PPPoE Server Routing Broken (ppp0 routing)

ahorner · October 10, 2022, 9:42pm

I have been playing with PPPoE (rp-pppoe-server package) for a few hours now and I just managed to get it to route packets out to the internet on the server side.

Although I understand why it now works, what I don't understand is why I had to do what I did. In order to route packets out, I had to add the automatically created ppp0 device to an interface and put that interface in the LAN firewall zone, and assign it a static IP address (192.168.1.1 in my case, the same as the LAN IP).

I feel like this should be automated in some way, because what if I have multiple peers connecting to the server? I do not want to have to create an interface for every single peer (ppp0, ppp1, ppp2 ...).

In addition, the static IP I had to set on this new interface was also key to it working. An unmanaged interface would not work. Why is this?

I do not understand why I would need to configure these additional setting because the PPPoE server is configured with the "listening side" IP already (it is also set to 192.168.1.1), and the PPP tunnel is already established, allowing the devices to communicate with each other by their configured IPs (the peer can communicate with 192.168.1.1 and the server can communicate back via the automatically assigned IP)

Explanations and a correction to my configuration would be much appreciated

Interface A is the one I had to configure for ppp0, interfce LAN is a normal IP LAN, interface PPPOESERVER is an interface used to separate one of the physical LAN ports from the LAN purely so it can be individually selected by the PPPoE server, and interface WAN is a double NAT out to the internet

The PPPoE server configuration page, pointing at the PPPOESERVER interface

/etc/ppp/pppoe-server-options

# PPP options for the PPPoE server
# LIC: GPL
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
mru 1492
mtu 1492
ktune

Thanks!

pavelgl · October 11, 2022, 11:03am

No need to create additional interfaces.
Delete interface A and just add device ppp+ to the lan firewall zone.

uci add_list firewall.@zone[0].device='ppp+'
uci commit firewall
/etc/init.d/firewall restart

I would use a different IP subnet for the pppoe clients.

Also make sure there is a DNS server set in /etc/ppp/pppoe-server-options.

ahorner · October 11, 2022, 12:08pm

Hi pavelgl,

Thank you for the explanation. I have now set ms-dns in my options and DNS is working, removed the PPPOESERVER interface from the LAN zone as it was completely unnecesary, and I have added the ppp+ interface to the LAN firewall zone.

Everything is working perfectly now. I do see why you'd want a different subnet for PPPoE clients, if they clash with DHCP assigned clients there will of course be a problem, so I might experiment with setting this up later.

Would you be okay with me referring to your profile as credit for this, as I would like to do a guide on the wiki about setting up rp-pppoe-server?

Thanks!

kokang · October 16, 2022, 4:40pm

Glad! I've seen your wiki rp-pppoe-server guide! I am a loyal rp-pppoe-server user

ahorner · October 16, 2022, 4:55pm

Hi kokang,

If you wish to edit this page on my profile, please feel free. It is incomplete and needs some clarification on certain points.

I think I have most of the things I need in my head, I just need to document them on this page.

Can I ask, what do you use your PPPoE server for?

Edit: I intend to move this page into public view once it is complete

kokang · October 16, 2022, 5:24pm

I have a small studio with multiple broadband connections! Currently using rp-pppoe-server with mwan3 and sqm for bandwidth shunting and qos speed limit!

ahorner · October 16, 2022, 10:02pm

Hi pavelgl,

I hope you don't mind me asking, but I have just attempted to set up PPPoE clients on a different subnet, but not having much success.

The only thing I have changed is the listening and start IP in the PPPoE server setting. I am able to communicate between devices using the IPs, but I am again unfortunately unable to access the internet.

I assume I was able to access the internet previously because of the LAN interface which existed already on the subnet, but now no such interface exists for this subnet, and I do not know what device I would select in order to create an interface for this. Creating an interface with ppp+ does not work, it just reports device not present, so clearly OpenWrt is not capable of understanding the + syntax.

The ppp+ interface is still configured in the LAN zone, which I assumed would have been enough to make this work, but clearly this assumption is false,

Thanks

kokang · October 17, 2022, 6:36am

When using the rp-pppoe-server server, I did not integrate these three plugins: dnsmasq, odhcp6c, odhcpd-ipv6only.
Can your router set a separate LAN2 port as the pppoe-server interface?
I am now using openwrt-21.02 system! br-lan is used as the pppoe service interface, and the firewall sets up a separate pppoe area. ppp+ is valid.

uci set firewall.pppoezone=zone
uci set firewall.pppoezone.name=pppoe
uci set firewall.pppoezone.input=ACCEPT
uci set firewall.pppoezone.output=ACCEPT
uci set firewall.pppoezone.forward=DROP
uci add_list firewall.pppoezone.device=ppp+
uci set firewall.pppoeforwarding=forwarding
uci set firewall.pppoeforwarding.src=pppoe
uci set firewall.pppoeforwarding.dest=wan
uci commit firewall

ahorner · October 17, 2022, 8:10am

Hi kokang,

I essentially have done this already by using the existing LAN zone. Curiously, after a reboot, the original LAN zone is working now for my purposes, so please disregard my issue,

I have tested your config too, just to be sure, and it also works,

Thanks,

Alex

system · October 27, 2022, 8:11am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.