What is PPPoE ?
PPPoE is short for Point to Point Protocol over Ethernet. PPPoE is mainly used at ADSL networks. Because ADSL is actually a large public network where the ADSL concentrator acts like a regular hub, the possibilites for abuse are there. For example one might hook up an ADSL modem and just use any IP adress within the valid range he wants.
By using something like PPP over modems, users first have to authenticate themselves, after that they get their IP address. Faking an address without supplying username/password becomes very difficult.
Some providers/suppliers like Redback and UUnet developed the use of PPP over Ethernet. Beware that PPP is a low level protocol and hasn't actually anything to do with IP. Sure you can use IP on PPP but you can also use IPX or other protocols over PPP. PPP just creates a virtual layer on the lower network devices, modems or ethernetcards.
Why PPPoE ?
For a wireless Internet project we needed to evaluate if PPP over Ethernet (PPPoE) was a solution to maintain some security with the system. Because the wireless networks are actually bridged networks where every node (=client) is attached to each other, the possibility of abuse are also present.
When using PPPoE you can:
Where's PPPoE ?
The PPPoE server is available as commercial appliances but also in FreeBSD. Since i've no experience with FreeBSD i first had to get my hands on that.
The PPPoE clients are also available as commercial products and some freeware/shareware/open source products:
Commercial:
Windriver WinPoet: Windows
Windriver MacPoet: Apple (MacPoet)
Enternet
Windows, Apple and Linux
CFos PPPoE
Windows
Free-ware
RASPPPOE, This one is for Windows 98/2000 NOT for Windows 95
Installing FreeBSD
You have to get hands on the FreeBSD cd or disk (prefer cd). you can download the cd's ISO image from www.freebsd.org and burn your own CD from it, that's what i did. I started of with version 4.1 but there seem to be something wrong with it. I've never succeeded to get PPPoE working on that so i switched to version 4.0 of FreeBSD.
Activating Netgraph and such
Since PPPoE relies on the Netgraph something (remember. i don't know FreeBSD) it needs to be included in the kernel. This sounds more difficult then it actually is:
After installing FreeBSD go to the /usr/src/sys/i386 directory. There you'll find some kernel config files.
Copy the GENERIC file to your system name file, in my case WIPOP
# cp GENERIC WIPOP
now edit the WIPOP file with an editor (i used ee, very good compared to vi)
# ee WIPOP
add these lines at the end of the WIPOP file, some options are not needed for PPPoE but you'll need them anyway later on:
options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPDIVERT
options BRIDGE
options DUMMYNET
save the file and run the config routine.
# /usr/sbin/config WIPOP
# cd ../../compile/WIPOP
# make depend
# make
# make install
All set, your new kernel is now netgraph and firewall ready. Reboot the system.
Now all you need is to adjust some PPP config files and start PPPoE and you're all set.
(The next part is from Paul Rice, now working at Raylink)
Create a file called /etc/ppp/ppp.conf
#----------BOF /etc/ppp/ppp.conf
#/etc/ppp/ppp.conf
#pppoe server setup -- chap & pap authorization, dynamic ip assignment
#radius server implemented --
#server should be running /usr/libexec/pppoed -p pppoe-in fxp0 (or xl0,
# depending on your nic) mine is xl0 -not required if you set up
#pppoe at startup in /etc/defaults/rc.conf
#upon receiving pppoe traffic pppoed will exec /usr/sbin/ppp -direct
#pppoe-in
pppoe-in:
allow users
enable chap
enable pap
allow mode direct
set mru 1492
set mtu 1492
set speed sync
enable lqr
set ifaddr 192.168.0.1 192.168.0.50-192.168.0.199
#private ip's for dynamic
#assignment accept dns
#use radius - radius server info is locate in /etc/radius.conf
load server
set radius /etc/radius.conf
#---------- EOF /etc/ppp/ppp.conf
Create the file /etc/radius.conf
#---------- BOF /etc/radius.conf
#/etc/radius.conf
# A simple entry using all the defaults: auth 192.168.0.1 1234
acct 192.168.0.1 1234
#
#-----------EOF /etc/radius.conf
Add the following to /etc/defaults/rc.conf so that pppoed runs at boot
--------------
pppoed_enable="YES" # Run the PPP over Ethernet daemon.
pppoed_provider="pppoe-in" # Provider and ppp(8) configfileentry.
pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
pppoed_interface="xl0" # The interface that pppoed runs on.
firewall_enable="YES" # Set to YES to enable firewallfunctionality
firewall_script="/etc/rc.firewall" # Which script to run to set up thefirewall
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
natd_program="/sbin/natd" # path to natd, if you want a differentone.
natd_enable="YES" # Enable natd (if firewall_enable ==YES).
natd_interface="xl0" # Public interface or IPaddress to use.
natd_flags="" # Additional flags for natd.
defaultrouter="YES" # Set to default gateway (or NO).
static_routes="" # Set to static route list (or leaveempty).
gateway_enable="YES" # Set to YES if this host will be agateway.
router_enable="YES" # Set to YES to enable a routing daemon.
router="routed" # Name of routing daemon to use ifenabled.
--------------------
Firewalling:
Create the file /etc/rc.firewall
# -----------BOF /etc/rc.firewall
#basicly forward all traffic
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via rl0
/sbin/ipfw add pass all from any to any
#------------EOF /etc/rc.firewall
After creating these files you can start the PPPoE daemon with:Now you need to install a PPPoE client, try RASPPPOE on a Windows 98 machine. I've tried this with a Lucent 11Mb card and worked perfect. Beware that Windows 98 has a bug in the NDIS stuff, get the update from Microsoft (where ?)
Last Updated: (12-10-2000)
S