smurfhunter
commented
2 years ago Any luck with this? Are you using the 5268AC specific script, by chance?
Open noelhibbard opened 2 years ago
smurfhunter
commented
2 years ago Any luck with this? Are you using the 5268AC specific script, by chance?
noelhibbard
commented
2 years ago I was using the 5268AC script but could never make it stable. Regardless of what ping host I used. I even changed up the logic so the ping host had to timeout back to back for 5 secs before bringing the bridge back up and that still didn't help. I also set it up to do the initial auth and then break the bridge and never bring it back up without me doing it manually. It still wasn't stable.
I ended up going the wpa_supplicant route using certs that I ripped from a BGW210 that I got off eBay. I've not had a single outage since.
MatthewGCampbell
commented
2 years ago I am also trying to get the bridge method to work better I've gone through the logic in the file as well as what I've experienced and it seems that the bridging and un-bridging of the interfaces is the issue.
This command seems to work: /usr/sbin/ngctl rmhook laneapfilter: eapout
But this is where the issue is: /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
This line that attempts to bridge the interfaces together seems to not ever bridge them together especially when run in the command line directly, it give me this error:
ngctl: sendto(waneapfilter:): File exists
ngctl: send msg: File existsinto really sure if this is the issue but my internet seems to go out every couple months and the pfatt script in the logs doesn't seem to bridge it together properly, I added if_igb.ko and if_em.ko to my pfsense as I'm running 22.01 and I'm hoping this fixes it not sure if anyone else has been able to fix this issue or not. I am extremely unfamiliar with netgraph and these different modules, so not sure if I did the right thing by adding them.
noelhibbard
commented
2 years ago I highly suggest picking up a BGW210 on eBay (~$40) so you can rip the certs. My ATT supplied modem has been packed up in a closet for nearly 10 months now without a single outage. No babysitting, no adjustments. I can upgrade pfSense and nothing is needed to survive an upgrade. It just works. IPv6 is also working perfectly.
Here is the script I am using with the certs I ripped from an eBay BGW210. The comments at the top explain where to put the script and what variables need to be set: https://gist.github.com/noelhibbard/62351b87a8077209c1118b65833c4128
MatthewGCampbell
commented
2 years ago I highly suggest picking up a BGW210 on eBay (~$40) so you can rip the certs. My ATT supplied modem has been packed up in a closet for nearly 10 months now without a single outage. No babysitting, no adjustments. I can upgrade pfSense and nothing is needed to survive an upgrade. It just works. IPv6 is also working perfectly.
Here is the script I am using with the certs I ripped from an eBay BGW210. The comments at the top explain where to put the script and what variables need to be set: https://gist.github.com/noelhibbard/62351b87a8077209c1118b65833c4128
I could do this but I’d rather get my current setup running, as I have the new 2 and 5 gig plans coming to my area later this year. I will probably scrap this project and move to their gateway then, as I’d have no other choice. I’ve messed with some stuff and haven’t had an outage yet.
noelhibbard
commented
2 years ago I highly suggest picking up a BGW210 on eBay (~$40) so you can rip the certs. My ATT supplied modem has been packed up in a closet for nearly 10 months now without a single outage. No babysitting, no adjustments. I can upgrade pfSense and nothing is needed to survive an upgrade. It just works. IPv6 is also working perfectly. Here is the script I am using with the certs I ripped from an eBay BGW210. The comments at the top explain where to put the script and what variables need to be set: https://gist.github.com/noelhibbard/62351b87a8077209c1118b65833c4128
I could do this but I’d rather get my current setup running, as I have the new 2 and 5 gig plans coming to my area later this year. I will probably scrap this project and move to their gateway then, as I’d have no other choice. I’ve messed with some stuff and haven’t had an outage yet.
Hopefully their new gateway will not suck as bad as they currently do. I'm curious if the same 802.1x certs will still work with a 5gb compatible ONT on the new service.
I used to do the hand swap method by automating config changes on my VLAN switch and would literally have months of uptime and only a power cycle took it down. I wanted to streamline my setup a little so a few days ago I went with the method in this repo. My problem is it will only stay up for about 4 hours before it goes down. The docs say to use a reliable ping host but I left it at 8.8.8.8 because I figured that would be reliable. My thinking is randomly google fails to respond to the ping so then it brings the bridge back up which deauths the ONT and then it never recovers. Looking at the pfatt.log I can see it toggling the bridge up and down at random (sometimes once per hour) but I suspect reauth was never actually necessary. When I did the hand swap method I only had the RG online at boot and then I would take it offline for months at a time. I just switched my ping host to the WAN default gateway. So maybe it will not falsely detect outages going forward.
Does this sound like a reasonable hypothesis?
I ordered a BGW210-700 on eBay which will be here on Tuesday. Hopefully I can extract the certs and switch to the wpa_supplicant method and put the 5268AC in storage.