Categories
Uncategorized

Mini PPPoE Server Howto for RedHat 7.3 + Radius Auth

This is here only for historical purposes. The information contained is well and truly out of date, but could be handy for reference purposes.

Date: 25-Oct-2002

1. Install RH 7.3 Installing as a server system works. These instructions should be the same for RedHat 7.2 as well.

2. Set and IP address on the primary NIC to say 10.0.0.1. This is the card that is visible to the internet.

3. Install the updated rp-pppoe from Roaring Penguin http://www.roaringpenguin.com/pppoe/. This was version rp-pppoe-3.5-1 as
of this writing.

4. Download the latest pppd via cvs from samba currentl its 2.4.2b1 as of this writing. I use rsync. Make a dir called
ppp2.4 and then issue the command

rsync -vrz ppp.samba.org::ftp/unpacked/ppp/ ./ppp2.4/

to download the source. You dont really need the -v in the rsync command, but that echos what its doing to the screen so
you can see whats happening.

5. Change to the ppp2.4 directory and then

./configure

make

make install

6. Edit /etc/radiusclient/radiusclient.conf. Set the primary and secondary authentication and accounting servers and hosts.
Watch that your using the right port numbers. If you have an old radius server it is probably using ports 1645/1646.

7. Edit /etc/radiusclient/servers and set the secret password and the hostname of the radius servers your going to
authenticate against.

8. Edit /etc/sysctl.conf and change the line net.ipv4.ip_forward = from 0 to one(1). This makes the system turn on routing
at boot up.

9. Edit /etc/ppp/pppoe-server-options and add proxyarp to the end of the file on its own line. Also add ms-dns {dns ip
addresses} after the lcp-echo-failure lines.

10. Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and change the ONBOOT=no to yes and remove the dhcp from the BOOTPROTO= if
its there.

11. Start the pppoe-server. You will probably need to pass some parameters to it. They will most likely be -I eth1 -L {localip} and -R
{remoteippool}. So you will end up with something like /usr/sbin/pppoe-server -I eth1 -L 10.0.0.1 -R 10.0.0.150. This tells the server
to start serving out IP's to the clients starting at .150. Set the -L IP to the local IP of eth0. When your happy with the
startup parameters you will want to add this same line to /etc/rc.d/rc.local so that the server restarts after a reboot of
the server.

12. You should now be able to test the system. Try adding a user to the system as a user and then add the user to the
/etc/ppp/pap-secrets file. (this assumes you use a user called test with a password of test)

:adding a user:

adduser test

passwd test

:pap-secrets file:

"test" * "test"

13. Now tail -f /var/log/message on the linux system and try to connect to the server with a PPPoE client. If you've got it
right, you will be able to establish a connection.

14. Now add the line plugin radius.so to the file /etc/ppp/pppoe-server-options just before proxyarp.

15. Now test the logging on again with a valid radius user.

16. Congratulations your finished!!!

pppoe-server-options file looks like this:

# PPP options for the PPPoE server

# LIC: GPL

require-pap

login

lcp-echo-interval 10

lcp-echo-failure 2

ms-dns 10.0.0.5

ms-dns 10.0.0.6

plugin radius.so

proxyarp

Categories
Uncategorized

Letter to the Australian government regarding the proposed “Meta Data Retention” laws

As part of voicing of my concern, I sent the below letter to my local MP to show that I am against the proposed laws that are now in Parliament. It is looking like the bill will pass with little to no opposition unless we all get up off our backsides and make it known to all the politicians that we do not want this law passed.

Dear Ms Bishop,

I am strongly opposed to the Governments proposed Data Retention laws, both as the owner of a ISP/CSP and also as an individual.

The proposed laws,

Lack in technical merit. meaning that they will be simple to circumvent. Making the whole process a very expensive failure. Not that this has ever stopped a government before.

Infringe on basic rights, and your rights to privacy and freedoms that we are all taught about in school. So much for Australia the lucky country. Even China is appearing to be more liberal now.

Are not wanted by the public. So the government should be listening and dropping the whole process. The government is elected to represent the people of Australia, not to control them and spy on them.

Will add significant costs to operating a small ISP/CSP, such that we may no longer be able to compete with larger companies at all.

Has been found to be invalid in the EU due to privacy. Not to mention that I do not trust ASIO or The Federal Police to "Do the Right Thing" when it comes to using peoples private data. The reason for the courts is to make sure that they only get access when it is warranted, and not just because they think it will be interesting to see what they are doing on the off chance that they might find one bad guy.

What ever happened to freedom in Australia? If this bill passes, what will the government try next? Maybe pass a law that requires all citizens wear gps ankle bracelets like convicts, so that the security agencies can see where you were two years ago.

Please do not allow this bill to continue, you are making Australia the laughing stock of the world, and ultimately will have a tremendously negative effect on the Australian Technology Sector for both private citizens and businesses alike.

Sincerely

{signature}