[rofug] PPPOE

[Tarabuta Radu]

Salut la toata lumea.
NU prea obisnuiesc sa pun intrebari pe rofug ca ma descurc singur in general
dar acu cred ca imi scapa ceva.

Vreau sa fac un server de pppoe cu raddius.

Am adaugat in kernel
options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_ETHER

ppp.conf l-am pus mai jos.

Totul e fain si frumos. merge ok, insa la fiecare conexiune ma trezesc ca-mi
deschide un proces. Evident cand dau acolo un ps am sute de procese de la
fiecare conexiune in parte.

Problema n-ar fi asa mare dar in momentul cand cineva scoate mufa de la placa
de retea, o baga din nou si vrea sa se conecteze nu mai poate.

In loguri imi da urmatorul mesaj:
Warning: iface add: ioctl(SIOCAIFADDR, 86.127.52.0 -> 86.127.52.100): File
exists.
Cu siguranta ca el nu-mi inchide procesul conexiunii respective.
Evident dupa ce ii inchid procesul clientul reuseste sa se conecteze.

Cum as putea sa fac toata treaba din kernel (sa nu-mi mai deschida procesele
alea externe) si sa nu mai am problema cu ip-urile.

O zi faina la toata lumea.

====================================
# cat /etc/ppp/ppp.conf
default:
set log Chat Command Phase #turn on some logging. See man
ppp.conf
enable chap
# alow mode direct #turn on ppp bridging
enable proxy #turn on ppp proxyarping (redundant of
a
disable ipv6cp #we don't use ipv6, don't want the
errors
set mru 1492 #set mru below 1500 (PPPoE MTU issue)
set mtu 1492 #set mtu below 1500 (PPPoE MTU issue)

set ifaddr 86.127.52.0/24 86.127.56.1-86.127.52.250
set speed sync
set timeout 0
set dns 193.230.240.21
enable lqr
accept dns
set radius /etc/ppp/radius.conf

--
Tarabuta Radu
Network Administrator

UPC Romania PL Suceava
Str. Petru Rares Nr 19
Suceava

T  +40 330 100 301
M  +40 745 386 444
www.upc.ro

 Chiar ai nevoie sa printezi acest email? Padurile noastre sunt in pericol...

________________________________________________________
To unsubscribe send a mail to rofug+un...@rofug.ro

[Adrian Penisoara]

Hi,

2009/8/10 Tarabuta Radu <radu.t...@upc.ro>

Salut la toata lumea.
NU prea obisnuiesc sa pun intrebari pe rofug ca ma descurc singur in general
dar acu cred ca imi scapa ceva.

Vreau sa fac un server de pppoe cu raddius.

Am adaugat in kernel
options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_ETHER

ppp.conf l-am pus mai jos.

Totul e fain si frumos. merge ok, insa la fiecare conexiune ma trezesc ca-mi
deschide un proces. Evident cand dau acolo un ps am sute de procese de la
fiecare conexiune in parte.

Problema n-ar fi asa mare dar in momentul cand cineva scoate mufa de la placa
de retea, o baga din nou si vrea sa se conecteze nu mai poate.

In loguri imi da urmatorul mesaj:
Warning: iface add: ioctl(SIOCAIFADDR, 86.127.52.0 -> 86.127.52.100): File
exists.
Cu siguranta ca el nu-mi inchide procesul conexiunii respective.
Evident dupa ce ii inchid procesul clientul reuseste sa se conecteze.

Cum as putea sa fac toata treaba din kernel (sa nu-mi mai deschida procesele
alea externe) si sa nu mai am problema cu ip-urile.

Din cate tin minte flow-ul PPPoE este ca procesul pppoed asculta in promiscous direct pe interfata Ethernet si pentru fiecare request client deschide cate un proces (user) ppp. Nu cred ca exista scheme alternative pentru asa ceva si ma indoiesc ca merge sa cuplezi pppd (kernel PPP).

Ca sa poti determina procesele PPP ele insele sa recunoasca starea deconectata ar trebui sa activezi LQR (Link Quality Req) pentru a monitoriza starea conexiunii. Ceva de genul:

 enable lqr

 set lqrperiod 10

Eu am pe partea client un PPPoE si folosesc cu succes setarea asta. Eventual pui o valoare cat mai mica pentru lqrperiod (in sec.).

Sa ne spui si noua ce rezultate/solutie obtii.

Regards,

Adrian.

[Tarabuta Radu]

Salut la toata lumea:
N-a mers combinatia asta.
Aveam activat lqr dar nu era setata perioada la 10 sec.
Am dat toata lumea afara si m-am conectat cu un singur calculator.
Daca ma deconectez normal totul e ok.
Daca insa scot cablul de retea din spate si incerc sa me deconectez din nou
imi apare aceeasi eroare (am pus o bucata mai mare de log) iar procesul cu
pid-ul 16565 imi sta bine mersi fara sa-l inchida cineva.

Mai aveti vreo varianta castigatoare?

O zi faina la toata lumea.

# ps ax | grep ppp
16558 ?? Ss 0:00.01 /usr/libexec/pppoed -d -P /var/run/pppoed.pid -a
serverPPPoE -l default -p * em1
16565 ?? Ss 0:00.03 /usr/sbin/ppp -direct default
16624 p1 RL+ 0:00.00 grep ppp
37615 p7 I+ 0:00.12 tail -f /var/log/ppp.log

Aug 13 09:47:28 master ppp[16569]: Phase: deflink: Created in closed state
Aug 13 09:47:28 master ppp[16569]: Command: default: enable chap
Aug 13 09:47:28 master ppp[16569]: Command: default: enable proxy
Aug 13 09:47:28 master ppp[16569]: Command: default: disable ipv6cp
Aug 13 09:47:28 master ppp[16569]: Command: default: set mru 1492
Aug 13 09:47:28 master ppp[16569]: Command: default: set mtu 1492
Aug 13 09:47:28 master ppp[16569]: Command: default: set ifaddr 86.127.56.0/24
86.127.56.1-86.127.56.250
Aug 13 09:47:28 master ppp[16569]: Command: default: set speed sync
Aug 13 09:47:28 master ppp[16569]: Command: default: set timeout 0
Aug 13 09:47:28 master ppp[16569]: Command: default: set dns 82.79.225.1
82.79.225.2
Aug 13 09:47:28 master ppp[16569]: Command: default: enable lqr
Aug 13 09:47:28 master ppp[16569]: Command: default: set lqrperiod 10
Aug 13 09:47:28 master ppp[16569]: Command: default: accept dns
Aug 13 09:47:28 master ppp[16569]: Command: default: set
radius /etc/ppp/radius.conf
Aug 13 09:47:28 master ppp[16569]: Command: default: set log Chat Command
Phase
Aug 13 09:47:28 master ppp[16569]: Command: default: enable chap
Aug 13 09:47:28 master ppp[16569]: Command: default: enable proxy
Aug 13 09:47:28 master ppp[16569]: Command: default: disable ipv6cp
Aug 13 09:47:28 master ppp[16569]: Command: default: set mru 1492
Aug 13 09:47:28 master ppp[16569]: Command: default: set mtu 1492
Aug 13 09:47:28 master ppp[16569]: Command: default: set ifaddr 86.127.56.0/24
86.127.56.1-86.127.56.250
Aug 13 09:47:28 master ppp[16569]: Command: default: set speed sync
Aug 13 09:47:28 master ppp[16569]: Command: default: set timeout 0
Aug 13 09:47:28 master ppp[16569]: Command: default: set dns 213.164.255.21
83.103.150.21
Aug 13 09:47:28 master ppp[16569]: Command: default: enable lqr
Aug 13 09:47:28 master ppp[16569]: Command: default: set lqrperiod 10
Aug 13 09:47:28 master ppp[16569]: Command: default: accept dns
Aug 13 09:47:28 master ppp[16569]: Command: default: set
radius /etc/ppp/radius.conf
Aug 13 09:47:28 master ppp[16569]: Phase: PPP Started (direct mode).
Aug 13 09:47:28 master ppp[16569]: Phase: bundle: Establish
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: closed -> opening
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: Link is a netgraph node
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: Connected!
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: opening -> carrier
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: carrier -> lcp
Aug 13 09:47:28 master ppp[16569]: Phase: bundle: Authenticate
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: his = none, mine = CHAP
0x05
Aug 13 09:47:28 master ppp[16569]: Phase: Chap Output: CHALLENGE
Aug 13 09:47:28 master ppp[16569]: Phase: Chap Input: RESPONSE (16 bytes from
alexei)
Aug 13 09:47:28 master ppp[16569]: Phase: Radius: Request sent

Aug 13 09:47:28 master ppp[16569]: Phase: Radius(auth): ACCEPT received
Aug 13 09:47:28 master ppp[16569]: Phase: IP 86.127.52.2
Aug 13 09:47:28 master ppp[16569]: Phase: Netmask 255.255.255.0
Aug 13 09:47:28 master ppp[16569]: Phase: MTU 1500
Aug 13 09:47:28 master ppp[16569]: Phase: VJ enabled
Aug 13 09:47:28 master ppp[16569]: Phase: Chap Output: SUCCESS

Si acu din nou aceeasi problema:
================================================

Aug 13 09:47:28 master ppp[16569]: Warning: iface add: ioctl(SIOCAIFADDR,
86.127.52.0 -> 86.127.52.2): File exists
Aug 13 09:47:28 master ppp[16569]: Phase: deflink: lcp -> open
Aug 13 09:47:28 master ppp[16569]: Phase: bundle: Network
Aug 13 09:47:28 master ppp[16569]: Warning: iface add: ioctl(SIOCAIFADDR,
86.127.52.0 -> 86.127.52.2): File exists
Aug 13 09:47:28 master ppp[16569]: Error: ipcp_InterfaceUp: unable to set ip
address

--
Tarabuta Radu

[Ciprian BADESCU]

Salut,

Poti incerca sa verifici permanent conexiunea cu LCP echo messages.
Parametrii sunt in pagina de manual de la pppd:

lcp-echo-failure n
If this option is given, pppd will presume the peer to be dead
if n LCP echo-requests are sent without receiving a valid LCP
echo-reply. If this happens, pppd will terminate the connec-
tion. Use of this option requires a non-zero value for the lcp-
echo-interval parameter. This option can be used to enable pppd
to terminate after the physical connection has been broken
(e.g., the modem has hung up) in situations where no hardware
modem control lines are available.

lcp-echo-interval n
If this option is given, pppd will send an LCP echo-request
frame to the peer every n seconds. Normally the peer should
respond to the echo-request by sending an echo-reply. This
option can be used with the lcp-echo-failure option to detect
that the peer is no longer connected.

Spor,
Ciprian

2009/8/13 Tarabuta Radu <radu.t...@upc.ro>:

[Tarabuta Radu]

Salut
Pana la urma am aplcat varianta asta si vad ca merge

enable lqr echo
set lqrperiod 7

Problema e ca lqrperiod e de fapt 7*5 adica 35 de secunde (la 35 de secunde
imi inchide procesul).
Am lasat asa deocamdata cu 10 useri de test.
Nu stiu insa cum se va comporta daca ii mai bag inca vreo 200 de useri pe gat.
Cu siguranta ca va trimite mesaje echo intr-una. Nu stiu in ce masura imi va
afecta asta incarcarea (procesor/banda).
ce-i drept man-ul de la ppp l-am frunzarit destul de superficial dar am sa dau
atentie si sugestiilor tale.
O zi buna in continuare.

--
Tarabuta Radu
Senior Network Administrator

[Adrian Penisoara]

Hi,

2009/8/24 Ciprian BADESCU <cipi.b...@gmail.com>

Salut,

Poti incerca sa verifici permanent conexiunea cu LCP echo messages.
Parametrii sunt in pagina de manual de la pppd:

Atentie, pppd != ppp . PPPD este in kernel, PPP este in userland. Daemonul pppoed foloseste ppp by default...

Regards,

Adrian.