With the working RADIUS authentication server setup in the last post it’s time to install and set up the PPPoE server for the users to connect to. As well as the
pppoe package we will need the
libradcli4 as this provides the RADIUS client library.
$ sudo apt-get install pppoe libradcli4
First we need to stop the
dhcpcd daemon from trying to allocate a IP address for the interface we are going to use for PPPoE. As I’m running this on a Rasperry Pi 4 I’ll be using the
eth0 port and then using
wlan0 for the back haul. To get
dhcpcd to ignore
eth0 we add the following to
With that out of the way we can start setting things up for the pppoe-server. We will start by editing the
/etc/ppp/options file. We need to add the plugins to link it to the RADIUS server and tweak a couple of settings.
mtu 1492 proxyarp ... plugin radius.so plugin radattr.so radius-config-file /etc/radcli/radiusclient.conf
next up create
/etc/ppp/pppoe-server-options and make sure it outputs logs
# PPP options for the PPPoE server # LIC: GPL require-pap login lcp-echo-interval 10 lcp-echo-failure 2 debug logfile /var/log/pppoe/pppoe-server.log
/etc/ppp/pap-secrets we need to add the following:
# INBOUND connections # Every regular user can use PPP and has to use passwords from /etc/passwd #* hostname "" * * * "" *
That’s it for PPP options, just need to finish settings up radcli. Here we need to add the password for the RADIUS server in the
and then we can update
/etc/radcli/radiusclient.conf to point to the RADIUS server on localhost
authserver localhost acctserver localhost
The current version of PPP available with Raspbian Buster has been built against an older version of the radius client library so to get things to work we have to also add the following 2 lines and run
seqfile /var/run/radius.seq mapfile /etc/ppp/radius-port-id-map
And we need to edit the
/etc/radcli/dictionary file to comment out all the lines that include
ipv6addr and also change all instances of
ipaddr. There is a patch which fixes some of this but requires a rebuild of all of PPP. I’m going to give that a go later to get IPv6 working properly.
We should now be able to start the
# pppoe-server -I eth0 -T 60 -N 127 -C PPPoE -S PPPoE -L 192.168.5.1 -R 192.168.5.128 -F
- -I sets the port to listen on
- -T sets the timeout for a connection
- -N sets the maximum number of connections
- -C sets the “name” of the server instance
- -S sets the “name” of the PPP Service
- -L sets the IP address for the server
- -R sets the first address of the range for the remote device
- -F tells pppoe-server to run in the foreground (only used for testing)
If we make sure the server is set to masquerade and forward IP packets then any client that connects should now be able reach the internet via the server.
In the next post I’ll cover how to customise connections for different users by adding data to their LDAP entry. And also how to do traffic shaping to ensure equal use of the available bandwidth along with basic accounting so we know what to bill each user.