In this file, the following apply:
hme1,hme2,hme3 | Three interfaces on the access server to be used for PPPoE tunnels. |
service internet | Advertises a service that is called internet to prospective clients. The provider that offers the service also determines how internet is defined. For example, a provider might internet to mean various IP services, as well as access to the Internet. |
pppd | Sets the command-line options that are used when the caller invokes pppd. The option "name internet-server" gives the name of the local machine (the access server) as internet-server. |
service intranet | Advertises another service, called intranet, to prospective clients. |
pppd "192.168.1.1:" | Sets the command-line options that are used when the caller invokes pppd. When the caller invokes pppd, 192.168.1.1 is set as the IP address for the local machine (the access server). |
service debug | Advertises a third service, debugging, on the interfaces that are defined for PPPoE. |
device hme1 | Restricts debugging to PPPoE tunnels to hme1. |
pppd "debug name internet-server" | Sets the command-line options that are used when the caller invokes pppd, in this instance, PPP debugging on internet-server, the local machine. |
/etc/ppp/pppoe.device File
The /etc/ppp/pppoe.device file describes the services that are offered on one interface of a PPPoE access server plus options that define how PPP runs over the PPPoE tunnel. /etc/ppp/pppoe.device is an optional file, which operates exactly like the global /etc/ppp/pppoe. However, if /etc/ppp/pppoe.device is defined for an interface, its parameters have precedence for that interface over the global parameters that are defined in /etc/ppp/pppoe.
The basic syntax of /etc/ppp/pppoe.device is as follows:
service service-name
service-specific-options
service another-service-name
service-specific-options |
The only difference between this syntax and that of /etc/ppp/pppoe is that you cannot use the device option that is shown in "/etc/ppp/pppoe File".
pppoe.so Plugin
pppoe.so is the PPPoE shared object file that must be invoked by PPPoE access servers and clients. This file limits MTU and MRU to 1492, filters packets from the driver, and negotiates the PPPoE tunnel, along with pppoed. On the access server side, pppoe.so is automatically invoked by the pppd daemon.
Using PPPoE and PPP Files to Configure an Access Server
This section contains samples of all files that are used to configure an access server. The access server is multihomed and attached to three subnets: green, orange, and purple. pppoed runs as root on the server, which is the default.
PPPoE clients can access the orange and purple networks through interfaces hme0 and hme1. Clients log in to the server by using the standard UNIX login. The server authenticates them by using PAP.
The green network is not advertised to clients. The only way clients can access green is by directly specifying "green-net" and supplying CHAP authentication credentials. Moreover, only clients joe and mary are allowed to access the green network. They must use static IP addresses to do so.
Example 36-5 /etc/ppp/pppoe File for an Access Server
This sample describes the services available from the access server. The first service section describes the services of the orange network.
service orange-net
device hme0,hme1
pppd "require-pap login name orange-server orange-server:" |
The service section for the purple network is identical to that of the orange network except for the network and server names.
The next section describes the services of the green network:
service green-net
device hme1
pppd "require-chap name green-server green-server:"
nowildcard |
For the access server scenario just discussed, you might set up the following /etc/ppp/options file.
Example 36-6 /etc/ppp/options File for an Access Server
auth proxyarp nodefaultroute name no-service # don't authenticate otherwise |
The option name no-service overrides the server name that is normally searched for during PAP or CHAP authentication. The server's default name is the one that found in the /usr/bin/hostname file. The name option in the previous example changes the server's name to no-service, a name not likely to be found in a pap or chap-secrets file. This action prevents a random user from running pppd and overriding the auth and name options that are set in /etc/ppp/options. pppd then fails because it cannot find any secrets for the client with a server name of no-service.
The access server scenario uses the following /etc/hosts file.
Example 36-7 /etc/hosts File for an Access Server
172.16.0.1 orange-server
172.17.0.1 purple-server
172.18.0.1 green-server
172.18.0.2 joes-pc
172.18.0.3 marys-pc
|
Here is the /etc/ppp/pap-secrets file that is used for PAP authentication for clients that attempt to access the orange and purple networks.
Example 36-8 /etc/ppp/pap-secrets File for an Access Server
* orange-server "" 172.16.0.2/16+ * purple-server "" 172.17.0.2/16+ |
Here is the /etc/ppp/chap-secrets file that is used for CHAP authentication. Note that only clients joe and mary are listed in the file.
Example 36-9 /etc/ppp/chap-secrets File for an Access Server
joe green-server "joe's secret" joes-pc mary green-server "mary's secret" marys-pc |
PPPoE Client Commands and Files
To run PPP over a DSL modem, a machine must become a PPPoE client. You have to plumb an interface to run PPPoE, and then use the pppoec utility to "discover" the existence of an access server. Thereafter, the client can create the PPPoE tunnel over the DSL modem and run PPP.
The PPPoE client relates to the access server in the traditional client-server model. The PPPoE tunnel is not a dial-up link, but it is configured and operated in much the same manner.
The commands and files that set up a PPPoE client include the following:
/usr/lib/inet/pppoec Utility
The /usr/lib/inet/pppoec utility is responsible for negotiating the client side of a PPPoE tunnel. pppoec is similar to the Solaris PPP 4.0 chat utility, in that you do not invoke it directly. Rather, you start /usr/lib/inet/pppoec as an argument to the connect option of pppd.
pppoe.so Plugin
pppoe.so is the PPPoE shared object that must be loaded by PPPoE to provide PPPoE capability to access servers and clients. This shared object limits MTU and MRU to 1492, filters packets from the driver, and handles runtime PPPoE messages.
On the client side, pppd loads pppoe.so when the user specifies the plugin pppoe.so option.
/etc/ppp/peers/peer-name File for Defining an Access Server Peer
When you define an access server to be discovered by pppoec, you use options that apply to both pppoec and the pppd daemon. A /etc/ppp/peers/peer-name file for an access server requires the following parameters:
sppptun - Name for the serial device that is used by the PPPoE tunnel
plugin pppoe.so - Instructs pppd to load the pppoe.so shared object
connect "/usr/lib/inet/pppoec device" - Starts a connection and invokes the pppoec utility over device, the interface that is plumbed for PPPoE
The following example is introduced in "How to Define a PPPoE Access Server Peer".
Example 36-10 /etc/ppp/peers/peer-name to Define a Remote Access Server
# vi /etc/ppp/peers/dslserve sppptun plugin pppoe.so connect "/usr/lib/inet/pppoec hme0" noccp noauth user Red password redsecret noipdefault defaultroute |