Version 2.9 preview - PPPoE questions

Started by Vogie

Vogie

Version 2.9 preview - PPPoE questions   28 September 2008, 21:02

Hi Andrew

I have been using BM server for years now. Originally he had this:
ADSLrouter---(Ether1)BWserver(Ether2)---SWITCH
On the switch we had PC's and a WiFi router in bridged mode. Client wifi devices were also bridged. As a result everything in our IP range could directly ping or access anything else and BW managemant was a breaze. Thank YOU!!!

Our netwerk has since expanded tremendously and we now have multiple WiFi towers with multiple interfaces and clients on each. Running everything in bridge mode has an advers effect on throughput as all packets are being sent through the entire network. Therefore we want to adopt a routed aproach and allocate each client his own IP range. The problem with this is that although we have all the routes sorted and everyone can ping or trace to anyone else including the DSL router, using the DSL router IP as the default gateway does not work when it is not on the client machine's IP range.

I have tried to set up VPN and also PPPoE server on the DSL router with success, but then BW manager can not manage data being passed through for each IP/MAC, It can either pass everything on one (ANY IP based protocol) rule or nothing.
I then tried a seperate router for VPN before the BW server:
DSL --- (ether1)BWserver(ether2) --- VPNrouter --- switch ---LAN/WiFi.
This too proved to have it's problems as the VPN router serves as a hop to the destination, meaning that it still has the problem of the routed network not allowing me to use the DSL router as the gateway.

Would it be possible to run a PPPoE client on the BW server and also a VPN server on the BW server?
This would result in:

DSL_modem(bridge_mode) <==> (ether1_pppoe-client)BWserver(ether2_VPN-server) <==> SWITCH <==> LAN/WiFi

By doing this I beleive that one would be able to authenticate a user by means of his username and password and assign a specific IP to the MAC.
Since this server would be running on the BW server, the BW server would be able to manage the traffic to the connected IP's/MAC's by means of it's rules and also be able to bridge/NAT the traffic through to the PPPoE client connection (internet)

The routers we use are all Mikrotik Routerboards and these have PPPoE Client/Server and VPN Client/Sever capabilities. I can limit transfer rates up/down/and bursting and olso set up upload and download quotas but not a combined quota for up and down together. I need combined quota.
BW manager has been working perfectly for ages now with no hassles and a much more user friendly interface than using a RouterBoard. Also the Routerboard is expensive, so I don't want to go buy stuff I'm not going to be happy with or that can not fulfill my needs.

Andrew, Is it by any means possible to have these PPPoE and PPTP (VPN) functionalities built into Softperfect Bandwidth Manger?

I know it's a lot to ask, but I'm sure there will be others that would benifit from it aswell, to make their networks faster and more secure.

Kind regards

Vogie

Version 2.9 preview - PPPoE questions   29 September 2008, 07:21

If it's of any use, what I do on my network is exactly what you do, but I use a series of Level 2 rules. Basically these mangle broadcast packets to be directed to just the server, but lets the server broadcast. They also stop clients communicating with each other.

This way the network acts just like one big ethernet cable, except only the server can talk to everyone, and clients can only talk to the server and nobody else.

When I did this, it tremendously improved my throughput and gave me all the advantages of PPPoE and no PPPoE. Zero configuration, clients can't talk to each other, etc, etc.

I run a pay as you go system and for me PPPoE was a no-no, since I could not afford to have to get clients to configure their systems to use it. It had to use conventional DHCP, etc, etc, but not allow any traffic I didn't want.

I then use BWM on the server to also further lock down unwanted traffic, so clients can do nothing other than get an IP address and communicate with the internet or port 80 of the server basically.
Arthur

Version 2.9 preview - PPPoE questions   29 September 2008, 10:44

Sorry to break in like this, but Shunt010 you just got my atention. I'm trying to do for ages what you do, limit broadcast traffic and not let clients talk to each other. What is that "level 2" rule? How did you implement this? Do you perhaps have some example?

"When I did this, it tremendously improved my throughput and gave me all the advantages of PPPoE and no PPPoE. Zero configuration, clients can't talk to each other, etc, etc."

That would be fantastic to do, I have BWM running for more than one year on our network and it's a superb solution, but we to are expanding and so I'm looking to optimize it's functions like you did.

Regards,
Arthur.

Version 2.9 preview - PPPoE questions   30 September 2008, 03:04

I used a customized Broadcom driver basically.

I've rewritten the HAL in the Broadcom driver from the base up, and that's one of the additions that I made. I've also made the "WDS" behave like WiMAX, on a TDMA type protocol, so I get higher speed backhaul and slot timing isn't an issue.

I believe there are things out there which will do this, I think some of the Cisco kit will do this?
Arthur

Version 2.9 preview - PPPoE questions   30 September 2008, 13:28

Sure I would love to have a Cisco, vlans, rate control, QoS you name it. Only problem is that I don't have that kind of budget.
I really thought you used some rule in BWM, but I see, rewriting broadcom drivers is far beyond my capabilities.
Your driver would not suit me anyway, my server is based on Intel Pro 1000 / Marvel Yukon devices.

Still wonder why you would suggest this solution to Vogie?

Regards,
Arthur.
waelosman

Version 2.9 preview - PPPoE questions   21 February 2010, 17:00

Hi

I would like to ask about Router Board model 133. default IP for Router Board and How to Access to this Router . I would like explanation by video if possible .

Thank
Wael

Version 2.9 preview - PPPoE questions   21 February 2010, 19:30

Waelosman, that's MikroTik, it's wireless equipment. To get to the routerOS you can download Winbox:
[demo2.mt.lv]
Launch it and see if it finds your router.
The login is "admin" and there is no password.

Cheers,
Arthur.

Version 2.9 preview - PPPoE questions   22 February 2010, 07:01

Quote

The problem with this is that although we have all the routes sorted and everyone can ping or trace to anyone else including the DSL router, using the DSL router IP as the default gateway does not work when it is not on the client machine's IP range.


That's an easy problem to fix. The client should be using the router/gateway on his subnet, and the next hop on that router needs to be whatever the next router is until eventually the next hop is the DSL router IP address. That's basic routing, and I also do this with my Wi-Fi network. Clients use the local router, then off to the BWM router before a DSL router.

I use Linux running an un-encrypted PPPoE server with NO IP address on the client side interface of that router. I tried VPN but found it to slow. They have no choice but to use PPPoE with it. It's buggy though because I want to use encryption so other clients can't see their activity with a packet sniffer.

I still use BWM on another machine. With PPPoE I can assign static IP's to clients aswell.

Version 2.9 preview - PPPoE questions   24 February 2010, 12:59

kiwi_rock, I hope you have seen the date of the original message, September 28, 2008.....

Cheers,
Arthur.

Version 2.9 preview - PPPoE questions   24 February 2010, 13:14

Kiwi,

What you do this solution (PPPOE) with linux and BWM? I try do it using Mikrotik but don't have sucess...

smile

Lucas

Version 2.9 preview - PPPoE questions   24 February 2010, 14:02

I think the Mikrotik is sopose to have bandwidth shaping in it?

I have Linux machines for commercial radio automation and had a spare, so I use that as a PPPoE server. The OS I'm using though is a little out of date (SuSE 10.0). They are now up to version 11.x, but 10.0 suites my other needs for radio production.

I wanted to setup a PPPoE server for my Wi-FI users so I went looking for a guide for SuSE 10.0 and found this:

http://www.freeantennas.com/PPPoE-Server-HOWTO.html

That got me started, without encryption, and it works great as an access concentrator. I assign IP's based on usernam, and use MSCHAPv2 for password encryption, and create a filter for that users static IP on my BWM router (upstream of the PPPoE server).

That means a user MUST PPPoE in to the server, before they can get IP access to my network which is then routed and bandwidth limited by the BWM machine. The PPPoE server does not run an IP protocol stack at all, just PPPoE so there's no cheats way around the system.

The only problem I've had, is the older SuSE OS doesn't work with mppe (128-bit encryption) which I plan on upgrading to soon, because I want to give each user their own data privacy on the Wi-Fi side of the network, while still allowing users to associate to the access point openly.

Gavin.

Version 2.9 preview - PPPoE questions   24 February 2010, 14:05

BTW when I say the PPPoE doesn't run an IP stack, it does on the LAN side Ethernet card, but NOT on the Wi-Fi access point side.

Version 2.9 preview - PPPoE questions   24 February 2010, 14:11

Thanks for the message Arthur,

No I didn't realise the post date of 2008 smile I just saw it pop back up thinking it's current.

Cheers,
Gavin.

Version 2.9 preview - PPPoE questions   24 February 2010, 15:07

Yes... mikrotk have a bandwidth shaping, but I am not think in change Windows to MK (routerboard).

I will try to make a PPPOE Server on Mikrotik and Manage all in BWM. I post the results here.

Thanks Gavin!

UPDATE!

YES... YES... YES... YES... YES... OHHHHHHH YES laugh.... It works with Mikrotik Routerboard.

Version 2.9 preview - PPPoE questions   26 February 2010, 10:59

If anybody want to do this with MK:

PPPOE Server

Thanks all!

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **        **  **    **  **     **  **     ** 
  **   **         **  **   **   **     **  ***   *** 
   ** **          **  **  **    **     **  **** **** 
    ***           **  *****     *********  ** *** ** 
   ** **    **    **  **  **    **     **  **     ** 
  **   **   **    **  **   **   **     **  **     ** 
 **     **   ******   **    **  **     **  **     ** 

Message: