OpenBSD and PPPoE
I'm using a new ISP (since I moved to a different country) which does not provide a DSL modem as part of the subscription. So I bought the first ADSL2+ modem I found that was not also a router (since I have my own router).
I ended up with a D-Link DSL-320T. I was a bit disappointed to see that the modem DOES some routing… but quite poorly. I tried several configurations and my conclusion is that this modem is severely bugged. It's based on an old BusyBox 0.60 (you can telnet the modem to see that and do some stuff manually (if you manage to…)). I went on D-Link website to find firmware updates… the firmware loaded in the modem is more recent that the ones I found on the website! Anyway, after some research, it looks like D-Link people have no clue about how to manage version numbers (it's a complete mess), but it's not a problem since the modem does not want to load any firmware (there is something in the interface to do that but it did nothing when I tried).
At some point I find out that the modem has a "bridged" mode, so it will do mostly nothing and I will have to do the authentication with the ISP on my OpenBSD 4.5 router.
PPPoE
Configuring PPPoE on OpenBSD is quite easy. The modem is connected to the rl0 interface, first we need to create a configuration file /etc/hostname.pppoe0 for the new PPPoE interface pppoe0:
/etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE pppoedev rl0 authproto pap authname LOGIN authkey PASSWORD up
dest 0.0.0.1
!/sbin/route add default 0.0.0.1
Replace LOGIN and PASSWORD with the credentials given by your ISP. The rl0 interface does not need any configuration except telling that the interface must be started. /etc/hostname.rl0 must contain only:
/etc/hostname.rl0
up
Restart network interfaces with the following command:
# sh /etc/netstart
ifconfig should now include pppoe0 configuration.
NAT and PF
I saw on some forums/mailing lists that since PF is started before the pppoe0 interface, PF might block the connection. I'm not having the problem right now, maybe for older versions of OpenBSD. Anyway, I had a different one. When PF starts, the pppoe0 interface does not have yet retrieve an IP, so PF is using 0.0.0.0.
For instance in /etc/pf.conf, I had the following lines to create a NAT between pppoe0 and rl1 (rl1 is the interface on my local network):
ext_if="pppoe0"
int_if="rl1"
nat on $ext_if inet from $int_if:network to any -> $ext_if
In order to tell PF to monitor the external interface's IP, it just needs to be put between brackets, so the NAT command becomes:
nat on $ext_if inet from $int_if:network to any -> ($ext_if)
Links
- http://www.openbsd-wiki.org/index.php?title=PPPoE_Router_and_Firewall
- http://www.nabble.com/OpenBSD-as-DSL-Router-using-hostname.pppoe0--td14533985.html
- http://www.openbsd.org/faq/pf/nat.html#config
Comments Add one by sending me an email.