PPPOE簡述
PPP主要是用來經過撥號或專線方式在兩個網絡節點之間創建鏈接、發送數據。PPP是一種分層協議,物理層用來進行實際的點到點鏈接。由鏈路控制層(LCP)發起對鏈路的創建、配置和測試。在LCP初始化完成後,經過一種或多種網絡控制協議來傳送特定協議族的通訊。PPP協議具備處理錯誤檢測、支持多個協議、容許在鏈接時刻協商IP地址、容許身份認證等特色。PPP協議工做於二層網絡即數據鏈路層,在內核中實現。php
PPPoe的英文全稱爲Point to Point Protocol over Ethernet,它在以太網上承載了點對點協議。能夠說PPPoe是將以太網和PPP協議相結合的協議,是在以太網中轉播PPP幀信息的技術,它利用以太網將大量主機組成網絡,經過一個遠端接入設備連入因特網,並對接入的每一臺主機實現控制、計費功能,極高的性價比使PPPoE普遍應用在包括小區組網建設等一系列應用中,目前流行的寬帶接入方式ADSL就使用了PPPoE協議。html
PPPoE將PPP協議封裝在以太網幀上進行傳輸,它的通訊過程分爲探測(Discovery)和PPP會話(Session)2個階段。PPPoE Discovery階段主要是客戶機肯定AC(Access Concentrator)以及客戶機與AC協商Session ID。而PPPoE Session用於完成數據包的接收與發送,同時它也用於完成PPP鏈路的協商(LCP),以及網絡層的控制協商(IPCP)等。node
PPPOE服務端搭建
爲便於測試pppoe功能,在樹莓派上部署PPPoE服務器,以鏈接網關測試網關PPPoE上網功能,主要參考文檔:基於linux環境的PPPOE服務器搭建。linux
樹莓派3B+有一個有線網口和一個無線網口,其中無線網口爲wan口,鏈接外網,實現上網功能;有線網口鏈接網關eth0,網關經過PPPoE藉助無線網口實現上網功能,具體部署以下。windows
1. 確認網口的ip及路由配置。服務器
~$ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.111 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::1006:e96f:63eb:46e2 prefixlen 64 scopeid 0x20<link> inet6 fd51:42f8:caae:d92e::ff prefixlen 64 scopeid 0x0<global> ether b8:27:eb:ef:90:a2 txqueuelen 1000 (Ethernet) RX packets 1096 bytes 157745 (154.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 857 bytes 49580 (48.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 4 bytes 390 (390.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 390 (390.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.16.157 netmask 255.255.255.0 broadcast 172.17.16.255 inet6 fe80::d791:dfeb:23e2:20e8 prefixlen 64 scopeid 0x20<link> ether b8:27:eb:ba:c5:f7 txqueuelen 1000 (Ethernet) RX packets 13496 bytes 1509246 (1.4 MiB) RX errors 0 dropped 360 overruns 0 frame 0 TX packets 461 bytes 51453 (50.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ~$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.10.1 0.0.0.0 UG 202 0 0 eth0 default 172.17.16.254 0.0.0.0 UG 303 0 0 wlan0 172.17.16.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0 192.168.10.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
2. 安裝pppoe軟件網絡
sudo apt install pppoe
安裝完成後存在pppoe-server命令。oracle
3. 配置/etc/ppp/options和/etc/ppp/pppoe-server-options,測試可行樣例以下。async
~$ cat /etc/ppp/options | grep -v '#' ms-dns 219.141.136.10 ms-dns 114.114.114.114 ms-dns 8.8.8.8 asyncmap 0 auth crtscts local lock hide-password modem -pap +chap proxyarp lcp-echo-interval 30 lcp-echo-failure 4 noipx ~$ cat /etc/ppp/pppoe-server-options #PPP options for the PPPoE server require-chap lcp-echo-interval 60 lcp-echo-failure 5 logfile /var/log/pppd.log
4. 配置CHAP認證文件/etc/ppp/chap-secrets,暫設置用戶名爲test,上網口令(密碼)爲123456。ide
sudo cat /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses test * 123456 *
5. 設置樹莓派網關實現eth0數據轉發到無線wlan0,實現上網功能
1) PPPoE 協議接入控制的主要方式就是經過對IP數據包的封裝再轉發。因此要配置 PPPoE 服務器必需要開啓IP轉發功能。開啓IP轉發功能須要去除/etc/sysctl.conf 文件中 net.ipv4.ip_forward=1 該行的註釋,隨後運行 sudo sysctl -p 便可生效配置打開 IP 轉發功能。
2) 樹莓派的默認網關是eth0有線網口,其次是無線網口wlan0,應去除eth0的默認路由。
sudo route del default dev eth0
3) 設置數據轉發
sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o wlan0 -j MASQUERADE
6. 開啓PPPoE服務。
sudo pppoe-server -I eth0 -L 192.168.10.100 -R 192.168.10.5 -N 20
-I 參數爲指定pppoe服務器所監聽鏈接請求的網卡名稱,可以使用 ifconfig 命令查看。
-L 參數PPPoE服務器的IP地址,此IP地址爲PPPOE服務器的虛擬IP地址,與網卡enp2s0 地址無關
-R 參數爲當有客戶鏈接到服務器上時,pppoe服務器分配給客戶端的起始IP地址
-N 參數爲指定最多能夠鏈接pppoe服務器的客戶端數量
此時PPPoE服務器搭建完成,可經過eth0鏈接PC,直接在windows下pppoe撥號上網測試服務器搭建是否成功。windows下pppoe撥號只需輸入用戶名和密碼便可。
7. 關閉PPPoE服務
sudo killall pppoe-server
PPPOE客戶端應用
1. pppoe工做於鏈路層,須要linux內核支持,主要選擇「PPP over Ethernet」, 保險起見可都選擇。
Device Drivers -> Network device support -> <M> ppp(point-to-point protocol) support <M> PPP BSD-Compress compression <M> PPP Deflate compression [*] PPP filtering <M> PPP MPPE compression (encryption) [*] PPP multilink support <M> PPP over Ethernet <M> PPP support async serial ports <M> PPP support for sync tty ports
2. 安裝pppoe軟件,Ubuntu下命令以下:
apt install pppoe
安裝完整後,在/usr/sbin下有pppoe撥號相關的腳本或可執行程序:
pppoe-setup:配置程序,把輸入的帳號密碼等信息存入配置文件
pppoe-start:撥號程序,鏈接網絡
pppoe-stop:斷開
pppoe-status:查看鏈接狀態
pppoe-connect:鏈接網絡,被pppoe-start所調用
pppoe-init:初始化,被其餘程序調用
3. 運行pppoe-setup完成初始化配置
>> Enter your PPPoE user name: ——輸入撥號賬戶的用戶名 >> Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethn, where n is a number. (default eth0): ——輸eth0 >> Enter the demand value (default no): ——輸no >> Enter the DNS information here: ——輸SERVER(由PPPoE服務器提供) >> Please enter your PPPoE password: ——輸用戶口令 >> Choose a type of firewall (0-2): ——輸0 (0爲不要防火牆) >> Accept these settings and adjust configuration files (y/n)? ——輸y
相關配置內容會保存到/etc/ppp/pppoe.conf和/etc/chap-secrets、/etc/pap-secrets中,主要的配置內容爲用戶名和用戶口令,這部分也是網關程序須要處理的部分。
4. 運行pppoe-start開始撥號,撥號成功會輸出「Connected!」,且可經過pppoe-status確認ppp0網卡信息(且成功獲取IP)。
#:/etc/ppp# pppoe-status pppoe-status: Link is up and running on interface ppp0 ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492 inet 192.168.10.13 netmask 255.255.255.255 destination 192.168.10.100 ppp txqueuelen 3 (Point-to-Point Protocol) RX packets 8 bytes 100 (100.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 91 (91.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5. 運行pppoe-stop中止撥號上網
#:/etc/ppp# pppoe-stop Killing pppd (4955) Killing pppoe-connect (4935)
PPPOE網關部署
pppoe在智能網關中可經過systemd管理來開啓或關閉pppoe撥號上網。systemd服務配置文件內容:
[Unit] Description=PPP over ethernet After=network-online.target systemd-networkd.service Wants=network-online.target systemd-networkd.service [Service] Type=forking ExecStart=/usr/sbin/pppoe-start ExecReload=/usr/sbin/pppoe-stop;/usr/sbin/pppoe-start ExecStop=-/usr/sbin/pppoe-stop ExecStopPost=-ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf Restart=on-failure [Install] WantedBy=multi-user.target
可經過systemctl開啓、關閉或查詢狀態:
#:/etc/ppp# systemctl stop pppoe #:/etc/ppp# systemctl start pppoe #:/etc/ppp# systemctl status pppoe ● pppoe.service - PPP over ethernet Loaded: loaded (/lib/systemd/system/pppoe.service; disabled; vendor preset: e nabled) Active: active (running) since Sat 2019-01-26 09:24:19 UTC; 6s ago Process: 5088 ExecStop=/usr/sbin/pppoe-stop (code=exited, status=0/SUCCESS) Process: 5116 ExecStart=/usr/sbin/pppoe-start (code=exited, status=0/SUCCESS) Main PID: 5120 (pppoe-connect) CGroup: /system.slice/pppoe.service ├─5120 /bin/sh /usr/sbin/pppoe-connect ├─5140 /usr/sbin/pppd pty /usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe. pid.pppoe -I eth0 -T 80 -U -m 1412 noipdefault noauth default-asyncmap defau ltroute hide-password nodetach usepeerdns mtu 1492 mru 1492 noaccomp nodeflate n opcomp novj novjccomp user test lcp-echo-interval 20 lcp-echo-failure 3 ├─5141 sh -c /usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe.pid.pppoe -I eth0 -T 80 -U -m 1412 └─5146 /usr/sbin/pppoe -p /var/run/pppoe.conf-pppoe.pid.pppoe -I eth0 - T 80 -U -m 1412
可經過pppoe-status確認網絡連通性(成功獲取到IP):
#:/etc/ppp# pppoe-status pppoe-status: Link is up and running on interface ppp0 ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492 inet 192.168.10.6 netmask 255.255.255.255 destination 192.168.10.100 ppp txqueuelen 3 (Point-to-Point Protocol) RX packets 8 bytes 100 (100.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 91 (91.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
參考:
2. 怎樣設計並實現一個基於linux的PPPoE內核模式撥號
5. chap和pap認證