PPPoE over Wireless

At home I have a wireless access point in my lounge room (D-Link AP-1000) which connects through the wall to my computer room. It used to connect to the switch with all my other computers, but this is rather a large security risk - very poor authentication in the form of WEP. Admittedly I don't live in a 'technically progressive' neighbourhood but I still would prefer security...

Setting up the server

To setup the connection I use the PPPoE daemon that comes with FreeBSD. This program uses netgraph to listen for incoming PPPoE requests, setup a PPP session and then run the ppp(8) program to service them. More information about the mechanics of PPPoE can be found in RFC 2516. To run pppoed(8) at bootup you can add the following to /etc/rc.conf

pppoed_flags="-P /var/run/ppoed.pid -l pppoein"
Don't forget to change the interface it's on. You will also need to create a ppp(8) label called 'pppoein'. Mine looks like this
 set ifaddr
 set dns
 set nbns
 disable utmp
 disable passwdauth
 enable lqr
 set cd 5!
 accept dns
 enable mschapv2 mppe
 disable deflate pred1
 deny deflate pred1
 set mppe 128 *
 set timeout 0
 set mru max 1400
 set mtu max 1400
 set speed sync
Note 1) the MSChapV2 lines and the 'set mppe' line. These ensure encryption actually happen. Unfortunately ppp(8) only supports MPPE encryption which has some drawbacks.
Note 2) since this uses CHAP you will need to setup an /etc/ppp/ppp.secrets file with one line per username/password pair.
Note 3) this snippet was obtained from here. I had something very similar but it wouldn't work with Windows 98SE though.

Setting up the client (FreeBSD)

On the client you have to add an entry in the /etc/ppp/ppp.conf file looking something like this
 set device PPPoE:wi0
 accept pap
 disable chap
 enable lqr
 set cd 5
 set dial
 set login
 set redial 0 0
 set authname username
 set authkey password
Obviously you will have to change the label, interface, username and password to suit. Once that is done you can initiate the connection by executing 'ppp -ddial foo'.

Setting up the client (MS Windows)

I used the RASPPPOE software - it has the advantages of being free and simple to install and setup. Once the pppoed server was running, pressing 'detect' found the offer correctly. I then created a DUN entry and double clicked on it. I entered my username and password and it connected very quickly. I have tested this on Windows XP and Windows 98SE. On the later I installed the MS DUN 1.4 update available from Microsoft - however I am not certain that it is necessary.
Daniel O'Connor
Last modified: Tue Apr 23 14:32:24 CST 2002