README
1pppoe: a PPP-over-Ethernet redirector for pppd
2Copyright (C) 1999 Luke Stras
3
4Introduction
5============
6
7This program can be used to enable PPPoE support using the pppd
8daemon. PPPoE is a technique for the encapsulation of PPP streams
9inside of Ethernet frames. This technology is being deployed by
10high-speed Internet access providers (cable modems, xDSL, etc.) in
11order to decouple the supply of bandwidth from ISP services. In
12particular, in Canada, the Bell Sympatico ADSL service is moving from
13DHCP-based access control to PPPoE. Further details on PPPoE can be
14found in RFC2516.
15
16Installation
17============
18
19Requirements
20------------
21
22Linux 2.0.0 or later (may work on other platforms, but untested)
23 has been tested on Intel platforms
24OR
25OpenBSD 2.5 or later (may work on other platforms, but untested)
26 has been tested on SparcStation IPX
27pppd 2.3.7 or later
28
29Note that older versions of pppd may work if you obtain the
30'pty-redirect' program. Various copies are available on the 'Net. I
31haven't tried this myself, though.
32
33Compiling
34---------
35
36Compile and install pppd. Then:
37
38Unpack:
39
40# tar xzvf pppoe-0.3.tar.gz
41
42Edit the Makefile to set options. Currently, you can set one option
43which attempts to deal with buggy Access Concentrators that
44occasionally send out duplicate packets.
45
46Compile:
47
48# make
49
50Install to some convenient directory:
51
52# cp pppoe /usr/local/sbin
53
54Create an appropriate secrets file. For example, Sympatico ADSL uses
55PAP for authentication, so we need an /etc/ppp/pap-secrets file. The
56file consists of three columns, separated by whitespace. The first
57column is the user name. For Sympatico, this is the Sympatico Member
58ID (b1*). This is case sensitive, and you must add '@sympatico.ca' to
59the end. The second entry is the server name. This should be '*'.
60The third entry is the secret. For Sympatico users, this will be your
61Sympatico password. So a sample /etc/ppp/pap-secrets file might look
62like:
63
64b1aaaaaa@sympatico.ca * password
65
66Make sure your ethernet interface is up:
67
68ifconfig eth0 up
69
70Then, start pppd like this:
71
72pppd pty '/usr/local/sbin/pppoe -I eth0' noipdefault defaultroute \
73 hide-password passive persist name b1aaaaaa@sympatico.ca
74
75Options
76=======
77
78pppoe can take two run-time options:
79
80-I if
81 Specifies the ethernet interface to use. The interface *must* be up
82 before the program will start.
83
84-L file
85 Specifes a log file. Note that pppd chroots to '/', so the path
86 should be absolute. Note that the log can get large.
87
88-E file
89 Specifies an error log file. This is the file that diagnostic/error
90 messages go to. By default, it is stderr. Note that the path must
91 be absolute.
92
93-Fa
94 Specifies that partial packets should always be forwarded. Default
95 is no forwarding of partial packets.
96
97-Fs
98 Specifies that the program should search for start-of-packet data in
99 the data stream from pppd. Default is no forwarding of partial
100 packets.
101
102-V
103 Prints the version number, and exits.
104
105Masquarading and Stuff
106======================
107
108It seems that a lot of people are using this software to run on small,
109cheap computers acting as firewalls or masquaraders for small
110networks. This section deals with some of the issues and problems
111relating to this.
112
113It appears that there is some kind of problem in the IP framgentation
114code in the Linux networking chain -- either at the kernel level, or
115in pppd. When a Linux router receives a IP packet on an interface and
116is asked to forward it to another interface which has an MTU smaller
117than the packet size, something goes wrong. pppd will spit out a
118packet which is MTU bytes in size, and then it will output the rest of
119the packet, BUT NOT ENCODED AS PER RFC1662. The net result of this is
120that pppoe will see this data, and will abort with an "invalid data"
121message. This behaviour has been modified in this version.
122
123If no '-F' option is given, these overflow packets are silently
124dropped. This will likely cause problems with data not getting where
125it's supposed to go; however, the connection should remain up.
126
127If a '-Fa' option is given, then whatever gibberish pppd outputs will
128be faithfully forwarded inside a PPPoE frame.
129
130If a '-Fs' option is given, then the pppd output stream is searched for
131the start of a valid RFC1662 packet, and that data is sent. Note that
132'-Fa' will over-ride '-Fs'.
133
134However, to avoid problems altogether, it is best to set the MTU on
135all machines behind the firewall. The MTUs should be set to about
1361400 or so. The way this is done is as follows:
137
138Under Linux (and, presumably other Unix-workalikes):
139
140# /sbin/ifconfig eth0 mtu 1400
141
142where eth0 is your Ethernet interface.
143
144Under Windows (95/98; may work under W2K):
145
146Using a registry editor, set
147
148HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\NetTrans\000X\
149MaxMTU=1492
150
151all on one line (note that the 1492 is a string value). Registry
152entries are case-sensitive.
153
154The 'X' depends on what your interface is.
155
156Under Windows NT (thanks to Shawn Sulma for this)
157
158Using a registry editor, set
159HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/El90x1/Parameters/
160Tcpip/MTU=1492<p>
161
162(note that the 1492 is a DWORD)
163The "El90x1" is replaced with your card entry.
164
165Bugs
166====
167
168pppd will occasionally negotiate a connection, but refuse to transmit
169any packets. I've found that adding the 'debug' option to the pppd
170command line seems to fix this problem. Is this a race condition of
171some kind? I don't konw.
172
173Occasionally, the ppp link negotiation enters an infinite loop. The
174cause is unknown, and the only solution is to try again. I believe
175this may have something to do with a bug in Access Concentrator used
176by Bell, but I'm not sure.
177
178Acknowledgements
179================
180
181Thanks go to:
182
183Matt Robinson for the OpenBSD port and some major efficiency fixes.
184
185Dave Wortman for telling me how to port it to libc 5
186
187The teeming multitudes for testing and using this software, and
188providing feedback.
189
190And no thanks at all to Bell Nexxia and Sympatico, for using PPPoE in
191the first place. There *have* to be better solutions. And don't get
192me started on buggy RedBac hardware, either.
193
194Author Information
195==================
196
197I can be reached via e-mail at <stras@ecf.toronto.edu>. This program
198can be found at http://www.ecf.toronto.edu/~stras/pppoe.html
199
200
README.BSD
1README.BSD
2
3This version of Luke Stras' PPPoE redirector includes support for OpenBSD.
4Support for other BSD variants is possible but requires some porting.
5To compile for BSD, you will need to add "-DUSE_BPF" in the DEFINES=
6string in the Makefile. You will also need to link against kvm library
7(uncomment LIBS=-lkvm in the Makefile).
8
9I am currently running this on a SPARCstation IPX running OpenBSD 2.5.
10I get 50Kbytes/sec maximum throughput but only if I saturate the
11machine with multiple connections to get around packet loss. [Under
12load BPF reports a number of lost packets.] At this point, the CPU
13on the machine is being fully used. For Intel users, the IPX is roughly
14on par with a fast 486 so anyone with a modern machine should be fine.
15
16NOTE: I have not run this on an Intel box yet, so there may be some
17byte-ordering issues [SPARCs use the same endian as network ordering].
18If you get the error message:
19
20 BPF program is broken
21
22after starting, try recompiling with -DSIMPLE_BPF. If this works,
23let me know - it means I've buggered up the byte-ordering in the
24more complex (and better performing) BPF program.
25
26---
27
28Look at the "start" script for an example of how to start this up.
29I found the pty-redir program in another package but that package
30did not credit it's author. It is GPL'ed so I have no qualms about
31redistributing it. I've hacked it slightly but otherwise make no
32claims on it. If the author will speak up I'll more than happily
33attribute it.
34
35Other than that, the instructions that came with the original package
36more or less apply. Note that the pppd in OpenBSD 2.5 does not support
37the "pty" option, hence the pty-redir program.
38
39---
40
41The BSD specific stuff is made up mostly of 2 chunks:
42
431. Berkeley Packet Filter code which handles the reading and writing
44 of raw ethernet packets from and to the network.
45
462. An ugly bit of kvm code to extract the ethernet address of the
47 interface we are interested in. This works on OpenBSD 2.5, may
48 work on other OpenBSD kernels and is unlikely to work anywhere else.
49 If it does work anywhere else or if anyone has any better ideas,
50 please let me know.
51
52Part 1 should work on any BSD variant or any platform supporting BPF.
53Part 2 will require the most porting work.
54
55Changes and comments about the BSD-specific parts are welcome at
56matt@cs.yorku.ca.
57
58Please note: this is not meant to be an elegant solution, just a stopgap
59until something better (i.e. something that doesn't dive in and out
60user-space and copy packets everywhere) can be worked out.
61
62Thanks to Luke for writing the Linux version which made the task of
63getting my gateway back online significantly easier.
64
65Matt Robinson
66Computer Development Manager
67Dept. of Computer Science
68York Univerity
69Toronto, Ontario, Canada
70matt@cs.yorku.ca
71