PPPoE

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

In some countries it's common to tunnel internet (IP) traffic over PPPoE, instead of using Ethernet directly.

PPPoE client

In case your internet service provider (ISP) requires you to use PPPoE in order to connect to the internet, adjust your configuration according to the example below.

This is not a complete example, but rather an inspirational template. Text highlighted in green is what has to be added, with regards to the default configuration.

...
interface em0 {
	group "wan"
	interface pppoe0 {
		group "wan"
		user "[email protected]"
		password "ABC123"
	}
}
...

By default, authentication uses protocol chap (pap is also available).

Interface addresses may be specified. The default is address 0.0.0.0/32 0.0.0.1 which implies that any address suggested over the PPPoE negotiation will be accepted. If no addresses is specified a default route route default 0.0.0.1 will be created as well.

If the MTU is not changed on the PPPoE interface, an automatic rule is created to fix a max-mss issue that may occur.

IPv6

In order to use IPv6 via for example router-solicitation or dhcp6-client, a link-local default route needs to be added. After adding the pppoe interface, use ifconfig to find its index

# ifconfig pppoe2 
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
        index 11 priority 0 llprio 3
...

and then add a default route using a link-local (fe80) destination with the PPPoE interface's index as scope, in hexadecimal. In the example below, the interface index 11 was converted into hexadecimal "b".

...
interface em0 {
	group "wan"
	interface pppoe0 {
		group "wan"
		user "[email protected]"
		password "ABC123"
		route default fe80:b::
	}
}
...

PPPoE server

At this time we have no official support for npppd (PPPoE server) in the web admin or configuration. If you need this you'll need to enable root access and configure it manually.