This section contains samples of all files that are used to configure an access server. The access server is multihomed and attached to three subnets: green, orange, and purple. pppoed runs as root on the server, which is the default.
PPPoE clients can access the orange and purple networks through interfaces hme0 and hme1. Clients log in to the server by using the standard UNIX login. The server authenticates them by using PAP.
The green network is not advertised to clients. The only way clients can access green is by directly specifying “green-net” and supplying CHAP authentication credentials. Moreover, only clients joe and mary are allowed to access the green network. They must use static IP addresses to do so.
service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:" service purple-net device hme0,hme1 pppd "require-pap login name purple-server purple-server:" service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcard |
This sample describes the services available from the access server. The first service section describes the services of the orange network.
service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:" |
The service section for the purple network is identical to that of the orange network except for the network and server names.
The next section describes the services of the green network:
service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcard |
For the access server scenario just discussed, you might set up the following /etc/ppp/options file.
auth proxyarp nodefaultroute name no-service # don't authenticate otherwise |
The option name no-service overrides the server name that is normally searched for during PAP or CHAP authentication. The server's default name is the one that found in the /usr/bin/hostname file. The name option in the previous example changes the server's name to no-service, a name not likely to be found in a pap or chap-secrets file. This action prevents a random user from running pppd and overriding the auth and name options that are set in /etc/ppp/options. pppd then fails because it cannot find any secrets for the client with a server name of no-service.
The access server scenario uses the following /etc/hosts file.
172.16.0.1 orange-server 172.17.0.1 purple-server 172.18.0.1 green-server 172.18.0.2 joes-pc 172.18.0.3 marys-pc |
Here is the /etc/ppp/pap-secrets file that is used for PAP authentication for clients that attempt to access the orange and purple networks.
* orange-server "" 172.16.0.2/16+ * purple-server "" 172.17.0.2/16+ |
Here is the /etc/ppp/chap-secrets file that is used for CHAP authentication. Note that only clients joe and mary are listed in the file.
joe green-server "joe's secret" joes-pc mary green-server "mary's secret" marys-pc |