This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM WAN connection to broadband PPPOe help

My ISP is SKY Broadband in the UK - The largest broadband supplier in the UK (6 Million users)

The setup they use is fairly standard except for 1 thing; they authenticate using something called DHCP option 61 - Client identifier.
Many routers support this out of the box, for others there is a way to add a custom script to the router.

My current router has a custom scripts page, under "Run after initialising" I add the following script:

#!/bin/sh

/sbin/udhcpc -i eth2.2 -x 0x3d:3777890865644535346633326769999964736c7a78394b6f6e4498796d498765366d95
### Custom user script
### Called after router started and network is ready

With this in place everything is fine. (the long code is my username and password in hex but anything will work in the correct format)
With DDWRT you simply click edit on the WAN connection, make sure it's set to DHCP client and under the advanced section, enter the script into the client id and vendor id fields as appropriate.

The question is, how can this be achieved with Sophos UTM 9?

 


This thread was automatically locked due to age.
Parents Reply
  • I added this to the var/sec/chroot-dhcpc/dhclient.ifaces file:

    send dhcp-client-identifier 3777890865644535346633326769999964736c7a78394b6f6e4498796d498765366d95;

    But it did not connect up. 

    How would the UTM know which interface to use for this request?

    Can anyone suggest what might be wrong with this string?

Children
  • Years ago, da_merlin, one of the original developers, gave a different prescription: https://community.sophos.com/products/unified-threat-management/astaroorg/f/asg-v8-300-beta-closed/71340/8-285-notabug-closed-external-interface-won-t-come-up-when-using-dhcp/276676#276676. Any luck with that?

    Cheers - Bob
    PS I just found that after doing a Google on site:community.sophos.com DHCP "client identifier"

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Success! 

    I was probably over thinking this one slightly because in the end it was simple. 

    Firstly thanks to BAIFson for the links.

    1, Change Wan interface to Ethernet not PPPoE

    2, Add 
                  send dhcp-client-identifier 345678902345678904567.....................;
    to the  /var/chroot-dhcpc/etc/default.conf 

    3, Reboot, you probably only need to turn off the interface and turn it back on again. But SKY broadband seems to have a 1-3 minute timeout on ip renew/ release if the device changes. I'm using an Openreach modem which might cause this.

    4, That's it, your interface should connect and shell changes will survive a reboot.

    5, Now need to find out if it will survive an update..... and why I'm getting a poor ping and low bandwidth (20/5) when it should be (40/20).

  • Just to close this topic off. If your setting up Sky broadband on the UTM you may well have SKY Q too (4k satellite TV system).

    If so you will also need to do this.

    SKY Q boxes need to authenticate and use certain ports for downloads, catch-up, apps and the images of recorded programs.
    1, You have to add the Sky Box to the Transparent mode skip list under Web filtering, if enabled
    2, Define SKY Q service 1 > 3700 udp
    3, Define SKY Q service 2 > 33224 udp 
    4, Setup firewall rule to say: internal network > service 1+2 > Any
     
    Note: you can tie the rule down further to just a SKY devices group, but that will also include any iPads Xboxes etc, that want to use the Q app.