Difference between revisions of "Pppd"

From ArchWiki
Jump to: navigation, search
m (Default route)
(18 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{i18n|PPPoE Setup with pppd}}
 
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[ru:Pppd]]
 +
[[zh-CN:Pppd]]
 +
{{Lowercase title}}
  
This page explains how to set up a PPPoE connection using '''pppd''' and the kernel PPPoE driver. Note that this setup does not need '''rp-pppoe'''. ( With '''rp-pppoe''' you can have only one account configuration, however, using the method described below, you can have several account configurations at the same time and use anyone of them easily. Besides the dial speed of pppd is much faster than pppoe-start. )
+
{{Article summary start}}
 +
{{Article summary text|This article explains how to set up a point-to-point connections using pppd and the kernel PPPoE driver.}}
 +
{{Article summary end}}
  
== Configuration ==
+
'''ppp''' (Paul's PPP Package) is an open source package which implements the [[Wikipedia:point-to-point protocol|point-to-point protocol]] (PPP) on Linux and Solaris systems. It is implemented as single '''pppd''' daemon and acts as backend for {{Pkg|xl2tpd}}, {{Pkg|pptpd}} and [[netcfg]]. [[Wikipedia:3G|3G]], [[Wikipedia:L2TP|L2TP]] and [[Wikipedia:PPPoE|PPPoE]] connections are internally based on PPP protocol and therefore can be managed by {{Pkg|ppp}}.
  
* Make sure '''pppd''' is installed and your kernel is compiled with PPPoE support
+
== Installation ==
 +
[[pacman|Install]] {{Pkg|ppp}}, available in the [[official repositories]].
  
$ pacman -Q ppp
+
Make sure that your kernel is compiled with PPPoE support (present in default kernel):
ppp 2.4.3-1
+
  
$ zgrep CONFIG_PPPOE /proc/config.gz  
+
{{hc|1=$ zgrep CONFIG_PPPOE /proc/config.gz|
CONFIG_PPPOE=m
+
2=CONFIG_PPPOE=m}}
  
* Create the configuration file <code>/etc/ppp/peers/your_provider</code>
+
== Configuration ==
 +
=== PPPoE ===
 +
Create the connection configuration file:
  
# /etc/ppp/peers/your_provider
+
{{hc|/etc/ppp/peers/''your_provider''|
 +
plugin rp-pppoe.so
 +
# rp_pppoe_ac 'your ac name'
 +
# rp_pppoe_service 'your service name'
 
    
 
    
plugin rp-pppoe.so
+
# network interface
# rp_pppoe_ac 'your ac name'
+
eth0
# rp_pppoe_service 'your service name'
+
# login name
 
+
name ''"someloginname"''
# network interface
+
usepeerdns
eth0
+
persist
# login name
+
# Uncomment this if you want to enable dial on demand
name "someloginname"
+
#demand
usepeerdns
+
#idle 180
persist
+
defaultroute
# Uncomment this if you want to enable dial on demand
+
hide-password
#demand
+
noauth}}
#idle 180
+
defaultroute
+
hide-password
+
noauth
+
  
If you want usepeerdns to work, you have to edit your <code>/etc/ppp/ip-up</code> and add a command that copies <code>/etc/ppp/resolv.conf</code> to <code>/etc/resolv.conf</code>.
+
If you want usepeerdns to work, you have to edit your {{Ic|/etc/ppp/ip-up}} and add a command that copies {{Ic|/etc/ppp/resolv.conf}} to {{Ic|/etc/resolv.conf}}.
  
* Edit <code>/etc/ppp/pap-secrets</code>
+
Edit {{Ic|/etc/ppp/pap-secrets}}:
  
Put a line like this in <code>/etc/ppp/pap-secrets</code>
+
Put a line like this in {{Ic|/etc/ppp/pap-secrets}} or {{Ic|/etc/ppp/chap-secrets}} as required by the authentication method used by your ISP. It's OK to write these two files at the same time, pppd will automatically use the appropriate one.
  
  someloginname * yourpassword
+
  ''someloginname'' * ''yourpassword''
  
 
You can now start the link using the command
 
You can now start the link using the command
  
pppd call your_provider
+
{{bc|# pppd ''call your_provider''}}
  
 
Alternatively, you can use this
 
Alternatively, you can use this
  
pon your_provider
+
{{bc|# pon ''your_provider''}}
  
By default the configuration in <code>/etc/ppp/peers/provider</code> is treated as the default, so if you want to make "your_provider" the default, you can create a link like this
+
To see whether your pppoe connection is started correctly, check {{Ic|/var/log/errors.log}} first and then check {{Ic|/var/log/everything.log}}. On a successful connection, you should see something like the following in the everything.log:
  
  ln -s /etc/ppp/peers/your_provider /etc/ppp/peers/provider
+
{{hc|# tail /var/log/everything.log |
 +
Aug 9 00:18:08 localhost pppd[2268]: Using interface ppp0
 +
Aug  9 00:18:08 localhost pppd[2268]: Connect: ppp0 <--> eth0
 +
Aug  9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded
 +
Aug  9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded
 +
Aug  9 00:18:11 localhost pppd[2268]: peer from calling number 00:06:29:AF:4F:E0 authorized
 +
Aug  9 00:18:11 localhost pppd[2268]: Cannot determine ethernet address for proxy ARP
 +
Aug  9 00:18:11 localhost pppd[2268]: local  IP address 10.6.2.137
 +
Aug  9 00:18:11 localhost pppd[2268]: remote IP address 10.6.1.1
 +
Aug  9 00:18:11 localhost pppd[2268]: primary  DNS address 10.6.1.1
 +
Aug  9 00:18:11 localhost pppd[2268]: secondary DNS address 210.21.196.6
 +
}}
 +
 
 +
By default the configuration in {{Ic|/etc/ppp/peers/provider}} is treated as the default, so if you want to make "your_provider" the default, you can create a link like this
 +
 
 +
{{bc|# ln -s /etc/ppp/peers/''your_provider'' /etc/ppp/peers/provider}}
  
 
Now you can start the link by simply running
 
Now you can start the link by simply running
  
pon
+
{{bc|# pon}}
  
To close a pppoe connection, use this
+
To close a connection, use this
  
poff your_provider
+
{{bc|# poff your_provider}}
  
== Starting pppd with Arch ==
+
=== Starting pppd with Arch ===
  
* The init script <code>/etc/rc.d/ppp</code> calls the default ppp provider (<code>/etc/ppp/peers/provider</code>), so make sure you have the right configuration file there, otherwhise you could create a symlink to the desired provider as explained before.
+
* Configure the {{Ic|ppp_generic}} module to load on boot. See [[Kernel Modules#Loading]] for more information.
 +
* Configure to autostart on boot the service {{ic|ppp@your_provider.service}}, where ''your_provider'' is your configuration file. See [[Daemons]] for more information.
  
* Make sure ppp module is loaded
+
== Tips and tricks ==
  
If ppp support is compiled as a module, you have to load the <code>ppp_generic</code> module. In this case, add this to <code>rc.conf</code>:
+
=== Do an auto redial ===
  
MODULES=(... ppp-generic ...)
+
If {{Ic|pppd}} is running, you can force a connection reset by sending the {{Ic|SIGHUP}} signal to the process
  
* Add ppp to DAEMONS in <code>/etc/rc.conf</code>, and make sure that you also have the network daemon listed:
+
# export PPPD_PID=$(pidof pppd)
 +
# kill -s HUP $PPPD_PID
  
DAEMONS=(... network ... ppp ...)
+
And you have redialed the connection.
  
* Also make sure that you have the correct interface declared in the networking section of <code>/etc/rc.conf</code>.
+
'''Make sure you have {{Ic|persist}} option enabled in your {{Ic|/etc/ppp/peers/provider}} tab.'''
== Troubleshooting ==
+
  
 +
=== ISP auto-disconnect after 24h ===
 +
{{Note|If you aren't running your computer always on (running 24/7) then you can skip this step.}}
 +
 +
If you use a flat-rate always-on connection on a computer, some providers restart your connection after 24h. That makes sure that the IP is rotated every 24h. To compensate, you can use an dynamic DNS service in combination with {{Ic|inadyn}}  (available on AUR) to compensate for the rotating IP address.  But to avoid disconnects when you don't need it, you might try to restart the connection using a cron job at a time of day you know no one will be using the connection (ex. 4 AM).
 +
 +
As root, do the following:
 +
 +
Create a bash script similar to this and give it a name (ex {{Ic|pppd_redial.sh}}):
 +
 +
#!/bin/bash
 +
 +
message="Restarting the PPP connection @:" $(date)
 +
pppd_id=$(pidof pppd)
 +
 +
kill -s HUP $pppd_id
 +
wall $message
 +
 +
Give it execute permissions and put it on a path visible to root.
 +
 +
Then create a cron job using {{Ic|crontab -e}}. Check that your {{Ic|EDITOR}} env variable is set if the command fails. So add anywhere in the file,
 +
 +
0 4 * * * /bin/bash /root/pppd_redial.sh
 +
 +
Save and exit. Your PPPoE connection will now restart every day at 4AM.
 +
 +
== Troubleshooting ==
 +
===Default route===
 
If you have a preconfigured default route before the pppd is started, the default route is kept, so take a look in <code>/var/log/errors.log</code> and if you have something like:
 
If you have a preconfigured default route before the pppd is started, the default route is kept, so take a look in <code>/var/log/errors.log</code> and if you have something like:
  
Line 95: Line 143:
 
  /sbin/route del default
 
  /sbin/route del default
  
* Restart pppd:
+
* [[Daemon|Restart]] your pppd service.
  $ /etc/rc.d/ppp restart
+
 
 +
===Masquerading seems to be working fine but some sites don't work.===
 +
The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an  ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that.
 +
 
 +
Using PMTU clamping can solve that:
 +
  iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 +
Now, for some reason, just trying to save the resulting iptables configuration with {{ic|iptables-save}} and restoring it later, does not work. It has to be executed after the other iptables configuration had been loaded. So, here is a systemd unit to solve it:
 +
{{hc|pmtu-clamping.service|<nowiki>
 +
[Unit]
 +
Description=PMTU clamping for pppoe
 +
Requires=iptables.service
 +
After=iptables.service
 +
 
 +
[Service]
 +
Type=oneshot
 +
ExecStart=/usr/sbin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 +
 
 +
[Install]
 +
WantedBy=multi-user.target
 +
</nowiki>}}
 +
 
 +
===pppd cannot load kernel module ppp_generic===
 +
'''Symptom:''' When starting PPTP Client, the pppd process cannot locate the appropriate module.
 +
  Couldn't open the /dev/ppp device: No such device or address
 +
  Please load the ppp_generic kernel module.
 +
'''Solution:''' Edit the <code>/etc/modprobe.d/modules.conf</code> file and change
 +
  alias char-major-108 ppp  
 +
to
 +
  alias char-major-108 ppp_generic
 +
If there is no alias included add
 +
  alias char-major-108 ppp_generic
 +
and reboot.

Revision as of 07:46, 22 December 2012

Summary help replacing me
This article explains how to set up a point-to-point connections using pppd and the kernel PPPoE driver.

ppp (Paul's PPP Package) is an open source package which implements the point-to-point protocol (PPP) on Linux and Solaris systems. It is implemented as single pppd daemon and acts as backend for xl2tpd, pptpd and netcfg. 3G, L2TP and PPPoE connections are internally based on PPP protocol and therefore can be managed by ppp.

Installation

Install ppp, available in the official repositories.

Make sure that your kernel is compiled with PPPoE support (present in default kernel):

$ zgrep CONFIG_PPPOE /proc/config.gz
CONFIG_PPPOE=m

Configuration

PPPoE

Create the connection configuration file:

/etc/ppp/peers/your_provider
plugin rp-pppoe.so
# rp_pppoe_ac 'your ac name'
# rp_pppoe_service 'your service name'
  
# network interface
eth0
# login name
name "someloginname"
usepeerdns
persist
# Uncomment this if you want to enable dial on demand
#demand
#idle 180
defaultroute
hide-password
noauth

If you want usepeerdns to work, you have to edit your /etc/ppp/ip-up and add a command that copies /etc/ppp/resolv.conf to /etc/resolv.conf.

Edit /etc/ppp/pap-secrets:

Put a line like this in /etc/ppp/pap-secrets or /etc/ppp/chap-secrets as required by the authentication method used by your ISP. It's OK to write these two files at the same time, pppd will automatically use the appropriate one.

someloginname * yourpassword

You can now start the link using the command

# pppd call your_provider

Alternatively, you can use this

# pon your_provider

To see whether your pppoe connection is started correctly, check /var/log/errors.log first and then check /var/log/everything.log. On a successful connection, you should see something like the following in the everything.log:

# tail /var/log/everything.log 
Aug  9 00:18:08 localhost pppd[2268]: Using interface ppp0
Aug  9 00:18:08 localhost pppd[2268]: Connect: ppp0 <--> eth0
Aug  9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded
Aug  9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded
Aug  9 00:18:11 localhost pppd[2268]: peer from calling number 00:06:29:AF:4F:E0 authorized
Aug  9 00:18:11 localhost pppd[2268]: Cannot determine ethernet address for proxy ARP
Aug  9 00:18:11 localhost pppd[2268]: local  IP address 10.6.2.137
Aug  9 00:18:11 localhost pppd[2268]: remote IP address 10.6.1.1
Aug  9 00:18:11 localhost pppd[2268]: primary   DNS address 10.6.1.1
Aug  9 00:18:11 localhost pppd[2268]: secondary DNS address 210.21.196.6

By default the configuration in /etc/ppp/peers/provider is treated as the default, so if you want to make "your_provider" the default, you can create a link like this

# ln -s /etc/ppp/peers/your_provider /etc/ppp/peers/provider

Now you can start the link by simply running

# pon

To close a connection, use this

# poff your_provider

Starting pppd with Arch

  • Configure the ppp_generic module to load on boot. See Kernel Modules#Loading for more information.
  • Configure to autostart on boot the service ppp@your_provider.service, where your_provider is your configuration file. See Daemons for more information.

Tips and tricks

Do an auto redial

If pppd is running, you can force a connection reset by sending the SIGHUP signal to the process

# export PPPD_PID=$(pidof pppd)
# kill -s HUP $PPPD_PID 

And you have redialed the connection.

Make sure you have persist option enabled in your /etc/ppp/peers/provider tab.

ISP auto-disconnect after 24h

Note: If you aren't running your computer always on (running 24/7) then you can skip this step.

If you use a flat-rate always-on connection on a computer, some providers restart your connection after 24h. That makes sure that the IP is rotated every 24h. To compensate, you can use an dynamic DNS service in combination with inadyn (available on AUR) to compensate for the rotating IP address. But to avoid disconnects when you don't need it, you might try to restart the connection using a cron job at a time of day you know no one will be using the connection (ex. 4 AM).

As root, do the following:

Create a bash script similar to this and give it a name (ex pppd_redial.sh):

#!/bin/bash

message="Restarting the PPP connection @:" $(date)
pppd_id=$(pidof pppd)

kill -s HUP $pppd_id
wall $message

Give it execute permissions and put it on a path visible to root.

Then create a cron job using crontab -e. Check that your EDITOR env variable is set if the command fails. So add anywhere in the file,

0 4 * * * /bin/bash /root/pppd_redial.sh

Save and exit. Your PPPoE connection will now restart every day at 4AM.

Troubleshooting

Default route

If you have a preconfigured default route before the pppd is started, the default route is kept, so take a look in /var/log/errors.log and if you have something like:

pppd[nnnn]: not replacing existing default route via xx.xx.xx.xx

and xx.xx.xx.xx is not the correct route for you

  • Create a new script /etc/ppp/ip-pre-up
$ chmod +x /etc/ppp/ip-pre-up

with this content:

#!/bin/sh
/sbin/route del default

Masquerading seems to be working fine but some sites don't work.

The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that.

Using PMTU clamping can solve that:

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Now, for some reason, just trying to save the resulting iptables configuration with iptables-save and restoring it later, does not work. It has to be executed after the other iptables configuration had been loaded. So, here is a systemd unit to solve it:

pmtu-clamping.service
[Unit]
Description=PMTU clamping for pppoe
Requires=iptables.service
After=iptables.service

[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

[Install]
WantedBy=multi-user.target

pppd cannot load kernel module ppp_generic

Symptom: When starting PPTP Client, the pppd process cannot locate the appropriate module.

 Couldn't open the /dev/ppp device: No such device or address
 Please load the ppp_generic kernel module.

Solution: Edit the /etc/modprobe.d/modules.conf file and change

 alias char-major-108 ppp 

to

 alias char-major-108 ppp_generic

If there is no alias included add

 alias char-major-108 ppp_generic

and reboot.