Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-27 Thread Daniel Gillen 
On 28/04/2016 05:07, Jeremy wrote:
> On Tue, 26 Apr 2016 17:53:32 -0500
> Adam Thompson  wrote:
>> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2
>> - -l -n" and see what, if any, traffic is coming from the ONT on
>> the raw ethernet port (this will include the VLAN 10 packets, too).
>> If you're lucky, something it emits will give you a clue.
>> -Adam
> 
> OK, so I have heard from my ISP that I need to use PPPoE.
> 
> My config is now:
> # cat hostname.em2
> up
> 
> #cat hostname.vlan10
> up vlan 10 vlandev em2
> 
> #cat /etc/hostname.pppoe0 
> !/sbin/ifconfig em2 up
> !/sbin/ifconfig vlan10 up
> inet 0.0.0.0 255.255.255.255 NONE \
> pppoedev vlan10 \
> authproto pap \
> authname "xxx" \
> authkey "xx"
> dest 0.0.0.1
> 
> 
> ifconfig shows me the following:
> # ifconfig
> em2: flags=8843 mtu 1500
> lladdr 00:11:0a:08:01:57
> priority: 0
> media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) 
> status: active
> vlan10: flags=8843 mtu 1500
> lladdr 00:11:0a:08:01:57
> priority: 0
> vlan: 10 parent interface: em2
> groups: vlan
> status: active
> pppoe0: flags=8851 mtu 1492
> priority: 0
> dev: vlan10 state: PADI sent
> sid: 0x0 PADI retries: 25 PADR retries: 0
> sppp: phase establish authproto pap authname "medix21" 
> groups: pppoe
> status: no carrier
> inet 0.0.0.0 --> 0.0.0.1 netmask 0x
> 
> 
> Finally running tcpdump on the em2 physical port shows this:
> # tcpdump -nettti em2 - -l -n
> tcpdump: listening on em2, link-type EN10MB
> Apr 28 14:58:26.088559 00:11:0a:08:01:57 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q 
> vid 10 pri 3 PPPoE-Discovery
> code Initiation, version 1, type 1, id 0x, length 12
> tag Service-Name, length 0
> tag Host-Uniq, length 4 w\257\323\236
> Apr 28 14:59:26.281326 00:11:0a:08:01:57 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q 
> vid 10 pri 3 PPPoE-Discovery
> code Initiation, version 1, type 1, id 0x, length 12
> tag Service-Name, length 0
> tag Host-Uniq, length 4 w\257\323\236
> ...
> 
> 
> It looks to me like I cannot contact the PPPoE auth service. 
> Note: I have tried this with the pppoedev set to both the 
> physical em2 interface and the vlan10 interface with the same 
> result. Either I'm connecting to the wrong port on the ONT or 
> I'm missing a further piece of the puzzle.
> 

Supposing it is the correct port, this looks exactly like the problem I
had with the vlan prio field not being 0 and the provider not ignoring it.

Try if this patch helps, it makes the vlan prio field be 0 all the time:

Index: net/if_vlan.c
===
RCS file: /cvs/src/sys/net/if_vlan.c,v
retrieving revision 1.151
diff -u -p -r1.151 if_vlan.c
--- net/if_vlan.c   13 Jan 2016 03:18:26 -  1.151
+++ net/if_vlan.c   28 Apr 2016 05:11:34 -
@@ -270,8 +270,7 @@ vlan_start(struct ifnet *ifp)
 */
} else if ((p->if_capabilities & IFCAP_VLAN_HWTAGGING) &&
(ifv->ifv_type == ETHERTYPE_VLAN)) {
-   m->m_pkthdr.ether_vtag = ifv->ifv_tag +
-   (prio << EVL_PRIO_BITS);
+   m->m_pkthdr.ether_vtag = ifv->ifv_tag;
m->m_flags |= M_VLANTAG;
} else {
struct ether_vlan_header evh;
@@ -279,8 +278,7 @@ vlan_start(struct ifnet *ifp)
m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t));
evh.evl_proto = evh.evl_encap_proto;
evh.evl_encap_proto = htons(ifv->ifv_type);
-   evh.evl_tag = htons(ifv->ifv_tag +
-   (prio << EVL_PRIO_BITS));
+   evh.evl_tag = htons(ifv->ifv_tag);
m_adj(m, ETHER_HDR_LEN);
M_PREPEND(m, sizeof(evh), M_DONTWAIT);
if (m == NULL) {

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-27 Thread Jeremy 
On Tue, 26 Apr 2016 17:53:32 -0500
Adam Thompson  wrote:
> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2
> - -l -n" and see what, if any, traffic is coming from the ONT on
> the raw ethernet port (this will include the VLAN 10 packets, too).
> If you're lucky, something it emits will give you a clue.
> -Adam

OK, so I have heard from my ISP that I need to use PPPoE.

My config is now:
# cat hostname.em2
up

#cat hostname.vlan10
up vlan 10 vlandev em2

#cat /etc/hostname.pppoe0 
!/sbin/ifconfig em2 up
!/sbin/ifconfig vlan10 up
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev vlan10 \
authproto pap \
authname "xxx" \
authkey "xx"
dest 0.0.0.1


ifconfig shows me the following:
# ifconfig
em2: flags=8843 mtu 1500
lladdr 00:11:0a:08:01:57
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) 
status: active
vlan10: flags=8843 mtu 1500
lladdr 00:11:0a:08:01:57
priority: 0
vlan: 10 parent interface: em2
groups: vlan
status: active
pppoe0: flags=8851 mtu 1492
priority: 0
dev: vlan10 state: PADI sent
sid: 0x0 PADI retries: 25 PADR retries: 0
sppp: phase establish authproto pap authname "medix21" 
groups: pppoe
status: no carrier
inet 0.0.0.0 --> 0.0.0.1 netmask 0x


Finally running tcpdump on the em2 physical port shows this:
# tcpdump -nettti em2 - -l -n
tcpdump: listening on em2, link-type EN10MB
Apr 28 14:58:26.088559 00:11:0a:08:01:57 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q vid 
10 pri 3 PPPoE-Discovery
code Initiation, version 1, type 1, id 0x, length 12
tag Service-Name, length 0
tag Host-Uniq, length 4 w\257\323\236
Apr 28 14:59:26.281326 00:11:0a:08:01:57 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q vid 
10 pri 3 PPPoE-Discovery
code Initiation, version 1, type 1, id 0x, length 12
tag Service-Name, length 0
tag Host-Uniq, length 4 w\257\323\236
...


It looks to me like I cannot contact the PPPoE auth service. 
Note: I have tried this with the pppoedev set to both the 
physical em2 interface and the vlan10 interface with the same 
result. Either I'm connecting to the wrong port on the ONT or 
I'm missing a further piece of the puzzle.

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Joel Wirāmu Pauling 
In New Zealand - 802.11ad VLAN's are stripped at the fibre Side of the ONT
and the Layer2 (whatever it is ) is preserved throughout the access network
to the ISP handover. If you get VLAN's (802.1q)  on the customer ethernet
port side, it will be entirely entirely dependent on the service that you
bought from the ISP and how they deliver it.

In my experience the only ISP's actively passing VLAN's on to the customer
normally supply a pre-configured Residential gateway pre-setup with VLAN
tag info.

Most of the others do straight ethernet out of the port and dhcpc san' any
.1q tagging.

I don't know who you are with or where you live but the above is a fairly
standard setup for METH + GPON deployments in several other countries.

Your best best will be to use wireshark to sniff the port and see what (if
any) tags and frames are passing over it.

Also in the NZ situation Each Customer side ONT ethernet port maps to a
single service (each port is separate ethernet chip, i.e you can't use it
like a switch) so you may simply be on the wrong activated port.

In any case if your ISP is useless. Wireshark is your friend.


I would wager we are slightly off topic.

-Joel



On 27 April 2016 at 10:53, Adam Thompson  wrote:

> On 16-04-26 05:29 PM, Jeremy wrote:
>
>> Yeah, that's half the problem. My ISP isn't telling me much. Their
>> helpdesk is handled out of the Philippines and it seems they're reading
>> off a script. They don't mention PPPoE but from what I've tried so far,
>> this looks like it will be necessary.
>>   Jeremy
>>
>
> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2 -
> -l -n" and see what, if any, traffic is coming from the ONT on the raw
> ethernet port (this will include the VLAN 10 packets, too). If you're
> lucky, something it emits will give you a clue.
> -Adam

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Joel Wirāmu Pauling 
​Oh one other caveat; your dhcpclient MUST support dhcp-option-82 in some
situations.

On 27 April 2016 at 11:20, Joel Wirāmu Pauling  wrote:

> In New Zealand - 802.11ad VLAN's are stripped at the fibre Side of the ONT
> and the Layer2 (whatever it is ) is preserved throughout the access network
> to the ISP handover. If you get VLAN's (802.1q)  on the customer ethernet
> port side, it will be entirely entirely dependent on the service that you
> bought from the ISP and how they deliver it.
>
> In my experience the only ISP's actively passing VLAN's on to the customer
> normally supply a pre-configured Residential gateway pre-setup with VLAN
> tag info.
>
> Most of the others do straight ethernet out of the port and dhcpc san' any
> .1q tagging.
>
> I don't know who you are with or where you live but the above is a fairly
> standard setup for METH + GPON deployments in several other countries.
>
> Your best best will be to use wireshark to sniff the port and see what (if
> any) tags and frames are passing over it.
>
> Also in the NZ situation Each Customer side ONT ethernet port maps to a
> single service (each port is separate ethernet chip, i.e you can't use it
> like a switch) so you may simply be on the wrong activated port.
>
> In any case if your ISP is useless. Wireshark is your friend.
>
>
> I would wager we are slightly off topic.
>
> -Joel
>
>
>
> On 27 April 2016 at 10:53, Adam Thompson  wrote:
>
>> On 16-04-26 05:29 PM, Jeremy wrote:
>>
>>> Yeah, that's half the problem. My ISP isn't telling me much. Their
>>> helpdesk is handled out of the Philippines and it seems they're reading
>>> off a script. They don't mention PPPoE but from what I've tried so far,
>>> this looks like it will be necessary.
>>>   Jeremy
>>>
>>
>> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2 -
>> -l -n" and see what, if any, traffic is coming from the ONT on the raw
>> ethernet port (this will include the VLAN 10 packets, too). If you're
>> lucky, something it emits will give you a clue.
>> -Adam

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Jeremy 
On Tue, 26 Apr 2016 17:53:32 -0500
Adam Thompson  wrote:
> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2
> - -l -n" and see what, if any, traffic is coming from the ONT on
> the raw ethernet port (this will include the VLAN 10 packets, too).
> If you're lucky, something it emits will give you a clue.
> -Adam

# tcpdump -i em2 - -l -n
tcpdump: listening on em2, link-type EN10MB
11:02:45.424174 802.1Q vid 10 pri 3 0.0.0.0.68 > 255.255.255.255.67: 
xid:0x68c2d0d6 [|bootp] [tos 0x10] (ttl 128, id 0, len 328)
11:02:48.444006 802.1Q vid 10 pri 3 0.0.0.0.68 > 255.255.255.255.67: 
xid:0x68c2d0d6 secs:3 [|bootp] [tos 0x10] (ttl 128, id 0, len 328)
11:02:55.478030 802.1Q vid 10 pri 3 0.0.0.0.68 > 255.255.255.255.67: 
xid:0x68c2d0d6 secs:10 [|bootp] [tos 0x10] (ttl 128, id 0, len 328)
11:03:10.537275 802.1Q vid 10 pri 3 0.0.0.0.68 > 255.255.255.255.67: 
xid:0x68c2d0d6 secs:25 [|bootp] [tos 0x10] (ttl 128, id 0, len 328)

So no packets coming back

I'm wondering if I have a problem with pf.
I have added the following lines to my pf.conf and reloaded.
==
fibre_if="{ em2 vlan10 }"
...
pass in log on $fibre_if
==

Am I missing anything ?

I've also run: tcpdump -n -e -ttt -r /var/log/pflog
and there are no instances of em2 or vlan10 logged.


Thanks
Jeremy

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Adam Thompson 

On 16-04-26 05:29 PM, Jeremy wrote:

Yeah, that's half the problem. My ISP isn't telling me much. Their
helpdesk is handled out of the Philippines and it seems they're reading
off a script. They don't mention PPPoE but from what I've tried so far,
this looks like it will be necessary.
  
Jeremy


If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2 - 
-l -n" and see what, if any, traffic is coming from the ONT on the raw 
ethernet port (this will include the VLAN 10 packets, too). If you're 
lucky, something it emits will give you a clue.

-Adam

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Jeremy 
On Tue, 26 Apr 2016 10:09:41 + (UTC)
Stuart Henderson  wrote:
> Yes, I set one up via pppoe. But the ONT is just providing the
> physical connection, the specifics of what you need to do on top of
> that are ISP-dependent. If they are telling you DHCP then use DHCP :)

Yeah, that's half the problem. My ISP isn't telling me much. Their
helpdesk is handled out of the Philippines and it seems they're reading
off a script. They don't mention PPPoE but from what I've tried so far,
this looks like it will be necessary.
 
> Setup the vlan before doing dhcp (i.e. vlan 10 vlandev em2 on one
> line, then dhcp on another).
> 
> If that doesn't help, paste the actual ifconfig output.
 
# cat /etc/hostname.em2
dhcp


# cat /etc/hostname.vlan10
up vlan 10 vlandev em2
dhcp


# sh /etc/netstart vlan10 
DHCPDISCOVER on vlan10 - interval 3
DHCPDISCOVER on vlan10 - interval 8
DHCPDISCOVER on vlan10 - interval 15
DHCPDISCOVER on vlan10 - interval 21
DHCPDISCOVER on vlan10 - interval 14
No acceptable DHCPOFFERS received.
No working leases in persistent database - sleeping.



# ifconfig em2
em2: flags=8843 mtu 1500
lladdr 00:11:0a:08:01:57
priority: 0
media: Ethernet autoselect (1000baseTfull-duplex,rxpause,txpause)
status: active

# ifconfig vlan10
vlan10: flags=8843 mtu 1500
lladdr 00:11:0a:08:01:57
priority: 0
vlan: 10 parent interface: em2
groups: vlan
status: active


Cheers
Jeremy

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-26 Thread Stuart Henderson 
On 2016-04-26,   wrote:
> Does anyone have experience connecting an OpenBSD box via a fibre ONT ?

Yes, I set one up via pppoe. But the ONT is just providing the physical
connection, the specifics of what you need to do on top of that are
ISP-dependent. If they are telling you DHCP then use DHCP :)

> My ISP tech support has been of little help but they mentioned that I
> should get a public IP address via DHCP on the ONT and should be using
> VLAN 10. I'm not sure how this helps. 
>
> I tried setting "up" in hostname.em2 and setting "dhcp vlan 10 vlandev
> em2" in /etc/hostname.vlan10 but this failed to get me an IP address
> either. # ifconfig shows em2 is "active" and vlan10 is also "active" but
> I don't see how to route traffic via this link.

Setup the vlan before doing dhcp (i.e. vlan 10 vlandev em2 on one line,
then dhcp on another).

If that doesn't help, paste the actual ifconfig output.

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-25 Thread Daniel Gillen 
On 26/04/2016 04:56, open...@smartpoint.co.nz wrote:
> Does anyone have experience connecting an OpenBSD box via a fibre ONT ?
> 
> I currently have a working setup using the OpenBSD box as a
> router/firewall for my LAN, connecting to the internet via an ethernet
> connected ADSL modem. I'm trying to replace this ADSL connection with
> Fibre. 
> (Note: I will update default gateway and routes after I can
> successfully bring up the fibre link.)
> 
> I have an ONT installed by my ISP but (for various reasons) they left
> without completing the config. I'm having trouble getting information
> about how my OpenBSD NIC should be configured.
> 
> My LAN is connected on em0
> I have the current ADSL connected on em1
> I have an ethernet cable on em2 plugged into the ONT on its LAN 1 port.
> 
> I'm trying to understand the expected configuration of em2.
> 
> I've tried setting dhcp in /etc/hostname.em2 and doing a netstart.
> Unfortunately I don't get an IP address on this interface (timeout). 
> 
> My ISP tech support has been of little help but they mentioned that I
> should get a public IP address via DHCP on the ONT and should be using
> VLAN 10. I'm not sure how this helps. 
> 
> I tried setting "up" in hostname.em2 and setting "dhcp vlan 10 vlandev
> em2" in /etc/hostname.vlan10 but this failed to get me an IP address
> either. # ifconfig shows em2 is "active" and vlan10 is also "active" but
> I don't see how to route traffic via this link.
> 
> 
> I was expecting that I need a (dhcp?) IP address on an interface
> connected to the ONT but I'm wondering if I have fundamentally
> mis-understood how this should be configured ?  Do I need PPPoE maybe ? 
> Thanks in advance.
> 

I have a similiar setup, except for me it's vlan id 35. And in addition,
I have to do pppoe on the link to reach the internet.

Here's my setup:

-- /etc/hostname.em1
up

-- hostname.vlan35
vlan 35 vlandev em1 up

-- hostname.pppoe0
!/sbin/ifconfig em0 up
!/sbin/ifconfig vlan35 up
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 \
pppoedev vlan35 \
authproto pap \
authname "" \
authkey ""
dest 0.0.0.1
inet6 autoconf
!/sbin/route add 0.0.0.0/0 -ifp pppoe0 0.0.0.1
!/sbin/route add ::/0 -ifp pppoe0 fe80::

Also, there seems to still be a bug in OpenBSD. You have no possibility
to influence the vlan prio field. That struck me in the beginning
because my ISP was requiring it to be 0 and the default value on OpenBSD
is 3 I think. If that's the case for you, you have to patch the kernel
to set the prio field to a fixed value.

Re: OT: Any experience connecting OpenBSD via ONT ?

2016-04-25 Thread Brendan Horan 
- On 26 Apr, 2016, at 10:56 AM,  open...@smartpoint.co.nz wrote:

> Does anyone have experience connecting an OpenBSD box via a fibre ONT ?

Yes. My ISP uses Acatel-Lucent I-020-G ONT device.
Fibre(GPON) input and two network ports.

> I was expecting that I need a (dhcp?) IP address on an interface
> connected to the ONT but I'm wondering if I have fundamentally
> mis-understood how this should be configured ?  Do I need PPPoE maybe ?
> Thanks in advance.

I use dhcp on OpenBSD to get a public IP address from the ONT device.
I must use port 1, port 2 gives me nothing.
However I assume that is set by my ISP
I do not need any form of PPP, its pure Ethernet.

OT: Any experience connecting OpenBSD via ONT ?

2016-04-25 Thread openbsd 
Does anyone have experience connecting an OpenBSD box via a fibre ONT ?

I currently have a working setup using the OpenBSD box as a
router/firewall for my LAN, connecting to the internet via an ethernet
connected ADSL modem. I'm trying to replace this ADSL connection with
Fibre. 
(Note: I will update default gateway and routes after I can
successfully bring up the fibre link.)

I have an ONT installed by my ISP but (for various reasons) they left
without completing the config. I'm having trouble getting information
about how my OpenBSD NIC should be configured.

My LAN is connected on em0
I have the current ADSL connected on em1
I have an ethernet cable on em2 plugged into the ONT on its LAN 1 port.

I'm trying to understand the expected configuration of em2.

I've tried setting dhcp in /etc/hostname.em2 and doing a netstart.
Unfortunately I don't get an IP address on this interface (timeout). 

My ISP tech support has been of little help but they mentioned that I
should get a public IP address via DHCP on the ONT and should be using
VLAN 10. I'm not sure how this helps. 

I tried setting "up" in hostname.em2 and setting "dhcp vlan 10 vlandev
em2" in /etc/hostname.vlan10 but this failed to get me an IP address
either. # ifconfig shows em2 is "active" and vlan10 is also "active" but
I don't see how to route traffic via this link.


I was expecting that I need a (dhcp?) IP address on an interface
connected to the ONT but I'm wondering if I have fundamentally
mis-understood how this should be configured ?  Do I need PPPoE maybe ? 
Thanks in advance.