I have Gigabit fiber service. After a 10 mb/sec stream buffered endlessly, I ran speed tests to about 30 servers and tracroutes to about 15. Other than the AT&T server in my town, the best downstream results were under 500 down and all that router through Dallas were under 60 mb/sec - one as low as 38. I tested with a Cyberpower PC via Ethernet directly to the modem. I confirmed these results with an Alienware laptop, also via Ethernet directly to the modem and several wifi devices (same basic speeds as Ethernet site by site). These problems occur repeatedly in peak hours.
AT&T support told me because they had a perfect connection from my home to their local DSLAM, that they would not even look into it. When I asked what I should do, they said "check my equipment". When I reiterated that I had confirmed the problem with multiple high end pieces of equipment, they said, "check my equipment". The direct support link said "connection refused. I'm in Austin TX. Does anyone have a contact at AT&T that might help me?
↧
[AT&T Fiber] Incredibly slow speeds
↧
[AT&T Fiber] Using Asuswrt-Merlin to bypass RG
Hi guys,
I successfully bypass AT&T's RG using rt-ac68u with extracted certs from both NVG510 and NVG589
No pfSense, or netgraph, or ubiquiti devices, or dumb switch needed.
I only tested with rt-ac68u, but the method should work for all Asuswrt-Merlin based wireless routers (Please let me know if it doesn't).
Basically, the AiProtection in Asuswrt auto tags net traffic with VLAN, so we only need to update wpa_supplicant which works with extracted certs.
More detail here https://github.com/bypassrg/att.
Any comments and suggestions are appreciated.
↧
↧
DNS issues?
So i have the gigabit conenction and today it has been horrible, i cannot load some sites, only youtube is working normally. I had to load several times this site and tech support over att blows ass. Anybody has any info on why is sucking right now?
↧
[AT&T Fiber] Upgraded from 300MB to 1GB, drastically diff speed test results
I upgraded on Saturday and it's seeming a bit erratic.
That night I test about 920/920 up/down after a reboot.
I was just trying some downloads now and was still capping off at about 35MBps, preupgrade speeds.
I check speedtest.net, 700 down, 938 up. Dslreports speedtest is 285 down, 944 up, and fast.com 500 down, 580 up.
Should me Pace modem be enough?
I just canceled TV as well so I can at least now try and do the dummy switch swap with an Asus AC66u with Merlin firmware, if that should be better.
Thoughts?
↧
[AT&T Fiber] Questions regarding BGW210 and removing it replaced w PFSense
So, after weeks of reading and rereading, I have succeeded in extracting two certs and the mfg.dat from my BGW210 gateway by using a USB TTL. I am still having an issue with EAP authentication failures in WPA supplicant, however.
I am thinking I missed something simple that can be corrected by sharing the steps I took:
First, my setup:
ATT 1 gigabit fiber
Arris BGW210-700 (ATT issued)
My firewall appliance is the 6 port Protectli 6 port device
TPLink 24port fully managed switch (T2600G-28TS)
Initial:
Come out of LAN port 1 on the gateway going into the WAN port of a Protectli appliance (interface em0) and out of the appliance on LAN port (interface em1) to the managed switch.
Post Extraction:
Connect the ONT cable directly to the WAN port (em0) of the Protectli appliance.
Process:
(skipping extraction steps as I believe they are not relevant)
After extraction and decoding mfg.dat I am left with 3 files:
attroot2031.cer - CA Cert in DER binary format
attsubca2021.cer - Another cert in .der format
EAP-TLS_8021x[REMOVED CHARS].tar
The tar file contains 4 files of note: Another CA cert (Arris), Client cert, PrivateKey cert, and a wpa_supplicant.conf.
As per instructions, I extract the certs from the tar archive and move them to the Protectli appliance running PFSense. The wpa_supplicant file gets stored in /etc on the PFSense box.
Next, I adjust the mac address of the WAN interface in PFSense (em0) to be the same as the mac address referenced in the wpa_supplicant.conf file which mirrors the mac of the AT&T gateway... Lastly, before launching wpa_supplicant command line I edit wpa_supplicant.conf adjusting the referenced interface to em0 since the ONT connection from the wall is now plugged directly into this port on PFSense. The final edit to wpa_supplicant.conf is to update the references to the 3 certs mentioned earlier (CA cert (Arris), Client cert, PrivateKey cert) and I specify the full path when editing the certs.
My wpa_supplicant.conf:
ca_cert="/root/CA_xxxxxxxxxxxxxxxxxxxxx.pem"
client_cert="/root/Client_xxxxxxxxxxxxxxxxxxx.pem"
eap=TLS
eapol_flags=0
identity="XX:XX:X:XX:XX:XX" (this mac is the gateway mac from ATT device, entered as cloned mac in PFSense)
key_mgmt=IEEE8021X
phase1="allow_canned_success=1"
private_key="/root/PrivateKey_xxxxxxxxxxxxxxxxxxxxxxx.pem"
As you can see my certs are stored in the base home dir of the PFSense account.
WPA_supplicant command line:
/usr/sbin/wpa_supplicant -Dwired -iem0 -c/etc/wpa_supplicant.conf
At this point, I switch back to PFSense GUI and initiate a lease renew while looking keeping an eye on the PFSense shell which is starting to give diagnostic info. After about 20-30 seconds I see 'EAP authentication failure' printed to stderr.
What you see here is literally everything I've done. I haven't tagged any interfaces with VLAN ids (remember reading this somewhere) or taken any other steps.
Any help would be forever appreciated.
↧
↧
Mass Buildout finished? Baton Rouge, LA
Since it seems like AT&T has finished most of their mass buildout, I can probably expect a fairly good chance of them not building out to me? They started in the Hickory Ridge neighborhood, but neglected to finish building out east of Hickory Ridge blvd besides a few side streets linked to it. It's unfortunate since it seems like I'm surrounded on both sides who were built out with fiber. It seems like AT&T Louisiana removed their contact us form, so I can't even get a "haha, maybe" response now. I haven't seen any trucks out rolling lately either.
↧
Good For gaming and streaming
Hi everyone
ATT has 1000 MBPS in my area and I want to know if there is a certain modem/router that works great for gaming and streaming videos. Any suggestions
thank you.
↧
BGW210 Firmware 1.9.14/15/16/2.3.4/2.4.4
Just after midnight today (Thursday, March 14th) my internet went down and when it came back up I saw that the firmware on my BGW210 upgraded to 1.9.14. Wonder what's new and changed?
Download here: http://gateway.c01.sbcglobal.net/firmware/001E46/BGW210-700_1.9.14/spTurquoise210-700_1.9.14.bin
↧
[AT&T Fiber] Another ATT Gateway Bypass Thread
Hi All,
There is enormous amount of information and I've been reading for a few hours on bypassing the ATT gateway, versus DMZ+, IP Passthrough ect. I have the gigapower and the Pace 5682 gateway. I currently do not have static public IP but am open to paying for it if it helps
I have ordered a Edgerouter 4 that is to be delivered tomorrow. I am an engineer and I do software amongst other things, but I am not a systems or networking engineer. I don't do any CLI with networking equipment, but I do CLI other things so I'm sure I can pick it up quicker than most. My questions are:
1) I am planning to start with the dumb-switch bypass as it sounds very straightforward, however, I am concerned about having all of my outbound traffic reliant upon a cheap $25 switch. Will it drop or mis-manage packets? I have the switch already and a small UPS I plan to use. My priority is mostly in online FPS gaming, in that I'd like to keep latency and packet loss (mis-management) low with an Open NAT.
2) Assuming long-term I'd like to have something better than the dumb-switch approach, I'm seeing options to use a managed switch and swap VLANs, but I've also seen posts about getting certs from a NV gateway and deploying the authentication in some routers. Would I be able to do this with the Edgerouter-4? I couldn't find any hits for this hardware combo and cert spoofing.
3) Any reason to buy a static IP and put the gateway into some sort of passthrough mode. There are some videos on Youtube and such that hint at this being a "true-bridge" but then there are comments that suggest this is not. My gut says going through the gateway in anyway is a loss, but again, I only know enough to be dangerous and can't prove this out on my own.
↧
↧
Could it be the fiber I ordered?
In September, I called AT&T's business department and they said that the building I am in is "green lighted" to have fiber installed in this building I have an office in. He put in the order for my Business Fiber 300 and said the installation outside the building would take up to 90 days.
Well, it is now past that... but outside, there are a bunch of the attached markings, flags, and the box directly in front of the building now has an orange cap on the access box. Neither AT&T nor the property's management company seem to know what is happening. I am curious what your thoughts are, if you saw this?
I also saw a new orange wire sticking out of the ground next door to our building, where the copper line goes from above ground to underground. Not sure what that orange wire would be?
Thanks for your input!
↧
New software version for Pace 5268AC?
I noticed that my 5268AC rebooted last night and it's showing a software version of 1.2.1.531810-att. Is this a new version?
↧
[AT&T Fiber] I will never get U-Verse or AT&T Fiber!
But it did recommend me this...
I felt immediately disappointed. A slap in the face, so to say.
(Also, I must point out that the zip code that I am in, is a business district.)
↧
Is there any way to bypass the bgw210-700 anymore?
I'm looking to bypass the at&t rg (bgw210) completely which I know has been done before by extracting the rsa private key corresponding to the client certificate used in 802.1x authentication. I have been working on this for some time now. When I first started, I looked in the firmware files but soon found out more about how it authenticates and that the private key is not in the firmware but comes pre-installed on every rg. I investigated the authentication packets to extract the root ca, intermediate ca, and client certificate, and I would assume that the authentication server would verify that the client certificate is signed by a trusted ca. I am going to test anyway but I doubt it would trust my certs. So next, seeing that at&t seems to have secured all communications and that a mitm attack wouldn't work, I went to the hardware level. I accessed the uart port (labeled bcm on the pcb) and hooked up my arduino to allow conversion to usb. I was able to see the boot log but any input seemed to do nothing. After some research I found out that it appears there is no way to get to a shell or interrupt the bootloader anymore. One idea to try to get to the cfe (bootloader) cli was to disable access to the flash. No one seemed to test this out, so I gave it a shot. I decided to apply a high (3.3v) voltage to the chip enable pin to disable any reads/writes. It ended up always giving read errors and halting/restarting. Either it was too early where the cfe bootloader never loaded or too late where cfe already started to initialize stuff/boot. Either way it would not drop to the cli as I was hoping. Maybe I had the timing wrong but I did try disabling the flash at different times. So, unless there is an exploit, I only see 2 potential options. Either look into the ont to see if there's anything there (which I know at&t does not want you opening) or manually reading the flash chip which would require desoldering, buying some adaptors/hardware for reading, and resoldering which would be difficult and time consuming (not to mention the extra costs). Assuming that there are no other choices, I guess the best option would be to buy a rg off of ebay or whatever and hope it has exploitable firmware (or as a last resort, manually read the flash). The question I have is if i'm missing any options or if there are any known exploits left. I was also wondering if there is any jtag access on the board and if anyone has any additional info about the ont (like does the 802.1x authentication happen on the ont or does it just forward it to another authentication server?). Any feedback/info is appreciated.
↧
↧
Dumb Switch Bypass IPv6 - Netgear
I'm using a Netgear R7000 and going for a simple Dumb Switch Bypass. I have it working and it performs well, everything feels more snappy.
But I can not get IPv6 to work at all. I have read posts where people say it just works or they got it to work. Is there any trick or step I need to do to make IPv6 work?
↧
Change public IP on BGW210-700
I am looking for a solution to change the public IP address when using the BGW210-700 modem. I also have a router connected behind it. I have searched for a solution to this, but I cannot find one for this particular modem. AT&T support has said there is no way to change the public IP except for physically changing the modem. Has anyone had a successful configuration or even a hack that has allowed the IP to change?
↧
Vanishing Bonded Pair Approval
I had an AT&T tech out a couple months ago who who claimed he got me approved for a bonded pair but since it was almost 5pm on a Thursday that it could be done that day and that I'd hear from someone the following week. That weekend I got an automated voice mail saying I needed to reschedule a an appointment which I knew nothing about and didn't miss because I was home. When the tech I mentioned was out he said he was surprised my internet was even working in my home because he had trouble getting it to connect when he was on the side of my home at the box. That's what prompted him to see if I could be approved for a bonded pair.
I called them back and the overseas people didn't know what I was talking about other then to say that someone had done work in the box nearest to me. That person and the AT&T Social Media people all denied that I was ever approved for a bonded pair and that there was no record of it. A neighbor had AT&T over late last month and my noise margin went up to over 10 and everything was working great until that power outage that went on awhile back which reset everything which sent my margin numbers back below 9.5 at times even 8.9 until I restart the modem again. I'm so frustrated with them.
I know it's said that FEC Errors are common. Having said that what about 2mil of them in a month? I get about 1400 CRC errors every 2 weeks
↧
[AT&T Fiber] Any way to bypass att modem using ASUS GT-AC5300?
Was curious if anyone else was using this specific router with att 1000 plan. If so, the options in the advanced settings have all sorts of options that look like could be use to "simplify" bypassing the modem.
Don't really wanna shell out $135 for an USG. But I will if I have to if I can't get around their modem.
Or if anyone else that uses this router, what were your go to settings? I tried putting the router in AP mode and it significantly improved my wifi speeds and kept them consistent.
↧
↧
[AT&T Fiber] Using Asuswrt-Merlin to bypass RG
Hi guys,
I successfully bypass AT&T's RG using rt-ac68u with extracted certs from both NVG510 and NVG589
No pfSense, or netgraph, or ubiquiti devices, or dumb switch needed.
I only tested with rt-ac68u, but the method should work for all Asuswrt-Merlin based wireless routers (Please let me know if it doesn't).
Basically, the AiProtection in Asuswrt auto tags net traffic with VLAN, so we only need to update wpa_supplicant which works with extracted certs.
More detail here https://github.com/bypassrg/att.
Any comments and suggestions are appreciated.
↧
ATT Default DNS vs Other (Google, Cloudflare, OpenDNS)
VDSL2 user here.
When it comes to online gaming and video streaming, is there much consideration to be concerned about using the default DNS from the gateway vs using a personal router connected in IP Passthrough and overriding DNS in the router.
↧
[IP-TV] AT&T TV Launches, Shoves AT&T Now Aside
AT&T TV Now — once the key service in AT&T’s video strategy and launched just three years ago — could soon be joining Sony’s PlayStation Vue in the streaming TV graveyard
https://www.broadcastingcable.com/news/at-t-tv-launches-shoves-at-t-now-aside
↧