1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
.\" $OpenBSD: pppoe.4,v 1.27 2014/10/08 12:57:51 sthen Exp $
.\" $NetBSD: pppoe.4,v 1.26 2003/10/02 07:06:36 wiz Exp $
.\"
.\" Copyright (c) 2002 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Martin Husemann <martin@NetBSD.org>.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 8 2014 $
.Dt PPPOE 4
.Os
.Sh NAME
.Nm pppoe
.Nd PPP Over Ethernet protocol network interface
.Sh SYNOPSIS
.Cd "pseudo-device pppoe"
.Sh DESCRIPTION
The
.Nm
interface encapsulates
.Em Point-to-Point Protocol (PPP)
packets inside Ethernet frames as defined by RFC 2516.
.Pp
This is often used to connect a router via a DSL modem to
an access concentrator.
The
.Nm
interface does not by itself transmit or receive frames,
but needs an Ethernet interface to do so.
This Ethernet interface is connected to the
.Nm
interface via
.Xr ifconfig 8 .
The Ethernet interface needs to be marked UP, but does not need to have an
IP address.
.Pp
There are two basic modes of operation, controlled via the
.Em link1
switch.
The default mode,
.Em link1
not being set, tries to keep the configured session open all the
time.
If the session is disconnected, a new connection attempt is started
immediately.
The
.Dq dial on demand
mode, selected by setting
.Em link1 ,
only establishes a connection when data is being sent to the interface.
.Pp
Before a
.Nm
interface is usable, it needs to be configured.
The following steps are necessary:
.Bl -bullet
.It
Create the interface.
.It
Connect an Ethernet interface.
This interface is used for the physical communication.
As noted above it must be marked UP, but need not have an IP address.
.It
Configure authentication.
The PPP session needs to identify the client to the peer.
For more details on the available options see
.Xr ifconfig 8 .
.It
If using IPv6, configure a link-local address.
.El
.Pp
This all is typically accomplished using an
.Pa /etc/hostname.pppoe0
file.
A typical file looks like this:
.Bd -literal -offset indent
inet6 eui64
inet 0.0.0.0 255.255.255.255 NONE \e
pppoedev em0 authproto pap \e
authname 'testcaller' authkey 'donttell' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1
!/sbin/route add default -ifp pppoe0 fe80::
.Ed
.Pp
The physical interface must also be marked
.Ql up :
.Bd -literal -offset indent
# echo "up" \*(Gt /etc/hostname.em0
.Ed
.Pp
Since this is a PPP interface, the addresses assigned to the interface
may change during PPP negotiation.
There is no fine grained control available for deciding
which addresses are acceptable and which are not.
For the local side and the remote address there is exactly one choice:
hard coded address or wildcard.
If a real address is assigned to one side of the connection,
PPP negotiation will only agree to exactly this address.
If one side is wildcarded,
every address suggested by the peer will be accepted.
.Pp
To wildcard the local address set it to 0.0.0.0; to wildcard the remote
address set it to 0.0.0.1.
.Sh KERNEL OPTIONS
A
.Nm
enabled kernel will not interfere with other PPPoE implementations
running on the same machine.
Under special circumstances
(details below) this is not desirable, so the
.Nm
driver can be told to kill all unknown PPPoE sessions
received by the Ethernet interface used for a configured
.Nm
interface.
To do this,
add the following to your kernel config file:
.Pp
.Dl option PPPOE_TERM_UNKNOWN_SESSIONS
.Pp
This option is only useful if you have a static IP address assigned and
your ISP does not use LCP echo requests to monitor the link status.
After a crash or power failure the peer device still tries to send data to
the no longer active session on your computer, and might refuse to
reestablish a new connection, because there already is an open session.
On receipt of such packets, the
.Nm
driver with this option set will send a PADT packet
(request to terminate the session).
The peer will immediately disconnect
the orphaned session and allow a new one to be established.
.Pp
If the kernel is compiled with option
.Dv PPPOE_SERVER ,
there are two modes of connection, controlled via the
.Em link0
switch.
The default mode,
.Em link0
not being set, is client mode.
The
.Dq PPPoE server
mode, selected by setting
.Em link0 ,
is to wait for incoming PPPoE sessions.
.Sh MTU/MSS ISSUES
Problems can arise on machines with private IPs connecting to the Internet
via a machine running both
Network Address Translation (NAT)
and
.Nm .
Standard Ethernet uses a
maximum transmission unit (MTU)
of 1500 bytes,
whereas PPPoE mechanisms need a further 8 bytes of overhead.
This leaves a maximum MTU of 1492.
.Nm
sets the MTU on its interface to 1492 as a matter of course.
However,
machines connecting on a private LAN will still have their MTUs set to 1500,
causing conflict.
Using a packet filter,
the
maximum segment size (MSS)
can be set (clamped) to the required value.
The following rule in
.Xr pf.conf 5
would set the MSS to 1440:
.Pp
.Dl match on pppoe0 scrub (max-mss 1440)
.Pp
Although in theory the maximum MSS over a PPPoE interface
is 1452 bytes,
1440 appears to be a safer bet.
Note that setting the MSS this way can have undesirable effects,
such as interfering with the OS detection features of
.Xr pf 4 .
.Pp
Alternatively in cases where the remote equipment supports RFC 4638
and the physical interface is configured to support jumbo frames,
the MTU of the
.Nm
interface can be raised and it will attempt to negotiate an increased MTU.
For example, in
.Pa /etc/hostname.pppoe0 :
.Bd -literal -offset indent
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 \e
pppoedev em0 authproto pap \e
authname 'testcaller' authkey 'donttell' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1
.Ed
.Pp
The physical interface must also be configured like so:
.Bd -literal -offset indent
# echo "up mtu 1508" \*(Gt /etc/hostname.em0
.Ed
.Pp
With this, the previously mentioned MSS clamping rules in
.Xr pf.conf 5
are no longer necessary.
.Pp
See
.Xr pf.conf 5
for more information on MTU, MSS, and NAT.
.Sh SEE ALSO
.Xr sppp 4 ,
.Xr hostname.if 5 ,
.Xr pf.conf 5 ,
.Xr ifconfig 8
.Sh STANDARDS
.Rs
.%A L. Mamakos
.%A K. Lidl
.%A J. Evarts
.%A D. Carrel
.%A D. Simone
.%A R. Wheeler
.%D February 1999
.%R RFC 2516
.%T A Method for Transmitting PPP Over Ethernet (PPPoE)
.Re
.Pp
.Rs
.%A P. Arberg
.%A D. Kourkouzelis
.%A M. Duckett
.%A T. Anschutz
.%A J. Moisand
.%D September 2006
.%R RFC 4638
.%T Accommodating a Maximum Transit Unit/Maximum Receive Unit (MTU/MRU) Greater Than 1492 in the Point-to-Point Protocol over Ethernet (PPPoE)
.Re
.Sh HISTORY
The
.Nm
device first appeared in
.Ox 3.7 .
.Sh CAVEATS
RFC 4638 negotiation is only aware of the MTU configured on the endpoints,
but not the maximum MTU supported on the path between them.
If the path cannot pass the larger Ethernet frames, negotiation will succeed
but the connection will not function correctly.
.Sh BUGS
This implementation is client side only.
.Pp
It is important to specify
.Dq Li netmask 255.255.255.255
to
.Xr ifconfig 8 .
If the netmask is unspecified, it will be set to 8 when 0.0.0.0 is
configured to the interface, and it will persist after negotiation.
.Pp
The presence of a
.Xr mygate 5
file will interfere with the routing table.
Make sure this file is either empty or does not exist.
|