From 4c541c3ab56ffbb5e8e41edda18dee5f40e2bc9b Mon Sep 17 00:00:00 2001
From: Larry Rosenman <larry@whereto.com>
Date: Wed, 3 Apr 2019 14:32:52 -0500
Subject: [PATCH 1/4] add OPNSENSE variable and skip pfSense specific stuff

---
 bin/pfatt.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/bin/pfatt.sh b/bin/pfatt.sh
index 31167df..b35402a 100755
--- a/bin/pfatt.sh
+++ b/bin/pfatt.sh
@@ -4,6 +4,7 @@ set -e
 ONT_IF='em0'
 RG_IF='em1'
 RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx'
+OPNSENSE='no'
 LOG=/var/log/pfatt.log
 
 getTimestamp(){
@@ -16,15 +17,18 @@ getTimestamp(){
     echo "$(getTimestamp)        ONT_IF: $ONT_IF"
     echo "$(getTimestamp)         RG_IF: $RG_IF"
     echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
+    echo "$(getTimestamp)      OPNSENSE: $OPNSENSE"
 
     echo -n "$(getTimestamp) loading netgraph kernel modules... "
     /sbin/kldload -nq ng_etf
     echo "OK!"
 
-    echo -n "$(getTimestamp) attaching interfaces to ng_ether... "
-    /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');" 
-    /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
-    echo "OK!"
+    if [ ${OPNSENSE} != 'yes' ]; then
+        echo -n "$(getTimestamp) attaching interfaces to ng_ether... "
+        /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');" 
+        /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
+        echo "OK!"
+    fi 
 
     echo "$(getTimestamp) building netgraph nodes..."
 

From 79d197e13ccf1d0f66c923334f589752c19128b3 Mon Sep 17 00:00:00 2001
From: Larry Rosenman <larry@whereto.com>
Date: Thu, 4 Apr 2019 16:09:06 -0500
Subject: [PATCH 2/4] add OPNSense instructions

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 0a7ef69..021eb5d 100644
--- a/README.md
+++ b/README.md
@@ -308,6 +308,14 @@ There is a whole thread on this at [DSLreports](http://www.dslreports.com/forum/
 However, I don't think this works for everyone. I had to explicitly tag my WAN traffic to VLAN0 which wasn't supported on my switch. 
 
 ## OPNSense / FreeBSD
+For OPNSense (tested and working on 19.1):
+follow the pfSense instructions, EXCEPT:
+1) modify pfatt.sh to set OPNSENSE='yes'
+2) put the pfatt.sh script into `/usr/local/etc/rc.syshook.d/early` as `99-pfatt.sh`
+3) do *NOT* modify config.xml, nor do any of the duid stuff
+4) note: You *CAN* use IPv6 Prefix id 0, as OPNSense does *NOT* assign a routeable IPv6 address to ngeth0
+
+
 
 I haven't tried this with OPNSense or native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.
 

From 13728aec15d184f4a25f78e50481a4f33357a12a Mon Sep 17 00:00:00 2001
From: Larry Rosenman <larry@whereto.com>
Date: Fri, 5 Apr 2019 06:57:30 -0500
Subject: [PATCH 3/4] clarify not needing ng_etf.ko on OPNSense, its already
 there

---
 README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 021eb5d..933efb3 100644
--- a/README.md
+++ b/README.md
@@ -311,13 +311,14 @@ However, I don't think this works for everyone. I had to explicitly tag my WAN t
 For OPNSense (tested and working on 19.1):
 follow the pfSense instructions, EXCEPT:
 1) modify pfatt.sh to set OPNSENSE='yes'
-2) put the pfatt.sh script into `/usr/local/etc/rc.syshook.d/early` as `99-pfatt.sh`
-3) do *NOT* modify config.xml, nor do any of the duid stuff
-4) note: You *CAN* use IPv6 Prefix id 0, as OPNSense does *NOT* assign a routeable IPv6 address to ngeth0
+2) do *NOT* install the ng_etf.ko, as OPNSense is based on HardenedBSD 11.2, which is in turn based on FreeBSD 11.2
+3) put the pfatt.sh script into `/usr/local/etc/rc.syshook.d/early` as `99-pfatt.sh`
+4) do *NOT* modify config.xml, nor do any of the duid stuff
+5) note: You *CAN* use IPv6 Prefix id 0, as OPNSense does *NOT* assign a routeable IPv6 address to ngeth0
 
 
 
-I haven't tried this with OPNSense or native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.
+I haven't tried this with native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.
 
 # U-verse TV
 

From 5b4307887abbb71233e4d19adcace8a96d7ecfa9 Mon Sep 17 00:00:00 2001
From: Larry Rosenman <larry@whereto.com>
Date: Fri, 5 Apr 2019 07:00:38 -0500
Subject: [PATCH 4/4] clarify not needing ng_etf.ko on OPNSense, its already
 there

---
 README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 933efb3..a3488d6 100644
--- a/README.md
+++ b/README.md
@@ -311,13 +311,11 @@ However, I don't think this works for everyone. I had to explicitly tag my WAN t
 For OPNSense (tested and working on 19.1):
 follow the pfSense instructions, EXCEPT:
 1) modify pfatt.sh to set OPNSENSE='yes'
-2) do *NOT* install the ng_etf.ko, as OPNSense is based on HardenedBSD 11.2, which is in turn based on FreeBSD 11.2
+2) do *NOT* install the ng_etf.ko, as OPNSense is based on HardenedBSD 11.2, which is in turn based on FreeBSD 11.2 and has the module already installed.
 3) put the pfatt.sh script into `/usr/local/etc/rc.syshook.d/early` as `99-pfatt.sh`
 4) do *NOT* modify config.xml, nor do any of the duid stuff
 5) note: You *CAN* use IPv6 Prefix id 0, as OPNSense does *NOT* assign a routeable IPv6 address to ngeth0
 
-
-
 I haven't tried this with native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.
 
 # U-verse TV