使用freebsd构建pppoe server服务器
相对于在linux下做pppoe server服务器,在freebsd下要简单得多。
一、安装freebsd,安装内核的源码或者用cvsup同步最新的内核源码。
二、重新编译内核。
1. 在内核配置文件中添加以下选项,然后重新编译和安装内核:
options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
2. 编辑 /etc/rc.conf, 添加:
pppoed_enable=”YES”
pppoed_flags=”-d -P /var/run/pppoed.pid -a “server” -l “default” ”
pppoed_interface=”fxp1″
3. 编辑/etc/ppp/ppp.conf
default:
set log Chat Command Phase #turn on some logging. See man ppp.conf
enable pap #turn on chap and pap accounting
enable chap
allow mode direct #turn on ppp bridging
enable proxy #turn on ppp proxyarping (redundant of a
disable ipv6cp #we don’t use ipv6, don’t want the errors
set mru 1492 #set mru below 1500 (PPPoE MTU issue)
set mtu 1492 #set mtu below 1500 (PPPoE MTU issue)
set ifaddr 10.0.0.1 10.0.1.1-10.0.5.254
set speed sync
set timeout 0
enable lqr
accept dns
4. 编辑 /etc/ppp/ppp.secret 设置好用户名和口令
username password
最后重新启动.
Hint:
You could configure ipfw firewall to deny any to any and then make a script (easy) for every ppp connection to add a rule in firewall to allow ip for that connection.
Valuable Advices:
- If you use different versions of windows boxes (not only xp) let enable pap and chap too
- If you want a user to be connected only once (so users cannot give username and passowords to others to use the same account) you must setup a radius server
(freeradius or radius-cistron, from ports collection).
- If you have problems login in from windows box thanset speed syncfrom /etc/ppp/ppp.conf might help you
- pppoed daemon consumes some cpu so a faster cpu is better, also for many users is better to have more ram (512 or 1024 MB)
- If you have problems stop your pppoed process (/etc/rc.d/pppoed stop) then launch pppoed with-Fdoption instead -d, from command line to have pppoed in foreground to see errors.
- On a lan with many users I had a problem, i guess some of the clients had a misconfigured pppoed server so it keeps asking for connection to pppoed server, flooding, forking the pppoed daemon continously. It is a patch that might solve this problem, I’ve read about it here: http://lists.freebsd.org/pipermail/freebsd-hackers/2005-February/010136.html , but could not find that patch.
From:http://www.routerclub.com/viewnews-303.html