Difference between revisions of "Ppp"
(→Troubleshooting: I have spend 3 days looking for a solution for this. My problems were things like youtube loading (html and images), but the actual videos didn't load. Very weird indeed.) |
m (→Troubleshooting: /usr/bin merger) |
||
| (13 intermediate revisions by 7 users not shown) | |||
| Line 5: | Line 5: | ||
{{Article summary start}} | {{Article summary start}} | ||
| − | {{Article summary text|This article explains how to set up a point- | + | {{Article summary text|This article explains how to set up a point-to-point connections using pppd and the kernel PPPoE driver.}} |
{{Article summary end}} | {{Article summary end}} | ||
| Line 44: | Line 44: | ||
Edit {{Ic|/etc/ppp/pap-secrets}}: | Edit {{Ic|/etc/ppp/pap-secrets}}: | ||
| − | Put a line like this in {{Ic|/etc/ppp/pap-secrets}} | + | Put a line like this in {{Ic|/etc/ppp/pap-secrets}} or {{Ic|/etc/ppp/chap-secrets}} as required by the authentication method used by your ISP. It's OK to write these two files at the same time, pppd will automatically use the appropriate one. |
''someloginname'' * ''yourpassword'' | ''someloginname'' * ''yourpassword'' | ||
| Line 50: | Line 50: | ||
You can now start the link using the command | You can now start the link using the command | ||
| − | + | {{bc|# pppd ''call your_provider''}} | |
Alternatively, you can use this | Alternatively, you can use this | ||
| − | + | {{bc|# pon ''your_provider''}} | |
| + | |||
| + | To see whether your pppoe connection is started correctly, check {{Ic|/var/log/errors.log}} first and then check {{Ic|/var/log/everything.log}}. On a successful connection, you should see something like the following in the everything.log: | ||
| + | |||
| + | {{hc|# tail /var/log/everything.log | | ||
| + | Aug 9 00:18:08 localhost pppd[2268]: Using interface ppp0 | ||
| + | Aug 9 00:18:08 localhost pppd[2268]: Connect: ppp0 <--> eth0 | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: peer from calling number 00:06:29:AF:4F:E0 authorized | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: Cannot determine ethernet address for proxy ARP | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: local IP address 10.6.2.137 | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: remote IP address 10.6.1.1 | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: primary DNS address 10.6.1.1 | ||
| + | Aug 9 00:18:11 localhost pppd[2268]: secondary DNS address 210.21.196.6 | ||
| + | }} | ||
By default the configuration in {{Ic|/etc/ppp/peers/provider}} is treated as the default, so if you want to make "your_provider" the default, you can create a link like this | By default the configuration in {{Ic|/etc/ppp/peers/provider}} is treated as the default, so if you want to make "your_provider" the default, you can create a link like this | ||
| − | + | {{bc|# ln -s /etc/ppp/peers/''your_provider'' /etc/ppp/peers/provider}} | |
Now you can start the link by simply running | Now you can start the link by simply running | ||
| − | + | {{bc|# pon}} | |
To close a connection, use this | To close a connection, use this | ||
| − | + | {{bc|# poff your_provider}} | |
| + | |||
| + | === Starting pppd with Arch === | ||
| + | |||
| + | * Configure the {{Ic|ppp_generic}} module to load on boot. See [[Kernel Modules#Loading]] for more information. | ||
| + | * Configure to autostart on boot the service {{ic|ppp@your_provider.service}}, where ''your_provider'' is your configuration file. See [[Daemons]] for more information. | ||
| + | |||
| + | == Tips and tricks == | ||
| + | |||
| + | === Do an auto redial === | ||
| + | |||
| + | If {{Ic|pppd}} is running, you can force a connection reset by sending the {{Ic|SIGHUP}} signal to the process | ||
| + | |||
| + | # export PPPD_PID=$(pidof pppd) | ||
| + | # kill -s HUP $PPPD_PID | ||
| + | |||
| + | And you have redialed the connection. | ||
| + | |||
| + | '''Make sure you have {{Ic|persist}} option enabled in your {{Ic|/etc/ppp/peers/provider}} tab.''' | ||
| + | |||
| + | === ISP auto-disconnect after 24h === | ||
| + | {{Note|If you aren't running your computer always on (running 24/7) then you can skip this step.}} | ||
| + | |||
| + | If you use a flat-rate always-on connection on a computer, some providers restart your connection after 24h. That makes sure that the IP is rotated every 24h. To compensate, you can use an dynamic DNS service in combination with {{Ic|inadyn}} (available on AUR) to compensate for the rotating IP address. But to avoid disconnects when you don't need it, you might try to restart the connection using a cron job at a time of day you know no one will be using the connection (ex. 4 AM). | ||
| − | + | As root, do the following: | |
| − | + | Create a bash script similar to this and give it a name (ex {{Ic|pppd_redial.sh}}): | |
| − | + | #!/bin/bash | |
| + | |||
| + | message="Restarting the PPP connection @:" $(date) | ||
| + | pppd_id=$(pidof pppd) | ||
| + | |||
| + | kill -s HUP $pppd_id | ||
| + | wall $message | ||
| − | + | Give it execute permissions and put it on a path visible to root. | |
| − | + | Then create a cron job using {{Ic|crontab -e}}. Check that your {{Ic|EDITOR}} env variable is set if the command fails. So add anywhere in the file, | |
| − | + | 0 4 * * * /bin/bash /root/pppd_redial.sh | |
| − | + | Save and exit. Your PPPoE connection will now restart every day at 4AM. | |
== Troubleshooting == | == Troubleshooting == | ||
| Line 97: | Line 141: | ||
#!/bin/sh | #!/bin/sh | ||
| − | / | + | /usr/bin/route del default |
| + | |||
| + | * [[Daemon|Restart]] your pppd service. | ||
| − | + | ===Masquerading seems to be working fine but some sites don't work.=== | |
| − | |||
| − | === | ||
The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that. | The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that. | ||
Using PMTU clamping can solve that: | Using PMTU clamping can solve that: | ||
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | ||
| + | Now, for some reason, just trying to save the resulting iptables configuration with {{ic|iptables-save}} and restoring it later, does not work. It has to be executed after the other iptables configuration had been loaded. So, here is a systemd unit to solve it: | ||
| + | {{hc|pmtu-clamping.service|<nowiki> | ||
| + | [Unit] | ||
| + | Description=PMTU clamping for pppoe | ||
| + | Requires=iptables.service | ||
| + | After=iptables.service | ||
| + | |||
| + | [Service] | ||
| + | Type=oneshot | ||
| + | ExecStart=/usr/bin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </nowiki>}} | ||
| + | |||
| + | ===pppd cannot load kernel module ppp_generic=== | ||
| + | '''Symptom:''' When starting PPTP Client, the pppd process cannot locate the appropriate module. | ||
| + | Couldn't open the /dev/ppp device: No such device or address | ||
| + | Please load the ppp_generic kernel module. | ||
| + | '''Solution:''' Edit the <code>/etc/modprobe.d/modules.conf</code> file and change | ||
| + | alias char-major-108 ppp | ||
| + | to | ||
| + | alias char-major-108 ppp_generic | ||
| + | If there is no alias included add | ||
| + | alias char-major-108 ppp_generic | ||
| + | and reboot. | ||
Revision as of 21:23, 23 June 2013
Template:Article summary start Template:Article summary text Template:Article summary end
ppp (Paul's PPP Package) is an open source package which implements the point-to-point protocol (PPP) on Linux and Solaris systems. It is implemented as single pppd daemon and acts as backend for xl2tpd, pptpd and netcfg. 3G, L2TP and PPPoE connections are internally based on PPP protocol and therefore can be managed by ppp.
Contents
Installation
Install ppp, available in the official repositories.
Make sure that your kernel is compiled with PPPoE support (present in default kernel):
$ zgrep CONFIG_PPPOE /proc/config.gz
CONFIG_PPPOE=m
Configuration
PPPoE
Create the connection configuration file:
/etc/ppp/peers/your_provider
plugin rp-pppoe.so # rp_pppoe_ac 'your ac name' # rp_pppoe_service 'your service name' # network interface eth0 # login name name "someloginname" usepeerdns persist # Uncomment this if you want to enable dial on demand #demand #idle 180 defaultroute hide-password noauth
If you want usepeerdns to work, you have to edit your /etc/ppp/ip-up and add a command that copies /etc/ppp/resolv.conf to /etc/resolv.conf.
Edit /etc/ppp/pap-secrets:
Put a line like this in /etc/ppp/pap-secrets or /etc/ppp/chap-secrets as required by the authentication method used by your ISP. It's OK to write these two files at the same time, pppd will automatically use the appropriate one.
someloginname * yourpassword
You can now start the link using the command
# pppd call your_provider
Alternatively, you can use this
# pon your_provider
To see whether your pppoe connection is started correctly, check /var/log/errors.log first and then check /var/log/everything.log. On a successful connection, you should see something like the following in the everything.log:
# tail /var/log/everything.log
Aug 9 00:18:08 localhost pppd[2268]: Using interface ppp0 Aug 9 00:18:08 localhost pppd[2268]: Connect: ppp0 <--> eth0 Aug 9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded Aug 9 00:18:11 localhost pppd[2268]: CHAP authentication succeeded Aug 9 00:18:11 localhost pppd[2268]: peer from calling number 00:06:29:AF:4F:E0 authorized Aug 9 00:18:11 localhost pppd[2268]: Cannot determine ethernet address for proxy ARP Aug 9 00:18:11 localhost pppd[2268]: local IP address 10.6.2.137 Aug 9 00:18:11 localhost pppd[2268]: remote IP address 10.6.1.1 Aug 9 00:18:11 localhost pppd[2268]: primary DNS address 10.6.1.1 Aug 9 00:18:11 localhost pppd[2268]: secondary DNS address 210.21.196.6
By default the configuration in /etc/ppp/peers/provider is treated as the default, so if you want to make "your_provider" the default, you can create a link like this
# ln -s /etc/ppp/peers/your_provider /etc/ppp/peers/provider
Now you can start the link by simply running
# pon
To close a connection, use this
# poff your_provider
Starting pppd with Arch
- Configure the
ppp_genericmodule to load on boot. See Kernel Modules#Loading for more information. - Configure to autostart on boot the service
ppp@your_provider.service, where your_provider is your configuration file. See Daemons for more information.
Tips and tricks
Do an auto redial
If pppd is running, you can force a connection reset by sending the SIGHUP signal to the process
# export PPPD_PID=$(pidof pppd) # kill -s HUP $PPPD_PID
And you have redialed the connection.
Make sure you have persist option enabled in your /etc/ppp/peers/provider tab.
ISP auto-disconnect after 24h
If you use a flat-rate always-on connection on a computer, some providers restart your connection after 24h. That makes sure that the IP is rotated every 24h. To compensate, you can use an dynamic DNS service in combination with inadyn (available on AUR) to compensate for the rotating IP address. But to avoid disconnects when you don't need it, you might try to restart the connection using a cron job at a time of day you know no one will be using the connection (ex. 4 AM).
As root, do the following:
Create a bash script similar to this and give it a name (ex pppd_redial.sh):
#!/bin/bash message="Restarting the PPP connection @:" $(date) pppd_id=$(pidof pppd) kill -s HUP $pppd_id wall $message
Give it execute permissions and put it on a path visible to root.
Then create a cron job using crontab -e. Check that your EDITOR env variable is set if the command fails. So add anywhere in the file,
0 4 * * * /bin/bash /root/pppd_redial.sh
Save and exit. Your PPPoE connection will now restart every day at 4AM.
Troubleshooting
Default route
If you have a preconfigured default route before the pppd is started, the default route is kept, so take a look in /var/log/errors.log and if you have something like:
pppd[nnnn]: not replacing existing default route via xx.xx.xx.xx
and xx.xx.xx.xx is not the correct route for you
- Create a new script
/etc/ppp/ip-pre-up
$ chmod +x /etc/ppp/ip-pre-up
with this content:
#!/bin/sh /usr/bin/route del default
- Restart your pppd service.
Masquerading seems to be working fine but some sites don't work.
The MTU under pppoe is 1492 bytes. Most sites use an MTU of 1500. So your connection sends an ICMP 3:4 (fragmentation needed) packet, asking for a smaller MTU, but some sites have their firewall blocking that.
Using PMTU clamping can solve that:
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Now, for some reason, just trying to save the resulting iptables configuration with iptables-save and restoring it later, does not work. It has to be executed after the other iptables configuration had been loaded. So, here is a systemd unit to solve it:
pmtu-clamping.service
[Unit] Description=PMTU clamping for pppoe Requires=iptables.service After=iptables.service [Service] Type=oneshot ExecStart=/usr/bin/iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu [Install] WantedBy=multi-user.target
pppd cannot load kernel module ppp_generic
Symptom: When starting PPTP Client, the pppd process cannot locate the appropriate module.
Couldn't open the /dev/ppp device: No such device or address Please load the ppp_generic kernel module.
Solution: Edit the /etc/modprobe.d/modules.conf file and change
alias char-major-108 ppp
to
alias char-major-108 ppp_generic
If there is no alias included add
alias char-major-108 ppp_generic
and reboot.