Tag: Build a PPPoE server on Linux (CentOS)
Build PPPoE, success, I think the TM super simple, in CentOS is about 5 steps can be done
1, install PPPoE, after the installation is complete, there will be pppoe-server command
Yum Install Rp-pppoe
2, after the installation is completed, will be in the/ETC/PPP directory generated pppoe-server-options files, the contents of the file as follows, according to change can be
# PPP options for the PPPoE server# lic:gplrequire-paprequire-chaploginlcp-echo-interval 10lcp-echo-failure 2logfile/va R/log/pppoe.log
3, add the user name password, modify the/etc/chap-secrets file, add the following line
PPPoE * "123456" *
Very popular, user name: PPPoE, password is: 123456
4, add firewall rules, do NAT conversion
Iptables-a postrouting-t nat-s 10.10.10.0/24-j masqueradeiptables-a forward-p TCP--syn-s 10.10.10.0/24-j TCPMSS- -SET-MSS 1256echo 1 >/proc/sys/net/ipv4/ip_forwardsysctl-w net.ipv4.ip_forward=1
The first is to add NAT to convert the IP from the 10.10.10.0/24 network segment
The next day is to modify the MTU, according to their own needs changed
Third Turn on forwarding
Fourth is to modify the forwarding file
5. Start PPPoE
Pppoe-server-i eth0-l 10.10.10.1-r 10.10.10.100-200
The function of this command is:-I eth0 detect PPPoE Discover packet on Eth0 port
-L 10.10.10.1 Virtual Gateway means that the PPPoE server-side virtual gateway IP
-R 10.10.10.100-200 Assigning virtual IPs, 10.10.10.100 to 10.10.10.200, respectively
There are some other parameters you can refer to, direct man pppoe-server himself, each parameter has a default value
Successfully completed the above steps, completed the setup of the PPPoE server side, the following is the Windows authentication
My is Windows XP system, win7 or router should be all fine
However, to change the authentication method, in the "Properties"-"security"-"advanced-Settings"-"The Data Encryption" to "optional encryption", and then check the CHAP or PAP authentication can be
Enter the user name password, you can not accidentally connect successfully
But only the local area network, the significance is not big.
By the way, the principle of PPPoE is established.
The verification process for PPPoE
The verification process for PPPoE consists of 2 phases, Discovery phase and PPP session stage.
The Discovery phase, which consists of 4 steps:
The PPPoE client sends the active Discovery initial package (PPPoE active Discovery Initiation,padi), the destination address in the Ethernet header is the CODE for 0x09 in the Ethernet address Ff:ff:ff:ff:ff:ff,pppoe header, The session_id value must be 0, and the payload portion must contain only one service-name type of tag representing the requested service type, and can contain other tags, and the entire PPPOE packet cannot exceed 1484 bytes;
Server-side PPPoE process after hearing the PADI packet on the network interface, send unsolicited discovery proposal Package (Pppoeactive Discovery offer, Pado), to respond to the client's PADI package, the destination address in the Ethernet header is the client's MAC address, the PPPoE header CODE is 0x07, the session_id value must be 0, the payload portion must contain a ac-name type of tag that indicates the name of the AC, a tag for the service-name specified in the PADI package, and other Service -name's TAG. If AC does not serve the client, AC does not respond to the Pado packet.
After the PPPoE client receives the Pado packet, select one in the Pado package (there may be more than one PPPoE server, usually pick the fastest one) to send the active Discovery request package (pppoeactive Discovery request,padr). The destination address in the Ethernet header is the source Ethernet header address of the selected Pado packet (that is, the MAC address of the PPPoE server), the CODE in the PPPoE header must be a value of 0, and the payload portion must contain only one service-name type of TAG Represents the requested service type and can also contain additional tags.
After the MAC address matches the PPPoE server receives the PADR packet, sends the active Discovery Session Confirmation package (PPPoE active Discovery session-confirmation, PADS), which will produce a seession_id value used to flag this PPP Session, sent to the client in Padr package mode. The destination address in the Ethernet header is the client's MAC address, and the CODE in the PPPOE header must be the 0x65,session_id value of the generated session_id, and the payload portion must contain only one service-name type of TAG, indicating that the service type is PP The PoE server is accepted, and additional tags can be included. If the PPPoE server does not accept the PADR in the
The server-name,pads contains a TAG of type Service-name-error, when session_id is set to 0.
PPP Session Phase:
When the client and the server end up into the discovery phase, that is, into the session phase, in the PPP session phase, the PPP packet is encapsulated in the PPPOE Ethernet frame, the Ethernet packet destination address is single, the Ethernet protocol for the 0X8864,PPPOE header code must be 0,session_ The ID must always be negotiated for the discovery phase of the seesion_id value, and the payload of the PPPoE is the entire PPP package, which is a two-byte PPP protocol ID value before the PPP packet.
At the session stage, either the host or the server can send Padt (PPPoE Active Discovery Terminate) messages to notify the other party to end the session.
The authentication of PPPoE occurs during the session (PPP session) phase. The RP-PPPOE packet is responsible for the discovery and session termination PADT,PPP packet is responsible for the session phase of data transfer.
This article from "Nicol Lock Silk Sorrow" blog, please make sure to keep this source http://smoke520.blog.51cto.com/9256117/1895400
Setting up a PPPoE server on Linux (CentOS)