Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 29341-26-12: UPnP WANPPPConnection Service — Managing PPP WAN Links
Technical Reference for the WANPPPConnection Service in UPnP Internet Gateway Devices
Understanding the WANPPPConnection Service
ISO/IEC 29341-26-12 specifies the WANPPPConnection service, a specialized UPnP service designed for WAN interfaces that use Point-to-Point Protocol (PPP) for link establishment. This standard is particularly relevant for DSL broadband deployments where PPPoE (PPP over Ethernet) and PPPoA (PPP over ATM) are the predominant encapsulation methods. The service exposes the full lifecycle of a PPP session, from authentication through link termination, with detailed status reporting at each stage.
While PPPoE remains dominant in DSL markets across Europe and Asia, WANPPPConnection also supports legacy dial-up and ISDN PPP links. The service abstracts the underlying transport, providing a uniform control interface regardless of the physical layer.
The WANPPPConnection service shares structural similarities with WANIPConnection but adds PPP-specific state variables and actions. Key differentiators include support for PPPEncryptionProtocol, PPPAuthenticationProtocol (PAP, CHAP, or MS-CHAPv2), and the PPPoESessionID variable that tracks the active session on the DSL access node. The connection states mirror the PPP protocol’s own state machine: Establishing, Authenticating, and Established.
Session Management and Authentication
The core of the WANPPPConnection service is the PPP session lifecycle. When triggered by RequestConnection, the gateway transitions through LCP (Link Control Protocol) negotiation, authentication via PAP or CHAP, and finally IPCP (IP Control Protocol) configuration to assign the WAN IP address. Each stage is reflected in the ConnectionStatus variable. The LastConnectionError variable reports PPP-specific failure codes including authentication rejection, LCP negotiation timeout, and IPCP address allocation failure.
The WANPPPConnection service does not store plaintext credentials. The PPPoEUsername and PPPoEPassword arguments are write-only — queries to retrieve these arguments return empty strings. This design prevents credential leakage but complicates automated credential rotation scenarios.
The service exposes the RemoteIPAddress variable, which contains the PPP peer’s IP address — typically the ISP gateway router. This is distinct from the ExternalIPAddress, which is the IP address assigned to the WAN interface itself. For PPPoE connections, the PPPoESessionID variable provides the 16-bit session identifier assigned by the access concentrator during session establishment, useful for correlated logging between CPE and BRAS (Broadband Remote Access Server) equipment.
| State Variable | Type | Description |
|---|---|---|
| ConnectionStatus | string (enum) | Unconfigured, Connecting, Authenticating, PendingDisconnect, Disconnecting, Disconnected |
| PPPAuthenticationProtocol | string | PAP, CHAP, MS-CHAPv2, or None |
| PPPEncryptionProtocol | string | MPPE (40/56/128-bit) or None |
| PPPoESessionID | ui2 | Active PPPoE session identifier (0 if not PPPoE) |
| RemoteIPAddress | string | IP address of the PPP peer (ISP gateway) |
| DNSDiscoveryMode | string | Auto (from PPP), Manual (static), or None |
Implementation Considerations
From an engineering perspective, the WANPPPConnection service presents unique challenges. The PPP link’s MaximumTransmissionUnit (MTU) is typically 1492 bytes for PPPoE (8 bytes less than standard Ethernet due to the PPPoE header). Control points should be aware of this reduced MTU when configuring TCP MSS clamping on the gateway. Additionally, the PPPoEServiceName and PPPoEACName arguments allow selecting a specific access concentrator — useful in multi-tenant DSLAM environments.
Implement PPPoE keep-alive monitoring via periodic GetStatusInfo queries. A transition from Connected to Authenticating or Connecting indicates an unsolicited reconnection, which may signal an upstream connectivity issue. Logging these transitions with timestamps creates a valuable diagnostic timeline.
The service also supports LinkLayerMaxBitRate reporting (in bits per second), allowing control points to adapt application behavior based on actual link capacity rather than configured speed. This is particularly important for PPPoA links where ATM overhead (approximately 12-15%) reduces effective throughput below the line rate.
Do not assume that WANPPPConnection supports concurrent sessions. The standard explicitly models a single PPP connection per service instance. For dual-stack PPP implementations, two separate service instances are required — one for IPv4 and one for IPv6 — each with their own PPP session state.
Frequently Asked Questions
Q: What is the difference between WANPPPConnection and WANIPConnection?
A: WANPPPConnection is specialized for PPP-based WAN links (PPPoE/PPPoA) and includes PPP-specific state variables for authentication protocol, encryption, and session ID. WANIPConnection handles IP-routed connections without PPP layer management.
A: WANPPPConnection is specialized for PPP-based WAN links (PPPoE/PPPoA) and includes PPP-specific state variables for authentication protocol, encryption, and session ID. WANIPConnection handles IP-routed connections without PPP layer management.
Q: Does WANPPPConnection support IPv6?
A: Yes, the service reports IPv6 address information when used in dual-stack PPP configurations. IPv6CP (IPV6CP) negotiation occurs after IPCP, and the resulting IPv6 prefix is exposed through the service state variables.
A: Yes, the service reports IPv6 address information when used in dual-stack PPP configurations. IPv6CP (IPV6CP) negotiation occurs after IPCP, and the resulting IPv6 prefix is exposed through the service state variables.
Q: How does UPnP WANPPPConnection handle CHAP authentication?
A: The gateway manages CHAP authentication internally using the configured credentials. The control point cannot participate in the CHAP challenge-response exchange directly — it only initiates or terminates the connection.
A: The gateway manages CHAP authentication internally using the configured credentials. The control point cannot participate in the CHAP challenge-response exchange directly — it only initiates or terminates the connection.
Q: Can this service be used for mobile/cellular WAN connections?
A: While technically possible for PPP-based mobile data (e.g., 3G/4G with PPP dial-up), modern cellular WAN interfaces typically use direct IP or QMI/NDIS framing. The service is primarily designed and tested for DSL (PPPoE/PPPoA) environments.
A: While technically possible for PPP-based mobile data (e.g., 3G/4G with PPP dial-up), modern cellular WAN interfaces typically use direct IP or QMI/NDIS framing. The service is primarily designed and tested for DSL (PPPoE/PPPoA) environments.
