jaysoffian / eap_proxy

Proxy EAP packets between interfaces on Linux devices such as the Ubiquiti Networks EdgeRouter™ and UniFi® Security Gateway.
BSD 3-Clause "New" or "Revised" License
562 stars 87 forks source link

USG reboot not triggering reauthentication #45

Closed radicand closed 3 years ago

radicand commented 3 years ago

I'm interested to know if this problem is just me, or others with a USG-3P as well. This script was working well until the last few months when if the USG router rebooted, it would not reauth with the ONT. The only way I could get it to reauthenticate was if I physically powered off the ONT and turned it back on again, OR if I pulled the ethernet cable from the ONT to the USG and put it back in (easier).

I'm working on a viable simulation of the plug-pull -- ip link down/up does not do it as the lights still stay lit, however, I've had some early success with: ethtool -s eth0 speed 100 duplex full autoneg off && sleep 5 && ethtool -s eth0 speed 1000 duplex full autoneg on -- essentially tricking the interface to reset itself through link negotiation.

Anyone else experiencing the above? If so, is it worth working the link reset hack into the shell script after the python starts?

closb commented 3 years ago

Sorry can't help, I use the EdgeRouter. Only experienced similar issue after power surges. Once I changed power strip everything was copacetic.

jaysoffian commented 3 years ago

The proxy itself is unable to initiate authentication. All it can do is proxy the auth packets between the RG and the ONT. Perhaps after reboot the WAN connection seems to be up and so the proxy is ignoring the auth packets from the RG.

What command-line options are you using with the proxy?

Have you examined the log messages from the proxy to see what its doing?

radicand commented 3 years ago

@jaysoffian - I did closely watch the logs, nothing at all was showing up beyond the normal startup notification.

My post-config.d script looks like the below. Note my hack additions at the end. I tested a reboot this morning (with the hacks) and it resolves the issue, FWIW.

#!/bin/sh
# EdgeOS startup script for eap_proxy.py. See README.md.

# Adjust IF_WAN and IF_ROUTER for your setup.
IF_WAN=eth0     # Interface connected to the AT&T ONT
IF_ROUTER=eth2  # Interface connected to the AT&T Router Gateway (RG)

# CONFIG_OPTIONS don't normally need to be adjusted. See README.MD.
CONFIG_OPTIONS=(
  --restart-dhcp
  --ignore-when-wan-up
  --ignore-logoff
  --ping-gateway
  --set-mac
  --debug
)

# DAEMON_OPTIONS don't normally need to be adjusted. See README.MD.
DAEMON_OPTIONS=(
  --daemon
  --pidfile /var/run/eap_proxy.pid
  --syslog
)

if test -f /var/run/eap_proxy.pid; then
  kill $(head -1 /var/run/eap_proxy.pid) 2>/dev/null
fi

/usr/bin/python /config/scripts/eap_proxy.py \
    "$IF_WAN" "$IF_ROUTER" "${CONFIG_OPTIONS[@]}" "${DAEMON_OPTIONS[@]}" &
ip link set down dev eth0 && sleep 10 && ip link set up dev eth0
ethtool -s eth0 speed 100 duplex full autoneg off && sleep 5 && ethtool -s eth0 speed 1000 duplex full autoneg on