Router:Linux - Debian

From AAISP Support Site
Revision as of 21:11, 15 July 2015 by TomJepp (talk | contribs) (Written up to the end of the pppd configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

You might choose to use a Linux machine as your router rather than an off-the-shelf piece of routing hardware.

You'll need to use an ADSL or FTTC modem in bridge mode for this to work - see the page for your modem to see how to set that up.

This guide provides an example configuration for Debian Jessie.

Prerequsites

  • a Linux PC with Debian Jessie already installed and two network interfaces - one for the connection to the modem, and one for the connection to your LAN
  • a ADSL or FTTC modem, or a fibre ONT (for FTTP) (as appropriate for your connection)

Assumptions

  • eth0 is plugged directly into your modem or ONT
  • eth1 will be used for your LAN

Howto

Setting up pppd

pppd will be used to actually connect to A&A.

To install pppd, and the other software that will be required run:

apt-get update
apt-get install pppd pppoe iproute2

pppd uses several different configuration files:

  • /etc/ppp/options - default settings for pppd
  • /etc/ppp/peers/aaisp - the configuration file for settings specific to connecting to A&A
  • /etc/ppp/chap-secrets - the location where your A&A line password is stored

/etc/ppp/options should be left as-is - we will not change this file.

/etc/ppp/peers/aaisp

This file contains the settings that are used to configure your connection to A&A:

user your-username-here
plugin rp-pppoe.so eth0
noipdefault
defaultroute
hide-password
lcp-echo-interval 1
lcp-echo-failure 10
noauth
persist
maxfail 0
mtu 1492
noaccomp
default-asyncmap
+ipv6
ipv6cp-use-ipaddr
ifname pppoe-aaisp

Each line in this file sets a different setting:

  • user your-username-here - this line sets the username that pppd will use to log in. Replace "your-username-here" with your A&A line username. It will be in the form "example@a.1"
  • plugin rp-pppoe.so eth0 - tells pppd to load the PPPoE plugin, and to use the network interface "eth0" to connect
  • noipdefault - tells pppd not to try and guess an IP to use, but instead to use the IP explicitly given by A&A
  • defaultroute - automatically set the PPP connection as your default route (for IPv4 only)
  • hide-password - hides your password when logging authentication packets
  • lcp-echo-interval 1 - send a LCP echo to A&A once every second
  • lcp-echo-failure 10 - automatically drop the connection after 10 failed LCP echoes
  • noauth - don't require A&A to send authentication details
  • persist - automatically reconnect if the connection drops
  • maxfail 0 - sets the the number of consecutive failed connection attempts before pppd gives up. Setting this to 0 means that pppd will retry forever
  • mtu 1492 - sets the max MTU for packets inside the PPP connection - 1492 is a "safe" value for PPPoE on most hardware. Some modems will be able to use "baby jumbo frames" (RFC 4638). See the "Using a full 1500 MTU" section for more details.
  • noaccomp - disables address/control compression
  • default-asyncmap - disables the negotation of an asyncmap - forces all control characters to be escaped
  • +ipv6 - enable IPv6 support
  • ipv6cp-use-ipaddr - use your IPv4 address as the local identifier for IPv6CP
  • ifname pppoe-aaisp - renames the PPP connection from an automatically generated name (such as ppp0) to pppoe-aaisp - this makes further configuration easier!

/etc/ppp/chap-secrets

This file contains the password that is used to connect to A&A.

# Secrets for authentication using CHAP
# client      server   secret                      IP addresses
example@a.1   *        YourLinePasswordGoesHere

Replace "YourLinePasswordGoesHere" with the password for your A&A connection.

Making IPv6 work with pppd

Out of the box, you'll notice that you can't access the internet using IPv6.

This is because pppd doesn't create a default route for IPv6. We can force it to do this by creating another file.

Create /etc/ppp/ipv6-up.d/0000-defaultroute, and enter the following contents:

#!/bin/bash
/sbin/ip -6 route add default dev $1

Now run:

chmod 755 /etc/ppp/ipv6-up.d/0000-defaultroute

This file will now be run every time your PPP connects, and will automatically create an IPv6 default route!

Testing pppd

Before you proceed, you should test your ppp configuration.

Firstly, run:

pppoe -I eth0 -A

This should produce some output similar to the following:

Access-Concentrator: acc-aln1.ry
Got a cookie: 79 f0 19 2c d3 ec ae 4b 04 75 ee 8a 30 76 a6 ea
AC-Ethernet-Address: a0:f3:e4:34:5f:8f

If something is wrong, you will probably get:

pppoe: Timeout waiting for PADO packets

If you get this error message, check your configuration matches the examples above. If you're still stuck, contact A&A support.

Now try to actually connect:

pon aaisp
tail -n 20 /var/log/messages

This should produce output like the following:

Jul 15 22:05:45 router pppd[23049]: Plugin rp-pppoe.so loaded.
Jul 15 22:05:45 router pppd[23050]: pppd 2.4.6 started by thomas, uid 0
Jul 15 22:05:45 router pppd[23050]: PPP session is 522
Jul 15 22:05:45 router pppd[23050]: Connected to 00:03:97:1c:80:02 via interface eth0
Jul 15 22:05:45 router pppd[23050]: Renamed interface ppp0 to pppoe-aaisp
Jul 15 22:05:45 router pppd[23050]: Using interface pppoe-aaisp
Jul 15 22:05:45 router pppd[23050]: Connect: pppoe-aaisp <--> eth0
Jul 15 22:06:32 router pppd[23050]: CHAP authentication succeeded
Jul 15 22:06:32 router pppd[23050]: CHAP authentication succeeded
Jul 15 22:06:32 router pppd[23050]: peer from calling number 00:03:97:1C:80:02 authorized
Jul 15 22:06:32 router pppd[23050]: local  IP address <your WAN IP address here>
Jul 15 22:06:32 router pppd[23050]: remote IP address 81.187.81.187
Jul 15 22:06:32 router pppd[23050]: local  LL address fe80::5893:5ee6:a435:8672
Jul 15 22:06:32 router pppd[23050]: remote LL address fe80::0203:97ff:fe19:8000

If it does, then your pppd configuration works perfectly! Run the following to disconnect, and do the rest of the configuration:

poff aaisp