Hi,
I was trying to setup OPNSense with My ATT BGW320-500, and had a few questions.
Configuration Questions:
ONT_IF
, EAP_IDENTITY
, and RG_ETHER
, how does one do that?Setup questions:
ONT
cable to my WAN
port on OPNSense box?bash
or any internet access (to install bash)? How do I do that?Thanks.
EDIT: I’m using Fiber.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
What firmware is your BGW320 currently on? There’s a method for newish firmwares that should work on the 320, and are confirmed working for the BGW210.
No easily accessible guide for it yet, but for OPNSense and PFSense themselves, there’s a simpler bypass available now. It still requires certificates. PFSense has an auth bridge mode that does not require certificates, but requires 3 interfaces and for your modem to still be plugged in.
You will need to connect the ONT ethernet directly to the WAN port for a bypass to work.
Software Version 4.23.4
, Imma give it a try, I’m on the same version as the repo. Fingers crossed :) Thank you for helping.No problem! Let me know how it goes.
I have the same Residental Gateway. Using pfSense+ on my end. The BGW320-500 is fiber capable. I assume you’re using fiber? If so you cannot hook it into ONT because the RG is the ONT. In my case I get raw fiber into a PON module that hooks into the RG. Best you can do in this case is set the RG to “passthrough mode” via web UI (192.168.1.254).
If you have a different setup that is not fiber maybe you’ll have more luck with a bypass, but I think you will need the RG regardless for auth: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html
Just to understand, does that create a DoubleNAT? Do you happen to know what is your latency (ping time)? Thanks a ton.
There is no double nat. Passthrough mode has worked as expected for me. The one issue I have is that the RG will maintain firewall states, so it limits you to the RG hardware for those states. I have a pretty large home network though, tons of devices, IoT, etc, and it has been stable.
Latency seems decent. I have an AT&T fiber 2gb symmetrical connection and a ping to google from my Netgate pfSense machine is around 10-15ms.