Skip to content

Instantly share code, notes, and snippets.

@colmbuckley

colmbuckley/00-README.md

Last active January 3, 2026 20:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save colmbuckley/fc8b9c6349b322a949e0d0b0af400d41 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save colmbuckley/fc8b9c6349b322a949e0d0b0af400d41 to your computer and use it in GitHub Desktop.
Download ZIP
PPPoE setup on Open Eir infrastructure (VLAN10)
Raw
00-README.md

This setup shows how to configuure systemd-networkd and pppd to talk to an ISP using Open Eir's infrastructure, which I believe is fairly similar to other countries' setup.

I have two interfaces, which I configure as ext0 (external) and lan0 (internal). An 802.1q VLAN with tag 10 (vlan10) is set up on the external interface. A pppoe service is configured to launch PPPoE on this VLAN (ie: pppoe@vlan10.service), wanted by sys-devices-virtual-net-vlan10.device.

systemd-networkd acts as DHCP and RA service on the LAN interface.

Raw
20-vlan10.netdev
# /etc/systemd/network/20-vlan10.netdev
# Create a VLAN using 802.1q tagging with ID 10
# This will be associated with the external interface.
[NetDev]
Name = vlan10
Kind = vlan
Description = Open Eir VLAN
[VLAN]
Id = 10
Raw
30-ext0.network
# /etc/systemd/network/30-ext0.network
# Associate the extneral interface with VLAN 10
# Otherwise minimal configuration.
# The supplied ONT has an administrative interface on 192.168.100.1
# so add an IP address in that subnet to reach it.
[Match]
Name = ext0
[Link]
ActivationPolicy = always-up
[Network]
Description = External Ethernet for WAN
DHCP = no
LinkLocalAddressing = no
Address = 192.168.100.2/24
VLAN = vlan10
Raw
30-lan0.network
# /etc/systemd/network/30-lan0.network
# Configure the LAN interface as a DHCP and RA server
[Match]
Name = lan0
[Link]
RequiredForOnline = yes
ActivationPolicy = always-up
[Network]
DHCP = no
DHCPServer = yes
IPv6AcceptRA = no
IPv6SendRA = yes
IPv6PrivacyExtensions = no
DHCPPrefixDelegation = yes
ConfigureWithoutCarrier = yes
Address = INTERNAL_LAN_NETWORK.1/24
# Assign the first (0) network from DHCP-PD to this interface
# Assign myself the ::1 address
[DHCPPrefixDelegation]
SubnetId = 0
Assign = yes
Token = ::1
UplinkInterface = :auto
[DHCPServer]
ServerAddress = INTERNAL_LAN_NETWORK.1/24
DNS = INTERNAL_DNS_V4
Timezone = Europe/Dublin
EmitDNS = yes
EmitNTP = yes
EmitRouter = yes
EmitTimezone = yes
# systemd-networkd DHCP doesn't have EmitDomains, so encode manually (https://jjjordan.github.io/dhcp119/)
SendOption = 15:string:DOMAIN
SendOption = 119:string:ENCODED_SEARCH_DOMAINS
[IPv6SendRA]
Managed = false
OtherInformation = false
DNS = INTERNAL_DNS_V6
Domains = SEARCH_DOMAINS
EmitDNS = yes
EmitDomains = yes
# Entries like [DHCPServerStaticLease] can go in /etc/systemd/network/30-lan0.network.d/CLIENT.conf
Raw
40-vlan10.network
# /etc/systemd/network/40-vlan10.network
# Minimally configure the external VLAN
[Match]
Name = vlan10
[Link]
ActivationPolicy = always-up
[Network]
Description = Open Eir VLAN 10
DHCP = no
LinkLocalAddressing = no
KeepConfiguration = yes
Raw
50-wan0.network
# /etc/systemd/network/50-wan0.network
# Configure the external (PPPoE) network
# Requests a /56 prefix using DHCP-PD
[Match]
Name = wan0
[Link]
ActivationPolicy = manual
RequiredForOnline = no
[Network]
DHCP = ipv6
IPv6AcceptRA = yes
DefaultRouteOnDevice = true
LinkLocalAddressing = ipv6
KeepConfiguration = static
IPv6DuplicateAddressDetection = 0
DNS = INTERNAL_DNS
Domains = SEARCH_DOMAINS
NTP = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
LLMNR = false
LLDP = false
[DHCPv6]
PrefixDelegationHint = ::/56
WithoutRA = solicit
UseAddress = false
UseDNS = false
UseNTP = false
UseHostname = false
UseDomains = false
[IPv6AcceptRA]
UseDNS = no
UseDomains = no
UseGateway = no
# Use the "LAN" address for outbound connections as this is the one assigned by DHCP-PD
# rather than the default address, which will be the PPPoE routing address
[Route]
Gateway = _ipv6ra
Destination = ::/0
PreferredSource = LAN_V6_ADDRESS
Raw
chap-secrets
# /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# PPPoE auth (not really secret)
# client server secret IP addresses
broadband@bk.network * broadband
Raw
pppoe@.service
# /etc/systemd/system/pppoe@.service
# Bring up a PPPoE connection on a given interface
# Install using `systemctl enable pppoe@vlan10.service`
# Needs /etc/ppp/peers/vlan10 to exist and be configured correctly
[Unit]
Description = PPPoE connection for %I
Documentation = man:pppd(8)
BindsTo = sys-devices-virtual-net-%i.device
After = sys-devices-virtual-net-%i.device
PartOf = sys-devices-virtual-net-%i.device
AssertPathExists = /etc/ppp/peers/%I
[Service]
Type = notify
ExecStart = /usr/sbin/pppd call %I up_sdnotify
ExecStop = /bin/kill $MAINPID
ExecReload = /bin/kill -HUP $MAINPID
# Exit statuses
# pppd terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
SuccessExitStatus = 5
# The link was established successfully and terminated because it was idle.
SuccessExitStatus = 12
# The link was established successfully and terminated because the connect time limit was reached.
SuccessExitStatus = 13
# An error was detected in processing the options given, such as two mutually exclusive options being used.
RestartPreventExitStatus = 2
# The kernel does not support PPP, for example, the PPP kernel driver is not included or cannot be loaded.
RestartPreventExitStatus = 4
# The connect script failed (returned a non-zero exit status).
RestartPreventExitStatus = 8
# The peer system failed (or refused) to authenticate itself.
RestartPreventExitStatus = 11
# The init script failed (returned a non-zero exit status).
RestartPreventExitStatus = 18
# The PPP negotiation failed, that is, it didn't reach the point where at least one network protocol (e.g. IP) was running.
RestartForceExitStatus = 10
# Callback was negotiated and an incoming call should arrive shortly.
RestartForceExitStatus = 14
# The link was terminated because the peer is not responding to echo requests.
RestartForceExitStatus = 15
# The link was terminated by the modem hanging up.
RestartForceExitStatus = 16
# We failed to authenticate ourselves to the peer.
RestartForceExitStatus = 19
Restart = always
StandardOutput = null
# Hardening
LockPersonality = yes
MemoryDenyWriteExecute = yes
PrivateTmp = yes
ProtectControlGroups = yes
ProtectHome = yes
ProtectKernelTunables = yes
ProtectSystem = strict
ReadWritePaths = /run/ /etc/ppp/
RestrictRealtime = yes
SystemCallArchitectures = native
SystemCallFilter = ~@mount
[Install]
WantedBy = sys-devices-virtual-net-%i.device
Raw
vlan10
# /etc/ppp/peers/vlan10
# PPPD options for PPPoE on interface vlan10
plugin rp-pppoe.so # Use kernel PPPoE
nic-vlan10 # Use VLAN10 network device
user broadband@bk.network # Blacknight Networks
noauth # Other end doesn't need to auth itself
ifname wan0 # Set my interface name
linkname wan0
lcp-echo-interval 20 # Keep alive
lcp-echo-failure 3
lcp-echo-adaptive
persist # Try again if connection closed
holdoff 5 # But not immediately
noaccomp
default-asyncmap
+ipv6 # We do want V6
mtu 1500 # Note; we set the VLAN MTU to 1508 above
mru 1500
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment