Community discussions

MikroTik App
 
prawira
Trainer
Trainer
Topic Author
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Help need for PPPoE Server setup

Tue Jul 01, 2008 12:40 pm

Hi all,

we wanna to setup PPPoE server to auth remote users with time base (prepaid) but we fail to setup PPPoE server.

The documentation refer at http://www.mikrotik.com/testdocs/ros/3.0/vpn/pppoe.php

The steps are :
/ip ad ad ad=192.168.1.11/28 in=ether1
/ip ad ad ad=192.168.101.1/27 in=wlan1
/ip ro ad ga=192.168.1.2
/ip dn set pri=<primary-ip> se=<secondary-ip> allow=yes
/ip po ad name=pppoe-pool ra=192.168.101.2-192.168.101.10
/in pppoe-server ser ad in=wlan1 se=internet one=yes disa=no
/ppp pr set default local=192.168.101.1 re=pppoe-pool
/ppp se ad name=test password=test
And, here are the result of configuration :
[admin@MikroTik] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.11/28 192.168.1.0 192.168.1.15 ether1
1 192.168.101.1/28 192.168.101.0 192.168.101.15 wlan1

[admin@MikroTik] > ip ro pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 reachable 192.168.1.2 1 ether1
1 ADC 192.168.1.0/28 192.168.1.11 0 ether1
2 ADC 192.168.101.0/28 192.168.101.1 0 wlan1

[admin@MikroTik] > ip po pr
# NAME RANGES
0 pppoe-pool 192.168.101.2-192.168.101.10

[admin@MikroTik] > ip fi na pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=src-nat action=masquerade out-interface=ether1

[admin@MikroTik] > /in pppoe-server ser pr
Flags: X - disabled
0 service-name="internet" interface=wlan1 max-mtu=1480 max-mru=1480 mrru=disabled authentication=pap,chap,mschap1,mschap2
keepalive-timeout=10 one-session-per-host=yes max-sessions=0 default-profile=default

[admin@MikroTik] > /pp pr pr
Flags: * - default
0 * name="default" local-address=192.168.101.1 remote-address=pppoe-pool use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes

1 * name="default-encryption" use-compression=default use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes

[admin@MikroTik] > /pp se pr
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 test pppoe test default
The problem is : no client can get ip address from pool when trying to associate.

Didi I missing something ?

Paul
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Re: Help need for PPPoE Server setup

Tue Jul 01, 2008 1:57 pm

You are running the PPPoE server on the wlan1 interface. Did you make sure that your clients have a clean layer2 path to the PPPoE server?

And please turn on debug pppoe logging on the PPPoE server and post the output from it while trying to connect with a client.
 
prawira
Trainer
Trainer
Topic Author
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 5:22 am

Thx for your answer cmit,

The client can connect verywell to MT box IF I put the following commands :
/ip dhcp server network add network=192.168.101.0/27 gateway=192.168.101.1
/ip dhcp server add name=pppoe interface=wlan1 address-pool=pppoe-pool
But, client can surf the net without having PPPoe auth.

At this point, I can do pppoe connection even if already on the net.

I was delete the above commands, as the mention reference never ask to apply them.

So the main problem is, the client can not get dhcp client ip client.

Paul
 
prawira
Trainer
Trainer
Topic Author
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 7:10 am

Gotta...

I got the answers by myself after multiple tries...

firstly, we have to define ip pool and activate dhcp-server for layer2. On firewall, block all traffict from this pool. We define this as Pool0

after that, define another pool for pppoe. we call this Pool1 and this address may not overlap to Pool0.

When client connect, it will get the address from Pool0 first. From this point client can not go to anywhere. After establish pppoe auth, it will get address from Pool1 and got auth to go to the net.

BUT.. we have another problem... the same user can login from different terminal at the same time..

Any clues ?

Paul
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 9:37 am

I'm at a loss why you are doing the DHCP server thing - there's no need for that.
Just have the PPPoE server run on the respective interface, and do NOT have an ip address on that interface (so that no-one can use the connection without logging in by PPPoE).

Regarding the multiple login problem: In the PPP profiles you can set an option called "only one" to yes. Then every username can only be connected once.

Hope this helps...
 
prawira
Trainer
Trainer
Topic Author
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 10:42 am

Thx again cmit,

We put DHCP-Server, because client already connected to server but no ip address involved at all. Both AP and client has no ip addresses. The client connection status is Limited or no connectivity, so we can not issue pppoe auth procedures.

This is a big different than hotspot where we got ip address when interface connected and send the auth for the same IP address.

Here are the snipped of setting :
[admin@MikroTik] interface pppoe-server server> pr
Flags: X - disabled
0 service-name="skynet" interface=wlan1 max-mtu=1480 max-mru=1480
authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default
And... the same user still allow to login on different terminals at the same time.

Paul
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 11:02 am

You don't need any ip address on the client or AP interface to create a PPPoE connection.

And you should not set the one-session-per-host to yes (which only prohibits more than one concurrent PPPoE session from the same client). You should the the only-one parameter in the PPP _profile_ to yes!
 
prawira
Trainer
Trainer
Topic Author
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: Help need for PPPoE Server setup

Wed Jul 02, 2008 12:59 pm

Dear Christian,

Thx for yr very quick response :D

I just try your advice... it strange for me, but it RUN.
even if the status is Limited or no connections, the PPPoE can establish the connection.

Also.. thx for yr advice regarding 'only-one'. It works now.

Another problem... client with WRT54GL+dd-wrt with client-bridge mode can not connect.
We also try using NanoStation2 with bridge mode too and it run very well.

Paul

Who is online

Users browsing this forum: Bing [Bot], CGGXANNX, nescafe2002 and 76 guests