traffic in VLAN0? That surprises me if true.
-
@stephenw10 said in ATT Uverse RG Bypass (0.2 BTC):
@netnerdy said in ATT Uverse RG Bypass (0.2 BTC):
ms510tx
That switch will tag traffic in VLAN0? That surprises me if true.
The docs suggest valid values 1-4093.
I am beginning to think this only way to do what I am looking for is to use a hypervisor.