pppoe(4) and vlan(4)

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

pppoe(4) and vlan(4)

Thomas Huber
Hi misc,

i got the opportuniy to have 4 ADSL links to my rural site.
Two links have already been there and OpenBSD -stable running a APU2 is
shaping the traffic between this two links.

But now I struggle with setting up the 3rd (pppoe2) link.
As far as I know I´ve to go through a  vlan(4) with vnetid 7 and this seems
to be valid information
because the pppoe debug-logs are more extensive than when trying to connect
without the vlan between em0 and pppoe2:

# cat /var/log/messages
[...]
Feb 25 10:14:49 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
88:a2:5e:1e:52:88, len=17
Feb 25 10:14:49 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x43
len=14
05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Feb 25 10:14:49 router /bsd: pppoe2: lcp req-sent->ack-rcvd
Feb 25 10:14:50 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
Feb 25 10:14:50 router /bsd: pppoe2: lcp ack-rcvd->req-sent
Feb 25 10:14:50 router /bsd: pppoe2: lcp output <conf-req id=0x44 len=14
05-06-d3-66-5d-a2-01-04-05-d4>
Feb 25 10:14:50 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
88:a2:5e:1e:52:88, len=22
Feb 25 10:14:50 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x44
len=14
05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Feb 25 10:14:50 router /bsd: pppoe2: lcp req-sent->ack-rcvd
Feb 25 10:14:51 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
Feb 25 10:14:51 router /bsd: pppoe2: lcp ack-rcvd->req-sent
Feb 25 10:14:51 router /bsd: pppoe2: lcp output <conf-req id=0x45 len=14
05-06-d3-66-5d-a2-01-04-05-d4>
Feb 25 10:14:51 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
88:a2:5e:1e:52:88, len=22
Feb 25 10:14:51 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x45
len=14
05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Feb 25 10:14:51 router /bsd: pppoe2: lcp req-sent->ack-rcvd

But to be honest I don´t know what this means and where to look furhter.
The ADSL modem is able to sync and a ISP-provided router-modem is also able
to establish connection.

# cat /etc/hostname.pppoe2

inet 0.0.0.0 255.255.255.255 NONE \
        pppoedev vlan0 authproto pap \
        authname 'xxx' authkey 'xxx'
dest 0.0.0.3
inet6 eui64
debug
up
!/sbin/route add default -ifp pppoe1 0.0.0.3
!/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe2

# cat /etc/hostname.vlan0

inet 0.0.0.3 255.255.255.255 NONE descr VODDSL vlan 7 vlandev em0

# cat /etc/hostname.em0

up

Without understanding the internals of ADSL or PPPoE, I just copied this
configuration from the functional hostname.pppoe[0|1]
but this links work fine without the additional vlan(4). Guess this is
related to something ISP-thing called "BNG"
The reated ISP is Vodafone in Germany which is using the Telekom
infrastrcture just in case this is relevant.

Anybody andy clue how to set this connection up correctly or where to look?
Thanks

--mirac
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Markus Hennecke
Am 25.02.2019 um 16:30 schrieb Thomas Huber:

> Hi misc,
>
> i got the opportuniy to have 4 ADSL links to my rural site.
> Two links have already been there and OpenBSD -stable running a APU2 is
> shaping the traffic between this two links.
>
> But now I struggle with setting up the 3rd (pppoe2) link.
> As far as I know I´ve to go through a  vlan(4) with vnetid 7 and this seems
> to be valid information
> because the pppoe debug-logs are more extensive than when trying to connect
> without the vlan between em0 and pppoe2:
>
> # cat /var/log/messages
> [...]
> Feb 25 10:14:49 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
> 88:a2:5e:1e:52:88, len=17
> Feb 25 10:14:49 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x43
> len=14
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> Feb 25 10:14:49 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> Feb 25 10:14:50 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> Feb 25 10:14:50 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> Feb 25 10:14:50 router /bsd: pppoe2: lcp output <conf-req id=0x44 len=14
> 05-06-d3-66-5d-a2-01-04-05-d4>
> Feb 25 10:14:50 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
> 88:a2:5e:1e:52:88, len=22
> Feb 25 10:14:50 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x44
> len=14
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> Feb 25 10:14:50 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> Feb 25 10:14:51 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> Feb 25 10:14:51 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> Feb 25 10:14:51 router /bsd: pppoe2: lcp output <conf-req id=0x45 len=14
> 05-06-d3-66-5d-a2-01-04-05-d4>
> Feb 25 10:14:51 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
> 88:a2:5e:1e:52:88, len=22
> Feb 25 10:14:51 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x45
> len=14
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> Feb 25 10:14:51 router /bsd: pppoe2: lcp req-sent->ack-rcvd
>
> But to be honest I don´t know what this means and where to look furhter.
> The ADSL modem is able to sync and a ISP-provided router-modem is also able
> to establish connection.
>
> # cat /etc/hostname.pppoe2
>
> inet 0.0.0.0 255.255.255.255 NONE \
>         pppoedev vlan0 authproto pap \
>         authname 'xxx' authkey 'xxx'
> dest 0.0.0.3
> inet6 eui64
> debug
> up
> !/sbin/route add default -ifp pppoe1 0.0.0.3
> !/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe2

Why does it mention pppoe1 in the route add statements here? If I'm not
mistaken these should be pppoe2.

>
> # cat /etc/hostname.vlan0
>
> inet 0.0.0.3 255.255.255.255 NONE descr VODDSL vlan 7 vlandev em0

Why do you have 0.0.0.3 assigned to the vlan interface? My 6.4 router
just has "vnetid 7 parent em0" + "up" in /etc/hostname.vlan7.

> # cat /etc/hostname.em0
>
> up
>
> Without understanding the internals of ADSL or PPPoE, I just copied this
> configuration from the functional hostname.pppoe[0|1]
> but this links work fine without the additional vlan(4). Guess this is
> related to something ISP-thing called "BNG"
> The reated ISP is Vodafone in Germany which is using the Telekom
> infrastrcture just in case this is relevant.
>
> Anybody andy clue how to set this connection up correctly or where to look?
> Thanks

Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
Hi Markus,

I just spotted the typo too but doesn´t make difference when setting to
pppoe2.
I guess the handshake doesn´t get that far.

The inet within the vlan0 ist just a leftover from trying around. Cleaning
it up couldn´t
establish the connection neither.

--mirac



On Mon, 25 Feb 2019 at 17:14, Markus Hennecke <
[hidden email]> wrote:

> Am 25.02.2019 um 16:30 schrieb Thomas Huber:
> > Hi misc,
> >
> > i got the opportuniy to have 4 ADSL links to my rural site.
> > Two links have already been there and OpenBSD -stable running a APU2 is
> > shaping the traffic between this two links.
> >
> > But now I struggle with setting up the 3rd (pppoe2) link.
> > As far as I know I´ve to go through a  vlan(4) with vnetid 7 and this
> seems
> > to be valid information
> > because the pppoe debug-logs are more extensive than when trying to
> connect
> > without the vlan between em0 and pppoe2:
> >
> > # cat /var/log/messages
> > [...]
> > Feb 25 10:14:49 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> > 88:a2:5e:1e:52:88, len=17
> > Feb 25 10:14:49 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x43
> > len=14
> >
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> > Feb 25 10:14:49 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> > Feb 25 10:14:50 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> > Feb 25 10:14:50 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> > Feb 25 10:14:50 router /bsd: pppoe2: lcp output <conf-req id=0x44 len=14
> > 05-06-d3-66-5d-a2-01-04-05-d4>
> > Feb 25 10:14:50 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> > 88:a2:5e:1e:52:88, len=22
> > Feb 25 10:14:50 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x44
> > len=14
> >
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> > Feb 25 10:14:50 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> > Feb 25 10:14:51 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> > Feb 25 10:14:51 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> > Feb 25 10:14:51 router /bsd: pppoe2: lcp output <conf-req id=0x45 len=14
> > 05-06-d3-66-5d-a2-01-04-05-d4>
> > Feb 25 10:14:51 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> > 88:a2:5e:1e:52:88, len=22
> > Feb 25 10:14:51 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x45
> > len=14
> >
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> > Feb 25 10:14:51 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> >
> > But to be honest I don´t know what this means and where to look furhter.
> > The ADSL modem is able to sync and a ISP-provided router-modem is also
> able
> > to establish connection.
> >
> > # cat /etc/hostname.pppoe2
> >
> > inet 0.0.0.0 255.255.255.255 NONE \
> >         pppoedev vlan0 authproto pap \
> >         authname 'xxx' authkey 'xxx'
> > dest 0.0.0.3
> > inet6 eui64
> > debug
> > up
> > !/sbin/route add default -ifp pppoe1 0.0.0.3
> > !/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe2
>
> Why does it mention pppoe1 in the route add statements here? If I'm not
> mistaken these should be pppoe2.
>
> >
> > # cat /etc/hostname.vlan0
> >
> > inet 0.0.0.3 255.255.255.255 NONE descr VODDSL vlan 7 vlandev em0
>
> Why do you have 0.0.0.3 assigned to the vlan interface? My 6.4 router
> just has "vnetid 7 parent em0" + "up" in /etc/hostname.vlan7.
>
> > # cat /etc/hostname.em0
> >
> > up
> >
> > Without understanding the internals of ADSL or PPPoE, I just copied this
> > configuration from the functional hostname.pppoe[0|1]
> > but this links work fine without the additional vlan(4). Guess this is
> > related to something ISP-thing called "BNG"
> > The reated ISP is Vodafone in Germany which is using the Telekom
> > infrastrcture just in case this is relevant.
> >
> > Anybody andy clue how to set this connection up correctly or where to
> look?
> > Thanks
>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Stuart Henderson
In reply to this post by Markus Hennecke
On 2019-02-25, Markus Hennecke <[hidden email]> wrote:

> Am 25.02.2019 um 16:30 schrieb Thomas Huber:
>> Hi misc,
>>
>> i got the opportuniy to have 4 ADSL links to my rural site.
>> Two links have already been there and OpenBSD -stable running a APU2 is
>> shaping the traffic between this two links.
>>
>> But now I struggle with setting up the 3rd (pppoe2) link.
>> As far as I know I´ve to go through a  vlan(4) with vnetid 7 and this seems
>> to be valid information
>> because the pppoe debug-logs are more extensive than when trying to connect
>> without the vlan between em0 and pppoe2:
>>
>> # cat /var/log/messages
>> [...]
>> Feb 25 10:14:49 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
>> 88:a2:5e:1e:52:88, len=17
>> Feb 25 10:14:49 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x43
>> len=14
>> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
>> Feb 25 10:14:49 router /bsd: pppoe2: lcp req-sent->ack-rcvd
>> Feb 25 10:14:50 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
>> Feb 25 10:14:50 router /bsd: pppoe2: lcp ack-rcvd->req-sent
>> Feb 25 10:14:50 router /bsd: pppoe2: lcp output <conf-req id=0x44 len=14
>> 05-06-d3-66-5d-a2-01-04-05-d4>
>> Feb 25 10:14:50 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
>> 88:a2:5e:1e:52:88, len=22
>> Feb 25 10:14:50 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x44
>> len=14
>> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
>> Feb 25 10:14:50 router /bsd: pppoe2: lcp req-sent->ack-rcvd
>> Feb 25 10:14:51 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
>> Feb 25 10:14:51 router /bsd: pppoe2: lcp ack-rcvd->req-sent
>> Feb 25 10:14:51 router /bsd: pppoe2: lcp output <conf-req id=0x45 len=14
>> 05-06-d3-66-5d-a2-01-04-05-d4>
>> Feb 25 10:14:51 router /bsd: pppoe2 (8864) state=3, session=0xa3 output ->
>> 88:a2:5e:1e:52:88, len=22
>> Feb 25 10:14:51 router /bsd: pppoe2: lcp input(req-sent): <conf-ack id=0x45
>> len=14
>> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
>> Feb 25 10:14:51 router /bsd: pppoe2: lcp req-sent->ack-rcvd
>>
>> But to be honest I don´t know what this means and where to look furhter.
>> The ADSL modem is able to sync and a ISP-provided router-modem is also able
>> to establish connection.
>>
>> # cat /etc/hostname.pppoe2
>>
>> inet 0.0.0.0 255.255.255.255 NONE \
>>         pppoedev vlan0 authproto pap \
>>         authname 'xxx' authkey 'xxx'
>> dest 0.0.0.3
>> inet6 eui64
>> debug
>> up
>> !/sbin/route add default -ifp pppoe1 0.0.0.3
>> !/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe2
>
> Why does it mention pppoe1 in the route add statements here? If I'm not
> mistaken these should be pppoe2.
>
>>
>> # cat /etc/hostname.vlan0
>>
>> inet 0.0.0.3 255.255.255.255 NONE descr VODDSL vlan 7 vlandev em0
>
> Why do you have 0.0.0.3 assigned to the vlan interface? My 6.4 router
> just has "vnetid 7 parent em0" + "up" in /etc/hostname.vlan7.

Yes you really don't want that.

>> # cat /etc/hostname.em0
>>
>> up
>>
>> Without understanding the internals of ADSL or PPPoE, I just copied this
>> configuration from the functional hostname.pppoe[0|1]
>> but this links work fine without the additional vlan(4). Guess this is
>> related to something ISP-thing called "BNG"
>> The reated ISP is Vodafone in Germany which is using the Telekom
>> infrastrcture just in case this is relevant.
>>
>> Anybody andy clue how to set this connection up correctly or where to look?
>> Thanks
>
>

One thing you can try is replacing this

inet 0.0.0.0 255.255.255.255 NONE \
        pppoedev vlan0 authproto pap \
        authname 'xxx' authkey 'xxx'
dest 0.0.0.3

with this

inet 0.0.0.0 255.255.255.255 0.0.0.3 \
        pppoedev vlan0 authproto pap \
        authname 'xxx' authkey 'xxx'

(setting an inet address automatically brings up an interface - my
theory is that in the first case it may get too far in the negotiation
before 'dest XXX' is set).

If it doesn't help, please get a capture from tcpdump -nevvs1500 -i vlan0
and show the LCP/IPCP/IPV6CP bits there as well as the pppoe(4) debug output,
this gives a much more useful decode of the negotiation than you'll get from
the lcp-input and lcp-output lines.


Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
Hi Stuart,

and thanks for your help.
I tried yout suggestion but didn´t solve the problem.
here is the tcpdump output (i just stripped the account credentials) but I
can not read it.
Maybe you can spot something here:

# tcpdump -nevvs1500 -i em0
tcpdump: listening on em0, link-type EN10MB
12:31:45.594383 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 24: 802.1Q vid 7
pri 3 PPPoE-Discovery
        code Terminate, version 1, type 1, id 0x00a9, length 0
12:31:45.601180 00:0d:b9:43:43:b4 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q vid 7
pri 3 PPPoE-Discovery
        code Initiation, version 1, type 1, id 0x0000, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 *FV\344
12:31:50.610468 00:0d:b9:43:43:b4 ff:ff:ff:ff:ff:ff 8100 36: 802.1Q vid 7
pri 3 PPPoE-Discovery
        code Initiation, version 1, type 1, id 0x0000, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 *FV\344
12:31:50.632572 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 66: 802.1Q vid 7
pri 6 PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 42
        tag AC-Name, length 6 PREJ01
        tag Host-Uniq, length 4 *FV\344
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \273\210<|1\247\265%n\020O^\210+hW
12:31:50.639225 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 56: 802.1Q vid 7
pri 3 PPPoE-Discovery
        code Request, version 1, type 1, id 0x0000, length 32
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \273\210<|1\247\265%n\020O^\210+hW
        tag Host-Uniq, length 4 *FV\344
12:31:50.661908 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 66: 802.1Q vid 7
pri 6 PPPoE-Discovery
        code Confirm, version 1, type 1, id 0x00a9, length 42
        tag Service-Name, length 0
        tag Host-Uniq, length 4 *FV\344
        tag AC-Name, length 6 PREJ01
        tag AC-Cookie, length 16 \273\210<|1\247\265%n\020O^\210+hW
12:31:50.671832 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xf6: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:50.690713 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 6 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 20
        LCP Configure-Request Id=0xab: Max-Rx-Unit=1492 Auth-Prot=PAP
Magic-Number=526788746
12:31:50.690826 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 6 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xf6: Magic-Number=1818005467 Max-Rx-Unit=1492
12:31:50.697823 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 44: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 20
        LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492 Auth-Prot=PAP
Magic-Number=526788746
12:31:50.705446 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 65: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 41
        PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx Passwd=xxxx
12:31:51.699286 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 65: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 41
        PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx Passwd=xxxx
12:31:55.818109 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 21
        LCP Configure-Request Id=0x02: Max-Rx-Unit=1492 Auth-Prot=CHAP/MD5
Magic-Number=3828540274
12:31:55.825121 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 35: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 11
        LCP Configure-Nak Id=0x02: Auth-Prot=PAP
12:31:55.832161 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xf9: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:55.866611 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xf9: Magic-Number=1818005467 Max-Rx-Unit=1492
12:31:56.830875 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xfa: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:56.861479 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xfa: Magic-Number=1818005467 Max-Rx-Unit=1492
12:31:57.831250 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xfb: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:57.862230 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xfb: Magic-Number=1818005467 Max-Rx-Unit=1492
12:31:58.831249 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xfc: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:58.862324 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xfc: Magic-Number=1818005467 Max-Rx-Unit=1492
12:31:59.831709 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xfd: Magic-Number=1818005467
Max-Rx-Unit=1492
12:31:59.862385 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xfd: Magic-Number=1818005467 Max-Rx-Unit=1492
12:32:00.818535 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 21
        LCP Configure-Request Id=0x03: Max-Rx-Unit=1492 Auth-Prot=CHAP/MD5
Magic-Number=3430741983
12:32:00.825687 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 35: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 11
        LCP Configure-Nak Id=0x03: Auth-Prot=PAP
12:32:00.832478 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xfe: Magic-Number=1818005467
Max-Rx-Unit=1492
12:32:00.863388 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xfe: Magic-Number=1818005467 Max-Rx-Unit=1492
12:32:01.832360 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8100 40: 802.1Q vid 7
pri 3 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0xff: Magic-Number=1818005467
Max-Rx-Unit=1492
12:32:01.863184 88:a2:5e:1e:52:88 00:0d:b9:43:43:b4 8100 60: 802.1Q vid 7
pri 1 PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Ack Id=0xff: Magic-Number=1818005467 Max-Rx-Unit=1492



On Tue, 26 Feb 2019 at 01:54, Stuart Henderson <[hidden email]> wrote:

> On 2019-02-25, Markus Hennecke <[hidden email]> wrote:
> > Am 25.02.2019 um 16:30 schrieb Thomas Huber:
> >> Hi misc,
> >>
> >> i got the opportuniy to have 4 ADSL links to my rural site.
> >> Two links have already been there and OpenBSD -stable running a APU2 is
> >> shaping the traffic between this two links.
> >>
> >> But now I struggle with setting up the 3rd (pppoe2) link.
> >> As far as I know I´ve to go through a  vlan(4) with vnetid 7 and this
> seems
> >> to be valid information
> >> because the pppoe debug-logs are more extensive than when trying to
> connect
> >> without the vlan between em0 and pppoe2:
> >>
> >> # cat /var/log/messages
> >> [...]
> >> Feb 25 10:14:49 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> >> 88:a2:5e:1e:52:88, len=17
> >> Feb 25 10:14:49 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x43
> >> len=14
> >>
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> >> Feb 25 10:14:49 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> >> Feb 25 10:14:50 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> >> Feb 25 10:14:50 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> >> Feb 25 10:14:50 router /bsd: pppoe2: lcp output <conf-req id=0x44 len=14
> >> 05-06-d3-66-5d-a2-01-04-05-d4>
> >> Feb 25 10:14:50 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> >> 88:a2:5e:1e:52:88, len=22
> >> Feb 25 10:14:50 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x44
> >> len=14
> >>
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> >> Feb 25 10:14:50 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> >> Feb 25 10:14:51 router /bsd: pppoe2: lcp TO(ack-rcvd) rst_counter = 10
> >> Feb 25 10:14:51 router /bsd: pppoe2: lcp ack-rcvd->req-sent
> >> Feb 25 10:14:51 router /bsd: pppoe2: lcp output <conf-req id=0x45 len=14
> >> 05-06-d3-66-5d-a2-01-04-05-d4>
> >> Feb 25 10:14:51 router /bsd: pppoe2 (8864) state=3, session=0xa3 output
> ->
> >> 88:a2:5e:1e:52:88, len=22
> >> Feb 25 10:14:51 router /bsd: pppoe2: lcp input(req-sent): <conf-ack
> id=0x45
> >> len=14
> >>
> 05-06-d3-66-5d-a2-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
> >> Feb 25 10:14:51 router /bsd: pppoe2: lcp req-sent->ack-rcvd
> >>
> >> But to be honest I don´t know what this means and where to look furhter.
> >> The ADSL modem is able to sync and a ISP-provided router-modem is also
> able
> >> to establish connection.
> >>
> >> # cat /etc/hostname.pppoe2
> >>
> >> inet 0.0.0.0 255.255.255.255 NONE \
> >>         pppoedev vlan0 authproto pap \
> >>         authname 'xxx' authkey 'xxx'
> >> dest 0.0.0.3
> >> inet6 eui64
> >> debug
> >> up
> >> !/sbin/route add default -ifp pppoe1 0.0.0.3
> >> !/sbin/route add -inet6 default -ifp pppoe1 fe80::%pppoe2
> >
> > Why does it mention pppoe1 in the route add statements here? If I'm not
> > mistaken these should be pppoe2.
> >
> >>
> >> # cat /etc/hostname.vlan0
> >>
> >> inet 0.0.0.3 255.255.255.255 NONE descr VODDSL vlan 7 vlandev em0
> >
> > Why do you have 0.0.0.3 assigned to the vlan interface? My 6.4 router
> > just has "vnetid 7 parent em0" + "up" in /etc/hostname.vlan7.
>
> Yes you really don't want that.
>
> >> # cat /etc/hostname.em0
> >>
> >> up
> >>
> >> Without understanding the internals of ADSL or PPPoE, I just copied this
> >> configuration from the functional hostname.pppoe[0|1]
> >> but this links work fine without the additional vlan(4). Guess this is
> >> related to something ISP-thing called "BNG"
> >> The reated ISP is Vodafone in Germany which is using the Telekom
> >> infrastrcture just in case this is relevant.
> >>
> >> Anybody andy clue how to set this connection up correctly or where to
> look?
> >> Thanks
> >
> >
>
> One thing you can try is replacing this
>
> inet 0.0.0.0 255.255.255.255 NONE \
>         pppoedev vlan0 authproto pap \
>         authname 'xxx' authkey 'xxx'
> dest 0.0.0.3
>
> with this
>
> inet 0.0.0.0 255.255.255.255 0.0.0.3 \
>         pppoedev vlan0 authproto pap \
>         authname 'xxx' authkey 'xxx'
>
> (setting an inet address automatically brings up an interface - my
> theory is that in the first case it may get too far in the negotiation
> before 'dest XXX' is set).
>
> If it doesn't help, please get a capture from tcpdump -nevvs1500 -i vlan0
> and show the LCP/IPCP/IPV6CP bits there as well as the pppoe(4) debug
> output,
> this gives a much more useful decode of the negotiation than you'll get
> from
> the lcp-input and lcp-output lines.
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Stuart Henderson
On 2019/02/26 12:36, Thomas Huber wrote:
> Hi Stuart,
>
> and thanks for your help.
> I tried yout suggestion but didn´t solve the problem.
> here is the tcpdump output (i just stripped the account credentials) but I can not read it.
> Maybe you can spot something here:
>
> # tcpdump -nevvs1500 -i em0
> tcpdump: listening on em0, link-type EN10MB

Reformatted a bit:

OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492 Auth-Prot=PAP Magic-Number=526788746
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492 Auth-Prot=PAP Magic-Number=526788746
OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx Passwd=xxxx
OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx Passwd=xxxx
JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492 Auth-Prot=CHAP/MD5 Magic-Number=3828540274
OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492 Auth-Prot=CHAP/MD5 Magic-Number=3430741983
OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe: Magic-Number=1818005467 Max-Rx-Unit=1492
OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff: Magic-Number=1818005467 Max-Rx-Unit=1492
JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff: Magic-Number=1818005467 Max-Rx-Unit=1492

It looks like this could be as simple as the other side needing CHAP
instead of PAP.  Please try that next.

Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
with chap the tcpdump looks like this:

#tcpdump -nevvs1500 -i vlan0
tcpdump: listening on vlan0, link-type EN10MB
13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0x24: Magic-Number=988888519
Max-Rx-Unit=1492
13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0x25: Magic-Number=988888519
Max-Rx-Unit=1492
13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0x26: Magic-Number=988888519
Max-Rx-Unit=1492
13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x00a9, length 16
        LCP Configure-Request Id=0x27: Magic-Number=988888519
Max-Rx-Unit=1492
....

but no connection esblished.

On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]> wrote:

> On 2019/02/26 12:36, Thomas Huber wrote:
> > Hi Stuart,
> >
> > and thanks for your help.
> > I tried yout suggestion but didn´t solve the problem.
> > here is the tcpdump output (i just stripped the account credentials) but
> I can not read it.
> > Maybe you can spot something here:
> >
> > # tcpdump -nevvs1500 -i em0
> > tcpdump: listening on em0, link-type EN10MB
>
> Reformatted a bit:
>
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
> Auth-Prot=PAP Magic-Number=526788746
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
> Auth-Prot=PAP Magic-Number=526788746
> OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
> Passwd=xxxx
> OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
> Passwd=xxxx
> JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
> Auth-Prot=CHAP/MD5 Magic-Number=3828540274
> OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
> Auth-Prot=CHAP/MD5 Magic-Number=3430741983
> OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe: Magic-Number=1818005467
> Max-Rx-Unit=1492
> OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff: Magic-Number=1818005467
> Max-Rx-Unit=1492
> JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff: Magic-Number=1818005467
> Max-Rx-Unit=1492
>
> It looks like this could be as simple as the other side needing CHAP
> instead of PAP.  Please try that next.
>
>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Sebastian Benoit
Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:

> with chap the tcpdump looks like this:
>
> #tcpdump -nevvs1500 -i vlan0
> tcpdump: listening on vlan0, link-type EN10MB
> 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
>         code Session, version 1, type 1, id 0x00a9, length 16
>         LCP Configure-Request Id=0x24: Magic-Number=988888519
> Max-Rx-Unit=1492
> 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
>         code Session, version 1, type 1, id 0x00a9, length 16
>         LCP Configure-Request Id=0x25: Magic-Number=988888519
> Max-Rx-Unit=1492
> 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
>         code Session, version 1, type 1, id 0x00a9, length 16
>         LCP Configure-Request Id=0x26: Magic-Number=988888519
> Max-Rx-Unit=1492
> 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
>         code Session, version 1, type 1, id 0x00a9, length 16
>         LCP Configure-Request Id=0x27: Magic-Number=988888519
> Max-Rx-Unit=1492
> ....
>
> but no connection esblished.
>
> On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]> wrote:
>
> > On 2019/02/26 12:36, Thomas Huber wrote:
> > > Hi Stuart,
> > >
> > > and thanks for your help.
> > > I tried yout suggestion but didn??t solve the problem.
> > > here is the tcpdump output (i just stripped the account credentials) but
> > I can not read it.
> > > Maybe you can spot something here:
> > >
> > > # tcpdump -nevvs1500 -i em0
> > > tcpdump: listening on em0, link-type EN10MB
> >
> > Reformatted a bit:
> >
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
> > Auth-Prot=PAP Magic-Number=526788746
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
> > Auth-Prot=PAP Magic-Number=526788746
> > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
> > Passwd=xxxx
> > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
> > Passwd=xxxx
> > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
> > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
> > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
> > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
> > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff: Magic-Number=1818005467
> > Max-Rx-Unit=1492
> >
> > It looks like this could be as simple as the other side needing CHAP
> > instead of PAP.  Please try that next.
> >

Two possibilities not mentioned yet: some providers want specific values in
the priority field of the vlan packets, maybe try playing with the txprio
option could help.

The other thing is: if your provider (Vodafone) uses CHAP cauthentication,
you run into a problem, because you connect through Deutsche Telekom. The
way this works is, that you authenticate with DTAG, who wants PAP. They
notice your @vodafone handle and they hand your authentication off to that
providers radius service. Unfortunatly if they have different authentication
protocols, this does not work, because the openbsd pppoe wont switch from
PAP to CHAP.

/Benno

Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Stuart Henderson
On 2019/02/26 16:38, Sebastian Benoit wrote:

> Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:
> > with chap the tcpdump looks like this:
> >
> > #tcpdump -nevvs1500 -i vlan0
> > tcpdump: listening on vlan0, link-type EN10MB
> > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
> >         code Session, version 1, type 1, id 0x00a9, length 16
> >         LCP Configure-Request Id=0x24: Magic-Number=988888519
> > Max-Rx-Unit=1492
> > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
> >         code Session, version 1, type 1, id 0x00a9, length 16
> >         LCP Configure-Request Id=0x25: Magic-Number=988888519
> > Max-Rx-Unit=1492
> > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
> >         code Session, version 1, type 1, id 0x00a9, length 16
> >         LCP Configure-Request Id=0x26: Magic-Number=988888519
> > Max-Rx-Unit=1492
> > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session
> >         code Session, version 1, type 1, id 0x00a9, length 16
> >         LCP Configure-Request Id=0x27: Magic-Number=988888519
> > Max-Rx-Unit=1492
> > ....
> >
> > but no connection esblished.
> >
> > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]> wrote:
> >
> > > On 2019/02/26 12:36, Thomas Huber wrote:
> > > > Hi Stuart,
> > > >
> > > > and thanks for your help.
> > > > I tried yout suggestion but didn??t solve the problem.
> > > > here is the tcpdump output (i just stripped the account credentials) but
> > > I can not read it.
> > > > Maybe you can spot something here:
> > > >
> > > > # tcpdump -nevvs1500 -i em0
> > > > tcpdump: listening on em0, link-type EN10MB
> > >
> > > Reformatted a bit:
> > >
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
> > > Auth-Prot=PAP Magic-Number=526788746
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
> > > Auth-Prot=PAP Magic-Number=526788746
> > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
> > > Passwd=xxxx
> > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
> > > Passwd=xxxx
> > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
> > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
> > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
> > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
> > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff: Magic-Number=1818005467
> > > Max-Rx-Unit=1492
> > >
> > > It looks like this could be as simple as the other side needing CHAP
> > > instead of PAP.  Please try that next.
> > >
>
> Two possibilities not mentioned yet: some providers want specific values in
> the priority field of the vlan packets, maybe try playing with the txprio
> option could help.

I don't think this is happening here, you don't usually get any LCP in
that case, just no response to PADI. Plus frames with the Juniper MAC
address have varying priority (I snipped it from my shortened version
but it was in Thomas's original) and in the cases fixed by forcing
priority, the provider's frames have zero bytes (prio 1).

> The other thing is: if your provider (Vodafone) uses CHAP cauthentication,
> you run into a problem, because you connect through Deutsche Telekom. The
> way this works is, that you authenticate with DTAG, who wants PAP. They
> notice your @vodafone handle and they hand your authentication off to that
> providers radius service. Unfortunatly if they have different authentication
> protocols, this does not work, because the openbsd pppoe wont switch from
> PAP to CHAP.

This would totally explain what we're seeing. It should be possible to
change that but maybe a bit fiddly to do without a test environment ..

Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
hmmm just played around and for ADSL-link 1 and 2 which are provided by the
Deutsche Telekom it is not important if it is chap or pap, works both.




On Tue, 26 Feb 2019 at 16:59, Stuart Henderson <[hidden email]> wrote:

> On 2019/02/26 16:38, Sebastian Benoit wrote:
> > Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:
> > > with chap the tcpdump looks like this:
> > >
> > > #tcpdump -nevvs1500 -i vlan0
> > > tcpdump: listening on vlan0, link-type EN10MB
> > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
> PPPoE-Session
> > >         code Session, version 1, type 1, id 0x00a9, length 16
> > >         LCP Configure-Request Id=0x24: Magic-Number=988888519
> > > Max-Rx-Unit=1492
> > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
> PPPoE-Session
> > >         code Session, version 1, type 1, id 0x00a9, length 16
> > >         LCP Configure-Request Id=0x25: Magic-Number=988888519
> > > Max-Rx-Unit=1492
> > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
> PPPoE-Session
> > >         code Session, version 1, type 1, id 0x00a9, length 16
> > >         LCP Configure-Request Id=0x26: Magic-Number=988888519
> > > Max-Rx-Unit=1492
> > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
> PPPoE-Session
> > >         code Session, version 1, type 1, id 0x00a9, length 16
> > >         LCP Configure-Request Id=0x27: Magic-Number=988888519
> > > Max-Rx-Unit=1492
> > > ....
> > >
> > > but no connection esblished.
> > >
> > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]>
> wrote:
> > >
> > > > On 2019/02/26 12:36, Thomas Huber wrote:
> > > > > Hi Stuart,
> > > > >
> > > > > and thanks for your help.
> > > > > I tried yout suggestion but didn??t solve the problem.
> > > > > here is the tcpdump output (i just stripped the account
> credentials) but
> > > > I can not read it.
> > > > > Maybe you can spot something here:
> > > > >
> > > > > # tcpdump -nevvs1500 -i em0
> > > > > tcpdump: listening on em0, link-type EN10MB
> > > >
> > > > Reformatted a bit:
> > > >
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
> > > > Auth-Prot=PAP Magic-Number=526788746
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
> > > > Auth-Prot=PAP Magic-Number=526788746
> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
> > > > Passwd=xxxx
> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
> > > > Passwd=xxxx
> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
> > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
> > > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff:
> Magic-Number=1818005467
> > > > Max-Rx-Unit=1492
> > > >
> > > > It looks like this could be as simple as the other side needing CHAP
> > > > instead of PAP.  Please try that next.
> > > >
> >
> > Two possibilities not mentioned yet: some providers want specific values
> in
> > the priority field of the vlan packets, maybe try playing with the txprio
> > option could help.
>
> I don't think this is happening here, you don't usually get any LCP in
> that case, just no response to PADI. Plus frames with the Juniper MAC
> address have varying priority (I snipped it from my shortened version
> but it was in Thomas's original) and in the cases fixed by forcing
> priority, the provider's frames have zero bytes (prio 1).
>
> > The other thing is: if your provider (Vodafone) uses CHAP
> cauthentication,
> > you run into a problem, because you connect through Deutsche Telekom. The
> > way this works is, that you authenticate with DTAG, who wants PAP. They
> > notice your @vodafone handle and they hand your authentication off to
> that
> > providers radius service. Unfortunatly if they have different
> authentication
> > protocols, this does not work, because the openbsd pppoe wont switch from
> > PAP to CHAP.
>
> This would totally explain what we're seeing. It should be possible to
> change that but maybe a bit fiddly to do without a test environment ..
>
>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
I hooked two ADSLlinks now with a modem-router (aka. Fritzbox) which do the
pppoe part for now.
I also orderd a newer version of my xDSL-Modem (ALLNET BM200VDSL2V), that
should be able to do the vlan tagging.
I let you know how things work out when everything is in place.

I start  a new thread about pf load-blancer configuration...

Thanks again for your support.
Thomas


On Tue, 26 Feb 2019 at 22:13, Thomas Huber <[hidden email]> wrote:

> hmmm just played around and for ADSL-link 1 and 2 which are provided by
> the Deutsche Telekom it is not important if it is chap or pap, works both.
>
>
>
>
> On Tue, 26 Feb 2019 at 16:59, Stuart Henderson <[hidden email]>
> wrote:
>
>> On 2019/02/26 16:38, Sebastian Benoit wrote:
>> > Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:
>> > > with chap the tcpdump looks like this:
>> > >
>> > > #tcpdump -nevvs1500 -i vlan0
>> > > tcpdump: listening on vlan0, link-type EN10MB
>> > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>> PPPoE-Session
>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>> > >         LCP Configure-Request Id=0x24: Magic-Number=988888519
>> > > Max-Rx-Unit=1492
>> > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>> PPPoE-Session
>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>> > >         LCP Configure-Request Id=0x25: Magic-Number=988888519
>> > > Max-Rx-Unit=1492
>> > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>> PPPoE-Session
>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>> > >         LCP Configure-Request Id=0x26: Magic-Number=988888519
>> > > Max-Rx-Unit=1492
>> > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>> PPPoE-Session
>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>> > >         LCP Configure-Request Id=0x27: Magic-Number=988888519
>> > > Max-Rx-Unit=1492
>> > > ....
>> > >
>> > > but no connection esblished.
>> > >
>> > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]>
>> wrote:
>> > >
>> > > > On 2019/02/26 12:36, Thomas Huber wrote:
>> > > > > Hi Stuart,
>> > > > >
>> > > > > and thanks for your help.
>> > > > > I tried yout suggestion but didn??t solve the problem.
>> > > > > here is the tcpdump output (i just stripped the account
>> credentials) but
>> > > > I can not read it.
>> > > > > Maybe you can spot something here:
>> > > > >
>> > > > > # tcpdump -nevvs1500 -i em0
>> > > > > tcpdump: listening on em0, link-type EN10MB
>> > > >
>> > > > Reformatted a bit:
>> > > >
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
>> > > > Auth-Prot=PAP Magic-Number=526788746
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
>> > > > Auth-Prot=PAP Magic-Number=526788746
>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
>> > > > Passwd=xxxx
>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
>> > > > Passwd=xxxx
>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff:
>> Magic-Number=1818005467
>> > > > Max-Rx-Unit=1492
>> > > >
>> > > > It looks like this could be as simple as the other side needing CHAP
>> > > > instead of PAP.  Please try that next.
>> > > >
>> >
>> > Two possibilities not mentioned yet: some providers want specific
>> values in
>> > the priority field of the vlan packets, maybe try playing with the
>> txprio
>> > option could help.
>>
>> I don't think this is happening here, you don't usually get any LCP in
>> that case, just no response to PADI. Plus frames with the Juniper MAC
>> address have varying priority (I snipped it from my shortened version
>> but it was in Thomas's original) and in the cases fixed by forcing
>> priority, the provider's frames have zero bytes (prio 1).
>>
>> > The other thing is: if your provider (Vodafone) uses CHAP
>> cauthentication,
>> > you run into a problem, because you connect through Deutsche Telekom.
>> The
>> > way this works is, that you authenticate with DTAG, who wants PAP. They
>> > notice your @vodafone handle and they hand your authentication off to
>> that
>> > providers radius service. Unfortunatly if they have different
>> authentication
>> > protocols, this does not work, because the openbsd pppoe wont switch
>> from
>> > PAP to CHAP.
>>
>> This would totally explain what we're seeing. It should be possible to
>> change that but maybe a bit fiddly to do without a test environment ..
>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
Hi,

I just setup two of the mentioned xDSL-modem and now everything works
almost fine now.
It took a while to find proper modem settings (VPI,VCI, VLAN, VLAN-Prio)
for my ISP, don´t know if it is import for the OP.
If someone is interested I can provide further details.
Now i do the pppoe in OpenBSD and everything else like VLAN-tagging etc.
with the modem in bridge-mode.

Thanks again for your help....
Thomas


On Tue, 5 Mar 2019 at 22:22, Thomas Huber <[hidden email]> wrote:

> I hooked two ADSLlinks now with a modem-router (aka. Fritzbox) which do
> the pppoe part for now.
> I also orderd a newer version of my xDSL-Modem (ALLNET BM200VDSL2V), that
> should be able to do the vlan tagging.
> I let you know how things work out when everything is in place.
>
> I start  a new thread about pf load-blancer configuration...
>
> Thanks again for your support.
> Thomas
>
>
> On Tue, 26 Feb 2019 at 22:13, Thomas Huber <[hidden email]> wrote:
>
>> hmmm just played around and for ADSL-link 1 and 2 which are provided by
>> the Deutsche Telekom it is not important if it is chap or pap, works both.
>>
>>
>>
>>
>> On Tue, 26 Feb 2019 at 16:59, Stuart Henderson <[hidden email]>
>> wrote:
>>
>>> On 2019/02/26 16:38, Sebastian Benoit wrote:
>>> > Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:
>>> > > with chap the tcpdump looks like this:
>>> > >
>>> > > #tcpdump -nevvs1500 -i vlan0
>>> > > tcpdump: listening on vlan0, link-type EN10MB
>>> > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>> PPPoE-Session
>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>> > >         LCP Configure-Request Id=0x24: Magic-Number=988888519
>>> > > Max-Rx-Unit=1492
>>> > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>> PPPoE-Session
>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>> > >         LCP Configure-Request Id=0x25: Magic-Number=988888519
>>> > > Max-Rx-Unit=1492
>>> > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>> PPPoE-Session
>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>> > >         LCP Configure-Request Id=0x26: Magic-Number=988888519
>>> > > Max-Rx-Unit=1492
>>> > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>> PPPoE-Session
>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>> > >         LCP Configure-Request Id=0x27: Magic-Number=988888519
>>> > > Max-Rx-Unit=1492
>>> > > ....
>>> > >
>>> > > but no connection esblished.
>>> > >
>>> > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]>
>>> wrote:
>>> > >
>>> > > > On 2019/02/26 12:36, Thomas Huber wrote:
>>> > > > > Hi Stuart,
>>> > > > >
>>> > > > > and thanks for your help.
>>> > > > > I tried yout suggestion but didn??t solve the problem.
>>> > > > > here is the tcpdump output (i just stripped the account
>>> credentials) but
>>> > > > I can not read it.
>>> > > > > Maybe you can spot something here:
>>> > > > >
>>> > > > > # tcpdump -nevvs1500 -i em0
>>> > > > > tcpdump: listening on em0, link-type EN10MB
>>> > > >
>>> > > > Reformatted a bit:
>>> > > >
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab: Max-Rx-Unit=1492
>>> > > > Auth-Prot=PAP Magic-Number=526788746
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
>>> > > > Auth-Prot=PAP Magic-Number=526788746
>>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
>>> > > > Passwd=xxxx
>>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
>>> > > > Passwd=xxxx
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02: Max-Rx-Unit=1492
>>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03: Max-Rx-Unit=1492
>>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff:
>>> Magic-Number=1818005467
>>> > > > Max-Rx-Unit=1492
>>> > > >
>>> > > > It looks like this could be as simple as the other side needing
>>> CHAP
>>> > > > instead of PAP.  Please try that next.
>>> > > >
>>> >
>>> > Two possibilities not mentioned yet: some providers want specific
>>> values in
>>> > the priority field of the vlan packets, maybe try playing with the
>>> txprio
>>> > option could help.
>>>
>>> I don't think this is happening here, you don't usually get any LCP in
>>> that case, just no response to PADI. Plus frames with the Juniper MAC
>>> address have varying priority (I snipped it from my shortened version
>>> but it was in Thomas's original) and in the cases fixed by forcing
>>> priority, the provider's frames have zero bytes (prio 1).
>>>
>>> > The other thing is: if your provider (Vodafone) uses CHAP
>>> cauthentication,
>>> > you run into a problem, because you connect through Deutsche Telekom.
>>> The
>>> > way this works is, that you authenticate with DTAG, who wants PAP. They
>>> > notice your @vodafone handle and they hand your authentication off to
>>> that
>>> > providers radius service. Unfortunatly if they have different
>>> authentication
>>> > protocols, this does not work, because the openbsd pppoe wont switch
>>> from
>>> > PAP to CHAP.
>>>
>>> This would totally explain what we're seeing. It should be possible to
>>> change that but maybe a bit fiddly to do without a test environment ..
>>>
>>>
Reply | Threaded
Open this post in threaded view
|

Re: pppoe(4) and vlan(4)

Thomas Huber
The two mentioned modems work fine for a third ISP (easybell.de). But the
two vodafone uplinks don‘t work on OpenBSD.
The vodafone pppoe usernames includes a /. Maybe I‘ve to escape this
character but I don‘t know how.

any idea?


Thomas Huber <[hidden email]> schrieb am Sa. 16. März 2019 um 22:34:

> Hi,
>
> I just setup two of the mentioned xDSL-modem and now everything works
> almost fine now.
> It took a while to find proper modem settings (VPI,VCI, VLAN, VLAN-Prio)
> for my ISP, don´t know if it is import for the OP.
> If someone is interested I can provide further details.
> Now i do the pppoe in OpenBSD and everything else like VLAN-tagging etc.
> with the modem in bridge-mode.
>
> Thanks again for your help....
> Thomas
>
>
> On Tue, 5 Mar 2019 at 22:22, Thomas Huber <[hidden email]> wrote:
>
>> I hooked two ADSLlinks now with a modem-router (aka. Fritzbox) which do
>> the pppoe part for now.
>> I also orderd a newer version of my xDSL-Modem (ALLNET BM200VDSL2V),
>> that should be able to do the vlan tagging.
>> I let you know how things work out when everything is in place.
>>
>> I start  a new thread about pf load-blancer configuration...
>>
>> Thanks again for your support.
>> Thomas
>>
>>
>> On Tue, 26 Feb 2019 at 22:13, Thomas Huber <[hidden email]> wrote:
>>
>>> hmmm just played around and for ADSL-link 1 and 2 which are provided by
>>> the Deutsche Telekom it is not important if it is chap or pap, works both.
>>>
>>>
>>>
>>>
>>> On Tue, 26 Feb 2019 at 16:59, Stuart Henderson <[hidden email]>
>>> wrote:
>>>
>>>> On 2019/02/26 16:38, Sebastian Benoit wrote:
>>>> > Thomas Huber([hidden email]) on 2019.02.26 14:22:33 +0100:
>>>> > > with chap the tcpdump looks like this:
>>>> > >
>>>> > > #tcpdump -nevvs1500 -i vlan0
>>>> > > tcpdump: listening on vlan0, link-type EN10MB
>>>> > > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>>> PPPoE-Session
>>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>>> > >         LCP Configure-Request Id=0x24: Magic-Number=988888519
>>>> > > Max-Rx-Unit=1492
>>>> > > 13:54:49.120414 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>>> PPPoE-Session
>>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>>> > >         LCP Configure-Request Id=0x25: Magic-Number=988888519
>>>> > > Max-Rx-Unit=1492
>>>> > > 13:54:55.122239 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>>> PPPoE-Session
>>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>>> > >         LCP Configure-Request Id=0x26: Magic-Number=988888519
>>>> > > Max-Rx-Unit=1492
>>>> > > 13:55:02.124396 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36:
>>>> PPPoE-Session
>>>> > >         code Session, version 1, type 1, id 0x00a9, length 16
>>>> > >         LCP Configure-Request Id=0x27: Magic-Number=988888519
>>>> > > Max-Rx-Unit=1492
>>>> > > ....
>>>> > >
>>>> > > but no connection esblished.
>>>> > >
>>>> > > On Tue, 26 Feb 2019 at 13:02, Stuart Henderson <[hidden email]>
>>>> wrote:
>>>> > >
>>>> > > > On 2019/02/26 12:36, Thomas Huber wrote:
>>>> > > > > Hi Stuart,
>>>> > > > >
>>>> > > > > and thanks for your help.
>>>> > > > > I tried yout suggestion but didn??t solve the problem.
>>>> > > > > here is the tcpdump output (i just stripped the account
>>>> credentials) but
>>>> > > > I can not read it.
>>>> > > > > Maybe you can spot something here:
>>>> > > > >
>>>> > > > > # tcpdump -nevvs1500 -i em0
>>>> > > > > tcpdump: listening on em0, link-type EN10MB
>>>> > > >
>>>> > > > Reformatted a bit:
>>>> > > >
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf6:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0xab:
>>>> Max-Rx-Unit=1492
>>>> > > > Auth-Prot=PAP Magic-Number=526788746
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf6:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Ack Id=0xab: Max-Rx-Unit=1492
>>>> > > > Auth-Prot=PAP Magic-Number=526788746
>>>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf7: Peer-Id=xxxx
>>>> > > > Passwd=xxxx
>>>> > > > OPENBSD -> JUNIPER: PAP Authenticate-Request Id=0xf8: Peer-Id=xxxx
>>>> > > > Passwd=xxxx
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x02:
>>>> Max-Rx-Unit=1492
>>>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3828540274
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x02: Auth-Prot=PAP
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xf9:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xf9:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfa:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfa:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfb:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfb:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfc:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfc:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfd:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfd:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Request Id=0x03:
>>>> Max-Rx-Unit=1492
>>>> > > > Auth-Prot=CHAP/MD5 Magic-Number=3430741983
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Nak Id=0x03: Auth-Prot=PAP
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xfe:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xfe:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > OPENBSD -> JUNIPER: LCP Configure-Request Id=0xff:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > > JUNIPER -> OPENBSD: LCP Configure-Ack Id=0xff:
>>>> Magic-Number=1818005467
>>>> > > > Max-Rx-Unit=1492
>>>> > > >
>>>> > > > It looks like this could be as simple as the other side needing
>>>> CHAP
>>>> > > > instead of PAP.  Please try that next.
>>>> > > >
>>>> >
>>>> > Two possibilities not mentioned yet: some providers want specific
>>>> values in
>>>> > the priority field of the vlan packets, maybe try playing with the
>>>> txprio
>>>> > option could help.
>>>>
>>>> I don't think this is happening here, you don't usually get any LCP in
>>>> that case, just no response to PADI. Plus frames with the Juniper MAC
>>>> address have varying priority (I snipped it from my shortened version
>>>> but it was in Thomas's original) and in the cases fixed by forcing
>>>> priority, the provider's frames have zero bytes (prio 1).
>>>>
>>>> > The other thing is: if your provider (Vodafone) uses CHAP
>>>> cauthentication,
>>>> > you run into a problem, because you connect through Deutsche Telekom.
>>>> The
>>>> > way this works is, that you authenticate with DTAG, who wants PAP.
>>>> They
>>>> > notice your @vodafone handle and they hand your authentication off to
>>>> that
>>>> > providers radius service. Unfortunatly if they have different
>>>> authentication
>>>> > protocols, this does not work, because the openbsd pppoe wont switch
>>>> from
>>>> > PAP to CHAP.
>>>>
>>>> This would totally explain what we're seeing. It should be possible to
>>>> change that but maybe a bit fiddly to do without a test environment ..
>>>>
>>>>