pppoe-relay

pppoe-relay [options]

-i interface
    Listen on this Ethernet interface for PPPoE packets. This option can be specified multiple times to listen on several interfaces, treating them as a single relay group.

-S interface
    Designates an Ethernet interface as connected to the PPPoE server side. PADI packets received on other interfaces will be forwarded out of this interface.

-C interface
    Designates an Ethernet interface as connected to the PPPoE client side. PADI packets received on this interface will be forwarded towards the server.

-D
    Enables debugging mode. The daemon will not fork, and verbose debug messages will be printed to standard error.

-u
    Prevents the daemon from changing its UID/GID to 'nobody'. It will run with the privileges of the user who started it.

-P pidfile
    Specifies an alternative PID file path. By default, pppoe-relay uses /var/run/pppoe-relay.pid.

-F
    Prevents the daemon from forking into the background. It will run in the foreground.

-A
    Disables the addition of the 'Agent-Circuit-ID' and 'Agent-Remote-ID' tags to PADI/PADS packets. By default, pppoe-relay adds these tags.

-B
    Enables broadcast PADI packets. When a PADI packet is received, pppoe-relay will broadcast it on all other relay interfaces instead of unicasting to a known server.

-h
    Displays a brief help message and exits.

-V
    Displays the version information and exits.

pppoe-relay is a daemon that acts as a transparent bridge for PPPoE (Point-to-Point Protocol over Ethernet) discovery and session packets. Its primary function is to forward these packets between multiple Ethernet interfaces, effectively allowing PPPoE clients and servers to communicate even when they are not on the same broadcast domain or directly connected. This is particularly useful in network environments where PPPoE traffic needs to traverse non-PPPoE-aware segments, such as certain Wi-Fi networks, corporate LANs, or when bridging between different VLANs. The relay listens for PPPoE Active Discovery Initiation (PADI) packets from clients on specified interfaces, forwards them towards the server, and then relays subsequent session packets once a connection is established. It ensures that the client and server can establish and maintain a PPPoE session through an intermediary device.

pppoe-relay operates at a low level, forwarding discovery and session packets. While it's transparent, it's crucial to ensure proper network segmentation and security. If used on a publicly accessible network, it could potentially be exploited to relay unauthorized PPPoE connections. It does not provide any form of authentication or encryption for the relayed traffic itself, relying on the underlying PPPoE session for that. Performance can be a consideration in high-traffic environments, as all PPPoE packets must traverse the relay.

pppoe-relay can operate in several modes:
1. General Relay: By specifying multiple -i interface options, pppoe-relay will relay traffic between any of these interfaces.
2. Client/Server Explicit: By specifying -C interface (client-facing) and -S interface (server-facing), the relay explicitly defines the direction of initial discovery packets, though session packets are relayed bidirectionally. This mode provides more control over the flow of discovery traffic.

By default, pppoe-relay adds Agent-Circuit-ID and Agent-Remote-ID tags to PADI and PADS packets. These tags contain information about the interface and MAC address of the client and relay, which can be useful for PPPoE servers to identify the origin of the connection. The -A option disables this behavior if it's not desired or causes compatibility issues.

pppoe-relay is part of the rp-pppoe (Roaring Penguin PPPoE) package, an open-source implementation of PPPoE for Linux and other Unix-like systems. Developed to provide robust PPPoE client and server capabilities, the pppoe-relay utility was included to address the need for bridging PPPoE traffic across disparate network segments, a common requirement in environments like DSL, cable modem, and wireless access points where PPPoE clients and servers are not directly connected.

pppoe(8), pppoe-server(8), pppd(8), rp-pppoe.conf(5)