ATT Uverse RG Bypass (0.2 BTC)
-
@nedyah700 said in ATT Uverse RG Bypass (0.2 BTC):
Okay, had some success today based on info I gathered from all the various discussions online. I think it is something to do with the em(4) driver. Do all of you having issues have Intel NIC's? I put together a test pfSense server from a bunch of spare parts and it worked right away on the latest release. After digging, I couldn't get any Intel NIC to work. Using what I had around (a few crappy USB dongles worked and old PC's with integrated NICs) I had success with everything not Intel GbE. When I re-upgraded my main pfSense box I was able to move my WAN link to an SFP slot (with RJ45 Module) with some success. I say "some" because all my SFP/RJ45 modules are 10GB and they do not negotiate well with the ONT.
Something interesting for me, if_em.ko is present in /boot/kernel on 2.6.0 but wasn't in my previous version of pfSense. My knowledge is limited but I am not sure where the driver was located in the previous version? Anyone smarter than me know?
Some Useful Links:
FreeBSD 12.3 Release Notes (em(4) driver notes) - https://www.freebsd.org/releases/12.3R/relnotes/
Reddit Discussion - https://www.reddit.com/r/PFSENSE/comments/ssgsha/psa_260_breaks_att_bypass/?sort=new
pfSense pfatt GIT Issue - https://github.com/MonkWho/pfatt/issues/67
OPNSense pfatt GIT Issue - https://github.com/MonkWho/pfatt/issues/65Yes I have an Intel NIC but I am using the IGB driver, at least I think I am because all of my interfaces are igb#
-
Okay, I got everything up and working on my regular Intel NIC. I’m not the biggest expert here so bear with me.
Through troubleshooting I was able to get every non-Intel NIC to authenticate and pull DHCP. After more testing all igb(4) driver-based cards failed. In the /boot/kernel folder I noticed if_igb.ko is simply a shortcut to the em(4) driver (if_em.ko). I am guessing FreeBSD is using this combined driver from intel? https://www.intel.com/content/www/us/en/download/15187/intel-network-adapter-gigabit-base-driver-for-freebsd.htmlAlternatively, I found this driver that appears to be for igb(4) separately, and it seems newer. https://www.intel.com/content/www/us/en/download/14610/intel-network-adapter-driver-for-82575-6-and-82580-based-gigabit-network-connections-under-freebsd.html?wapkw=i350%20freebsd
I downloaded a FreeBSD-12.3 VM, its related source code (amd64), and complied the separate igb(4) driver.
I loaded my newly compiled if_igb.ko into the /boot/modules folder with chmod 555 permissions. Next, I added the following two lines to my /boot/loader.conf file to supersede the included driver.
if_igb_load="YES"
if_igb_name="/boot/modules/if_igb.ko"Rebooted and everything came up just fine!
Feel free to use my compiled if_igb.ko if you don’t want to build your own.
https://github.com/neydah700/pfsense_intel/blob/main/if_igb.koAlso, for reference here is my pfatt script if anyone needs a reference.
https://github.com/neydah700/pfsense_intel/blob/main/pfatt_intel.shA few notes:
- When I clean installed 2.6.0 (and 22.01 on my pfSense+ Box) absolutely nothing I did allowed my pfatt script to runs successfully from the /cf/conf directory. I ended up moving it to /root/pfatt and everything worked. This seemed to only be an issue once I moved to a ZFS file system but who knows.
- I have an angry family since our internet has been up and down for a few days now.
-
Did you test the updated merged driver? I imagine that might also work since that isn't using iflib either as far as I can see.
This is nothing to do with ZFS.
Steve
-
@stephenw10 I had a compile error with e1000_ich8lan.c. There were some indentations that threw errors. I think I have those resolved and am trying shortly.
The ZFS think I mentioned is something different and probably just me doing something dumb. The script we are running using shellcmd would not run anymore from the /cf/conf directory. It worked on my non-ZFS 22.01 install but not my ZFS 22.01 install. I didn't do any troubleshooting after moving to /root/ solved it. Sorry for the confusion!
-
Hmm, curious. I wouldn't have expected any difference between those locations. Unless it was an older ZFS install maybe? The default mount structure was changed at one time.
Steve
-
@stephenw10 also, dumb question.
Considering the shortcut from if_igb.ko to if_em.ko will this work in my loader.conf.local?
if_em_load="YES" if_em_name="/boot/modules/if_em.ko"Or will the shortcut cause the system to load the original em module for igb and I need something like below?
if_em_load="YES" if_em_name="/boot/modules/if_em.ko" if_igb_load="YES" if_igb_name="/boot/modules/if_em.ko" -
It would just fail to load since there is file: /boot/modules/if_em.ko
The original modules are in /boot/kernel. If you don't set the name variable it will load those since they are in the default path. But you don't need or want to load those since they are in the kernel already.
Steve
-
I got the certs out again and now it doesn't work I can't get pass the
WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2"
IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2"
/usr/bin/logger -st "pfatt" "waiting for EAP authorization..."
During all this messing. I deleted my cert, so I had to pull again.Here is my full script here is the script.txt
-
@stephenw10 The merged driver does not work for me. Same issue as stock install. The NIC's themselves work but my previous VLAN0 issue still occurs. EAP authentication passes and my other interfaces on the same card work without issue.
I am by no means an expert so I may have messed something up but when I run kldstat it clearly shows the custom if_em.ko driver/module loaded.
This is the source I used for the if_em.ko module was https://www.intel.com/content/www/us/en/download/15187/intel-network-adapter-gigabit-base-driver-for-freebsd.html
-
Hmm, I wonder if it attached. Check:
sysctl dev.igb.0The in kernel driver shows as:
dev.igb.0.iflib.driver_version: 7.6.1-kSteve
-
@sgc said in ATT Uverse RG Bypass (0.2 BTC):
I got the certs out again and now it doesn't work I can't get pass the
WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2"
IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2"
/usr/bin/logger -st "pfatt" "waiting for EAP authorization..."
During all this messing. I deleted my cert, so I had to pull again.Here is my full script here is the script.txt
I got it to tether again but would like to get figure out why eap authorization does not work
-
Came here to say that dumb switch method still works in 2.6.0 with igb driver. I’m using the wpa_supplicant method. Good luck to people who use ngeth… Hopefully it will resolve soon.
-
@netnerdy said in ATT Uverse RG Bypass (0.2 BTC):
Came here to say that dumb switch method still works in 2.6.0 with igb driver. I’m using the wpa_supplicant method. Good luck to people who use ngeth… Hopefully it will resolve soon.
Could you share your way so I can get rid of ngeth
-
@netnerdy the stock igb driver or the custom one? Thanks!
-
@nedyah700 Bummer. I tried you solution, but it didn't work on my system.
I reviewed your script which is significantly different from mine. I don't have anything about wpa_supplicant.
My system has been working great for many years and I'm foggy on the details of how I made it all work :/
-
@nedyah700 yes it is stock igb.
If you want to get rid of ngeth, you need something that strips the vlan 0 from the network packets. This could be running pfsense under esxi and use a virtual network adapter set to “vlan 0” or plug a switch between your ONT and your pfsense, which is what I do.
-
You are correct. Despite showing loaded in kldstat it did not attach.
With my compiled igb module I don't get any of the iflib lines but with both the stock and compiled em module I still get
dev.igb.5.iflib.driver_version: 7.6.1-kI can try to re-compile?
-
Mmm, hard to say since it's em not igb.... doesn't override the in-kernel igb....which is actually just em.
But it's not iflib so I would imagine it isn't affected by the same issue. I'm not sure it's worth the effort.
We know this is an issue with the e1000 driver in 22.01/2.6 and netgraph/VLAN0.
Steve
-
ha! Yea I thought about that and tried just naming it if_igb.ko but that had the same result so who knows.
Anyways, hope the fix makes it in a future release. Appreciate it!
-
@stephenw10 just an FYI someone else used the combined em driver for an em based NIC and it resolved the issue for them.
