pfatt icon indicating copy to clipboard operation
pfatt copied to clipboard
verified publisher icon MonkWho

Fix for newer versions of pfSense.

Open neclimdul opened this issue 3 years ago • 9 comments

Support newer versions of pfSense without pfSense_ngctl_attach.

Relates to #67

neclimdul avatar May 02 '22 14:05 neclimdul

This checks if pfSense_ngctl_attach so both older and newer versions of pfSense are supported.

neclimdul avatar May 02 '22 14:05 neclimdul

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

Casuallynoted avatar Aug 12 '23 21:08 Casuallynoted

My 5268AC died a while back and I've got some newer modem I've yet to get it working with this project so I can't do much to help ATM.

neclimdul avatar Aug 15 '23 14:08 neclimdul

I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists

Were you able to solve this? That's where I'm at right now and am debugging

altodd avatar Feb 03 '24 13:02 altodd

Specifically an issue when defining etf for ont... I am reading through issues and debugging now

altodd avatar Feb 03 '24 13:02 altodd

netgraph is no longer needed and supplicant is part of pfsense now. I use this: wpa_supplicant -s -B -Dwired -iem0 -c/root/pfatt/wpa/wpa_supplicant.conf

If you have a cert that requires an older ssl method like the BGW210 you will need to create a custom ssl.cnf with this: `openssl_conf = openssl_init

[openssl_init] ssl_conf = ssl_sect

[ssl_sect] system_default = system_default_sect

[system_default_sect] Options = UnsafeLegacyRenegotiation`

Otherwise it will keep failing with method 13 error message.

Edit: This is a one line earlyshellcmd script.

tehdango avatar Feb 03 '24 14:02 tehdango

So I'm just getting back to tinkering with this, I tried to go downgrade and pull certs and seems like they block downgrades now. So I don't have the wpa_supplicant option. I can only have a tethered bypass, and the question still stands. I'll start digging into what is going on when defining etc, etc.

edit: Or am I dumb? I think the main thing throwing me is that I don't see a wpa_supplicant.conf in the repo, but I do see that wpa_supplicant allows vlan tagging now

altodd avatar Feb 18 '24 23:02 altodd

Okay, sorry for the additional traffic, but what ended up working for me was just using the built in pfsense way of doing it now. https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

altodd avatar Feb 19 '24 02:02 altodd

each wpa_config is unique to the certs you extract so you would need to get that after doing the downgrade and the exploit to download them from your gateway. That guide is in another project here: https://github.com/mozzarellathicc/attcerts

After you get those decoded you need to do what I posted above to use the supplicant method to remove the gateway completely.

tehdango avatar Feb 19 '24 03:02 tehdango