Fix for newer versions of pfSense.

> I can't seem to get this to work in pfSense 2.7. Getting the error in terminal: ngctl: send msg: File exists Were you able to solve this? That's where I'm at right now and am debugging

altodd commented

2024-02-03 18:39:24 +05:30

(Migrated from github.com)

Specifically an issue when defining etf for ont... I am reading through issues and debugging now

tehdango commented

2024-02-03 19:58:29 +05:30

(Migrated from github.com)

netgraph is no longer needed and supplicant is part of pfsense now. I use this:
wpa_supplicant -s -B -Dwired -iem0 -c/root/pfatt/wpa/wpa_supplicant.conf

If you have a cert that requires an older ssl method like the BGW210 you will need to create a custom ssl.cnf with this:
`openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation`

Otherwise it will keep failing with method 13 error message.

Edit: This is a one line earlyshellcmd script.

netgraph is no longer needed and supplicant is part of pfsense now. I use this: `wpa_supplicant -s -B -Dwired -iem0 -c/root/pfatt/wpa/wpa_supplicant.conf` If you have a cert that requires an older ssl method like the BGW210 you will need to create a custom ssl.cnf with this: `openssl_conf = openssl_init [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] Options = UnsafeLegacyRenegotiation` Otherwise it will keep failing with method 13 error message. Edit: This is a one line earlyshellcmd script.

👍 1

altodd commented

2024-02-19 05:05:43 +05:30

(Migrated from github.com)

So I'm just getting back to tinkering with this, I tried to go downgrade and pull certs and seems like they block downgrades now. So I don't have the wpa_supplicant option. I can only have a tethered bypass, and the question still stands. I'll start digging into what is going on when defining etc, etc.

edit: Or am I dumb? I think the main thing throwing me is that I don't see a wpa_supplicant.conf in the repo, but I do see that wpa_supplicant allows vlan tagging now

So I'm just getting back to tinkering with this, I tried to go downgrade and pull certs and seems like they block downgrades now. So I don't have the wpa_supplicant option. I can only have a tethered bypass, and the question still stands. I'll start digging into what is going on when defining etc, etc. edit: Or am I dumb? I think the main thing throwing me is that I don't see a wpa_supplicant.conf in the repo, but I do see that wpa_supplicant allows vlan tagging now

👍 1

altodd commented

2024-02-19 08:21:03 +05:30

(Migrated from github.com)

Okay, sorry for the additional traffic, but what ended up working for me was just using the built in pfsense way of doing it now. https://docs.netgate.com/pfsense/en/latest/recipes/authbridge.html

tehdango commented

2024-02-19 08:43:14 +05:30

(Migrated from github.com)

each wpa_config is unique to the certs you extract so you would need to get that after doing the downgrade and the exploit to download them from your gateway. That guide is in another project here:
https://github.com/mozzarellathicc/attcerts

After you get those decoded you need to do what I posted above to use the supplicant method to remove the gateway completely.

each wpa_config is unique to the certs you extract so you would need to get that after doing the downgrade and the exploit to download them from your gateway. That guide is in another project here: [https://github.com/mozzarellathicc/attcerts](url) After you get those decoded you need to do what I posted above to use the supplicant method to remove the gateway completely.

hhf merged commit 28da6ae36e into master

2024-10-11 18:35:14 +05:30

hhf referenced this pull request from a commit

2024-10-11 18:35:15 +05:30

Merge pull request 'Fix for newer versions of pfSense.' (#73) from neclimdul/ngctl_attach_removal into master

Fix for newer versions of pfSense. #73