PPPoE with Mikrotik

Posted by on
We'll explain how to use the SequreISP PPPoE Module that perfectly works with the PPPoe Server function of Mikrotik.
Important
This module only works with Mikrotik devices. You can distribute the system load into several Mikrotik devices and everything is centralized in one Server (Radius), that works in SequreISP.
You need one or more Mikrotik devices working as PPPoe Server, validating the users in SequreISP. All users management, like names, password, IP, bandwidth control and port forwarding will be done by SequreISP by its Web Interface. Mikrotik devices are configured one time as PPPoE Server and then SequreISP controls everything.

Example network

In this case, we will use as an example, that our SequreISP server is connected to the Internet with a LAN IP 192.168.20.45. And we have our clients connected to a Mikrotik device, which will have the IP 192.168.20.2. Clients will use IP from the range 192.168.20.0/24 because the Mikrotik will be working as a Bridge, but using PPPoE.
First step is to define the two interfaces that we'll be using in Mikrotik:
  • ether3 for Clients.
  • ether4 connected to the SequreISP server (LAN).
We need to create a bridge1 which will include the clients interface. This bridge1 will have the IP 192.168.20.2/24, with gateway 192.168.20.45 (SequreISP IP).
The client's IP will be define on each contract created in SequreISP.
Pppoe-server-eng.png

Mikrotik Configuration

Creating Bridge1

Once you entered the Mikrotik device using Winbox or WebFig, go the menu at the left and select the option Bridge. On this tab, click the add button [+]. When creating, select in ARP, the option proxy-arp.
Mkbridge.jpg
In Bridge window, click on Ports. We'll assign the ports that will conform the bridge1. Press the button [+], and in section Interface select ether4 (SequreISP Server) and select bridge1 in theBridge section.
Mkbridgeport.jpg

Setting an IP to the Bridge1

In the left menu, select IP and then Addresses. Now, press the [+] button and we'll start with the configuration.
You must select bridge1 on the Interface section.
Mkaddress.jpg

Radius Configuration

Go to the left menu, press Radius and then click on [+]. There, we'll set an IP for the Radius in Address, and in Secret set a password for the server.
Important
This password will be used in SequreISP, when setting up the PPPoE module.
Mkradiusserver.jpg

PPP Profile

On this section, we're going to set up the PPP profile that will be used for the PPPoE server.
Go the PPP menu, click on Profiles and select the default profile. Double click on the name, and define the bridge1 IP (192.168.20.2) on Local Address. Select bridge1 in Bridge, and enter the dns in the DNS section (192.168.20.45).
Mkpppprofile.jpg
In the same window, click in the Secrets tab, press the button PPP Authentication & Accounting' and select the option Use Radius.
Mkpppsecrets.jpg

PPPoE Server

Inside the PPP window, go to PPPoE Servers, press the [+] button and create the service difining in Interface the eth3.
Mkpppoeserver.jpg

Gateway

In order to configure the Gateway, go to IP, select Routes and press [+]. Create a new route with Dst. Address: 0.0.0.0/0 and Gateway: 192.168.20.45.
Mkrouter.png

SequreISP Configuration

PPPoE Module

Inside the SequreISP web interface, go to the Plugins option and select PPPoE. Click on Create new and define the following parameters:
  • Name
It's a name that we will set to configure the Radius client.
  • IP Address
Assign the IP that you've used in bridge1 in Mikrotik (in our case, 192.168.20.2).
  • Netmask
Define the same mask that you've set in Mikrotik.
  • Secret Key
We must use the same password that we used in Mikrotik when creating the Radius in the Secret section (the password was freeradius123).
Mik11.png
and press Create MikroTik RADIUS client.
Important
When you finish the creation of the radius server, click in Enable RADIUS server.

Contracts

Go to the Contracts section and select the contract that will use PPPoE. Press Edit and go to the PPPoE section, and activate the plugin pressing Enable PPPoE access and put the username and password. Then, click on Update contract. This data will be used by the client.
Mik12.png
Finally, click in Apply changes and try connecting the client with the Username and Password.

Related Post:

Comments

Post a Comment