Messages

1

24.7 Production Series / Re: [SOLVED]: 24.7 Upgrade from 24.1.10 broke my AT&T Fiber Bypass

« on: September 14, 2024, 06:15:09 pm »

I'm back up and running as well.  I scrapped everything and went to the 8311 Discord channel for bypassing and got the proper info.  Here are the files and contents that I used.  Netgraph is no longer used/needed anymore.

/usr/local/etc/rc.syshook.d/early/04-wpa (make sure to chmod +x this file)

Code: [Select]

#!/bin/sh
env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf
/conf/wpa/openssl.conf

Code: [Select]

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0
/conf/wpa/wpa_supplicant.conf

Code: [Select]

# Generated by 802.1x Credential Extraction Tool
# Copyright (c) 2018-2019 devicelocksmith.com
# Version: 1.04 windows 386
#
# Change file names to absolute paths
ctrl_interface=DIR=/var/run/wpa_supplicant
openssl_ciphers=DEFAULT@SECLEVEL=0
eapol_version=2
ap_scan=0
fast_reauth=1
network={
        ca_cert="/conf/wpa/ca.pem"
        client_cert="/conf/wpa/client.pem"
        eap=TLS
        eapol_flags=0
        identity="REDACTED" # Internet (ONT) interface MAC address must match this value
        key_mgmt=IEEE8021X
        phase1="allow_canned_success=1"
        private_key="/conf/wpa/private.pem"
}


For those seeing this. I was able to solve my problem. I had to make sure that the interface was enabled before I could run the WPA supplicant code.

I went to the 8311 discord and found the code posted here by Adamrc. There is a line omitted in the /usr/local/etc/rc.syshook.d/early/04-wpa file.

Code: [Select]

#!/bin/sh
/sbin/ifconfig igb0 link FF:FF:FF:FF:FF:FF

env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf

Where igb0 is the interface, and FF:FF:FF:FF:FF:FF is the Gateway MAC

These two posts got me back up and running.

The MAC addresses mentioned in the "04-wpa" and "wpa_supplicant.conf" files, is the MAC of the WAN port on the AT&T issued router. This same MAC address needs to be used in the opnsense GUI under Interfaces > Assignments > select your AT&T WAN interface > MAC address. On this same page look for Device at the top and take note of what it says. If it says something other than igb0, change the two places that say igb0 in 04-wpa to your network device name. Example: I had to change from igb0 to igc7 for my setup to work.

2

21.1 Legacy Series / Re: Alias Invalid Argument Error

« on: March 07, 2021, 05:55:01 pm »

You are correct. Increased Settings: Advanced->Firewall Maximum Table Entries from "blank" (default 200000) to 500000 and was able to "apply". Thank you.

3

21.1 Legacy Series / Alias Invalid Argument Error

« on: March 07, 2021, 07:05:46 am »

Trying to use the following IP list in an URL Table (IP) alias. Saving works fine. But when I hit "apply" it gives an "invalid argument" error. The list looks simple enough.
What am I missing?

The List: https://raw.githubusercontent.com/ejrv/VPNs/master/vpn-ipv4.txt

The Alias:


The Error: