Setting up a PPPoE server on Linux (CentOS)

Source: Internet
Author: User

Tag: Build a PPPoE server on Linux (CentOS)

Build PPPoE, success, I think the TM super simple, in CentOS is about 5 steps can be done

1, install PPPoE, after the installation is complete, there will be pppoe-server command

Yum Install Rp-pppoe


2, after the installation is completed, will be in the/ETC/PPP directory generated pppoe-server-options files, the contents of the file as follows, according to change can be

Wrote

# PPP options for the PPPoE server# lic:gplrequire-paprequire-chaploginlcp-echo-interval 10lcp-echo-failure 2logfile/va R/log/pppoe.log

3, add the user name password, modify the/etc/chap-secrets file, add the following line

Wrote

PPPoE * "123456" *

Very popular, user name: PPPoE, password is: 123456

4, add firewall rules, do NAT conversion

Wrote

Iptables-a postrouting-t nat-s 10.10.10.0/24-j masqueradeiptables-a forward-p TCP--syn-s 10.10.10.0/24-j TCPMSS- -SET-MSS 1256echo 1 >/proc/sys/net/ipv4/ip_forwardsysctl-w net.ipv4.ip_forward=1

The first is to add NAT to convert the IP from the 10.10.10.0/24 network segment

The next day is to modify the MTU, according to their own needs changed

Third Turn on forwarding

Fourth is to modify the forwarding file

5. Start PPPoE

Wrote

Pppoe-server-i eth0-l 10.10.10.1-r 10.10.10.100-200

The function of this command is:-I eth0 detect PPPoE Discover packet on Eth0 port

-L 10.10.10.1 Virtual Gateway means that the PPPoE server-side virtual gateway IP

-R 10.10.10.100-200 Assigning virtual IPs, 10.10.10.100 to 10.10.10.200, respectively

There are some other parameters you can refer to, direct man pppoe-server himself, each parameter has a default value

Successfully completed the above steps, completed the setup of the PPPoE server side, the following is the Windows authentication

My is Windows XP system, win7 or router should be all fine

However, to change the authentication method, in the "Properties"-"security"-"advanced-Settings"-"The Data Encryption" to "optional encryption", and then check the CHAP or PAP authentication can be

Enter the user name password, you can not accidentally connect successfully

But only the local area network, the significance is not big.

By the way, the principle of PPPoE is established.

Wrote

The verification process for PPPoE

The verification process for PPPoE consists of 2 phases, Discovery phase and PPP session stage.

The Discovery phase, which consists of 4 steps:

Step 1:padi

The PPPoE client sends the active Discovery initial package (PPPoE active Discovery Initiation,padi), the destination address in the Ethernet header is the CODE for 0x09 in the Ethernet address Ff:ff:ff:ff:ff:ff,pppoe header, The session_id value must be 0, and the payload portion must contain only one service-name type of tag representing the requested service type, and can contain other tags, and the entire PPPOE packet cannot exceed 1484 bytes;

Step 2:pado

Server-side PPPoE process after hearing the PADI packet on the network interface, send unsolicited discovery proposal Package (Pppoeactive Discovery offer, Pado), to respond to the client's PADI package, the destination address in the Ethernet header is the client's MAC address, the PPPoE header CODE is 0x07, the session_id value must be 0, the payload portion must contain a ac-name type of tag that indicates the name of the AC, a tag for the service-name specified in the PADI package, and other Service -name's TAG. If AC does not serve the client, AC does not respond to the Pado packet.

Step 3:padr

After the PPPoE client receives the Pado packet, select one in the Pado package (there may be more than one PPPoE server, usually pick the fastest one) to send the active Discovery request package (pppoeactive Discovery request,padr). The destination address in the Ethernet header is the source Ethernet header address of the selected Pado packet (that is, the MAC address of the PPPoE server), the CODE in the PPPoE header must be a value of 0, and the payload portion must contain only one service-name type of TAG Represents the requested service type and can also contain additional tags.

Step 4:pads

After the MAC address matches the PPPoE server receives the PADR packet, sends the active Discovery Session Confirmation package (PPPoE active Discovery session-confirmation, PADS), which will produce a seession_id value used to flag this PPP Session, sent to the client in Padr package mode. The destination address in the Ethernet header is the client's MAC address, and the CODE in the PPPOE header must be the 0x65,session_id value of the generated session_id, and the payload portion must contain only one service-name type of TAG, indicating that the service type is PP The PoE server is accepted, and additional tags can be included. If the PPPoE server does not accept the PADR in the


The server-name,pads contains a TAG of type Service-name-error, when session_id is set to 0.



PPP Session Phase:

When the client and the server end up into the discovery phase, that is, into the session phase, in the PPP session phase, the PPP packet is encapsulated in the PPPOE Ethernet frame, the Ethernet packet destination address is single, the Ethernet protocol for the 0X8864,PPPOE header code must be 0,session_ The ID must always be negotiated for the discovery phase of the seesion_id value, and the payload of the PPPoE is the entire PPP package, which is a two-byte PPP protocol ID value before the PPP packet.

At the session stage, either the host or the server can send Padt (PPPoE Active Discovery Terminate) messages to notify the other party to end the session.



The authentication of PPPoE occurs during the session (PPP session) phase. The RP-PPPOE packet is responsible for the discovery and session termination PADT,PPP packet is responsible for the session phase of data transfer.


This article from "Nicol Lock Silk Sorrow" blog, please make sure to keep this source http://smoke520.blog.51cto.com/9256117/1895400

Setting up a PPPoE server on Linux (CentOS)

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.