Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for newer versions of pfSense. #73

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix for newer versions of pfSense. #73

wants to merge 1 commit into from

Conversation

neclimdul
Copy link
Contributor

Support newer versions of pfSense without pfSense_ngctl_attach.

Relates to #67

@neclimdul
Fix for newer versions of pfSense.
015a8cf 
Support newer versions of pfSense without pfSense_ngctl_attach.

Relates to MonkWho#67
@neclimdul
Copy link
Contributor Author

This checks if pfSense_ngctl_attach so both older and newer versions of pfSense are supported.

@Casuallynoted
Copy link

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

@neclimdul
Copy link
Contributor Author

My 5268AC died a while back and I've got some newer modem I've yet to get it working with this project so I can't do much to help ATM.

@altodd
Copy link

altodd commented Feb 3, 2024

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

Were you able to solve this? That's where I'm at right now and am debugging

@altodd
Copy link

altodd commented Feb 3, 2024

Specifically an issue when defining etf for ont... I am reading through issues and debugging now

@tehdango
Copy link

tehdango commented Feb 3, 2024
edited
Loading

netgraph is no longer needed and supplicant is part of pfsense now. I use this:
wpa_supplicant -s -B -Dwired -iem0 -c/root/pfatt/wpa/wpa_supplicant.conf

If you have a cert that requires an older ssl method like the BGW210 you will need to create a custom ssl.cnf with this:
`openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation`

Otherwise it will keep failing with method 13 error message.

Edit: This is a one line earlyshellcmd script.

@altodd
Copy link

altodd commented Feb 18, 2024
edited
Loading

So I'm just getting back to tinkering with this, I tried to go downgrade and pull certs and seems like they block downgrades now. So I don't have the wpa_supplicant option. I can only have a tethered bypass, and the question still stands. I'll start digging into what is going on when defining etc, etc.

edit: Or am I dumb? I think the main thing throwing me is that I don't see a wpa_supplicant.conf in the repo, but I do see that wpa_supplicant allows vlan tagging now

@altodd
Copy link

altodd commented Feb 19, 2024

Okay, sorry for the additional traffic, but what ended up working for me was just using the built in pfsense way of doing it now. https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

@tehdango
Copy link

each wpa_config is unique to the certs you extract so you would need to get that after doing the downgrade and the exploit to download them from your gateway. That guide is in another project here:
https://github.com/mozzarellathicc/attcerts

After you get those decoded you need to do what I posted above to use the supplicant method to remove the gateway completely.

@anthonywww anthonywww mentioned this pull request Feb 28, 2024
Open
@tehdango tehdango mentioned this pull request Mar 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@neclimdul @Casuallynoted @altodd @tehdango