PPPOE Connection from VirtualBox VM

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
neil.knapp
DD-WRT Novice


Joined: 02 Dec 2015
Posts: 4

PostPosted: Fri Mar 10, 2017 12:15    Post subject: PPPOE Connection from VirtualBox VM Reply with quote
Hello all,

I am trying to establish a PPPoE connection from a VirtualBox VM running on my laptop in order to give it a unique IP address.

Unfortunately PPPoE is not connecting from the VM or the laptop.

ASCII diagram:

ADSL Provider
<RJ11>
ADSL Modem (Bridge Mode)
<RJ45 between modem and router WAN port. If: eth1>
DD-WRT Router
<Wi-Fi connection. If: ath0>
Laptop
<VirtualBox Network Bridge over Wi-Fi adapter>
Windows VM

My DD-WRT router is already establishing a PPPoE connection over the ADSL link.

I can establish multiple PPPoE links on the ADSL account and the ADSL line.

I suspect the issue is the PPPoE traffic not reaching ADSL modem and the DD-WRT not doing passthrough.

DD-WRT has a default bridge of eth0 (LAN), ath0 (Wi-Fi) so I tried to add eth1 (WAN) to let my layer 2 (PPPoE) traffic reach the ADSL modem but I killed my remote connection to my router (doing this from work).

I think I need to bridge the Wi-Fi and WAN port or somehow need to get PPPoE traffic to reach the ADSL modem.

I've searched the forums; Google'd and looked through all the settings on the router but don't see anything along the lines of PPPoE passthrough or a method for passing PPPoE from another device while keeping the "primary" PPPoE active on the DD-WRT router.

Does anyone know of a workable way to pass PPPoE traffic through the DD-WRT router without disrupting the existing PPPoE connection?

Any advice appreciated.

Regards,
Sponsor
neil.knapp
DD-WRT Novice


Joined: 02 Dec 2015
Posts: 4

PostPosted: Sat Mar 11, 2017 9:29    Post subject: Reply with quote
Thanks for the feedback.

I did some testing/fiddling last night and couldn't reliably bridge any interface and have PPPoE work on both the router & laptop.

I've come to the same conclusion that hardware is the way forward.

I tried to do a simple "loop" with a network cable but it's causing the pppd daemon to crash and I suspect there is some funny switching happening.

ADSL Router <-> DD-WRT "Switch" ports (eth0)
DD-WRT WAN Port (eth1) <-> DD-WRT "Switch" ports (eth0)
DD-WRT Wi-Fi 'Port' (ath0) <-bridged-> DD-WRT "Switch" ports (eth0)

This allows me to access the ADSL router from the Wi-Fi and I can establish a PPPoE connection but DD-WRT can't setup PPPoE and looking at the messages log shows pppd is hanging and being killed by a watchdog or just plain crashing.

They are all separate networks / interfaces so it shouldn't have been a network loop or broadcast storms but there is something funny that DD-WRT doesn't like.

I'll have to grab a switch and see if that behaves as expected.

I've confirmed PPPoE can be run from my laptop & VM at the same time when plugged into the ADSL router and using DD-WRT as a switch but as soon as I try to add the DD-WRT WAN port in to the mix things go haywire.

Hopefully this saves someone else some time and energy.

Regards,
neil.knapp
DD-WRT Novice


Joined: 02 Dec 2015
Posts: 4

PostPosted: Sun May 13, 2018 18:05    Post subject: Solution Reply with quote
I took a different approach to solve this in the end. I was able to get close to the original solution but ran into other problems with Virtual Box.

I was able to run rp-pppoe-relay on my router. I'm only running the micro build on a 4MB flash so it's not included by default.

I found a precompiled MIPS binary at the following location which ran perfectly:
https://robertof.ovh/mirror/patched-pppoe-relay/precompiled/

This allowed me to establish a PPPoE session successfully from my laptop via my Wi-Fi connection. However, it didn't allow me to establish a PPPoE connection from a Virtual Box VM running on my laptop.

Wireshark suggested something funny was happening with the PPPoE PADI/PADR initiation and requests. The PADI initiation packet was being sent with the MAC address of the VM but the PADR reply was directed to the MAC address of the laptop. This broke the PPPoE session and it would never establish.

If I could find a Windows PPPoE relay tool it might have been possible to proxy twice, that probably has it's own issues though.

Rather than trying to establish a PPPoE connection directly from the Virtual Box VM I started exploring two PPPoE connections on the DD-WRT router with the necessary firewall/policy based routing to send traffic for the VM out of a separate connection.

This proved to be possible, with a little configuration tweaking, and the script below is the process to establish two separate PPPoE/pppd connections from DD-WRT and to route traffic down the 2nd connection for a specific IP.

My telecom provider allows multiple PPPoE sessions to be established via a single ADSL link and my ISP allows multiple PPPoE sessions on their capped accounts.

In order to have a disparate IP address i'm using a 2nd ISP to give a completely different network range.

The script below brings up 2 pppd instances and used a policy based route to pass any traffic from 192.168.1.90/32 down the 2nd ppp (ppp1) interface.

This would need customisation to suit your specific needs but should form a solid framework.

Hopefully the script is largely self explanatory (and commented) so i'll just touch on the bits which are likely to be specific to my setup.

  • eth1 is attached to my ADSL router (bridge mode) so would need to be modified accordingly
  • Both my pppd connections use the same gateway. I'm grabbing the IP once after the 1st connection establishes and using it for both connections. If your sessions use different gateways you'll need to change the routing
  • /tmp/ppp/ip-up script automatically runs when a pppd connection is established. It doesn't seem to work with more than 1 PPPoE connection up and returns invalid values. It needs to be temporarily broken while bringing up the second link
  • My ISPs always issue a 169.0.0.0 IP and 165.0.0.0 IP respectively so the script grabs the dynamic IP based on those criteria. You'll need to modify this if your IPs are in the same range/very similar to each other.
  • My internal network/router is on 192.168.1.1
  • br0 is my Wi-Fi/LAN bridge. Probably standard for most DD-WRT setups
  • I didn't create the full firewall ruleset. The default/standard DD-WRT ruleset for iptables is stored as a hidden file. I used this as a starting point and modified it for the additional interface. File location is: /tmp/.ipt


Enable sshd in your gui. SSH to router. Create script in /tmp/ppp. chmod +x script.sh. ./script. Enjoy 2 connections.

I hope this helps someone or my future self when I forget/lose this script.

Regards,

Code:
#!/bin/sh
#Set the username/password for the first ISP
primaryispusername=put_your_isp_username_here
primaryisppassword=put_your_isp_password_here

#Set the username/password for the second ISP
secondaryispusername=put_your_2nd_isp_username_here
secondaryisppassword=put_your_2nd_isp_password_here

#Set the LAN IP address which will have it's traffic routed via the second ISP
policyrouteip=192.168.1.90/32
echo Routing traffic to secondary ISP for: $policyrouteip
echo Killing all existing pppd sessions, redial executable and flushing routing table

#Kill redial to stop it breaking our ppp connections
killall redial

#Kill all pppd sessions so we can refresh them with the proper options, not the default dd-wrt ones
killall pppd

#Clear out any old/original routing before bringing up tunnels and recreating routing table
ip route flush

#Bring up primary ISP PPPoE interface. Wait 10 seconds for ppp interface to establish. Too lazy to script a check.
echo Setting up primary ISP pppd session
pppd plugin /usr/lib/rp-pppoe.so nic-eth1 noipdefault noauth nodefaultroute noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp nomppe nomppc usepeerdns user $primaryispusername password $primaryisppassword default-asyncmap mtu 1492 mru 1492 persist lcp-echo-interval 5 lcp-echo-failure 10 holdoff 30 unit 0
echo Waiting 10 seconds for session to establish
sleep 10

#Grab the default gateway/ADSL DSLAM IP address. This should be the same for both ADSL connections and be the gateway for both.
adslgateway="$(ip route | grep -i default | cut -d' ' -f3)"
echo Obtained following IP as ADSL gateway: $adslgateway

#Temporarily rename ip-up script. ip-up automatically executes when a pppd tunnel comes up. If it runs when 2nd ppp tunnel is established it doesn't pass variables properly because there are two tunnels which confuses it and it breaks routing/iptables
echo Disabling ip-up
mv /tmp/ppp/ip-up /tmp/ppp/ip-up-disabled

#Bring up secondary ISP PPPoE interface. Wait 10 seconds for ppp interface to establish. Too lazy to script a check.
echo Setting up secondary ISP pppd session
pppd plugin /usr/lib/rp-pppoe.so nic-eth1 noipdefault noauth defaultroute noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp nomppe nomppc usepeerdns user $secondaryispusername password $secondaryisppassword default-asyncmap mtu 1492 mru 1492 persist lcp-echo-interval 5 lcp-echo-failure 10 holdoff 30 unit 1
echo Waiting 10 seconds for session to establish
sleep 10

#Restore ip-up in case we need to bring our main connection up manually or do something in the GUI and forget to check this.
echo Enabling ip-up
mv /tmp/ppp/ip-up-disabled /tmp/ppp/ip-up

#Get the IP address of the 'primary' ISP ppp tunnel
primaryip="$(ifconfig | grep -i 169 | grep 'P-t-P' | cut -d':' -f2 | cut -d' ' -f1)"
echo Obtained primary ISP public IP as: $primaryip

#Get the IP address of the 'secondary' ISP ppp tunnel
secondaryip="$(ifconfig | grep -i 165 | grep 'P-t-P' | cut -d':' -f2 | cut -d' ' -f1)"
echo Obtained secondary ISP public IP as: $secondaryip

#Output firewall config to file
echo Outputting firewall rules to /tmp/ppp/firewall
cat >/tmp/ppp/firewall <<EOL
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -i ! ppp0 -d $primaryip -j MARK --set-mark 0x80000000/0x80000000
-A PREROUTING -i ! ppp1 -d $secondaryip -j MARK --set-mark 0x90000000/0x90000000
-A PREROUTING -j CONNMARK --save-mark
-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p icmp -d $primaryip -j DNAT --to-destination 192.168.1.1
-A PREROUTING -p icmp -d $secondaryip -j DNAT --to-destination 192.168.1.1
-A PREROUTING -d $primaryip -j TRIGGER --trigger-type dnat
-A PREROUTING -d $secondaryip -j TRIGGER --trigger-type dnat
-A POSTROUTING -s 192.168.1.1/24 -o ppp0 -j SNAT --to-source $primaryip
-A POSTROUTING -s 192.168.1.1/24 -o ppp1 -j SNAT --to-source $secondaryip
-A POSTROUTING -m mark --mark 0x80000000/0x80000000 -j MASQUERADE
-A POSTROUTING -m mark --mark 0x90000000/0x90000000 -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:trigger_out - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -i ppp0 --dport 520 -j DROP
-A INPUT -p udp -i ppp1 --dport 520 -j DROP
-A INPUT -p udp -i br0 --dport 520 -j DROP
-A INPUT -p udp --dport 520 -j ACCEPT
-A INPUT -i ppp0 -p icmp -j DROP
-A INPUT -i ppp1 -p icmp -j DROP
-A INPUT -p igmp -j DROP
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j lan2wan
-A FORWARD -i br0 -o br0 -j ACCEPT
-I FORWARD -o ppp0 -s 192.168.1.1/24 -p tcp --dport 1723 -j ACCEPT
-I FORWARD -o ppp0 -s 192.168.1.1/24 -p gre -j ACCEPT
-A FORWARD -i ppp0 -o br0 -j TRIGGER --trigger-type in
-A FORWARD -i ppp1 -o br0 -j TRIGGER --trigger-type in

-A FORWARD -i br0 -j trigger_out

-A FORWARD -i br0 -m state --state NEW -j ACCEPT
-A FORWARD -j DROP
-I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A logaccept -j ACCEPT
-A logdrop -j DROP
-A logreject -p tcp -j REJECT --reject-with tcp-reset
COMMIT
EOL

#Load firewall rules
echo Loading /tmp/ppp/firewall into iptables
iptables-restore < /tmp/ppp/firewall

#Add policy based routing so any traffic from 192.168.1.90/32 is passed out secondary ISP pppd connection
echo Adding policy based routing to push traffic via secondary ISP for IP $policyrouteip to gateway $adslgateway via interface ppp1
ip rule add from $policyrouteip table 200
ip route add default via $adslgateway dev ppp1 table 200
ip route flush cache

echo Complete. Exiting script.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum