PPPoE Server Configuration Guide
29 min
\<font color="#1d50a2">introduction\</font> this guide provides a step by step tutorial for configuring the pppoe server capability on the asterfusion open intelligent gateway running asternos vpp by following this guide, you will transform a standard layer 3 gateway into a high performance broadband network gateway (vbng) capable of handling client dial ups, centralized aaa billing, and internet access via nat \<font color="#1d50a2">what this guide will accomplish\</font> this document is structured to reflect real world enterprise deployment priorities scenario 1 enterprise radius integration (main deployment) we will configure the gateway to act as a vbng access node, integrated with an external radius server for centralized authentication, authorization, and accounting (aaa) this phase covers both local ip allocation and fully centralized radius ip pool management scenario 2 standalone gateway mode (local auth & nat) configuring the gateway to rely on its internal local database for dial in access and enabling source nat (snat) this is ideal for small, isolated networks or as an emergency fallback \<font color="#1d50a2">scenario 1\</font> \<font color="#1d50a2">network topology plan\</font> \<font color="#1d50a2">target configuration plan\</font> device / interface ip address / subnet role asternos (eth1) 192 168 200 166/24 wan uplink (route to radius & core network) asternos (eth2) n/a (layer 2 pppoe) lan interface (pppoe dial in port) radius server 192 168 200 253/24 centralized aaa server (freeradius) dial in client pc 192 168 100 x/24 pppoe client \<font color="#1d50a2">phase 1 baseline setup (local pool ip allocation)\</font> in this phase, we establish an enterprise grade vbng architecture to ensure a smooth deployment, we will build this in two stages baseline setup centralized radius authentication combined with asternos local ip allocation advanced setup fully centralized architecture where radius handles both authentication and dynamic ip allocation \<font color="#1d50a2">base network \& radius global configuration\</font> sonic# configure terminal \<font color="#5fd74e"># 1 configure the wan interface (required to reach the radius server)\</font> sonic(config)# interface ethernet 1 sonic(config if 1)# ip address 192 168 200 166/24 sonic(config if 1)# exit \<font color="#5fd74e"># 2 define default route to core network\</font> sonic(config)# ip route 0 0 0 0/0 192 168 200 1 \<font color="#5fd74e"># 3 define the global radius server \# critical the 'mode pppoe' attribute must be configured first \</font> sonic(config)# radius server 192 168 200 253 mode pppoe sonic(config)# radius server 192 168 200 253 auth type chap sonic(config)# radius server 192 168 200 253 passkey aster123 \<font color="#1d50a2">configure the pppoe server \</font> in our baseline setup, asternos relies on radius for user authentication but handles ip address distribution locally \<font color="#5fd74e"># 1 enable pppoe server globally\</font> sonic(config)# pppoe server enable \<font color="#5fd74e"># 2 create the local ip pool for dial in clients\</font> sonic(config)# ip pool pppoe pool sonic(config ip pool)# ip range 192 168 100 10 192 168 100 254 sonic(config ip pool)# exit \<font color="#5fd74e"># 3 enter pppoe server instance 1\</font> sonic(config)# interface pppoe server 1 sonic(config if pppoeserver 1)# service name pppoe enterprise sonic(config if pppoeserver 1)# ac name pppoe server 1 \<font color="#5fd74e"># 4 bind radius for authentication and accounting\</font> sonic(config if pppoeserver 1)# ppp chap radius server 192 168 200 253 sonic(config if pppoeserver 1)# nas ip 192 168 200 166 \<font color="#5fd74e"># 5 set virtual gateway ip and bind the local pool\</font> sonic(config if pppoeserver 1)# local ip 192 168 100 1 255 255 255 0 sonic(config if pppoeserver 1)# remote ip pool pppoe pool \<font color="#5fd74e"># 6 network parameters\</font> sonic(config if pppoeserver 1)# dns server 8 8 8 8 sonic(config if pppoeserver 1)# accept blank service enable sonic(config if pppoeserver 1)# exit \<font color="#5fd74e"># 7 bind to physical lan port\</font> sonic(config)# interface ethernet 2 sonic(config if 2)# pppoe server 1 sonic(config if 2)# exit note if using accept any service enable the service name does not need to be configured on either the server or the client if using accept blank service enable the service name must be configured on the server, and the client must not configure it (leave it blank) \<font color="#1d50a2">freeradius server setup\</font> deploy a lightweight freeradius configuration focused strictly on aaa, without the complexity of ip pool management \<font color="#1d50a2">install freeradius\</font> sudo apt get update sudo apt get install freeradius y \<font color="#1d50a2">configure the nas client (asternos gateway)\</font> sudo nano /etc/freeradius/3 0/clients conf client asternos gateway { ipaddr = 192 168 200 166 secret = aster123 } \<font color="#1d50a2">create the user profile\</font> sudo nano /etc/freeradius/3 0/users "radiususer" cleartext password = "radius123" service type = framed user, framed protocol = ppp \<font color="#1d50a2">restart service\</font> note on ubuntu/debian systems, freeradius starts automatically upon installation a restart is required to load the newly configured clients and users sudo systemctl restart freeradius \<font color="#1d50a2">phase2 advanced integration (centralized radius ip allocation)\</font> once the baseline authentication is verified, enterprise architectures typically migrate ip allocation to the radius server this consolidates user management and billing into a single pane of glass to upgrade from the baseline to the centralized architecture, follow these delta steps \<font color="#1d50a2">unbind the local pool on asternos\</font> shift the allocation responsibility away from the gateway sonic# configure terminal sonic(config)# interface pppoe server 1 sonic(config if pppoeserver 1)# no remote ip pool pppoe pool sonic(config if pppoeserver 1)# exit \<font color="#1d50a2">configure the radius ip pool\</font> sudo nano /etc/freeradius/3 0/mods available/ippool ippool main pool { range start = 192 168 100 10 range stop = 192 168 100 254 netmask = 255 255 255 0 \# keep the following default parameters unchanged filename = ${db dir}/db ippool ip index = ${db dir}/db ipindex override = no maximum timeout = 0 } \<font color="#1d50a2">enable the module\</font> sudo ln s /etc/freeradius/3 0/mods available/ippool /etc/freeradius/3 0/mods enabled/ \<font color="#1d50a2">activate ip pool in accounting \& post auth\</font> sudo nano /etc/freeradius/3 0/sites enabled/default in the accounting { } block, add accounting { detail unix main pool # < add this line exec \# } in the post auth { } block, add post auth { exec main pool # < add this line \# } \<font color="#1d50a2">update user profile \& apply changes\</font> sudo nano /etc/freeradius/3 0/users "radiususer" cleartext password = "radius123", pool name = "main pool" service type = framed user, framed protocol = ppp sudo systemctl restart freeradius \<font color="#1d50a2">phase 1 \& 2 verification\</font> after completing the configuration and restarting the radius service, follow these steps to verify that the pppoe session is successfully established client dial in create a pppoe connection on the client pc and dial in using your username and password check session status once successfully connected, execute the following command to view real time session information sonic# show pppoe session \<font color="#1d50a2">expected output \</font> id iface sessionid remotemac remoteip localip localif pppoeserver uptime \ 0 ethernet3 384 00\ e0 4c 68 06 0d 192 168 100 10 192 168 100 1 ppp0 pppoe server 1 0 00 37 tips under the scenario 1 configuration, the client can successfully dial in and establish a network connection to enable internet access, please ensure that the core network has the appropriate nat policies configured, or refer to scenario 2 to enable local snat on asternos \<font color="#1d50a2">scenario\</font> this section provides the complete, standalone configuration required to set up the pppoe server using asternos's internal database for authentication and local ip pool for address allocation important asternos does not support automatic fallback to the local database if a radius server is configured but unreachable you must manually remove the radius server binding before local credentials can take effect \<font color="#1d50a2">configure the pppoe server \</font> \<font color="#5fd74e"># 1 enable pppoe server globally\</font> sonic# configure terminal sonic(config)# pppoe server enable \<font color="#5fd74e"># 2 create the local ip pool for dial in clients\</font> sonic(config)# ip pool pppoe pool sonic(config ip pool)# ip range 192 168 100 10 192 168 100 254 sonic(config ip pool)# exit \<font color="#5fd74e"># 3 enter pppoe server instance 1\</font> sonic(config)# interface pppoe server 1 sonic(config if pppoeserver 1)# service name pppoe enterprise sonic(config if pppoeserver 1)# ac name pppoe server 1 \<font color="#5fd74e">\</font> sonic(config if pppoeserver 1)# ppp chap username testuser 123456 sonic(config if pppoeserver 1)# nas ip 192 168 200 166 \<font color="#5fd74e"># 5 set virtual gateway ip and bind the local pool\</font> sonic(config if pppoeserver 1)# local ip 192 168 100 1 255 255 255 0 sonic(config if pppoeserver 1)# remote ip pool pppoe pool \<font color="#5fd74e"># 6 network parameters\</font> sonic(config if pppoeserver 1)# dns server 8 8 8 8 sonic(config if pppoeserver 1)# accept blank service enable sonic(config if pppoeserver 1)# exit \<font color="#5fd74e"># 7 bind to physical lan port\</font> sonic(config)# interface ethernet 2 sonic(config if ethernet2)# pppoe server 1 sonic(config if ethernet2)# exit \<font color="#1d50a2">enable snat for internet access\</font> to allow the locally authenticated pppoe clients (e g , 192 168 100 x ) to browse the public internet, you must translate their private ips to the wan interface's public/uplink ip \<font color="#5fd74e"># 1 enable the nat engine globally\</font> sonic(config)# nat enable \<font color="#5fd74e"># 2 define a nat pool using the wan uplink ip (192 168 200 166)\</font> sonic(config)# nat pool wan pool 192 168 200 166 \<font color="#5fd74e"># 3 bind the pool to masquerade all outbound routed traffic\</font> sonic(config)# nat binding bind wan wan pool \<font color="#5fd74e"># 4 apply nat zone to the wan interface\</font> sonic(config)# interface ethernet 1 sonic(config if 1)# nat zone 1 sonic(config if 1)# exit \<font color="#1d50a2">verification\</font> after completing the configuration, follow these steps to verify that the pppoe session is successfully established client dial in create a pppoe connection on the client pc and dial in using your username and password check session status once successfully connected, execute the following command to view real time session information sonic# show pppoe session \<font color="#1d50a2">expected output \</font> id iface sessionid remotemac remoteip localip localif pppoeserver uptime \ 0 ethernet3 384 00\ e0 4c 68 06 0d 192 168 100 10 192 168 100 1 ppp0 pppoe server 1 0 00 37 \<font color="#1d50a2">conclusion\</font> this guide has verified the comprehensive pppoe server capabilities of asternos, transforming a standard gateway into a high performance vbng the completed scenarios demonstrate its deployment flexibility, seamlessly supporting both enterprise centralized radius integration and standalone operations with local authentication and nat
