L3ECH's cable internet connection guide for Israeli Linux users


Reverse Colors

Mission: Connect a Linux box to the internet and make it STAY CONNECTED ALWAYS!

There won't be any bullshit on this page, only things you need to do, short and to the point.
This is the 1st part of the cable manual, that deals with PPTP VPN dialers. If you need to set up an L2TP VPN dialer, go HERE.

Even though it really should work on most systems, there are NO GUARANTIES whatsoever that this will work with any other configuration (and even with a similar one)!

What I got it working with:
  • Debian GNU/Linux (sid)
  • Aruzey Zahav cables
  • Actcom Internet Service Provider


    Assuming that your cable modem, that is correctly able to get an ip address and is connected to your ethernet card (NOT USB!) which is configured with dhcp, is working properly, and you have a working Linux system with pppd and pptp installed - here we go:
    (If your modem is connected to USB, you might find some useful info in Jess Portnoy's "Connecting a cable modem using USB interface under Linux" guide.)
    (If you don't know how to setup DHCP - DHCP-HOWTO, Debian, SuSE, RedHat)
    (If you don't have pppd and pptp - look for ppp and pptp packages for your distribution. If you're on Debian GNU/Linux: 'apt-get install pptp-linux')

    Files needed to be edited/created:
  • /usr/bin/vpn - sciprt that actually makes the connection (needs to be created and made executable!)
  • /usr/bin/check_vpn - checks if connection is alive and reconnects if not (needs to be created and made executable!)
  • /etc/ppp/ppp_on_boot - script executed on boot to make the connection (only works on Debian GNU/Linux)
  • /etc/ppp/pap-secrets - file containing username and password for your ISP
  • /etc/ppp/peers/provider - file containing pppd options for the session
  • /etc/ppp/ip-up.d/vpn_up - script executed when connection goes up (needs to be created and made executable! also, see NOTE)
  • /etc/ppp/ip-down.d/vpn_down - script executed when connection dies (needs to be created and made executable! also, see NOTE)
  • /etc/cron.d/vpn - cron job file that checks if connection is alive (needs to be created)

    Note 1: Be root.
    Note 2: Make sure you read each file, and adjust things that need to be adjusted (like usernames, passwords and isp vpn addresses).
    DO NOT(!) just copy-paste like a parrot, make sure you understand what you're doing! If you don't understand something - RTFM!





    /usr/bin/vpn
    #!/bin/bash
    
    # If this is a "stop" request
    if [ "$1" == "stop" ]
    then
    	# remove the run file
    	rm /var/run/vpn_run
    
    	# kill the link
    	killall pppd
    
    	# restart network
    	/etc/init.d/networking stop
    	/etc/init.d/networking start
    
    	exit 1
    
    # If it's not a stop request
    else
    	# make a run file
    	touch /var/run/vpn_run
    
    	# your vpn address
    	vpn="172.26.255.198"
    
    	# replace this vpn address with your isp's vpn pptp
    	# for address of your isp's pptp server, go here:
    	#      http://cables.org.il/vpn/vpn.html
    
    	# Fix gateway
    	gateway=`/sbin/route | grep default | awk '{print $2}'`
    	/sbin/route add -net $vpn netmask 255.255.255.255 gw $gateway
    	/sbin/route del default
    
    	# Make the connection
    	/usr/sbin/pppd call provider
    fi


    /usr/bin/check_vpn
    #!/bin/bash
    
    # check if we're supposed to run, if not - exit
    [ -e /var/run/vpn_run ] || exit 1
    
    check=`cat /proc/net/dev | grep ppp | wc -l | awk '{ print $1 }'`
    if [ "$check" == "0" ]
    then
    	echo "VPN is dead! Trying to reconnect..."
    
    	# Kill off all stale processes of pppd and pptp
    	killall -9 pppd
    	killall -9 pptp
    	# Make sure they're dead by killing them again
    	killall -9 pppd
    	killall -9 pptp
    	# Make sure we don't have any stale pids of pppd lying around
    	rm /var/run/ppp?.pid
    
    	# Wait 3 seconds
    	sleep 3
    
    	# Restart all networking in order to make sure we have current dhcp settings on our eth
    	/etc/init.d/networking stop
    	/etc/init.d/networking stop
    	/etc/init.d/networking start
    
    	# Wait 3 seconds
    	sleep 3
    
    	# Make the connection
    	/usr/bin/vpn
    fi


    /etc/ppp/ppp_on_boot
    #!/bin/bash
    /usr/bin/vpn

    If you're not running Debian GNU/Linux, this will probably not work for you.
    On other Linux distributions, just add /usr/bin/vpn to your local startup script (iirc, gotta be something like /etc/init.d/rc.local on RedHat and friends)


    /etc/ppp/pap-secrets
    # PAP Secrets File
    # Syntax: username * password
    # known isp suffixes (goes instead of "@CActcom")
    #  Actcom:           @CActcom
    #  012.net:          no suffix needed
    #  Barak 013:        no suffix needed
    #  AquaNet:          @CAquanet
    #  InternetZahav:    @ACZahav
    #  BezeqInt:         unknown ???
    #  Netvision:        no suffix needed
    
    username@CActcom * password


    /etc/ppp/peers/provider
    # Username and pptp connection
    # replace "username" with your username, "@CActcom" with your isp (if needed)
    # and "172.26.255.198" with your isp's vpn server
    user username@CActcom
    pty "/usr/sbin/pptp 172.26.255.198 --nolaunchpppd"
    
    # Lock the port
    lock
    
    # We don't need the tunnel server to authenticate itself
    noauth
    
    # Turn off transmission protocols we know won't be used
    nobsdcomp
    nodeflate
    
    # Used to check if connection dies
    lcp-echo-failure 10
    lcp-echo-interval 20
    
    # We don't need to specify default ip, we get one from server
    noipdefault
    	
    # Don't show password in system log
    hide-password
    
    # Ask pppd to fetch dns ip addresses from isp
    usepeerdns


    /etc/ppp/ip-up.d/vpn_up
    NOTE: if you don't have the directory /etc/ppp/ip-up.d in your distribution (RedHat, or whatever): instead of creating this file, add the contents (without the first line) to your /etc/ppp/ip-up.local or similar local ip-up script.

    #!/bin/bash
    
    # Copy dns configuration
    cp /etc/ppp/resolv.conf /etc/resolv.conf


    /etc/ppp/ip-up.d/vpn_down
    NOTE: if you don't have the directory /etc/ppp/ip-down.d in your distribution (RedHat, or whatever): instead of creating this file, add the contents (without the first line) to your /etc/ppp/ip-down.local or similar local ip-down script.

    #!/bin/bash
    
    # Attepmt to re-establish connection right away
    /usr/bin/check_vpn


    /etc/cron.d/vpn
    # Executes the internet connection check every minute
    # If you want it to be executed every 5 minutes for example, change the first "*" to "*/5"
    
    * * * * * (/usr/bin/check_vpn)


    If you don't want your main syslog messages to be full of crontab calls for the check script and pppd LCP EchoReq/EchoRep messages, edit your syslog config file (usually /etc/syslog.conf)
    Modify the line of the main log (the one that starts with "*.*" and ends with "/var/log/syslog") to be something like:
    *.*;cron,local2,auth,authpriv.none     /var/log/syslog
    Then add the following lines below, to redirect the annoying messages to where they belong:
    cron.*      /var/log/cron.log
    local2.*    /var/log/daemon.log

    Make sure you use TABs and NOT spaces in the syslog config file! (apparently, it doesn't like spaces)

    Now you probably need to restart your cron daemon: killall -HUP crontab
    And your syslog daemon: killall -HUP syslogd

    Don't forget to chmod a+x /usr/bin/vpn and chmod a+x /usr/bin/check_vpn
    That's it. Now run /usr/bin/vpn and you're connected forever. Also, the connection should now be brought up automatically after a reboot.


    Now you probably ask yourself, "What if I DO WANT to disconnect?"...
    If you want to disconnect, run /usr/bin/vpn stop
    This guide is inspired by "Cable Modem Mini-Howto for Israeli Linux Users" by Amit Margalit.
    And here's a very detailed faithfull follower, Eyal Rozenberg's guide.


    For comments, suggestions, corrections, hate-mail, etc. - feel free to email me.

    See also: My Routing Guide
    Hits on this page: 0

    (C) L3ECH, 2003