Giter VIP home page Giter VIP logo

pfatt's Introduction

About

This repository includes my notes on enabling a true bridge mode setup with AT&T U-Verse and pfSense. This method utilizes netgraph which is a graph based kernel networking subsystem of FreeBSD. This low-level solution was required to account for the unique issues surrounding bridging 802.1X traffic and tagging a VLAN with an id of 0. I've tested and confirmed this setup works with AT&T U-Verse Internet on the ARRIS NVG589, NVG599 and BGW210-700 residential gateways (probably others too). For Pace 5268AC see special details below.

There are a few other methods to accomplish true bridge mode, so be sure to see what easiest for you. True Bridge Mode is also possible in a Linux via ebtables or using hardware with a VLAN swap trick. For me, I was not using a Linux-based router and the VLAN swap did not seem to work for me.

While many AT&T residential gateways offer something called IP Passthrough, it does not provide the same advantages of a true bridge mode. For example, the NAT table is still managed by the gateway, which is limited to a measly 8192 sessions (although it becomes unstable at even 60% capacity).

The netgraph method will allow you to fully utilize your own router and fully bypass your residential gateway. It survives reboots, re-authentications, IPv6, and new DHCP leases.

How it Works

Before continuing to the setup, it's important to understand how this method works. This will make configuration and troubleshooting much easier.

Standard Procedure

First, let's talk about what happens in the standard setup (without any bypass). At a high level, the following process happens when the gateway boots up:

  1. All traffic on the ONT is protected with 802.1/X. So in order to talk to anything, the Router Gateway must first perform the authentication procedure. This process uses a unique certificate that is hardcoded on your residential gateway.
  2. Once the authentication completes, you'll be able to properly "talk" to the outside. However, all of your traffic will need to be tagged with VLAN ID 0 (a.k.a. VLAN Priority Tagging[1][2]) before the IP gateway will respond.
  3. Once traffic is tagged with VLAN0, your residential gateway needs to request a public IPv4 address via DHCP. The MAC address in the DHCP request needs to match that of the MAC address that's assigned to your AT&T account. Other than that, there's nothing special about the DCHPv4 handshake.
  4. After the DHCP lease is issued, the WAN setup is complete. Your LAN traffic is then NAT'd and routed to the outside.

Bypass Procedure

To bypass the gateway using pfSense, we can emulate the standard procedure. If we connect our Residential Gateway and ONT to our pfSense box, we can bridge the 802.1/X authentication sequence, tag our WAN traffic as VLAN0, and request a public IPv4 via DHCP using a spoofed MAC address.

Unfortunately, there are some challenges with emulating this process. First, it's against RFC to bridge 802.1/X traffic and it is not supported. Second, tagging traffic as VLAN0 is not supported through the standard interfaces.

This is where netgraph comes in. Netgraph allows you to break some rules and build the proper plumbing to make this work. So, our cabling looks like this:

Residential Gateway
[ONT Port]
  |
  |
[nic0] pfSense [nic1]
                 |
                 |
               [ONT]
              Outside

With netgraph, our procedure looks like this (at a high level):

  1. The Residential Gateway initiates a 802.1/X EAPOL-START.
  2. The packet then is bridged through netgraph to the ONT interface.
  3. If the packet matches an 802.1/X type (which is does), it is passed to the ONT interface. If it does not, the packet is discarded. This prevents our Residential Gateway from initiating DHCP. We want pfSense to handle that.
  4. The ONT should then see and respond to the EAPOL-START, which is passed back through our netgraph back to the residential gateway. At this point, the 802.1/X authentication should be complete.
  5. netgraph has also created an interface for us called ngeth0. This interface is connected to ng_vlan which is configured to tag all traffic as VLAN0 before sending it on to the ONT interface.
  6. pfSense can then be configured to use ngeth0 as the WAN interface.
  7. Next, we spoof the MAC address of the residential gateway and request a DHCP lease on ngeth0. The packets get tagged as VLAN0 and exit to the ONT.
  8. Now the DHCP handshake should complete and we should be on our way!

Hopefully, that now gives you an idea of what we are trying to accomplish. See the comments and commands bin/pfatt.sh for details about the netgraph setup.

But enough talk. Now for the fun part!

Setup

Prerequisites

  • At least three physical network interfaces on your pfSense server
  • The MAC address of your Residential Gateway
  • Local or console access to pfSense
  • pfSense 2.4.5 running on amd64 architecture (If you are running pfSense 2.4.4 please see instruction in the Before-pfSense-2.4.5 branch)

At this time there is a bug in pFsense 2.4.5 and ng_etf module is only included in pFsense 2.4.5 amd64 build. Should be fixed in 2.4.5-p1.

PFSense Builds for Netgate hardware may not include ng_etf (Confimred on SG4860-Desktop 2.4.5-p1). Confirm ng_etf exists before continuing and look at Before-pfSense-2.4.5 branch for gudiance if it doesn't exist.

If you are running pfSense on anything other than amd64 architecture you should compile your own version of ng_etf. Look at Before-pfSense-2.4.5 branch for some guidance on compiling and running your own ng_etf.

If you only have two NICs, you can buy this cheap USB 100Mbps NIC from Amazon as your third. It has the Asix AX88772 chipset, which is supported in FreeBSD with the axe driver. I've confirmed it works in my setup. The driver was already loaded and I didn't have to install or configure anything to get it working. Also, don't worry about the poor performance of USB or 100Mbps NICs. This third NIC will only send/recieve a few packets periodicaly to authenticate your Router Gateway. The rest of your traffic will utilize your other (and much faster) NICs.

Install

  1. Edit the following configuration variables in bin/pfatt.sh as noted below. $RG_ETHER_ADDR should match the MAC address of your Residential Gateway. AT&T will only grant a DHCP lease to the MAC they assigned your device. In my environment, it's:

    ONT_IF='xx0' # NIC -> ONT / Outside
RG_IF='xx1'  # NIC -> Residential Gateway's ONT port
RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx' # MAC address of Residential Gateway

  2. Copy bin/pfatt.sh to /root/bin (or any directory):

    ssh root@pfsense mkdir /root/bin
scp bin/pfatt.sh root@pfsense:/root/bin/
ssh root@pfsense chmod +x /root/bin/pfatt.sh

    NOTE: If you have the 5268AC, you'll also need to install pfatt-5268AC-startup.sh and pfatt-5268.sh. The scripts monitor your connection and disable or enable the EAP bridging as needed. It's a hacky workaround, but it enables you to keep your 5268AC connected, avoid EAP-Logoffs and survive reboots. Consider changing the PING_HOST in pfatt-5268AC.sh to a reliable host. Then perform these additional steps to install:

    scp bin/pfatt-5268AC-startup.sh root@pfsense:/usr/local/etc/rc.d/pfatt-5268AC-startup.sh
scp bin/pfatt-5268AC.sh root@pfsense:/root/bin/
ssh root@pfsense chmod +x /usr/local/etc/rc.d/pfatt-5268AC-startup.sh /root/bin/pfatt-5268AC.sh

  3. To start pfatt.sh script at the beginning of the boot process pfSense team recomments you use a package called shellcmd. Use pfSense package installer to find and install it. Once you have shellcmd package installed you can find it in Services > Shellcmd. Now add a new command and fill it up accordingly (make sure to select earlyshellcmd from a dropdown):

    Command: /root/bin/pfatt.sh
Shellcmd Type: earlyshellcmd

    It should look like this: Shellcmd Settings

    This can also be acomplished by manually editing your pfSense /conf/config.xml file. Add /root/bin/pfatt.sh above . This method is not recommended and is frowned upon by pfSense team.

  4. Connect cables:

    • $RG_IF to Residential Gateway on the ONT port (not the LAN ports!)
    • $ONT_IF to ONT (outside)
    • LAN NIC to local switch (as normal)

  5. Prepare for console access.

  6. Reboot.

  7. pfSense will detect new interfaces on bootup. Follow the prompts on the console to configure ngeth0 as your pfSense WAN. Your LAN interface should not normally change. However, if you moved or re-purposed your LAN interface for this setup, you'll need to re-apply any existing configuration (like your VLANs) to your new LAN interface. pfSense does not need to manage $RG_IF or $ONT_IF. I would advise not enabling those interfaces in pfSense as it can cause problems with the netgraph.

  8. In the webConfigurator, configure the WAN interface (ngeth0) to DHCP using the MAC address of your Residential Gateway.

If everything is setup correctly, netgraph should be bridging EAP traffic between the ONT and RG, tagging the WAN traffic with VLAN0, and your WAN interface configured with an IPv4 address via DHCP.

IPv6 Setup

Once your netgraph setup is in place and working, there aren't any netgraph changes required to the setup to get IPv6 working. These instructions can also be followed with a different bypass method other than the netgraph method. Big thanks to @pyrodex1980's post on DSLReports for sharing your notes.

This setup assumes you have a fairly recent version of pfSense. I'm using 2.4.5.

DUID Setup

  1. Go to System > Advanced > Networking
  2. Configure DHCP6 DUID to DUID-EN
  3. Configure DUID-EN to 3561
  4. Configure your IANA Private Enterprise Number. This number is unique for each customer and (I believe) based off your Residential Gateway serial number. You can generate your DUID using gen-duid.sh, which just takes a few inputs. Or, you can take a pcap of the Residential Gateway with some DHCPv6 traffic. Then fire up Wireshark and look for the value in DHCPv6 > Client Identifier > Identifier. Add the value as colon separated hex values 00:00:00.
  5. Save

WAN Setup

  1. Go to Interfaces > WAN
  2. Enable IPv6 Configuration Type as DHCP6
  3. Scroll to DCHP6 Client Configuration
  4. Enable Request only an IPv6 prefix
  5. Enable DHCPv6 Prefix Delegation size as 60
  6. Enable Send IPv6 prefix hint
  7. Enable Do not wait for a RA
  8. Save

LAN Setup

  1. Go to Interfaces > LAN
  2. Change the IPv6 Configuration Type to Track Interface
  3. Under Track IPv6 Interface, assign IPv6 Interface to your WAN interface.
  4. Configure IPv6 Prefix ID to 1. We start at 1 and not 0 because pfSense will use prefix/address ID 0 for itself and it seems AT&T is flakey about assigning IPv6 prefixes when a request is made with a prefix ID that matches the prefix/address ID of the router.
  5. Save

If you have additional LAN interfaces repeat these steps for each interface except be sure to provide an IPv6 Prefix ID that is not 0 and is unique among the interfaces you've configured so far.

DHCPv6 Server & RA

  1. Go to Services > DHCPv6 Server & RA
  2. Enable DHCPv6 server on interface LAN
  3. Configure a range of ::0001 to ::ffff:ffff:ffff:fffe
  4. Leave Prefix Delegation Range blank.
  5. Configure Prefix Delegation Size to 64
  6. Save
  7. Go to the Router Advertisements tab
  8. Configure Router mode as Stateless DHCP
  9. Save

If you have additional LAN interfaces repeat these steps for each interface.

That's it! Now your clients should be receiving public IPv6 addresses via DHCP6.

Troubleshooting

Logging

Output from pfatt.sh and pfatt-5268AC.sh can be found in /var/log/pfatt.log.

tcpdump

Use tcpdump to watch the authentication, vlan and dhcp bypass process (see above). Run tcpdumps on the $ONT_IF interface and the $RG_IF interface:

tcpdump -ei $ONT_IF
tcpdump -ei $RG_IF

Restart your Residential Gateway. From the $RG_IF interface, you should see some EAPOL starts like this:

MAC (oui Unknown) > MAC (oui Unknown), ethertype EAPOL (0x888e), length 60: POL start

If you don't see these, make sure you're connected to the ONT port.

These packets come every so often. I think the RG does some backoff / delay if doesn't immediately auth correctly. You can always reboot your RG to initiate the authentication again.

If your netgraph is setup correctly, the EAP start packet from the $RG_IF will be bridged onto your $ONT_IF interface. Then you should see some more EAP packets from the $ONT_IF interface and $RG_IF interface as they negotiate 802.1/X EAP authentication.

Once that completes, watch $ONT_IF and ngeth0 for DHCP traffic.

tcpdump -ei $ONT_IF port 67 or port 68
tcpdump -ei ngeth0 port 67 or port 68

Verify you are seeing 802.1Q (tagged as vlan0) traffic on your $ONT_IF interface and untagged traffic on ngeth0.

Verify the DHCP request is firing using the MAC address of your Residential Gateway.

If the VLAN0 traffic is being properly handled, next pfSense will need to request an IP. ngeth0 needs to DHCP using the authorized MAC address. You should see an untagged DCHP request on ngeth0 carry over to the $ONT_IF interface tagged as VLAN0. Then you should get a DHCP response and you're in business.

If you don't see traffic being bridged between ngeth0 and $ONT_IF, then netgraph is not setup correctly.

Promiscuous Mode

pfatt.sh will put $RG_IF in promiscuous mode via /sbin/ifconfig $RG_IF promisc. Otherwise, the EAP packets would not bridge. I think this is necessary for everyone but I'm not sure. Turn it off if it's causing issues.

netgraph

The netgraph system provides a uniform and modular system for the implementation of kernel objects which perform various networking functions. If you're unfamiliar with netgraph, this tutorial is a great introduction.

Your netgraph should look something like this:

netgraph

In this setup, the ue0 interface is my $RG_IF and the bce0 interface is my $ONT_IF. You can generate your own graphviz via ngctl dot. Copy the output and paste it at webgraphviz.com.

Try these commands to inspect whether netgraph is configured properly.

  1. Confirm kernel modules are loaded with kldstat -v. The following modules are required:

    • netgraph
    • ng_ether
    • ng_eiface
    • ng_one2many
    • ng_vlan
    • ng_etf

  2. Issue ngctl list to list netgraph nodes. Inspect pfatt.sh to verify the netgraph output matches the configuration in the script. It should look similar to this:

$ ngctl list
There are 9 total nodes:
  Name: o2m             Type: one2many        ID: 000000a0   Num hooks: 3
  Name: vlan0           Type: vlan            ID: 000000a3   Num hooks: 2
  Name: ngeth0          Type: eiface          ID: 000000a6   Num hooks: 1
  Name: <unnamed>       Type: socket          ID: 00000006   Num hooks: 0
  Name: ngctl28740      Type: socket          ID: 000000ca   Num hooks: 0
  Name: waneapfilter    Type: etf             ID: 000000aa   Num hooks: 2
  Name: laneapfilter    Type: etf             ID: 000000ae   Num hooks: 3
  Name: bce0            Type: ether           ID: 0000006e   Num hooks: 1
  Name: ue0             Type: ether           ID: 00000016   Num hooks: 2
  1. Inspect the various nodes and hooks. Example for ue0:
$ ngctl show ue0:
  Name: ue0             Type: ether           ID: 00000016   Num hooks: 2
  Local hook      Peer name       Peer type    Peer ID         Peer hook
  ----------      ---------       ---------    -------         ---------
  upper           laneapfilter    etf          000000ae        nomatch
  lower           laneapfilter    etf          000000ae        downstream

Reset netgraph

pfatt.sh expects a clean netgraph before it can be ran. To reset a broken netgraph state, try this:

/usr/sbin/ngctl shutdown waneapfilter:
/usr/sbin/ngctl shutdown laneapfilter:
/usr/sbin/ngctl shutdown $ONT_IF:
/usr/sbin/ngctl shutdown $RG_IF:
/usr/sbin/ngctl shutdown o2m:
/usr/sbin/ngctl shutdown vlan0:
/usr/sbin/ngctl shutdown ngeth0:

pfSense

In some circumstances, pfSense may alter your netgraph. This is especially true if pfSense manages either your $RG_IF or $ONT_IF. If you make some interface changes and your connection breaks, check to see if your netgraph was changed.

Virtualization Notes

This setup has been tested on physical servers and virtual machines. Virtualization adds another layer of complexity for this setup, and will take extra consideration.

QEMU / KVM / Proxmox

Proxmox uses a bridged networking model, and thus utilizes Linux's native bridge capability. To use this netgraph method, you do a PCI passthrough for the $RG_IF and $ONT_IF NICs. The bypass procedure should then be the same.

You can also solve the EAP/802.1X and VLAN0/802.1Q problem by setting the group_fwd_mask and creating a vlan0 interface to bridge to your VM. See Other Methods below.

ESXi

I haven't tried to do this with ESXi. Feel free to submit a PR with notes on your experience. PCI passthrough is probably the best approach here though.

Other Methods

Linux

If you're looking how to do this on a Linux-based router, please refer to this method which utilizes ebtables and some kernel features. The method is well-documented there and I won't try to duplicate it. This method is generally more straight forward than doing this on BSD. However, please submit a PR for any additional notes for running on Linux routers.

VLAN Swap

There is a whole thread on this at DSLreports. The gist of this method is that you connect your ONT, RG and WAN to a switch. Create two VLANs. Assign the ONT and RG to VLAN1 and the WAN to VLAN2. Let the RG authenticate, then change the ONT VLAN to VLAN2. The WAN the DHCPs and your in business.

However, I don't think this works for everyone. I had to explicitly tag my WAN traffic to VLAN0 which wasn't supported on my switch.

OPNSense / FreeBSD

For OPNSense 20.1: follow the pfSense instructions, EXCEPT:

  1. use file opnatt.sh
  2. do NOT install the ng_etf.ko, as OPNSense already has this module installed.
  3. put the opnatt.sh script into /usr/local/etc/rc.syshook.d/early as 99-opnatt.sh
  4. do NOT modify config.xml, nor do any of the duid stuff
  5. note: You CAN use IPv6 Prefix id 0, as OPNSense does NOT assign a routeable IPv6 address to ngeth0

I haven't tried this with native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.

U-verse TV

See U-VERSE_TV.md

References

Credits

This took a lot of testing and a lot of hours to figure out. A unique solution was required for this to work in pfSense. If this helped you out, please buy us a coffee.

pfatt's People

Contributors

0xc0ncord avatar ac3d912 avatar andrewreaganm avatar aus avatar drewmullen avatar louis89 avatar magikid avatar maxfield-allison avatar monkwho avatar neclimdul avatar owenthewizard avatar reignbock avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

ac3d912 louis89 theit8514 lrosenman 0xc0ncord magikid ggreen88 n7knightone icemanncsu beckler wiggs555 poeblu ntgitdude23 bradenm savyp jski jvannoyx4 jinrf kd8bny nbritton zsh uchagani aalkilani hanulis tobiasmcnulty ronrn18 josdmyer keeloi79 dbpiv ectoo drewmullen vaeden neclimdul siman1990 jakedevans kevinbushman prodian0013 jayanty rsanheim zdykstra cksapp pedronavf matt3925 altonf4 watanuki-kun jacobjohansen joshuafuller yugandhar91 akaritakai maxfield-allison jabberwock hrana obiwancanoweme xkraz hippiekillerog blackiceaudigy arobincaron derogatoryterm itsiv putnam anyheck fredtbrown thanatos2k smashingtags kusabisensei mgonzales3 xolian reignbock jcbender andrewreaganm sandyfortune zombielinux ephekt mhasandx jdubbs06 matthewgcampbell devopsmatt authguardian jh4mit rexdavid archangel-michael lmbagley gowest279 jvoss nkiruthikkumar hjburke danl20 grevelle palfans toboshii lucas-gautier maxinfo kll mackeystingray justinhamlett slimshizn kokos024 wsciaroni schneiderjohn reedmcintosh

pfatt's Issues

wpa_supplicant method with opnsense

I noticed the proxy method with the RG was updated for opnsense, thank you @MonkWho! I've been using the wpa_supplicant version with pfsense for a while but I'm switching to opnsense and was wondering if the pfatt.sh script would be the same?

Need ng_etf.ko from BSD 12 to complete upgrade from 2.4.5 to 2.5.2

Is anyone able to help with a copy of the correct file?

I installed pfatt a long time ago from the old repo, and ng_etf.ko was included and I copied it into pfsense

It looks like in this repo the file is no longer there, and since I now have a BSD 11 version of ng_etf.ko, pfatt does not work. On boot I get interface mismatch and I can't see netgraph

Are we able to add in the new version of ng_etf.ko to the repo for those upgrading from 2.4.5 to 2.5.2?

Thanks

Local

Possible boot local from LAN PC only kernel ?
TV not need

Weird issues with the DUID number

Anyone else have issues with IPv6, mine sometimes works and sometimes doesn't, DUID number stays the same. Right now i just can't get pfsense to get a DHCPv6 lease from the WAN. Whats the easiest way to test to be sure what is causing this issue? And when I paste it into the identifier field shown here:
Screen Shot 2020-10-28 at 7 04 42 PM
it should start with 00:02:00:00:0d:e9:30:30:31:45:34:36:2d: correct?

BGW320-500

Is there a way ro get it working on the new BGW320? Mine internet come to the router with through the sfp port.

Struggling after 2.5 upgrade

I had this working in bypass mode for more than a year previously, but after upgrading to 2.5 I've been unable to get it working again on a couple occasions. There's only so much time I can spend debugging with the internet down. 😬 Hoping someone here can help since everything seems set up correctly, but EAP simply fails to authenticate. I'm currently running in IP passthrough on the gateway (BGW210).

Setup:

  • em0 is ONT
  • em1 is LAN
  • em2 is unused
  • em3 is RG

netgraph
image

tcpdump

I should have opened multiple terminals to dump the interfaces simultaneously for a clearer picture, but I think this gets the point across. The behavior seen below is exactly what happens in a ~30s loop. Of note - I don't know where this Thompson Telecom MAC address (00:90:d0:<snip>) is coming from since all of the NICs are Intel and there's nothing with that MAC in the path that I can tell (though I don't know the ONT's MAC).

RG

[2.5.0-RELEASE][admin@pfsense]/root: tcpdump -ei em3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em3, link-type EN10MB (Ethernet), capture size 262144 bytes
01:00:50.415180 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
01:01:04.566238 <RG MAC> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL logoff (2) v2, len 0
01:01:04.566361 <RG MAC> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
01:01:04.568231 00:90:d0:<snip> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 4
01:01:04.568238 00:90:d0:<snip> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
01:01:04.568478 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15

01:01:34.808218 <RG MAC> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
01:01:34.810234 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15

01:02:04.138763 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
01:02:06.033682 <RG MAC> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
01:02:06.035428 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
^C
11 packets captured

ONT

[2.5.0-RELEASE][admin@pfsense]/root: tcpdump -ei em0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:52:31.390323 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
00:52:33.151561 <RG MAC> (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
00:52:33.153567 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype 802.1Q (0x8100), length 68: vlan 0, p 7, ethertype EAPOL, EAP packet (0) v1, len 15
00:52:40.001315 <RG MAC> (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:52:42.044655 <RG MAC> (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:52:45.011275 <RG MAC> (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:52:50.002502 <RG MAC> (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel

ngeth0

[2.5.0-RELEASE][admin@pfsense]/root: tcpdump -ei ngeth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ngeth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:56:02.021988 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:56:10.610531 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
00:56:11.735256 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
00:56:28.126180 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:56:30.101038 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:56:33.006751 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:56:37.002348 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
00:56:41.917670 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
00:56:42.959443 00:90:d0:<snip> (oui Unknown) > <RG MAC> (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
00:56:45.043872 <RG MAC> (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from <RG MAC> (oui Unknown), length 300
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

pfatt.sh logs
(prefix removed for brevity)

pfSense + AT&T U-verse Residential Gateway for true bridge mode
Configuration: 
       ONT_IF: em0
        RG_IF: em3
RG_ETHER_ADDR: <RG MAC>
attaching interfaces to ng_ether... OK!
building netgraph nodes...
  creating ng_one2many... OK!
  creating vlan node and interface... OK!
  defining etf for em0 (ONT)... OK!
  defining etf for em3 (RG)... OK!
  bridging etf for em0 <-> em3... OK!  
  defining filters for EAP traffic... OK!
  enabling one2many links... OK!
  removing waneapfilter:nomatch hook... OK!
enabling em3 interface... OK!
enabling em0 interface... OK!
enabling promiscuous mode on em3... OK!
enabling promiscuous mode on em0... OK!
ngeth0 should now be available to configure as your pfSense WAN
done!

Any help or similar experiences would be greatly appreciated! I'm kind of at a loss as to why it's not working, but also not 100% sure on exactly what traffic should or should not be tagged vlan 0 (primarily in regards to EAP).

PFSense 2.5.1 Netgraph issues

I'm running into some issues with running the script in supplicant mode. When the script tries to create the vlan and ngeth0 interface all of the ngctl calls come back with ngctl: send msg: No such file or directory. My ONT_IF is set to em1 as that is the port that I have the ONT Interface connected to. Both RG_ETHER_ADDR and EAP_SUPPLICANT_IDENTITY are set and I don't think those are the issue. I'm not sure if this is a 2.5.1 issue as I have seen posts about people getting this to work.

Here is where those ngctl calls start being made..
https://github.com/MonkWho/pfatt/blob/supplicant/bin/pfatt.sh#L147

  /usr/sbin/ngctl mkpeer $ONT_IF: vlan lower downstream
  /usr/sbin/ngctl name $ONT_IF:lower vlan0
  /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
  /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
  /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR

I'm pretty new to the BSD space, but pretty well versed in unix. I suspect there is something simple that i'm missing and running a google search for the errors didn't help me much. I have wpa_supplicant working on my EdgeRoute X. This is for a new PFSense box that I just built. Any help would be appreciated.

wpa_supplicant unable to authorize

I am currently on pfSense 2.4.4 running on a Xenserver.

Setup:
eth0 connected to ONT (interface is not assigned in pfsense)

In order to understand more on whats going wrong, I am running the script manually

Steps (on pfsense console):

  1. ran the following commands to clean up ngeth0 if any
/usr/sbin/ngctl shutdown waneapfilter:
/usr/sbin/ngctl shutdown laneapfilter:
/usr/sbin/ngctl shutdown eth0:
/usr/sbin/ngctl shutdown igb1:
/usr/sbin/ngctl shutdown o2m:
/usr/sbin/ngctl shutdown vlan0:
/usr/sbin/ngctl shutdown ngeth0:

/sbin/ifconfig eth0 up
/sbin/ifconfig eth0 promisc
  1. ran following commands to create ngeth0
/usr/sbin/ngctl mkpeer eth0: vlan lower downstream
/usr/sbin/ngctl name eth0:lower vlan0
/usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
/usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
/usr/sbin/ngctl msg ngeth0: set ec:12:34:cd:34:56
  1. ran the following command to start wpa_supplicant
/usr/sbin/wpa_supplicant -Dwired -ingeth0 -B -C /var/run/wpa_supplicant

wpa_cli set eapol_version 2
wpa_cli set fast_reauth 1
wpa_cli ap_scan 0
wpa_cli add_network
wpa_cli set_network 0 ca_cert \"/cf/conf/pfatt/wpa/ca.pem\"
wpa_cli set_network 0 client_cert \"/cf/conf/pfatt/wpa/client.pem\"
wpa_cli set_network 0 eap TLS
wpa_cli set_network 0 eapol_flags 0
wpa_cli identity 0 \"ec:12:34:cd:34:56\"
wpa_cli set_network 0 key_mgmt IEEE8021X
wpa_cli set_network 0 phase1 \"allow_canned_success=1\"
wpa_cli set_network 0 private_key \"/cf/conf/pfatt/wpa/private.pem\"
wpa_cli enable_network 0
  1. check status by running "wpa_cli status"

the status would show as "Unauthorized - Connecting" and after a minute or two it will go into "Unauthorized - Held".

Notes:
I have chmod 777 for everything in /cf/conf/pfatt/wpa and /cf/conf/pfatt/bin

Different configurations:
I have also tried using pci-passthrough for eth0 directly to pfsense
I set eth0's mac address to my Cert's MAC

IPV6 Broken on pfsense 2.5.0

Since upgrading to pfsense 2.5.0 I can't get an IPV6 address.

No config changes have been made. I've rebooted all equipment, verified settings. No luck

logs

2021-02-20 01:29:36 :: [pfatt.sh] :: pfSense + AT&T U-verse Residential Gateway for true bridge mode
2021-02-20 01:29:36 :: [pfatt.sh] :: Configuration:
2021-02-20 01:29:36 :: [pfatt.sh] ::        ONT_IF: igb0
2021-02-20 01:29:36 :: [pfatt.sh] ::         RG_IF: igb1
2021-02-20 01:29:36 :: [pfatt.sh] :: RG_ETHER_ADDR: ec:a9:40:d7:0f:71
2021-02-20 01:29:36 :: [pfatt.sh] :: attaching interfaces to ng_ether... OK!
2021-02-20 01:29:36 :: [pfatt.sh] :: building netgraph nodes...
2021-02-20 01:29:36 :: [pfatt.sh] ::   creating ng_one2many... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   creating vlan node and interface... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   defining etf for igb0 (ONT)... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   defining etf for igb1 (RG)... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   bridging etf for igb0 <-> igb1... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   defining filters for EAP traffic... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   enabling one2many links... OK!
2021-02-20 01:29:36 :: [pfatt.sh] ::   removing waneapfilter:nomatch hook... OK!
2021-02-20 01:29:36 :: [pfatt.sh] :: enabling igb1 interface... OK!
2021-02-20 01:29:36 :: [pfatt.sh] :: enabling igb0 interface... OK!
2021-02-20 01:29:37 :: [pfatt.sh] :: enabling promiscuous mode on igb1... OK!
2021-02-20 01:29:37 :: [pfatt.sh] :: enabling promiscuous mode on igb0... OK!
2021-02-20 01:29:37 :: [pfatt.sh] :: ngeth0 should now be available to configure as your pfSense WAN
2021-02-20 01:29:37 :: [pfatt.sh] :: done!

WAN_DHCPV says "pending" & "Unknown"

image

pfSense 2.4.5-p1, supplicant mode 1) failing to authorize, and 2) script is blocking system bootup **FIXED**

Greetings,

Using certs I pulled from my BGW210-700, pfSense would not authenticate the WAN connection. The certs work fine in MikroTik's RouterOS, so it's an issue with the script. Also, if you fail to authenticate, pfSense gets stuck in the loop waiting for authentication. Console access is necessary to terminate the script. I've fixed both issues. My installs were tested on bare metal SG-2440 and Protectli Vault 6P.

/usr/bin/logger -st "pfatt" "enabling promisc for $ONT_IF..."
/sbin/ifconfig $ONT_IF ether $EAP_SUPPLICANT_IDENTITY
/sbin/ifconfig $ONT_IF up
/sbin/ifconfig $ONT_IF promisc

I added changing the MAC of the ONT_IF connection (physical WAN port) to the one associated with the certificates. I think I still had to spoof the WAN MAC with the pfSense webconfigurator, unsure why.

WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -i$ONT_IF -B -C /var/run/wpa_supplicant"

Authenticate against ONT_IF, not ngeth0.

Failed authentication keeps system from booting fix:

i=1
until [ "$i" -eq "5" ]
do
sleep 5
WPA_STATUS=$(eval ${WPA_STATUS_CMD})
if [ X${WPA_STATUS} = X"Authorized" ];
then
/usr/bin/logger -st "pfatt" "EAP authorization completed..."

IP_STATUS=$(eval ${IP_STATUS_CMD})

if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ];
then
/usr/bin/logger -st "pfatt" "no IP address assigned, force restarting DHCP..."
RES=$(eval /etc/rc.d/dhclient forcerestart ngeth0)
IP_STATUS=$(eval ${IP_STATUS_CMD})
fi
/usr/bin/logger -st "pfatt" "IP address is ${IP_STATUS}..."
/usr/bin/logger -st "pfatt" "ngeth0 should now be available to configure as your WAN..."
break
else
/usr/bin/logger -st "pfatt" "no authentication, retrying ${i}/5..."
i=$((i+1))
fi
done
I switched from a never ending while loop to an until loop with a counter. If you fail to authenticate, the loop will still terminate, allowing the system to boot, albeit without WAN connection. The way the script was written is a serious pain if you don't have a console connection.

Setting up static IPs on pfsense

have a /29 block with AT&T and im trying to get it to pass the IPs through the NAT but im unsure if this needs a 1:1 nat, or just a basic nat rule to exclude the IPs from pfsenses NAT table, anyone have a setup like this? Trying to get the static ips to various physical interfaces and dont want to use vlans.

IANA Private Enterprise Number for Arris Routers

It doesn't look like bin/gen-duid.sh is capable of determining the IANA Private Enterprise Number for Arris routers. Is there any way for this to be calculated or should those with Arris routers try the packet capture method?

Thanks!

Breakout supplicant and bridge methods into separate scripts

The different bypass methods should be separated into (pf|opn)att_bridge.sh and (pf|opn)att_wpa.sh as they don't really overlap except for the VLAN 0 situation. Maybe that could be broken out into a script function too.

This would make it easier for people to setup and configure the bypass and ease maintenance as well.

I welcome opposing viewpoints on this issue.

N.B. The supplicant branch seems to be out of date (e.g. still using logger).

ngeth0 interface unavailable on reboot after 21.02 upgrade

I recently upgraded from 2.4.5p1 to 21.02p1 on my Netgate SG-4860. The configuration is unable to find my netgraph bridge for the WAN connection and runs the interface assignment option where I can select ngeth0 for the WAN and everything works. I have to do this every reboot. Appreciate any help

`Initializing.................... done.
Starting device manager (devd)...done.
Loading configuration......done.
ngeth0: link state changed to UP
igb2: permanently promiscuous mode enabled
igb1: permanently promiscuous mode enabled
Updating configuration...done.
Warning: Configuration references interfaces that do not exist: ngeth0

Network interface mismatch -- Running interface assignment option.

Valid interfaces are:

igb0 00:08:a2:0f:df:db (down) Intel(R) PRO/1000 PCI-Express Network Driver
igb1 00:08:a2:0f:df:dc (down) Intel(R) PRO/1000 PCI-Express Network Driver
igb2 00:08:a2:0f:df:d7 (down) Intel(R) PRO/1000 PCI-Express Network Driver
igb3 00:08:a2:0f:df:d8 (down) Intel(R) PRO/1000 PCI-Express Network Driver
igb4 00:08:a2:0f:df:d9 (down) Intel(R) PRO/1000 PCI-Express Network Driver
igb5 00:08:a2:0f:df:da (down) Intel(R) PRO/1000 PCI-Express Network Driver
ngeth0 dc:7f:a4:XX:XX:XX (up)

Do VLANs need to be set up first?
If VLANs will not be used, or only for optional interfaces, it is typical to
say no here and use the webConfigurator to configure VLANs later, if required.

Should VLANs be set up now [y|n]? igb2: link state changed to UP
igb1: link state changed to UP
igb0: link state changed to UP

If the names of the interfaces are not known, auto-detection can
be used instead. To use auto-detection, please disconnect all
interfaces before pressing 'a' to begin the process.

Enter the WAN interface name or 'a' for auto-detection
(igb0 igb1 igb2 igb3 igb4 igb5 ngeth0 or a): ngeth0

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(igb0 igb1 igb2 igb3 igb4 igb5 a or nothing if finished): igb0

Optional interface 1 description found: OPT1
Enter the Optional 1 interface name or 'a' for auto-detection
(igb1 igb2 igb3 igb4 igb5 a or nothing if finished): igb2

Optional interface 2 description found: OPT2
Enter the Optional 2 interface name or 'a' for auto-detection
(igb1 igb3 igb4 igb5 a or nothing if finished): igb3

Optional interface 3 description found: OPT3
Enter the Optional 3 interface name or 'a' for auto-detection
(igb1 igb4 igb5 a or nothing if finished): igb4

Optional interface 4 description found: OPT4
Enter the Optional 4 interface name or 'a' for auto-detection
(igb1 igb5 a or nothing if finished): igb5

Enter the Optional 5 interface name or 'a' for auto-detection
(igb1 a or nothing if finished):

The interfaces will be assigned as follows:

WAN -> ngeth0
LAN -> igb0
OPT1 -> igb2
OPT2 -> igb3
OPT3 -> igb4
OPT4 -> igb5

Do you want to proceed [y|n]? y

Writing configuration.....................................................................................................done.
One moment while the settings are reloading... done!
..Configuring looplo0: link state changed to UP
back interface...done.
Creating wireless clone interfaces...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring IPsec VTI interfaces...done.
Configuring WAN interface...done.
Configuring LAN interface...igb0: link state changed to DOWN
done.
bridge0: Ethernet address: 58:9c:fc:XX:XX:XX
igb0: promiscuous mode enabled
bridge0: link state changed to UP
Checking config backups consistency...done.
Setting up extended sysctls...done.
coretemp0: on cpu0
Setting timezone...done.
2021-03-06T06:53:59.807445-06:00 router.XXXXXX.XXX php-fpm 351 - - /rc.newwanip: rc.newwanip: Info: starting on ngeth0.

2021-03-06T06:53:59.808827-06:00 router.XXXXXX.XXX php-fpm 351 - - /rc.newwanip: rc.newwanip: on (IP address: 69.XXX.XXX.XXX) (interface: WAN[wan]) (real interface: ngeth0).
`

Intel igb/em Interfaces Broken on 2.6/22.01+

The dhcp lease for connections is not handed through to the ngeth0 interface properly. There isn't any real "errors" in the logs.

If you try to run the script manually after boot you get "ngctl: send msg: File exists"

Logs from pfatt.log:

2022-02-14 14:36:56 :: [pfatt.sh] :: pfSense + AT&T U-verse Residential Gateway for true bridge mode
2022-02-14 14:36:56 :: [pfatt.sh] :: Configuration:
2022-02-14 14:36:56 :: [pfatt.sh] :: ONT_IF: igb0
2022-02-14 14:36:56 :: [pfatt.sh] :: RG_IF: igb1
2022-02-14 14:36:56 :: [pfatt.sh] :: RG_ETHER_ADDR: [MY MAC HERE]
2022-02-14 14:36:56 :: [pfatt.sh] :: attaching interfaces to ng_ether... OK!
2022-02-14 14:36:56 :: [pfatt.sh] :: building netgraph nodes...
2022-02-14 14:36:56 :: [pfatt.sh] :: creating ng_one2many... 2022-02-14 14:37:00 :: [pfatt.sh] :: pfSense + AT&T U-verse Residential Gateway for true bridge mode

I am not running wpa_supplicant mode.

opnsense on FW4B Supplicant

Hello,

I've been troubleshooting this for several days now and am finally coming with an issue. I'd be happy to provide more info.

I have previously used bridge mode with pfsense at two other installs without any issues! Thank you for all the work you put into this project.

What I'm working with

However, I have migrated to opnsense when I moved and I'm having trouble. Here's what I'm using:

Software

OPNsense 21.1.4-amd64
FreeBSD 12.1-RELEASE-p15-HBSD
OpenSSL 1.1.1k 25 Mar 2021

Hardware

Protectli FW4B (With 4g failover Nic shows as a USB device ue0)

BGW210-700
XSGPON ONT (one of the two sites I've done this previously had the same ONT)

What I'm seeing

  • I've got the certs and I'm using the mac from the certs.
  • I've done packet captures and made sure that I've entered the correct EAP identity in the script
  • I've tried matching permissions of the certs with no luck there either. I've tried 600 666 and 700 as recommended.

When I take a capture of the [RG] -- [ONT] traffic I am able to capture the entire EAP handshake. I noticed that none of the EAP traffic are tagged on vlan0.

However, when I attempt [opnsense] -- [ont] and capture that traffic, my EAP outbound start packet is being tagged on vlan0. This is causing a loop in which both devices are ready to start authentication, but I'm on vlan0 and they're waiting around looking for untagged traffic.

At least that's what I suspect is happening as it's the only difference I can really tell. So, essentially I'm never seeing the EAP traffic progress past a EAP Request Identity and EAP Start.

image

Additional remarks:

Packet Capture Method

I wanted to add that I'm capturing the packets using a switch set up to mirror 3 ports. In this way I have the RG, ONT, and capture interface on laptop tied to the switch when capturing [RG] -- [ONT].
I have ONT, Opnsense, and capture interface on laptop tied to the switch when capturing [Opnsense]--[ONT].

What I'm capturing

The actual EAPOL start packet that I captured can be seen below. Clearly somehow it is getting tagged...

image

When it's [RG]--[ONT] I see the following in the start frame (Notice no tagging)

image

I am able to observe the entire EAP handshake for [RG]--[ONT]

image

Absolutely forgot to mention that I'm using the opnatt.sh from the supplicant_OPNsense_testing branch.Absolutely forgot to mention that I'm using the opnatt.sh from the supplicant_OPNsense_testing branch.

Conclusion

Thoughts?

Everything working but blinking red light?

Thanks for all the work on this! I got everything working ok but the Residential Gateway never gets a solid green light, it goes from blinking green to blinking red.

Looking at the tcpdump of the RG_IF it looks like the RG keeps waiting to receive the DHCP response, but the WAN interface did get it. Is this how it's supposed to work? My fear is that I think it might be working but the IP is cached and everything will break hours/days later when the RG wants to renew the certificate.

2.5.0, authentication working, but wpa_supplicant stuck at 100% CPU (single core)

I installed 2.5.0 snapshots to test Wireguard, and the supplicant bypass still works. Only problem is that after authentication, wpa_supplicant sits at 100% CPU forever. Killing the process fixes the issue, authentication is not affected.

Add this code into the authentication loop, just before the 'break' command to kill the process automatically without having to open an SSH session:

#A bug in pfSense 2.5 causes wpa_supplicant to run at 100% CPU after authentication. It will not stop unless the process is killed.
PID=$(pgrep -f "wpa_supplicant")
if [ ${PID} > 0 ];
then
/usr/bin/logger -st "pfatt" "a bug in pfsense 2.5 makes wpa_supplicant run at 100% cpu after authentication, terminating process PID ${PID}..."
RES=$(kill ${PID})
fi

Change DNS

Is it possible to change the DNS on pfsense to like 1.1.1.1 while running this? Whenever I go to System > General Setup > DNS Servers > change it to 1.1.1.1 and 1.0.0.1 > and add IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001.
Is this possible to do or do you need to have AT&Ts DNS in there for it to work, it seems to break my WAN when I do that.

netgate SG-1100 port names causes pfatt.sh to fail

The SG-1100 has virtualized ports mvneta0.4090, etc. that are not usable as is in pfatt.sh compared to the "normal" eth0, igb0, etc.. Very slow going trying to figure out how to modify the script. Has anyone pointers how to get over this hump?

I had tried ifconfig'ing the ports and pfatt.sh runs and ngeth0 gets created. Unfortunately, when the SG-1100 reboots, it trashes the changes and resets all the ports back to the default mcvneta0.409x.

Thank you in advance.

Fix spelling of maintain in repo description

enable true bridge mode for AT&T U-Verse and pfSense (this is a fork of an original repository https://github.com/aus/pfatt. Since it is not available anymore, I'll do my best to maitain a copy for people that still need a bypass)

Enable true bridge mode for AT&T U-Verse and pfSense (this is a fork of an original repository https://github.com/aus/pfatt. Since it is not available anymore, I'll do my best to maintain a copy for people that still need a bypass)

I appreciate this repo so much, thank you MonkWho

Internet connection dies after X hours

Hi!

Love this solution, thank you!

After what seems to be about 24 hours my internet connection drops, requiring a reboot of pfsense. Reboot fixes the issue perfectly and no further action is needed. Sometimes it drops out within an hour, though, but most times it's fine for almost a day.

I took a look at my pfatt.logs and don't see any information after the successful setup of each session right after reboot.

Is there a particular log that would help investigate this?

I'm running the following:

2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE

AMD A4-5050 APU with Radeon(TM) HD Graphics
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (inactive)

Thanks!

Enabling DHCPv6 on WAN causes intermittent IPv4 timeouts

When I enable DHCPv6 on the WAN interface, My IPv4 connection drops every 30 or so seconds. It eventually comes back up but the behavior persists. The WAN interface does not pull an IPv6 address. I'm using the opnatt script on OPNsense 20.1.7

OPNsense 20.1 compatibility

For OPNsense 20.1 compatibility I combined lists from @vaeden commit 19dce9d and @drewmullen commit 5192ce7.

I personally don't run OPNsense so I need your help with this one. Since it sounds like you guys are actually running OPNsense 20.1 can you please confirm that all of these modules in fact need to be loaded:

        /sbin/kldload -nq netgraph
        /sbin/kldload -nq ng_ether
        /sbin/kldload -nq ng_etf
        /sbin/kldload -nq ng_vlan
        /sbin/kldload -nq ng_eiface
        /sbin/kldload -nq ng_one2many

Proxmox support with no PCI passthrough

Some people can't make PCI passthrough work due to hardware reasons. The readme tells that there is an option for this case

You can also solve the EAP/802.1X and VLAN0/802.1Q problem by setting the group_fwd_mask and creating a vlan0 interface to bridge to your VM. See Other Methods below.

Is it possible to explain a bit on how would you do this? I can directly attach the USB dongle but not the main PCI interface, as my proxmox breaks if I try to.

Installed on ESXi, still not working

This is the log file and it looks fine. Tried rebooting ONT and RG. RG service light blinks green for a while then goes to solid red then finally goes out. Not sure what I am missing. I feel I followed steps properly.

Screen Shot 2020-08-22 at 10 51 58 PM

My 3 interfaces are as follows:
em0: ONT
em1: RG
em2: LAN

image

tcpdump -ei ngeth0

[2.4.5-RELEASE][[email protected]]/root: tcpdump -ei ngeth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ngeth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:45:15.106014 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:23.011877 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:44.172130 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:45.262121 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:47.266173 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:49.230695 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:54.028039 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:05.066959 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:13.196026 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:28.106230 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:00.040258 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:01.000230 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:03.000157 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:07.019151 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:15.226574 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:35.097724 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:43.057933 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:52.079999 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300

Message from syslogd@pfSense at Aug 22 22:48:08 ...
php-fpm[348]: /index.php: Successful login for user 'admin' from: 172.16.0.170 (Local Database)
22:48:16.171556 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:18.175716 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:23.018146 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:33.097332 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:40.003894 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:00.016727 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:09.167235 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:32.006248 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:33.012366 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:35.014616 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:39.056389 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:49.021019 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:59.139465 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:11.239891 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:24.116824 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:31.038834 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:48.173798 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:50.221487 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:54.089637 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:04.066762 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:11.129254 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:19.009237 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:30.155593 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:41.144369 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:04.051004 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:05.015108 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:06.017617 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:07.013296 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:09.043845 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:12.055380 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:18.019639 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:33.022350 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:41.132783 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:49.090376 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:56.102971 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:20.003780 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:22.154168 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:27.005195 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:39.089431 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300

tcpdump -ei em1

[2.4.5-RELEASE][[email protected]]/root: tcpdump -ei em1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
22:45:37.224124 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:45:58.186492 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:46:08.423205 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:09.423209 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:46:10.423378 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:12.423560 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:14.423689 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:18.423979 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:23.424229 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:46:24.424338 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:28.484080 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:46:28.484091 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:46:34.424875 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:41.617899 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:42.425254 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:43.425382 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:46:44.425486 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:46.425697 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:49.381063 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:49.425910 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:46:50.426051 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:52.426182 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:52.580978 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:53.426292 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:46:54.426367 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:56.426508 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:58.426645 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:46:58.791061 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:47:02.426886 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:47:07.427043 55:55:55:55:55:55 (oui Unknown) > 00:0c:29:d9:30:25 (oui Unknown), ethertype IPv4 (0x0800), length 60: 0.0.0.0 > 224.0.0.1: igmp query v3 [max resp time 1.0s]
22:47:08.427179 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:47:18.427696 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:47:29.079432 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:47:34.428509 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:47:59.377123 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:47:59.377135 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:48:00.429769 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46

Message from syslogd@pfSense at Aug 22 22:48:08 ...
php-fpm[348]: /index.php: Successful login for user 'admin' from: 172.16.0.170 (Local Database)
22:48:28.319300 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:48:29.674737 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:48:42.431588 00:50:56:57:5c:8e (oui Unknown) > Broadcast, ethertype Reverse ARP (0x8035), length 60: Reverse Request who-is 00:50:56:57:5c:8e (oui Unknown) tell 00:50:56:57:5c:8e (oui Unknown), length 46
22:48:59.972471 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:49:13.899451 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:49:30.270271 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:49:30.270283 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:49:44.015452 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:50:00.640927 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:50:30.925528 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:50:44.228468 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:51:01.223325 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:51:01.223338 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:51:31.520958 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:51:44.438512 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:52:01.818560 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:52:32.116392 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:52:32.116413 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:52:44.644924 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:53:02.414074 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:53:32.712152 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15

tcpdump -ei em0 This one displays my WAN IP (from when I just used gateway so I know) a few times. 162.206.XXX.X

[2.4.5-RELEASE][[email protected]]/root: tcpdump -ei em0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:44:48.055695 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:44:57.530974 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:44:57.531090 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:45:00.297866 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:07.092690 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:15.106034 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:23.011898 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:27.888764 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:45:37.224191 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:45:44.172150 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:45.262140 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:47.266194 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:49.230713 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:54.028082 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:45:58.186471 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:46:05.066983 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:08.035547 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:46:13.035121 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:46:13.196053 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:18.034775 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:46:28.106261 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:46:28.484046 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:46:28.484088 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:46:58.791030 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:47:00.040307 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:01.000251 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:03.000188 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:07.019166 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:15.226591 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:29.079404 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:47:35.097750 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:43.057964 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:52.080029 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:47:59.377101 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:47:59.377131 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15

Message from syslogd@pfSense at Aug 22 22:48:08 ...
php-fpm[348]: /index.php: Successful login for user 'admin' from: 172.16.0.170 (Local Database)
22:48:16.171576 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:18.175732 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:23.018165 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:23.025148 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:48:28.024901 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:48:28.319315 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:48:29.674721 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:48:33.024389 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:48:33.097348 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:40.003911 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:48:59.972450 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:49:00.016748 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:09.167278 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:13.899472 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:49:30.270250 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:49:30.270280 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:49:32.006296 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:33.012392 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:35.014663 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:39.056411 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:44.015472 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:49:49.021045 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:49:59.139487 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:00.640898 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:50:11.239928 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:24.116847 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:30.925498 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:50:31.038856 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:38.054862 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:50:43.054431 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:50:44.228487 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:50:48.054103 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:50:48.173828 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:50.221528 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:50:54.089660 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:01.223304 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:51:01.223334 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:51:04.066786 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:11.129291 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:19.009271 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:30.155640 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:31.520931 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:51:41.144399 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:51:44.438546 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:52:01.818542 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:52:04.051034 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:05.015137 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:06.017637 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:07.013318 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:09.043891 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:12.055404 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:18.019661 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:32.116361 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 4
22:52:32.116409 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:52:33.022372 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:41.132807 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:44.644942 dc:7f:a4:d9:a0:68 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 60: EAPOL start (1) v2, len 0
22:52:49.090411 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:53.044596 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:52:56.102991 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:52:58.044100 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:53:02.414036 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:53:03.043708 3c:8b:cd:db:80:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 162.206.XXX.X (dc:7f:a4:d9:a0:68 (oui Unknown)) tell 0.0.0.0, length 46
22:53:20.003841 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:22.154190 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:27.005214 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300
22:53:32.712131 00:90:d0:63:ff:01 (oui Unknown) > 01:80:c2:00:00:03 (oui Unknown), ethertype EAPOL (0x888e), length 64: EAP packet (0) v1, len 15
22:53:39.089463 dc:7f:a4:d9:a0:68 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 346: vlan 0, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from dc:7f:a4:d9:a0:68 (oui Unknown), length 300

Here is the output of a few of the troubleshooting commands:

[2.4.5-RELEASE][[email protected]]/root: kldstat -v
Id Refs Address            Size     Name
 1    3 0xffffffff80200000 37191d8  kernel (/boot/kernel/kernel)
	Contains modules:
		Id Name
		578 mlx4
		579 mlx4en
		566 newreno
		516 if_lo
		571 pflog
		572 pfsync
		573 pf
		569 ipsec
		557 ng_socket
		564 carp
		570 tcpmd5
		567 ip6_mroute
		568 mld
		563 igmp
		565 ip_mroute
		498 shell
		497 elf32
		496 elf64
		464 pseudofs
		510 if_bridge
		514 if_gre
		509 bridgestp
		519 if_vlan
		511 if_enc
		513 if_gif
		515 if_lagg
		517 if_tun
		556 ng_rfc1490
		555 ng_pred1
		540 ng_eiface
		554 ng_pptpgre
		553 ng_pppoe
		539 ng_echo
		552 ng_ppp
		538 ng_deflate
		551 ng_pipe
		531 ng_UI
		537 ng_cisco
		550 ng_one2many
		549 ng_mppc
		536 ng_car
		548 ng_lmi
		547 ng_l2tp
		535 ng_bridge
		546 ng_ksocket
		532 ng_async
		545 ng_iface
		534 ng_bpf
		544 ng_hole
		543 ng_framerelay
		542 ng_ether
		562 ng_vlan
		561 ng_vjc
		560 ng_tty
		559 ng_tee
		558 ng_tcpmss
		541 ng_etf
		504 sysvmsg
		505 sysvsem
		506 sysvshm
		507 aio
		575 nfssvc
		458 nfscommon
		461 nfsd
		576 nfslockd
		581 krpc
		457 msdosfs
		582 ufs
		465 unionfs
		459 nfs
		463 procfs
		462 nullfs
		495 cd9660
		466 tmpfs
		456 devfs
		500 acl_nfs4
		460 nfscl
		501 acl_posix1e
		 2 cam
		67 ata
		476 g_part_bsd
		126 pci/dc
		10 ada
		453 pci/xl
		389 uether
		298 rndtest
		145 pci/fxp
		384 uhub/rue
		 5 nda
		 9 ch
		14 enc
		 4 pmp
		13 sa
		 8 cd
		 3 aprobe
		12 pass
		 7 probe
		11 da
		 6 nvme_probe
		 1 xpt
		628 nvd
		479 g_part_mbr
		478 g_part_gpt
		477 g_part_ebr
		671 root/nexus_xen
		670 nexus/xenpv
		445 xenpv/xentimer
		444 pci/xenpci
		443 xenbusb_front/xe
		190 pci/ixv
		38 acpi/acpi_smbat
		442 xenbusb_back/xnb
		189 pci/ix
		93 pci/ath_pci
		92 pci/ata_via
		440 xenstore/xctrl
		439 xenpv/xc
		438 xenbusb_back/xbbd
		91 pci/ata_sis
		437 xenbusb_front/xbd
		90 pci/ata_sii
		436 xenstore/xenballoon
		89 pci/ata_serverworks
		669 isa/sysresource
		668 nexus/ram
		667 root/nexus
		88 pci/ata_promise
		434 pci/wpi
		433 pci/wi
		432 pccard/wi
		431 wb/miibus
		430 pci/wb
		429 watchdog
		428 pci/vx
		427 vte/miibus
		426 pci/vte
		87 pci/ata_nvidia
		666 legacy/cpu
		665 nexus/legacy
		86 pci/ata_netcell
		85 pci/ata_national
		664 nexus/apic
		663 pci/ioapic
		84 pci/ata_micron
		83 pci/ata_marvell
		82 pci/ata_jmicron
		81 pci/ata_ite
		425 nexus/vtvga
		424 vr/miibus
		423 pci/vr
		422 virtio_pci/virtio_console
		421 virtio_pci/virtio_scsi
		662 qpi/pcib
		661 nexus/qpi
		175 pci/iwn
		660 isa/pcibus_pnp
		659 legacy/pcib
		658 isa/orm
		657 acpi/atdma
		656 isa/atdma
		420 virtio_pci/virtio_balloon
		655 xenpv/isa
		654 legacy/isa
		653 acpi/attimer
		652 isa/attimer
		419 virtio_pci/virtio_blk
		651 acpi/atrtc
		650 isa/atrtc
		418 virtio_mmio/virtio_blk
		80 pci/ata_intel
		79 pci/ata_highpoint
		417 virtio_pci/vtnet
		416 virtio_mmio/vtnet
		78 pci/ata_cyrix
		77 pci/ata_cypress
		76 pci/ata_cenatek
		649 acpi/dmar
		75 pci/ata_ati
		74 pci/ata_amd
		168 pci/iwm
		648 cpu/p4tcc
		647 cpu/hwpstate
		646 cpu/est
		415 pci/virtio_pci
		73 pci/ata_ali
		645 cpu/powernow
		72 pci/ata_acard
		413 vge/miibus
		412 pci/vge
		71 atapci/ata
		70 pci/atapci
		411 uhub/ukbd
		410 uhub/uhid
		164 pci/iwi
		409 uhub/uvscom
		408 uhub/uvisor
		407 uhub/uslcom
		406 uhub/uplcom
		643 vgapci/vgapm
		642 isa/vga
		641 isa/sc
		640 pci/isci
		405 uhub/umodem
		639 pcib/xen_pci
		638 pcib/xen_acpi_pci
		637 pci/vmx
		404 uhub/umct
		403 uhub/uftdi
		402 uhub/ufoma
		401 uhub/uark
		636 scrndr-vga
		635 scterm-scteken
		634 speaker
		400 uhub/u3g
		633 pci/smartpqi
		399 uhub/zyd
		632 pci/qla80xx
		631 nehemiah
		630 rdrand
		398 uhub/urtw
		629 pci/nvme
		397 uhub/ural
		396 uhub/if_upgt
		627 nfe/miibus
		626 pci/nfe
		395 uhub/uath
		163 pci/isp
		393 uhub/run
		392 uhub/rum
		625 acpi/vmbus_res
		624 vmbus/hv_et
		623 acpi_syscontainer/vmbus
		622 pcib/vmbus
		23 nexus/acpi
		390 uhub/rsu
		621 vmbus/hv_timesync
		620 vmbus/hv_shutdown
		619 vmbus/hv_heartbeat
		618 vmbus/hv_vss
		617 vmbus/hv_kvp
		69 isa/ata
		616 vmbus/storvsc
		388 miibus/ruephy
		615 vmbus/hn
		614 vmbus/vmbus_pcib
		613 vmbus/hv_kbd
		612 pci/hptrr
		387 udav/miibus
		611 pci/hptnr
		386 uhub/udav
		385 rue/miibus
		610 pci/hptmv
		609 pci/hpt27xx
		608 pccard/fdc
		607 isa/fdc
		606 acpi/fdc
		605 fdc/fd
		383 mos/miibus
		382 uhub/mos
		381 uhub/kue
		380 uhub/cue
		379 uhub/cdce
		378 axge/miibus
		377 uhub/axge
		376 axe/miibus
		375 uhub/axe
		604 pci/ixlv
		374 aue/miibus
		373 uhub/aue
		372 uhub/uhub
		371 usbus/uhub
		68 pccard/ata
		159 pci/ipw
		158 pci/ips
		370 uhub/umass
		369 saf1761otg/usbus
		368 dwcotg/usbus
		367 octusb/usbus
		366 uss820dci/usbus
		365 musbotg/usbus
		364 at91_udp/usbus
		603 pci/ixl
		602 io
		363 xhci/usbus
		362 ehci/usbus
		361 uhci/usbus
		600 pci/bxe
		360 ohci/usbus
		599 acpi/psmcpnp
		598 isa/psmcpnp
		597 atkbdc/psm
		157 ips/ipsd
		596 acpi/atkbdc
		595 isa/atkbdc
		594 atkbdc/atkbd
		593 pci/arcmsr
		592 hostb/agp_via
		591 vgapci/agp_i810
		590 hostb/agp_amd64
		589 acpi/hpet
		37 acpi/acpi_syscontainer
		588 nexus/padlock
		359 pci/xhci
		358 pci/uhci
		357 pci/ohci
		356 pci/ehci
		355 pci/ubsec
		156 pci/iir
		354 puc/uart
		353 pci/uart
		352 pccard/uart
		351 isa/uart
		350 acpi/uart
		349 pci/txp
		36 acpi/acpi_sysresource
		348 tx/miibus
		587 acpi/fpupnp
		347 pci/tx
		586 root/nexus_acpi
		66 pci/an
		585 xenstore/xenbusb_back
		584 xenstore/xenbusb_front
		65 pccard/an
		155 pci/ida
		154 ida/idad
		346 pci/tws
		153 pci/hptiop
		152 pci/hme
		345 twe/twed
		344 pci/twe
		343 pci/twa
		151 hme/miibus
		342 pci/trm
		341 tl/miibus
		340 pci/tl
		339 pci/ti
		150 pci/hifn
		338 pci/sym
		337 stge/miibus
		336 pci/stge
		335 ste/miibus
		334 pci/ste
		333 midi
		149 pci/gem
		332 sound
		148 gem/miibus
		147 miibus/inphy
		146 fxp/miibus
		144 firewire/sbp
		64 isa/an
		143 pci/fwohci
		331 hdac/snd_hda
		63 pci/amr
		330 pci/snd_hda
		142 fwohci/firewire
		329 hdaa/snd_hda_pcm
		328 hdacc/snd_hda
		62 amr/amrd
		327 pci/snd_via8233
		326 pci/snd_ich
		325 pci/snd_es137x
		324 emu10kx/snd_emu10kx_midi
		323 emu10kx/snd_emu10kx_pcm
		322 pci/snd_emu10kx
		321 csa/snd_csapcm
		320 pci/snd_csa
		319 pci/snd_cmi
		26 acpi/acpi_cmbat
		318 sk/miibus
		317 skc/sk
		316 pci/skc
		141 udl/fbd
		580 nexus/cryptosoft
		315 sis/miibus
		314 pci/sis
		313 siis/siisch
		312 pci/siis
		140 drmn/fbd
		311 pci/siba_bwn
		310 sge/miibus
		309 pci/sge
		308 sf/miibus
		307 pci/sf
		306 sdhci_pci/mmc
		305 pci/sdhci_pci
		304 sdhci_acpi/mmc
		303 acpi/sdhci_acpi
		302 pci/safe
		139 fb/fbd
		138 exca
		299 pci/rtwn
		297 rl/miibus
		296 cardbus/rl
		295 pci/rl
		294 re/miibus
		577 uhub/usb_linux
		293 pci/re
		137 pci/esp
		61 ale/miibus
		60 pci/ale
		20 pci/aacch
		19 pci/aac
		136 et/miibus
		135 pci/et
		59 alc/miibus
		134 pci/igb
		58 pci/alc
		35 cpu/acpi_perf
		34 pci/acpi_pcib
		57 ahc
		574 nfslock
		287 pci/ral
		56 ahd
		286 pci/puc
		285 pccard/puc
		33 acpi/acpi_pcib
		284 puc/ppc
		283 pci/ppc
		282 isa/ppc
		281 acpi/ppc
		280 ppbus/ppi
		279 ppc/ppbus
		25 acpi/acpi_button
		278 ppbus/lpt
		32 acpi/acpi_pci_link
		22 pci/aacraid
		277 pci/pmspcv
		18 aac/aacd
		31 pcib/acpi_pci
		133 pci/lem
		55 pci/ahd
		54 pci/ahc_pci
		132 pci/em
		131 pci/dpt
		130 pci/de
		129 miibus/pnphy
		128 miibus/dcphy
		276 pcn/miibus
		275 pci/pcn
		274 pci/vgapci
		273 pci/pcib
		499 cpu/cpufreq
		127 dc/miibus
		53 isa/ahc_isa
		52 pccard/aic
		51 atapci/ahci
		272 pcib/pci
		271 pci/isab
		270 pci/ignore_pci
		269 pci/hostb
		268 pci/fixup_pci
		267 pci/cbb
		266 isa/cbb
		265 cbb/pccard
		264 pcic/pccard
		122 cc/vcc
		263 pci/ocs_fc
		121 cxl/vcxl
		120 cxgbe/vcxgbe
		494 eisab/isa
		493 isab/isa
		119 t6nex/cc
		262 pci/oce
		261 null
		260 nge/miibus
		259 pci/nge
		118 t5nex/cxl
		258 netmap
		117 t4nex/cxgbe
		116 pci/t6nex
		115 pci/t5nex
		114 pci/t4nex
		253 pci/mxge
		50 pci/ahci
		251 pci/mwl
		24 acpi/acpi_acad
		250 pci/mvs
		249 sata/mvsch
		248 mvs/mvsch
		49 ahci/ahciem
		247 msk/miibus
		246 mskc/msk
		245 pci/mskc
		48 ahci/ahcich
		30 acpi/acpi_lid
		21 aacraid/aacraidp
		244 pci/mrsas
		47 age/miibus
		46 pci/age
		29 acpi/acpi_isab
		28 acpi/acpi_ec
		241 pci/mpt
		113 pci/t6iov
		112 pci/t5iov
		111 pci/t4iov
		110 cxgbc/cxgb
		109 pci/cxgbc
		238 pci/mps
		108 cpu/ichss
		17 aac/aacp
		45 ae/miibus
		237 pci/mpr
		44 pci/ae
		236 mmc/mmcsd
		235 pci/mly
		234 pci/mlx
		233 mlx/mlxd
		232 miibus/xmphy
		231 miibus/vscphy
		230 miibus/ukphy
		229 miibus/truephy
		228 miibus/tlphy
		227 miibus/tdkphy
		226 miibus/smscphy
		225 miibus/smcphy
		224 miibus/rlphy
		223 miibus/rgephy
		222 miibus/rdcphy
		221 miibus/qsphy
		220 miibus/pnaphy
		219 miibus/nsphyter
		218 miibus/nsphy
		217 miibus/nsgphy
		216 miibus/mlphy
		215 miibus/lxtphy
		214 miibus/jmphy
		213 miibus/ip1000phy
		212 miibus/icsphy
		211 miibus/gentbi
		210 miibus/e1000phy
		209 miibus/ciphy
		208 miibus/brgphy
		207 miibus/bmtphy
		206 miibus/axphy
		205 miibus/atphy
		204 miibus/amphy
		203 miibus/acphy
		202 mfi/mfisyspd
		201 mfi/mfid
		200 pci/mfi
		43 pci/adw
		199 mem
		107 pci/ciss
		42 pci/adv
		106 cas/miibus
		197 pci/malo
		105 pci/cas
		196 lge/miibus
		195 pci/lge
		104 cbb/cardbus
		194 pci/le
		193 kbdmux
		103 siba_bwn/bwn
		41 acpi/acpi_timer
		192 jme/miibus
		191 pci/jme
		40 cpu/acpi_throttle
		102 pci/bwi
		101 pci/bt
		100 isa/bt
		99 bge/miibus
		98 pci/bge
		97 bfe/miibus
		96 pci/bfe
		95 bce/miibus
		455 miibus/xlphy
		454 xl/miibus
		452 xenpv/xendebug
		451 xenpv/privcmd
		94 pci/bce
		450 xenpv/evtchn
		27 acpi/cpu
		449 xenpv/xsd_dev
		448 xenstore/xs_dev
		447 xenpv/xenstore
		39 acpi/acpi_tz
		518 if_tap
		446 xenpv/xenpvcpu
		242 mpt_raid
		480 g_raid
		475 g_part
		474 g_mirror
		468 g_eli
		473 g_label
		472 g_vfs
		486 g_raid_md_sii
		467 g_bde
		485 g_raid_md_promise
		198 g_md
		484 g_raid_md_nvidia
		492 g_uzip
		240 mpt_cam
		483 g_raid_md_jmicron
		471 g_flashmap
		583 g_class
		482 g_raid_md_intel
		243 mpt_user
		481 g_raid_md_ddf
		470 g_disk
		469 g_dev
		525 wlan_wep
		524 wlan_tkip
		523 wlan_ccmp
		522 wlan_amrr
		521 wlan_wlan_acl
		16 rc4
		441 xenpv/granttable
		257 mxge_rss_ethp_z8e_fw
		256 mxge_rss_eth_z8e_fw
		255 mxge_ethp_z8e_fw
		254 mxge_eth_z8e_fw
		435 wpi_fw
		252 mwl_fw
		125 t6fw_cfg_fw
		301 rtwn_rtl8192cfwU_B_fw
		300 rtwn_rtl8192cfwU_fw
		124 t5fw_cfg_fw
		188 iwn6050fw_fw
		187 iwn6000g2bfw_fw
		186 iwn6000g2afw_fw
		292 random_device
		185 iwn6000fw_fw
		184 iwn5150fw_fw
		183 iwn5000fw_fw
		239 mpt_core
		491 g_raid_tr_raid5
		291 rt2860_fw
		490 g_raid_tr_raid1e
		290 rt2661_fw
		489 g_raid_tr_raid1
		289 rt2561s_fw
		488 g_raid_tr_raid0
		288 rt2561_fw
		487 g_raid_tr_concat
		414 virtio
		503 firmware
		182 iwn4965fw_fw
		181 iwn2030fw_fw
		180 iwn2000fw_fw
		394 runfw_fw
		391 rsu_rtl8712fw_fw
		502 rootbus
		179 iwn135fw_fw
		178 iwn105fw_fw
		177 iwn100fw_fw
		530 wlan_xauth
		176 iwn1000fw_fw
		529 wlan_sta
		528 wlan_rssadapt
		527 wlan_ratectl_none
		174 iwm8265fw_fw
		173 iwm8000Cfw_fw
		508 zlib
		172 iwm7265Dfw_fw
		171 iwm7265fw_fw
		170 iwm7260fw_fw
		169 iwm3160fw_fw
		123 t4fw_cfg_fw
		526 wlan
		533 netgraph
		15 xz
		520 iflib
		512 ether
		644 x86bios
 2    1 0xffffffff83a19000 10c0     cpuctl.ko (/boot/kernel/cpuctl.ko)
	Contains modules:
		Id Name
		672 cpuctl
[2.4.5-RELEASE][[email protected]]/root: ngctl list
There are 9 total nodes:
  Name: em0             Type: ether           ID: 00000001   Num hooks: 1
  Name: em1             Type: ether           ID: 00000002   Num hooks: 2
  Name: ngctl42914      Type: socket          ID: 00000085   Num hooks: 0
  Name: <unnamed>       Type: socket          ID: 00000006   Num hooks: 0
  Name: o2m             Type: one2many        ID: 0000000b   Num hooks: 3
  Name: vlan0           Type: vlan            ID: 0000000e   Num hooks: 2
  Name: ngeth0          Type: eiface          ID: 00000011   Num hooks: 1
  Name: waneapfilter    Type: etf             ID: 00000015   Num hooks: 2
  Name: laneapfilter    Type: etf             ID: 00000019   Num hooks: 3
[2.4.5-RELEASE][[email protected]]/root: ngctl show em0
ngctl: send msg: No such file or directory
[2.4.5-RELEASE][[email protected]]/root: ngctl show em0:
  Name: em0             Type: ether           ID: 00000001   Num hooks: 1
  Local hook      Peer name       Peer type    Peer ID         Peer hook      
  ----------      ---------       ---------    -------         ---------      
  lower           o2m             one2many     0000000b        one            
[2.4.5-RELEASE][[email protected]]/root: ngctl show em1:
  Name: em1             Type: ether           ID: 00000002   Num hooks: 2
  Local hook      Peer name       Peer type    Peer ID         Peer hook      
  ----------      ---------       ---------    -------         ---------      
  upper           laneapfilter    etf          00000019        nomatch        
  lower           laneapfilter    etf          00000019        downstream     
[2.4.5-RELEASE][[email protected]]/root: ngctl show ngeth0:
  Name: ngeth0          Type: eiface          ID: 00000011   Num hooks: 1
  Local hook      Peer name       Peer type    Peer ID         Peer hook      
  ----------      ---------       ---------    -------         ---------      
  ether           vlan0           vlan         0000000e        vlan0          
[2.4.5-RELEASE][[email protected]]/root:

Here is my diagram from the map command.

Screen Shot 2020-08-22 at 10 49 59 PM

If anyone could offer assistance I would appreciate it. I am not seeing the issue. I even tried swapping the cables for em0 and em1 just in case I chose the wrong one in the config file, still nothing.

Extremely Slow Speeds with FW4B

I am looking to see if there is a known issue with speed drops once using the bypass method, or maybe it is caused by using the 5268AC? I just got the Protectli FW4B and have been using 2.4.5p1 due to not being able to get it working with 2.5. I have been running "successfully" for about 4 weeks now. However, I have tried multiple fresh installations with nothing except the required stuff to make pfatt work. I get the following speeds no matter what I have tried:

Only on RG:
~950up/~940down

Using pfatt:
~160-350up/~150down

Am I missing something? I tried swapping the ethernet cable as I heard that caused it for one person, but that didn't help me. Would buying a NVG599 from ebay and getting the certs fix this? I am assuming it must not happen very often as there is only like two reddit posts and zero issues on here.

Thanks for your help!

Request more noob friendly instruction for ipv6 Prefix Delegation

Under the IPV6 Section it has

DHCPv6 Server & RA

Go to Services > DHCPv6 Server & RA
Enable DHCPv6 server on interface LAN
Configure a range of ::0001 to ::ffff:ffff:ffff:fffe
Configure a Prefix Delegation Range to 64
Save
Go to the Router Advertisements tab
Configure Router mode as Stateless DHCP
Save

The part I just literally cannot understand is the
Configure a Prefix Delegation Range to 64

Would It be possible to just add the From and To Values to the guide?

Unable to ping IPV6 Addresses from pfsense but can on LAN

I do not know if a lot of people are running into this issue. I do know that this issue makes updating/installing packages a pain as it just hangs for a long time.

This is what I have come accross

Making this change allows the router to actually access ipv6 and all issues with updating/package manger stop.

"On WAN interface check "Only request an IPv6 prefix, do not request an IPv6 address".
ATT doesn't provide a routable IP to the interface."

Anyone else have thoughts on this?

PfSense 2.5 compatibility

PfSense 2.5 compatibility

What's the ETA for PfSense 2.5 compatibility and the right ng_etf.ko version. please?

[Question] DMZ setup

I am trying to setup a physical DMZ for my home network but not sure if its possible to allow external traffic to other interfaces. I'm curious if you've considered this or if you have advice.

My router has 4 ethernet ports so physical separation isnt a problem for me. In this circumstance though I'm open to setting up DMZ via VLANs if thats easier; I'm just not super familiar with those concepts so I opted for physical

OPNSense 20.1 - My current setup is by-the-book (readme docs hehe) except adding in the extra kernel mods

This is a great project, thank you for taking over!

Internet outage at random with 5268AC

I used to do the hand swap method by automating config changes on my VLAN switch and would literally have months of uptime and only a power cycle took it down. I wanted to streamline my setup a little so a few days ago I went with the method in this repo. My problem is it will only stay up for about 4 hours before it goes down. The docs say to use a reliable ping host but I left it at 8.8.8.8 because I figured that would be reliable. My thinking is randomly google fails to respond to the ping so then it brings the bridge back up which deauths the ONT and then it never recovers. Looking at the pfatt.log I can see it toggling the bridge up and down at random (sometimes once per hour) but I suspect reauth was never actually necessary. When I did the hand swap method I only had the RG online at boot and then I would take it offline for months at a time. I just switched my ping host to the WAN default gateway. So maybe it will not falsely detect outages going forward.

Does this sound like a reasonable hypothesis?

I ordered a BGW210-700 on eBay which will be here on Tuesday. Hopefully I can extract the certs and switch to the wpa_supplicant method and put the 5268AC in storage.

opnsense fails to bring up pfatt interface on boot

Whenever I reboot my firewall, the WAN interface fails to come up. From /var/log/pfatt.log:

2020-06-05 21:37:53 :: [pfatt.sh] :: building netgraph nodes...
2020-06-05 21:37:53 :: [pfatt.sh] ::   creating ng_one2many... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   creating vlan node and interface... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   defining etf for bge1 (ONT)... OK!
2020-06-05 21:37:53 :: [pfatt.sh] ::   defining etf for ue0 (RG)... ngctl: send msg: No such file or directory

I guess the USB fast ethernet adapter isn't available yet when the /usr/local/etc/rc.syshook.d/early/ scripts run. Unfortunately if I move the pfatt script to the start directory then the firewall comes up with the wrong interface assigned to WAN.

If I put the pfatt script into the early directory then it partially runs until failure and I can SSH into the firewall and re-run the pfatt script manually. This works fine but it's hardly an ideal solution.

I'm using the exact ethernet adapter recommended in the readme, on an older (c. 2012) Dell PowerEdge server, running opnsense 19.7.10.

Has anyone else had this issue? If others have had this same problem then it might make sense to revise the README.

PFsense Restart required after internet loss

Hardware:
Netgate SG4860 Desktop w/ USB ethernet adapter
Pace 5268AC

Issue:
After an internet outage (normally from power loss) PFSense does not regain an internet connection until PFSense is rebooted.

Attached is the relevant section of my pfatt.log
Please let me know what other information you need to troubleshoot this issue.
pfatt.log

Could you run this in front of another router?

Currently have a UDM Pro which can only do basic routing, so I bought a Pfsense box to go infront of it to do management of another network currently have the two separate routers on two different public IPs, any way I could pass static addresses and get IPv6 on my routers in front of the Pfsense box, I haven’t got mine yet to test. Just wondering if anyone else has a config like this.

SG-3100

Script works great. I set it up on my Netgate SG-3100 in less that an hour. I wanted to let you know that as of 2.4.5-p1, ng_etf IS included with the arm package so the master branch applies. Related: https://redmine.pfsense.org/issues/10463

PfSense 2.5 issue

Recently tried out PfSense 2.5 to test out the new version of unbound which fixes some issues with PfBlockerNG and null blocking and the python module which provides client ip addresses of DNS requests when using null blocking and noticed that wpa_supplicant is using all of one core upon boot.

Killing the PID results in loss of WAN but starting it back up using just the wpa_supplicant command from the script seems to restore WAN connectivity and not eat up the CPU.

Not sure how to troubleshoot but this might be something to look at as the 2.5 branch seems to be getting close to release.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.