Aug

Building PPPoE Server with Mikrotik

Tag » PPPoE, Server, Mikrotik, PPPoE Server, PPPoE Client

Written by nofee

There are two types of interface (tunnel) items in PPTP server configuration - static users and dynamic connections. An interface is created for each tunnel established to the given server. Static interfaces are added administratively if there is a need to reference the particular interface name (in firewall rules or elsewhere) created for the particular user. Dynamic interfaces are added to this list automatically whenever a user is connected and its username does not match any existing static entry (or in case the entry is active already, as there can not be two separate tunnel interfaces referenced by the same name). Dynamic interfaces appear when a user connects and disappear once the user disconnects, so it is impossible to reference the tunnel created for that use in router configuration (for example, in firewall), so if you need a persistent rules for that user, create a static entry for him/her. Otherwise it is safe to use dynamic configuration.
In here, we need two ethernet interface.
First configure ethernet interface:

[admin@PPPoE-Server] ip address> add address=10.1.0.3/24 interface=Local
[admin@PPPoE-Server] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.1.0.3/24 10.1.0.0 10.1.0.255 Local

[admin@PPPoE-Server] ip address> /ip route
[admin@PPPoE-Server] ip route> add gateway=10.1.0.1
[admin@PPPoE-Server] ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.1.0.0/24 10.1.0.3 0 Local
1 A S 0.0.0.0/0 r 10.1.0.1 1 Local

[admin@PPPoE-Server] ip route> /interface ethernet
[admin@PPPoE-Server] interface ethernet> set Local arp=proxy-arp
[admin@PPPoE-Server] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R Local 1500 00:0C:42:03:25:53 proxy-arp

[admin@PPPoE-Server] interface ethernet>

Then add PPPoE Server to the other ethernet interface:

[admin@PPPoE-Server] interface pppoe-server server> add interface=Local \
service-name=mt one-session-per-host=yes disabled=no

[admin@PPPoE-Server] interface pppoe-server server> print
Flags: X - disabled
0 service-name="mt" interface=Local max-mtu=1480 max-mru=1480 mrru=disabled
authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10
one-session-per-host=yes max-sessions=0 default-profile=default

[admin@PPPoE-Server] interface pppoe-server server>

Then, we can setup PPPoE clients:

[admin@PPPoE-Server] ip pool> add name=pppoe ranges=10.1.0.100-10.1.0.200
[admin@PPPoE-Server] ip pool> print
# NAME RANGES
0 pppoe 10.1.0.100-10.1.0.200

[admin@PPPoE-Server] ip pool> /ppp profile
[admin@PPPoE-Server] ppp profile> set default use-encryption=yes local-address=10.1.0.3 remote-address=pppoe
[admin@PPPoE-Server] ppp profile> print
Flags: * - default
0 * name="default" local-address=10.1.0.3 remote-address=pppoe
use-compression=no use-vj-compression=no use-encryption=yes only-one=no
change-tcp-mss=yes
1 * name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=default

[admin@PPPoE-Server] ppp profile> .. secret
[admin@PPPoE-Server] ppp secret> add name=test1 password=pass1 service=pppoe
[admin@PPPoE-Server] ppp secret> add name=test2 password=pass2 service=pppoe
[admin@PPPoE-Server] ppp secret> print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 test1 pppoe pass1 default 0.0.0.0
1 test2 pppoe pass2 default 0.0.0.0

[admin@PPPoE-Server] ppp secret>

Thus we have completed the configuration and added two users : test1 and test2 who are able to connect to Internet using PPPoE client software.
Note that Windows XP built-in client supports encryption, but RASPPPOE does not. So, if it is planned not to support Windows clients older than Windows XP, it is recommended not to require encryption. In other case, the server will accept clients that do not encrypt data.
Reference :
Mikrotik Document.

Bookmark

Email This

Trackback(0)

TrackBack URI for this entry