Setting up a PPPoE server on Linux CentOS 7 Rumi, July 8, 2023 Method-1 Build PPPoE, success, I think the TM super simple, in CentOS is about 5 steps can be done 1, install PPPoE, after the installation is complete, there will be pppoe-server command Yum Install Rp-pppoe 2, after the installation is completed, will be in the/ETC/PPP directory generated pppoe-server-options files, the contents of the file as follows, according to change can be # PPP options for the PPPoE server # LIC: GPL require-pap require-chap login lcp-echo-interval 10 lcp-echo-failure 2 logfile /var/log/pppoe.log 3, add the user name password, modify the/etc/chap-secrets file, add the following line PPPoE * "123456" * Very popular, user name: PPPoE, password is: 123456 4, add firewall rules, do NAT conversion iptables -A POSTROUTING -t nat -s 10.10.10.0/24 -j MASQUERADE iptables -A FORWARD -p tcp --syn -s 10.10.10.0/24 -j TCPMSS --set-mss 1256 echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -w net.ipv4.ip_forward=1 The first is to add NAT to convert the IP from the 10.10.10.0/24 network segment. The next day is to modify the MTU, according to their own needs changed. Third Turn on forwarding. Fourth is to modify the forwarding file 5. Start PPPoE Pppoe-server-i eth0-l 10.10.10.1-r 10.10.10.100-200 The function of this command is:-I eth0 detect PPPoE Discover packet on Eth0 port -L 10.10.10.1 Virtual Gateway means that the PPPoE server-side virtual gateway IP -R 10.10.10.100-200 Assigning virtual IPs, 10.10.10.100 to 10.10.10.200, respectively There are some other parameters you can refer to, direct man pppoe-server himself, each parameter has a default value. Successfully completed the above steps, completed the setup of the PPPoE server side, the following is the Windows authentication My is Windows XP system, win7 or router should be all fine. However, to change the authentication method, in the “Properties”-“security”-“advanced-Settings”-“The Data Encryption” to “optional encryption”, and then check the CHAP or PAP authentication can be Enter the user name password, you can not accidentally connect successfully. But only the local area network, the significance is not big. By the way, the principle of PPPoE is established. The verification process for PPPoE The verification process for PPPoE consists of 2 phases, Discovery phase and PPP session stage. The Discovery phase, which consists of 4 steps: Step 1:padi The PPPoE client sends the active Discovery initial package (PPPoE active Discovery Initiation,padi), the destination address in the Ethernet header is the CODE for 0x09 in the Ethernet address Ff:ff:ff:ff:ff:ff,pppoe header, The session_id value must be 0, and the payload portion must contain only one service-name type of tag representing the requested service type, and can contain other tags, and the entire PPPOE packet cannot exceed 1484 bytes; Step 2:pado Server-side PPPoE process after hearing the PADI packet on the network interface, send unsolicited discovery proposal Package (Pppoeactive Discovery offer, Pado), to respond to the client’s PADI package, the destination address in the Ethernet header is the client’s MAC address, the PPPoE header CODE is 0x07, the session_id value must be 0, the payload portion must contain a ac-name type of tag that indicates the name of the AC, a tag for the service-name specified in the PADI package, and other Service -name’s TAG. If AC does not serve the client, AC does not respond to the Pado packet. Step 3:padr After the PPPoE client receives the Pado packet, select one in the Pado package (there may be more than one PPPoE server, usually pick the fastest one) to send the active Discovery request package (pppoeactive Discovery request,padr). The destination address in the Ethernet header is the source Ethernet header address of the selected Pado packet (that is, the MAC address of the PPPoE server), the CODE in the PPPoE header must be a value of 0, and the payload portion must contain only one service-name type of TAG Represents the requested service type and can also contain additional tags. Step 4:pads After the MAC address matches the PPPoE server receives the PADR packet, sends the active Discovery Session Confirmation package (PPPoE active Discovery session-confirmation, PADS), which will produce a seession_id value used to flag this PPP Session, sent to the client in Padr package mode. The destination address in the Ethernet header is the client’s MAC address, and the CODE in the PPPOE header must be the 0x65,session_id value of the generated session_id, and the payload portion must contain only one service-name type of TAG, indicating that the service type is PP The PoE server is accepted, and additional tags can be included. If the PPPoE server does not accept the PADR in the The server-name,pads contains a TAG of type Service-name-error, when session_id is set to 0. PPP Session Phase: When the client and the server end up into the discovery phase, that is, into the session phase, in the PPP session phase, the PPP packet is encapsulated in the PPPOE Ethernet frame, the Ethernet packet destination address is single, the Ethernet protocol for the 0X8864,PPPOE header code must be 0,session_ The ID must always be negotiated for the discovery phase of the seesion_id value, and the payload of the PPPoE is the entire PPP package, which is a two-byte PPP protocol ID value before the PPP packet. At the session stage, either the host or the server can send Padt (PPPoE Active Discovery Terminate) messages to notify the other party to end the session. The authentication of PPPoE occurs during the session (PPP session) phase. The RP-PPPOE packet is responsible for the discovery and session termination PADT,PPP packet is responsible for the session phase of data transfer. Method-2 On the Linux box that splits the internet connection I have 2 network cards (eth0 – WAN, eth1 – LAN). You will need ppp and rp-pppoe server from Roaring Penguin. 1. Make sure you have an active internet connection. If not, set it up by using your favorite text editor (I use vim): vim /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet static address 89.xxx.yyy.zzz #Your public IP address netmask 255.255.255.240 #Your subnet mask gateway 89.xxx.xxx.xxx #Your gateway iface eth1 inet static address 192.168.1.254 netmask 255.255.255.0 Set up one or more nameservers (I use the free ones provided by Google): echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf Ping some website to make sure your internet connection is working: cristian@desktop:~$ ping google.com PING google.com (209.85.229.147) 56(84) bytes of data. 64 bytes from ww-in-f147.1e100.net (209.85.229.147): icmp_req=1 ttl=52 time=83.0 ms 2. Install ppp daemon: sudo apt-get install ppp 3. Now get rp-pppoe from here. wget http://www.roaringpenguin.com/files/download/rp-pppoe-3.10.tar.gz And extract it tar -zxvf rp-pppoe-3.10.tar.gz Now compile it cd rp-pppoe-3.10/src/ ./configure make && make install 4. Now, we shall edit the PPPoE server options: vim /etc/ppp/pppoe-server-options require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 8.8.8.8 ms-dns 8.8.4.4 netmask 255.255.255.0 defaultroute noipdefault usepeerdns 5. Add usernames and passwords: vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses #USERNAME SERVER PASSWORD CLIENT IP ADDRESS "cristanhuza" * "My_s3cret_pa$$w0rd" 192.168.1.1 "friend1" * "My_friend's_s3cret_pa$sW0rd" 192.168.1.2 6. Set up the IP addresses pool: echo "192.168.1.1-20" > /etc/ppp/allip This will assign the future clients one IP address from the 192.168.1.1 until 192.168.1.20 range. 7. Start the PPPoE server: pppoe-server -C isp -L 192.168.1.254 -p /etc/ppp/allip -I eth1 8. Enable packet forwarding between network interfaces: echo 1 > /proc/sys/net/ipv4/ip_forward 9. Set up NAT in order to provide internet access to the LAN computers: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE Congratulations! You have just set up a PPPoE server and you can be worry free now that nobody else will be able to use your internet connection without permission. Src: https://topic.alibabacloud.com/a/setting-up-a-pppoe-server-on-linux-centos_1_18_30164819.html https://www.howtodoityourself.org/pppoe-server-how-to-do-it-yourself.html Administrations Collected Articles Configurations (Linux) CentOS7PPOE