On 24/4/18 12:11 am, John Lyon wrote:
If you found that thread, you found my answer. :-) I'm one of the posters
on that particular PFSense thread.
In short summary, I have a theory that should work but I haven't tested it
yet due to a lack of opportunity. The netgraph code that forwards the
EAP-OL traffic works. The problem is handling the fact that ATT tags all
traffic as VLAN ID 0, which FreeBSD's vlan interface does not support. I
filed a bug report on the matter, but was told "use Netgraph". Basically,
you either have to add/remove the vlan 0 tag since you can't create a
virtual interface on vlan 0 like you can in Linux.
ok so here's what you need to do
disable hw vlan so that vlan headers are visible to netgraph
pass BOTH interfaces directly into a vlan0 netgraph node, oriented so
the tagged side faces the interface and teh untagged side faces the
(single) eap filter.
The NON eap traffic is sent to the "upper" hook of the main
interface.. The second interface has nothing attached to its upper
hook (as in teh diagram sent).
The question is whether ALL traffic is vlan 0 or just traffic direct
to the RG?
As I said it may be a neat feature to teach the etf node about vlans
and even Q-in-Q.
--------------------------------
John L. Lyon
PGP Key Available At:
https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc
On Sun, Apr 22, 2018 at 12:52 AM, GPz1100a <zx110...@solo-tek.com> wrote:
@John
Did you ever get this fully figured out? I'm trying to do what I think is
the same thing with my fiber internet connection - eliminate the need to
use
the isp provided gateway (or at least reduce its function). I'm running
*opnsense*. This thread
https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 is
what
led me here.
Three nics correspond to the following
em0 - ONT (WAN)
xl0 - 3com pci - isp provided residential gateway (RG)
ue0 - usb nic - LAN
Using Julian's code from Jan 06, 2018; 1:39pm,
ngctl mkpeer em0: etf lower downstream
ngctl name em0:lower waneapfilter
ngctl connect waneapfilter: em0: nomatch upper
ngctl mkpeer xl0: etf lower downstream
ngctl name xl0:lower laneapfilter
ngctl connect laneapfilter: xl0: nomatch upper
* ngctl connect waneapfilter laneapfilter eapout eapout*
ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
ethertype=0x888e }'
ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
ethertype=0x888e }'
When I get to the command in bold it comes back with this error:
root@OPNsense:~ # ngctl connect waneapfilter laneapfilter eapout
eapout
ngctl: send msg: No such file or directory
I'm not sure how to proceed from here.
Thanks for any help you (or others) can offer.
--J
--
Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
