Mini PPPoE Server Howto for RedHat 7.3 + Radius Auth

Date: 25-Oct-2002

1. Install RH 7.3 Installing as a server system works. These instructions should be the same for RedHat 7.2 as well.

2. Set and IP address on the primary NIC to say 10.0.0.1. This is the card that is visible to the internet.

3. Install the updated rp-pppoe from Roaring Penguin http://www.roaringpenguin.com/pppoe/. This was version rp-pppoe-3.5-1 as of this writing.

4. Download the latest pppd via cvs from samba currentl its 2.4.2b1 as of this writing. I use rsync. Make a dir called ppp2.4 and then issue the command
rsync -vrz ppp.samba.org::ftp/unpacked/ppp/ ./ppp2.4/
to download the source. You dont really need the -v in the rsync command, but that echos what its doing to the screen so you can see whats happening.

5. Change to the ppp2.4 directory and then
./configure
make
make install

6. Edit /etc/radiusclient/radiusclient.conf. Set the primary and secondary authentication and accounting servers and hosts. Watch that your using the right port numbers. If you have an old radius server it is probably using ports 1645/1646.

7. Edit /etc/radiusclient/servers and set the secret password and the hostname of the radius servers your going to authenticate against.

8. Edit /etc/sysctl.conf and change the line net.ipv4.ip_forward = from 0 to one(1). This makes the system turn on routing at boot up.

9. Edit /etc/ppp/pppoe-server-options and add proxyarp to the end of the file on its own line. Also add ms-dns {dns ip addresses} after the lcp-echo-failure lines.

10. Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and change the ONBOOT=no to yes and remove the dhcp from the BOOTPROTO= if its there.

11. Start the pppoe-server. You will probably need to pass some parameters to it. They will most likely be -I eth1 -L {localip} and -R {remoteippool}. So you will end up with something like /usr/sbin/pppoe-server -I eth1 -L 10.0.0.1 -R 10.0.0.150. This tells the server to start serving out IP's to the clients starting at .150. Set the -L IP to the local IP of eth0. When your happy with the startup parameters you will want to add this same line to /etc/rc.d/rc.local so that the server restarts after a reboot of the server.

12. You should now be able to test the system. Try adding a user to the system as a user and then add the user to the /etc/ppp/pap-secrets file. (this assumes you use a user called test with a password of test)
:adding a user:
adduser test
passwd test
:pap-secrets file:
"test" * "test"

13. Now tail -f /var/log/message on the linux system and try to connect to the server with a PPPoE client. If you've got it right, you will be able to establish a connection.

14. Now add the line plugin radius.so to the file /etc/ppp/pppoe-server-options just before proxyarp.

15. Now test the logging on again with a valid radius user.

16. Congratulations your finished!!!

pppoe-server-options file looks like this:
# PPP options for the PPPoE server
# LIC: GPL
require-pap
login
lcp-echo-interval 10
lcp-echo-failure 2
ms-dns 10.0.0.5
ms-dns 10.0.0.6
plugin radius.so
proxyarp

All trademarks and copyrights are owned by their respective owners. Copyright © 2010 cwispy.com.