Bananian

BPi-R1 my Swiss army knife - PPPoE [How-To]

1 3410
nebkas  
Edited by nebkas at Sat Sep 26, 2015 15:23

Here we go again

Today I try to explain how I got PPPoE working, so that you can use your BPi-R1 as a full working Router behind a DSL-Modem(in my case a Fritz!Box 7330 SL in manually set bridged mode)

I assume, that you already managed basic things like DHCP, WiFi, hostaptd and got this working too. If not, I suggest the:

Banana Pi Router - BPi-R1

Manual for HW setup and basic router functionalities

Big thanks to Tido at this point for his great work! You can find his thread here:
[Bananian] manual for BPi - R1 setup



Requirements: pppoe and pppoeconf packages

So just install it!

  1. apt-get install pppoe pppoeconf
Copy the Code

Basic understanding:

If you followed Tido's manual, you have 2 VLANs. eth0.101 for WAN and eth0.102 for the 4 switch ports. To built up a proper PPPoE connection you can't use the eth0.101 VLAN by default, so just put it into a additional bridge. In our case I named it "br1".

Lets begin and add the bridge entry to the botoom of /etc/network/interfaces. Maybe you have to change the IP adresses to your network configuration too.  

nano /etc/network/interfaces

  1. ##### Bridge br1 #####
  2. auto br1
  3. iface br1 inet static

  4.         bridge_ports eth0.101
  5.         bridge_waitport 0
  6.                address 192.168.1.1
  7.                netmask 255.255.255.0

  8.         pre-up ifconfig eth0.101 down
  9.         pre-up brctl addbr br1
  10.         pre-up brctl addif br1 eth0.101
  11.         pre-up ifconfig eth0.101 up
  12.         post-down ifconfig eth0.101 down
  13.         post-down brctl delif br1 eth0.101
Copy the Code

If you want later, to built up PPPoE connection during the boot proccess of the BPi-R1 you can add this entry too:
        
  1. ##### PPPoE #####
  2. pre-up /sbin/ip link set dev br1 up
  3. auto dsl-provider
  4. iface dsl-provider inet ppp
  5. provider dsl-provider
Copy the Code


Now its time to setup the PPPoE Connection. For this you ned to edit the 'chap-secrets' file and put your username and password into it.

nano /etc/ppp/chap-secrets

  1. # Secrets for authentication using CHAP
  2. # client        server  secret                  IP addresses

  3. "username@provider" * "yourpasswoprd"
Copy the Code

When this is done, edit the 'dsl-provider' file and change your username too. You can see in the second to last line that we tell the 'dsl-provider' config file to use our new created bridge br1.

nano /etc/ppp/peers/dsl-provider

  1. noipdefault
  2. usepeerdns
  3. defaultroute
  4. replacedefaultroute
  5. hide-password
  6. lcp-echo-interval 20
  7. lcp-echo-failure 3
  8. connect /bin/true
  9. noauth
  10. persist
  11. mtu 1492
  12. noaccomp
  13. default-asyncmap
  14. plugin rp-pppoe.so
  15. nic-br1
  16. user "username@provider"
Copy the Code



When you are done with these steps, you should change your dhcpd.conf file to point the 'option routers' to the IP of your new bridge device br1. Maybe you have to change the IP adresses to your network configuration too.

nano /etc/dhcp/dhcpd.conf

  1. authoritative;
  2. default-lease-time 3600;
  3. max-lease-time 44000;

  4. log-facility local7;

  5. subnet 192.168.1.0 netmask 255.255.255.0 {
  6.         range 192.168.1.150 192.168.1.250;
  7.         option routers 192.168.1.1;
  8.         option domain-name-servers 8.8.8.8;
  9.         }
Copy the Code

Before we start to activate our changes on the system, I like to know wthats going on, on my BPi-R1. For this I open a second SSH connection to my BPi-R1 and watch the system logfile. This will help you a lot when things go wrong.  

'tail -f /var/log/syslog'


So lets restart the dhcpd daemon and the networking service to initialize the changes.


'service isc-dhcp-server restart'

'service networking restart'


Now its a bit tricky, because we have to add and change the iptable rules and I'm not really familiar with it(Maybe some of you have more experience with it andshare there knowledge with us
After a while I found a configuration that worked for me. maybe you just copy and paste ist and change the IP addresses to your network configuration


nano /etc/iptables/rules.v4

  1. # Generated by iptables-save v1.4.21 on Fri Sep 25 23:06:55 2015
  2. *nat
  3. :PREROUTING ACCEPT [15939:1063720]
  4. :INPUT ACCEPT [12582:558973]
  5. :OUTPUT ACCEPT [88:7790]
  6. :POSTROUTING ACCEPT [199:13258]
  7. -A POSTROUTING -o ppp0 -j MASQUERADE
  8. COMMIT
  9. # Completed on Fri Sep 25 23:06:55 2015
  10. # Generated by iptables-save v1.4.21 on Fri Sep 25 23:06:55 2015
  11. *filter
  12. :INPUT ACCEPT [12650:562991]
  13. :FORWARD ACCEPT [64467:81000475]
  14. :OUTPUT ACCEPT [17453:1180242]
  15. -A INPUT -i br1 -j ACCEPT
  16. -A INPUT -i br0 -j ACCEPT
  17. -A INPUT -i lo -j ACCEPT
  18. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  19. -A FORWARD -s 192.168.1.0/24 -i br0 -j ACCEPT
  20. -A FORWARD -d 192.168.1.0/24 -i eth0.101 -j ACCEPT
  21. -A FORWARD -s 192.168.1.0/24 -i br1 -j ACCEPT
  22. COMMIT
  23. # Completed on Fri Sep 25 23:06:55 2015
  24. # Generated by iptables-save v1.4.21 on Fri Sep 25 23:06:55 2015
  25. *mangle
  26. :PREROUTING ACCEPT [568:112811]
  27. :INPUT ACCEPT [101:6555]
  28. :FORWARD ACCEPT [434:94056]
  29. :OUTPUT ACCEPT [89:7708]
  30. :POSTROUTING ACCEPT [523:101764]
  31. -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
  32. COMMIT
  33. # Completed on Fri Sep 25 23:06:55 2015
Copy the Code

Now its time to do a reboot:

'shutdown now -r'

When everything worked fine, you should be online after the reboot


!!!!! Be aware, your BPi-R1 is now connected directly to the internet. You really should watch out which ports are open to not got hacked!!!!!

Hello, I'm trying to follow your guide but I can not run the pppoe properly.
You may enter your configurations to /etc/network/interface?
Thank you

You have to log in before you can reply Login | Sign Up

Points Rules