PPPOE Mini Howto

Arno Wilhelm

2003-01-17

Abstract:

This document describes how to setup the pppoe server and the pppoe client on linux.

1 Setting up the pppoe server on linux

1.1 Installing the server

Copy the pppoe server sources from /home/software/6.2/SRPMS/rp-pppoe-3.5-1.src.rpm to your netfence box under the directory /usr/src/redhat/SRPMS/. Then issue the following commands:

> cd /usr/src/redhat/SRPMS

> rpm -rebuild rp-pppoe-3.5.1.src.rpm

> cd ../RPMS/i386/

> rpm -Uvh rp-pppoe-3.5-1.i386.rpm

It might be that you have to install some additional packages in order to fullfill some dependencies. If you already have a binary rpm, the you only have to install it:

: > rpm -Uvh rp-pppoe-3.5-1.i386.rpm

1.2 Configurating the server

In the /etc/ppp/ directory there are now two configuration files:

> l pppoe*

-rw-r-r- 1 root root 4562 Jan 17 15:43 pppoe.conf

-rw-r-r- 1 root root 104 Jan 17 15:43 pppoe-server-options

The file pppoe-sever-options contains the options that are passed to the ppp daemon after the pppoe server has established the connection. Here is a example of such a file:

# PPP options for the PPPoE server

require-pap

lcp-echo-interval 10

lcp-echo-failur 4

require-pap

means that the client has to use the pap protocoll for authentication

login

tells the pppd to use the system password database for authenticating the peer using PAP, and record the user in the system wtmp file. Note that the peer must have an entry in the /etc/ppp/pap-secrets file as well as the system password database to be allowed access.

lcp-echo-interval

If this option is given, pppd will send an LCP echo-request frame to the peer every n seconds. Normally the peer should respond to the echo-request by sending an echo-reply. This option can be used with the lcp-echo-failure option to detect that the peer is no longer connected.

lcp-echo-failure

lcp-echo-failure n If this option is given, pppd will presume the peer to be dead if n LCP echo-requests are sent without receiving a valid LCP echo-reply. If this happens, pppd will terminate the connection. Use of this option requires a non zero value for the lcp-echo-interval parameter. This option can be used to enable pppd to terminate after the physical connection has been broken (e.g., the modem has hung up) in situations where no hardware modem control lines are available.

For more options see man pppd.

The file pap-secrets:

# Secrets for authentication using PAP

# client server secret IP addresses

MyUserName * CX2345 192.168.232.65

This entry in the pap-secrets file means that the ppp client with the username ``MyUserName'' and password ``CX2345'' can login from any server and gets assigned the ip address 192.168.232.65 then.

The file pppoe.conf file is only used by the adsl-start, adsl-stop, adsl-connect and adsl-status shell scripts. It is not used in any way by the "pppoe" server.

1.3 Running the server

Make sure the ethernet device on which the pppoe server should listen is clean and up:

: > ip link set dev eth1 up

Run the following command as root:

: > pppoe-server -I eth1 -C quirxi -L 192.168.10.1 -R 192.168.10.10
-I: this options specifies the device the pppoe server is listening.
-C: specifies which name to report as the access concentrator name. If not supplied, the host name is used.
-L: sets the local IP address. This is passed to spawned pppd processes. If not specified, the default is 10.0.0.1.
-R: sets the starting remote IP address. As sessions are established, IP addresses are assigned starting from ip. pppoe-server automatically keeps track of the pool of addresses and passes a valid remote IP address to pppd. If not specified, a starting address of 10.67.15.1 is used.

For further options see man pppoe-server.

2 Setting up the pppoe client on linux

2.1 Installing the client

The client and the server are included in the same rpm. So you have to install the sources only once:

: > rpm -Uvh rp-pppoe-3.5-1.i386.rpm

2.2 Configurating the client

As already described in the server configuration you have to add the user and his password to the /etc/ppp/pap-secrets file:

# Secrets for authentication using PAP

# client server secret IP addresses

MyUser * CX2345 192.168.232.65

This entry in the pap-secrets file means that the ppp client uses the username ``MyUser'' and password ``CX2345'' when connecting to a ppp-server.

2.3 Running the client

For running the client you have to issue a quite complicated command. This command is assembled out of two commands: one for the ppp daemon and one for the pppoe client. In fact you call the pppd daemon with an option that starts the pppoe client that sets up the line before the pppd daemon can make the authentication etc. Since the command is too complicated ( and too long :-) I just enumerate the single steps and enclose a shell scripts that shows the details. The shell script was inspired by the adsl-start script from redhat. For further info on the single command line parameters and options see man pppoe and man pppd.
These are the single steps:

Collect all data like device-name, username, dns-option, access-concentrator-name etc.
Build the pppoe-command string
Build the pppd-options string.
Set up the device.
Load the kernel modules.
Build the final command out of the pppoe command string and the pppd options string.
Issue the command

Here is the script that shows these steps in detail:

#!/bin/bash

#########################

# Fill in your options here: #

#########################

USER="MyUser" # username: when using pap authentication itmust be listed in /etc/ppp/pap-secrets

DEV="pppoe" # device

PPPOE_PIDFILE="${DEV}.pppoe" # pidfile for pppoe

PPPD_PIDFILE="${DEV}.pppd" # pidfile for pppd daemon

TIMEOUT=30 # connection timout in seconds

MTU=1412 # MTU

AC="bugs" # Access concentrators name -> see also the pppoe-server -C option

SERVICENAME= # We are not using a service name

SYNCHRON=no # Put here a -s if you want to use synchronous mode

LCP_INTERVAL=20 # Testing the line every LCP_INTERVAL seconds ...

LCP_FAILURE=3 # Shutting down the device when the line tests have failed a LCP_FAILURE time ...

PEERDNS="no" # Getting the dns server from the remote side ?

######################

# Path to programms: #

######################

SETSID=`which setsid` # setsid â run a program in a new session

PPPD=`which pppd`

PPPOE=`which pppoe`

IP=`which ip`

##############################################################

# Starting a pppoe connection means actually starting to programms: #

# -> The pppoe programm for preparing the line. #

# -> The pppd deamon for authentication etc. #

#############################################################

######################

# The pppoe command: #

######################

if test -n "$SERVICENAME" ; then

SERVICENAME="-S $SERVICENAME"

if test -n "$AC" ; then

AC="-C $AC"

if test -n "$MTU" ; then

MTU="-m $MTU"

if test "$SYNCHRON" = "yes" ; then

PPPOE_SYNC="-s"

PPPD_SYNC="sync"

# Increase the chances of it working on Linux...

modprobe n_hdlc > /dev/null 2>&1

else

PPPOE_SYNC=""

PPPD_SYNC=""

PPPOE_CMD="pppoe -p ${PPPOE_PIDFILE} -I ${DEV} -T ${TIMEOUT} ${PPPOE_SYNC} -U ${MTU} ${AC} ${SERVICNAME}"

echo "PPPOE Command:"

echo " ${PPPOE_CMD}"

echo

####################

# The ppp options: #

####################

if test "$DNSTYPE" = "SERVER" ; then

PEERDNS=yes

if test "$PEERDNS" = "yes" ; then

PEERDNS="usepeerdns"

else

PEERDNS=""

# Standard PPP options we always use

PPP_STD_OPTIONS="noipdefault noauth default-asyncmap defaultroute hide-password nodetach $PEERDNS mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user $USER lcp-echo-interval $LCP_INTERVAL lcp-echo-failure $LCP_FAILURE"

echo "PPP Options:"

echo " $PPP_STD_OPTIONS"

echo

#######################

# Preparing the device: #

#######################

${IP} link set dev ${DEV} down

${IP} link set mtu 1500 dev ${DEV}

${IP} link set dev ${DEV} up

#######################

# Loading the modules: #

#######################

# For 2.4 kernels. Will fail on 2.2.x, but who cares?

modprobe ppp_generic > /dev/null 2>&1

modprobe ppp_async > /dev/null 2>&1

modprobe ppp_synctty > /dev/null 2>&1

# for newer 2.5 kernels or patched 2.4 kernels !?

# if test -n "$LINUX_PLUGIN" ; then

# modprobe pppox > /dev/null 2>&1

# modprobe pppoe > /dev/null 2>&1

#######################

# The command itself: #

#######################

echo "The finished pppoe client command:"

echo ' ${SETSID} ${PPPD} pty "$PPPOE_CMD" $PPP_STD_OPTIONS $PPPD_SYNC &'

echo " ${SETSID} ${PPPD} pty \"${PPPOE_CMD}\" ${PPP_STD_OPTIONS} ${PPPD_SYNC} &"

echo

${SETSID} ${PPPD} pty "$PPPOE_CMD" $PPP_STD_OPTIONS $PPPD_SYNC &

echo "$!" > $PPPD_PIDFILE

3 Tips, Tricks and Bugs

3.1 Cabeling

Box To Box: Use a crosslink ethernet cable.
Over a hub: Use a crosslink ethernet cable somewhere in between.
Over a switch: Use normal ethernet cables.

3.2 Modules

Depending on the type of connection ( async, sync ) certain modules have to be installed and loaded before the pppoe client can be started.

3.2.1 Kernel 2.2

Make sure you have following modules:

ppp
slhc
ppp_deflate
n_hdlc

3.2.2 Kernel 2.4

Make sure you have following modules:

ppp_async
ppp_deflate
ppp_generic
ppp_synctty
syncppp
n_hdlc
slhc

3.2.3 Kernel 2.5 and patched 2.4

It seems that in this kernels/plugins the modules pppox and ppoe have been added.

3.3 Tcpdump Command

If you want to watch the pppoe packets, use the following tcpdump command:

: > tcpdump -i eth1 -n ether proto 0x8863 '||' ether proto 0x8864

3.4 Bugs

Once we had to turn the autonegotiation ``feature'' of the ethernetcards off . We used the mii-diag tool to change the settings.

About this document ...

PPPOE Mini Howto

This document was generated using the LaTeX2HTML translator Version 2002 (1.62)

The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir29963A7nznb/lyx_tmpbuf29963uqNzhq/Pppoe-Howto.tex