this post was submitted on 30 Jun 2023
16 points (90.0% liked)

Selfhosted

40439 readers
708 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hi,

I was trying to setup OPNSense with My ATT BGW320-500, and had a few questions.

Configuration Questions:

  1. Dupuis.xyz - this link has a FW for an older version for BGW210-700, can I use it for my BGW320-500?
  2. Prerequisites mentions that I need to figure out ONT_IF, EAP_IDENTITY, and RG_ETHER, how does one do that?

Setup questions:

  1. Do I need the Ethernet from ONT cable to my WAN port on OPNSense box?
  2. Step 5 in the prerequisites document asks to test, but my box doesn't have bash or any internet access (to install bash)? How do I do that?

Thanks.

EDIT: I'm using Fiber.

all 7 comments
sorted by: hot top controversial new old
[–] jmanes 3 points 1 year ago (1 children)

I have the same Residental Gateway. Using pfSense+ on my end. The BGW320-500 is fiber capable. I assume you're using fiber? If so you cannot hook it into ONT because the RG is the ONT. In my case I get raw fiber into a PON module that hooks into the RG. Best you can do in this case is set the RG to "passthrough mode" via web UI (192.168.1.254).

If you have a different setup that is not fiber maybe you'll have more luck with a bypass, but I think you will need the RG regardless for auth: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

[–] plsnotracking 1 points 1 year ago (1 children)

Just to understand, does that create a DoubleNAT? Do you happen to know what is your latency (ping time)? Thanks a ton.

[–] jmanes 2 points 1 year ago

There is no double nat. Passthrough mode has worked as expected for me. The one issue I have is that the RG will maintain firewall states, so it limits you to the RG hardware for those states. I have a pretty large home network though, tons of devices, IoT, etc, and it has been stable.

Latency seems decent. I have an AT&T fiber 2gb symmetrical connection and a ping to google from my Netgate pfSense machine is around 10-15ms.

[–] mozzarellathicc 1 points 1 year ago (1 children)

What firmware is your BGW320 currently on? There's a method for newish firmwares that should work on the 320, and are confirmed working for the BGW210.

No easily accessible guide for it yet, but for OPNSense and PFSense themselves, there's a simpler bypass available now. It still requires certificates. PFSense has an auth bridge mode that does not require certificates, but requires 3 interfaces and for your modem to still be plugged in.

You will need to connect the ONT ethernet directly to the WAN port for a bypass to work.

[–] plsnotracking 1 points 1 year ago (1 children)

Software Version 4.23.4, Imma give it a try, I'm on the same version as the repo. Fingers crossed :) Thank you for helping.

[–] mozzarellathicc 1 points 1 year ago

No problem! Let me know how it goes.