Not getting a DHCP response from AT&T

[bhechinger]

I'm trying to get this setup finally but it's just not working for me. It never gets a DHCP address.

EdgeOS: 1.10.9 ONT: eth1 RG: eth2

ubnt@ubnt:/var/log$ sudo python /config/scripts/eap_proxy.py eth1 eth2 --restart-dhcp --ignore-when-wan-up --ignore-logoff --ping-gateway --set-mac --debug
[2019-08-30 12:07:00,901]: starting proxy_loop
[2019-08-30 12:07:17,785]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 15, Request (1) id 5, len 15 [11]
[2019-08-30 12:07:17,788]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 15, Request (1) id 5, len 15 [11] > eth2
[2019-08-30 12:07:17,792]: eth2: sent 64 bytes
[2019-08-30 12:07:17,816]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 22, Response (2) id 5, len 22 [18]
[2019-08-30 12:07:17,821]: eth1.0: setting mac to d4:b2:7a:b0:dd:74
[2019-08-30 12:07:19,413]: eth1.0: no IP address
[2019-08-30 12:07:19,417]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 22, Response (2) id 5, len 22 [18] > eth1
[2019-08-30 12:07:19,421]: eth1: sent 60 bytes
[2019-08-30 12:07:19,425]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 4, Failure (4) id 5, len 4 [0]
[2019-08-30 12:07:19,430]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 4, Failure (4) id 5, len 4 [0] > eth2
[2019-08-30 12:07:19,434]: eth2: sent 64 bytes
[2019-08-30 12:07:19,438]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 15, Request (1) id 6, len 15 [11]
[2019-08-30 12:07:19,442]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 15, Request (1) id 6, len 15 [11] > eth2
[2019-08-30 12:07:19,446]: eth2: sent 64 bytes
[2019-08-30 12:07:19,841]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 22, Response (2) id 6, len 22 [18]
[2019-08-30 12:07:19,847]: eth1.0: no IP address
[2019-08-30 12:07:19,852]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 22, Response (2) id 6, len 22 [18] > eth1
[2019-08-30 12:07:19,856]: eth1: sent 60 bytes
[2019-08-30 12:07:19,870]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 7, len 6 [2]
[2019-08-30 12:07:19,874]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 7, len 6 [2] > eth2
[2019-08-30 12:07:19,879]: eth2: sent 64 bytes
[2019-08-30 12:07:21,112]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 206, Response (2) id 7, len 206 [202]
[2019-08-30 12:07:21,118]: eth1.0: no IP address
[2019-08-30 12:07:21,121]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 206, Response (2) id 7, len 206 [202] > eth1
[2019-08-30 12:07:21,126]: eth1: sent 224 bytes
[2019-08-30 12:07:21,227]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 8, len 1020 [1016]
[2019-08-30 12:07:21,230]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 8, len 1020 [1016] > eth2
[2019-08-30 12:07:21,234]: eth2: sent 1038 bytes
[2019-08-30 12:07:22,147]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 8, len 6 [2]
[2019-08-30 12:07:22,152]: eth1.0: no IP address
[2019-08-30 12:07:22,155]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 8, len 6 [2] > eth1
[2019-08-30 12:07:22,159]: eth1: sent 60 bytes
[2019-08-30 12:07:22,173]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 9, len 1020 [1016]
[2019-08-30 12:07:22,177]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 9, len 1020 [1016] > eth2
[2019-08-30 12:07:22,181]: eth2: sent 1038 bytes
[2019-08-30 12:07:23,171]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 9, len 6 [2]
[2019-08-30 12:07:23,177]: eth1.0: no IP address
[2019-08-30 12:07:23,179]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 9, len 6 [2] > eth1
[2019-08-30 12:07:23,184]: eth1: sent 60 bytes
[2019-08-30 12:07:23,198]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 10, len 1020 [1016]
[2019-08-30 12:07:23,202]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 1020, Request (1) id 10, len 1020 [1016] > eth2
[2019-08-30 12:07:23,206]: eth2: sent 1038 bytes
[2019-08-30 12:07:24,199]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 10, len 6 [2]
[2019-08-30 12:07:24,205]: eth1.0: no IP address
[2019-08-30 12:07:24,208]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 10, len 6 [2] > eth1
[2019-08-30 12:07:24,212]: eth1: sent 60 bytes
[2019-08-30 12:07:24,226]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 707, Request (1) id 11, len 707 [703]
[2019-08-30 12:07:24,230]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 707, Request (1) id 11, len 707 [703] > eth2
[2019-08-30 12:07:24,233]: eth2: sent 725 bytes
[2019-08-30 12:07:25,528]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 1408, Response (2) id 11, len 1408 [1404]
[2019-08-30 12:07:25,533]: eth1.0: no IP address
[2019-08-30 12:07:25,536]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 1408, Response (2) id 11, len 1408 [1404] > eth1
[2019-08-30 12:07:25,540]: eth1: sent 1426 bytes
[2019-08-30 12:07:25,558]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 12, len 6 [2]
[2019-08-30 12:07:25,561]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 12, len 6 [2] > eth2
[2019-08-30 12:07:25,565]: eth2: sent 64 bytes
[2019-08-30 12:07:26,553]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 1404, Response (2) id 12, len 1404 [1400]
[2019-08-30 12:07:26,558]: eth1.0: no IP address
[2019-08-30 12:07:26,561]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 1404, Response (2) id 12, len 1404 [1400] > eth1
[2019-08-30 12:07:26,564]: eth1: sent 1422 bytes
[2019-08-30 12:07:26,582]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 13, len 6 [2]
[2019-08-30 12:07:26,585]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 6, Request (1) id 13, len 6 [2] > eth2
[2019-08-30 12:07:26,589]: eth2: sent 64 bytes
[2019-08-30 12:07:27,589]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 893, Response (2) id 13, len 893 [889]
[2019-08-30 12:07:27,594]: eth1.0: no IP address
[2019-08-30 12:07:27,597]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 893, Response (2) id 13, len 893 [889] > eth1
[2019-08-30 12:07:27,600]: eth1: sent 911 bytes
[2019-08-30 12:07:27,632]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 69, Request (1) id 14, len 69 [65]
[2019-08-30 12:07:27,635]: eth1: 00:90:d0:63:ff:01 > d4:b2:7a:b0:dd:74, EAP packet (0) v1, len 69, Request (1) id 14, len 69 [65] > eth2
[2019-08-30 12:07:27,639]: eth2: sent 87 bytes
[2019-08-30 12:07:28,615]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 14, len 6 [2]
[2019-08-30 12:07:28,620]: eth1.0: no IP address
[2019-08-30 12:07:28,623]: eth2: d4:b2:7a:b0:dd:74 > 01:80:c2:00:00:03, EAP packet (0) v2, len 6, Response (2) id 14, len 6 [2] > eth1
[2019-08-30 12:07:28,627]: eth1: sent 60 bytes
[2019-08-30 12:07:28,651]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 4, Success (3) id 14, len 4 [0]
[2019-08-30 12:07:28,655]: eth1.0: no IP address
[2019-08-30 12:07:28,657]: eth1.0: restarting dhclient
Option new_ip requires an argument
Option old_ip requires an argument
[2019-08-30 12:07:29,334]: eth1: 00:90:d0:63:ff:01 > 01:80:c2:00:00:03, EAP packet (0) v1, len 4, Success (3) id 14, len 4 [0] > eth2
[2019-08-30 12:07:29,338]: eth2: sent 64 bytes

[tobiasmcnulty]

This may not be related since it sounds like this was never working for you, but I found my Pace 5268ac needed a firmware update recently, which of course it couldn't do through eap_proxy. I connected it directly to the ONT converter for ~30 minutes to let it do its update and now it's working again.

[bhechinger]

Yeah, unfortunately I'm not even getting that far but that's certainly something to keep in mind. Thanks!

[tobiasmcnulty]

Just checking, did you update the MAC on your router to match the ATT device?

[bhechinger]

I manually set the mac in the ubnt config and I'm also passing --set-mac so the mac should definitely be set. If it's not, that's just messed up. :)

[jaysoffian]

Please try adding this to your configuration:

set interfaces ethernet eth1 vif 0 mac 'd4:b2:7a:b0:dd:74'

Also, this is not right:

Option new_ip requires an argument
Option old_ip requires an argument

I'm not sure what's causing that. Please review your config against the sample given in the README.

[bhechinger]

Please try adding this to your configuration:

set interfaces ethernet eth1 vif 0 mac 'd4:b2:7a:b0:dd:74'

Double checking that it looks like I'm a big dummy and put that on eth0. I bet that's it.

Let me try again and report back.

[bhechinger]

Progress! But not success. :(

Now that I've got the mac address on the correct interface I get an IP address and default route.

Unfortunately it doesn't appear that it's working entirely. I cannot ping the default route I've been given back nor can I reach anything from the ERL.

[caffeineflo]

I have the same issue (no ip error message, mac correctly set), but only on my ER X fw 2.08 - if I switch back to 1.10 it all works.

[stephen-mw]

Can confirm, the proxy isn't working with ER X firmware 2.x+.

[anpetrov]

hi guys looks like I am having the same problem. Although there is no evidence this issue is specific to eap-proxy. Here is what I observe:

1. with dumb switch bypass mode, EAP handshake works fine but dhclient takes forever to get the lease. I am using correct vlan tag (0). I sniffed out different dhcp options and tried to replicate them with dhclient (like option 61, clientid). No joy. Sometimes it takes 30 minutes to get the lease. I could never found what correlates to success.
2. with eap proxy on openwrt edgerouter 19.07 the script doesn't seem to work. THere are identity/response packets but full sequence never happens. I blame DSA, hardware offload, and bad weather
3. EAP with bridge on openwrt edgerouter works 100% of time. However, with udhc I am getting same behavor as with [1].
4. On regular linux with 2 NICs eap proxy succeedes always. However, dhclient seems to be having same issue as [1].

Any suggestions would be helpful. And yes, I am faking the router's mac on nic that is connected to the ONT.

[anpetrov]

for some reason eap proxy started working and looks pretty stable. nevermind then

[caffeineflo]

@anpetrov On a ER-X or what hardware do you use?

[anpetrov]

@caffeineflo I gave up on ER-X. this mostly because hw NAT offload is broken on master on openwrt, so I just use a server with bunch of NICs. I never tried with edgeos. I also realized I don't have to worry about cpu overload if I use the server.

[jaysoffian]

Closing since this isn't an issue with eap_proxy.

[stephen-mw]

@jaysoffian are you sure? On the homepage it says eap_proxy is compatible with Ubiquiti Networks EdgeRouter™ products, but that doesn't look to be the case anymore with EdgeRouter versions 2 and above. You might want to consider adding a disclaimer about version support.

[tylercal]

FWIW, I’m on 2.0.8 with an edge router 5 PoE, and it’s still working for me.