The
pppoe interface encapsulates
Point-to-Point Protocol (PPP) packets inside Ethernet frames as defined by
RFC2516.
This is often used to connect a router via a DSL modem to an access concentrator. The
pppoe interface does not by itself transmit or receive frames, but needs an Ethernet interface to do so. This Ethernet interface is connected to the
pppoe interface via
pppoectl(8). The Ethernet interface needs to be marked UP, but does not need to have an IP address.
There are two basic modes of operation, controlled via the
link1 switch. The default mode,
link1 not being set, tries to keep the configured session open all the time. If the session is disconnected, a new connection attempt is started immediately. The “dial on demand” mode, selected by setting
link1, only establishes a connection when data is being sent to the interface.
If the kernel is compiled with options
PPPOE_SERVER, there are two modes of connection, controlled via the
link0 switch. The default mode,
link0 not being set, is client mode. The “PPPoE server” mode, selected by setting
link0, is to wait for incoming PPPoE session.
Before a
pppoe interface is usable, it needs to be configured. The following steps are necessary:
•
Connect an Ethernet interface. This interface is used for the physical communication. As noted above it must be marked UP, but need not have an IP address.
•
Configure authentication. The PPP session needs to identify the client to the peer. For more details on the available options see
pppoectl(8).
This all is typically accomplished using an
/etc/ifconfig.pppoe0 file.
MSS/MTU problems
If you are using a
pppoe interface, you will have an unusually low MTU for today's Internet. Combined with a lot of misconfigured sites (host using path MTU discovery behind a router blocking all ICMP traffic) this will often cause problems. Connections to these servers will only work if your system advertises the right MSS in the TCP three way handshake. To get the right MSS, you need to set
# Obey interface MTUs when calculating MSS
net.inet.tcp.mss_ifmtu=1
in your
/etc/sysctl.conf file. This causes the calculated MSS to be based on the MTU of the interface via which the packet is sent. This is always the right value if you are sure the answer to this packet will be received on the same interface (i.e., you only have one interface connected to the Internet.)
Unfortunately this sysctl does not fix the MSS advertised by hosts in the network behind a
pppoe connected router. To fix this you need
MSS-clamping, explained below.
Setting up NAT with MSS-clamping
Some systems behind misconfigured firewalls try to use Path-MTU-Discovery, while their firewall blocks all ICMP messages. This is an illegal, but not uncommon, setup. Typically you will have no chance to fix this (remote, outside of your control) setup. And sometimes you will have to use such remote systems (to download data from them, or to do your online banking).
Without special care systems as described above will not be able to send larger chunks of data to a system connected via
pppoe. But there is a workaround (some may call it cheating): pretend to not be able to handle large packets, by sending a small MSS (maximum segment size) option during initial TCP handshake.
For connections originating from your
pppoe connected machines, this is accomplished by setting the sysctl variable
net.inet.tcp.mss_ifmtu to 1 (see above). For connections originating from systems behind your
pppoe router, you need to set the
mssclamp options in your NAT rules, like in this example of
/etc/ipnat.conf:
map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp 44000:49999 mssclamp 1440
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1440
If you do not use NAT, you need to set up a 1:1 NAT rule, just to get the clamping:
map pppoe0 x.x.x.x/24 -> 0/0 mssclamp 1440
The above examples assume a MTU of 1492 bytes. If the MTU on your PPPoE connection is smaller use the MTU - 52 bytes for clamping e.g. 1408 bytes for a MTU of 1460 bytes.
Note: The theoretically correct value for the above example would be 1452 bytes (it accounts for the smaller PPPoE MTU, the TCP header and the maximum of 0x40 bytes of TCP options) but it seems to not be sufficient in some cases. Experiments conducted by various people have shown that clamping to the MSS values suggested above works best.