Pppoe
от ILuxWiki
непълна, недовършена !
Съдържание |
Обща информация
PPPoE (PPP over Ethernet) - както се вижда от името, това е протокол предоставящ ползването на PPP върху Ethernet преносна среда. Клиентите ползващи този протокол трябва да се намират в същата физическа мрежа със сървъра предоставящ връзката(може и да бъркам, bridge?). Подобно на pptp, протокола осигурява криптирана връзка и достъп до услугата с потребителско име и парола.
Инсталация на сървър
FreeBSD
Настройки на системата
/etc/rc.conf
pppoed_enable="YES" pppoed_flags="-d -P /var/run/pppoed.pid -a "your__network_name_here" -l "default" " pppoed_interface="xl1"
/etc/radius.conf
auth your_authentication_server_here:1645 "your_shared_secret_here" auth your_accounting_server_here:1646 "your_shared_secret_here
/etc/ppp/ppp.conf
default: set log Chat Command Phase#turn on some logging. See man ppp.conf for info enable pap#turn on chap and pap accounting allow mode direct#turn on ppp bridging enable proxy#turn on ppp proxyarping (redundant of above???) disable ipv6cp#we don't use ipv6, don't want the errors set mru 1472#set mru below 1500 (PPPoE MTU issue) set mtu 1472#set mtu below 1500 (PPPoE MTU issue) set ifaddr 209.194.249.1 209.194.249.10-209.194.249.250 #Specify my gateway IP as well as DHCP pool range set radius /etc/radius.conf#turn on radius auth and use this file accept dns#turn on dns cacheing/forwarding
/etc/ppp/ppp.linkup
default: bg /etc/ppp/addclient.sh USER connect HISADDR INTERFACE #run addclient.sh w/ args #note that the 'bg' means "background"
/etc/ppp/ppp.linkdown
default: bg /etc/ppp/removeclient.sh USER connect HISADDR INTERFACE #run removeclient.sh w/ args #note that the 'bg' means "background"
/etc/ppp/addclient.sh
#!/bin/sh
user=$1#grab args off the command line (USER, type, HISADDR, INTERFACE)
type=$2
clientip=$3
int=$4
fwcmd=/sbin/ipfw#specify firewall command
#usernum=`grep -n ""$user"" /etc/ppp/bandwidth.conf | cut -d":" -f1`#grab line number of username
#the above line got cut because of multi-user limitations -- see Lessons Learned #7
#new usernum maker uses the IP address:
usernum=`echo $clientip | cut -d "." -f 4`
inkbps=`grep ""$user"" /etc/ppp/bandwidth.conf | cut -d" " -f2`#grab max inbound throughput
outkbps=`grep ""$user"" /etc/ppp/bandwidth.conf | cut -d" " -f3`#grab max outbound throughput
if [ -z $usernum ]; then#if no usernum
currentusers=`wc -l /etc/ppp/bandwidth.conf | cut -d " " -f8`#count the lines in the file
usernum=`expr $currentusers + 1`#add one to the count of lines
echo newusernum: $usernum#just because
fi
if [ -z $outkbps ]; then#if no inkbps, default to 256kbps
outkbps=256
echo newoutkbps: $outkbps
fi
if [ -z $inkbps ]; then#if no outkbps, default to 256kbps
inkbps=256
echo newinkbps: $inkbps
fi
pipein=`echo $usernum*2 | bc`#the firewall pipe and rule numbers
pipeout=`expr $pipein + 1`#get seeded by the usernumber
fwrulein=`expr $pipein + 1000`
fwruleout=`expr $fwrulein + 1`
fwholein=`expr $pipein + 33000`
fwholeout=`expr $fwholein + 1`
$fwcmd pipe $pipein config bw ${inkbps}Kbit/s#make an inbound pipe of the right size
$fwcmd pipe $pipeout config bw ${outkbps}Kbit/s#same for outgoing
$fwcmd add $fwrulein pipe $pipein ip from any to $clientip in#force traffic through the correct pipe
$fwcmd add $fwruleout pipe $pipeout ip from $clientip to any out#ditto
$fwcmd add $fwholein permit ip from any to $clientip#allow that traffic through firewall
$fwcmd add $fwholeout permit ip from $clientip to any#ditto
echo `date`,$usernum,$user,$type,$clientip,$int,$inkbps,$outkbps >> /var/log/ppp.output #log-o-rama
/etc/ppp/removeclient.sh
#!/bin/sh user=$1 type=$2 clientip=$3 int=$4 fwcmd=/sbin/ipfw #usernum=`grep -n ""$user"" /etc/ppp/bandwidth.conf | cut -d":" -f1` #the above line got cut because of multi-user limitations -- see Lessons Learned #7 #new usernum maker uses the IP address: usernum=`echo $clientip | cut -d "." -f 4` inkbps=`grep ""$user"" /etc/ppp/bandwidth.conf | cut -d" " -f2` outkbps=`grep ""$user"" /etc/ppp/bandwidth.conf | cut -d" " -f3` if [ -z $usernum ]; then currentusers=`wc -l /etc/ppp/bandwidth.conf | cut -d " " -f8` usernum=`expr $currentusers + 1` echo newusernum: $usernum fi if [ -z $outkbps ]; then outkbps=256 echo newoutkbps: $outkbps fi if [ -z $inkbps ]; then inkbps=256 echo newinkbps: $inkbps fi pipein=`echo $usernum*2 | bc` pipeout=`expr $pipein + 1` fwrulein=`expr $pipein + 1000` fwruleout=`expr $fwrulein + 1` fwholein=`expr $pipein + 33000` fwholeout=`expr $fwholein + 1` $fwcmd pipe delete $pipein $fwcmd pipe delete $pipeout $fwcmd delete $fwrulein pipe $pipein $fwcmd delete $fwruleout pipe $pipeout $fwcmd delete $fwholein $fwcmd delete $fwholeout echo `date`,$usernum,$user,$type,$clientip,$int,$inkbps,$outkbps >> /var/log/ppp.output
/etc/ppp/bandwidth.conf
Файла контролира скороста на връзката за даден потребител.
test_user 256 256 other_user 512 512
/etc/ppp/ppp.conf
server:
set timeout 0
set mtu 1492
set mru 1492
disable deflate
enable deflate24
enable vjcomp #za kompresiq
allow mode direct
enable lqr proxy
enable proxyall
deny pap
disable pap
enable mschap chap chap81
#set mppe
set ifaddr 192.168.11.1 192.168.11.10-192.168.11.100
accept dns
disable utmp #disable utmp i wtmp entr
set crtscts off
disable ipv6cp #we don't use ipv6, don't
set lqrperiod 15 # Check the link often
set log +ccp +command +phase # Log compression negotiations
# set log Chat command Connect Warning Error Alert HDLC CCP IPCP Phase TUNLQM Timer
