Hi,

I was trying to setup OPNSense with My ATT BGW320-500, and had a few questions.

Configuration Questions:

  1. Dupuis.xyz - this link has a FW for an older version for BGW210-700, can I use it for my BGW320-500?
  2. Prerequisites mentions that I need to figure out ONT_IF, EAP_IDENTITY, and RG_ETHER, how does one do that?

Setup questions:

  1. Do I need the Ethernet from ONT cable to my WAN port on OPNSense box?
  2. Step 5 in the prerequisites document asks to test, but my box doesn’t have bash or any internet access (to install bash)? How do I do that?

Thanks.

EDIT: I’m using Fiber.

  • mozzarellathicc@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What firmware is your BGW320 currently on? There’s a method for newish firmwares that should work on the 320, and are confirmed working for the BGW210.

    No easily accessible guide for it yet, but for OPNSense and PFSense themselves, there’s a simpler bypass available now. It still requires certificates. PFSense has an auth bridge mode that does not require certificates, but requires 3 interfaces and for your modem to still be plugged in.

    You will need to connect the ONT ethernet directly to the WAN port for a bypass to work.

  • jmanes@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have the same Residental Gateway. Using pfSense+ on my end. The BGW320-500 is fiber capable. I assume you’re using fiber? If so you cannot hook it into ONT because the RG is the ONT. In my case I get raw fiber into a PON module that hooks into the RG. Best you can do in this case is set the RG to “passthrough mode” via web UI (192.168.1.254).

    If you have a different setup that is not fiber maybe you’ll have more luck with a bypass, but I think you will need the RG regardless for auth: https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

    • plsnotracking@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Just to understand, does that create a DoubleNAT? Do you happen to know what is your latency (ping time)? Thanks a ton.

      • jmanes@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        There is no double nat. Passthrough mode has worked as expected for me. The one issue I have is that the RG will maintain firewall states, so it limits you to the RG hardware for those states. I have a pretty large home network though, tons of devices, IoT, etc, and it has been stable.

        Latency seems decent. I have an AT&T fiber 2gb symmetrical connection and a ping to google from my Netgate pfSense machine is around 10-15ms.