PPPoE Server Under Ubuntu/Debian

http://imranasghar.blogspot.com/2009/05/pppoe-server-under-ubuntudebian.html

----------------------------

PPPoE Server Setup:
Operating System: Ubuntu Desktop(8.04)

1) Installation of Softwares:
Server Side
a) ppp
apt-get install ppp
b) pppoe
apt-get install pppoe
c) rp-pppoe (I used rp-pppoe-3.10.tar.gz)
RP PPPoE; can be obtained from,
http://www.roaringpenguin.com/products/pppoe
After download
Move it to some place e.g /var/tmp, unpack and change permission

root@pppoe:/var/tmp# mv /home/imran/Desktop/rp-pppoe-3.10.tar.gz /var/tmp/

root@pppoe:/var/tmp# tar -xvf rp-pppoe-3.10.tar.gz

root@pppoe:/var/tmp# chown imran:imran rp-pppoe-3.10

root@pppoe:/var/tmp# ls -l

total 220

drwxr-xr-x 8 imran imran   4096 2008-06-30 16:00 rp-pppoe-3.10

-rw-r--r-- 1 imran imran 215288 2009-10-19 10:31 rp-pppoe-3.10.tar.gz

root@pppoe:/var/tmp#

Open README file and go through it.There are 3 methods I shall go for first one, QuickStart method.

QUICKSTART Method: "If you're lucky, the "quickstart" method will work. After unpackingthe archive, become root and type"
root@pppoe:/var/tmp# cd rp-pppoe-3.10/
root@pppoe:/var/tmp/rp-pppoe-3.10# ./go

I got some gcc error, fixed it by installing "build-essential", This will install gcc and a some other files that need to build something from source.

sudo aptitude install build-essential

root@pppoe:/var/tmp/rp-pppoe-3.10# ./go

** Summary of what you entered **

Ethernet Interface: eth1
User name:          test
Activate-on-demand: No
Primary DNS:        82.196.201.43
Secondary DNS:      82.196.193.143
Firewalling:        NONE

>>> Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/resolv.conf
 (But first backing it up to /etc/resolv.conf-bak)
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
 (But first backing it up to /etc/ppp/pap-secrets-bak)
 (But first backing it up to /etc/ppp/chap-secrets-bak)

You will get messeg, "Congratulations, it should be all set up!"
Type 'pppoe-start' to bring up your PPPoE link and 'pppoe-stop' to bring
it down. Type 'pppoe-status' to see the link status.

Client Side :
# apt-get install pppoeconf

This will use to connect the pppoe server.

2) Configuration
Server side: Go the to /etc/ppp,

root@pppoe:/var/tmp# cd /etc/ppp
root@pppoe:/etc/ppp# ls
chap-secrets              ip-down.d    options          pppoe.conf-bak
chap-secrets-bak          ip-up        pap-secrets      pppoe_on_boot
firewall-masq             ip-up.d      pap-secrets-bak  pppoe-server-options
firewall-masq-3.10        ipv6-down    peers            pppoe-server-options-example
firewall-standalone       ipv6-down.d  plugins          pppoe-up
firewall-standalone-3.10  ipv6-up      pppoe.conf       resolv
ip-down                   ipv6-up.d    pppoe.conf-3.10
root@pppoe:/etc/ppp#

Many files, but interested are , pppoe-server-options, pppoe.conf, options,pap-secrets,chap-secrets
PAP is default authentication method, I let it.
root@pppoe:/etc/ppp# nano pap-secrets

#
# /etc/ppp/pap-secrets
#

# INBOUND connections

# Every regular user can use PPP and has to use passwords from /etc/passwd
*       hostname        ""      *

# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest   hostname        "*"     -
master  hostname        "*"     -
root    hostname        "*"     -
support hostname        "*"     -
stats   hostname        "*"     -
# OUTBOUND connections

# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following line.
#       *       password

"test"  *       "test"

You can change the authenticaion method from follwing file
root@pppoe:/etc/ppp# nano pppoe-server-options

# PPP options for the PPPoE server
# LIC: GPL
require-pap
#require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2

a) Change following in /etc/ppp/options file, some to them already uncommented.
In case of chap as authentication, the file looks like
root@pppoe:/etc/ppp# nano chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses

"test"          *        "test"         *
"test1"         *        "test"         *
"test2"         *       "test"          10.10.220.3
"test3"         *       "test"          10.10.220.4

Script that start the PPPoE server with NAT option
Create a script pppoe-up and chmod to 755.
root@pppoe:/etc/ppp# nano pppoe-up
root@pppoe:/etc/ppp# chmod 755 pppoe-up

#!/bin/bash
# ----------------------------------------------------

# Starts the PPPoE server and turns on NAT

# ----------------------------------------------------

# MAX is the maximum number of addresses your server

# is allowed to hand out.
PROV=pppoe
MAX=5

# BASE is the lowest IP address your server is allowed

# to hand out.

#BASE=192.168.1.238
#PLA=192.168.1.0/24

BASE=10.10.220.2
PLA=10.10.220.4

# NAT is the set of addresses which your server will

# NAT behind it. Other addresses behind your server

# WILL NOT be NATed.

#NAT=10.10.220.0/8

# MYIP is the public IP address of this server.

MYIP=10.10.220.1

##########################################

# Here is where the script actually starts executing.
##########################################

# Disable IP spoofing on the external interface.

#/sbin/iptables -A INPUT -i eth0 -s $NAT -j DROP

# Enable NAT for the private addresses we hand out.

#/sbin/iptables -t nat -A POSTROUTING -s $NAT -j $NAT --to-source $MYIP

# Launch the server.

/usr/sbin/pppoe-server pty -T 60 -I eth1 -L $MYIP -N $MAX -C $PROV -S $PROV -R $PLA

#echo "1" > "/proc/sys/net/ipv4/ip_forward"

Client side
Install pppoeconf, which may be already installed.
apt-get install pppoeconf

Run the Server

Execute the pppoe-up script in server.
root@pppoe:/etc/ppp# ./pppoe-up

Connection of client
Run pppoeconf in client's console,
client# pppoeconf

It will search for pppoe server on ethernet server. Once it found on, in this case in eth0 it will prompt for user name: test and passwd: test

Testing and Troubleshooting
Open the /var/log/syslog in server and monitor,

da:72:54 (10.10.220.1) on eth1 using Service-Name ''

Oct 19 12:58:11 pppoe pppd[6248]: pppd 2.4.4 started by root, uid 0

Oct 19 12:58:11 pppoe pppd[6248]: Using interface ppp0

Oct 19 12:58:11 pppoe pppd[6248]: Connect: ppp0 <--> /dev/pts/2

Oct 19 12:58:17 pppoe pppd[6248]: PAP peer authentication failed for test

Oct 19 12:58:17 pppoe pppd[6248]: Connection terminated.

Oct 19 12:58:17 pppoe pppoe[6250]: read (asyncReadFromPPP): Session 2: Input/output error

Oct 19 12:58:17 pppoe pppd[6248]: Exit.

Oct 19 12:58:17 pppoe pppoe-server[5908]: Session 2 closed for client 00:1e:37:da:72:54 (10.10.220.1) on eth1

Oct 19 12:58:17 pppoe pppoe-server[5908]: Sent PADT

There are some problems which need to fix
After fixing the issue, reconnect the client and monitor the log on server.
client# pppoeconf

Oct 19 13:19:18 pppoe pppd[8724]: pppd 2.4.4 started by root, uid 0
Oct 19 13:19:18 pppoe pppd[8724]: Using interface ppp0
Oct 19 13:19:18 pppoe pppd[8724]: Connect: ppp0 <--> /dev/pts/2
Oct 19 13:19:21 pppoe pppd[8724]: Cannot determine ethernet address for proxy ARP
Oct 19 13:19:21 pppoe pppd[8724]: local  IP address 10.10.220.1
Oct 19 13:19:21 pppoe pppd[8724]: remote IP address 10.10.220.2

It setted up ultimatley, I spent some time, checking the script carefully, running and testing several times before it was fixed.

Final testing, Both client and server will get the ip and they are able to ping each other.

Server side
root@pppoe:/etc/ppp# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:11:25:ed:fd:e2
         inet addr:192.168.1.249  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::211:25ff:feed:fde2/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:8943 errors:0 dropped:0 overruns:0 frame:0
         TX packets:3137 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:4222424 (4.0 MB)  TX bytes:833756 (814.2 KB)
         Base address:0x4000 Memory:d0080000-d00a0000

eth1      Link encap:Ethernet  HWaddr 00:08:a1:be:1d:65
         inet6 addr: fe80::208:a1ff:febe:1d65/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:648 errors:0 dropped:0 overruns:0 frame:0
         TX packets:776 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:39320 (38.3 KB)  TX bytes:50994 (49.7 KB)
         Interrupt:21 Base address:0x6000
eth1:avahi Link encap:Ethernet  HWaddr 00:08:a1:be:1d:65
         inet addr:169.254.5.242  Bcast:169.254.255.255  Mask:255.255.0.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         Interrupt:21 Base address:0x6000

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:2215 errors:0 dropped:0 overruns:0 frame:0
         TX packets:2215 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:113003 (110.3 KB)  TX bytes:113003 (110.3 KB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.10.220.1  P-t-P:10.10.220.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
         RX bytes:724 (724.0 B)  TX bytes:382 (382.0 B)

Ping from srver to client

root@pppoe:/etc/ppp# ping 10.10.220.2
PING 10.10.220.2 (10.10.220.2) 56(84) bytes of data.