Лыцарь пичальнава образа - June 8th, 2011 [entries|archive|friends|userinfo]
silly_sad

[ userinfo | ljr userinfo ]
[ archive | journal archive ]

June 8th, 2011

Beeline Home Internet in Linux (CentOS) [Jun. 8th, 2011|05:37 pm]
Internet providers' complete and inpenetrable stupidity is very well known and common issue.
There also is another issue -- the imperative thinking manner of most users -- it causes the multitude of recipes planted all over the internet at plenty giving you no useful idea how the things should be arranged.
Thus, internet is full of rubbish information.
In combination these two prerequisite are making the "beeline home internet" a real pain to bring up.

I just want to put a declarative instruction, describing the solution.
My own, painfully born solution.

Special thanx to deepcored@lj for guidance, and to LexT for http://homenet.beeline.ru/index.php?showtopic=289658


(1) We need the following software:

pppd
xl2tpd

which is available at "epel" repository and "poptop" repository.
they say it is useful to connect to "poptop" and "pptp-stable" repos and update the system.
feel free to try to install these repos' descriptions via rpm

rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

(xl2tpd 1.2.8 is not necessary -- 1.2.7 is enough.)


(2) The connect procedure is:

(2.1) obtain IP,GW,NS from the beeline DHCP
(2.2) bring up ppp tunnel to the beeline VPN gate
(2.3) compose proper routing table

(2.1) (assuming we are using CentOS)
we need the following configuration of the network service:

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

dhclient should himself create proper /etc/resolv.conf,
and add the default route to the beeline local network gateway.

do connect the eth interface to the beeline cable
and restart network service
then observe the output of "ifconfig -a" and "route -n"

$ service network restart
$ ifconfig -a
$ route -n
eth0      Link encap:Ethernet  HWaddr 00:0D:61:A6:39:FE
          inet addr:10.1.115.231  Bcast:10.1.119.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.112.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.1.112.1      0.0.0.0         UG    0      0        0 eth0


since this moment u should be able to:
ping NS servers,
resolve any domain names (including the name of the VPN gate tp.internet.beeline.ru),
ping tp.internet.beeline.ru

all these traffic goes through 10.1.112.1
where 10.1.112.1 is given by the DHCP

the trouble is the DEFAULT ROUTE.
there should be the route to the beeline local network but it should NOT be default.
keep it in mind.


(2.2) To bring up ppp tunnel we are going to use xl2tpd since beeline imposed to use L2TP protocol.

we have to configure both: xl2tpd and pppd.

$ cat /etc/xl2tpd/xl2tpd.conf

[global]
access control = no
auth file = /etc/ppp/chap-secrets

[lac beeline]
lns = tp.internet.beeline.ru
redial = yes
redial timeout = 5
require chap = yes
require authentication = no
; your account name -- usually equal to account number -- consult your papers
name = your-account-name
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
require pap = no
autodial = yes

$ cat /etc/ppp/chap-secrets

your-account-name * your-password *

$ cat /etc/ppp/options.xl2tpd

unit 0
# the same account name again
name your-account-name
remotename L2TP
ipparam beeline
connect /bin/true
nodeflate
nobsdcomp
persist
maxfail 0
nopcomp
noaccomp
noauth
defaultroute

note this "defaultroute" option would have no effect since we already have a default route in the routing table
keep it in mind, and keep this option ON.

if u now start xl2tpd a ppp device would be created but it would be useless, and no internet access u would have.


(2.3) The routing table should contain default route via a ppp device,
and at the same time it should contain route to the VPN gate and the Name Servers located in the beeline local network.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
213.132.75.10   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.1.112.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
213.132.0.0     10.1.112.1      255.255.0.0     UG    0      0        0 eth0
10.0.0.0        10.1.112.1      255.0.0.0       UG    0      0        0 eth0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0


notice the default route via 10.1.112.1 is replaced with two subnet routes.
where 10.1.112.1 is given by DHCP and obtained from the "route -n" output.
and 10.0.0.0 is the obvious guess
and 213.132.0.0 is guessed from /etc/resolve.conf given by DHCP

$ cat /etc/resolv.conf

; generated by /sbin/dhclient-script
search beeline
nameserver 213.132.64.107
nameserver 213.132.64.108


fortunately pppd provides the possibility to take some actions right before the ppp interface goes up.
pppd shall execute /etc/ppp/ip-pre-up script (if it has the 'x' permission)
i code my route table transformation into a script named /etc/ppp/ip-pre-up
since it eliminates the default route
pppd would later add his own default route via ppp0 (the last row in the table)

$ cat /etc/ppp/ip-pre-up

#! /bin/bash

echo $1 , $2 , $3 , $4 , $5 , $6 >> /var/log/ip-up.log

PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
export PATH

LOCALGW=`route -n | egrep '^0\.0\.0\.0' | grep UG | awk '{print $2;}' | head -n 1`
NSSUBNET=`egrep '^nameserver' /etc/resolv.conf | awk '{print $2;}' | head -n 1 | awk -F '.' '{print $1 "." $2 ".0.0";}'`

route del default
route add -net 10.0.0.0 netmask 255.0.0.0 gw $LOCALGW
route add -net $NSSUBNET netmask 255.255.0.0 gw $LOCALGW
route -n

exit 0

if u now start xl2tpd it should give you the internet access.

to finish the picture full of unnecessary IP adresses i should post my ifconfig -a output.
take a look and find the connection with the routing table, this is the picture of the working example.


$ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:0D:61:A6:39:FE
          inet addr:10.1.115.231  Bcast:10.1.119.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ppp0      Link encap:Point-to-Point Protocol
          inet addr:2.93.200.3  P-t-P:213.132.75.10  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1


P.S.
i have turned on the "tunnel debug" and the "network debug" options of xl2tpd
and run xl2tpd -D
and i have seen a disgusting picture (is repeating ten times a minute):

xl2tpd[2977]: network_thread: recv packet from 10.255.255.244, size = 40, tunnel = 3198, call = 33623 ref=0 refhim=0
xl2tpd[2977]: expand_payload: payload, cid = 55444, Ns = 0, Nr = 30466
xl2tpd[2977]: expand_payload: Oops, lost a packet or two (0). continuing...

google is silent.
i have no idea.
LinkLeave a comment

navigation
[ viewing | June 8th, 2011 ]
[ go | Previous Day|Next Day ]