diff --git a/README.md b/README.md
index e9378ca..3706bd2 100644
--- a/README.md
+++ b/README.md
@@ -104,7 +104,18 @@ If you only have two NICs, you can buy this cheap USB 100Mbps NIC [from Amazon](
scp bin/pfatt.sh root@pfsense:/root/bin/
ssh root@pfsense chmod +x /root/bin/pfatt.sh
```
- Now edit your `config.xml` to include `/root/bin/pfatt.sh` above ``
+ Now edit your `/conf/config.xml` to include `/root/bin/pfatt.sh` above ``.
+
+ **NOTE:** If you have the 5268AC, you'll also need to install `pfatt-5268.sh` due to [issue #5](https://github.com/aus/pfatt/issues/5). The script monitors your connection and disables or enables the EAP bridging as needed. It's a hacky workaround, but it enables you to keep your 5268AC connected, avoid EAP-Logoffs and survive reboots. Consider changing the `PING_HOST` in `pfatt-5268AC.sh` to a reliable host. Then perform these additional steps to install:
+
+ Copy `bin/pfatt-5268AC` to `/usr/local/etc/rc.d/`
+
+ Copy `bin/pfatt-5268AC.sh` to `/root/bin/`:
+ ```
+ scp bin/pfatt-5268AC root@pfsense:/usr/local/etc/rc.d/
+ scp bin/pfatt-5268AC.sh root@pfsense:/root/bin/
+ ssh root@pfsense chmod +x /usr/local/etc/rc.d/pfatt-5268AC /root/bin/pfatt-5268AC.sh
+ ```
4. Connect cables:
- `$RG_IF` to Residential Gateway on the ONT port (not the LAN ports!)
@@ -167,6 +178,10 @@ That's it! Now your clients should be receiving public IPv6 addresses via DHCP6.
# Troubleshooting
+## Logging
+
+Output from `pfatt.sh` and `pfatt-5268AC.sh` can be found in `/var/log/pfatt.log`.
+
## tcpdump
Use tcpdump to watch the authentication, vlan and dhcp bypass process (see above). Run tcpdumps on the `$ONT_IF` interface and the `$RG_IF` interface:
diff --git a/bin/pfatt-5268AC b/bin/pfatt-5268AC
new file mode 100644
index 0000000..583f7cb
--- /dev/null
+++ b/bin/pfatt-5268AC
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+script_path="/root/bin/pfatt-5268AC.sh"
+
+name=`/usr/bin/basename "${script_path}"`
+
+rc_start() {
+ ### Lock out other start signals until we are done
+ /usr/bin/touch /var/run/${name}.lck
+
+ ${script_path} &
+ pid=$!
+
+ if [ $pid ]; then
+ echo $pid > /var/run/${name}.pid
+ /usr/bin/logger -p daemon.info -i -t pfattStartup "Successfully started ${name}"
+ else
+ /usr/bin/logger -p daemon.error -i -t pfattStartup "Error starting ${name}"
+ fi
+
+ ### Remove the lock
+ if [ -f /var/run/${name}.lck ]; then
+ /bin/sleep 2
+ /bin/rm /var/run/${name}.lck
+ fi
+}
+
+rc_stop() {
+ if [ -f /var/run/${name}.pid ]; then
+ kill -9 `cat /var/run/${name}.pid`
+ /bin/rm /var/run/${name}.pid
+ fi
+}
+
+case $1 in
+ start)
+ if [ ! -f /var/run/${name}.lck ]; then
+ rc_start
+ fi
+ ;;
+ stop)
+ rc_stop
+ ;;
+ restart)
+ if [ ! -f /var/run/${name}.lck ]; then
+ rc_stop
+ rc_start
+ fi
+ ;;
+esac
diff --git a/bin/pfatt-5268AC.sh b/bin/pfatt-5268AC.sh
new file mode 100644
index 0000000..e886923
--- /dev/null
+++ b/bin/pfatt-5268AC.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+PING_HOST=8.8.8.8
+SLEEP=5
+LOG=/var/log/pfatt.log
+
+getTimestamp(){
+ echo `date "+%Y-%m-%d %H:%M:%S :: [pfatt-5268AC.sh] ::"`
+}
+
+{
+ RG_CONNECTED="/usr/sbin/ngctl show laneapfilter:eapout"
+
+ echo "$(getTimestamp) Starting 5268AC ping monitor ..."
+ while
+ if /sbin/ping -t2 -q -c1 $PING_HOST > /dev/null ; then
+ if $RG_CONNECTED >/dev/null 2>&1 ; then
+ echo "$(getTimestamp) Connection to $PING_HOST is up, but EAP is being bridged!"
+ echo -n "$(getTimestamp) Disconnecting netgraph node ... "
+ /usr/sbin/ngctl rmhook laneapfilter: eapout && echo "OK!" || echo "ERROR!"
+ fi
+ else
+ if ! $RG_CONNECTED >/dev/null 2>&1 ; then
+ echo "$(getTimestamp) Connection to $PING_HOST is down, but EAP is not being bridged!"
+ echo -n "$(getTimestamp) Connecting netgraph node ... "
+ /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout && echo "OK!" || echo "ERROR!"
+ fi
+ fi
+ sleep $SLEEP
+ do :; done
+ echo "$(getTimestamp) Stopping 5268AC ping monitor ..."
+} >> $LOG
\ No newline at end of file
diff --git a/bin/pfatt.sh b/bin/pfatt.sh
index 27cec99..66e8b4e 100755
--- a/bin/pfatt.sh
+++ b/bin/pfatt.sh
@@ -3,84 +3,91 @@ set -e
ONT_IF='em0'
RG_IF='em1'
-RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx'
+RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx'
+LOG=/var/log/pfatt.log
-echo "$0: pfSense + AT&T U-verse Residential Gateway for true bridge mode"
-echo "Configuration: "
-echo " ONT_IF: $ONT_IF"
-echo " RG_IF: $RG_IF"
-echo "RG_ETHER_ADDR: $RG_ETHER_ADDR"
+getTimestamp(){
+ echo `date "+%Y-%m-%d %H:%M:%S :: [pfatt.sh] ::"`
+}
-echo -n "loading netgraph kernel modules... "
-/sbin/kldload ng_etf
-echo "OK! (any 'already loaded' errors can be ignored)"
+{
+ echo "$(getTimestamp) pfSense + AT&T U-verse Residential Gateway for true bridge mode"
+ echo "$(getTimestamp) Configuration: "
+ echo "$(getTimestamp) ONT_IF: $ONT_IF"
+ echo "$(getTimestamp) RG_IF: $RG_IF"
+ echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
-echo -n "attaching interfaces to ng_ether... "
-/usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');"
-/usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
-echo "OK!"
+ echo -n "$(getTimestamp) loading netgraph kernel modules... "
+ /sbin/kldload -nq ng_etf
+ echo "OK!"
-echo "building netgraph nodes..."
+ echo -n "$(getTimestamp) attaching interfaces to ng_ether... "
+ /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');"
+ /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
+ echo "OK!"
-echo -n " creating ng_one2many... "
-/usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
-/usr/sbin/ngctl name $ONT_IF:lower o2m
-echo "OK!"
+ echo "$(getTimestamp) building netgraph nodes..."
-echo -n " creating vlan node and interface... "
-/usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
-/usr/sbin/ngctl name o2m:many0 vlan0
-/usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
+ echo -n "$(getTimestamp) creating ng_one2many... "
+ /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
+ /usr/sbin/ngctl name $ONT_IF:lower o2m
+ echo "OK!"
-/usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
-/usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
-echo "OK!"
+ echo -n "$(getTimestamp) creating vlan node and interface... "
+ /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
+ /usr/sbin/ngctl name o2m:many0 vlan0
+ /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
-echo -n " defining etf for $ONT_IF (ONT)... "
-/usr/sbin/ngctl mkpeer o2m: etf many1 downstream
-/usr/sbin/ngctl name o2m:many1 waneapfilter
-/usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
-echo "OK!"
+ /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
+ /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
+ echo "OK!"
-echo -n " defining etf for $RG_IF (RG)... "
-/usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
-/usr/sbin/ngctl name $RG_IF:lower laneapfilter
-/usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
-echo "OK!"
+ echo -n "$(getTimestamp) defining etf for $ONT_IF (ONT)... "
+ /usr/sbin/ngctl mkpeer o2m: etf many1 downstream
+ /usr/sbin/ngctl name o2m:many1 waneapfilter
+ /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
+ echo "OK!"
-echo -n " bridging etf for $ONT_IF <-> $RG_IF... "
-/usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
-echo "OK!"
+ echo -n "$(getTimestamp) defining etf for $RG_IF (RG)... "
+ /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
+ /usr/sbin/ngctl name $RG_IF:lower laneapfilter
+ /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
+ echo "OK!"
-echo -n " defining filters for EAP traffic... "
-/usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
-/usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
-echo "OK!"
+ echo -n "$(getTimestamp) bridging etf for $ONT_IF <-> $RG_IF... "
+ /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
+ echo "OK!"
-echo -n " enabling one2many links... "
-/usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
-echo "OK!"
+ echo -n "$(getTimestamp) defining filters for EAP traffic... "
+ /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
+ /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
+ echo "OK!"
-echo -n " removing waneapfilter:nomatch hook... "
-/usr/sbin/ngctl rmhook waneapfilter: nomatch
-echo "OK!"
+ echo -n "$(getTimestamp) enabling one2many links... "
+ /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
+ echo "OK!"
-echo "enabling interfaces..."
-echo -n " $RG_IF ... "
-/sbin/ifconfig $RG_IF up
-echo "OK!"
+ echo -n "$(getTimestamp) removing waneapfilter:nomatch hook... "
+ /usr/sbin/ngctl rmhook waneapfilter: nomatch
+ echo "OK!"
-echo -n " $ONT_IF ... "
-/sbin/ifconfig $ONT_IF up
-echo "OK!"
+ echo "$(getTimestamp) enabling interfaces..."
+ echo -n "$(getTimestamp) $RG_IF ... "
+ /sbin/ifconfig $RG_IF up
+ echo "OK!"
-echo -n "enabling promiscuous mode on $RG_IF... "
-/sbin/ifconfig $RG_IF promisc
-echo "OK!"
+ echo -n "$(getTimestamp) $ONT_IF ... "
+ /sbin/ifconfig $ONT_IF up
+ echo "OK!"
-echo -n "enabling promiscuous mode on $ONT_IF... "
-/sbin/ifconfig $ONT_IF promisc
-echo "OK!"
+ echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
+ /sbin/ifconfig $RG_IF promisc
+ echo "OK!"
-echo "ngeth0 should now be available to configure as your pfSense WAN"
-echo "done!"
+ echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
+ /sbin/ifconfig $ONT_IF promisc
+ echo "OK!"
+
+ echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"
+ echo "$(getTimestamp) done!"
+} >> $LOG