search

MonkWho / pfatt

Enable true bridge mode for AT&T U-Verse and pfSense (this is a fork of an original repository https://github.com/aus/pfatt. Since it is not available anymore, I'll do my best to maintain a copy for people that still need a bypass)
440 stars 171 forks source link

OpnSense 22.1 Issue #65

Open dkowis opened 2 years ago

dkowis commented 2 years ago

https://opnsense.org/opnsense-22-1-released/

Has anyone had experience with it yet? I haven't gotten around to it and probably won't have time for a while. Starting an issue thread to keep track of it.

EDIT: reported working well with wpa_supplicant

EDIT MORE: https://github.com/MonkWho/pfatt/issues/65#issuecomment-1043984610 seems to be the victorious solution that covers both WPA and Tethered operating modes.

sohilm09 commented 2 years ago

Honestly, that's the only change I did. I am running in a VM environment w/ NIC passthrough. What NIC does Qotom Q355G4 have?

tcurrence852 commented 2 years ago

I can confirm changing the script to /sbin/ifconfig $ONF_IF promisc -vlanhwtag -vlanhwfilter -vlanhwtso at the bottom of /usr/local/etc/rc.syshook.d/early/99-pfatt works for me as well using non-supplicant method, Opnsense 22.1.2_1 bare metal install on Dell R240 with Intel NICs and BGW-210 AT&T gateway. Survives reboots as always and no throughput or resource usage issues.

Are you sure you didn't do any other changes? I spent all weekend trying to get it to work in non-supplicant mode and could not get it to pull a DCHP address for the WAN using a Qotom Q355G4. Clean install of opnsense 22.1.

That's the only thing I did. Keep in mind mine was not a fresh 22.1 install, I already had the bypass up and running prior in 21.7, upgraded to 22.1 in place, bypass didn't work and I simply changed the startup script already present. I never tried changing the initial install script and essentially reinstalling the bypass setup.

wraithfive commented 2 years ago

Honestly, that's the only change I did. I am running in a VM environment w/ NIC passthrough. What NIC does Qotom Q355G4 have?

It's intel nics. I will have to look up the exact ones later when I get home.

wraithfive commented 2 years ago

Honestly, that's the only change I did. I am running in a VM environment w/ NIC passthrough. What NIC does Qotom Q355G4 have?

4 x Intel I211-AT

sohilm09 commented 2 years ago

4 x Intel I211-AT

That should just work. Here is a few lines before and after my script. Hopefully it helps you.

echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
/sbin/ifconfig $RG_IF promisc
echo "OK!"

echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
/sbin/ifconfig $ONT_IF promisc -vlanhwtag -vlanhwfilter -vlanhwtso
echo "OK!"

echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"
echo "$(getTimestamp) done!"_**_
wraithfive commented 2 years ago

I did finally get it to work but it won't work on a reboot of the OPNsense. After a reboot I have to clean up everything the script creates in netgraph then rerun it manually. Then it will pull an IP again just fine. Not sure where to go from there. Seems like I may have an additional issue on top of this one.

sohilm09 commented 2 years ago

I did finally get it to work but it won't work on a reboot of the OPNsense. After a reboot I have to clean up everything the script creates in netgraph then rerun it manually. Then it will pull an IP again just fine. Not sure where to go from there. Seems like I may have an additional issue on top of this one.

what is your netgraph state after the reboot (before the cleanup)?

wraithfive commented 2 years ago

what is your netgraph state after the reboot (before the cleanup)?

I am very new to netgraph so could you be more specific in what you are asking for me? Do you just want the output of "ngctl list" or something more?

sohilm09 commented 2 years ago

what is your netgraph state after the reboot (before the cleanup)?

I am very new to netgraph so could you be more specific in what you are asking for me? Do you just want the output of "ngctl list" or something more?

That would be a good start

wraithfive commented 2 years ago

I was all prepared to reboot, capture the netgraph output, fix things so I could get back but now it's working perfectly. Three reboots and pulls an IP every time. I do not recall doing anything at that would have made a difference. But as long as it's working now I guess.

sohilm09 commented 2 years ago

I was all prepared to reboot, capture the netgraph output, fix things so I could get back but now it's working perfectly. Three reboots and pulls an IP every time. I do not recall doing anything at that would have made a difference. But as long as it's working now I guess.

Happy to hear, sounds like a timing thing. Sometimes the modem is in an odd spot where it can't pass EAP auth.

tman785 commented 1 year ago

For the non-supplicant method, I'm experiencing issues with Opnsense 2.7. I made the required change to the opnatt.sh file, but no change. Anything specific I can look at/test? This is a new build of Opnsense. I'm currently using pfsense 2.5.2 with no issue. One thing I've noticed is the opnatt.sh file - seems several versions out there. I'm using the one in the master branch here. I also require the 5268AC files.

Edit: 3rd restart magic - it works now. Also applied 22.7.2 and we survived. I think another poster above had the same thing - 3 restarts and it works.

rountad commented 1 year ago

I set up Opnsense 22.7 and have tried numerous ways to get this working in supplicant mode. After trying the syntax that dangeist posted, I'm getting the same hanging at waiting EAP for authorization.. How do I get out of this loop? None of the boot options seem to bypass this problem and the loader option doesn't seem to have the options that I need to fix it (modify or delete the script in rc.syshook.d/early)

Thanks!

aholmes55 commented 1 year ago

@SGC1990 Does the /sbin/ifconfig $ONT_IF promisc -vlanhwtag -vlanhwfilter -vlanhwtso fix need to be applied to the supplicant portion of the script? Your commit is only to the bridge section.

rountad commented 1 year ago

supplicantfailure

Still trying to get supplicant mode working with Opnsense 22.7, but ngeth0 does not have the WAN MAC address and em0 (physical WAN interface) is not set up as promiscuous. When early script is applied, the boot process never completes, so I can't manually change settings as far as I can tell.

Any advice?

tman785 commented 1 year ago

supplicantfailure

Still trying to get supplicant mode working with Opnsense 22.7, but ngeth0 does not have the WAN MAC address and em0 (physical WAN interface) is not set up as promiscuous. When early script is applied, the boot process never completes, so I can't manually change settings as far as I can tell.

Any advice?

Don’t put the script in EARLY. Use START instead. I don’t know if this is a recent change but early scripts run before network startup.

https://docs.opnsense.org/development/backend/autorun.html