Summary of building PPPoE Server in Linux, linuxpppoe

Summary of building PPPoE Server in Linux, linuxpppoe

Note: This record applies to Debian Linux operating systems. It is successfully verified in Ubuntu 14.10 and Linux Mint 17.

During the building of PPPoE Server in the integrated course design, I and my team members encountered various problems. This is a summary for future use.

Install and configure the PPPoE Program During setup

The PPPoE program should be included in the Debian operating system. Availablepppoe-server -hCommand to view the version. Availablesudo apt-cache search pppoeFind related software.

The configuration file is stored in/etc/pppFolder. Set firstoptionsFile:

Next, Setchap-secretsFile:

Enter the server name and password IP address respectively according to the file comment. For example, insert a line at the end:

testing * password *

The username is testing, the server name is arbitrary, the password is password, and the IP address is any IP address.

Editpppoe-server-optionsFile (If no, create a new1)
Add the following to pppoe-server-options:

authrequire-chaplogfile /var/log/pppd.log

The configuration is complete.

Set the system ip policy to enable ip forwarding.

Use the Super User identity. Note that the Super User identity must be used, and sudo does not have this permission. Run the following command:

cat 1 > /proc/sys/net/ipv4/ip_forward

If you execute this command only, the IP forwarding function is temporarily enabled. It is automatically disabled after restart. If you want to open it all the time, edit it./etc/sysctl.confFile, cancelnet.ipv4.ip_forward=1And then executesudo sysctl -pYou can enable the IP forwarding function permanently.

Set iptables IP policy

Run the following command as a Super User:

iptables -A POSTROUTING -t nat -s 10.10.10.0/24 -j MASQUERADE

Note: The network address next to the-s parameter is the network address set for pppoe-server to be enabled later. You can set this address as needed, as long as the iptables and pppoe-server match.

Run PPPoE Server

Input:

sudo pppoe-server -I wlan0 -L 10.10.10.1 -R 10.10.10.100 -N 100

Note:

If everything goes smoothly, establish a dial-up connection on Windows. The username and password are testing and password respectively. You should be able to connect to the PPPoE Server in linux and access the Internet normally.

PPPoE Protocol process analysis process diagram

The PPPoE protocol mainly involves the following processes:

Created with Rapha rjl 2.1.2 Customer Customer Server Server PADI PADO PADR PADS Explanation problem analysis error during connection Windows dial-up connection error 651

The possible cause is that the server is not properly opened. You can see from WireShark packet capture that Windows reports an error after four PADI messages are sent without PADO replies.

Therefore, it may be inpppoe-serverThe correct Nic is not specified when it is enabled. It may also be because the VM is not configured with the Internet connection mode. If the bridge mode is not used but the NAT mode is used, this problem may also occur.

At the same time, if nopppoe-server-optionsFile or the file does not haveauthAndrequire-chapThis problem also occurs when the options are set.

At the same time, this problem may also be caused by a Server specified in the property during Windows dial-up connection, which is different from the PPPoE Server Name Enabled in linux.

In pppoe-server, the-S parameter is used to specify the server name.

Windows dial-up connection error 734

Error message:

PPP Connection Control Protocol termination

This may be becausepppoe-server-optionsFile addedlogin. If this option is set, the login user name must be the same as the user name in linux; otherwise, this error occurs.

Windows dial-up connection error 628

Error message:

The connection is terminated by the remote computer before the connection is complete.

Through WireShark packet capture analysis, we can see that a PADT packet is received immediately after the four phases of the principle analysis are completed. The content of the PADT message is described as follows:

Generic-Error: RP-PPPOE: child pppd process terminated

This description is very misleading. Someone on the Internet even said that pppoe needs to be compiled into the kernel so that the-k parameter of the pppoe-server command can be used. Later, I found that it was a configuration problem, and there was a configuration error. Generally, there was a configuration that could not be identified by the program. This error is very troublesome. You should use the configured logfile and comment out some uncertain commands to troubleshoot the error.

Unrecognized user name and password

It is likely that the user name and password are incorrect, or the setting is incorrect. Note: When setting the user name and passwordAsteriskIt cannot be omitted.

Internet Access Error

This type of error occurs when a dial-up connection is successful in Windows but the Internet access fails. Mainly used in linuxtcpdumpOrwiresharkProgram for troubleshooting.

Run the following command:

tcpdump -i wlan0 host 10.10.10.1002
We can see that only the packets sent from the host 10.10.10.100 are not sent to the 10.10.100.

The cause of this error may be that the IP forwarding function is not enabled. Therefore, when a packet is sent to a linux host, the linux host does not forward the packet to the Windows host, but directly discards the packet because the destination address is not its own.

At the same time, it may be that no settings are set.iptablesPOSTROUTING.

Network Topology Problems

Generally, a linux operating system is installed on a virtual machine and PPPoE Server is set up. Then perform a connection test on the host machine. There are the following problems:

This is the current problem. You can add it later. The most important thing is to understand the principles of each step and protocol so that you can quickly troubleshoot the cause of the error.