在 CentOS 7 上搭建 PPPoE 服务器
<h2><span id="i">一、前言</span></h2><p>PPPoE 是一款运行在以太网之上的点到点协议。</p>
<p>PPPoE 可用于在以太网上的两个节点之间建立一条点到点的隧道。</p>
<p>PPPoE 目前常用于以太网的接入控制,比如宽带连接。</p>
<p>本文将介绍如何在 CentOS 7 系统上搭建 PPPoE 服务器。</p>
<h2><span id="i-2">二、网络拓扑图及说明</span></h2>
<p><span><img src="https://img2020.cnblogs.com/blog/854365/202006/854365-20200614152855464-1446494098.png"></span></p>
<p> </p>
<p> </p>
<p> </p>
<p>如图,某园区需要在其出口网关上部署 PPPoE 服务器来确保只有授权的用户才能访问外网。</p>
<p>为了确保密码不被嗅探,PPPoE 服务器将使用 CHAP 作为认证协议。</p>
<p>网关侧 PPPoE 接口使用的 IP 地址固定为 <code>192.168.1.1</code>;用户侧 PPPoE 接口将被随机分配一个 <code>192.168.1.0/24</code> 网段中未被使用的地址。</p>
<p>园区内网主机使用 NAT 连接外网。</p>
<p>园区的出口网关使用 CentOS 7.5.1804 系统。</p>
<p>PPPoE 服务器搭建完成后,选择内网中的一台主机使用以下认证信息来测试连接:</p>
<table style="height: 66px; width: 507px" border="0">
<tbody>
<tr>
<td>用户名</td>
<td>密码</td>
</tr>
<tr>
<td>test</td>
<td>123456</td>
</tr>
</tbody>
</table>
<h2><span id="i-3">三、配置步骤</span></h2>
<h3><span id="31">3.1 安装所需软件</span></h3>
<div class="cnblogs_code">
<pre>yum -y install rp-pppoe</pre>
</div>
<h3><span id="32">3.2 修改配置文件</span></h3>
<p><span>vim /etc/ppp/pppoe-server-options</span></p>
<div class="cnblogs_code">
<pre>require-<span style="color: rgba(0, 0, 0, 1)">chap
auth
logfile </span>/<span style="color: rgba(0, 0, 255, 1)">var</span>/log/ppp/pppoe-<span style="color: rgba(0, 0, 0, 1)">server.log
ms</span>-dns <span style="color: rgba(128, 0, 128, 1)">8.8</span>.<span style="color: rgba(128, 0, 128, 1)">8.8</span><span style="color: rgba(0, 0, 0, 1)">
ms</span>-dns <span style="color: rgba(128, 0, 128, 1)">8.8</span>.<span style="color: rgba(128, 0, 128, 1)">4.4</span></pre>
</div>
<p>vim /etc/ppp/pppoe-server-env</p>
<div class="cnblogs_code">
<pre>INT=<span style="color: rgba(0, 0, 0, 1)">eth1
LOCAL</span>=<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">1.1</span><span style="color: rgba(0, 0, 0, 1)">
START</span>=<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">1.2</span><span style="color: rgba(0, 0, 0, 1)">
NUMBER</span>=<span style="color: rgba(128, 0, 128, 1)">253</span><span style="color: rgba(0, 0, 0, 1)"><br></span></pre>
</div>
<h3><span id="33_PPPoE">3.3 添加 PPPoE 用户</span></h3>
<p><span>vim /etc/ppp/chap-secrets</span></p>
<div class="cnblogs_code">
<p># Secrets for authentication using CHAP<br># client serversecret IP addresses<br>"test1" * "123456" *</p>
</div>
<h3><span id="33">3.3 创建服务文件</span></h3>
<p><span>vim /etc/systemd/system/pppoe-server.service</span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">
Description</span>=<span style="color: rgba(0, 0, 0, 1)">PPPoE Server.
After</span>=<span style="color: rgba(0, 0, 0, 1)">syslog.target
Type</span>=<span style="color: rgba(0, 0, 0, 1)">forking
EnvironmentFile</span>=/etc/ppp/pppoe-server-<span style="color: rgba(0, 0, 0, 1)">env
ExecStart</span>=/sbin/pppoe-server -I $INT -L $LOCAL -R $START -<span style="color: rgba(0, 0, 0, 1)">N $NUMBER
WantedBy</span>=multi-user.target</pre>
</div>
<p> </p>
<h3><span id="34_NAT_iptables">3.4 开启 NAT 功能(基于 iptables)</span></h3>
<div class="cnblogs_code">
<pre>iptables -t nat -A POSTROUTING -s <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">1.0</span>/<span style="color: rgba(128, 0, 128, 1)">24</span> -j MASQUERADE</pre>
</div>
<h3><span id="35_IPv4">3.5 开启 IPv4 地址转发功能</span></h3>
<div class="cnblogs_code">
<pre>echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">net.ipv4.ip_forward=1</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> /etc/sysctl.conf &&<span style="color: rgba(0, 0, 0, 1)"> \
sysctl </span>-p</pre>
</div>
<h3><span id="36_PPPoE">3.6 开启 PPPoE 服务器</span></h3>
<div class="cnblogs_code">
<pre>systemctl start pppoe-<span style="color: rgba(0, 0, 0, 1)">server
systemctl enable pppoe</span>-server</pre>
</div>
<p> </p><br><br>
来源:https://www.cnblogs.com/vijayfly/p/13125045.html
頁:
[1]