I have 2 Ubuntu 64-bit Virtual Machines installed on Virtual Box.Their name and ip addresses are given below.I am trying to establish PPPoE connection between the two machines.
nas 192.168.129.130 (This machine runs the PPPoE server)
home 192.168.129.37 (This machine runs the PPPoE client)
The relevant configuration files on the nas (Network Access Server) is shown below.
/etc/ppp/pppoe-server-options
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
defaultroute
noipdefault
/etc/ppp/chap-secrets
#client server secret IP addresses
home * "godfather" *
nas * "godfather" *
/etc/ppp/ipaddress_pool
192.168.129.20-40
/etc/ppp/pppoe_start
PPPOE_IFACE="eth0"
PPPOE_IFACE_ADDR="192.168.129.31"
#Start PPPoE Server
sleep 5
pppoe-server -C isp -L $PPPOE_IFACE_ADDR -p /etc/ppp/ipaddress_pool -I $PPPOE_IFACE -m 1412
/etc/ppp/pppoe_stop
killall pppoe-server
The relevant configurations files on home (the client) are shown below.
/etc/ppp/chap_secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
nas * "godfather" *
home * "godfather" *
/etc/ppp/peers/myisp
plugin rp-pppoe.so
eth0
user root
I start the PPPoE server using the following command.
sudo /etc/ppp/pppoe_start
I start the client using the following command
sudo pppd call myisp
I run tcpdump on eth0 to look at PADI,PADO,PADR,PADS and PADT.The output of the tcpdump run on the nas server is shown below.
sudo tcpdump -i eth0 -n ether proto 0x8863 '||' ether proto 0x8864 [sudo] password for karthik:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:47:25.173507 PPPoE PADI [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.173609 PPPoE PADO [AC-Name "nzhmlbld06l"] [Service-Name] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000] [Host-Uniq 0xCF0A0000]
12:47:25.173661 PPPoE PADO [AC-Name "isp"] [Service-Name] [AC-Cookie 0xF07AE7E13B3BDFACCCE03C14A0A60C7D49090000] [Host-Uniq 0xCF0A0000]
12:47:25.173777 PPPoE PADR [Service-Name] [Host-Uniq 0xCF0A0000] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000]
12:47:25.174239 PPPoE PADS [ses 0xa] [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.174929 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:26.180431 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 16
12:47:26.180676 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 1, length 16
12:47:28.177393 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:28.179020 PPPoE [ses 0xa] LCP, Conf-Reject (0x04), id 1, length 11
12:47:28.179295 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 2, length 16
12:47:28.181036 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 2, length 16
12:47:28.181045 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181464 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181638 PPPoE [ses 0xa] LCP, Term-Request (0x05), id 3, length 34
12:47:28.182984 PPPoE [ses 0xa] LCP, Echo-Reply (0x0a), id 0, length 10
12:47:28.182992 PPPoE [ses 0xa] LCP, Term-Ack (0x06), id 3, length 6
12:47:31.217784 PPPoE PADT [ses 0xa] [Generic-Error "RP-PPPoE: Child pppd process terminated"]
I am unable to understand why "Generic-Error "RP-PPPoE: Child pppd process terminated" error message is being printed.Am I doing something wrong with the configuration?Any suggestions or pointers will be highly appreciated.
I have added debug dump for client and the server and this is the /var/log/syslog that I got on the client.
Aug 19 08:42:22 home pppd[2183]: Plugin rp-pppoe.so loaded.
Aug 19 08:42:22 home pppd[2183]: pppd options in effect:
Aug 19 08:42:22 home pppd[2183]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: +chap#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: user root#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: hide-password#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: noipx#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2184]: pppd 2.4.5 started by root, uid 0
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 08:42:22 home pppd[2184]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 08:42:22 home pppd[2184]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 43
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src 8:0:27:50:1d:d3
Aug 19 08:42:22 home pppd[2184]: [AC-name isp] [service-name] [AC-cookie ff 29 7b e4 ad 78 bd 39 db 78 61 ff f7 92 ff 0c f2 0a 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADS session 0x15 length 12
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: PADS: Service-Name: ''
Aug 19 08:42:22 home pppd[2184]: PPP session is 21
Aug 19 08:42:22 home pppd[2184]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 08:42:22 home pppd[2184]: using channel 4
Aug 19 08:42:22 home pppd[2184]: Using interface ppp0
Aug 19 08:42:22 home pppd[2184]: Connect: ppp0 <--> eth0
Aug 19 08:42:22 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 08:42:23 home pppd[2184]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:23 home pppd[2184]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfRej id=0x1 <auth chap MD5>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfAck id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP EchoReq id=0x0 magic=0x936c3d3f]
Aug 19 08:42:25 home pppd[2184]: peer refused to authenticate: terminating link
Aug 19 08:42:25 home pppd[2184]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoReq id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoRep id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP TermAck id=0x3]
Aug 19 08:42:25 home pppd[2184]: Connection terminated.
Aug 19 08:42:25 home avahi-daemon[523]: Withdrawing workstation service for ppp0.
Aug 19 08:42:25 home NetworkManager[521]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:25 home pppd[2184]: Exit.
I have now modified my /etc/ppp/pap-secrets file to look like below.
# INBOUND connections
# Every regular user can use PPP and has to use passwords from /etc/passwd
karthik * "godfather" *
#karthik * "godfather" *
#home * "godfather" *
# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest hostname "*" -
master hostname "*" -
#root hostname "*" -
support hostname "*" -
stats hostname "*" -
the /etc/ppp/pap-secrets file on the server looks like below.
# OUTBOUND connections
# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following
* "godfather"
I have also changed the user in my /etc/ppp/peers/myisp from root to karthik.From the debug messages (/var/log/syslog) I get the following on the client.
Aug 19 11:24:55 home pppd[2920]: Plugin rp-pppoe.so loaded.
Aug 19 11:24:55 home pppd[2920]: pppd options in effect:
Aug 19 11:24:55 home pppd[2920]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: noauth#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: user karthik#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: show-password#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: noipx#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2921]: pppd 2.4.5 started by root, uid 0
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 11:24:55 home pppd[2921]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 11:24:55 home pppd[2921]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADS session 0x12 length 12
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: PADS: Service-Name: ''
Aug 19 11:24:55 home pppd[2921]: PPP session is 18
Aug 19 11:24:55 home pppd[2921]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 11:24:55 home pppd[2921]: using channel 61
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 11:24:55 home pppd[2921]: Using interface ppp0
Aug 19 11:24:55 home pppd[2921]: Connect: ppp0 <--> eth0
Aug 19 11:24:55 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:56 home pppd[2921]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:56 home pppd[2921]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoReq id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: sent [PAP AuthReq id=0x1 user="karthik" password="godfather"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoReq id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoRep id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoRep id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: rcvd [PAP AuthNak id=0x1 "Login incorrect"]
Aug 19 11:24:58 home pppd[2921]: Remote message: Login incorrect
Aug 19 11:24:58 home pppd[2921]: PAP authentication failed
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermReq id=0x2 "Authentication failed"]
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: Connection terminated.
Aug 19 11:24:58 home avahi-daemon[628]: Withdrawing workstation service for ppp0.
Aug 19 11:24:58 home NetworkManager[626]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:58 home pppd[2921]: Exit.
From the log it looks like the client is sending the right user name and password to the server.But the server is for some reason failing to authenticate the user karthik with the secret "godfather".I suspect that there is some mistake in configuration of pap-secrets file on the server.But can't figure out what.Can anyone point me in the right direction?
"peer refused to authenticate" is the explanation. It's logged by your client's pppd, so the server is the peer that it's referring to.
PPP is not inherently a client-server protocol. It's symmetric. That means each end of the connection can require the other end to authenticate itself. In ISP-like configurations, authentication goes only one way. The client proves its identity to the server, but the server doesn't prove its identity to the client.
If you want to use that type of setup, you have to give the client's pppd the
noauth
option, which tells it not to require authentication from the server. Adding it to/etc/ppp/peers/myisp
should do it.If you want to authenticate both ways, that should be doable too.
update
Since you've posted the latest logs, the new problem is the
login
option.login
means that the client's PAP password is expected to match the user's password in the system user database (i.e./etc/passwd
and friends). If you're trying to define the password exclusively throughpap-secrets
, remove thelogin
option.