next »

[dLockers]

Hi all,

Over in the UK Sky have released their fibre service, which uses MER authentication.

The guys over at Billion have already modified their routers firmware to allow it to connect: http://www.billion.uk.com/forum/viewtopic.php?f=9&t=343

Sky use a modified 1483MER encapsulation method. Normal connections do negotiate successfully but fail to get an IP.

Does anyone on this board know whether PfSense has support for this type of encapsulation? Or has anyone tried it with Sky fibre?

Many thanks

Edit: Someone has put an excellent guide here detailing the specifics:
http://wiki.ph-mb.com/wiki/MER

[stephenw10]

This is interesting!
The Billion 7800N and the Draytek V120 (mentioned on the page you linked to) are both ADSL2+ devices and hence capable of 24Mbps. It seems unlikely either of those would be used with a FTTC service.
Since pfSense doesn't support XXXoA directly you would need some other device. MER seems to be be a combination of MPoA and sending DHCP client options.

The real question seems to be can pfSense send DHCP client options? (specifically 60 and 61)

Steve

[stephenw10]

Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).

Steve

[dLockers]

Whilst the 7800N and the V120 are ADSL modems, that functionality isn't used.

Sky use BT Open Reach modems and then plug them into the switch port of the router, which handles connection via PPPoE.

http://imageshack.us/photo/my-images/818/20120221155404.jpg/

[stephenw10]

Ah Ok so same as BT Infinity, which sense. Sky don't have their own cabinets in the road.
Presumably though they are using MER instead of PPPoE? (seems like it)

Steve

[dLockers]

Kind of. Although the option is there, the MAC address doesn't need to be spoofed on the Billion routers to get a connection. It is simply the weird DHCP option number that needs to be resolved!

[stephenw10]

Indeed it looks like it need to see username and password information in the option 61 field:    PPPUsername|PPPPassword

Should be possible. Do you have this service?

Steve

[stephenw10]

Just reading though the code I'm unsure if you can just set this information in the DHCP hostname field. This seems to be the client identifier but I can't see it labled '61' anywhere. No idea if it would need coding in hex or what.

Steve

[canefield]

Hi there,

The suggested underneath would more be welcome!

The real question seems to be can pfSense send DHCP client options? (specifically 60 and 61)
Ok, I'm thinking it almost certainly can via dhclient.conf. There may not be a nice box for it in pfSense (yet!).
Steve

A GUI is always nice. Perhaps already any estimate/building plans?
Is there a building/wishlist availiable? If yes, can somebody move it towards and inform me?

Are there any examples how to configure 'dhclient.conf' in pfSense? Planning to use it soon.


Thx,
Canefield

[stephenw10]

I believe this can be done with the hostname field already present in the gui. Usually you would leave the hostname empty however if you set an interface (OPT5 here) to dhcp and fill in the field (I used testdhcphost) you then get a custom dhclient conf file. This is generated by pfSense so if you alter it manually it probably won't last long!

/var/etc/dhclient_opt5.conf

Code:

interface "fxp0" {
timeout 60;
retry 1;
select-timeout 0;
initial-interval 1;
send dhcp-client-identifier "testdhcphost";
send host-name "testdhcphost";

script "/sbin/dhclient-script";
}

DHCP client identifier is 'option 61'. See: http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xml#options

I can't test this since I'm not on Sky. Seems likely to work though.

Steve

[dLockers]

Thanks Stephen, very helpful. My install date isn't until May 04th, would be good to get some one to test this otherwise I will do it around then.

I assume we could always change the permission of the dhclient_opt5.conf file so it cannot be over written. A dirty fix, but should work at least.

[stephenw10]

That would be a bad idea since pfSense generates that file at boot or whenever the config is changed. If it couldn't do it for some reason I imagine some errors would result! 
I'm sure a work around in the code that generates it would be relatively easy until something more permanent could be produced. If it's needed.

Steve

[sandman06]

I am also on sky and currently am using pppoe passthrough via my mode.
I fear that when i do upgrade to fibre my pfsense alix board will become redundant.

Is there a plan for pfsense to implement 1483 MER ?

[dLockers]

Pfsense supports MER, however we need to determine how to use option 61. The guys at billion have figured it out for their routers.

We simply need a way to add option 61 info to the DHCP that gets sent to the WAN.

[sandman06]

but on wan dhcp. there is a field for hostname authentication

I assume this is where you can paste the hex key to authenticate