PPPoE Web Gui setup

Support
#1

I am new to the Nethserver camp and have encountered an issue (in both Nethserver 6.7 and 7.2 Alpha2).

After a basic install in a VM, with two NICs (one red and one green - static IPs each), I have installed firewall, vpn services. Also I have ensured that all software is up-to-date.

I have tried to add a PPPoE (logical) interface. When the form appears, there is a pull-down box for the ethernet interface but without any choices. I would have expected that there be at least one (e.g. the red interface for ethernet).

The sample networks db entry looks like this:

[root@gateway ~]# db networks show
eth0=ethernet
bootproto=none
gateway=192.168.2.1
hwaddr=00:0c:29:14:e0:d9
ipaddr=192.168.2.2
netmask=255.255.255.0
role=red
eth1=ethernet
bootproto=none
device=eth1
gateway=0.0.0.0
hwaddr=00:0C:29:14:E0:CF
ipaddr=192.168.32.1
netmask=255.255.255.0
onboot=yes
role=green
ppp0=xdsl-disabled
AuthType=auto
Password=secret
name=PPPoE
provider=TekSavvy
role=red
user=a@a.a

I am at loss how to proceed. Ideas?

#2

I hope that @nas and @filippo_carletri or @davide_marini can chime in with more ideas

#3

HI @kisaacs

First of all. Wellcome to our great Community!

1 Like
#4

In order to proceed with PPoE configuration, you should release RED role from the interface.

Pasted image1140×348 22.4 KB

#5

OK. Will try that when I can physically get to the machine later. And will post the results.

#6

You need at least one free interface to use as PPPoE modem.

#7

Also, you can proceed with db directly and then go to WEBUI and create PPoE connection

db networks setprop eth0 role ''
1 Like
#8

Thanks - one and all. Just the answer that I needed.

I revoked the red role from eth0. Turned off the PPPoE on the router (Sagemcom), and activated PPPoE using the signon from my ISP.

I am currently using it to compose this message.

I may have another question regarding a /30 set of IPs that are not in ppp0 set. First I will dig around some more.

The new db networks show is:
[root@gateway ~]# db networks show
eth0=ethernet
hwaddr=00:0c:29:14:e0:d9
role=pppoe
eth1=ethernet
bootproto=none
device=eth1
gateway=0.0.0.0
hwaddr=00:0C:29:14:E0:CF
ipaddr=192.168.32.1
netmask=255.255.255.0
onboot=yes
role=green
ppp0=xdsl
AuthType=auto
Password=secret
name=PPPoE
provider=TekSavvy
role=red
user=a@a.a

1 Like
#9

I’m understanding that your ISP gives you 4 addresses (a /30) in PPPoE.
Did you have to enter the /30 in your Sagecom or they were automatically pulled?
I’d like to add support to NethServer, but I need a tester. :smile:

#10

The reason that I am not using sagemcom is that it does not pull the /30 from the ISP (TekSavvy).

My static IP is 206.248.171.126. There is another /30 (totally different) in 76.10.177.152/30. It provided by the ISP but implementation is not supported by their tech team. So it is my problem.

These two links are ones that I have been researching to get more clues how to do it on nethserver.
http://forums.ncix.com/forums/topic.php?id=2668987
http://www.dslreports.com/forum/r26451582-DSL-How-do-I-setup-a-30-subnet

I would love to be a tester! :smile:

#11

Additionally, it is my desire to have each of the two IPs in the /30 to be used by other servers (eg. mail, web)

#12

Hi all ip is given over PPPoE? or you can assign it manually?

#13

I had to contact my ISP to confirm details. First of all, it was noted that the fixed /30 that I referred to in a previous post is not correct in the fourth octet. The following is a quote from their email.
–>
VPI/VCI for ON/QC is: 0.35 # I am in ON - not sure that is important for other than PPPoE
VPI/VCI for AB/BC is: 0.33

IP Information
/30: 76.10.177.52 / 255.255.255.252
Single: 206.248.171.126

<–
The fixed /30 subnet is definitely tunneled over the main IP.

Can/should I use bond, bridge or VLAN over PPPoE? Based on my discussion - the /30 IP must be assigned manually.

Current routing table looks like:

[root@gateway ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
206.248.154.104 0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
192.168.33.2    0.0.0.0         255.255.255.255 UH        0 0          0 tun0
192.168.32.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.33.0    192.168.33.2    255.255.255.0   UG        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp0
#14

After some testing of lo:1 loopback settings on my gateway, I was able to determine that the /30 IP does respond to remote pings. However, it did not forward any other connections to my mail server. So instead I removed the lo:1 and added another ethernet card on the gateway, assigning the first /30 IP to it as well as putting it in the red zone. Upon reboot I lost the default route on pppoe. So I added it manually. Then it all worked. I then assigned the next /30 IP to the mail server eth0 port and put it in the red zone.

Is there anyway in the WEBGUI to force pppoe to provide the default route? I think the problem might be that there are two red zone interfaces in two different subnets. I checked the ipcfg-ppp0 file and found a line that reads:

DEFROUTE='no'

Am I correct in assuming that indicates that ppp0 is not set as the default route on coming up?

Current network settings for gateway are:

[root@gateway ~]# db networks show
eth0=ethernet
    hwaddr=00:0c:29:14:e0:d9
    role=pppoe
eth1=ethernet
    bootproto=none
    device=eth1
    gateway=0.0.0.0
    hwaddr=00:0C:29:14:E0:CF
    ipaddr=192.168.32.1
    netmask=255.255.255.0
    onboot=yes
    role=green
 eth2=ethernet
    bootproto=none
    gateway=76.10.177.52
    hwaddr=00:0c:29:14:e0:e3
    ipaddr=76.10.177.53
    netmask=255.255.255.252
    role=red
 ppp0=xdsl
     AuthType=auto
     Password=secret
     name=PPPoE
     provider=TekSavvy
     role=red
     user=a@a.a

The settings for the mail server are:

eth0=ethernet
    bootproto=none
    gateway=76.10.177.53
    hwaddr=00:0c:29:83:0d:bd
    ipaddr=76.10.177.54
    netmask=255.255.255.252
    role=red
eth1=ethernet
    bootproto=none
    device=eth1
    gateway=192.168.32.1
    hwaddr=00:0C:29:83:0D:B3
    ipaddr=192.168.32.46
    netmask=255.255.255.0
    onboot=yes
    role=green
#15

When you have two or more red inrerfaces you have to con figure multiwan. The default gateway will be taken from pppoe.

#16

@filippo_carletti i suppose that @kisaacs want to say that he want to assign other ip /30 to lo interface as it is described on some ISP forums

#17

Both interfaces are exposed to the outside world. One is the main static IP for my gateway. That must be red for sure.

The other is just the router for my /30 subnet. I was assuming that it should be red - however - I may not be correct in my assumption. Could it be another colour? e.g. blue or orange (DMZ)? The important part is that I need the ppp0 interface to contain the default route on any reboot, since the /30 subnet is routed over the ppp0 connection.

Also my rationale for discussing this on this forum is if there are others trying to implement something similar than there is an online record for them as well.

#18

I think that you have to create only one connection, because you really have one connection.
I think that the additional /30 should be configured as a set of aliases of the one and only connection interface: ppp0.

If you would like to make some tests, I’d start removing the eth2, leaving only PPPoE.
After network reconfiguration, when connected to the internet, add the /30 as aliases to the ppp0 interface with commands like:

ip ad ad 76.10.177.152/30 dev ppp0

A ping should confirm everything’s working. Also, please show the output of:

ip ad

From this point, we need to find a way to integrate this config into centos network scripts (I just read the manuals, but I couldn’t find it).

#19

@kisaacs lets arrange chat or teamviewer session and we can try to find out workaround.

#20

Actually GOOD NEWS - it works without modifying any of the standard nethserver scripts!!! No workaround needed.

I am giving a great BIG SHOUT OUT for the nethserver team. It will be something that I will be recommending to several other individuals and small businesses that need just this type of tool. Thanks Artem and Filippo for your great support.

I pursued the ORANGE (DMZ) concept. On the gateway, I setup eth2 as orange and used the first /30 IP. On the mail server I used the second /30 IP and assigned it to the RED zone. On the gateway, I also had to setup a firewall object for the mail server. Then in the firewall rules, I added one rule to allow any traffic for the mail server to pass the gateway. I added another rule to gateway to allow any traffic from the mail server to pass the gateway. (It would be good to have that as a single click option on the firewall config WEBUI - just like the red interface).

Finally, I tested (successfully) access to roundcube and sogo from remote locations. As a final touch, I used nethserver 7 alpha 2 (for anyone following this thread the device names are changed from ethx to ensxx)

The network listing for the gateway is:

ens192=ethernet
    role=pppoe
ens224=ethernet
    bootproto=none
    gateway=
    ipaddr=76.10.177.53
    netmask=255.255.255.252
    role=orange
ens32=ethernet
    bootproto=none
    gateway=
    ipaddr=192.168.32.1
    netmask=255.255.255.0
    role=green
ppp0=xdsl
    AuthType=auto
    Password=secret
    name=PPPoE
    provider=TekSavvy
    role=red
    user=a@a.a

The network listing for the mail server is:

[root@mail ~]# db networks show
ens192=ethernet
    bootproto=none
    gateway=192.168.32.1
    ipaddr=192.168.32.46
    netmask=255.255.255.0
    role=green
ens32=ethernet
    bootproto=none
    gateway=76.10.177.53
    ipaddr=76.10.177.54
    netmask=255.255.255.252
    role=red
3 Likes