Wednesday, May 13, 2009

PPPoE Server Under Ubuntu/Debian

PPPoE Server Setup:
Operating System: Ubuntu Desktop(8.04)

1) Installation of Softwares:
Server Side
a) ppp
apt-get install ppp
b) pppoe
apt-get install pppoe
c) rp-pppoe (I used rp-pppoe-3.10.tar.gz)
RP PPPoE; can be obtained from,
http://www.roaringpenguin.com/products/pppoe
After download
Move it to some place e.g /var/tmp, unpack and change permission

root@pppoe:/var/tmp# mv /home/imran/Desktop/rp-pppoe-3.10.tar.gz /var/tmp/

root@pppoe:/var/tmp# tar -xvf rp-pppoe-3.10.tar.gz

root@pppoe:/var/tmp# chown imran:imran rp-pppoe-3.10

root@pppoe:/var/tmp# ls -l

total 220

drwxr-xr-x 8 imran imran 4096 2008-06-30 16:00 rp-pppoe-3.10

-rw-r--r-- 1 imran imran 215288 2009-10-19 10:31 rp-pppoe-3.10.tar.gz

root@pppoe:/var/tmp#

Open README file and go through it.There are 3 methods I shall go for first one, QuickStart method.

QUICKSTART Method: "If you're lucky, the "quickstart" method will work. After unpackingthe archive, become root and type"
root@pppoe:/var/tmp# cd rp-pppoe-3.10/
root@pppoe:/var/tmp/rp-pppoe-3.10# ./go

I got some gcc error, fixed it by installing "build-essential", This will install gcc and a some other files that need to build something from source.
sudo aptitude install build-essential
root@pppoe:/var/tmp/rp-pppoe-3.10# ./go

** Summary of what you entered **

Ethernet Interface: eth1
User name: test
Activate-on-demand: No
Primary DNS: 82.196.201.43
Secondary DNS: 82.196.193.143
Firewalling: NONE

>>> Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/resolv.conf
(But first backing it up to /etc/resolv.conf-bak)
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
(But first backing it up to /etc/ppp/pap-secrets-bak)
(But first backing it up to /etc/ppp/chap-secrets-bak)



You will get messeg, "Congratulations, it should be all set up!"
Type 'pppoe-start' to bring up your PPPoE link and 'pppoe-stop' to bring
it down. Type 'pppoe-status' to see the link status.

Client Side :
# apt-get install pppoeconf

This will use to connect the pppoe server.

2) Configuration
Server side: Go the to /etc/ppp,
root@pppoe:/var/tmp# cd /etc/ppp
root@pppoe:/etc/ppp# ls
chap-secrets ip-down.d options pppoe.conf-bak
chap-secrets-bak ip-up pap-secrets pppoe_on_boot
firewall-masq ip-up.d pap-secrets-bak pppoe-server-options
firewall-masq-3.10 ipv6-down peers pppoe-server-options-example
firewall-standalone ipv6-down.d plugins pppoe-up
firewall-standalone-3.10 ipv6-up pppoe.conf resolv
ip-down ipv6-up.d pppoe.conf-3.10
root@pppoe:/etc/ppp#

Many files, but interested are , pppoe-server-options, pppoe.conf, options,pap-secrets,chap-secrets
PAP is default authentication method, I let it.
root@pppoe:/etc/ppp# nano pap-secrets
#
# /etc/ppp/pap-secrets
#

# INBOUND connections

# Every regular user can use PPP and has to use passwords from /etc/passwd
* hostname "" *

# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest hostname "*" -
master hostname "*" -
root hostname "*" -
support hostname "*" -
stats hostname "*" -
# OUTBOUND connections

# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following line.
# * password

"test" * "test"
You can change the authenticaion method from follwing file
root@pppoe:/etc/ppp# nano pppoe-server-options

# PPP options for the PPPoE server
# LIC: GPL
require-pap
#require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2

a) Change following in /etc/ppp/options file, some to them already uncommented.
In case of chap as authentication, the file looks like
root@pppoe:/etc/ppp# nano chap-secrets


# Secrets for authentication using CHAP
# client server secret IP addresses

"test" * "test" *
"test1" * "test" *
"test2" * "test" 10.10.220.3
"test3" * "test" 10.10.220.4


Script that start the PPPoE server with NAT option
Create a script pppoe-up and chmod to 755.
root@pppoe:/etc/ppp# nano pppoe-up
root@pppoe:/etc/ppp# chmod 755 pppoe-up


#!/bin/bash
# ----------------------------------------------------

# Starts the PPPoE server and turns on NAT

# ----------------------------------------------------

# MAX is the maximum number of addresses your server

# is allowed to hand out.
PROV=pppoe
MAX=5

# BASE is the lowest IP address your server is allowed

# to hand out.

#BASE=192.168.1.238
#PLA=192.168.1.0/24

BASE=10.10.220.2
PLA=10.10.220.0/8

# NAT is the set of addresses which your server will

# NAT behind it. Other addresses behind your server

# WILL NOT be NATed.

#NAT=10.10.220.0/8

# MYIP is the public IP address of this server.

MYIP=10.10.220.1

##########################################

# Here is where the script actually starts executing.
##########################################

# Disable IP spoofing on the external interface.

#/sbin/iptables -A INPUT -i eth0 -s $NAT -j DROP

# Enable NAT for the private addresses we hand out.

#/sbin/iptables -t nat -A POSTROUTING -s $NAT -j $NAT --to-source $MYIP

# Launch the server.

/usr/sbin/pppoe-server pty -T 60 -I eth1 -L $MYIP -N $MAX -C $PROV -S $PROV -R $PLA

#echo "1" > "/proc/sys/net/ipv4/ip_forward"


Client side
Install pppoeconf, which may be already installed.
apt-get install pppoeconf

Run the Server

Execute the pppoe-up script in server.
root@pppoe:/etc/ppp# ./pppoe-up

Connection of client
Run pppoeconf in client's console,
client# pppoeconf

It will search for pppoe server on ethernet server. Once it found on, in this case in eth0 it will prompt for user name: test and passwd: test

Testing and Troubleshooting
Open the /var/log/syslog in server and monitor,
da:72:54 (10.10.220.1) on eth1 using Service-Name ''

Oct 19 12:58:11 pppoe pppd[6248]: pppd 2.4.4 started by root, uid 0

Oct 19 12:58:11 pppoe pppd[6248]: Using interface ppp0

Oct 19 12:58:11 pppoe pppd[6248]: Connect: ppp0 <--> /dev/pts/2

Oct 19 12:58:17 pppoe pppd[6248]: PAP peer authentication failed for test

Oct 19 12:58:17 pppoe pppd[6248]: Connection terminated.

Oct 19 12:58:17 pppoe pppoe[6250]: read (asyncReadFromPPP): Session 2: Input/output error

Oct 19 12:58:17 pppoe pppd[6248]: Exit.

Oct 19 12:58:17 pppoe pppoe-server[5908]: Session 2 closed for client 00:1e:37:da:72:54 (10.10.220.1) on eth1

Oct 19 12:58:17 pppoe pppoe-server[5908]: Sent PADT
There are some problems which need to fix
After fixing the issue, reconnect the client and monitor the log on server.
client# pppoeconf
Oct 19 13:19:18 pppoe pppd[8724]: pppd 2.4.4 started by root, uid 0
Oct 19 13:19:18 pppoe pppd[8724]: Using interface ppp0
Oct 19 13:19:18 pppoe pppd[8724]: Connect: ppp0 <--> /dev/pts/2
Oct 19 13:19:21 pppoe pppd[8724]: Cannot determine ethernet address for proxy ARP
Oct 19 13:19:21 pppoe pppd[8724]: local IP address 10.10.220.1
Oct 19 13:19:21 pppoe pppd[8724]: remote IP address 10.10.220.2



It setted up ultimatley, I spent some time, checking the script carefully, running and testing several times before it was fixed.

Final testing, Both client and server will get the ip and they are able to ping each other.
Server side
root@pppoe:/etc/ppp# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:25:ed:fd:e2
inet addr:192.168.1.249 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::211:25ff:feed:fde2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8943 errors:0 dropped:0 overruns:0 frame:0
TX packets:3137 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4222424 (4.0 MB) TX bytes:833756 (814.2 KB)
Base address:0x4000 Memory:d0080000-d00a0000

eth1 Link encap:Ethernet HWaddr 00:08:a1:be:1d:65
inet6 addr: fe80::208:a1ff:febe:1d65/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:648 errors:0 dropped:0 overruns:0 frame:0
TX packets:776 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:39320 (38.3 KB) TX bytes:50994 (49.7 KB)
Interrupt:21 Base address:0x6000
eth1:avahi Link encap:Ethernet HWaddr 00:08:a1:be:1d:65
inet addr:169.254.5.242 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:21 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2215 errors:0 dropped:0 overruns:0 frame:0
TX packets:2215 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:113003 (110.3 KB) TX bytes:113003 (110.3 KB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.10.220.1 P-t-P:10.10.220.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:724 (724.0 B) TX bytes:382 (382.0 B)


Ping from srver to client
root@pppoe:/etc/ppp# ping 10.10.220.2
PING 10.10.220.2 (10.10.220.2) 56(84) bytes of data.
64 bytes from 10.10.220.2: icmp_seq=1 ttl=64 time=0.599 ms
64 bytes from 10.10.220.2: icmp_seq=2 ttl=64 time=0.718 ms
64 bytes from 10.10.220.2: icmp_seq=3 ttl=64 time=1.09 ms



Documentation:
http://roaringpenguin.com/products/pppoe
http://neworder.box.sk/newsread.php?newsid=18797
http://www.freeantennas.com/PPPoE-Server-HOWTO.html

14 comments:

Anonymous said...

Not work article. result /var/log/pppd.log like this :

Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
pppoe: Timeout waiting for PADO packets

Imran Asghar said...

I did it some time ago and spend 2-3 days, got the same error but fixed. I shall review it again....Sorry it did not work on your side.

Imran Asghar said...

I do clean install and setup up on ubuntu 8.04 Desktop. I also edit the post. It should work now.

Ts8060 said...

Can i see your /etc/ppp/options file.
Is that usefull???

Other configurations are same like u.
But when i connect from client i have error code 734. PLS Help Me.

Imran Asghar said...

Check the pppoe-up script,
you can also check ppp-server-option file. After restart, run the script and watch the log file. I did not do any thing with options file,it is default.
I can send you on your email, if you still like.

Ts8060 said...

Hi.
When I connect to PPPOE server got error 734 : PPP link was teminated.
Here is log file :
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
Peer test failed CHAP Session verification
Connection terminated.
pppoe: read (asyncReadFromPPP): Session 3: Input/output error
Child process /usr/sbin/pppoe -n -I eth1 -e 3:00:19:db:3b:27:bb -T 60 -S 'pppoe' (pid 18698) terminated with signal 15

I am using ubuntu 9.04 SE.
Should I do any configuration on ubuntu network or firewall etc ...

Thank you

Anonymous said...

How did you fix the "PAP peer authentication failed" problem? I had the same problem and couldn't proceed. Please help! Thanks!

Imran Asghar said...

You can enable the chap authentication, instead and try with it.
here is /etc/ppp/pppoe-server-options file

# PPP options for the PPPoE server
# LIC: GPL
#require-pap
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2


Restart pppoe server using pppoe-up script.
Log file /var/log/syslog will help you to trouble shoot.

Imran Asghar said...

Here is /etc/ppp/chap-secrets file

# Secrets for authentication using CHAP
# client server secret IP addresses

"test" * "test" *
"test1" * "test" *
"test2" * "test" 10.10.220.3
"test3" * "test" 10.10.220.4

Rahul Panwar said...

Hi,
Thanks for a nice & very clear explanation.

I found a problem in this. If we use the pap/chap user (other than Linux users), it fails to authenticate.
To solve this problem, we need to comment the "login" in /etc/ppp/pppoe-server-options

# PPP options for the PPPoE server
# LIC: GPL
#require-pap
require-chap
#login
lcp-echo-interval 10
lcp-echo-failure 2

It may be helpful for others.

Thanks,
Rahul Panwar

Imran Asghar said...

Thanks for correction Rahul, in my test setup I was using only linux systems.

Anonymous said...

Rahul panwar u rock man #login fixed all my issues

Unknown said...

Does anyone have any PPPoE server examples that DO NOT use NAT?

I did it 8 years ago, I just don't remember how I did it.

Anonymous said...

Hello folks,

I am trying to connect my ubuntu 14.04 to one of the DSL provider. I am facing PAP / CHAP authentication problem. On the hand, connection is working fine on my old xp. It uses wan miniport. I think pppoeconf is analogous to wan miniport for ubuntu but I was wrong.

There is something that I am missing but don't know what it is. Since I am unable to access my server at ISP end, I am at middle of the way point.

Direct me about this issue.
My ISP is hathway.