View previous topic :: View next topic |
Author |
Message |
Jeld Tux's lil' helper
Joined: 28 Jun 2002 Posts: 84 Location: NYC, US
|
Posted: Fri Aug 22, 2003 9:48 pm Post subject: Kernel mode PPPoE or Penguins DO NOT ROAR!!! |
|
|
Reason: The installation guide suggests using rp-pppoe package to connect to a PPPoE DSL provider. I have gone that road for a while and found several problems:
- There is no /etc/init.d script for the service. I have seen
one on these forums, but it doesn't solve the second problem, which is
- rp-pppoe package is a software redirector wasting prescious CPU cycles on redirecting PPP traffic to ethernet controller, while there is a perfectly
( well... individual results may vary ) working kernel module doing the same thing.
- The setup is much too complex.
- rp-pppoe web site name is ridiculous.
So, given all of these, and multiple posts about PPPoE on these forums, I have decided to make this small HOWTO.
-----------------------------------------------------------------------------------
- Recompile the kernel with support for PPPoE redirection
Code: |
make menuconfig
And then under Network Support
<M> PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)
[*] PPP filtering
<M> PPP support for async serial ports
<M> PPP support for sync tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> PPP over Ethernet (EXPERIMENTAL)
mount /boot
make dep clean bzImage modules modules_install install
|
I recommend compiling PPP support as modules, since if it crashes ( happens in 2.6 series ) it will not take the whole system with it.
Emerge PPP daemon
Edit /etc/conf.d/net.ppp0
Set the following:
Code: |
PEER="Your ISP name"
DEBUG="no"
PERSIST="yes" # You want to reconnect if the connection is dropped
ONDEMAND="no"
MODEMPORT="eth0" # Wierd isn't it
LINESPEED="" # Doesn't matter
INITSTRING=""
DEFROUTE="yes"
HARDFLOWCTL="no"
ESCAPECHARS="no"
PPPOPTIONS=""
USERNAME=""
PASSWORD=""
NUMBER=""
PEERDNS="yes" # Optional
AUTOCFGFILES="no" # This one is important, if you do not set it to no, it will screw up your whole config.
|
Edit /etc/ppp/options to be the following one line
Edit your /etc/ppp/pap-secrets to be the following
Code: |
"your user name" "your ISP name" "your password"
|
for example:
Code: |
"asdf@earthlink.net" "Earthlink" "blah1234"
|
Make sure to use the same ISP name as in net.ppp0 PEER setting
Create /etc/ppp/peers/(Your ISP name) ( e.g. /etc/ppp/peers/Earthlink )
Code: |
touch /etc/ppp/peers/Earthlink
|
Edit /etc/init.d/net.ppp0. Put the following at the start of the file
Code: |
depend() {
need net.eth0
}
|
This is so that it only starts after the ethernet is up.
[green]Optional[/green] Edit /etc/ppp/ip-up script.
There are several things you can put there, most importantly updating your
/etc/resolve.conf if you are using usepeerdns setting, registering with DynDNS service and updating the /etc/hosts file. Here is mine that does all of these things.
Code: |
# Wait for the interface to be up.
while [ -e /proc/sys/net/ipv4/conf/ppp0 ]; do sleep 1; done
# Setup domain name resolution
echo -n "domain " > /etc/resolv.conf
cat /etc/dnsdomainname >> /etc/resolv.conf
cat /etc/ppp/resolv.conf >> /etc/resolv.conf
# Update dynamic DNS records
dyndnsupdate -u user:password -a $4 -h myhostname
# Update /etc/hosts file
sed -i "s/.*myhostname /${4}\tmyhostname /" /etc/hosts
|
If you are using fetchmail you might put a call to that here, or start other internet services which require an internet connection.
Start the service
Code: | /etc/init.d/net.ppp0 start |
Put it in startup
Code: | rc-update add net.ppp0 default |
That's it folks. Enjoy. Hope it works for you. _________________ package JAPH;sub x{$/='$';@1=map{$_=ord;$_--;chr}
split//,<DATA>;@2=map{$_=ord;$_++;chr}split//
,<DATA>;$_=sub{$.++%2?shift@2:shift@1};bless$_;}
1;$x=JAPH->x;for(1..25){print&$x,;}__DATA__
Kt!ouf!fmIdf"$ts@ngqOq`jq |
|
Back to top |
|
|
plate Bodhisattva
Joined: 25 Jul 2002 Posts: 1663 Location: Berlin
|
Posted: Sun Aug 24, 2003 12:14 pm Post subject: |
|
|
Great stuff! Thanks a lot.
Moved from Networking & Security. |
|
Back to top |
|
|
uriahheep__ n00b
Joined: 03 Feb 2003 Posts: 15
|
Posted: Wed Oct 01, 2003 3:55 pm Post subject: Hm. |
|
|
I followed all of the above instructions, but it doesn't work:
Code: |
Oct 1 08:37:20 [pppd] Plugin pppoe.so loaded.
Oct 1 08:37:20 [pppd] PPPoE Plugin Initialized
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module escape
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module escape
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module crtscts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module crtscts
Oct 1 08:37:20 [modprobe] modprobe: Safe mode parameter starts with '-'
Oct 1 08:37:20 [modprobe] modprobe: Safe mode parameter starts with '-'
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module nocrtscts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module nocrtscts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module cdtrcts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module cdtrcts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module nocdtrcts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module nocdtrcts
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module xonxoff
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module xonxoff
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module modem
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module modem
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module local
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module local
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module sync
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module sync
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module vj
Oct 1 08:37:20 [modprobe] modprobe: Can't locate module vj
Oct 1 08:37:20 [pppd] pppd 2.4.1 started by root, uid 0
Oct 1 08:37:20 [pppd] Sending PADI
Oct 1 08:37:20 [pppd] HOST_UNIQ successful match
Oct 1 08:37:20 [pppd] HOST_UNIQ successful match
Oct 1 08:37:20 [pppd] Got connection: 268
Oct 1 08:37:20 [pppd] Connecting PPPoE socket: 00:90:1a:40:90:12 6802 eth0 0x8088488
Oct 1 08:37:20 [pppd] Using interface ppp0
Oct 1 08:37:20 [pppd] Connect: ppp0 <--> eth0
Oct 1 08:37:20 [pppd] Couldn't increase MTU to 1500.
Oct 1 08:37:20 [pppd] Couldn't increase MRU to 1500
Oct 1 08:37:20 [pppd] Couldn't increase MRU to 1500
Oct 1 08:37:20 [pppd] LCP terminated by peer
Oct 1 08:37:20 [pppd] Couldn't increase MTU to 1500.
Oct 1 08:37:20 [pppd] Couldn't increase MRU to 1500
Oct 1 08:37:23 [pppd] Connection terminated.
Oct 1 08:37:23 [pppd] Doing disconnect
|
I've also tried setting the MTU/MRU to 1492 and it does the exact same thing. And yes, rp-pppoe works:
Code: |
Oct 1 08:40:02 [pppd] Plugin pppoe.so loaded.
Oct 1 08:40:02 [pppd] PPPoE Plugin Initialized
Oct 1 08:40:02 [pppd] pppd 2.4.1 started by root, uid 0
Oct 1 08:40:02 [pppd] Using interface ppp0
Oct 1 08:40:02 [pppd] Connect: ppp0 <--> /dev/ttyp1
Oct 1 08:40:03 [pppoe] PPP session is 630
Oct 1 08:40:03 [pppd] local IP address 68.121.244.15
Oct 1 08:40:03 [pppd] remote IP address 10.1.1.1
Oct 1 08:40:03 [pppd] primary DNS address 206.13.28.12
Oct 1 08:40:03 [pppd] secondary DNS address 206.13.29.12
|
I'd much prefer to use the method that Jeld suggests, but I can't seem to figure out why I'm getting the "LCP teminated by peer" after it successfully connects.
I'm using the 2.4.1-r11 version of pppd on a 2.4.20 kernel... |
|
Back to top |
|
|
uriahheep__ n00b
Joined: 03 Feb 2003 Posts: 15
|
Posted: Wed Oct 01, 2003 8:07 pm Post subject: Small clarification... |
|
|
Now it's working. For some reason, it wants
Code: |
name "username@isp.net" # Yes, my real email address goes here and no, this isn't it...
|
in the options file as well as the "plugin pppoe.so" line.
Not sure why this is, since I set up the /etc/conf.d/net.ppp0 file and /etc/ppp/peers with the name of my ISP as per above... Same with the pap-secrets file. |
|
Back to top |
|
|
Wayne- n00b
Joined: 13 Oct 2002 Posts: 6
|
Posted: Mon Oct 20, 2003 1:49 am Post subject: username = user@istop |
|
|
The reason for that is the way PPP hands over login name on the PPPoE protocol. On the PPPoE side, the ISP is part of the user's login name, so you are "thisuser@thisisp". With that, the master server receiving your authentication request can direct it to the proper ISP, who will then verify that you are one of his customers. The ISP settigs in the PPP config are there just to sort thing out so you can dial to one "isp" instead of another one. |
|
Back to top |
|
|
bone Apprentice
Joined: 07 Jun 2002 Posts: 255 Location: Midwest, USA
|
Posted: Thu Dec 04, 2003 9:47 pm Post subject: HELP |
|
|
BUMP.. someone was a duplicate post.
Last edited by bone on Thu Dec 04, 2003 9:53 pm; edited 1 time in total |
|
Back to top |
|
|
bone Apprentice
Joined: 07 Jun 2002 Posts: 255 Location: Midwest, USA
|
Posted: Thu Dec 04, 2003 9:48 pm Post subject: HELP |
|
|
I cant seem to get this going at all.
I have literally set everything up the way the first post said, the only things in my /etc/conf.d/net.ppp0 file are the following
[Code]
PEER="swbell"
DEBUG="no"
PERSIST="yes" # You want to reconnect if the connection is dropped
ONDEMAND="no"
MODEMPORT="eth0" # Wierd isn't it
LINESPEED="" # Doesn't matter
INITSTRING=""
DEFROUTE="yes"
HARDFLOWCTL="no"
ESCAPECHARS="no"
PPPOPTIONS=""
USERNAME=""
PASSWORD=""
NUMBER=""
PEERDNS="yes" # Optional
AUTOCFGFILES="no" # This one is important, if you do not set it to no, it will screw up your whole config.
[/Code]
and I only have two lines in my /etc/ppp/options file:
[Code]
plugin pppoe.so
lock
[/Code]
When I type /etc/init.d/net.ppp0 start, i get an error that seems to be showing my the syntax of pppd, and some of the options that should be passed to it.
I didnt do anything special to the emerge of ppp, could this be why?
HELP.
P.S. Sorry, I am at work or I could give you the exact error that the /etc/init.d/net.ppp0 start command generated.
UPDATE: I just realized that I didnt have the username, password, or number fields set in my /etc/conf.d/net.ppp0. could this be the problem? I know what to set the username and password to, but what do I set the number to? |
|
Back to top |
|
|
Jeld Tux's lil' helper
Joined: 28 Jun 2002 Posts: 84 Location: NYC, US
|
Posted: Thu Dec 04, 2003 10:27 pm Post subject: |
|
|
Do you have PPP over Ethernet support in the kernel? _________________ package JAPH;sub x{$/='$';@1=map{$_=ord;$_--;chr}
split//,<DATA>;@2=map{$_=ord;$_++;chr}split//
,<DATA>;$_=sub{$.++%2?shift@2:shift@1};bless$_;}
1;$x=JAPH->x;for(1..25){print&$x,;}__DATA__
Kt!ouf!fmIdf"$ts@ngqOq`jq |
|
Back to top |
|
|
bone Apprentice
Joined: 07 Jun 2002 Posts: 255 Location: Midwest, USA
|
Posted: Thu Dec 04, 2003 10:39 pm Post subject: |
|
|
Yes, I do have all the correct stuff in the kernel. The thing here is I have did this before (for the past two years) but always used rp-pppoe. I have begun to hate the overhead/CPU cycles that the rp-pppoe software implementation is using and decided to try this other way. |
|
Back to top |
|
|
bone Apprentice
Joined: 07 Jun 2002 Posts: 255 Location: Midwest, USA
|
|
Back to top |
|
|
den_RDC Apprentice
Joined: 25 Aug 2002 Posts: 166 Location: beercountry, Belgium;)
|
Posted: Wed Dec 31, 2003 4:31 am Post subject: |
|
|
It worked here, although i did use the german options file in order to get it work (and i realized my german is in a very bad chape). anyway, i still got some problems : some websites just stall. I reasearched it and it seems this has something to da with an MSS value (whatever that means). Rp-pppoe does mss-clamping to get around whatever the issue is, but i can't seem to find anything remotly similar. Any clues? |
|
Back to top |
|
|
voosuz n00b
Joined: 29 Nov 2003 Posts: 29
|
Posted: Wed Dec 31, 2003 2:28 pm Post subject: |
|
|
den_RDC wrote: | It worked here, although i did use the german options file in order to get it work (and i realized my german is in a very bad chape). anyway, i still got some problems : some websites just stall. I reasearched it and it seems this has something to da with an MSS value (whatever that means). Rp-pppoe does mss-clamping to get around whatever the issue is, but i can't seem to find anything remotly similar. Any clues? |
i had exactly the same problem. i spent a few hours messing around with MTU/MRU and whatever else i could find but couldn't get it working either. in the end i just put the adsl-start command in the init.d script and am now using the rp-pppoe daemon again. ugly, i know, but at least it works as expected. _________________ 25 minutes to go |
|
Back to top |
|
|
den_RDC Apprentice
Joined: 25 Aug 2002 Posts: 166 Location: beercountry, Belgium;)
|
Posted: Fri Jan 02, 2004 8:48 pm Post subject: |
|
|
well, i finally found a solution that does the mss clamping trick.
A oneliner :
Code: |
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmt |
Execute this command after your iptables firewall script (if u do it before the script it might not work if your script flushes the tables). This will not work for the local host (the router/firewall itself). If that's a problem, just execute it again but replace FORWARD with OUTPUT. This also needs the right iptables module present or compiled in the kernel (don't know wich one, i enabled them all on my setup).
For more information visit http://blue-labs.org/howto/mtu-mss.php
It explains nicely what's causing this problem (braindead admins ) |
|
Back to top |
|
|
Kihaji Apprentice
Joined: 12 Sep 2002 Posts: 230
|
Posted: Thu Jan 08, 2004 7:33 pm Post subject: |
|
|
den_RDC wrote: | It worked here, although i did use the german options file in order to get it work (and i realized my german is in a very bad chape). anyway, i still got some problems : some websites just stall. I reasearched it and it seems this has something to da with an MSS value (whatever that means). Rp-pppoe does mss-clamping to get around whatever the issue is, but i can't seem to find anything remotly similar. Any clues? |
The actuall issue here is that PPPOE adds 8 bits on top of your current MSS value (maximum segment size btw), so with your MSS set to 1500, it is really being sent out at 1508, which a lot of sites will not accept. Lowering it 1492 sends it out at 1500, which is what you want.
Now if I can only get this working... |
|
Back to top |
|
|
Jeld Tux's lil' helper
Joined: 28 Jun 2002 Posts: 84 Location: NYC, US
|
Posted: Fri Jan 16, 2004 8:46 pm Post subject: |
|
|
Unfortunately, I have switched providers, and now I do not have PPPoE guiney pig to do evil experiments on. I will not be able to provide any support for my HOWTO. Sorry. _________________ package JAPH;sub x{$/='$';@1=map{$_=ord;$_--;chr}
split//,<DATA>;@2=map{$_=ord;$_++;chr}split//
,<DATA>;$_=sub{$.++%2?shift@2:shift@1};bless$_;}
1;$x=JAPH->x;for(1..25){print&$x,;}__DATA__
Kt!ouf!fmIdf"$ts@ngqOq`jq |
|
Back to top |
|
|
den_RDC Apprentice
Joined: 25 Aug 2002 Posts: 166 Location: beercountry, Belgium;)
|
Posted: Sun Mar 21, 2004 1:11 am Post subject: |
|
|
Kihaji wrote: | den_RDC wrote: | It worked here, although i did use the german options file in order to get it work (and i realized my german is in a very bad chape). anyway, i still got some problems : some websites just stall. I reasearched it and it seems this has something to da with an MSS value (whatever that means). Rp-pppoe does mss-clamping to get around whatever the issue is, but i can't seem to find anything remotly similar. Any clues? |
The actuall issue here is that PPPOE adds 8 bits on top of your current MSS value (maximum segment size btw), so with your MSS set to 1500, it is really being sent out at 1508, which a lot of sites will not accept. Lowering it 1492 sends it out at 1500, which is what you want.
Now if I can only get this working... |
Actually, you are confusing MSS and MTU.
Besides, sending a PPPOE packet with 1508 bytes out over ethernet would not work, since ethernet (at least 10/100mbit) has a maximum frame size of 1518 bytes, wich results in a maximum MTU of 1500 bytes. (gigabit ethernet can send bigger frames, the so called jumbo-frames) |
|
Back to top |
|
|
fincoop Tux's lil' helper
Joined: 02 Feb 2004 Posts: 143
|
Posted: Mon Mar 29, 2004 12:00 am Post subject: MTU Clamping - UDP/ICMP/Other IP? |
|
|
I got this howto to work, thanks very much. I found that the TCP MSS clamping via Iptables is mostly effective, but this forums page wouldn't load for example, so I dropped the MSS to 1300.
Now, what about UDP or other IP connections?
There has to be a way to lower the MTU/MRU to a lower value successfully?
Thanks |
|
Back to top |
|
|
fincoop Tux's lil' helper
Joined: 02 Feb 2004 Posts: 143
|
Posted: Wed Mar 31, 2004 12:32 am Post subject: Re: MTU Clamping - UDP/ICMP/Other IP? |
|
|
fincoop wrote: | I got this howto to work, thanks very much. I found that the TCP MSS clamping via Iptables is mostly effective, but this forums page wouldn't load for example, so I dropped the MSS to 1300.
Now, what about UDP or other IP connections?
There has to be a way to lower the MTU/MRU to a lower value successfully?
Thanks |
Went back to RP... can't deny that it works very well. |
|
Back to top |
|
|
Paranoid Apprentice
Joined: 07 Jan 2004 Posts: 290 Location: Portland, ME
|
Posted: Mon Apr 05, 2004 11:31 pm Post subject: |
|
|
Well just wanted to post that I had success with the above listed config plus adding the name="username@isp" to the options file. Very happy, haven't noticed any stalling as I haven't clamped the mss-but then in rp-pppoe I had clamping turned off anyways. Perhaps it's just my imagination but web page loads seem to be a little snappier now too Thanks for the good info.
Although I do have one complaint-the ppp kernel plugin is now named rp-pppoe.so, WTF? _________________ A paranoid is someone who knows a little of what's going on.
William S. Burroughs |
|
Back to top |
|
|
OhSh33t Apprentice
Joined: 03 Sep 2003 Posts: 169 Location: South-Seattle Park
|
Posted: Thu Apr 08, 2004 2:09 pm Post subject: Re: MTU Clamping - UDP/ICMP/Other IP? |
|
|
fincoop wrote: | fincoop wrote: | I got this howto to work, thanks very much. I found that the TCP MSS clamping via Iptables is mostly effective, but this forums page wouldn't load for example, so I dropped the MSS to 1300.
Now, what about UDP or other IP connections?
There has to be a way to lower the MTU/MRU to a lower value successfully?
Thanks |
Went back to RP... can't deny that it works very well. |
I don't know if this helps. As I'm just lurking through the forums right now. But you should be able to set the mtu on any interface you want via.... E.G.
Code: |
# /sbin/ifconfig ppp0 mtu 1492
or
# ifconfig ppp0 mtu 1492
then
# ifconfig ppp0
(you'll notice that the mtu is now 1492)
When I'm root I use full path for all commands. Personal choice.. So the second one works just like the first. man ifconfig might have some additional info.
|
When I had a pppoe connection I had to make sure all machines behind the firewall also had there MTU's set to 1492.
Hope that helps. Please let me know. I will be helping a friend setup pppoe
on a really old Intel MMX 200MHz machine.. I keep here'ing the rp-pppoe chews up allot of cpu cycles.. I think that would be bad for him.
Thanks, _________________ JB |
|
Back to top |
|
|
-=LeXuS=- n00b
Joined: 04 Nov 2003 Posts: 56
|
Posted: Sun May 09, 2004 12:31 pm Post subject: |
|
|
Hi,
ive got a small problem with this howto... all things seems to work, but after starting net.ppp0 the script runs into this line and waits.... and wait....
Is it a typo?
Quote: | while [ -e /proc/sys/net/ipv4/conf/ppp0 ]; do sleep 1; done |
I think it shout be
while [ ! -e /proc/sys/net/ipv4/conf/ppp0 ]; do sleep 1; done
Bye |
|
Back to top |
|
|
AndCycle n00b
Joined: 05 Jun 2004 Posts: 19
|
Posted: Sat Jun 05, 2004 11:26 am Post subject: some update to this topic |
|
|
some update to this topic
with current net-dialup/rp-pppoe ebuild v3.5
Quote: | 1. There is no /etc/init.d script for the service. |
we got /etc/init.d/rp-pppoe in current ebuild
Quote: | 2. rp-pppoe package is a software redirector wasting prescious CPU cycles on redirecting PPP traffic to ethernet controller, while there is a perfectly
( well... individual results may vary ) working kernel module doing the same thing.
3. The setup is much too complex. |
no longer a real problem in current ebuild,
it's very simple to do this job to make rp-pppoe using kernel mode now
I compiled the kernel with ppp support like Jeld said as module,
emerge rp-pppoe and ppp,
modified /etc/ppp/pppoe.conf, searching for LINUX_PLUGIN,
changed it into "LINUX_PLUGIN=/usr/lib/pppd/2.4.2/rp-pppoe.so"
(gentoo put this plugin at different path )
and it works |
|
Back to top |
|
|
hoschi Advocate
Joined: 19 Jul 2003 Posts: 2517 Location: Ulm, Germany, Europe
|
|
Back to top |
|
|
AndCycle n00b
Joined: 05 Jun 2004 Posts: 19
|
Posted: Sun Jun 06, 2004 4:16 pm Post subject: |
|
|
oops, sorry I didn't mention that,
kernel mode can be directly used by rp-pppoe now,
so no longer need to modified or using the net.ppp
the only step I take from Jeld is recompile kernel with ppp modules and emerge ppp,
rest of work is modified /etc/ppp/pppoe.conf, adsl-setup, then /etc/init.d/rp-pppoe start |
|
Back to top |
|
|
hoschi Advocate
Joined: 19 Jul 2003 Posts: 2517 Location: Ulm, Germany, Europe
|
Posted: Sun Jun 06, 2004 5:19 pm Post subject: |
|
|
yes,
it is a error in the howto!
edit the /etc/ppp/options, and add:
plugin pppoe.se
name "your user name"
lock
and so you don't need rp-pppoe, ok, it is now only comsetic, but a emerge less to do
ps: ich wrote three bash-scipts, for start, stop and status and now ist really my "own" way for getting a internet-connection
thank you, bye _________________ Just you and me strogg! |
|
Back to top |
|
|
|