Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - adamrc

#1
Quote from: effex on August 19, 2024, 12:16:48 AM
Quote from: adamrc on August 09, 2024, 11:54:38 PM
Quote from: effex on August 09, 2024, 11:28:24 PM
Mine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to "daemonize" and gives me a permission denied. Any way to further debug it?

No need for the openatt.sh script using my method above. Just ensure certs are in the folders specified in the file.


On the identity piece, is that the RG modem's former MAC address like the same as the opnaatt.sh script or are you saying my WAN mac address on my opnsense box?

It's the AT&T RG modem MAC address.
#2
Quote from: effex on August 09, 2024, 11:28:24 PM
Mine is still not working with the code above. The openatt.sh script seems to work just fine, however, something is not working with wpa_supplicant. I tried manually executing the script in early and it gets to "daemonize" and gives me a permission denied. Any way to further debug it?

No need for the openatt.sh script using my method above. Just ensure certs are in the folders specified in the file.
#3
I'm back up and running as well.  I scrapped everything and went to the 8311 Discord channel for bypassing and got the proper info.  Here are the files and contents that I used.  Netgraph is no longer used/needed anymore.

/usr/local/etc/rc.syshook.d/early/04-wpa (make sure to chmod +x this file)

#!/bin/sh
env OPENSSL_CONF=/conf/wpa/openssl.conf /usr/local/sbin/wpa_supplicant -Dwired -i igb0 -B -C /var/run/wpa_supplicant -c /conf/wpa/wpa_supplicant.conf


/conf/wpa/openssl.conf

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0


/conf/wpa/wpa_supplicant.conf

# Generated by 802.1x Credential Extraction Tool
# Copyright (c) 2018-2019 devicelocksmith.com
# Version: 1.04 windows 386
#
# Change file names to absolute paths
ctrl_interface=DIR=/var/run/wpa_supplicant
openssl_ciphers=DEFAULT@SECLEVEL=0
eapol_version=2
ap_scan=0
fast_reauth=1
network={
        ca_cert="/conf/wpa/ca.pem"
        client_cert="/conf/wpa/client.pem"
        eap=TLS
        eapol_flags=0
        identity="REDACTED" # Internet (ONT) interface MAC address must match this value
        key_mgmt=IEEE8021X
        phase1="allow_canned_success=1"
        private_key="/conf/wpa/private.pem"
}
#4
Thanks Ben S for the info.  I have not tried the latest code.  Will give that a try over the next couple of days and see what happens. 
#5
The only fix I wanted to mess with at the time was to bring my AT&T gateway back into the mix and use that instead.  I'm curious as to if any others that have been using this AT&T gateway bypass have also experinced this issue after upgrading to 24.7.  I am really enjoying the much faster wireguard speeds on 24.7.

Setting up the bypass certainly took a bit of work but after it was all done, it has been super reliable with rock solid stability. I certainly want to get it back up and running as I don't like going through the AT&T gateway. This update is the first time any update has caused any type of disruption to my network. 
#6
This morning I upgraded from 24.1.10 to 24.7.  I've been successfully using the AT&T bypass which uses WPA_Supplicant along with Netgraph as seen in the instructions here:  https://github.com/owenthewizard/opnatt

Unfortunately, it hangs upon booting up.  See attached screenshot.  It no longer seems to pull the WAN IP anymore.  I can do a Control + C to continue to boot but even within the GUI, it doesn't pull an IP anymore.

Any ideas on what I could try to fix it?  It's been working great for so long prior to this update. 
#7
Quote from: jp0469 on February 02, 2024, 09:40:57 PM
Quote from: adamrc on February 02, 2024, 07:40:47 PM
Will there be a future patch/update that will be deployed to address this issue for those of us that do not want to manually modify the file referenced above?
You don't have to manually edit the file. You can just apply the commit from github yourself.

opnsense-patch d8ba131

Or you can wait until the next OPNsense update.

That worked great! Thanks! I had to reboot for the changes to apply.
#8
Will there be a future patch/update that will be deployed to address this issue for those of us that do not want to manually modify the file referenced above?
#9
Many times on my new install of OPNsense 22.7.2 upon saving/applying changes, I receive a "Your connection was interrupted" message in my browser. 

I'm using Brave (which is based off Chromium)

Your connection was interrupted
A network change was detected.
ERR_NETWORK_CHANGED

Is this a known issue?  I have to manually go back into the site for it to load again.