Hi everyone. I have an openwrt router connected to my primary (non openwrt) router as a wireless client. I'd like to setup a PPPoE server for devices connected to the LAN ports of the openwrt router and share the internet connection to these devices. Tried using the wiki page on roaring penguin PPPoE server but it seems like there's more setup needed that's not documented. I've been able to get LAN devices connect to the PPPoE interface, get IP addresses but they cannot access internet. I've tried putting the PPPoE interface in both LAN and WAN firewall zones but no luck. One oddity I noticed is that the connected devices obtain a subnet mask of 255.0.0.0 which isn't whats defined on the PPPoE server. Not sure if that's what causing the lack of internet but any guidance on how to get this setup would be appreciated. Thanks in advance.
Can you expand on why you want PPPoE for this purpose, there are only few use cases where this would make sense?
Depending you have a chap secret etcetera properly configured, including a interface.
Then you may miss the covered device for the firewall zone.
you can edit the zone and add ppp+ so you have the the interface and all ppp covered, though be aware if you have more ppp tunnels you may need to find a solution for the + wildcard.
For me that ppp+ fixed it for me, when i wanted to create a fake isp environment.
Otherwise please sent the configurations: /etc/config/network, /etc/config/firewall, /etc/config/pppoe and the important bits from /etc/ppp to get a clue 
and like @slh said its usefull to understand why you want this particular setup because maybe you want something different.
I have to use PPPoE because I have a device that can only access internet via a PPPoE connection.
Unfortunately I've since reverted the router to stock OpenWRT so I'm unable to share the file contents you asked for but I might revisit this again in the next few days and i'll provide it then.
My hunch continues to remain that I'm unable to get internet on the PPPoE interface because it's assigning a subnet mask of 255.0.0.0 to PPPoE clients.
Here's a copy of the config files and a snippet of the logs
# /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda1:dfb0:94e1::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'none'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth0'
list ports 'eth0.2'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
config interface 'wan6'
option device 'br-wan'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '2 0t'
config interface 'king'
option proto 'dhcp'
# /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'king'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'WAN Management'
list proto 'all'
option src 'wan'
option target 'ACCEPT'
# /etc/config/pppoe
config pppoe_server
option interface 'lan'
option ac_name 'acname'
option maxsessionsperpeer '5'
option localip '192.168.4.1'
option firstremoteip '192.168.4.2'
option maxsessions '10'
option optionsfile '/etc/ppp/pppoe-server-options'
option randomsessions '1'
option unit '0'
option offset '0'
option timeout '60'
option mss '1468'
option sync '0'
list service_name 'pppservice'
# /etc/ppp/pppoe-server-options
auth
require-pap
lcp-echo-interval 10
lcp-echo-failure 2
mru 1492
mtu 1492
ms-dns 8.8.8.8
netmask 255.255.255.0
defaultroute
noipdefault
usepeerdns
# /etc/ppp/options
#debug
logfile /dev/null
noipdefault
noaccomp
nopcomp
nocrtscts
lock
maxfail 0
Fri Jul 19 10:36:38 2024 daemon.info pppoe-server[4612]: Session 7 created for client xx:xx:xx:xx:xx:xx (192.168.4.8) on br-lan using Service-Name ''
Fri Jul 19 10:36:39 2024 daemon.info pppd[4612]: Plugin pppoe.so loaded.
Fri Jul 19 10:36:39 2024 daemon.info pppd[4612]: PPPoE plugin from pppd 2.4.9
Fri Jul 19 10:36:39 2024 daemon.notice pppd[4612]: pppd 2.4.9 started by root, uid 0
Fri Jul 19 10:36:39 2024 daemon.warn pppd[4612]: Connected to xx:xx:xx:xx:xx:xx via interface br-lan
Fri Jul 19 10:36:39 2024 daemon.info pppd[4612]: Using interface ppp0
Fri Jul 19 10:36:39 2024 daemon.notice pppd[4612]: Connect: ppp0 <--> br-lan
Fri Jul 19 10:36:40 2024 daemon.notice pppd[4612]: PAP peer authentication succeeded for XXX
Fri Jul 19 10:36:40 2024 daemon.notice pppd[4612]: peer from calling number xx:xx:xx:xx:xx:x authorized
Fri Jul 19 10:36:40 2024 daemon.err pppd[4612]: not replacing default route to phy1-sta0 [192.168.2.1]
Fri Jul 19 10:36:40 2024 daemon.notice pppd[4612]: local IP address 192.168.4.1
Fri Jul 19 10:36:40 2024 daemon.notice pppd[4612]: remote IP address 192.168.4.8
Fri Jul 19 10:36:40 2024 daemon.warn pppd[4612]: Protocol-Reject for unsupported protocol 'IPv6' (0x57)
Fri Jul 19 10:36:40 2024 daemon.warn pppd[4612]: Protocol-Reject for unsupported protocol 'IPv6' (0x57)
I've tried putting the lan interface in both lan and wan firewall zones but neither has worked.
Any help would be much appreciated.
Add device ppp+ (wildcard) to the lan firewall zone.
uci add_list firewall.@zone[0].device='ppp+'
uci commit firewall
/etc/init.d/firewall restart
I don't any ppp+ devices in the list. Should I still add them to the lan zone anyway? Also, should I leave the lan interface unassigned firewall zone?
EDIT: the ppp device appeared when I physically connected it to the router. Adding ppp+ and the lan interface to the lan firewall zone resolved the issue for me. The PPPoE device is still being assigned subnet mask 255.0.0.0 but the device has access to the internet now. Many Thanks!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.