Page MenuHomePhabricator

accel-ppp: IPoE implementation
Closed, ResolvedPublicFEATURE REQUEST

Description

Another feature supported by accel-ppp and widely used is IPoE
We will need to add it after PPPoE

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

syncer renamed this task from Implement IPoE to accel-ppp: IPoE .Nov 9 2018, 10:06 PM
syncer renamed this task from accel-ppp: IPoE to accel-ppp: IPoE implementation.
syncer triaged this task as Normal priority.
syncer created this task.
syncer created this object with edit policy "Custom Policy".

In case someone else finds it helpful:
http://telecomsite.ru/upload/news/using_pppoe_and_ipoe.pdf
Gonna start shortly with IPoE implementation.

hagbard changed the task status from Open to In progress.Nov 20 2018, 5:56 PM

For the ones who want to follow or having an early glimpse: https://github.com/hagbard-01/vyos-1x/tree/IPoE

It seems that local auth is impossible, all I found is to configure it against radius, user should check abills as billing system. (https://sourceforge.net/projects/abills/)
If anyone knows how to use local authentication like chap or pap or anything, let me know please. Otherwise IPoE seems a real nice option, not as robust as ppp, but quite nice.

IPoE module test connection:
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: recv [DHCPv4 Request xid=23249d54 chaddr=08:00:27:8d:38:56 <Message-Type Request> <Server-ID 10.1.1.250> <Request-IP 10.1.1.254> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Domain-Name,MTU>]
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: send [DHCPv4 Ack xid=23249d54 yiaddr=10.1.1.254 chaddr=08:00:27:8d:38:56 <Message-Type Ack> <Server-ID 10.1.1.250> <Lease-Time 300> <T1 150> <Router 10.1.1.250> <Subnet 255.255.255.255>]
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: ipoe: session started
Nov 26 18:35:22 accel ntpd[2013]: Listen normally on 9 ipoe0 10.1.1.250 UDP 123
Nov 26 18:35:22 accel ntpd[2013]: Listen normally on 10 ipoe0 fe80::a00:27ff:fe80:636d UDP 123
Nov 26 18:35:22 accel ntpd[2013]: peers refreshed

hagbard changed the task status from In progress to On hold.Dec 6 2018, 7:16 PM
hagbard changed the task status from On hold to In progress.Dec 18 2018, 7:17 PM
pasik added a subscriber: pasik.Dec 23 2018, 10:52 AM
pa4ka added a subscriber: pa4ka.EditedMay 30 2019, 2:53 PM
In T989#26867, @hagbard wrote:

It seems that local auth is impossible, all I found is to configure it against radius, user should check abills as billing system. (https://sourceforge.net/projects/abills/)
If anyone knows how to use local authentication like chap or pap or anything, let me know please. Otherwise IPoE seems a real nice option, not as robust as ppp, but quite nice.
IPoE module test connection:
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: recv [DHCPv4 Request xid=23249d54 chaddr=08:00:27:8d:38:56 <Message-Type Request> <Server-ID 10.1.1.250> <Request-IP 10.1.1.254> <Host-Name vyos> <Request-List Subnet,Broadcast,Router,DNS,Domain-Name,MTU>]
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: send [DHCPv4 Ack xid=23249d54 yiaddr=10.1.1.254 chaddr=08:00:27:8d:38:56 <Message-Type Ack> <Server-ID 10.1.1.250> <Lease-Time 300> <T1 150> <Router 10.1.1.250> <Subnet 255.255.255.255>]
Nov 26 18:35:19 accel accel-ipoe: ipoe0:eth2: ipoe: session started
Nov 26 18:35:22 accel ntpd[2013]: Listen normally on 9 ipoe0 10.1.1.250 UDP 123
Nov 26 18:35:22 accel ntpd[2013]: Listen normally on 10 ipoe0 fe80::a00:27ff:fe80:636d UDP 123
Nov 26 18:35:22 accel ntpd[2013]: peers refreshed

If I understand you correctly.
In order for accel-ppp to work with the local chap ipoe, you need to remove the radius parameter from the modules section and set chap-secrets.
Secondly, add a user to chap-secrets like this:

set service pppoe-server authentication mode local
set service pppoe-server authentication local-users
set service pppoe-server authentication local-users username USER_MAC password USER_MAC
set service pppoe-server authentication local-users username USER_MAC static-ip USER_IP

Create a script that will select the MAC address in the username field:
accel-ppp.lua with contents:

function username (pkt)
    return pkt: hdr ('chaddr')
end

And install in the ipoe section:

lua-file=/etc/accel-ppp/accel-ppp.lua
username=lua:username
password=username

https://github.com/hagbard-01/vyos-1x/tree/IPoE

Authentication is still missing, but so far is a well working prototype. DHCP relay is going to be implemented next as well as radius before I have a look into local auth.

local auth successfully tested and started to implement. nouth can be set as an option too. radius still needs to be tested, but is always has a higher priority than any other authentication module. Shaper will be the last item implemented before it is going to be released to the rolling images, after that community can test.

All done so far, still need to do the show service commands and verify() to check the values before trying to write the config. But other than that it's working well.

hagbard changed the task status from In progress to Needs testing.Jun 27 2019, 6:44 PM

http://dev.packages.vyos.net/repositories/current/vyos/pool/main/v/vyos-1x/vyos-1x_1.3.0-16_all.deb
Will build an iso with it too, shouldn't be that much different from a functional point of view.

hagbard changed the status of subtask T1494: accel-ppp: IPoE update documentation from Open to In progress.Jun 27 2019, 8:31 PM
hagbard changed the status of subtask T1495: accel-ppp: IPoE implement IPv6 PD from Open to In progress.Jun 28 2019, 4:37 PM
Dmitry added a subscriber: Dmitry.Jul 1 2019, 9:10 AM

I was check ipoe local user authentication, with next config:

set service ipoe-server authentication interface eth1 mac-address 00:0c:29:2c:9b:d4
set service ipoe-server authentication mode 'local'
set service ipoe-server dns-server server-1 '8.8.8.8'
set service ipoe-server dns-server server-2 '8.8.4.4'
set service ipoe-server interface eth1 client-subnet '100.64.64.0/24'
set service ipoe-server interface eth1 network-mode 'L2'

How about global ip-pool without interface option?

[ip-pool]
gw-ip-address=100.64.64.1/24
gw-ip-address=100.64.0.1/16
100.64.0.3/16,name=external
100.64.64.2-255,name=pool1,next=external

[ipoe]
gw-ip-address=100.64.64.1/24
gw-ip-address=100.64.0.1/16
ip-pool=pool1
hagbard changed the status of subtask T1495: accel-ppp: IPoE implement IPv6 PD from In progress to Needs testing.Jul 2 2019, 8:12 PM

@Dmitry What would be the benefit for that? You would lose the ability to authenticate a particular mac address via a specific interface, wouldn't you?

Dmitry added a comment.Jul 3 2019, 5:32 PM

@hagbard I think authentication must work without any changes, but we just may use shared ip-address pool for any numbers of interfaces. If used current schemas, we will need adding ip-range for everyone interfaces.

@Dmitry that was actually I had in mind when I was implementing it. Otherwise it's hard to monitor if you want to have it down to specific ways it does route the traffic. Let's see if the community requests something like that. It would mean a whole buch of more flexibility but also way more items to configure and verify. IPv6 would be global anyway, so the only way there would to disable IPv6 on an interface, the subnets on Ipv6 are usually big enough, so it would only come down to Ipv4 anyway.

hagbard changed the status of subtask T1510: [IPoE] vlan-mon option implementation from Open to In progress.Jul 8 2019, 6:57 PM
hagbard closed this task as Resolved.Jul 8 2019, 9:14 PM