=================================================================================================== Easy way of testing ppp virtualization. --------------------------------------- Software needed on both HN and VE: - OpenVZ with VE 120 running - pppd (ppp-2.4.4) - rp-pppoe plugin Setting up ppp connection: 1) Get and install pppd and ro-pppoe (rpm.pbone.net) 2) Consider Node 1 is server (VE 120), Node 2 is client (any remote HN). - Set up veth interfaces: http://wiki.openvz.org/Veth - ppp modules to be loaded: HN # lsmod | grep ppp ppp_deflate 9793 2 zlib_deflate 21977 1 ppp_deflate ppp_async 15169 1 crc_ccitt 6337 1 ppp_async ppp_generic 30165 6 ppp_deflate,ppp_async slhc 10561 1 ppp_generic (#modprobe ppp_generic, # modprobe ppp_async, #modprobe ppp_deflate) - set "ppp" feature for stoppped VE: HN # vzctl set 120 --features ppp:on --save - start VE 120: HN # vzctl start 120 - Prepare /dev/ppp within VE: HN # vzctl set 120 --devices c:108:0:rw --save HN # vzctl exec 120 mknod /dev/ppp c 108 0 HN # vzctl exec 120 chmod 600 /dev/ppp 3) Update the ppp configuration files in th following way: Below ip address 10.0.98.101 is to be assigned to servers's (Node 1) ppp0, 10.0.98.104 - to client's (Node 2) one. 192.168.1.140 - Node 1 eth IP address. 192.168.0.147 - Node 2 eth IP address. Node 1: # vim /etc/ppp/options lock plugin rp-pppoe.so 10.0.98.101:10.0.98.104 allow-ip 10.0.98.101 allow-ip 10.0.98.104 kdebug 1 debug auth require-chap login mru 1472 mtu 1472 lcp-echo-interval 10000 lcp-echo-failure 2 receive-all user root nomultilink ipcp-accept-remote ipcp-accept-local # vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses "root" * "secret" 192.168.0.147 Node 2: # vim /etc/ppp/options lock plugin rp-pppoe.so debug mtu 1472 mru 1472 auth require-chap 10.0.98.104:10.0.98.101 allow-ip 10.0.98.104 allow-ip 10.0.98.101 login lcp-echo-interval 10000 lcp-echo-failure 2 receive-all ipcp-accept-remote ipcp-accept-local user root nomultilink # vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses "root" * "secret" 192.168.1.140 4) On the server side (Node 1) add user "pppp" with uid=0 that will start pppd. # vim /etc/passwd ... pppp::0:0:root:/root:/usr/sbin/pppd 5) On client side (Node 2) start pppd: # pppd pty 'ssh pppp@192.168.1.140' debug That is all - pppoe link is set up between Node 2 and Node 1. And it works: - pppd daemon is running on both Nodes: Node 1 # ps ax | grep ppp 6437 ? Ss 0:01 sshd: pppp@pts/4 6451 pts/4 Ss+ 0:00 -pppd Node 2 # ps ax | grep ppp 20977 ? Ss 0:00 pppd pty ssh pppp@192.168.1.140 debug 20978 ? S 0:00 ssh pppp@192.168.1.140 - ppp0 interfaces are up on both sides and routing table updated: Node 1 # ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.98.101 P-t-P:10.0.98.104 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1472 Metric:1 RX packets:10484 errors:0 dropped:0 overruns:0 frame:0 TX packets:10484 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:880376 (859.7 KiB) TX bytes:880376 (859.7 KiB) Node 1 # ip r 10.0.98.104 dev ppp0 proto kernel scope link src 10.0.98.101 10.0.98.98 dev venet0 scope link 192.168.0.0/22 dev eth0 proto kernel scope link src 192.168.1.140 169.254.0.0/16 dev eth0 scope link default via 192.168.1.1 dev eth0 Node 2 # ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.98.104 P-t-P:10.0.98.101 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1472 Metric:1 RX packets:11268 errors:1 dropped:0 overruns:0 frame:0 TX packets:11268 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:946232 (924.0 KiB) TX bytes:946232 (924.0 KiB) Node 2 # ip r 10.0.98.101 dev ppp0 proto kernel scope link src 10.0.98.104 192.168.0.0/22 dev eth1 proto kernel scope link src 192.168.0.147 169.254.0.0/16 dev eth1 scope link default via 192.168.1.1 dev eth1 - Ping goes through ppp0: Node 1 # ping 10.0.98.104 PING 10.0.98.104 (10.0.98.104) 56(84) bytes of data. 64 bytes from 10.0.98.104: icmp_seq=1 ttl=64 time=1.46 ms 64 bytes from 10.0.98.104: icmp_seq=2 ttl=64 time=0.996 ms 64 bytes from 10.0.98.104: icmp_seq=3 ttl=64 time=0.983 ms --- 10.0.98.104 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.983/1.148/1.467/0.228 ms Node 2 # ping 10.0.98.101 PING 10.0.98.101 (10.0.98.101) 56(84) bytes of data. 64 bytes from 10.0.98.101: icmp_seq=1 ttl=64 time=1.38 ms 64 bytes from 10.0.98.101: icmp_seq=2 ttl=64 time=1.55 ms 64 bytes from 10.0.98.101: icmp_seq=3 ttl=64 time=0.886 ms 64 bytes from 10.0.98.101: icmp_seq=4 ttl=64 time=0.768 ms --- 10.0.98.101 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.768/1.147/1.554/0.328 ms ssh session though ppp0 can be establiched succesfully: Node 2 # ssh root@10.0.98.101 The authenticity of host '10.0.98.101 (10.0.98.101)' can't be established. RSA key fingerprint is fa:a2:c3:72:15:49:f1:23:01:3e:77:9c:44:28:cc:8c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.98.101' (RSA) to the list of known hosts. Last login: Fri Nov 16 17:06:16 2007 from dhcp0-147.sw.ru [Node 1 ~]# ===================================================================================================