1pppoe: a PPP-over-Ethernet redirector for pppd 2Copyright (C) 1999 Luke Stras 3 4Introduction 5============ 6 7This program can be used to enable PPPoE support using the pppd 8daemon. PPPoE is a technique for the encapsulation of PPP streams 9inside of Ethernet frames. This technology is being deployed by 10high-speed Internet access providers (cable modems, xDSL, etc.) in 11order to decouple the supply of bandwidth from ISP services. In 12particular, in Canada, the Bell Sympatico ADSL service is moving from 13DHCP-based access control to PPPoE. Further details on PPPoE can be 14found in RFC2516. 15 16Installation 17============ 18 19Requirements 20------------ 21 22Linux 2.0.0 or later (may work on other platforms, but untested) 23 has been tested on Intel platforms 24OR 25OpenBSD 2.5 or later (may work on other platforms, but untested) 26 has been tested on SparcStation IPX 27pppd 2.3.7 or later 28 29Note that older versions of pppd may work if you obtain the 30'pty-redirect' program. Various copies are available on the 'Net. I 31haven't tried this myself, though. 32 33Compiling 34--------- 35 36Compile and install pppd. Then: 37 38Unpack: 39 40# tar xzvf pppoe-0.3.tar.gz 41 42Edit the Makefile to set options. Currently, you can set one option 43which attempts to deal with buggy Access Concentrators that 44occasionally send out duplicate packets. 45 46Compile: 47 48# make 49 50Install to some convenient directory: 51 52# cp pppoe /usr/local/sbin 53 54Create an appropriate secrets file. For example, Sympatico ADSL uses 55PAP for authentication, so we need an /etc/ppp/pap-secrets file. The 56file consists of three columns, separated by whitespace. The first 57column is the user name. For Sympatico, this is the Sympatico Member 58ID (b1*). This is case sensitive, and you must add '@sympatico.ca' to 59the end. The second entry is the server name. This should be '*'. 60The third entry is the secret. For Sympatico users, this will be your 61Sympatico password. So a sample /etc/ppp/pap-secrets file might look 62like: 63 64b1aaaaaa@sympatico.ca * password 65 66Make sure your ethernet interface is up: 67 68ifconfig eth0 up 69 70Then, start pppd like this: 71 72pppd pty '/usr/local/sbin/pppoe -I eth0' noipdefault defaultroute \ 73 hide-password passive persist name b1aaaaaa@sympatico.ca 74 75Options 76======= 77 78pppoe can take two run-time options: 79 80-I if 81 Specifies the ethernet interface to use. The interface *must* be up 82 before the program will start. 83 84-L file 85 Specifes a log file. Note that pppd chroots to '/', so the path 86 should be absolute. Note that the log can get large. 87 88-E file 89 Specifies an error log file. This is the file that diagnostic/error 90 messages go to. By default, it is stderr. Note that the path must 91 be absolute. 92 93-Fa 94 Specifies that partial packets should always be forwarded. Default 95 is no forwarding of partial packets. 96 97-Fs 98 Specifies that the program should search for start-of-packet data in 99 the data stream from pppd. Default is no forwarding of partial 100 packets. 101 102-V 103 Prints the version number, and exits. 104 105Masquarading and Stuff 106====================== 107 108It seems that a lot of people are using this software to run on small, 109cheap computers acting as firewalls or masquaraders for small 110networks. This section deals with some of the issues and problems 111relating to this. 112 113It appears that there is some kind of problem in the IP framgentation 114code in the Linux networking chain -- either at the kernel level, or 115in pppd. When a Linux router receives a IP packet on an interface and 116is asked to forward it to another interface which has an MTU smaller 117than the packet size, something goes wrong. pppd will spit out a 118packet which is MTU bytes in size, and then it will output the rest of 119the packet, BUT NOT ENCODED AS PER RFC1662. The net result of this is 120that pppoe will see this data, and will abort with an "invalid data" 121message. This behaviour has been modified in this version. 122 123If no '-F' option is given, these overflow packets are silently 124dropped. This will likely cause problems with data not getting where 125it's supposed to go; however, the connection should remain up. 126 127If a '-Fa' option is given, then whatever gibberish pppd outputs will 128be faithfully forwarded inside a PPPoE frame. 129 130If a '-Fs' option is given, then the pppd output stream is searched for 131the start of a valid RFC1662 packet, and that data is sent. Note that 132'-Fa' will over-ride '-Fs'. 133 134However, to avoid problems altogether, it is best to set the MTU on 135all machines behind the firewall. The MTUs should be set to about 1361400 or so. The way this is done is as follows: 137 138Under Linux (and, presumably other Unix-workalikes): 139 140# /sbin/ifconfig eth0 mtu 1400 141 142where eth0 is your Ethernet interface. 143 144Under Windows (95/98; may work under W2K): 145 146Using a registry editor, set 147 148HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\000X\ 149MaxMTU=1492 150 151all on one line (note that the 1492 is a string value). Registry 152entries are case-sensitive. 153 154The 'X' depends on what your interface is. 155 156Under Windows NT (thanks to Shawn Sulma for this) 157 158Using a registry editor, set 159HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/El90x1/Parameters/ 160Tcpip/MTU=1492<p> 161 162(note that the 1492 is a DWORD) 163The "El90x1" is replaced with your card entry. 164 165Bugs 166==== 167 168pppd will occasionally negotiate a connection, but refuse to transmit 169any packets. I've found that adding the 'debug' option to the pppd 170command line seems to fix this problem. Is this a race condition of 171some kind? I don't konw. 172 173Occasionally, the ppp link negotiation enters an infinite loop. The 174cause is unknown, and the only solution is to try again. I believe 175this may have something to do with a bug in Access Concentrator used 176by Bell, but I'm not sure. 177 178Acknowledgements 179================ 180 181Thanks go to: 182 183Matt Robinson for the OpenBSD port and some major efficiency fixes. 184 185Dave Wortman for telling me how to port it to libc 5 186 187The teeming multitudes for testing and using this software, and 188providing feedback. 189 190And no thanks at all to Bell Nexxia and Sympatico, for using PPPoE in 191the first place. There *have* to be better solutions. And don't get 192me started on buggy RedBac hardware, either. 193 194Author Information 195================== 196 197I can be reached via e-mail at <stras@ecf.toronto.edu>. This program 198can be found at http://www.ecf.toronto.edu/~stras/pppoe.html 199 200