PPPoE

Internet connectivity is provided by eircom broadband using PPPoE. Create a file in /etc/ppp/peers with the PPPoE details.

root@voyage:/etc/ppp/peers# ls
MPN-UK eircom
root@voyage:/etc/ppp/peers# cat eircom
user eircom@eircom.net
pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
noipdefault
usepeerdns
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
persist
mtu 1492
noaccomp
default-asyncmap
plugin rp-pppoe.so eth0
user "eircom"
ipparam eircom

Username and password are stored in a separate file /etc/ppp/chap-secrets

root@voyage:/etc/ppp# cat /etc/ppp/chap-secrets

"eircom@eircom.net" * "broadband1"
To manually start the eircom PPPoE tunnel
root@voyage:~# pon eircom

To shut down the tunnel

root@voyage:~# poff eircom

All scripts in /etc/ppp/ip-up.d are run whenever a tunnel comes up.

root@voyage:/etc/ppp# ls
chap-secrets ip-up ipv6-down.d options peers
ip-down ip-up.d ipv6-up options.pptp resolv.conf
ip-down.d ipv6-down ipv6-up.d pap-secrets

Create a new startup script for the PPPoE service to set up the firewall rules and change the default route.

root@voyage:/etc/ppp/ip-up.d# ls
0000usepeerdns 000resolvconf eircom MPN-UK 0clampmss

This script configures the iptables firewall and changes the default route to use the PPPoE tunnel. All scripts in this directory are run every time a tunnel comes up so an if statement checks that this script is relevant by matching the IPPARAM value passed by the PPP script.

root@voyage:/etc/ppp/ip-up.d# cat eircom
if [ "${PPP_IPPARAM}" = "eircom" ]; then
# add default route to ppp interface
/sbin/route del default
/sbin/route add default dev ${IFNAME}
# NAT
iptables --table nat --append POSTROUTING --out-interface ${IFNAME} -j MASQUERADE
# Block connections from the outside
iptables -A FORWARD -i ${IFNAME} -j REJECT
iptables -A INPUT -i ${IFNAME} -j REJECT
fi

Check the PPP tunnel

root@voyage:~# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
 inet addr:xx.xx.xx.xxx P-t-P:xx.xx.xx.xx Mask:255.255.255.255
 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
 RX packets:10 errors:0 dropped:0 overruns:0 frame:0
 TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:3
 RX bytes:755 (755.0 B) TX bytes:4058 (3.9 KiB)

Check the routing table. The default route is the ppp0 interface.

root@voyage:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 UG 0 0 0 ppp0
b-ras2.srl.dubl * 255.255.255.255 UH 0 0 0 ppp0
192.168.11.0 * 255.255.255.0 U 0 0 0 wlan0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0

Debugging PPPoE

root@voyage:~# pon eircom debug dump logfd 2 nodetach
Plugin rp-pppoe.so loaded.
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
persist # (from /etc/ppp/peers/eircom)
logfd 2 # (from command line)
dump # (from command line)
plugin rp-pppoe.so # (from /etc/ppp/peers/eircom)
noauth # (from /etc/ppp/peers/eircom)
user eircom@eircom.net # (from /etc/ppp/peers/eircom)
eth0 # (from /etc/ppp/peers/eircom)
eth0 # (from /etc/ppp/peers/eircom)
noaccomp # (from /etc/ppp/peers/eircom)
asyncmap ffffffff # (from /etc/ppp/options)
default-asyncmap # (from /etc/ppp/peers/eircom)
mtu 1492 # (from /etc/ppp/peers/eircom)
lcp-echo-failure 3 # (from /etc/ppp/peers/eircom)
lcp-echo-interval 20 # (from /etc/ppp/peers/eircom)
hide-password # (from /etc/ppp/peers/eircom)
ipparam eircom # (from /etc/ppp/peers/eircom)
noipdefault # (from /etc/ppp/peers/eircom)
defaultroute # (from /etc/ppp/peers/eircom)
usepeerdns # (from /etc/ppp/peers/eircom)
noipx # (from /etc/ppp/options)
Send PPPOE Discovery V1T1 PADI session 0x0 length 12
 dst ff:ff:ff:ff:ff:ff src 0:d:b9:29:46:fc
 [service-name] [host-uniq 5a 50 00 00]
Recv PPPOE Discovery V1T1 PADO session 0x0 length 61
 dst 0:d:b9:29:46:fc src 0:f:cc:3a:33:4
 [AC-name srl2.bras] [host-uniq 5a 50 00 00] [relay-session-id 3a cc 0f 00 04 33 00 00 00 12 00 01] [service-name] [AC-cookie 30 f4 5b 0d 80 32 db 81 81 13 da 82 00 ce 4e 12]
Send PPPOE Discovery V1T1 PADR session 0x0 length 48
 dst 0:f:cc:3a:33:4 src 0:d:b9:29:46:fc
 [service-name] [host-uniq 5a 50 00 00] [AC-cookie 30 f4 5b 0d 80 32 db 81 81 13 da 82 00 ce 4e 12] [relay-session-id 3a cc 0f 00 04 33 00 00 00 12 00 01]
Recv PPPOE Discovery V1T1 PADS session 0x1 length 28
 dst 0:d:b9:29:46:fc src 0:f:cc:3a:33:4
 [service-name] [host-uniq 5a 50 00 00] [relay-session-id 3a cc 0f 00 04 33 00 00 00 12 00 01]
PADS: Service-Name: ''
PPP session is 1
Connected to 00:0f:cc:3a:33:04 via interface eth0
using channel 10
Using interface ppp0
Connect: ppp0 <--> eth0
sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x28edef70>]
rcvd [LCP ConfReq id=0x57 <mru 1492> <auth chap MD5> <magic 0x3b020fa>]
sent [LCP ConfAck id=0x57 <mru 1492> <auth chap MD5> <magic 0x3b020fa>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x28edef70>]
sent [LCP EchoReq id=0x0 magic=0x28edef70]
rcvd [CHAP Challenge id=0xc7 <d108d50bf195dfd8f04e166de7c2efee>, name = "srl2.bras"]
sent [CHAP Response id=0xc7 <69ff82bb3fd504b864cc4067b5d3265e>, name = "eircom@eircom.net"]
rcvd [LCP EchoRep id=0x0 magic=0x3b020fa]
rcvd [CHAP Success id=0xc7 ""]
CHAP authentication succeeded
CHAP authentication succeeded
peer from calling number 00:0F:CC:3A:33:04 authorized
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfNak id=0x1 <addr 86.40.188.81> <ms-dns1 159.134.0.1> <ms-dns2 159.134.0.2>]
sent [IPCP ConfReq id=0x2 <addr 86.40.188.81> <ms-dns1 159.134.0.1> <ms-dns2 159.134.0.2>]
rcvd [IPCP ConfAck id=0x2 <addr 86.40.188.81> <ms-dns1 159.134.0.1> <ms-dns2 159.134.0.2>]
rcvd [IPCP ConfReq id=0x31 <addr 159.134.155.7>]
sent [IPCP ConfAck id=0x31 <addr 159.134.155.7>]
local IP address 86.40.188.81
remote IP address 159.134.155.7
primary DNS address 159.134.0.1
secondary DNS address 159.134.0.2
Script /etc/ppp/ip-up started (pid 20576)
Script /etc/ppp/ip-up finished (pid 20576), status = 0x0
Advertisements