search

owenthewizard / opnatt

Use your own OPNsense router with AT&T Fiber [GPON].
46 stars 4 forks source link

i have tips for the opnatt.sh script #10

Open justintocci opened 1 year ago

justintocci commented 1 year ago

On FreeBSD we put the following file in /usr/local/etc/rc.d/opnatt.sh it's been working great!

in /etc/rc.conf:

### Network link/usability verification options
synchronous_dhclient="YES"
# i added this to hopefully prevent the need to restart ipfw after boot
netwait_enable="YES"                      # Enable rc.d/netwait to wait for static ip to be up
#netwait_ip="123.123.199.129"  # Wait for ping response from any IP in this list.
netwait_timeout="10"                      # Total number of seconds to perform pings.
netwait_if="ngeth0"                   # Wait for active link on each intf in this list.
netwait_if_timeout="10"                   # Total number of seconds to monitor link state.

/usr/local/etc/rc.d/opnatt.sh

#!/bin/sh

# PROVIDE: ngeth0
# REQUIRE: NETWORKING

#Exit immediately if a command exits with a non-zero status
set -e

ONT_IF='ix0'
RG_IF='igb1'
RG_ETHER_ADDR='b0:93:xx:xx:xx:xx'
LOG=/var/log/opnatt.log

getTimestamp(){
    echo `date "+%Y-%m-%d %H:%M:%S :: [opnatt.sh] ::"`
}

{
    echo "$(getTimestamp) pfSense + AT&T U-verse Residential Gateway for true bridge mode"
    echo "$(getTimestamp) Configuration: "
    echo "$(getTimestamp)        ONT_IF: $ONT_IF"
    echo "$(getTimestamp)         RG_IF: $RG_IF"
    echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"

    echo -n "$(getTimestamp) loading netgraph kernel modules... "
    /sbin/kldload -nq netgraph
    /sbin/kldload -nq ng_ether
    /sbin/kldload -nq ng_etf
    /sbin/kldload -nq ng_vlan
    /sbin/kldload -nq ng_eiface
    /sbin/kldload -nq ng_one2many
    echo "OK!"

    echo "$(getTimestamp) building netgraph nodes..."

    echo -n "$(getTimestamp)   creating ng_one2many... "
    /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
    /usr/sbin/ngctl name $ONT_IF:lower o2m
    echo "OK!"

    echo -n "$(getTimestamp)   creating vlan node and interface... "
    /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
    /usr/sbin/ngctl name o2m:many0 vlan0
    /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether

    /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
    /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
    echo "OK!"

    echo -n "$(getTimestamp)   defining etf for $ONT_IF (ONT)... "
    /usr/sbin/ngctl mkpeer o2m: etf many1 downstream
    /usr/sbin/ngctl name o2m:many1 waneapfilter
    /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
    echo "OK!"

    echo -n "$(getTimestamp)   defining etf for $RG_IF (RG)... "
    /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
    /usr/sbin/ngctl name $RG_IF:lower laneapfilter
    /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
    echo "OK!"

    echo -n "$(getTimestamp)   bridging etf for $ONT_IF <-> $RG_IF... "
    /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
    echo "OK!"

    echo -n "$(getTimestamp)   defining filters for EAP traffic... "
    /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    echo "OK!"

    echo -n "$(getTimestamp)   enabling one2many links... "
    /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
    echo "OK!"

    echo -n "$(getTimestamp)   removing waneapfilter:nomatch hook... "
    /usr/sbin/ngctl rmhook waneapfilter: nomatch
    echo "OK!"

    echo -n "$(getTimestamp) enabling $RG_IF interface... "
    /sbin/ifconfig $RG_IF up
    echo "OK!"

    echo -n "$(getTimestamp) enabling $ONT_IF interface... "
    /sbin/ifconfig $ONT_IF up
    echo "OK!"

    echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
    /sbin/ifconfig $RG_IF promisc
    echo "OK!"

    echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
    /sbin/ifconfig $ONT_IF promisc
    echo "OK!"

    echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"
    echo "$(getTimestamp) done!"

    sleep 10
    service dhcp6c restart
    service ipfw restart

} >> $LOG
owenthewizard commented 6 months ago

What modifications are you proposing?

justintocci commented 6 months ago

A note on FreeBSD in the Readme would be cool.