"Quote from: adamrc on August 06, 2024, 09:18:08 PM
I'm back up and running as well. I scrapped everything and went to the 8311 Discord channel for bypassing and got the proper info. Here are the files and contents that I used. Netgraph is no longer used/needed anymore.
/usr/local/etc/rc.syshook.d/early/04-wpa (make sure to chmod +x this file)Code Select#!/bin/sh
env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf
/conf/wpa/openssl.confCode Selectopenssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0
/conf/wpa/wpa_supplicant.confCode Select# Generated by 802.1x Credential Extraction Tool
# Copyright (c) 2018-2019 devicelocksmith.com
# Version: 1.04 windows 386
#
# Change file names to absolute paths
ctrl_interface=DIR=/var/run/wpa_supplicant
openssl_ciphers=DEFAULT@SECLEVEL=0
eapol_version=2
ap_scan=0
fast_reauth=1
network={
ca_cert="/conf/wpa/ca.pem"
client_cert="/conf/wpa/client.pem"
eap=TLS
eapol_flags=0
identity="REDACTED" # Internet (ONT) interface MAC address must match this value
key_mgmt=IEEE8021X
phase1="allow_canned_success=1"
private_key="/conf/wpa/private.pem"
}
Quote from: Quasmo on September 13, 2024, 02:46:58 PM
For those seeing this. I was able to solve my problem. I had to make sure that the interface was enabled before I could run the WPA supplicant code.
I went to the 8311 discord and found the code posted here by Adamrc. There is a line omitted in the /usr/local/etc/rc.syshook.d/early/04-wpa file.Code Select
#!/bin/sh
/sbin/ifconfig igb0 link FF:FF:FF:FF:FF:FF
env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf
Where igb0 is the interface, and FF:FF:FF:FF:FF:FF is the Gateway MAC
These two posts got me back up and running.
The MAC addresses mentioned in the "04-wpa" and "wpa_supplicant.conf" files, is the MAC of the WAN port on the AT&T issued router. This same MAC address needs to be used in the opnsense GUI under Interfaces > Assignments > select your AT&T WAN interface > MAC address. On this same page look for Device at the top and take note of what it says. If it says something other than igb0, change the two places that say igb0 in 04-wpa to your network device name. Example: I had to change from igb0 to igc7 for my setup to work.
