[CDBUG-talk] PPPoA ... ?

Patrick Muldoon doon at inoc.net
Tue Nov 8 11:28:28 EST 2005

On Nov 8, 2005, at 11:12 AM, Jonathan Franks wrote:

> Hi all,
> I've been thinking of reconfiguring my dsl connection lately and  
> something in the docs has me a bit confused.
> Current setup is :
> DSL MODEM -> OpenBSD FW (3.7) -> Linksys WRT54G -> switch
> Which leaves me with a wholly unnecessary network segment.
> What I want is:
> DSL MODEM (as bridge only) -> OpenBSD FW (running ppp and pppoe) ->  
> switch   (with my Linksys Wireless router just acting as an AP off  
> the switch)
> Taking the WRT54G out of the picture for non wireless clients, and  
> bridging the modem.
> The thing that I'm hesitating on is the pppoe setup on the FW. For  
> the most part it seems pretty straight forward between the FAQ and  
> the relevant man pages... but here's the thing:
> My DSL provider uses PPPoA. In the FAQ I see this:
> The main software interface to PPPoE/PPPoA on OpenBSD is pppoe(8),  
> which is a userland implementation (in much the same way that we  
> described ppp(8), above). A kernel PPPoE implementation, pppoe(4),  
> has been incorporated into OpenBSD.
> which seems to indicate that pppoe will work with either PPPoE or  
> PPPoA. The man pages make no reference to PPPoA at all, however. My  
> searches of the archives and Google have turned up some rather old  
> posts, one suggesting that special hardware is required for PPPoA,  
> and another that _appears_ to indicate that it isn't.

If you are using PPPoA, then I think you need an ATM interface to  
terminate the traffic on.  All of our DSL runs PPPoE  or Route  
Bridged 1483, so I don't have much experience with PPPoA.  But you  
can try it :)  Since perhaps the DSL modem will just bridge the PPP - 
 > ethernet interface and then the PPP stuff will work.

So if I read your Above desc.

You have ISP  -> PPPoA -> DSL Modem  (NAPT) -> RFC1918 Space -> OBSD  
FW -> NAT? -> clients?

So you effectively have double NAT.

> The modem also offers a "half-bridge" mode which theoretically  
> authenticates to the ISP and then passes the IP back to the router.  
> Assuming that special HW is required, could this be used instead?

Sounds like the above is what you will probably want to do, as it  
sounds like it will be the easiest to configure. The Modems that some  
of our ISP's use support ZIPB (Zero Installation PPP Bridge) which  
does the same, terminates the PPP connection and passes it on. It is  
a piece of cake to configure the firewall side, just tell it to gets  
is IP via DHCP and tell your firewall that the interface is dynamic  
and you should be good to go.


Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C

(A)bort, (R)etry, (P)retend this never happened?

More information about the CDBUG-talk mailing list