Configure pppoe server in Centos

Configure pppoe server in Centos

First, the hardware platform must provide two NICs, one for static addresses for NAT, and the other for responding to pppoe user access. The following describes how to configure and install the pppoe server.

1. Check and configure ppp Software

# Rpm-qa | grepppp

If not, run the following command:

# Yuminstallppgp-pppoe

Automatic Installation through the network.

2. Configure the server Nic

The two NICs configured on the server are used to set static IP addresses as NAT (eth1), and one is used to respond to pppoe user access (eth0 ).

You need to modify the following configuration script (centOS with a desktop can set IP addresses on the desktop, which is more convenient ).

# Cd/etc/sysconfig/network-scripts

# Viifcfg-eth1

# AdvancedMicroDevices [AMD] 79c970 [PCnet32LANCE]
DEVICE = lan

IPADDR = 192.168.0.10

NETMASK = 255.255.255.0

GATEWAY = 192.168.0.1

DNS1 = 211.98.2.4

DNS2 = 8.8.8.8

HWADDR = xx: xx

ONBOOT = yes

BOOTPROTO = static

USERCTL = no

IPV6INIT = yes

NM_CONTROLLED = yes

TYPE = Ethernet

# Viifcfg-eth0

TYPE = "Ethernet"

HWADDR = xx: xx

BOOTPROTO = dhcp

DEVICE = wan

ONBOOT = yes

3. Configure the pppoe Server

Modify the option configuration, add the following content, and delete other items.

# Vi/etc/ppp/options

Local
Crtscts
Nobsdcomp
Nodeflate
Nopcomp

Configure pppoe-server-options

# Vi/etc/ppp/pppoe-server-optionsauth

Require-pap

Require-chap

Login

Lcp-echo-interval10

Lcp-echo-failure2

Logfile/var/log/pppoe. log

Ms-dns211.98.2.4

Ms-dns8.8.8.8

Defaultroute

Create user and password

Vi/etc/ppp/chap-secrets

# Vichap-secrets

# SecretsforauthenticationusingCHAP

# ClientserversecretIPaddresses
Pppoe *

The account and password configured here are both pppoe

Start the pppoe server below

#/Usr/sbin/pppoe-server-Ieth4-L172.16.0.10-R172.16.0.20-N100
I: Specify the port for responding to the PPPOE request. In this example, it is on the eth0 port.
L: IP address of the PPPOE server.
R: The start address of the address pool allocated to the client.

N: number of IP addresses assigned to the client
Add this command to startup.
# Vi/etc/rc. local
/Usr/sbin/pppoe-server-Ieth4-L172.16.0.10-R172.16.0.20-N100

Now the dial-up is successfully tested on the customer's machine.

4. Client Internet

After successful dialing, the customer cannot go to the Internet because no data packet forwarding is performed on the server. Therefore, you need to configure iptables for data forwarding.

Add firewall rules for nat Translation

# Iptables-APOSTROUTING-tnat-s172.16.0.0/24-jMASQUERADE

# Iptables-AFORWARD-ptcp -- syn-s172.16.0.0/24-jTCPMSS -- set-mss1256

# Sysctl-wnet.ipv4.ip_forward = 1

# Echo1>/proc/sys/net/ipv4/ip_forward

# Serviceiptablessave

Article 1: Add nat to convert ip addresses from the 172.16.0.0/24 CIDR Block

Day 2: Modify mtu according to your needs (negligible)

Article 3: Modify the forwarding file (which can be ignored)

Article 4: Enable forwarding

Article 5: Save iptables configuration

Of course, after the above configuration, some users still cannot access the Internet. It may be that centos does not install the firewall startup function by default, so the above problems need to be enabled:

#/Etc/init. d/iptablesstart

The following describes how pppoe works.

PPPoE verification process

The PPPoE verification process consists of two phases: Discovery and PPPSession.

The Discovery stage contains four steps:

Step 1: PADI

The PPPoE client sends an initial packet (PPPoEActiveDiscoveryInitiation, PADI). The destination address in the Ethernet header is the etherebroadcasting address FF: FF, the CODE in the PPPOE header is 0x09, And the SESSION_ID value must be 0. The load part must contain only one Service-Name TAG to indicate the requested Service type. In addition, it can contain other tags, the entire PPPOE package cannot exceed 1484 bytes;

Step 2: PADO

The PPPoE process on the server sends an active discovery proposal package (PPPoEActiveDiscoveryOffer, PADO) to respond to the PADI package of the client after listening to the PADI package on the network interface, the destination address in the Ethernet header is the MAC address of the client. The CODE in the PPPOE header is 0x07, the SESSION_ID value must be 0, and the load part must contain an AC-Name TAG, indicates the Name of the AC. A Service-Name TAG specified in the PADI package can also contain tags of other Service-names. If the AC does not provide services to the client, the AC will not respond to the PADO package.

Step 3: PADR

After receiving the PADO package, the PPPoE client selects one (there may be multiple PPPoE servers, usually the fastest one) in the PADO package to send an active Discovery request packet (PPPoEActiveDiscoveryRequest, PADR ), the destination address in the Ethernet header is the source ethernet address of the selected PADO package (that is, the MAC address of the PPPoE server). The CODE in the PPPOE header is 0x19, and the SESSION_ID value must be 0, the load part must contain only one Service-Name TAG to indicate the requested Service type. It can also contain other tags.
Step 4: PADS

After the PPPoE server that matches the MAC address receives the PADR package, it sends an active discovery session Validation Package (PPPoEActiveDiscoverySession-confirmation, PADS). A SEESSION_ID value is generated to mark this PPP session, it is sent to the client as a PADR package. The destination address in the Ethernet header is the MAC address of the client. The CODE in the PPPOE header is 0x65, and the SESSION_ID value must be the generated SESSION_ID, the load part must contain only one Service-Name TAG, indicating that the Service type is accepted by the PPPoE server. In addition, it can contain other tags. If the PPPoE server does not accept

Server-Name and PADS contain a Service-Name-Error TAG, and SESSION_ID is set to 0.

PPPSession stage:

When the client and the server are far behind the discovery phase, they enter the session phase. In the PPP session phase, the PPP package is encapsulated in the PPPOE Ethernet frame, and the destination address of the Ethernet packet is single, the Ethernet protocol is 0x8864, The PPPOE header CODE must be 0, the SESSION_ID must always be the SEESION_ID value negotiated during the discovery phase, and the PPPOE load is the entire PPP package, the PPP packet is preceded by a two-byte PPP protocol ID.

In the Session phase, either the host or server can send a PADT (PPPoEActiveDiscoveryTerminate) message to notify the other party to terminate the Session.

PPPoE authentication occurs in the Session (PPPSession) phase. The rp-pppoe package is responsible for Discovery and session termination PADT, And the ppp package is responsible for data transmission during the session phase.