linux_router:ipoe

ISP IPoE DHCP Setup Notes
- dhclient
- Firewall Modifications

linux, router, bridged, modem, ISP, IPoE, mtu, dns, dhcp

ISP IPoE DHCP Setup Notes

Notes on Setting up a Linux router for IPoE DHCP instead of PPPoE.

After a few years of reasonable successful use of bridged VDSL modem with Linux Router running pppoe and nftables my ISP informed me that they do not use authentication on the connection with username and password. In fact they mention they used dhcp IPoE instead of PPPoE. I set up my spare modem as they described and it worked straight way. When I tried my Linux router with bridge modem it no longer worked, until I removed the password and user name. It actually seems to use default username and password in the pppoe software that seemed to function.

I investigated this ISP dhcp setup and came up with the other term IPoE. All a bit strange really, as dhcp is used on most networks to allow automatic configuration of network IP addresses and most IP traffic is over Ethernet. This needs to be taken in context of ISP access PPPoE versus IPoE using DHCP.

There is not much information on how to make this work.

I use the RJ45 ethernet interface call eno1. In my netplan configuration file, /etc/netplan/network.yaml,

the following was made:

ethernets
    eno1: #start for pppoe and setup modem IP access
      dhcp4: true  # yes for dhcp, no for ppoe
      dhcp6: false
      addresses: 
        - 192.168.5.2/24 #Access to the modem web interface

After reboot following ip a

these entries were revealed:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 0c:c4:7a:9f:36:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.2/24 brd 192.168.5.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet 112.213.222.38/24 brd 112.213.222.255 scope global dynamic eno1
       valid_lft 331sec preferred_lft 331sec
    inet6 fe80::ec4:7aff:fe9f:364c/64 scope link 
       valid_lft forever preferred_lft forever

So the networkd builtin dhcpd would seem to be functional.

The networkctl status eno1

2: eno1                                                                      
                     Link File: /usr/lib/systemd/network/99-default.link
                  Network File: /run/systemd/network/10-netplan-eno1.network
                          Type: ether
                         State: routable (configured)
             Alternative Names: enp2s0
                          Path: pci-0000:02:00.0
                        Driver: igb
                        Vendor: Intel Corporation
                         Model: I210 Gigabit Network Connection
                    HW Address: 0c:c4:7a:9f:36:4c (Super Micro Computer, Inc.)
                           MTU: 1500 (min: 68, max: 9216)
                         QDisc: mq
  IPv6 Address Generation Mode: eui64
          Queue Length (Tx/Rx): 8/8
              Auto negotiation: yes
                         Speed: 100Mbps
                        Duplex: full
                          Port: tp
                       Address: 192.168.5.2
                                202.7.254.238 (DHCP4 via 202.7.254.1)
                                fe80::ec4:7aff:fe9f:364c
                       Gateway: 202.7.254.1 (Juniper Networks)
                           DNS: 8.8.8.8
                                8.8.4.4
               DHCP4 Client ID: IAID:0xb6220feb/DUID
             DHCP6 Client DUID: DUID-EN/Vendor:0000ab112278b955a63a0f690000

dhclient

The following dhclient commands are used to manual control dhcp connections. Note however this does not work with the built-in systemd-networkd dhcpd functionality (see man systemd-networkd, networkctl and systemd.netdev).

tldr:

To remove existing connected dhcp leased connections on eno1: sudo dhclient -r eno1, note this also seems to remove static IP addresses.
It is under stop the -x removes the local dhcp connection, but does not contact the upstream DHCP serve to remove lease, e.g. sudo dhclient -x eno1
To manual request a dhcp lease connection on eno1: sudo dhclient -4 eno1 , the -4 flag restricts operation to IPv4.

dhclient@.service

sudo vim /etc/systemd/system/dhclient@.service

[Unit]
Description=dhclient on %I
Documentation=man:dhclient(8)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
Type=forking
PIDFile=/run/dhclient/%I.pid
ExecStart=/usr/sbin/dhclient -4 -v %I
ExecStop=/usr/sbin/dhclient -r %I

[Install]
WantedBy=multi-user.target

To reload the service files after any changes: sudo systemctl daemon-reload

Firewall Modifications

When using pppoe a separate device is created that can be used to filter against. When using IPoE with dhcp same device reference is shared by the IPoE WAN link and the modem LAN web page link. My modem is setup at 192.168.5.1. The fire wall needs to be modified to consider this shared device instead of separate one. Other than changing the $wan reference from ppp1 to eno1 the postrouting to the modem needs to be made IP range specific.

e.g.

    ip saddr 192.168.1.0/24 ip daddr 192.168.5.0/24 oifname "eno1" counter packets 68 bytes 4080 snat to 192.168.5.2
    ip saddr 192.168.6.0/24 ip daddr 192.168.5.0/24 oifname "eno1" counter packets 0 bytes 0 snat to 192.168.5.2

← Prev page

Start page

Table of Contents

ISP IPoE DHCP Setup Notes

dhclient

dhclient@.service

Firewall Modifications