search

MonkWho / pfatt

Enable true bridge mode for AT&T U-Verse and pfSense (this is a fork of an original repository https://github.com/aus/pfatt. Since it is not available anymore, I'll do my best to maintain a copy for people that still need a bypass)
438 stars 170 forks source link

Fix for newer versions of pfSense. #73

Open neclimdul opened 2 years ago

neclimdul commented 2 years ago

Support newer versions of pfSense without pfSense_ngctl_attach.

Relates to #67

neclimdul commented 2 years ago

This checks if pfSense_ngctl_attach so both older and newer versions of pfSense are supported.

Casuallynoted commented 11 months ago

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

neclimdul commented 11 months ago

My 5268AC died a while back and I've got some newer modem I've yet to get it working with this project so I can't do much to help ATM.

altodd commented 5 months ago

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

Were you able to solve this? That's where I'm at right now and am debugging

altodd commented 5 months ago

Specifically an issue when defining etf for ont... I am reading through issues and debugging now

tehdango commented 5 months ago

netgraph is no longer needed and supplicant is part of pfsense now. I use this: wpa_supplicant -s -B -Dwired -iem0 -c/root/pfatt/wpa/wpa_supplicant.conf

If you have a cert that requires an older ssl method like the BGW210 you will need to create a custom ssl.cnf with this: `openssl_conf = openssl_init

[openssl_init] ssl_conf = ssl_sect

[ssl_sect] system_default = system_default_sect

[system_default_sect] Options = UnsafeLegacyRenegotiation`

Otherwise it will keep failing with method 13 error message.

Edit: This is a one line earlyshellcmd script.

altodd commented 4 months ago

So I'm just getting back to tinkering with this, I tried to go downgrade and pull certs and seems like they block downgrades now. So I don't have the wpa_supplicant option. I can only have a tethered bypass, and the question still stands. I'll start digging into what is going on when defining etc, etc.

edit: Or am I dumb? I think the main thing throwing me is that I don't see a wpa_supplicant.conf in the repo, but I do see that wpa_supplicant allows vlan tagging now

altodd commented 4 months ago

Okay, sorry for the additional traffic, but what ended up working for me was just using the built in pfsense way of doing it now. https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

tehdango commented 4 months ago

each wpa_config is unique to the certs you extract so you would need to get that after doing the downgrade and the exploit to download them from your gateway. That guide is in another project here: https://github.com/mozzarellathicc/attcerts

After you get those decoded you need to do what I posted above to use the supplicant method to remove the gateway completely.