LCP terminated by peer (Authentication failed) - PPPOE Concentrator Setup
You are not using a valid class-b private address space.
The valid class-b private range is 172.16.0.0 /16 through 172.31.255.255 /16
Routers will send traffic out to the internet to be resolved when it's a public address. It can be seen as a sporadic problem to no connectivity at all.
The network range: 172.32.0.0 - 172.63.255.255 is assigned to T-Mobile USA, Inc
Hope this helps
Related videos on Youtube
user3450548
Updated on September 18, 2022Comments
-
user3450548 over 1 year
I'm trying to setup a pppoe server/concentrator in order to test my pppoe clients.
I Followed the guide here https://poundcomment.wordpress.com/2011/03/30/pppoe-server-on-ubuntu/ and everything looked fine at first glance.
But when I try to connect from an Ubuntu machine being setup with
sudo ppoeconf
I get withplog -n 30
command this lines:client pppd[4618]: Plugin rp-pppoe.so loaded client pppd[4618]: pppd 2.4.7 started by root, uid 0 client pppd[4618]: Connected to 00:0c:29... via interface ens33 client pppd[4618]: Using interface ppp0 client pppd[4618]: Connect: ppp0 <--> ens33 client pppd[4618]: CHAP authentication succeeded client pppd[4618]: CHAP authentication succeeded client pppd[4618]: peer from calling number 00:0C:29.... authorized client pppd[4618]: LCP terminated by peer (Authentication failed) client pppd[4618]: Modem hangup client pppd[4618]: Connection terminated. client pppd[4618]: Failed to disconnect PPPoE socket: 114 Operation already in progress
It seems that the client sees the server up and the CHAP authentication goes fine, while the connections hangs on the LCP part.
Why this? And how can I fix it ?
Side notes:
- The server machine has 2 interfaces named ens33 (that act as wan) and ens34 (that act as lan)
- The client machine has ens33 that is used to connect to the ens34 on server machine
The scripts post-up and post-down are the one listed in the guide, but mostly the server is loaded with the line:
pppoe-server -C isp -L 192.168.50.1 -p /etc/ppp/ipaddress_pool -I ens34 -m 1412
SERVER CONFIG
Full process I used from beginning:
1) installed debian9 base on the machine that will become the pppoe server/concentrator
2) installed
build-essential
,ppp
, downloaded and installed roaring penguin pppoeapt-get --assume-yes install build-essential apt-get --assume-yes install ppp wget https://www.roaringpenguin.com/files/download/rp-pppoe-3.12.tar.gz tar -zxvf rp-pppoe-3.12.tar.gz cd rp-pppoe-3.12/src/ ./configure make && make install
3) Edited some config files:
file
/etc/ppp/pppoe-server-options
:# PPP options for the PPPoE server # LIC: GPL #require-pap require-chap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 208.67.222.222 ms-dns 208.67.220.220 netmask 255.255.255.0 defaultroute noipdefault usepeerdns
file
/etc/ppp/chap-secrets
:# Secrets for authentication using CHAP # client server secret IP addresses "alice" * "1234" 172.32.50.2
(because i don't care about password for now, it's a test machine)
file
/etc/ppp/ipaddress_pool
:192.168.50.2-30
file
/etc/ppp/pppoe_start
:#!/bin/bash ############################## # Simple script that starts PPPoE Server ############################## # Enable IP Forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # Start PPPoE Server pppoe-server -C isp -L 192.168.50.1 -p /etc/ppp/ipaddress_pool -I ens34 -m 1412 # Set Firewall rules iptables -t nat -F POSTROUTING iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
file
/etc/ppp/pppoe_stop
:#!/bin/bash ############################## # Simple script that stops PPPoE Server ############################## # Disable IP Forwarding echo 0 > /proc/sys/net/ipv4/ip_forward # Kill PPPoE Server killall pppoe-server killall pppd # Flush the IPtable rules. iptables -t nat -F POSTROUTING
file
/etc/network/interfaces
:# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug ens33 iface ens33 inet dhcp auto ens34 iface ens34 inet manual address 192.168.50.1 netmask 255.255.255.0 up ifconfig $IFACE 0.0.0.0 up post-up /etc/ppp/pppoe_start post-down /etc/ppp/pppoe_stop down ifconfig $IFACE down
CLIENT CONFIG
For what concern the client I used an ubuntu 14.04 vm fresh installed and configured via terminal with sudo pppoeconf
the config seems to work however the error is the one listed
on client the configs are:
file
/etc/ppp/peers/dsl-provider
:# Minimalistic default options file for DSL/PPPoE connections noipdefault replacedefaultroute hide-password #lcp-echo-interval 30 #lcp-echo-failure 4 noauth persist mtu 1412 #maxfail 0 #holdoff 20 plugin rp-pppoe.so nic-ens33 user "alice" usepeerdns
file
/etc/ppp/peers/provider
:# example configuration for a dialup connection authenticated with PAP or CHAP # # This is the default configuration used by pon(1) and poff(1). # See the manual page pppd(8) for information on all the options. # MUST CHANGE: replace myusername@realm with the PPP login name gi ven to # your by your provider. # There should be a matching entry with the password in /etc/ppp/p ap-secrets # and/or /etc/ppp/chap-secrets. user "myusername@realm" # MUST CHANGE: replace ******** with the phone number of your prov ider. # The /etc/chatscripts/pap chat script may be modified to change t he # modem initialization string. connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********" # Serial device to which the modem is connected. /dev/modem # Speed of the serial line. 115200 # Assumes that your IP address is allocated dynamically by the ISP . noipdefault # Try to get the name server addresses from the ISP. usepeerdns # Use this connection as the default route. defaultroute # Makes pppd "dial again" when the connection is lost. persist # Do not ask the remote to authenticate. noauth
LCP INFO
Regarding LCP reading around it seems that it does the following.
- checks the identity of the linked device and either accepts or rejects the peer device
- determines the acceptable packet size for transmission
- searches for errors in configuration
- can terminate the link if requirements exceed the parameters
So for me is difficult to understand what could be the problem.
-
user3450548 about 6 yearsSadly this change nothing. I changed everything reflecting the new configuration 192.168.50.xx instead of 172.32.xx.xx and the problem stays the same. I encour in the LCP terminated by peer (Authentication failed) message. Could it be something encryption related ? Maybe in pppoeconf something else should be set ?
-
Tim_Stewart about 6 yearsAdd your config to the question. I'll try to help.
-
user3450548 about 6 yearsThanks, I posted the complete config of server and client, hope it helps!
-
Tim_Stewart about 6 yearsHow is the client physically connected? What is it's IP address in relation to the 192.168.50.1 subnet?
-
user3450548 about 6 yearsThey are connected with an ethernet cable, physically it seems they can see eachother.. indeed when it says: peer from calling number 00:0C:29.... authorized.. that mac address is the ens33 of the server so the client sees it and can authenticate on the CHAP part.. is the LCP that goes bad. The client hasn't an ethernet configured with an ip because it have to get it from pppoe no?
-
Tim_Stewart about 6 yearsThat's usually not how this works. In most cases the IP range of clients is virtually handled within the server. I.e the client computer will be in the local lan, and gets a virtual address from the server for use in the tunnel subnet.
-
user3450548 about 6 yearsLet us continue this discussion in chat.