[RP-PPPoE] Beginner's questions (Shaping, Errors and Tips)

Kaszás Gergely cheese at caesar.elte.hu
Mon Feb 24 03:57:52 EST 2014 

Hello!

I've got a few questions that I can't seem to get a straight answer on 
the "webs".
I'm sure that these are quite common questions, so please be patient 
while reading and replying to this message even if the answer is pretty 
obvious.

1.
I wish to "shape" my traffic, but can't seem to wrap my head around 
using tc for each connection.
I only want to limit my ppp users upload and download speeds, but 
reading lartc just confused me even more.
Has anyone succeeded in shaping traffic per connection and if you have 
how did you achieve this?

2.
I often seem to get a CHAP authentication failure error, yet my server's 
pppoe-server-options file has the "refuse-chap" line.
Has anyone ran into this problem? Am I doing something horribly wrong?

3.
Currently I use mschapv2 to authenticate users, but the upcoming eol of 
windows xp made me think that I should move on
towards EAP-MSCHAPv2 or any EAP based auth method.
Could you point me toward a place where I could look up how to implement 
this?


Here is a crude representation of my network:

(remote location) -----------------> (Router/Firewall/PPPoE server)
  xxx.xxx.119.150                            eth0: xxx.xxx.119.149
                                                         eth1: NC
                                                         eth2: 
xxx.xxx.103.254 (/22) -------------------------->Other servers 
(Including the radius server)
                                                         eth3: PPPoE 
server------+
+----------------------> About 400 pppoe users (I've something that you 
could say a "dumb" network. Most of my switches are "dumb". (haven't got 
the basic option of vlans or any sort of features))

(Since these are valid internet addreses I hid the first two octets.)

/etc/ppp/options:
asyncmap 0
noauth
crtscts
lock
hide-password
modem
lcp-echo-interval 30
lcp-echo-failure 4
noipx
mppe-stateful
noccp

/etc/ppp/pppoe-server-options:
kdebug 7
debug
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
netmask 255.255.252.0
ms-dns xxx.xxx.100.1
ms-dns xxx.xxx.100.7
plugin radius.so
plugin radattr.so
lcp-echo-interval 20
lcp-echo-failure 3
proxyarp
defaultroute
noipdefault
noccp
nobsdcomp
novj

And the command:
/usr/sbin/pppoe-server -I eth3 -N 10000 -T 300 -L xxx.xxx.103.254 -k -x 1

More information about the RP-PPPoE mailing list