OPNsense 20.1 compatibility

[MonkWho]

For OPNsense 20.1 compatibility I combined lists from @vaeden commit 19dce9dde218a3d7fcc8f72d3f85be0a931ee026 and @drewmullen commit 5192ce7473902168e7958d19e14e11668373620a.

I personally don't run OPNsense so I need your help with this one. Since it sounds like you guys are actually running OPNsense 20.1 can you please confirm that all of these modules in fact need to be loaded:

        /sbin/kldload -nq netgraph
        /sbin/kldload -nq ng_ether
        /sbin/kldload -nq ng_etf
        /sbin/kldload -nq ng_vlan
        /sbin/kldload -nq ng_eiface
        /sbin/kldload -nq ng_one2many

[MonkWho]

Oh and can someone integrate output of "opnsense-version" command to make sure we load correct modules for correct versions of OPNsense. I believe in OPNsense 19.7 ng_etf is missing so it needs to be compiled and loaded from the script. While in OPNsense 20.1 all modules are present and just need to be loaded.

[vaeden]

I just switched to OPNsense in version 20.1 so I wasn't aware that ng_etf wasn't compiled in earlier versions. I can try spinning up some earlier versions in a virtual machine and see what I can find out.

The module list is correct. I should have included ng_eiface in my commit for completeness although my script did manage to run without it.

I intentionally had removed ng_one2many because I restructured the netgraph, but in the original netgraph, it would be required.

In my commit, I removed the mirroring of EAPOL traffic to OPNsense and just bridged it directly to the AT&T RG. I also added another eiface node (ngeth1) to send the regular traffic from the AT&T RG into OPNsense.

I'm running DHCP on this interface in the 100.64.0.0/10 range, The AT&T RG recognizes this and switches to CGNAT mode with certain features disabled accordingly. The incessant Broadband light stops blinking red, and it stops trying to authenticate with the ONT repeatedly.

This did require me to add a script to monitor for disconnects on the ONT interface and bounce the AT&T RG connection afterward so it would reauthenticate. cat /var/run/devd.seqpacket.pipe | awk "/^!system=IFNET subsystem=$1 type=LINK_UP\$/ {system(\"ifconfig $2 down up\")}"

Let me know if you are interested in trying any of that out in pfSense. Otherwise, I'll see what I can find out about ng_etf in earlier versions of OPN.

[drewmullen]

@MonkWho did you change your github user? i used to find this repo under aus/pfatt

can you please confirm that all of these modules in fact need to be loaded:

i can confirm that there was an error when installing 20.1 and after adding in the modules listed in my commit the installed worked. i cant reference the exact error because i think that issue has now been deleted.

[MonkWho]

Thank you @vaeden and @drewmullen for confirming that all of those modules are indeed needed in OPNsense 20.1. Last night I separated all OPNsense stuff into a separate file opnatt.ah and added information about it to the readme. I think this is sufficient solution for now and if anyone needs help with running opnatt.sh on an older version they can open an issue about it. I don't think any further investigation is required on either of your parts and I appreciate your quick responses.

@MonkWho did you change your github user? i used to find this repo under aus/pfatt

I am not the original creator of this repo. Original author deleted or make his private and somehow my fork became the new parent to everyone's forks. For now I'm just trying to add various merges and cleaning things up a bit now that pfsense 2.4.5 is out and some of the steps are no longer needed.

[drewmullen]

somehow my fork became the new parent to everyone's forks

congratulations :D lol

[vaeden]

I may still take a look when I get a chance in case they stop including the netgraph binaries in a future release.