A service provider that offers DSL services or support to customers can use an access server that is running PPPoE. The PPPoE access server and client do function in the traditional client-server relationship. This relationship is similar to the relationship of the dial-out machine and dial-in server on a dial-up link. One PPPoE system initiates communications and one PPPoE system answers. By contrast, the PPP protocol has no notion of the client-server relationship. PPP considers both systems equal peers.
The commands and files that set up a PPPoE access server include the following:
You configure pppoed services in the /etc/ppp/pppoe and /etc/ppp/pppoe.device files. If /etc/ppp/pppoe exists when the system boots, pppoed runs automatically. You can also explicitly run the pppoed daemon on the command line by typing /usr/lib/inet/pppoed.
The /etc/ppp/pppoe file describes the services that are offered by an access server plus options that define how PPP runs over the PPPoE tunnel. You can define services for individual interfaces, or globally, that is, for all interfaces on the access server. The access server sends the information in the /etc/ppp/pppoe file in response to a broadcast from a potential PPPoE client.
global-options service service-name service-specific-options device interface-name
The parameters have the following meanings.
Sets the default options for the /etc/ppp/pppoe file. These options can be any options that are available through pppoed or pppd. For complete lists of options, see the man pages pppoed(1M) and pppd(1M).
For example, you must list the Ethernet interfaces that are available for the PPPoE tunnel as part of global options. If you do not define devices in /etc/ppp/pppoe, the services are not offered on any interface.
To define devices as a global option, use the following form:
device interface <,interface>
interface specifies the interface where the service listens for potential PPPoE clients. If more than one interface is associated with the service, separate each name with a comma.
Starts the definition of the service service-name. service-name is a string that can be any phrase that is appropriate to the services that are provided.
Lists the PPPoE and PPP options specific to this service.
Specifies the interface where the previously listed service is available.
device hme1,hme2,hme3 service internet pppd "name internet-server" service intranet pppd "192.168.1.1:" service debug device hme1 pppd "debug name internet-server"
In this file, the following values apply.
Three interfaces on the access server to be used for PPPoE tunnels.
Advertises a service that is called internet to prospective clients. The provider that offers the service also determines how internet is defined. For example, a provider might interpret internet to mean various IP services, as well as access to the Internet.
Sets the command-line options that are used when the caller invokes pppd. The option "name internet-server" gives the name of the local machine, the access server, as internet-server.
Advertises another service that is called intranet to prospective clients.
Sets the command-line options that are used when the caller invokes pppd. When the caller invokes pppd, 192.168.1.1 is set as the IP address for the local machine, the access server.
Advertises a third service, debugging, on the interfaces that are defined for PPPoE.
Restricts debugging to PPPoE tunnels to hme1.
Sets the command-line options that are used when the caller invokes pppd, in this instance, PPP debugging on internet-server, the local machine.
The /etc/ppp/pppoe.device file describes the services that are offered on one interface of a PPPoE access server. /etc/ppp/pppoe.device also includes options that define how PPP runs over the PPPoE tunnel. /etc/ppp/pppoe.device is an optional file, which operates exactly like the global /etc/ppp/pppoe. However, if /etc/ppp/pppoe.device is defined for an interface, its parameters have precedence for that interface over the global parameters that are defined in /etc/ppp/pppoe.
service service-name service-specific-options service another-service-name service-specific-options
The only difference between this syntax and the syntax of /etc/ppp/pppoe is that you cannot use the device option that is shown in /etc/ppp/pppoe File.
pppoe.so is the PPPoE shared object file that must be invoked by PPPoE access servers and clients. This file limits MTU and MRU to 1492, filters packets from the driver, and negotiates the PPPoE tunnel, along with pppoed. On the access server side, pppoe.so is automatically invoked by the pppd daemon.
This section contains samples of all files that are used to configure an access server. The access server is multihomed. The server is attached to three subnets: green, orange, and purple. pppoed runs as root on the server, which is the default.
PPPoE clients can access the orange and purple networks through interfaces hme0 and hme1. Clients log in to the server by using the standard UNIX login. The server authenticates the clients by using PAP.
The green network is not advertised to clients. The only way clients can access green is by directly specifying “green-net” and supplying CHAP authentication credentials. Moreover, only clients joe and mary are allowed to access the green network by using static IP addresses.Example 8-3 /etc/ppp/pppoe File for an Access Server
service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:" service purple-net device hme0,hme1 pppd "require-pap login name purple-server purple-server:" service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcard
This sample describes the services that are available from the access server. The first service section describes the services of the orange network.
service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:"
Clients access the orange network over interfaces hme0 and hme1. The options that are given to the pppd command force the server to require PAP credentials from potential clients. The pppd options also set the server's name to orange-server, as used in the pap-secrets file.
The service section for the purple network is identical to the service section of the orange network except for the network and server names.
The next section describes the services of the green network:
service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcard
This section restricts client access to interface hme1. Options that are given to the pppd command force the server to require CHAP credentials from prospective clients. The pppd options also set the server name to green-server, to be used in the chap-secrets file. The nowildcard option specifies that the existence of the green network is not advertised to clients.Example 8-4 /etc/ppp/options File for an Access Server
auth proxyarp nodefaultroute name no-service # don't authenticate otherwise
The option name no-service overrides the server name that is normally searched for during PAP or CHAP authentication. The server's default name is the one found by the /usr/bin/hostname command. The name option in the previous example changes the server's name to no-service. The name no-service is not likely to be found in a pap or chap-secrets file. This action prevents a random user from running pppd and overriding the auth and name options that are set in /etc/ppp/options. pppd then fails because no secrets can be found for the client with a server name of no-service.
The access server scenario uses the following /etc/hosts file.Example 8-5 /etc/hosts File for an Access Server
172.16.0.1 orange-server 172.17.0.1 purple-server 172.18.0.1 green-server 172.18.0.2 joes-pc 172.18.0.3 marys-pcExample 8-6 /etc/ppp/pap-secrets File for an Access Server
* orange-server "" 172.16.0.2/16+ * purple-server "" 172.17.0.2/16+Example 8-7 /etc/ppp/chap-secrets File for an Access Server
joe green-server "joe's secret" joes-pc mary green-server "mary's secret" marys-pc