Comments (11)
In some of these scripts I'm seeing, I dont see a filter for eap traffic to not be tagged (unless I'm missing something). Seems to be several reports of it working correctly with all traffic tagged as vlan 0.
from pfatt.
I don't either but I was surprised to see at least one packet from the EAPoL protocol was not tagged. I think it was the initial broadcast on the MAC address used to start the interaction. At least that's my recollection from the working setup.
from pfatt.
from pfatt.
@christopher-bowman Netgate (the company that makes pfsense) has recently completed a lot of work incorporating Layer 2 functionality in pf. As part of this, we enabled two new pieces of functionality 'dup-to' and 'bridge-to' that are designed with the idea of replacing the netgraph-based functionality of pfatt.
I'm wondering if you (and @tman785 is welcome of course, but IDK when OPNsense might adopt this work, and IDK if @MonkWho is even watching this repo at this point) are open to testing this (very new) functionality
from pfatt.
@christopher-bowman Finally got around to getting non-tethered to work on 22.7.4. As for whether setting vlanpcp 0 works, I couldn't get past authorization. At some point maybe next week, I'll do a packet trace between the two methods.
from pfatt.
@christopher-bowman I gave it a shot to look at the traffic. Vlan is set to 0 when we run ifconfig $ONT_IF vlanpcp 0.
But for some reason, after wpa_supplicant sends out the START command, we receive the "Request, Identity" from the ONT, but nothing occurs after. It's like wpa_supplicant isnt responding to the traffic.
As for the script, I used my actual working script and modified it to comment out anything referring to netgraph. One thing I also did was comment these out:
# /sbin/ifconfig $ONT_IF up
# /sbin/ifconfig $ONT_IF promisc -vlanhwtag -vlanhwfilter -vlanhwtso
I dont think we need the $ONT_IF in promiscuous mode.
Any ideas? I dont get how wpa_supplicant will start the process but not respond. Unless there's an issue w/ the script itself.
from pfatt.
I am having similar issues with newer versions of Opnsense. I have seen it work on older versions though. I wonder what has changed and how to fix it. I am trying to setup a packet trace, I think a promiscuous listener 3rd party on a dumb switch should work, right?
from pfatt.
I am having similar issues with newer versions of Opnsense. I have seen it work on older versions though. I wonder what has changed and how to fix it. I am trying to setup a packet trace, I think a promiscuous listener 3rd party on a dumb switch should work, right?
Never heard of it working outside of netgraph - I didnt think FreeBSD officially supports vlan 0 and we're just using some workaround where setting the pcp value to 0 also sets the vlan to 0.
I did see one post do it on ESXi, but they had the adapter within the host tag everything as vlan 0.
from pfatt.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224961
Just to add some of my own notes here. I am current user of the Intel 350 NIC and because of this have had troubles getting this to work on native PfSense. I have since moved to ESXi and using the VLAN 0 option of the vswitch at the ESXi layer have been able to bypass the need for NetGraph and it's incompatibility with my native 12.x intel driver.
During this however I purchased a UDMP SE from ubiquity and was able to get it to authenticate natively by using VLAN 0 but I had to set a QoS value of 1, I thought this was just a GUI limitation but looking at the FreeBSD bug link above I wonder if setting the PCP to 1 would actually still set the VLAN to 0 and provide the desired result with respect to this traffic. Just judging from some of the responses in the thread linked above it looks like PCP actually designates a priority and not a VLAN but a side effect is that it sets the VLAN to 0 as a result.
Anyways it's something to try, hope it helps.
from pfatt.
Some more information I found from here https://www.freebsd.org/cgi/man.cgi?ifconfig(8)
vlanpcp priority_code_point
Priority code point (PCP) is an 3-bit field which refers to the
IEEE 802.1p class of service and maps to the frame priority
level.
Values in order of priority are: 1 (Background (lowest)), 0 (Best
effort (default)), 2 (Excellent effort), 3 (Critical
applications), 4 (Video, < 100ms latency and jitter), 5 (Voice, <
10ms latency and jitter), 6 (Internetwork control), 7 (Network
control (highest)).
Maybe try using a value higher than 1?
from pfatt.
wpa supplicant was patched to allow this to work, not sure if anyone saw that announcement in the other threads
from pfatt.
Related Issues (20)
- OpnSense 22.1 Issue HOT 66
- Is RG_ETHER_ADDR needed in supplicant mode? HOT 6
- Intel igb/em Interfaces Broken on 2.6/22.01+ HOT 166
- BGW320? HOT 7
- Wow, that is unfortunate. Would have saved me some money on ebay. Good thing this worked for me as well: HOT 1
- Does the bypass work with XGS-PON if you have a BGW210? HOT 5
- Opnatt - mac addr on ngeth0 is not changing
- `wpa_supplicant`: Private key passphrase needed for SSID HOT 1
- ACME Client cron Job Causes Loss of WAN Connectivity HOT 4
- OPNsense 22.7 HOT 25
- PfSense 23.01/2.7 (FreeBSD 14.0) HOT 58
- Enhancement - speed up booting HOT 1
- "sh: /conf/pfatt/bin/pfatt.sh: Permission denied" on pfSense 2.6 w/ ZFS HOT 4
- Use *sense without netgraph HOT 35
- pfSense 23.05 - EarlyShellCmd Changes - negth0 prevents booting HOT 41
- How to run gen-duid.sh HOT 1
- Is there a way to get the wireless on the RG working? HOT 2
- Updated instructions HOT 2
- Stuck on 22.05 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pfatt.