> Company- and IT-organisation

> IT-equipment and installation

> Service-applications for the Router

Linux** – Installing of a pptp-Client (for a xDSL-connection with an Ethernet modem)

For this document and all references (links) please obey the hints and regulations concerning copyright, disclaimer and trademarks.

Last revision of this document:
2005-04-28

This document describes the installation of a pptp-Client for a xDSL-connection using an Ethernet-modem.

With the separation of Telecom-Access-Provider (having a monopoly over the cables in a certain area) and Internet-Service-Provider (ISP, offering connection to the internet, providing mailboxes and webspace), the Telecom-Access-Provider needs an instrument to identify to which ISP the TCP/IP-packets should be forwarded and to wrap the throughpassing packets in a way that they retain their information.
To achieve these goals, the TCP/IP-packets are transported using the pptp.

The setup is specific for ADSL of Telekom Austria - but might work with other Telekoms using pptp.
It was tested with an Alcatel-SpeedTouch-510 modem. (These modems are now sold by Thomson).

Credits:

In general thanks to Manuel Capellari, whose document 'ADSL unter Linux' (http://www.gnustuff.com/pub/doc/adsl-howto/adsl-howto.html - in german) was a valuable guideline on the way to my highspeed-internet-connection.
Additional hints I derived from Heimo Schöns HOWTO (http://howto.htlw16.ac.at/at-highspeed-howto.html - in german) particularly the hint of Martin Großhauser how to start / restart the connection using crontab.

Prerequisites:

Installation-instruction:

Configure the Network-Interface-Card for the connection to the internet-service-provider:

The configuration of the NICs is highly dependant on the manufacturer and the type of the NIC.
If there are 2 NICs installed (1 for the internal network, 1 for the connection to an ISP over ADSL, DSL or cable-modem), then it is strongly recommended to use different types of NIC. This simplifies the identification which NIC should be connected to which cable.

Newer network-interface-cards (NIC) are detected during the standard-installation.
If this is so, you will already find the configuration (symbolic i/o and driver) in the file /etc/modules.conf; an example is shown here:

alias eth0 3c59x
alias eth1 ne

If other lines are already existing in this file they must not be deleted.

If the card was not detected during the installation, the bold line might be missing.
In this case, driver and - if the card has not a plug-and-play capability - the i/o-parameters must be assigned manually by editing the file /etc/modules.conf.
A detailed description for a lot of NICs can be found in the Linux Ethernet-HOWTO.

Special procedure for notebooks (pc-card).

NIC-function is available after starting pc-card-services.
For this reason, NICs can not be detected during installation but are available after a restart of Linux.
To identify the adaptors (if there are more than 1 installed), the configuration needs the io-ports of the individual adaptors. This information is written into the log during startup and can be viewed (after logon as 'root') with the command
dmesg | tail

which shows a result containing lines similar like these:
eth0: NE2000 Compatible: io 0x300, irq 3, hw_addr 00:E0:98:33:72:48
eth1: NE2000 Compatible: io 0x340, irq 5, hw_addr 00:E0:98:78:D8:B8

The underlined values are the identifiers of the pc-cards and can be used to assign TCP/IP-addresses.

Setting the TCP/IP-Adresses (for RedHat**-Linux* 9 or Linux Fedora Core 3):

During the installation of the operating-system for the router it was advised not to enter parameters for the second network-interface-card (NIC). So the parameters have to be set manually by editing the file /etc/sysconfig/network-scripts/ifcfg-eth1 :

DEVICE=eth1
BOOTPROTO=static
IPADDR=10.0.0.140
NETMASK=255.0.0.0
ONBOOT=yes

If the configuration is as planned can be verified after a restart with the command:

ifconfig eth1

Installing the pptp-client:

The most current version can be downloaded as a rpm-file from the following internet-site: http://switch.dl.sourceforge.net/sourceforge/pptpclient/pptp-linux-1.5.0-1.i386.rpm :

Download the file to a directory of your choice (furtheron referred as download_directory).

After the download is complete, start the installation using the RedHat-Packet-Manager by issuing the following command:
rpm -Uvh /download_directory/pptp-linux-1.5.0-1.i386.rpm

Store the user-id and password for the connection to the ISP:

The Internet-Service-Provider usually provides an user-id and a password to identify individual clients.
During the dial-in-procedure the ISP performs an identification and requests user-id and password.

There are 2 different authentification-protocols (PAP and CHAP); if you are not sure what protocol the ISP uses it is recommended to store user-id and password for both protocols.

For the PAP-authentification edit the file /etc/ppp/pap-secrets and add the bold printed line.
Instead of the italics printed values in the examples, enter user-id and password provided by the ISP:

# Secrets for authentication using PAP
# client server secret IP adresses
user-id * password

For the CHAP-authentification edit the file /etc/ppp/chap-secrets and add the bold printed line.
Instead of the italics printed values in the examples, enter user-id and password provided by the ISP:

# Secrets for authentication using PAP
# client server secret IP adresses
user-id * password

Edit the configuration file for the pptp-Client:

The pptp-client is controlled - like the ppp-dialer - by the parameters in the file /etc/ppp/options ; the bold printed values have to be modified according to your needs:

#
# Debug-option; recommended for the trial-phase.
# Can be commented out if the pptp-connection is proven as stable
debug
#
# The computer on Internet-Service-Provider (ISP) must provide a temporary TCP/IP-address
noipdefault
#
# The computer on Internet-Service-Provider (ISP) does not have to identify itself
# against the computer dialing-in
noauth
#
# This connection is the default-router from the internal network to the ISP.
defaultroute
#
# User, for whom the password is read out of the file 'pap-secrets' or 'chap-secrets'
user “user-id
#
# End of file

Start / stop / restart script for the pptp-Client

To start or to restart the pptp-Client, I found a suitable script in Heimo Schöns HOWTO. It is stored in the file /etc/rc.d/adsl :

#!/bin/bash
#
# /etc/rc.d/adsl
#
# Script to start / stop /restart the ADSL-modem for a pptp-connection
#
# Tested with RedHat-Linux 9.
# October 2004
# Kurt Gstoettner
#
# This script is based on examples published by
# Sebasian C.B. Sauer <scbATenemyDOTorg>
# Nicolas Croiset <ncroisetATvdldiffussionDOTcom>
# Philippe Jouguet <pjouguetATvdldiffusionDOTcom>
#
# Permission to copy is granted provided that credit is given to all
# documentation you used to understand these procedures
#
# No warranty is implied. Use at your own risk !!
#
start() {
# start the adsl-Client on the ADSL-modem with TCP/IP-address 10.0.0.138
/usr/sbin/pptp 10.0.0.138
# touch the processes to lock them
touch /var/lock/subsys/pptp
touch /var/lock/subsys/pppd
echo -n "adsl:procedure start()."
# Wait 15 seconds to allow the pptp-client to get the TCP/IP-address

# from the Internet-Service-Provider.
# Start the firewall thereafter.
sleep 15s
# Start the firewall and the ip-forwarding if this script runs on the router.
# Otherwise comment out the next line.
firewall
return 1
}
#
stop() {
echo -n "Shutting down PPTP tunnel. "
# Kill the processes for the ppp-protocol (Point-to-Point-Protocol)
# and the Point-to-Point-Tunneling-Protocol
# to free the devices for a new start.
killall /usr/sbin/pppd
killall /usr/sbin/pptp
rm -f /var/loc/subsys/pptp
echo -n "adsl:procedure stop()."
return 1
}
#
firewall()
{
# Run the script to configure the firewall
/etc/rc.d/rc.firewall-iptables
return 1
}
#
#
case "$1" in
start)
# check if the ADSL-modem is operational
if ping -c 1 -w 1 10.0.0.138 > /dev/null
then
echo -n "Starting PPTP/PPP tunnel. "
start
else
# maybe ADSL-modem is just syncing; wait 45 seconds
echo -n "Waiting for ADSL-modem, start delayed ..."
sleep 45s
start
fi
;;
#
stop)
stop
;;
#
restart)
# stop, wait 15 seconds to make sure all asynchronus tasks are completet, start
stop
sleep 15s
start
;;
#
*)
echo -n "Usage: adsl {start|stop|restart}"
exit 1
;;
esac
exit $?

Setting the access-rights for an automated startup

As a prerequisite for automated startup or restart the access-rights of the script must be set as follows:
chmod 4711 /etc/rc.d/adsl

Automatic start / restart of the pptp-client using crontab

As mentioned in the credits, Martin Großhauser developed a pretty smart method to start or restart the pptp-client.
Every 5 minutes a ping is issued to a known TCP/IP-address on the internet. If this ping is without an answer, the Start /stop / restart script is run with the parameter 'restart'.
All this is achieved by simply adding one line to the file /etc/crontab .
As my connection is with the Telekom Austria, I ping their primary nameserver.

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
#
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
# Check periodically if connection to Internet-Service-Provider is still alive;
# Restart the pptp-Client if no response.
0,5,10,15,20,25,30,35,40,45,50,55 * * * * root ping -c 1 195.3.96.67 || /etc/rc.d/adsl restart

Additional hints:

The file can only be edited with access-rights as 'root'.

Test:

On a workstation set the gateway and ping a known address; e.g. the Domain-Name-Server of the Internet-Service-Provider
ping 195.3.96.67

top.