This is for setting a FreeBSD ppp over Ethernet server with pppoe
1. Compile kernel with this options:
2. Edit /etc/rc.conf, add:
pppoed_flags="-d -P /var/run/pppoed.pid -a "server" -l "default" "
set log Chat Command Phase #turn on some logging. See man ppp.conf
enable pap #turn on chap and pap accounting
allow mode direct #turn on ppp bridging
enable proxy #turn on ppp proxyarping (redundant of a
disable ipv6cp #we don't use ipv6, don't want the errors
set mru 1492 #set mru below 1500 (PPPoE MTU issue)
set mtu 1492 #set mtu below 1500 (PPPoE MTU issue)
set ifaddr 10.0.0.1 10.0.1.1-10.0.5.254
set speed sync
set timeout 0
4. edit /etc/ppp/ppp.secret
You could configure ipfw firewall to deny any to any and then make a script (easy) for every ppp connection to add a rule in firewall to allow ip for that connection.
- If you use different versions of windows boxes (not only xp) let enable pap and chap too
- If you want a user to be connected only once (so users cannot give username and passowords to others to use the same account) you must setup a radius server
(freeradius or radius-cistron, from ports collection).
- If you have problems login in from windows box than set speed sync from /etc/ppp/ppp.conf might help you
- pppoed daemon consumes some cpu so a faster cpu is better, also for many users is better to have more ram (512 or 1024 MB)
- If you have problems stop your pppoed process (/etc/rc.d/pppoed stop) then launch pppoed with -Fd option instead -d, from command line to have pppoed in foreground to see errors.
- On a lan with many users I had a problem, i guess some of the clients had a misconfigured pppoed server so it keeps asking for connection to pppoed server, flooding, forking the pppoed daemon continously. It is a patch that might solve this problem, I've read about it here: http://lists.freebsd.org/pipermail/freebsd-hackers/2005-February/010136.html , but could not find that patch.