I’m sure you have to create the vlan and need to create the pppoe on the vlan interface…i don’t think that the vdsl modem does the vlan…mostly more than one vlan is needed (e.g. one for internet and one for voip,maybe a third for iptv),each one with its own pppoe session…in my case the vlans need to have different mac adresses which they normaly do not have because vlans mac is inherited from parent interface
Thank you very much for you reply. Do you have any configuration examples?
In my main-router i use the old /etc/network/interfaces to create vlans. My next system uses systemd. There is some documentstion in my wiki about it and afair i added some basic configs in my router-images repo
https://wiki.fw-web.de/doku.php?id=en:linux:systemd#vlan
Seems i have not added vlan files to images repo,but the pppoe service
but you need the ppp config file too where you point to the vlan interface. I created the ppp file (named provider in systemd service) using pppoeconf in debian
in my system the ppp-file (/etc/ppp/peers/bambit-internet) looks like this (not using systemd service here,so infinite tries):
# Minimalistic default options file for DSL/PPPoE connections
noipdefault
defaultroute
replacedefaultroute
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
#updetach
noauth
persist
#mtu 1492
#Terminate after n consecutive failed connection attempts. A value of 0 means no limit. The default value is 10.
maxfail 0
#Specifies how many seconds to wait before re-initiating the link after it terminates. This option only has any effect if the persist or demand option is used. The holdoff period is not applied if the link was terminated because it was idle.
holdoff 60
plugin rp-pppoe.so wan.140
user "username"
#usepeerdns
unit 8
there is also /etc/ppp/chap-secrets and /etc/ppp/pap-secrets where you have to put your username/password for your provider. I have credentials in both files but chap (the better method) is used. If this is not the case in your test you can try require-chap in the peers file
I’ve added CONFIG_NF_CONNTRACK_PPTP=m
When using (dsa-port5) aux port to eth1, this traffic is separated using vlan.
So when using vlan on wan, still can use eth1-aux, but need to setup vlan carefully. It would be easier to setup, just using wan directly though.
If you change the use of eth1 to/from the wan port directly, also edit the /etc/nftables.conf.
ALERT!!!
Upgrading systemd will break router function (disable ipforward)
See this post, how to fix:
Thank you very much for this post. It helped a lot.
One further question: I used the following script from lynxthecat to enable and apply for using Cake as congestion control: https://github.com/lynxthecat/cake-dual-ifb
To apply this some kernel options needed to be changed / added, please see the attached Git patch file for the “defconfig” file.
Would it be possible to add/change these kernel options in your AUR-repository for building the linux kernel.
Thank you very much in advance. Kernel_Options_for_Cake_congestion_control.patch (2.4 KB)
@frank-w and @ericwoud Thank you very much for these posts. They helped a lot an I was able to set the PPOE-connection properly.
I’ll see what is needed for cake, those options are not all related.
Add cake using systemd-networkd would be the easiest way.
@Keks So I’ve added CONFIG_NET_SCH_CAKE=m, and rebuilt the kernel. Update the linux-bpir-git
package and it should be available.
@ericwoud Thank you for adding the kernel option.
Sorry, I accidentally posted an incorrect link in my last post. I’ve just updated the link again. As described here, most of the kernel options are necessary… I did a bit of try-and-error here and built the kernel with different options. There are certainly a few options in there that are not absolutely necessary, but most of them seem to be necessary.
So just use:
Edit:
I just added a few more dependencies, but it is scheduled to be rebuild at nighttime.
Thank you for adding the dependencies.
Unfortunately, the added options do not seem to be sufficient for cake. I get the following error message: Dependency failed for Apply Cake scheduling based upon dual IFB interface (ingress handling).
Can you try if we are missing
CONFIG_NET_SCH_INGRESS=m
PKGBUILD obtained like so:
git clone --branch linux-bpir-git https://github.com/ericwoud/archlinuxarm-repo.git
I already added the option, so makepkg
the package, or wait 24h and it will be in prebuild package.
Thank you again for investigating and supporting.
Yes, that one is definetely missing:
CONFIG_NET_SCH_INGRESS=m
Unfortunately, it is not that easy to identify after many trials the really needed modules. In the following I will try to give some further info based on my mind, I hope remember as good as possible.
Furthermore I am pretty sure to remember that the following are needed:
CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_DSMARK=m
Also further _CLS modules were needed, but I am sure which (at least _CLS, _CLS_BASIC and DS marks are used and the matchall):
CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=m
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=n
CONFIG_NET_CLS_RSVP6=n
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_MATCHALL=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_FLOWER=m
Not sure about this one:
CONFIG_NET_EMATCH=y
Also here some of those are needed, at least the _CTINFO and _CONNMARK, not sure about the others:
CONFIG_NET_ACT_CONNMARK=m
CONFIG_NET_ACT_CTINFO=m
CONFIG_NET_ACT_SKBMOD=m
CONFIG_NET_ACT_IFE=m
CONFIG_NET_ACT_TUNNEL_KEY=m
CONFIG_NET_ACT_CT=m
CONFIG_NET_ACT_GATE=m
Besides the CONNTRACK_PPTP, which you already added for us (thanks again) I remember that here also some furthers were needed:
CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y
When it came to bridges there were also some things needed, but again not sure which:
CONFIG_BRIDGE_NETFILTER=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
CONFIG_NF_CONNTRACK_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_MRP=y
Also here I remeber one or more those were needed:
CONFIG_NF_DUP_NETDEV=m
CONFIG_NFT_DUP_NETDEV=m
CONFIG_NFT_FWD_NETDEV=m
CONFIG_NFT_REJECT_NETDEV=m
Ok, added lots more, give it a try, build or wait 24h.
Did you know you can now build the linux package on a x86-64 machine running archlinux (in a chroot)?
Thank you very much. I will try it then and give you feedback.
No, I didn’t. Do you have more details on that? I’m very interested.
Just makepkg on x86 machine…