diff --git a/README.md b/README.md index e85ded5..8b4b2b7 100644 --- a/README.md +++ b/README.md @@ -17,9 +17,9 @@ Before continuing to the setup, it's important to understand how this method wor First, let's talk about what happens in the standard setup (without any bypass). At a high level, the following process happens when the gateway boots up: 1. All traffic on the ONT is protected with [802.1/X](https://en.wikipedia.org/wiki/IEEE_802.1X). So in order to talk to anything, the Router Gateway must first perform the [authentication procedure](https://en.wikipedia.org/wiki/IEEE_802.1X#Typical_authentication_progression). This process uses a unique certificate that is hardcoded on your residential gateway. -2. Once the authentication completes, you'll be able to properly "talk" to the outside. However, all of your traffic will need to be tagged with VLAN ID 0 (a.k.a. VLAN Priority Tagging[[1]](https://wikipedia.org/wiki/IEEE_802.1Q#Frame_format)[[2]](https://www.cisco.com/c/en/us/td/docs/switches/connectedgrid/cg-switch-sw-master/software/configuration/guide/vlan0/b_vlan_0.html)) before the IP gateway will respond. -3. Once traffic is tagged with VLAN0, your residential gateway needs to request a public IPv4 address via DHCP. The MAC address in the DHCP request needs to match that of the MAC address that's assigned to your AT&T account. Other than that, there's nothing special about the DCHPv4 handshake. -4. After the DHCP lease is issued, the WAN setup is complete. Your LAN traffic is then NAT'd and routed to the outside. +1. Once the authentication completes, you'll be able to properly "talk" to the outside. But strangely, all of your traffic will need to be tagged with VLAN id 0 before the IP gateway will respond. I believe VLAN0 is an obscure Cisco feature of 802.1Q CoS, but I'm not really sure. +1. Once traffic is tagged with VLAN0, your residential gateway needs to request a public IPv4 address via DHCP. The MAC address in the DHCP request needs to match that of the MAC address that's assigned to your AT&T account. Other than that, there's nothing special about the DCHPv4 handshake. +1. After the DHCP lease is issued, the WAN setup is complete. Your LAN traffic is then NAT'd and routed to the outside. ## Bypass Procedure @@ -170,6 +170,29 @@ If you have additional LAN interfaces repeat these steps for each interface. That's it! Now your clients should be receiving public IPv6 addresses via DHCP6. +# Static IP block configuration +Choose which Method is the best for you. + +## 1:1 Nat: ## + +1. Navigate to _Interfaces > WAN_ and scroll down to Alias IPv4 address. +1. In the _Alias IPv4 address box_ enter the RG IP (One past your last IP) + Example: if you have `34.22.45.10/29` the RG IP would be one past your last + IP `(34.22.45.15)` so it would be `(34.22.45.16)`. + 1. Navigate to _Firewall > NAT > 1:1._ + 1. Create a new 1:1 NAT rule with the following values. + _Interface: WAN_ + 2. _External Network:_ your desired usable static IP + 3. _Internal IP:_ (Single Host or Network) IP of the LAN host or network that + you want to have the static IP. + 2. Make sure you set the submask accordingly (single devices use /32) a /32 + only gives you one address. +## ~~Completely Bypassing the NAT and giving the device the static IP:~~ ## +### In Progress ### +> __Should only be used if you know what you are doing__ + +1. **If you pfsense has multiple interfaces:** + # Troubleshooting ## Logging