Menu
What's new
By:
Filters Better Search

AT&T Gateway 802.1x Proxy

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

K

Kosmatik

New Around Here
Hello all,

I'm wondering if someone can sanity check what I'm doing and even let me know if this is not possible on the AC-68U.

A little background, AT&T U-verse uses 802.1x certificate based authentication between the ONT and their provided gateway, so there's no way to pull that certificate and use it on your own personal router. So, people have found creative ways around this, a la: http://blog.0xpebbles.org/Bypassing-At-t-U-verse-hardware-NAT-table-limits

Now a gentleman there has created a better solution, it's a EAP proxy that takes 0x888e flagged packets and forwards them from one interface to another with very little CPU overhead https://github.com/ShadwDrgn/eap_proxy

So here I am, entware supports python and the code runs without issues, but my Asus does not get an IP....
ONT plugged into WAN in of Asus, AT&T Gateway ONT in plugged into LAN 4 of Asus.

Code: 
robocfg vlan 1 ports "1 2 3 8t"
robocfg vlan 99 ports "4 8t"
vconfig add eth0 99
ifconfig vlan99 up
ifconfig vlan2 down; ifconfig vlan2 hw ether 90:3e:ab:XX:XX:XX; ifconfig vlan2 up
python eap_proxy.py vlan2 vlan99

Now I see packets being sent...

Code: 
Sniffing on: vlan2
Sniffing on: vlan99
Sent 60 bytes on vlan99
Sent 64 bytes on vlan2
Sent 60 bytes on vlan99
Sent 64 bytes on vlan2
Sent 60 bytes on vlan99

And I don't see a red light on the gateway, however my Asus router is unable to pull a DCHP address from the ONT.

I did try assigning eth0 the mac address of the AT&T gateway, that did not help.

Code: 
ifconfig eth0 down; ifconfig eth0 hw ether 90:3e:ab:XX:XX:XX; ifconfig veth0 up

Could someone sanity check this? By all accounts this should work.
 
Here's a tcp dump from vlan2 (wan)

Code: 
03:13:30.551486 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:13:33.641493 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:13:48.984547 EAP packet (0) v1, len 15
03:13:56.771489 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:13:59.861526 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:02.951489 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:19.281691 EAP packet (0) v1, len 15
03:14:26.041495 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:29.141489 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:32.211489 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:49.578737 EAP packet (0) v1, len 4
03:14:49.578837 EAP packet (0) v1, len 15
03:14:55.361499 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:14:58.441494 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:15:01.531486 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:15:08.556922 ARP, Request who-has 99.128.x.x (90:3e:ab:xx:xx:xx (oui Unknown)) tell 0.0.0.0, length 46
03:15:13.556471 ARP, Request who-has 99.128.x.x (90:3e:ab:xx:xx:xx (oui Unknown)) tell 0.0.0.0, length 46
03:15:18.556014 ARP, Request who-has 99.128.x.x (90:3e:ab:xx:xx:xx (oui Unknown)) tell 0.0.0.0, length 46
03:15:19.875837 EAP packet (0) v1, len 15
03:15:24.651498 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:15:27.741488 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:15:30.811501 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 90:3e:ab:xx:xx:xx (oui Unknown), length 300
03:15:50.173001 EAP packet (0) v1, len 15

vlan99 just has EAP and EAPOL packets

Code: 
02:50:58.544682 EAP packet (0) v1, len 15
02:51:07.657602 EAPOL start (1) v2, len 0
 
I think the guys over at dslreports have figured this out as well. There's a thread there on this that's very active. I'd check that out.
 
Did you ever make any more progress on this?

I recall reading one of the posts mentioning that the pulling device (asus router wan port) should be using vlan 0 with tagged packets.
 
You must log in or register to reply here.

Similar threads

A
ASUS Dual WAN Failover, Then Failback, Leaves Secondary LAN in "Hot Standby"
Replies
4
Views
602
Kingp1n
K
SeeJayEmm
AC68 intermittently VLAN tagging
Replies
8
Views
990
drinkingbird
drinkingbird
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
870
ragtap
R
C
Using 68U and AC86Us with AT&T Fiber Gateway
Replies
1
Views
966
Elmer
E
Bob.Dig
wanted: vlan for AC56U in AP-Mode
3 4 5
Replies
86
Views
8K
Bob.Dig
Bob.Dig

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 941 (members: 23, guests: 918)
Top