andcbii join:2018-12-03 Arlington Heights, IL
1 recommendation |
to maartena
Re: ATT TrueBridge Mode for for Ubiquity Security Gateway (USG)One more thing, I'm using ATT as my backup, so this I'm try to get this work on WAN2. Anyone get this to work on WAN2? |
|
dls join:2018-12-07 Chicago, IL 1 edit
1 recommendation |
to andcbii
What are you using to test the connection speed? Have you tried speedtest.net Windows/Linux app on a wired connection?
Do you have offloading enabled on your router? Use the command 'show ubnt offload' to verify. |
|
andcbii join:2018-12-03 Arlington Heights, IL
1 recommendation |
I started over and used At&T as my WAN connection (not WAN2). Everything is working as expected. I couldn't even get the speed tests to load. |
|
kamran join:2014-10-29 Irvine, CA
1 recommendation |
to maartena
Anyone else using WAN2 as a failover? I am but how can I test that it will work with the bypass?
I have a cellular backup. |
|
|
1 recommendation |
said by kamran:Anyone else using WAN2 as a failover? I am but how can I test that it will work with the bypass?
I have a cellular backup. I'm not aware of anyone that is. If you want to test it though just power off your ONT. If it fails over (after whatever failover interval), it works, if it doesn't then it doesn't work. (Unless I'm missing something, it should be that simple) |
|
kamran join:2014-10-29 Irvine, CA
1 recommendation |
kamran
Member
2018-Dec-13 11:48 am
If ATT goes down I would assume the uplink connection between the ONT and my USG will remain connected but my USG will not simply get a network connection.
If I were to simply power off my ONT - I would assume that would be an easy test. Because the USG will just failover since nothing is connected. So I am not sure if that would be a real world test. |
|
Turbo6 join:2015-10-29 Newport Beach, CA
2 recommendations |
Turbo6
Member
2018-Dec-13 5:24 pm
Recent usg firmwares have addressed an issue with wan2 failover. Give .36 a shot and see if it works. |
|
1 recommendation |
to kamran
IIRC it actually tests your ability to reach an external endpoint to determine whether or not to failover. Any situation where internet connectivity is impacted should result in a failover, a poweroff is the easiest way to cause that.
Unplugging the ethernet cable would also work, as would pulling the optical fiber from the ONT. |
|
ssmithT 2 edits
1 recommendation |
to maartena
Anyone on the newest stable firmware and having issues with the proxy script not executing on reboot?
I've seen a few comments on my guide about difficulty making eap_proxy.sh executable. I'm currently out of town so I can't really play with it. |
|
1 recommendation |
Anond0bac
Anon
2018-Dec-21 10:01 am
Question...
Does the modem still do some sort of authentication on their network where it's required to leave it? From what I read, you can remove it once everything is up, but on power fail, you'd have to have it connected (even if you hardcode the RG MAC)?
Can someone shed some insight into why the modem is required, even if hardcoding the MAC?
Thanks! |
|
1 recommendation |
ssmithT
Member
2018-Dec-21 11:05 am
For the reason you described, or if authentication were re-requested for some reason. I'm not sure the longest anyone has gone without re-authenticating.
Hard coding the mac doesn't really do anything for authentication, it's not just a mac white-list. You need the certs that are on the modem to properly authenticate. |
|
dls join:2018-12-07 Chicago, IL
2 recommendations |
dls
Member
2018-Dec-21 6:38 pm
I am running wpa_supplicant on my Ubiquiti EdgeRouter with local EAP-TLS certs, instead of proxy EAP or dumb switch bypass, so my router logs contain authentication and re-authentication attempts. The only times I see wpa_supplicant re-authenticating is when I reboot the router, restart wpa_supplicant, power off ONT or disconnect ethernet from ONT. |
|
Turbo6 join:2015-10-29 Newport Beach, CA
1 recommendation |
Turbo6
Member
2018-Dec-22 11:17 am
So no att router hooked up? Is there a guide for this? |
|
dls join:2018-12-07 Chicago, IL |
dls
Member
2018-Dec-22 8:16 pm
l said by Turbo6:So no att router hooked up? Is there a guide for this? Correct. Google devicelocksmith blog |
|
(Software) pfSense Ubiquiti U6-Pro Ubiquiti U6-LR
1 recommendation |
said by dls:l said by Turbo6:So no att router hooked up? Is there a guide for this? Correct. Google devicelocksmith blog No results except for regular locksmiths. Can you PM a URL? |
|
dls join:2018-12-07 Chicago, IL
1 recommendation |
dls
Member
2018-Dec-22 8:59 pm
You could just have added .com PM sent |
|
Turbo6 join:2015-10-29 Newport Beach, CA
1 recommendation |
Turbo6
Member
2018-Dec-23 12:01 pm
Would love to find a link to buy a rooted device. Not ready to break mine open. |
|
the_wolfGo Dawgs Sic 'Em Premium Member join:1999-12-24 Alpharetta, GA Asus RT-AC3200 ARRIS SB6190
1 recommendation |
to maartena
I’ve followed the steps but can’t get this working for my connection. Getting an exception in on_poll event line 547 with some other errors and just keeps looping that every 10 secs. Any ideas? Checking var/log/messages but nothing to help showing there. |
|
the_wolf
1 recommendation |
the_wolf
Premium Member
2018-Dec-23 9:07 pm
Rebooted USG and now running the proxy script I see eth0... >eth2. The WAN interface eth0 isn’t getting an IP from AT&T DHCP though. |
|
the_wolf
1 recommendation |
the_wolf
Premium Member
2018-Dec-23 10:12 pm
Stupid mistake...Plugged in the LAN port from the ATT GW instead of the ONT port. Once I fixed that and rebooted USG everything is working! Through the AT&T POS GW: Bypassing AT&T GW and using the USG: |
|
dls join:2018-12-07 Chicago, IL
1 recommendation |
to Turbo6
said by Turbo6:Would love to find a link to buy a rooted device. Not ready to break mine open. You could try getting an NVG with older rootable firmware from eBay. I doubt you could find one already rooted, you'll have to root it yourself. It does not involve opening the device. |
|
Turbo6 join:2015-10-29 Newport Beach, CA
1 recommendation |
Turbo6
Member
2018-Dec-24 12:03 am
I see a lot of 589’s. Wish there was a guide to rooting this device |
|
(Software) pfSense Ubiquiti U6-Pro Ubiquiti U6-LR
2 recommendations |
to the_wolf
said by the_wolf:Stupid mistake...Plugged in the LAN port from the ATT GW instead of the ONT port. Once I fixed that and rebooted USG everything is working!
Through the AT&T POS GW: Bypassing AT&T GW and using the USG: You must have a 5268ac with the buggy firmware. Bypass for the win! |
|
1 recommendation |
to dls
said by dls:said by Turbo6:Would love to find a link to buy a rooted device. Not ready to break mine open. You could try getting an NVG with older rootable firmware from eBay. I doubt you could find one already rooted, you'll have to root it yourself. It does not involve opening the device. Hi dls, Do you think any old NVG model will work? Such as the NVG 510, which was probably never used with AT&T Fiber? Also, do you think the Mikrotik CCR routers will be able to do the bypass with the extracted eap-tls credentials? Thanks. |
|
dls join:2018-12-07 Chicago, IL
1 recommendation |
dls
Member
2018-Dec-24 5:03 am
I have not tried NVG510 specifically, but there is a good chance it could work. ISP AAA servers are usually configured to trust specific Certificate Authorities from device manufacturers, not device models, so I would not be surprised if that works.
As for RouterOS, I don't have experience with it, but as long as you could run linux apps, you should be able to run wpa_supplicant, although you wouldn't have GUI controls.
On Ubiquity side you have to install wpa_supplicant through Debian repository and configure through linux CLI. There are no GUI controls. The only thing I can see in GUI is logs that include wpa_supplicant output. |
|
1 recommendation |
to ssmithT
I think I'm having the issue you're referencing. USG firmware: 4.4.36.5146617 When manually running the eap_proxy.py, it works. But after reboots of both USG & AT&T Router (after permissions changed) it never connects. USG log shows: Dec 27 19:06:51 ubnt eap_proxy[3015]: proxy_loop starting
Dec 27 19:06:51 ubnt kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Dec 27 19:06:51 ubnt eap_proxy[3015]: exception in rawsocket line 130 (error: [Errno 19] No such device); restarting in 10 seconds
I manually ran the script to force a connection and I'll just hope my power stays on (& ATT doesn't disconnect me right now). |
|
1 recommendation |
ssmithT
Member
2018-Dec-28 12:46 am
said by ALFinet:I think I'm having the issue you're referencing.
USG firmware: 4.4.36.5146617
When manually running the eap_proxy.py, it works. But after reboots of both USG & AT&T Router (after permissions changed) it never connects. USG log shows:
Dec 27 19:06:51 ubnt eap_proxy[3015]: proxy_loop starting
Dec 27 19:06:51 ubnt kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Dec 27 19:06:51 ubnt eap_proxy[3015]: exception in rawsocket line 130 (error: [Errno 19] No such device); restarting in 10 seconds
I manually ran the script to force a connection and I'll just hope my power stays on (& ATT doesn't disconnect me right now). That log is before you manually start it? If so it looks like it does run automatically, but fails to bind to an interface, thought it's not clear which interface it fails to bind to. It seems like it has retry logic, how many times was the 3rd line printed in your logs? How long did you wait before manually kicking the script off? Did you just recently set this up, or has it been running fine for a while on a different firmware? If eap_proxy is starting on it's own, and retrying when it fails to bind I'm not sure why executing it manually would change your outcome. |
|
1 recommendation |
That 3rd line repeats every 10 seconds. I probably let it run for over 10 minutes before I tried power cycling the AT&T router. I recently set this up as I just now started to have issues with their lame "DMZplus" mode. I'll try it again tomorrow & time how long & more exactly what I did to provide better information. Hopefully it's just me. |
|
1 recommendation |
said by ALFinet:That 3rd line repeats every 10 seconds. I probably let it run for over 10 minutes before I tried power cycling the AT&T router. I recently set this up as I just now started to have issues with their lame "DMZplus" mode. I'll try it again tomorrow & time how long & more exactly what I did to provide better information. Hopefully it's just me. If you are able to reproduce I'd appreciate it if you could do a few things. First, add --debug as an argument in eap_proxy.sh. Second, run "ls -ltr /config/scripts/post-config.d/ /config/scripts; ps -elf | grep eap_proxy | grep -v grep" after a non-working reboot (before any manual intervention) and post the output. Third, if you can, send me the contents of the entire log file after a non-working reboot (before any manual intervention). |
|
4 edits |
to maartena
To anyone still doubting it and messing with the IP pass through/DMZ/public subnet etc etc behind the ATT gateway: Just bypass it via the dumb switch method. It's really worth it. I once thought it didn't matter that much. I thought the double NAT wasn't that big of a deal. I thought a couple of ms is negligible. That's until one day AT&T pushed a bad firmware to the gateway and annoyed the heck out of me, so I pulled the trigger. All I can say is wow it does make a difference. Call it placebo or anecdotal, but I can literately "feel" the responsiveness. Get a UPS battery. Keep the gateway stand by/powered up with a cable dangling if you want to, because in the worst case scenario if you actually have to re-authenticate, it's a simple 15 seconds of work doing a cable swap. It's honestly no more tedious than restarting your modem when your internet is down.
|
|