L2TP in Israel with Linux

10-May-2008

This is a short guide on how to configure your Linux machine to connect via L2TP on the cable (Hot) infrastructure. Although this is not a general guide, links to other informative pages have been provided (I'm using Debian testing). Some experience with Linux is required.

Requirements

Install xl2tpd (a fork of the unmaintained l2tpd) and pppd.
Find your ISP's LNS server. (site1, site2 - you may also want to check the required username format here)
Find your ethernet device name (e.g. eth4).

Files and Scripts

/root/bin/fixroute

This script prepares the routing table for the PPP connection. It is based on its namesake, found on this page.

#!/bin/sh # # If our default route goes to some crappy 172.x.x.x # address, remove default gateway and enter a route # to our L2TP server over the same gateway address. # Replace "cablelns.012.net.il" with your L2TP gateway. # # Based on: http://www.l3ech.net/cables_linux_l2tp.php # L2TPGW=cablelns.012.net.il INTERFACE=eth4 SEDEXPR='^0\.0\.0\.0 \+$172\.[0-9]\+\.[0-9]\+\.[0-9]\+$.*' GW=`/sbin/route -n | sed -ne "s/$SEDEXPR$INTERFACE"'.*$/\1/p'` if [ "$GW" != "" ] then echo "fixroute: Found local gateway: $GW" LNS=`host $L2TPGW|grep address|sed "s/.* //"|head -n 1` echo "fixroute: Found L2TP gateway: $LNS" echo "fixroute: adding route to the L2TP gateway..." route add $LNS gw $GW sed -i -e "s/^lns =.*/lns = $LNS/" /etc/xl2tpd/xl2tpd.conf /etc/init.d/xl2tpd force-reload # only restarts if running sleep 2s echo "fixroute: Replacing shitty route..." route del default gw $GW if [ -x /sbin/resolvconf ]; then echo "fixroute: Removing local $INTERFACE nameservers" resolvconf -d $INTERFACE fi fi

/etc/dhcp3/dhclient-enter-hooks.d/0keepCurrentDNSonRenew

When the ethernet inferface lease is renewed by the DHCP client, it has a tendency to overwrite the /etc/resolv.conf file. This is necessary when we don't have the ppp0 interface up yet, but it may prevent you from making new connections if it does this while ppp0 is up.

This script prevents the DHCP client from adding unwanted DNS entries to /etc/resolv.conf when the lease is renewed (TODO check that ppp0 is already up).

if [ "$reason" = RENEW ]; then new_domain_name_servers="" fi

/etc/network/interfaces

This is a sample configuration that automatically starts the eth4 interface and runs the fixroute and connect scripts.

auto eth4 iface eth4 inet dhcp post-up /root/bin/fixroute post-up /root/bin/connect

/etc/xl2tpd/xl2tpd.conf

This is the main configuration file for xl2tpd. The commented (';') lines are for debugging.
Replace the name field with your username.

[global] ;debug avp = yes ;debug network = yes ;debug state = yes ;debug tunnel = yes port = 1701 access control = no [lac cable] name = USERNAME lns = placeholder redial = yes redial timeout = 15 hidden bit = no ppp debug = yes pppoptfile = /etc/ppp/options.cable require authentication = no refuse authentication = yes refuse chap = yes flow bit = yes length bit = yes

Note that some of the fields may be optional, depending on your ISP. Hints for filling out this file were taken from the Netvision L2TP package.

/etc/ppp/pap-secrets

Put your username and password in this file, in this format:

username * password

/etc/ppp/options.cable

This is the configuration file for pppd (don't forget to put in your username).

user username noipdefault usepeerdns noauth lcp-echo-interval 20 lcp-echo-failure 10 defaultroute noaccomp lock

/root/bin/connect

#!/bin/sh # make sure xl2tpd has started /etc/init.d/xl2tpd start sleep 2s echo "c cable" > /var/run/xl2tpd/l2tp-control

/root/bin/disconnect

#!/bin/sh # prevent xl2tpd from redialing echo "d cable" > /var/run/xl2tpd/l2tp-control ifdown eth4

/root/bin/reconnect

#!/bin/sh -x /root/bin/disconnect sleep 1s ifup eth4

Usage

Once you've installed the scripts, the internet connection should come up when your network interface is activated (at boot time).

Disconnecting

To disconnect, use the /root/bin/disconnect script.

Connecting/Reconnecting

To connect, make sure eth4 is down (the disconnect script should do this), and type ifup eth4.
In other words, use the reconnect script.

Firefox/Iceweasel starting in offline mode

If Firefox etc. always starts in "Offline mode" (File -> Work Offline), it could be due to a running NetworkManager (Debian package: network-manager) daemon, causing Firefox to think that there is no network connection. Stop NetworkManager or remove the package to fix this.
See also this bugzilla entry.

Changelog

10-May-2008 - Added js-kit comments. Also added comment on NetworkManager.
22-Feb-2008 - Corrected typo in 0keepCurrentDNSonRenew.
09-Feb-2008 - Added 0keepCurrentDNSonRenew to prevent DHCP renews from overwriting /etc/resolv.conf (hopefully). Also, added links to download scripts. Finally, added a reconnect script.
11-Jan-2008 - fixroute: Added resolvconf support to remove lingering local 192.168.x.x nameserver entries.
22-Dec-2007 - Typos and changes to the Usage section.
06-Nov-2007 - Fixed routing mistakes.
05-Nov-2007 - Initial release.