L3ECH's cable internet connection guide for Israeli Linux users


Reverse Colors

Mission: Connect a Linux box to the internet and make it STAY CONNECTED ALWAYS!

There won't be any bullshit on this page, only things you need to do, short and to the point.
This is the 1st part of the cable manual, that deals with PPTP VPN dialers. If you need to set up an L2TP VPN dialer, go HERE.

Even though it really should work on most systems, there are NO GUARANTIES whatsoever that this will work with any other configuration (and even with a similar one)!

What I got it working with:
  • Debian GNU/Linux (sid)
  • Aruzey Zahav cables
  • Actcom Internet Service Provider


    Assuming that your cable modem, that is correctly able to get an ip address and is connected to your ethernet card (NOT USB!) which is configured with dhcp, is working properly, and you have a working Linux system with pppd and pptp installed - here we go:
    (If your modem is connected to USB, you might find some useful info in Jess Portnoy's "Connecting a cable modem using USB interface under Linux" guide.)
    (If you don't know how to setup DHCP - DHCP-HOWTO, Debian, SuSE, RedHat)
    (If you don't have pppd and pptp - look for ppp and pptp packages for your distribution. If you're on Debian GNU/Linux: 'apt-get install pptp-linux')

    Files needed to be edited/created:
  • /usr/bin/vpn - sciprt that actually makes the connection (needs to be created and made executable!)
  • /usr/bin/check_vpn - checks if connection is alive and reconnects if not (needs to be created and made executable!)
  • /etc/ppp/ppp_on_boot - script executed on boot to make the connection (only works on Debian GNU/Linux)
  • /etc/ppp/pap-secrets - file containing username and password for your ISP
  • /etc/ppp/peers/provider - file containing pppd options for the session
  • /etc/ppp/ip-up.d/vpn_up - script executed when connection goes up (needs to be created and made executable! also, see NOTE)
  • /etc/ppp/ip-down.d/vpn_down - script executed when connection dies (needs to be created and made executable! also, see NOTE)
  • /etc/cron.d/vpn - cron job file that checks if connection is alive (needs to be created)

    Note 1: Be root.
    Note 2: Make sure you read each file, and adjust things that need to be adjusted (like usernames, passwords and isp vpn addresses).
    DO NOT(!) just copy-paste like a parrot, make sure you understand what you're doing! If you don't understand something - RTFM!




    /usr/bin/vpn 
    #!/bin/bash

# If this is a "stop" request
if [ "$1" == "stop" ]
then
	# remove the run file
	rm /var/run/vpn_run

	# kill the link
	killall pppd

	# restart network
	/etc/init.d/networking stop
	/etc/init.d/networking start

	exit 1

# If it's not a stop request
else
	# make a run file
	touch /var/run/vpn_run

	# your vpn address
	vpn="172.26.255.198"

	# replace this vpn address with your isp's vpn pptp
	# for address of your isp's pptp server, go here:
	#      http://cables.org.il/vpn/vpn.html

	# Fix gateway
	gateway=`/sbin/route | grep default | awk '{print $2}'`
	/sbin/route add -net $vpn netmask 255.255.255.255 gw $gateway
	/sbin/route del default

	# Make the connection
	/usr/sbin/pppd call provider
fi

    /usr/bin/check_vpn 
    #!/bin/bash

# check if we're supposed to run, if not - exit
[ -e /var/run/vpn_run ] || exit 1

check=`cat /proc/net/dev | grep ppp | wc -l | awk '{ print $1 }'`
if [ "$check" == "0" ]
then
	echo "VPN is dead! Trying to reconnect..."

	# Kill off all stale processes of pppd and pptp
	killall -9 pppd
	killall -9 pptp
	# Make sure they're dead by killing them again
	killall -9 pppd
	killall -9 pptp
	# Make sure we don't have any stale pids of pppd lying around
	rm /var/run/ppp?.pid

	# Wait 3 seconds
	sleep 3

	# Restart all networking in order to make sure we have current dhcp settings on our eth
	/etc/init.d/networking stop
	/etc/init.d/networking stop
	/etc/init.d/networking start

	# Wait 3 seconds
	sleep 3

	# Make the connection
	/usr/bin/vpn
fi

    /etc/ppp/ppp_on_boot 
    #!/bin/bash
/usr/bin/vpn

    If you're not running Debian GNU/Linux, this will probably not work for you.
    On other Linux distributions, just add /usr/bin/vpn to your local startup script (iirc, gotta be something like /etc/init.d/rc.local on RedHat and friends)

    /etc/ppp/pap-secrets 
    # PAP Secrets File
# Syntax: username * password
# known isp suffixes (goes instead of "@CActcom")
#  Actcom:           @CActcom
#  012.net:          no suffix needed
#  Barak 013:        no suffix needed
#  AquaNet:          @CAquanet
#  InternetZahav:    @ACZahav
#  BezeqInt:         unknown ???
#  Netvision:        no suffix needed

username@CActcom * password

    /etc/ppp/peers/provider 
    # Username and pptp connection
# replace "username" with your username, "@CActcom" with your isp (if needed)
# and "172.26.255.198" with your isp's vpn server
user username@CActcom
pty "/usr/sbin/pptp 172.26.255.198 --nolaunchpppd"

# Lock the port
lock

# We don't need the tunnel server to authenticate itself
noauth

# Turn off transmission protocols we know won't be used
nobsdcomp
nodeflate

# Used to check if connection dies
lcp-echo-failure 10
lcp-echo-interval 20

# We don't need to specify default ip, we get one from server
noipdefault
	
# Don't show password in system log
hide-password

# Ask pppd to fetch dns ip addresses from isp
usepeerdns

    /etc/ppp/ip-up.d/vpn_up
    NOTE: if you don't have the directory /etc/ppp/ip-up.d in your distribution (RedHat, or whatever): instead of creating this file, add the contents (without the first line) to your /etc/ppp/ip-up.local or similar local ip-up script.

    #!/bin/bash

# Copy dns configuration
cp /etc/ppp/resolv.conf /etc/resolv.conf

    /etc/ppp/ip-up.d/vpn_down
    NOTE: if you don't have the directory /etc/ppp/ip-down.d in your distribution (RedHat, or whatever): instead of creating this file, add the contents (without the first line) to your /etc/ppp/ip-down.local or similar local ip-down script.

    #!/bin/bash

# Attepmt to re-establish connection right away
/usr/bin/check_vpn

    /etc/cron.d/vpn 
    # Executes the internet connection check every minute
# If you want it to be executed every 5 minutes for example, change the first "*" to "*/5"

* * * * * (/usr/bin/check_vpn)

    If you don't want your main syslog messages to be full of crontab calls for the check script and pppd LCP EchoReq/EchoRep messages, edit your syslog config file (usually /etc/syslog.conf)
    Modify the line of the main log (the one that starts with "*.*" and ends with "/var/log/syslog") to be something like:
    *.*;cron,local2,auth,authpriv.none     /var/log/syslog
    Then add the following lines below, to redirect the annoying messages to where they belong:
    cron.*      /var/log/cron.log
    local2.*    /var/log/daemon.log

    Make sure you use TABs and NOT spaces in the syslog config file! (apparently, it doesn't like spaces)

    Now you probably need to restart your cron daemon: killall -HUP crontab
    And your syslog daemon: killall -HUP syslogd

    Don't forget to chmod a+x /usr/bin/vpn and chmod a+x /usr/bin/check_vpn
    That's it. Now run /usr/bin/vpn and you're connected forever. Also, the connection should now be brought up automatically after a reboot.


    Now you probably ask yourself, "What if I DO WANT to disconnect?"...
    If you want to disconnect, run /usr/bin/vpn stop
    This guide is inspired by "Cable Modem Mini-Howto for Israeli Linux Users" by Amit Margalit.
    And here's a very detailed faithfull follower, Eyal Rozenberg's guide.


    For comments, suggestions, corrections, hate-mail, etc. - feel free to email me.

    See also: My Routing Guide
    Hits on this page: 0

    (C) L3ECH, 2003