Connecting to AAISP using PPPoE
From aa-asterisk.org.uk wiki
- WARNING: This is not for the faint hearted! Be prepared to reset your router several times before you get it right!
Contents |
You will need:
- EITHER A router capable of PPPoE and bridge mode (You cannot use PPPoA to bridge because one side of the bridge would be ATM and the other side would be Ethernet. I used a Billion 5200, but you could also use routers such as Solwise SAR-600ER, or Speedtouch 546v6.) OR an FTTC router or FTTP NTE provided by Openreach if you are on one of those services.
- A Debian box as the PPP endpoint. You can use other operating systems but if you want to know how to do that you're on your own.
ADSL Router settings
If you have an ADSL router, the settings you need are PPPoE, Bridge, LLC or VC-Mux (doesn't *seem* to matter which, but I recommend you use LLC unless you have a good reason not to). This varies a lot by router so I'm not going to provide specific instructions here. In this mode your router will *not* require an IP address, as it's a bridge. You can still configure an IP address on the LAN side but this is only used for accessing the router, no ADSL traffic will pass through it as PPPoE is entirely Layer 2.
Clueless settings
On clueless, if you want native IPv6 you must make sure that the 'IP4 endpoint' box for your block of IPv6 addresses is empty, otherwise it will try to tunnel.
Debian PPP settings
Firstly, make sure the packages pppd, pppoe and iproute are installed if you don't already have them. Next, create a file /etc/ppp/peers/aaisp and put one of the following into it:
Either (for userspace PPPoE, which uses more CPU, but doesn't need kernel PPPoE support):
user mylogin@a.1 <----- your AAISP login pty "/usr/sbin/pppoe -I eth0 -T 10 -m 1432" noipdefault defaultroute #usepeerdns <----- uncomment this if you want resolv.conf to be set up automatically hide-password lcp-echo-interval 1 <---- this is how often the LCP echo packets get sent to AAISP, in seconds. lcp-echo-failure 10 <---- this is how many LCP echo failures before the ppp daemon quits connect /bin/true noauth persist maxfail 0 <---- redial forever until your modem regains sync else default is 10x or N times if you enter N #holdoff 120 <---- this will cause pppd to dial once every 2 mins else default is 0 sec mtu 1492 noaccomp default-asyncmap +ipv6 ipv6cp-use-ipaddr
or, for kernel PPPoE, which uses much less CPU, but needs support for PPPoE compiled into the kernel:
user mylogin@a.1 <----- your AAISP login plugin rp-pppoe.so eth0 <----- The ethernet interface to run PPPoE on noipdefault defaultroute #usepeerdns <----- uncomment this if you want resolv.conf to be set up automatically hide-password lcp-echo-interval 1 <---- this is how often the LCP echo packets get sent to AAISP, in seconds. lcp-echo-failure 10 <---- this is how many LCP echo failures before the ppp daemon quits connect /bin/true noauth persist maxfail 0 <---- redial forever until your modem regains sync else default is 10x or N times if you enter N #holdoff 120 <---- this will cause pppd to dial once every 2 mins else default is 0 sec mtu 1492 noaccomp default-asyncmap +ipv6 ipv6cp-use-ipaddr
Next, in /etc/ppp/chap-secrets put in a line like this. The first entry is your AAISP router login, the second is a star, and the third is your router AAISP password. For example:
mylogin@a.1 * pa$$w0rd
Next, create a file /etc/ppp/ipv6-up.d/0000defaultroute. In it place the following shell script:
#!/bin/bash /sbin/ip -6 route add default dev $1
and then set the permissions on this file to 755.
Testing
Run
pppoe -A
You should get something like this (the exact text may vary depending on the type of line you have):
Access-Concentrator: BT_ADSL Got a cookie: 6e c5 4a dd 1e c0 d6 b6 fe b4 4b 23 38 8f 63 58 AC-Ethernet-Address: 00:90:1a:40:f2:9f --------------------------------------------------
if all is well.
Kill pppoe before you attempt to start PPP.
The following text was contributed by jzaw:
Start/Stopping PPP
To start your PPPoE session just type
pon aaisp
and to stop it running
poff aaisp
To start your PPPoE session at boot time you need to edit the /etc/network/interfaces file
Make sure the interface connected to the modem, say eth0, is up first,
then configure the ppp0, for instance
auto eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0
and later in the /etc/network/interfaces file
auto aaisp <---- this interface name can be anything you like, logically here it's called aaisp
iface aaisp inet ppp
provider aaisp <---- same name as is used in /etc/ppp/peers namely aaisp in this case
Test fully by rebooting the router. Hopefully this should be working now! Your PPP device will usually be called ppp0. It would probably be a good idea to run a cron job to restart pppd if it ever crashes. Make sure you are firewalled appropriately with iptables. You can bring up your iptables script with ip-up.local and flush it with ip-down.local
crond to check that pppd is running
Place the file /etc/ppp/checkconncron with this contents
#!/bin/bash
# http://www.aa-asterisk.org.uk/index.php/Connecting_to_AAISP_using_PPPoE
# Important gotcha!
# never have "pppd" in the name of this file or the IF statement will always succeed
# and you'll NEVER achieve a redial
PROVIDER=aaisp
PON=/usr/bin/pon
ECHO=/bin/echo
SYSLOG=/var/log/syslog
# check for pppd ... if it has crashed then restart it
TIMENOW=`date`
TESTRESULT=`ps -e | grep "pppd" | gawk '{ print $4 }'`
if [ "$TESTRESULT" = "pppd" ] ; then
# $ECHO "$TIMENOW pppd is present so we are ok" >> $SYSLOG
else
$ECHO "$TIMENOW pppd is missing so we will have to restart it" >> $SYSLOG
$PON $PROVIDER
fi
Next create a crond, easiest way is to make a crontab for root
su to root and edit the the crontab using
crontab -e
This will open the crontab in your default terminal editor possibly vi or nano etc.
As this is root's crontab the crond will be executed as root so no need to specify the user.
We want to check every 60 seconds that pppd is still running. To check every 5 mins use */5
# m h dom mon dow command */1 * * * * /etc/ppp/checkconncron
save and exit your editor
crontab -l
will confirm the entry
Lastly make sure that your /etc/ppp/checkconncron is both owned by root and executable.
/var/log/syslog should show entries similar to this every minute
Dec 21 18:09:01 adsl-gateway /USR/SBIN/CRON[25041]: (root) CMD (/etc/ppp/checkconncron)
Confirming that (auto) redial works
You should fully test that your ppp redial works
perform each test and reconfigure your config till it works satisfactorally
- unplug and replug the modem cable
- unplug and replug your modem ethernet cable to the box running pppd
- in the terminal as root type
killall -HUP pppd
- then again in the terminal type
killall pppd
- If you are on an AAISP connection you can go to clueless and hit the KILL link (once) to force a disconnect from the ISP end
The progress and result of each test can be watched in /var/log/syslog
Connecting using OpenBSD
Similar can be done under OpenBSD
This example is done using kernel based pppoe and OpenBSD identified my ethernet interfaces according to their chipsets as xl0 and vr0 rather than eth0 and eth1 ... check by using ifconfig
There are some major differences between setups in linux to *bsd, for one in OpenBSD most configs and services are set up in rc.conf not any rcX.d directories with init scripts the other being how each network interface (including ppp interfaces) is defined.
In OpenBSD network interfaces are configured in individual /etc/hostname.if_name files, this includes our pppoe interface .....
/etc/hostname.pppoe0
pppoedev vr0 <----- The ethernet interface to run PPPoE on authproto chap authname 'mylogin@a.1' <----- your actual aaisp login authkey 'pa$$w0rd' <----- your actual aaisp password up inet 81.187.152.232 255.255.255.255 0.0.0.1 <----- change 81.187.152.232 for your static aaisp wan ip !/sbin/route -v add -inet default -ifp pppoe0 0.0.0.1 <----- adding default ipv4 route when dialed in !/sbin/route -v add -inet6 default -ifp pppoe0 fe80:: <----- adding default ipv6 route when dialed in
in the line above
inet 81.187.152.232 255.255.255.255 0.0.0.1
Forces the local ip to 81.187.152.232 (or what ever you enter there) otherwise the connection is dropped and retried if for some reason other end tries to give you a 192 or 172 type of address in error. You could also enter the correct remote ip instead of 0.0.0.1 but if this changes for some reason you won't have a connection ... so best leave it automagical. Thus if you use inet 0.0.0.0 255.255.255.255 0.0.0.1 instead any ip will be accepted for the local and remote ips for ppp and will show correctly in ifconfig once dialed in
Don't edit your /etc/rc.conf, rather add changes to configs to /etc/rc.conf.local. To make rtadvd your announcements run add this...
rtadvd_flags=xl0 <----- this is the interface connected to your lan
Then configure rtadvd by editing or adding /etc/rtadvd.conf
xl0:\
:addrs#1:addr="2001:08B0:0007::":prefixlen#64: <----- use some part of your own aaisp ipv6 range
NOTE that in common with radvd, rtadvd router announcer daemon configures your lan ipv6 ips according to their modified MAC address so the address space is a /64 thus prefixlen is 64 NOT your full given /48 space
Since OpenBSD is running as your router you need to allow forwarding in /etc/sysctl.conf edit, unhash or add ....
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
Once connected to the internet via pppoe you will need some firewalling, PF (Packet Filter) howto's are a bit skimpy and the PF culture and syntax are very different to iptables ... this subject may have to be covered in a separate topic, something for the future.
Tunnelling and other funky tricks
Now that you have your native IPv6 over a PPPoE connection you can start to do some useful stuff. Let's say you're regularly spending time at another location that only has IPv4 and you'd like to use IPv6. At this remote location you could use a free IPv6 tunnel broker like Hurricane Electric (HE) or SixXS. However you are reliant on your connection to the tunnel broker working and on that the tunnel broker is also working. Lets remove one link in this chain ... the tunnel broker, become one for yourself.
There are MANY ways to do this but one of the easiest is to use an (unencrypted) 6in4. You need to set up tunnel ends both at the AAISP end and at the remote end. Initally lets look at the simplest case of a remote client computer (In my case an Apple MacBook) connecting and routing IPv6 across the tunnel and out of the above ppp0 interface.
Note in this example I have a natively routed IPv6 /48 block of which I use on the _lan_ a /64 using radvd to announce the router and automatically set the clients with IPv6 IPs leaving me with plenty of other /64 subnets to use for the tunnel
Substitute your own AAISP assigned IPv6 subnets
2001:8b0:7::/64 for the lan 2001:8b0:7:feed::/64 for the tunnel
At the AAISP end in the above Linux Debian router once again in /etc/network/interfaces file (last in the list)
auto 6in4
iface 6in4 inet6 v4tunnel
address 2001:8b0:7:feed::1 <-------- local IPv6 xxxx:feed::1 remote end will take xxxx:feed::2
netmask 64
local <ppp0 IPv4 IP> <-------- wan interface IPv4 IP in this case ppp0
endpoint <remote IPv4 IP> <-------- wan interface IPv4 IP of remote end, probably a router, not device behind router
ttl 64
to bring the tunnel interface up manually
ifup 6in4
and to tear it down
ifdown 6in4
We are going to configure an OSX MacBook at the remote end, in this case behind NAT. Let's say the WAN IPv4 IP of the NAT router is aaaa.bbbb.cccc.dddd and the LAN IP of the MacBook is 192.168.0.2
Create a bash script to automate the setting up of the tunnel end on the MacBook, chmod +x this script and run it as root
#!/bin/bash # this is for our aaisp tunnel ifconfig gif0 tunnel <local IPv4 IP> <remote IPv4 IP> <-------- local IP is the IP of the MacBook ifconfig gif0 inet6 2001:8b0:7:feed::2 2001:8b0:7:feed::1 prefixlen /128 route -n add -inet6 default 2001:8b0:7:feed::1
work in progress ... to be continued
