I think these might pertain to your hardware.Good afternoon everyone I have AT&T fiber I have a Unifi USG switch (8-60w) cloud key (gen 2) AP (nano) and i'm looking for some help getting set up.. My problem is the ATT Router I would like to by pass it.. I'm just starting out learning about networking and linux.. I have been reading alot about this and i'm sure the USG will not handle the connection i have.. (1000)Mbps So i'm getting ready to order the edgerouter 4.. Lastly I know everyones time is limited so i will definitely compensate you up front for your time.Thanks..
I've not had any issues whatsoever. The transition to 2.5 went smoothly, with the exception of having to manually copy all the files over again.Anyone running pfatt bypass upgrade pfsense to 2.5 yet? Seems like there are reports of issues with cpu per Reddit.
did you end up doing an in place upgrade?I've not had any issues whatsoever. The transition to 2.5 went smoothly, with the exception of having to manually copy all the files over again.
I actually didn't. My hard drive for the firewall died before I had a chance to address it. So I installed 2.5 directly, then just copied my old config over and prayed.did you end up doing an in place upgrade?
Yea, that's what I'd do. But it really shouldn't be too bad. Worst case is you could set up CARP or some other highly available setup if it behaves.okay i virtualize my pfsense box, so i will need to play with both fresh install and upgrade.
dependent on what you use to virtualize, you can pretty easily bypass the ATT box without pfatt (if you end up having an issue getting pfatt to play nice with pfsense CE 2.5. I no longer use pfatt with proxmox and a pfsense VM.okay i virtualize my pfsense box, so i will need to play with both fresh install and upgrade.
I went with a physical box because there is no way to connect the ONT to multiple servers (as far as I know) so that the PFSense VM could be HA. I wish that wasn't the case.dependent on what you use to virtualize, you can pretty easily bypass the ATT box without pfatt (if you end up having an issue getting pfatt to play nice with pfsense CE 2.5. I no longer use pfatt with proxmox and a pfsense VM.
So PFatt is just a wrapper script around wpa_supplicant. One could easily rewrite the script for use in a standard Linux environment. Maybe even WSL for the masochists among us.I'm not worried so much about ha with my setup. I have vm backups, hardware backup and worst case the original att box.
I'm using esxi 6.7 planning upgrade to 7.x over next few months. I have some dell l3 switches that are a few years old now.
What alternative options are there for att work around other then pfatt and pfsense?
Even easier than that, at least in Proxmox, almost completely doable from the GUI even, doable in esxi but I don’t have the exact process. I just bridge past the RG as described below, but I’ll link below from a Reddit post on how to do the same with extracted certs and RG removed.So PFatt is just a wrapper script around wpa_supplicant. One could easily rewrite the script for use in a standard Linux environment. Maybe even WSL for the masochists among us.
post-up echo 8 > /sys/class/net/vmbr1/bridge/group_fwd_mask
to vmbr1.auto vmbr1
iface vmbr1 inet manual
bridge-ports eth0 eth1
bridge-stp off
bridge-fd 0
post-up echo 8 > /sys/class/net/vmbr1/bridge/group_fwd_mask
#RG to ONT bridge for EAP Auth
Even easier than that, at least in Proxmox, almost completely doable from the GUI even, doable in esxi but I don’t have the exact process. I just bridge past the RG as described below, but I’ll link below from a Reddit post on how to do the same with extracted certs and RG removed.
assuming the ONT connected to eth0 and the RG to eth1. I create 2 Linux bridges in proxmox GUI vmbr1 and vmbr2.
- vmbr1 add both eth0 and eth1 as bridge Ports used for EAP auth only, not passed to any VM
- vmbr2 add eth0.0 as a bridge port, uses eth0 over vlan0, use this for pfSense WAN, can spoof RG mac here as well
proxmox is Debian so edit /etc/network/interfaces to addpost-up echo 8 > /sys/class/net/vmbr1/bridge/group_fwd_mask
to vmbr1.
you can also spoof the RG MAC via pfSense by editing interface WAN.Code:auto vmbr1 iface vmbr1 inet manual bridge-ports eth0 eth1 bridge-stp off bridge-fd 0 post-up echo 8 > /sys/class/net/vmbr1/bridge/group_fwd_mask #RG to ONT bridge for EAP Auth
Link on similar setup to skip pfatt/netgraph on pfSense VM using supplicant.
https://www.reddit.com/r/PFSENSE/comments/guwm2u/_/fsnh9fx
Long shot here, but since this is the only bit of information I can find about wpa_supplicant and broken VPN routes.. how exactly is your setup configured?Wrote a config script for VyOS to enable EAPOL. T1466 Add EAPOL login support Might work on the EdgeRouters too.
Doing it on the post-config script breaks my VPN tunnels and pre-config is done before the MAC gets changed and if-names assigned.