ppp Static IP problem

[oobayly]

I'm running a machine on FreeBSD 7.2-RELEASE with a custom kernel (for VESA support) that acts as a broadband router / dhcp server / firewall. We've got two ADSL lines, both with static IP addresses.

Our BT address is causing some issues. They've given us 5 IP addresses:
a.b.c.40/29 gw a.b.c.46
However, when the ppp daemon connects, the tun device is given a dynamic IP address & gateway. Incoming packets to the static IP addresses actually get delivered to this dynamic IP address, so a previous solution was to NAT all outbound packets on the tun device to a.b.c.41, essentially giving me a static IP address.
This setup works but it causes issues for things like ftp-proxy which uses the IP address of the tun device for things like the PORT command, so I decided to see if there was a better solution.

Looking at the man pages for ppp.conf, I saw the set ifaddr option, which I duly set to the following:

set ifaddr a.b.c.41/29  a.b.c.46 255.255.255.248 a.b.c.41

However, the tun device never receives an IP address, and continuously attempts to reconnect. Looking at /var/log/ppp.log I see the following entry:

Apr 13 20:26:38 router ppp[16696]: tun0: Phase: x.x.x.x: Unacceptable address!

So what appears to be happening is that ppp is requesting my allocated static IP address, but BT are ignoring that and sending back a dynamic IP address & gateway. The ppp daemon then sees that this dynamic IP address doesn't belong in the requested subnet and refuses to connect.

For the moment I've use a pretty ugly hack, I've added entries into my /etc/ppp/ppp.linkup & /etc/ppp/ppp.linkdown a method for setting the IP address I want set to the interface:

# /etc/ppp/ppp.linkup
        ! sh -c "ifconfig tun0 a.b.c.41/29 a.b.c.46 mtu 1492"

# /etc/ppp/ppp.linkdown
        ! sh -c "ifconfig tun0 delete"

It's ugly, and it causes errors in /var/log/messages as the ppp daemon can't assign/remove addresses, but again it works, even with ftp-proxy.

So basically I'm stuck with (in my opinion) a pretty ugly solution which will probably make a lot of people cringe, but unfortunately I can't think of another method. Does anyone know of a better option, ie. getting ppp to ignore the IP address returned by the ISP?

Many thanks,
John

 

[SirDice]

In a a.b.c.40/29 network addresses range from a.b.c.40 up to and including a.b.c.47.

However, .40 and .47 cannot be used. The first is the network address (all zeros), the last the broadcast address (all ones). Hosts need to have a a.b.c.41 - a.b.c.46 address. Use a subnet calculator if you have problems with this.

http://www.subnet-calculator.com/

 

[oobayly]

Um, that was a mistake anonymising the IP addresses :OOO, the one I've been using has been .41 for exactly the reason you suggested. I've edited the post accordingly. Typical, you proof-read & proof-read and still make mistakes!

 

[SirDice]

Your 'set ifaddr' line doesn't look quite right. Try something like this:

set ifaddr a.b.c.41 a.b.c.46 255.255.255.255

And add to /etc/ppp/ppp.linkup

add a.b.c.40 netmask 255.255.255.248 HISADDR

It's from Userland PPP: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/userppp.html

 

[oobayly]

I'll give that a go, though I'll have to wait for a quite period so it doesn't disrupt everyone.

 

[oobayly]

Made the changes suggested, and I still get the "Unacceptable address" error. I've had another look through the man page for ppp, and simply cannot find any method for telling ppp to use the IP requested, even if ISP returns an IP outside the requested subnet.

/etc/ppp/ppp.conf

bt:
        # PPPoE
        set speed sync
        set mru 1492
        set mtu 1492
        set ctsrts off

        # Monitor line quality
        enable echo
        set echoperiod 15
        enable lqr
        set lqrperiod 15

        # Log just a bit
        set log phase tun

        # Don't need IPv6
        disable ipv6cp

        # Don't update resolv.conf nameservers
        disable dns

        # Force BT's static IP, gateway & subnet to be used
        set ifaddr a.b.c.41 a.b.c.46 255.255.255.248

        set device PPPoE:vr0

        set authname ...
        set authkey ...

/var/log/ppp.log

Apr 14 17:48:07 router ppp[49178]: Phase: Using interface: tun0
Apr 14 17:48:07 router ppp[49178]: tun0: Phase: PPP Started (interactive mode).
Apr 14 17:48:10 router ppp[49178]: tun0: Phase: bundle: Establish
Apr 14 17:48:10 router ppp[49178]: tun0: Phase: deflink: closed -> opening
Apr 14 17:48:10 router ppp[49178]: tun0: Phase: deflink: Connected!
Apr 14 17:48:10 router ppp[49178]: tun0: Phase: deflink: opening -> dial
Apr 14 17:48:10 router ppp[49178]: tun0: Phase: deflink: dial -> carrier
Apr 14 17:48:11 router ppp[49178]: tun0: Phase: Received NGM_PPPOE_ACNAME (hook "BT_ADSL")
Apr 14 17:48:11 router ppp[49178]: tun0: Phase: Received NGM_PPPOE_SESSIONID
Apr 14 17:48:11 router ppp[49178]: tun0: Phase: Received NGM_PPPOE_SUCCESS
Apr 14 17:48:11 router ppp[49178]: tun0: Phase: deflink: carrier -> login
Apr 14 17:48:11 router ppp[49178]: tun0: Phase: deflink: login -> lcp
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: bundle: Authenticate
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: his = CHAP 0x05, mine = none
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: Chap Input: \
    CHALLENGE (16 bytes from ERX13.Miltonkeynes2)
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: Chap Output: RESPONSE (...)
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: his = CHAP 0x05, mine = none
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: Chap Input: \
    CHALLENGE (16 bytes from R21CBIRLNS01)
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: Chap Output: RESPONSE (...)
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: Chap Input: SUCCESS
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: lcp -> open
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: bundle: Network
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: 81.134.71.122: Unacceptable address!
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: bundle: Terminate
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: open -> lcp
Apr 14 17:48:12 router ppp[49178]: tun0: Warning: ff02:7::/32: \
    Change route failed: errno: Network is unreachable
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: Disconnected!
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: lcp -> logout
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: logout -> hangup
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: Disconnected!
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: \
    Connect time: 2 secs: 288 octets in, 330 octets out
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: 18 packets in, 18 packets out
Apr 14 17:48:12 router ppp[49178]: tun0: Phase:  \
    total 309 bytes/sec, peak 0 bytes/sec on Wed Apr 14 17:48:10 2010
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: deflink: hangup -> closed
Apr 14 17:48:12 router ppp[49178]: tun0: Phase: bundle: Dead
Apr 14 17:48:21 router ppp[49178]: tun0: Phase: Caught signal 2, abort connection(s)
Apr 14 17:48:23 router ppp[49178]: tun0: Phase: PPP Terminated (normal).

 

[oobayly]

Hmm, just found the iface add which can be called in ppp.linkup, it essentially does what my ifconfig line was doing, but is a bit tidier. I've adjusted the scripts that determine the default routing to deal with the fact there may be more than one IP address for the interface and use the last one.
Still is a bit messy, but unless there's an absolute solution, I'll have to keep to this one.