2
1
I'm trying to setup a pppoe server/concentrator in order to test my pppoe clients.
I Followed the guide here https://poundcomment.wordpress.com/2011/03/30/pppoe-server-on-ubuntu/ and everything looked fine at first glance.
But when I try to connect from an Ubuntu machine being setup with sudo ppoeconf I get with plog -n 30 command this lines:
client pppd[4618]: Plugin rp-pppoe.so loaded
client pppd[4618]: pppd 2.4.7 started by root, uid 0
client pppd[4618]: Connected to 00:0c:29... via interface ens33
client pppd[4618]: Using interface ppp0
client pppd[4618]: Connect: ppp0 <--> ens33
client pppd[4618]: CHAP authentication succeeded
client pppd[4618]: CHAP authentication succeeded
client pppd[4618]: peer from calling number 00:0C:29.... authorized
client pppd[4618]: LCP terminated by peer (Authentication failed)
client pppd[4618]: Modem hangup
client pppd[4618]: Connection terminated.
client pppd[4618]: Failed to disconnect PPPoE socket: 114 Operation already in progress
It seems that the client sees the server up and the CHAP authentication goes fine, while the connections hangs on the LCP part.
Why this? And how can I fix it ?
Side notes:
- The server machine has 2 interfaces named ens33 (that act as wan) and ens34 (that act as lan)
- The client machine has ens33 that is used to connect to the ens34 on server machine
The scripts post-up and post-down are the one listed in the guide, but mostly the server is loaded with the line:
pppoe-server -C isp -L 192.168.50.1 -p /etc/ppp/ipaddress_pool -I ens34 -m 1412
SERVER CONFIG
Full process I used from beginning:
1) installed debian9 base on the machine that will become the pppoe server/concentrator
2) installed build-essential, ppp, downloaded and installed roaring penguin pppoe
apt-get --assume-yes install build-essential
apt-get --assume-yes install ppp
wget https://www.roaringpenguin.com/files/download/rp-pppoe-3.12.tar.gz
tar -zxvf rp-pppoe-3.12.tar.gz
cd rp-pppoe-3.12/src/
./configure
make && make install
3) Edited some config files:
file /etc/ppp/pppoe-server-options :
# PPP options for the PPPoE server
# LIC: GPL
#require-pap
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
ms-dns 208.67.222.222
ms-dns 208.67.220.220
netmask 255.255.255.0
defaultroute
noipdefault
usepeerdns
file /etc/ppp/chap-secrets :
# Secrets for authentication using CHAP
# client server secret IP addresses
"alice" * "1234" 172.32.50.2
(because i don't care about password for now, it's a test machine)
file /etc/ppp/ipaddress_pool :
192.168.50.2-30
file /etc/ppp/pppoe_start :
#!/bin/bash
##############################
# Simple script that starts PPPoE Server
##############################
# Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Start PPPoE Server
pppoe-server -C isp -L 192.168.50.1 -p /etc/ppp/ipaddress_pool -I ens34 -m 1412
# Set Firewall rules
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
file /etc/ppp/pppoe_stop :
#!/bin/bash
##############################
# Simple script that stops PPPoE Server
##############################
# Disable IP Forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward
# Kill PPPoE Server
killall pppoe-server
killall pppd
# Flush the IPtable rules.
iptables -t nat -F POSTROUTING
file /etc/network/interfaces :
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens33
iface ens33 inet dhcp
auto ens34
iface ens34 inet manual
address 192.168.50.1
netmask 255.255.255.0
up ifconfig $IFACE 0.0.0.0 up
post-up /etc/ppp/pppoe_start
post-down /etc/ppp/pppoe_stop
down ifconfig $IFACE down
CLIENT CONFIG
For what concern the client I used an ubuntu 14.04 vm fresh installed and configured via terminal with sudo pppoeconf
the config seems to work however the error is the one listed
on client the configs are:
file /etc/ppp/peers/dsl-provider :
# Minimalistic default options file for DSL/PPPoE connections
noipdefault
replacedefaultroute
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
noauth
persist
mtu 1412
#maxfail 0
#holdoff 20
plugin rp-pppoe.so
nic-ens33
user "alice"
usepeerdns
file /etc/ppp/peers/provider :
# example configuration for a dialup connection authenticated with PAP or CHAP
#
# This is the default configuration used by pon(1) and poff(1).
# See the manual page pppd(8) for information on all the options.
# MUST CHANGE: replace myusername@realm with the PPP login name gi ven to
# your by your provider.
# There should be a matching entry with the password in /etc/ppp/p ap-secrets
# and/or /etc/ppp/chap-secrets.
user "myusername@realm"
# MUST CHANGE: replace ******** with the phone number of your prov ider.
# The /etc/chatscripts/pap chat script may be modified to change t he
# modem initialization string.
connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
# Serial device to which the modem is connected.
/dev/modem
# Speed of the serial line.
115200
# Assumes that your IP address is allocated dynamically by the ISP .
noipdefault
# Try to get the name server addresses from the ISP.
usepeerdns
# Use this connection as the default route.
defaultroute
# Makes pppd "dial again" when the connection is lost.
persist
# Do not ask the remote to authenticate.
noauth
LCP INFO
Regarding LCP reading around it seems that it does the following.
- checks the identity of the linked device and either accepts or rejects the peer device
- determines the acceptable packet size for transmission
- searches for errors in configuration
- can terminate the link if requirements exceed the parameters
So for me is difficult to understand what could be the problem.
user3450548
Posted 2018-02-20T09:41:15.363
Reputation: 131
Sadly this change nothing. I changed everything reflecting the new configuration 192.168.50.xx instead of 172.32.xx.xx and the problem stays the same. I encour in the LCP terminated by peer (Authentication failed) message. Could it be something encryption related ? Maybe in pppoeconf something else should be set ? – user3450548 – 2018-02-21T15:46:34.767
Add your config to the question. I'll try to help. – Tim_Stewart – 2018-02-21T16:06:42.670
Thanks, I posted the complete config of server and client, hope it helps! – user3450548 – 2018-02-21T23:14:27.787
How is the client physically connected? What is it's IP address in relation to the 192.168.50.1 subnet? – Tim_Stewart – 2018-02-22T00:34:42.357
They are connected with an ethernet cable, physically it seems they can see eachother.. indeed when it says: peer from calling number 00:0C:29.... authorized.. that mac address is the ens33 of the server so the client sees it and can authenticate on the CHAP part.. is the LCP that goes bad. The client hasn't an ethernet configured with an ip because it have to get it from pppoe no? – user3450548 – 2018-02-22T00:54:51.433
That's usually not how this works. In most cases the IP range of clients is virtually handled within the server. I.e the client computer will be in the local lan, and gets a virtual address from the server for use in the tunnel subnet. – Tim_Stewart – 2018-02-22T01:31:05.873
Let us continue this discussion in chat.
– user3450548 – 2018-02-22T01:33:50.847