On Fri, Mar 31, 2006 at 09:16:23AM +0200, Luca Losio wrote:
> > My ADSL connection is PPPoA only, which is just PPPoE with ATM. They
> > work at different layers so if you bridge your adsl modem and handle
> > only the ATM part, then openbsd pppoe can do the rest. So this means
> > your ADSL modem will have no public facing IP and reconnecting to it may
> > be tricky once you have set it up. So be careful how you set it up.
>
> Can you please post your ppp configuration file?
Assuming that you're wanting to user the kernel pppoe driver, which has
been in OpenBSD since 3.7. Look at
# man 4 pppoe
for details, compare with "man 8 pppoe" which is the userland pppoe
version and has been in OpenBSD since 2.8. The kernel pppoe network
device only really become stable in 3.8.
> So on the Dlink modem all you just did was to set it on bridge mode.
> Why it shouldn't work with the 1-port version? I have this (300t) :-(
> but I upgraded the firmware....
I don't know for sure. I have the DSL-504T. Looking at the "Setup, DSL
Setup" config of it, I have it setup as a "Bridge" with the approiate;
Encapsulation, VPI, VCI, and QoS setting given by my ISP. On the "WAN
Setup" they is no layer 3 setting, ie IP setting, since I want my
OpenBSD box to do that bit. There's no point choosing DHCP since you
still have to authenicate via PPP. If you don't have a bridge setup then
DHCP looks like it'll work, although it's not needed. Obivously try it
if you have no other option.
Looking at the LAN setup I have disabled DHCP since I wanted to use
dhcpd on my OpenBSD box. I have disabled the DNS relay function. Again I
do that on another box since I maintain internal DNS for my RFC 1918
IPs, aka Private IPs 10/8, 172.16/12, 192.168/16. Then I changed the
management IP to a different subnet, matching the IP of my ethernet card
used by the pppoe network device. I have to use ssh port forwarding to
access my D-link router, but then until today I hadn't connected to it
since September 2005. And quite frankly I'd much prefer managing my adsl
connection via my OpenBSD box than a web interface.
So as for the OpenBSD box I have
# cat /etc/hostname.pppoe0
pppoedev rl1
!/usr/sbin/spppcontrol \$if myauthproto=chap myauthname=username \
myauthkey=password
!/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1
!/sbin/route add default 0.0.0.1
up
Where username and password are set to what you ISP has given you for
your PPPoA setting.
# cat /etc/hostname.rl1
inet 192.168.10.100 255.255.255.0
In /etc/pf.conf I have
"scrub out on pppoe0 max-mss 1440"
It's all in the man page, except I have given the physical network card
an IP. If you were doing pure pppoe to your ISP, then you would do as
the man page reads. You may also want to take note about setting the MTU
as per the man page.
If things are working nicely you'll see something like the following:
# ifconfig pppoe0
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
dev: rl1 state: session
sid: 0xcf8 PADI retries: 14 PADR retries: 0 time: 17d 15:03:41
groups: pppoe egress
inet 10.10.10.10 --> 0.0.0.1 netmask 0xff000000
inet6 fe80::260:8ff:dead:beef%pppoe0 -> prefixlen 64 scopeid 0x9
Where 10.10.10.10 is the IP your ISP assigns you. I ususally find that
on first booting the pppoe device takes a while to authenication but
once up it's really stable. Seems better than most customer ADSL modems
and also seems to cope with DSLAM reboots at the exchange very well.
I've not had any complaints about it.
As for the other side of my OpenBSD router I have quite a complicated
setup which is probably overkill for most peoples needs. If you're just
doing NAT on a single NIC then that should be pritty straight forward
via /etc/pf.conf
It was a pain to setup, but I'm glad of it now. Especially when there's
DoS exploits in Netgear ADSL routers using IRC DCC commands when SPI is
turned of. I'd much rather trust my OpenBSD than VxWorks or Linux based
modem. Usually they're accessively slimed down and missing a lot of
features OpenBSD has to offer.
If you find this information useful I may be inclined to write some
online docs for it. Since it'll possible help others if you didn't find
much in Google. So let me know how you get one.
Dan
