Monday, February 9, 2015

PPPoE on Ubuntu 14.04

It took me over the course of a week and probably close to 20 hours of troubleshooting to finally get my Linux router to establish a PPPoE connection to my provider. There were two major hurdles I overcame:

  1. The first was figuring out that the VLAN going to the DSL modem needed to be manually tagged. I found out this out by connecting my Windows laptop and tagging it's VLAN on the network adapter after seeing that it was also tagged in the router they used to setup my initial connection. I suspect they do this to differentiate between the IP phone and cable box traffic.
  2. The second hurdle was properly configuring PPPoE properly in Linux. I emphasize properly because PPPoE in Linux is one of those topics that are barely documented, or if it is documented its done 50 different ways, all which don't work correctly for you — kind of like LDAP.

Adding VLAN support

Note this part may not be needed, double check your settings on a working router to see if the VLAN is configured for the WAN interface. If you are able to receive a DHCP lease, but can't establish a PPPoE connection or see any response in the PPPoE logs, you may need to tag the VLAN on your network interface.

This is the part which probably took up the majority of my time because when I ran the pppoeconf utility (like many tutorials and StackOverflow responses tell you to do), it would simply hang. I would suggest trying to use pppoeconf first to configure PPPoE (there are several tutorials out there), if that doesn't work for you, try the procedures outlined in this tutorial.

Tagging VLANs isn't supported by default in Ubuntu 14.04, luckily, the vlan package can do that for us. Install the the vlan package:

root@ubuntu:~# aptitude -yvV install vlan

Load the 8021q module and verify it is loaded:

root@ubuntu:~# modprobe 8021q
root@ubuntu:~# lsmod | grep ^8021q
8021q                  24712  0 

Ensure this module is loaded each time at boot by appending it to /etc/modules:

root@ubuntu:~# echo "8021q" >> /etc/modules

Use the vconfig utility to add a VLAN to the specified interface:

root@ubuntu:/etc/network# vconfig add eth0 20
Added VLAN with VID == 20 to IF -:eth0:-
  • In the above I tagged my eth0 interface with VLAN 20.

As additional verification you can cat the contents of /proc/net/vlan/config which would give you output similar to the following:

root@ubuntu:/etc/network# cat /proc/net/vlan/config 
VLAN Dev name  | VLAN ID
eth0.20        | 20  | eth0

This will allow you to reference the VLAN-tagged interface as eth0.20. As another example, if you were to tag your eth1 interface with VLAN 50 the interface name would be eth1.50.

Network interfaces

After issuing vconfig, you should be able to create and reference the interface in the /etc/network/interfaces file.

# WAN interface
auto eth0
iface eth0 inet dhcp

# WAN interface tagged with VLAN 20
auto eth0.20
iface eth0.20 inet manual
 vlan-raw-device eth0

Now if you have a working physical connection from your ISP facing interface to the DSL modem, you should be able to get a DHCP lease with an private IP address on the original interface, in this case eth0.

The trick was understanding that I had to tell my PPPoE client to use the eth0.20 interface, not eth0, to send the initial request for the PPPoE connection. This is where the pppoeconf setup would hang for me.


Unfortunately it's very easy to get confused between all the PPP/PPPoE packages, e.g. ppp, pppconfig, pppoe, pppoeconf, rp-pppoe, etc. Even worse, is they all dump their configuration files and scripts in the same place, the /etc/ppp directory.

The client that I ended up using was rp-pppoe by Roaring Penguin Software.

Download the tar archive from their website:

root@ubuntu:~# wget
2015-02-07 17:15:55 (167 KB/s) - ‘rp-pppoe-3.11.tar.gz’ saved [223234/223234]

Install the build-essential package which contains additional utilities needed to build packages from source:

root@ubuntu:~# aptitude -yvV install build-essential

Unarchive, change into the unarchived directory, and run the ./go script:

root@ubuntu:~# tar xvf rp-pppoe-3.11.tar.gz

root@ubuntu:~# cd rp-pppoe-3.11/

root@ubuntu:~/rp-pppoe-3.11# ls
configs  doc  go  go-gui  gui  man  README  rp-pppoe.spec  scripts  SERVPOET  src

root@ubuntu:~/rp-pppoe-3.11# ./go

Now if rp-pppoe compiled correctly it should kick off a script immediately afterwards that prompts you for input:

Welcome to the Roaring Penguin PPPoE client setup.  First, I will run
some checks on your system to make sure the PPPoE client is installed

Looks good!  Now, please enter some information:


>>> Enter your PPPoE user name (default dsluser


>>> Enter the Ethernet interface connected to the DSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethn, where 'n' is a number.
(default eth0): eth0.20

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You may have some problems with demand-activated links.
>>> Enter the demand value (default no): 


Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
>>> Enter the DNS information here: server


>>> Please enter your PPPoE password:    
>>> Please re-enter your PPPoE password: 


Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself.  Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules.  You are responsible
          for ensuring the security of your machine.  You are STRONGLY
          recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
                for a LAN
>>> Choose a type of firewall (0-2): 0

** Summary of what you entered **

Ethernet Interface: eth0.20
User name:          dsluser
Activate-on-demand: No
DNS addresses:      Supplied by ISP's server
Firewalling:        NONE

>>> Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
  (But first backing it up to /etc/ppp/pap-secrets-bak)
  (But first backing it up to /etc/ppp/chap-secrets-bak)

Congratulations, it should be all set up!

Type 'pppoe-start' to bring up your PPPoE link and 'pppoe-stop' to bring
it down.  Type 'pppoe-status' to see the link status.
  • This script will create the /etc/ppp/pppoe.conf populated with configuration parameters that you provided as input.
  • It will also put the username and password into the /etc/ppp/pap-secrets and /etc/ppp/chap-secrets file for you.

Again, note that I specified my VLAN-tagged interface eth0.20 as my interface connected to the DSL modem, and not eth0.

Now you should be able to run pppoe-start:

root@ubuntu:~/rp-pppoe-3.11# pppoe-start
. Connected!

The plog command will show you logging information from the initiated connection:

root@d54250wyk:~# plog
Feb  7 15:32:08 ubuntu pppd[2134]: Remote message: Login ok
Feb  7 15:32:08 ubuntu pppd[2134]: PAP authentication succeeded
Feb  7 15:32:08 ubuntu pppd[2134]: not replacing existing default route via
Feb  7 15:32:08 ubuntu pppd[2134]: local  IP address
Feb  7 15:32:08 ubuntu pppd[2134]: remote IP address
Feb  7 15:32:08 ubuntu pppd[2134]: primary   DNS address
Feb  7 15:32:08 ubuntu pppd[2134]: secondary DNS address

You should now have a ppp0 interface, use ifconfig or ip addr ls to verify it is there.

In the above output you can see the message not replacing existing default route via This was the default route that was obtained from the original DHCP lease on the eth0 interface. There was a bug in the rp-pppoe utility that regardless of settings in the /etc/ppp/pppoe.conf file, it would not obtain and correctly replace the default route via the ppp0 interface.

To resolve this issue, and correctly obtain the default route upon connect, delete all the files in the /etc/ppp/peers/ directory:

root@ubuntu:~# rm -v /etc/ppp/peers/*
removed ‘/etc/ppp/peers/dsl-provider’
removed ‘/etc/ppp/peers/dsl-provider.dpkg-old’
removed ‘/etc/ppp/peers/provider’

Run pppoe-stop and pppoe-start to connect again:

root@ubuntu:/etc/openvpn# pppoe-stop
Killing pppd (2769)
Killing pppoe-connect (2749)

root@ubuntu:/etc/openvpn# pppoe-start
. Connected!

After your connection is established and verified, your configurations for all your network applications, such as iptables should reference the ppp0 interface as your primary interface.

No comments:

Post a Comment