OpenBSD 5.7 PPPOE

[Peter_APIIT]

Dear All,

I'm tried to set up OpenBSD as router/firewall but unfortunately the following command was not found at the OpenBSD box.

pppoedev
spppcontrol.


Any tutorial that teach how to setup the pppoe? Thanks.

[bsd-keith]

Have you checked the FAQ - http://www.openbsd.org/faq/index.html

The searchable man pages are here - http://www.openbsd.org/cgi-bin/man.cgi

[jggimi]

FAQ 6 used to have a PPPoE section, but after removal of userland PPP that section of FAQ 6 was no longer accurate or applicable, and the content was removed.

The pppoe(4) and sppp(4) man pages have excellent configuration guidance.

Peter, I'd thought you'd converted from DSL to cable modem?

[Peter_APIIT]

My question is why enter command pppoedev into terminal and it return command not found.

I'm definitely using modem in bridge mode and not router.

Thanks.

[jggimi]

Quote:

Originally Posted by Peter_APIIT

My question is why enter command pppoedev into terminal and it return command not found.

"pppoedev" is not an OpenBSD command. It's an option to the ifconfig(8) command.

From that man page:

Code:

PPPOE
     ifconfig pppoe-interface [authkey key] [authname name] [authproto proto]
          [[-]peerflag flag] [peerkey key] [peername name]
          [peerproto proto] [[-]pppoeac access-concentrator]
          [pppoedev parent-interface] [[-]pppoesvc service]

[Peter_APIIT]

This is my /etc/hostname.pppoe0 config:

Quote:

pppoedev fxp0 authproto pap authname "" authkey "" up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

/etc/hostname.fxp0 config:

Quote:

inet 192.168.1.2 255.255.255.0

When i checked the ifconfig on pppoe0 interface, it displayed status: no carrier. What's wrong with it?

[jggimi]

Quote:

Originally Posted by Peter_APIIT

What's wrong with it?

I'm not a PPPoE user, so I don't know if anything is wrong with it, but it does not match the example in the pppoe(4) man page. It is possible that you have a provisioning error.

(As discussed in your other thread we have noted you introduced errors in subnet addressing, but that problem is not specific to PPPoE.)

This is what I can see which is different than the recommendation in the man page:

• You have specified an IP address for your fxp0 NIC, but not for your pppoe(4) device driver.

Note that the man page states that the Ethernet interface needs to be marked UP, but does not need an IP address. IP addresses are assigned via PPPoE negotiation. The man page example shows the pppoe(4) device driver provisioned with address 0.0.0.0 (with a /32 netmask of 255.255.255.255) in order to permit the ISP to assign the local IP address.

I assume you have populated your authname and authkey options per the man page, and that the "" fields you show here merely have these fields redacted.

[Peter_APIIT]

Quote:

Originally Posted by jggimi

I'm not a PPPoE user, so I don't know if anything is wrong with it, but it does not match the example in the pppoe(4) man page. It is possible that you have a provisioning error.

(As discussed in your other thread we have noted you introduced errors in subnet addressing, but that problem is not specific to PPPoE.)

This is what I can see which is different than the recommendation in the man page:

• You have specified an IP address for your fxp0 NIC, but not for your pppoe(4) device driver.

Note that the man page states that the Ethernet interface needs to be marked UP, but does not need an IP address. IP addresses are assigned via PPPoE negotiation. The man page example shows the pppoe(4) device driver provisioned with address 0.0.0.0 (with a /32 netmask of 255.255.255.255) in order to permit the ISP to assign the local IP address.

I assume you have populated your authname and authkey options per the man page, and that the "" fields you show here merely have these fields redacted.

Thanks for highlighting that I'm not following the pppoe man page. I had corrected the mistake but there is another error now.

I had marked the external interface with UP.
I had configure the /etc/hostname.pppoe0 with the following configuration.

Quote:

inet 0.0.0.0 255.255.255.255 NONE \
pppoedev fxp0 authproto pap \
authname "" authkey "" up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

This warning displayed on the console.
Warning: /etc/hostname.pppoe0 is insecure, fixing permissions

ifconfig status

Quote:

pppoe:

flags = 8810<POINTTOPOINT, SIMPLEX, MULTICAST> mtu 1492
priority: 0
dev:fxp0 state: initial
groups: pppoe
status: no carrier
inet 0.0.0.0 --> 0.0.0.0 netmask 0xffffffff

Can anyone spot any errors? What are the things used to troubleshoot?

I'm sure the username and password is correct. Thanks.

[jggimi]

Quote:

Originally Posted by Peter_APIIT

This warning displayed on the console.
Warning: /etc/hostname.pppoe0 is insecure, fixing permissions

This warning message will always appear whenever a hostname.if(5) file is globally readable, or not owned by root. The netstart(8) script will issue the warning, then revise the filemode to 640 (-rw-r-----). You can see this for yourself in the /etc/nestart script::

Code:

    # Not using stat(1), we can't rely on having /usr yet
    set -A stat -- `ls -nL $file`
    if [ "${stat[0]#???????} ${stat[2]} ${stat[3]}" != "--- 0 0" ]; then
        echo "WARNING: $file is insecure, fixing permissions"
        chmod -LR o-rwx $file
        chown -LR root.wheel $file
    fi

Quote:

What are the things used to troubleshoot?

The network diagnostic tool we use is tcpdump(8). You may be able to capture packets between your ADSL modem and your fxp0 NIC with it. If there is bi-directional communication, you should get packets flowing in both directions. If there is only one-way communication, or no communication at all, tcpdump should show this.

That level of information might help you determine a root cause, if there is a failure in basic communication.

PPP/PPPoE negotiation problems present a level of diagnosis that require skills you do not yet possess.

The negotiation protocol is outlined briefly in Wikipedia, but that is not sufficient detail for root cause analysis.

Understanding the packets themselves will require clear understanding of Ethernet frames and of PPP. You will need to understand RFC 2516, which defines PPPoE, and RFC 1661, which defines PPP.

[Peter_APIIT]

Quote:

Originally Posted by jggimi

This warning message will always appear whenever a hostname.if(5) file is globally readable, or not owned by root. The netstart(8) script will issue the warning, then revise the filemode to 640 (-rw-r-----). You can see this for yourself in the /etc/nestart script::

Code:

    # Not using stat(1), we can't rely on having /usr yet
    set -A stat -- `ls -nL $file`
    if [ "${stat[0]#???????} ${stat[2]} ${stat[3]}" != "--- 0 0" ]; then
        echo "WARNING: $file is insecure, fixing permissions"
        chmod -LR o-rwx $file
        chown -LR root.wheel $file
    fi

The network diagnostic tool we use is tcpdump(8). You may be able to capture packets between your ADSL modem and your fxp0 NIC with it. If there is bi-directional communication, you should get packets flowing in both directions. If there is only one-way communication, or no communication at all, tcpdump should show this.

That level of information might help you determine a root cause, if there is a failure in basic communication.

PPP/PPPoE negotiation problems present a level of diagnosis that require skills you do not yet possess.

The negotiation protocol is outlined briefly in Wikipedia, but that is not sufficient detail for root cause analysis.

Understanding the packets themselves will require clear understanding of Ethernet frames and of PPP. You will need to understand RFC 2516, which defines PPPoE, and RFC 1661, which defines PPP.

I think I should configure it using command line at terminal and see what is the error.

EDIT:
I'm issued the following command at terminal

Quote:

ifconifg inet 0.0.0.0 255.255.255.255 pppoedev fxp0 authproto pap/chap authname "" authkey "" up

but the following message was displayed.

Quote:

ifconfig: SIOCGSPPPPARAMS(SPPIOGXAUTH): Device not configured

What wrong with it? Thanks.

[IdOp]

Quote:

Originally Posted by Peter_APIIT

I'm issued the following command at terminal



but the following message was displayed.



What wrong with it? Thanks.

It looks like you forgot the interface name, pppoe0, from your ifconfig(8) command. See the man page for the syntax. It will look something like this:

# ifconfig pppoe0 inet 0.0.0.0 ...

Note that the pseudo-device pppoe0 will be created on demand if needed. You can also create it manually first if you wish with

# ifconfig pppoe0 create

[jggimi]

I've mentioned this in another of your threads, but as communication may have been unclear, I will repeat it here for clarity:

You must supply both authname and authkey values in your ifconfig(8) command or hostname.pppoe0 file.

You have been showing these as "" in your posts. It is not clear to me if you are redacting your values when you post here, or, if instead you have these as empty values in your configuration file and command.

[Peter_APIIT]

Quote:

Originally Posted by jggimi

I've mentioned this in another of your threads, but as communication may have been unclear, I will repeat it here for clarity:

You must supply both authname and authkey values in your ifconfig(8) command or hostname.pppoe0 file.

You have been showing these as "" in your posts. It is not clear to me if you are redacting your values when you post here, or, if instead you have these as empty values in your configuration file and command.

I had supply the value for authname and authkey and just left it bank here for illustration purposes.

[Peter_APIIT]

Quote:

Originally Posted by IdOp

It looks like you forgot the interface name, pppoe0, from your ifconfig(8) command. See the man page for the syntax. It will look something like this:

# ifconfig pppoe0 inet 0.0.0.0 ...

Note that the pseudo-device pppoe0 will be created on demand if needed. You can also create it manually first if you wish with

# ifconfig pppoe0 create

I'll try it out tonight.

[Peter_APIIT]

PPPOE problem solved but has routing issues.

[jggimi]

1) Please tell us what/how the problem was resolved.

2) We can't help with the routing issue without any information.

[Peter_APIIT]

Dear jggmi,

First of all, Thanks for your prompt reply. The routing issue was documented at another thread (OpenBSD Routing Issue).

I don't want to mess up this thread with another question which ease other user to search as well.