Looking for router advice before moving to AT&T fiber

Discussion in 'Networking' started by Loren, Jun 17, 2019.

  1. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Where do you get the 1.5.12 firmware for BGW210?
     
    #41
  2. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Never mind, just change the file names to 1.5.12 in the url.
     
    #42
  3. Corey Clingo

    Corey Clingo New Member

    Joined:
    May 13, 2016
    Messages:
    5
    Likes Received:
    4
    The 1.6.9 (?) firmware in the instructions worked for me as well.
     
    #43
  4. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Oh, i never tried because the instructions said downgrade to 1.5.12 so I thought the shell was only available in that firmware. Good to know now but I succeeded and got the certs out.
     
    #44
  5. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Okay so I was all gung-ho on bypassing the RG and handling everything via pFsense but in my network, i'm running ESXI and have multiple firewalls, pFsense, OPNsense all getting their own public IP address so I decided to abandon this project. I now have one fully extracted cert package from a BGW210 and if anyone is looking to jump into this, PM me and I can sell this one cert to someone.

    I also have a NVG589 that is waiting for the flash to be desoldered and dumped. I really got ahead of myself on this one!

    EDIT: I was able to root the NVG589 as well. Two sets of certs up for sale.
     
    #45
    Last edited: Jul 7, 2019
  6. Gene

    Gene Active Member

    Joined:
    Jan 27, 2016
    Messages:
    166
    Likes Received:
    29
    So i have my certs. Was able to desolder and pull the required files from the nvg589 chip. Once I get a window for downtime I'll switch to supplicant mode in pfsense. I'll get the certs off the BGW210 when i get a chance too
     
    #46
  7. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Well, i spun up a new pfsense instance on my ESXI to try the WPA_SUPPLICANT method but it didn't work out. Here are the steps I took.

    1) vmxnet interface are not detected by ngctl, use E1000
    2) Created a new VSWITCH with uplink to the dedicated ethernet port, set security to allow for all three
    3) create a port group with VLAN0, set security to allow for all three
    4) assign this port group to the em0 interface in pfsense
    5) set up the scripts in pfsense and run them
    6) only see EAP START, Len 0 in tcpdump on ngeth0 and nothing else

    At this point, i'm stuck. Any help?
     
    #47
  8. mb300sd

    mb300sd Active Member

    Joined:
    Aug 1, 2016
    Messages:
    191
    Likes Received:
    67
    You need to do pcie passthrough on the ethernet card. The vswitch won't pass EAPOL packets.
     
    #48
  9. marcoi

    marcoi Well-Known Member

    Joined:
    Apr 6, 2013
    Messages:
    1,334
    Likes Received:
    205
    I added a 4 port nic to my server to run pfsense with wpa_supplicant. its been working fine since i got it cut over. STill working on block IP but i havent had time to really mess with pfsense.
     
    #49
  10. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Oh shucks, that means I can’t vmotion my pfsense instance. Guess it’s just for messing around then!
     
    #50
  11. marcoi

    marcoi Well-Known Member

    Joined:
    Apr 6, 2013
    Messages:
    1,334
    Likes Received:
    205
    i hear yah, I been thinking of getting one of the HP thin clients and running pfsense as standalone.
     
    #51
  12. das1996

    das1996 New Member

    Joined:
    Sep 4, 2018
    Messages:
    21
    Likes Received:
    2
    I remember reading a post on dslr where this scenario did indeed work. It had to do configuring the vnic correctly. See this post Re: PFSense RG Bypass with High Availability - AT&T U-verse | DSLReports Forums

    Also, same user has a working method for sophos utm - ATT Fiber, Sophos UTM full gateway BYPASS SUCCESS!! - AT&T U-verse | DSLReports Forums . The thread is a bit fragmented so follow the first 3 links of the first post. IPv6 works too!

    I've tested both the pfsense (under esxi with vnic) and sophos utm methods here with working results.

    Note, I also have an unused tested cert available from a spare nvg. Private message for details.
     
    #52
    Last edited: Jul 13, 2019
  13. das1996

    das1996 New Member

    Joined:
    Sep 4, 2018
    Messages:
    21
    Likes Received:
    2
    I just checked mine. Vlan id is set to 4095 for the wan port group (along with all security options enabled). 4095 in esxi indicates passing of all vlan ID's.
     
    #53
  14. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Did you find that you needed e1000 nic types for Netgraph to recognize the virtual adapter?
     
    #54
  15. das1996

    das1996 New Member

    Joined:
    Sep 4, 2018
    Messages:
    21
    Likes Received:
    2
    I tried the netgraph/pfsense method some time ago but don't recall being successful using esxi. I ultimately reverted to the dumb switch method until earlier this year. The certs method become more attainable for a novice. Been using it for a few months now (with utm).

    Pfsense/certs under esxi is set to e1000. I can't remember if i tried vmxnet3 or not. Mainly the goal was to see if it actually worked and then try to implement under utm.
     
    #55
  16. Gene

    Gene Active Member

    Joined:
    Jan 27, 2016
    Messages:
    166
    Likes Received:
    29
    Could someone send me the valid .der certs for a nvg589? I put them together manually plain text from a file i found online. However, I can't get the EAP process to authorize and I'm thinking it may be those .der cert files. The mfg.dat file was pulled directly from the bios chip.

    Unless someone knows how to get the .der files from the chip bios which i wasn't able to find anything about

    I couldn't get the ttl to work on the BGW210. Was just garbled text. I think I may have sent 5v instead of 3.3v at first and zapped something sigh. Still works fine but no way for me to get the eap off it now
     
    #56
  17. Kev

    Kev Active Member

    Joined:
    Feb 16, 2015
    Messages:
    324
    Likes Received:
    46
    Send me a pm and I’ll send you mine.
     
    #57
  18. mb300sd

    mb300sd Active Member

    Joined:
    Aug 1, 2016
    Messages:
    191
    Likes Received:
    67
    Garbled text sounds like a baud rate mismatch. I think mine was 9600. 5v/3.3 might burn out the Rx side, but shouldn't effect the Tx so you wouldn't get garbled text.
     
    #58
  19. Gene

    Gene Active Member

    Joined:
    Jan 27, 2016
    Messages:
    166
    Likes Received:
    29
    yeah I used 9600 default with putty so not sure what the issue was
     
    #59
    Last edited: Jul 13, 2019
  20. mb300sd

    mb300sd Active Member

    Joined:
    Aug 1, 2016
    Messages:
    191
    Likes Received:
    67
    Try 115200. It was one or the other.
     
    #60
Similar Threads: Looking router
Forum Title Date
Networking Looking for 2x1GE LACP router advisory Nov 21, 2019
Networking Looking for recommendations: QUAD WAN router? Oct 31, 2018
Networking Looking for Arista EOS-4.23.0.1F firmware Nov 20, 2019
Networking Looking for Microsemi SyncServer S600 firmware Oct 16, 2019
Networking [EU] Looking for cheap SFP+ switches and QSFP+ backbone switch Jun 15, 2019

Share This Page