Difference between revisions of "Router:Linux"
|[unchecked revision]||[unchecked revision]|
|Line 134:||Line 134:|
Revision as of 17:59, 24 February 2015
You can use a Linux box in place of a PPPoE-capable router. Why would you want to do this?
- You're already running a Linux box, and you don't see any point in powering a router as well
- You want fine control over packets
- You have a PPPoE router but it doesn't do everything you want
Debian/squeeze and /wheezy
This is what RogerBW is using. It'll probably be much the same on other Linuxen. The basic recipe came from .
You will have two ethernet interfaces - one for your internal network (let's assume that's eth1), one for connection to the BT modem (eth0). You will be running PPPoE over the external interface, creating a new interface that actually passes packets.
- Install ppp, pppoe and iproute.
- Edit /etc/ppp/peers/aaisp to include:
user firstname.lastname@example.org <----- your AAISP login plugin rp-pppoe.so eth0 <----- The ethernet interface to run PPPoE on noipdefault defaultroute #usepeerdns <----- uncomment this if you want resolv.conf to be set up automatically hide-password lcp-echo-interval 1 <---- this is how often the LCP echo packets get sent to AAISP, in seconds. lcp-echo-failure 10 <---- this is how many LCP echo failures before the ppp daemon quits connect /bin/true noauth persist maxfail 0 <---- redial forever until your modem regains sync else default is 10x or N times if you enter N #holdoff 120 <---- this will cause pppd to dial once every 2 mins else default is 0 sec mtu 1492 noaccomp default-asyncmap +ipv6 ipv6cp-use-ipaddr
- Edit /etc/ppp/chap-secrets to include this line, consisting of three tab-separated words. The first entry is your AAISP router login, the second is an asterisk, and the third is your AAISP router password. For example:
email@example.com * pa$$w0rd
- Create /etc/ppp/ipv6-up.d/0000defaultroute. In it place the following shell script:
#!/bin/bash /sbin/ip -6 route add default dev $1
- chmod it 755.
Run as root: pppoe -A
This should show something like this:
Access-Concentrator: BT_ADSL Got a cookie: 6e c5 4a dd 1e c0 d6 b6 fe b4 4b 23 38 8f 63 58 AC-Ethernet-Address: 00:90:1a:40:f2:9f --------------------------------------------------
To start your PPPoE session just type
and to stop it running
You can check connectivity with a cron job, and add a stanza to /etc/network/interfaces to connect at boot.
You will find at this point that most web sites work, but some few don't - they just freeze on loading or during initial SSL negotiation. This is because they are blocking ICMP, which is stupid - in part because they are then unable to indicate or respond to the need to fragment large packets. You can get round it by limiting the maximum packet size for TCP: set TCPfix on your clueless control panel, or on the router:
iptables -t mangle -F FORWARD iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
- Assign your /64 to the inside interface of your router - eth1 in this example.
ifconfig eth1 inet6 add 2001:8b0:blah/64
- Enable ipv6 forwarding by adding to /etc/sysctl.conf:
- If you don't want to reboot, also push these values into /proc/sys/etc.:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
In theory, "default" should apply to all interfaces created later, while "all" should apply to all interfaces that exist now. This doesn't always seem to be the case.
Full startup sequence
ifconfig eth1 up pon aaisp
- There's a bug in 2.6.36, 126.96.36.199, 188.8.131.52 that can cause a kernel panic when the link goes down (55c95e73, fixed in 2a27a03d)
- Linux is capable of supporting RFC 4638 for an MTU of 1500 (or greater) over PPPoE
PPP Not coming back after a blip:
This was reported in IRC on Feb 6th 2011. If you get people saying their line didn't come back or their linux box crashed (as in kernel oopsed) after a blip, turns out there's a bug in the kernel pppoe code for 2.6.36 which has been hitting me. some kind of double free in the disconnect code causes a kernel panic. there's a patch here: http://kerneltrap.org/mailarchive/linux-kernel/2010/12/3/4654538 which seems to work for me