PPP in Switchfin Print
Written by Administrator   
Friday, 15 June 2012 12:06

PPP over serial link

PPP is a data link layer protocol mainly intended to establish point to point connection over the serial link like the console port we have on our Switchfin targets.
Let's see how we can demonstrate this.

In the latest Switchfin we have PPP option in the menuconfig. Please enable it and build the image.

Connect the serial port of a PC with PPP support with the PR1 Appliance console port.
Establish the ssh sessian with the PR1 Appliance.

On the PR1 Appliance set the PPP configuration file
#/etc/ppp/options
lock
nocrtscts
10.0.0.209:10.0.0.2
linkname ppp0
local
nodefaultroute
/dev/ttyBF0
115200
-detach

Those lines say:

  • PR1 Appliance will use /dev/ttyBF0 device for the PPP
  • PR1 Appliance will get address 10.0.0.209 and the other end will be 10.0.0.2
  • The PR1 Appliance console has no flow control signals wired (RTS,CTS, DTR, DSR, etc.) so we say nocrtscts
  • we will give name ppp0 to the link

On the host we may have configuration like this:
#/etc/ppp/options
lock
nocrtscts
10.0.0.2:10.0.0.209
linkname ppp0
local
nodefaultroute
/dev/ttyS0
115200
-detach

 

Finally let's load the ppp over serial link module
root@pr1:~> modprobe ppp_async

and we will get the link up

root@pr1:~> ifconfig
.....
ppp0      Link encap:Point-to-Point Protocol 
inet addr:10.0.0.2  P-t-P:10.0.0.209  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3

and we may ping PR1 Appliance from the PC (or vice versa) like this:

[root@Switchfin ~]# ping 10.0.0.209
PING 10.0.0.209 (10.0.0.209) 56(84) bytes of data.
64 bytes from 10.0.0.209: icmp_seq=1 ttl=64 time=26.7 ms
64 bytes from 10.0.0.209: icmp_seq=2 ttl=64 time=25.9 ms
64 bytes from 10.0.0.209: icmp_seq=3 ttl=64 time=25.9 ms

Similarly you may ssh the PR1 Appliance thru the new ppp0 interface.

 

Point-to-Point Tunneling Protocol and VPN

PPP can work not only over serial link. Let's see how it can be used to create VPN over the Ethernet.
In addition we will test the MPPE (Microsoft Point-to-Point Encryption/Compression) support built in as kernel module.

Let's use one of the Linux PC in the network as PPPoE server.
PPPoE is a simple protocol and basically it is pretty much like the DHCP negotiation.
Description how to do PPPoE server can be found at PPPoE Server Under Ubuntu/Debian
The necessary configuration at the PC are

#
/etc/ppp/pppoe-server-options
# PPP options for the PPPoE server
# LIC: GPL
lcp-echo-interval 10
lcp-echo-failure 2
debug
auth
# MPPE requires mschap-v2
require-mschap-v2
require-mppe
refuse-pap
refuse-chap
refuse-mschap




#/etc/ppp/
chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
# allow any client, any server, any IP addr
* * "" *

CHAP is an authentication schema.
To prevent exchanging the username/password (as it is in the other popular authentication PAP) this method sends random number (challenge) which is processed by both PPP ends using hash function.
The results of the hash is compared.

Let's load the MPPE module and start the server

root@switchfin:~# modprobe ppp-mppe
root@switchfin:~#
/usr/sbin/pppoe-server -T 60 -I eth0 -N 250 -R 192.168.0.1

 

Now let's go to the PR1 Appliance side. We use the same image with the built PPP option.

The required configuration files are:
# /etc/ppp/peers/mylink
plugin rp-pppoe.so eth0
mtu 1492
mru 1492
require-mppe
debug

PPPoE we will start using pppd plugin rp-pppoe.so.
We will use eth0 as carrier interface.
We will use Microsoft Point-to-Point Encryption MPPE

# /etc/ppp/chap-secret
# Secrets for authentication using CHAP
# client server secret IP addresses
# allow any client, any server, any IP addr
* * "" *

Some of the PPP stuff is compiled as modules. We don't need ppp_async now but we need few others:


root@pr1:~>modprobe sha1_generic
root@pr1:~>modprobe ppp_mppe
root@pr1:~>modprobe pppoe


Now we have the following modules loaded in PR1 Appliance:

root@pr1:~> lsmod
pppoe 6973 2 - Live 0x043e4000
pppox 1123 1 pppoe, Live 0x04607800
ecb 1141 2 - Live 0x04606000
ppp_mppe 4733 2 - Live 0x043e2000
ppp_generic 13111 7 pppoe,pppox,ppp_mppe, Live 0x05b9c000
slhc 3685 1 ppp_generic, Live 0x04411000
sha1_generic 1309 4 - Live 0x0460c000
wpr1 16852 62 - Live 0x04730000
dahdi 165436 65 wpr1, Live 0x04780000
crc_ccitt 953 1 dahdi, Live 0x042f8000
mmc_block 6180 2 - Live 0x0408e000
mmc_spi 6493 0 - Live 0x0408c000
crc7 711 1 mmc_spi, Live 0x042f5000
crc_itu_t 980 1 mmc_spi, Live 0x042f4c00
mmc_core 36905 2 mmc_block,mmc_spi, Live 0x043f0000

and we can start the PPP link

root@pr1:~> pppd call mylink &
[1] 478 pppd call mylink
root@pr1:~> Plugin rp-pppoe.so loaded.
RP-PPPoE plugin version 3.3 compiled against pppd 2.4.4

 

On the PR1 Appliance we see that the ppp is established

root@pr1:~> ifconfig
...
ppp0      Link encap:Point-to-Point Protocol 
inet addr:192.168.0.14  P-t-P:10.0.0.1  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1488  Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3

on the host we have

root@switchfin:~# ifconfig
...
ppp0      Link encap:Point-to-Point Protocol 
inet addr:10.0.0.1  P-t-P:192.168.0.14  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1488  Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:322 (322.0 B)  TX bytes:322 (322.0 B)

and we can ssh the PR1 Appliance over ppp

root@yni:~# ssh 192.168.0.14

Last Updated on Friday, 15 June 2012 15:08