PPPoE Server – How To Do It Yourself

Today I noticed that one of my neighbors is using my wireless connection. One way to forbid him from using my really low bandwidth internet connection would be to encrypt the wireless connection, but that will also affect the transfer speed between the computers connected to the LAN and my cheap router will fail at some point (This did happen before…).

Another way was to use MAC address based access control to the wireless device, but since the MAC address can be easily spoofed I decided that it is a bad idea also.

The only thing remaining was to implement a user/password based authentication and I remembered that I did install a PPPoE server a few years ago. So this is how it works:

On the Linux box that splits the internet connection I have 2 network cards (eth0 – WAN, eth1 – LAN).

You will need ppp and rp-pppoe server from Roaring Penguin.

1. Make sure you have an active internet connection. If not, set it up by using your favorite text editor (I use vim):

vim /etc/network/interfaces 
auto lo
iface lo inet loopback

iface eth0 inet static
address 89.xxx.yyy.zzz     #Your public IP address
netmask 255.255.255.240  #Your subnet mask
gateway 89.xxx.xxx.xxx    #Your gateway

iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0

Set up one or more nameservers (I use the free ones provided by Google):

echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf

Ping some website to make sure your internet connection is working:

[email protected]:~$ ping google.com
PING google.com (209.85.229.147) 56(84) bytes of data.
64 bytes from ww-in-f147.1e100.net (209.85.229.147): icmp_req=1 ttl=52 time=83.0 ms

2. Install ppp daemon:

sudo apt-get install ppp

3. Now get rp-pppoe from here.

wget http://www.roaringpenguin.com/files/download/rp-pppoe-3.10.tar.gz

And extract it

 tar -zxvf  rp-pppoe-3.10.tar.gz

Now compile it

cd rp-pppoe-3.10/src/
./configure
make && make install

4. Now, we shall edit the PPPoE server options:

vim /etc/ppp/pppoe-server-options
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
netmask 255.255.255.0
defaultroute
noipdefault
usepeerdns

5. Add usernames and passwords:

vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses

#USERNAME           SERVER              PASSWORD                     CLIENT IP ADDRESS
"cristanhuza"         *           "My_s3cret_pa$$w0rd"                  192.168.1.1
"friend1"             *           "My_friend's_s3cret_pa$sW0rd"         192.168.1.2

6. Set up the IP addresses pool:

echo "192.168.1.1-20" > /etc/ppp/allip

This will assign the future clients one IP address from the 192.168.1.1 until 192.168.1.20 range.

7. Start the PPPoE server:

pppoe-server -C isp -L 192.168.1.254 -p /etc/ppp/allip -I eth1

8. Enable packet forwarding between network interfaces:

echo 1 > /proc/sys/net/ipv4/ip_forward

9. Set up NAT in order to provide internet access to the LAN computers:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

Congratulations! You have just set up a PPPoE server and you can be worry free now that nobody else will be able to use your internet connection without permission.

Leave a Reply

Your email address will not be published. Required fields are marked *