Today I noticed that one of my neighbors is using my wireless connection. One way to forbid him from using my really low bandwidth internet connection would be to encrypt the wireless connection, but that will also affect the transfer speed between the computers connected to the LAN and my cheap router will fail at some point (This did happen before…).
Another way was to use MAC address based access control to the wireless device, but since the MAC address can be easily spoofed I decided that it is a bad idea also.
The only thing remaining was to implement a user/password based authentication and I remembered that I did install a PPPoE server a few years ago. So this is how it works:
On the Linux box that splits the internet connection I have 2 network cards (eth0 – WAN, eth1 – LAN).
You will need ppp and rp-pppoe server from Roaring Penguin.
1. Make sure you have an active internet connection. If not, set it up by using your favorite text editor (I use vim):
auto lo iface lo inet loopback iface eth0 inet static address 89.xxx.yyy.zzz #Your public IP address netmask 255.255.255.240 #Your subnet mask gateway 89.xxx.xxx.xxx #Your gateway iface eth1 inet static address 192.168.1.254 netmask 255.255.255.0
Set up one or more nameservers (I use the free ones provided by Google):
echo "nameserver 126.96.36.199" > /etc/resolv.conf echo "nameserver 188.8.131.52" >> /etc/resolv.conf
Ping some website to make sure your internet connection is working:
cristian@desktop:~$ ping google.com PING google.com (184.108.40.206) 56(84) bytes of data. 64 bytes from ww-in-f147.1e100.net (220.127.116.11): icmp_req=1 ttl=52 time=83.0 ms
2. Install ppp daemon:
sudo apt-get install ppp
3. Now get rp-pppoe from here.
And extract it
tar -zxvfÂ rp-pppoe-3.10.tar.gz
Now compile it
cd rp-pppoe-3.10/src/ ./configure make && make install
4. Now, we shall edit the PPPoE server options:
require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 18.104.22.168 ms-dns 22.214.171.124 netmask 255.255.255.0 defaultroute noipdefault usepeerdns
5. Add usernames and passwords:
# Secrets for authentication using CHAP # client server secret IP addresses #USERNAME SERVER PASSWORD CLIENT IP ADDRESS "cristanhuza" * "My_s3cret_pa$$w0rd" 192.168.1.1 "friend1" * "My_friend's_s3cret_pa$sW0rd" 192.168.1.2
6. Set up the IP addresses pool:
echo "192.168.1.1-20" > /etc/ppp/allip
This will assign the future clients one IP address from the 192.168.1.1 until 192.168.1.20 range.
7. Start the PPPoE server:
pppoe-server -C isp -L 192.168.1.254 -p /etc/ppp/allip -I eth1
8. Enable packet forwarding between network interfaces:
echo 1 > /proc/sys/net/ipv4/ip_forward
9. Set up NAT in order to provide internet access to the LAN computers:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
Congratulations! You have just set up a PPPoE server and you can be worry free now that nobody else will be able to use your internet connection without permission.