- It is greedy - it tends to hog all the network connections, included the ones that should not be touched (your main ethernet connection,for instance), and you have pry them from its dead, cold fingers.
- It screws up - sometimes. When it does, you're on your own without a lifeboat - unless you thought to bring one with you, and this is because....
- Having been designed by GUI zealots, it has no Command Line Interface (well it does have one, but it sucks more than a tornado) and no visible configuration files - to the best of my knowledge it keeps all its config somewhere inside the user branch of the gconf DB (a configuration system that makes the windows registry seem OK - 'nuff
said). So it is very hard to tell what is going wrong, where and why. - Not only this, but because it is in the user branche, connections are not shared between users, nor can they be system wide (AFAIK)
- Not only this, but because it is so GUI oriented, there is no clear way to tailor the connection setup/tear down. For instance, on pptp/vpn links it would be nice to set up custom routes. No such luck, kiddo: with NM it's either default route or zilch (there is, truth be said, a check mark that purports to do something different, bu it does not. Or perhaps it would do something with some server side help - but this is the client side, sorry.)
So it is only fair to say that, for server oriented connection management, NetworkManger basically sucks - and I find slightly worrying the talks I read about system-config-network going away. However, what above explains why - setting up a systemwide VPN link for development work - I found it necessary to ascertain that I had a CLI way to set it up, tear it down and debug it. That is the lifeboat I was talking about a few paragraphs ago....
This was tested on FC13, kernel 2.6.34.7-61, ppp-2.4.5-9 , pptp-1.7.2-9, for a standard MSCHAP-V2 Microsoft like tunnel - your mileage will vary, and substantially if your system is much older then mine. Everything is still a little rough around the edges - smoothing it out would require integrating it with ifup-ppp, complete with all the options and stuff. The way it is, it pushes most configuration options to the ppp side (options.pptp and peers/CONNID). And yes, one would need a GUI plugin for system-config-network. You are welcome to write it. At the end, you will be able to control the connection via:
$ ifup CONNID
$ ifdown CONNID
It goes like this (by no design of mine: this is THE WAY networking scripts work in fedora/RH):
- 'ifup CONNID' reads /etc/sysconfig/network-scripts/ifcfg-CONNID;
- the variable DEVICETYPE=pptp (inside ifcfg-CONNID) directs ifup to invoke ifup-pptp (an undocumented innard of the RH sysconfig files);
- ifup-pptp executes "pppd call CONNID", which uses /etc/ppp/peers/CONNID, (which in turn reads /etc/ppp/options.pptp).
- PPPD starts the ppp process and kicks off ip-up, which (eventually) calls /etc/ppp/ip-up.local. pppd also saves its PID in /var/run/pppx.pid (x is 0,1...)
- ip-up.local saves the interface name (pppx) inside /var/run/pptp-CONNID.pid (misnomer, but ehi)
- ifup-pptp waits for the creation of /var/run/pptp-CONNID.pid and uses
- its contents to try hard (too hard, perhaps: i have a feeling ifup-routes is being called twice, but no harm appear to have been done) to convince to /etc/sysconfig/network-scripts/ifup-routes to install the correct routes for the new interface.
- ifup-routes reads the route informations /etc/sysconfig/network-scripts/route-CONNID, and uses "ip route add " to do its job.
following files (contents are listed below).
- FILE: /etc/ppp/options.pptp. Edit and accept some auth, compression. Most comments below removed: #ALF# means commented out by me)
- FILE: /etc/ppp/chap-secrets: edit. Add authentication information user and password, choose CONNID as you wish
- FILE: /etc/ppp/peers/CONNID: Create.
- FILE: /etc/ppp/ip-up.local: Create.
- FILE: /etc/ppp/ip-down.local: Create.
- FILE: /etc/sysconfig/network-scripts/ifcfg-CONNID: Create.
- FILE: /etc/sysconfig/network-scripts/ifup-pptp: Create, mode
755 (rwx-rx-rx). - FILE: /etc/sysconfig/network-scripts/ifdown-pptp: Create, mode
755 (rwx-rx-rx). - FILE: /etc/sysconfig/network-scripts/route-CONNID: Create
FILE: /etc/ppp/options.pptp. Edit and accept some auth, compression.
(Most comments below removed: #ALF# means commented out by me)
lock
noauth
refuse-pap
refuse-eap
#ALF#refuse-chap
#ALF#refuse-mschap
#ALF#nobsdcomp
#ALF#nodeflate
#ALF#For debug, comment later.
dump
FILE: /etc/ppp/chap-secrets: edit. Add authentication information (user and password), choose CONNID as you wish
# Secrets for authentication using CHAP
# client server secret IP addresses
####### system-config-network will overwrite this part!!! (begin) ##########
####### system-config-network will overwrite this part!!! (end) ############
username CONNID password *
FILE: /etc/ppp/peers/CONNID: Create.
#vpn.server.com is the server we connect to
pty "pptp vpn.server.com --nolaunchpppd"
lock
nodeflate
file /etc/ppp/options.pptp
require-mppe-128
#As entered in chap-secrets above
name username
remotename CONNID
ipparam CONNID
FILE: /etc/ppp/ip-up.local: Create.
#!/bin/bash
set -x
TRACEFILE=/tmp/ip-up.log
cat /dev/null > ${TRACEFILE}
exec 1>> ${TRACEFILE} 2>> ${TRACEFILE}
LOGGER="/usr/bin/logger -s -t ip-up.local -p "
IFACE=$1
REALDEVICE=$2
SPEED=$3
LOCALIP=$4
REMOTEIP=$5
LOGDEVICE=$6
PIDFILE="/var/run/pptp-$LOGDEVICE.pid"
$LOGGER daemon.info "Creating pidfile: $PIDFILE"
echo $IFACE > $PIDFILE
exit 0
FILE: /etc/ppp/ip-down.local: Create.
#!/bin/bash
set -x
TRACEFILE=/tmp/ip-down.log
cat /dev/null > ${TRACEFILE}
exec 1>> ${TRACEFILE} 2>> ${TRACEFILE}
LOGGER="/usr/bin/logger -s -t ip-down.local -p "
FILE: /etc/sysconfig/network-scripts/ifcfg-CONNID: Create.
NAME="Connessione PPTP a CONNID"
DEVICE=CONNID
DEFROUTE=no
BOOTPROTO=none
DEVICETYPE=pptp
ONBOOT=no
USERCTL=yes
PEERDNS=no
IPV6INIT=no
NM_CONTROLLED=no
FILE: /etc/sysconfig/network-scripts/ifup-pptp: Create, mode 755 (rwx-rx-rx).
#! /bin/bash
LOGGER="/usr/bin/logger -s -t ifup-pptp -p "
. /etc/init.d/functions
cd /etc/sysconfig/network-scripts
. ./network-functions
CONFIG=$1
[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
source_config
[ -x /usr/sbin/pppd ] || {
echo $"pppd does not exist or is not executable"
echo $"ifup-ppp for ${DEVICE} exiting"
$LOGGER daemon.info \
$"pppd does not exist or is not executable for ${DEVICE}"
exit 1
}
PEERCONF=/etc/ppp/peers/${DEVNAME}
if [ ! -f ${PEERCONF} ]; then
$LOGGER daemon.info \
$"no configuration file ${PEERCONF} for ${DEVICE}"
exit 1
fi
$LOGGER daemon.notice \
$"calling pppd on ${PEERCONF} config file: pppd call $DEVNAME" \
pppd call $DEVNAME || { $LOGGER daemon.crit "pppd call $DEVNAME failed" ; exit 2 ; }
for nap in 1 2 2 5 10; do
if [[ ! -f /var/run/pptp-${DEVNAME}.pid ]]; then
$LOGGER daemon.info "Waiting for /var/run/pptp-${DEVNAME}.pid"
sleep $nap
else
break
fi
done
if [ -f /var/run/pptp-${DEVNAME}.pid ] ; then
REALDEVICE=$(tail -1 /var/run/pptp-${DEVNAME}.pid)
$LOGGER daemon.info \
$"setting up routes from /var/run/pptp-${DEVNAME}.pid on $REALDEVICE"
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
else
$LOGGER daemon.info \
$"no file /var/run/pptp-${DEVNAME}.pid cannot setup routes"
fi
exit 0
FILE: /etc/sysconfig/network-scripts/ifdown-pptp: Create, mode 755 (rwx-rx-rx).
#! /bin/bash
cd /etc/sysconfig/network-scripts
. ./network-functions
LOGGER="/usr/bin/logger -s -t ifdown-pptp -p "
CONFIG=$1
source_config
CONFIG=${CONFIG##ifcfg-}
ifile=/var/run/pptp-${DEVICE}.pid
$LOGGER daemon.info "Tearing down pptp link: will look for $ifile"
if [ ! -f $ifile ]; then
$LOGGER daemon.err $"No intfile $ifile, ppp isn't running, or we didn't start it"
exit 1
fi
IFACE=$(cat $ifile)
[ -n "${IFACE}" ] || { $LOGGER daemon.err $"No interface in $ifile"; exit 2 ; }
pfile=/var/run/$IFACE.pid
$LOGGER daemon.info "Tearing down pptp link: will look for $pfile (interface is $IFACE)
"
PID=$(cat $pfile)
[ -n "${PID}" ] || { $LOGGER daemon.err $"No pid in $pfile"; exit 2 ; }
if [ ! -f $ifile ]; then
$LOGGER daemon.err $"No PPP pidfile $pfile, is ppp running?"
exit 3
fi
kill -TERM ${PID} > /dev/null 2>&1
$LOGGER daemon.info $"Waiting for PPPD termination"
[ ! -d /proc/${PID} ] && { $LOGGER daemon.info $"PPTP link torn down"; exit 0; }
$LOGGER daemon.info $"Waiting for PPPD termination"
sleep 2
[ ! -d /proc/${PID} ] && { $LOGGER daemon.info $"PPTP link torn down"; exit 0; }
$LOGGER daemon.info $"Waiting for PPPD termination"
sleep 5
[ ! -d /proc/${PID} ] && { $LOGGER daemon.info $"PPTP link torn down"; exit 0; }
$LOGGER daemon.info $"Waiting for PPPD termination"
sleep 10
[ ! -d /proc/${PID} ] && { $LOGGER daemon.info $"PPTP link torn down"; exit 0; }
# killing ppp-watch twice in a row causes it to send a SIGKILL to pppd pgrp
kill -TERM ${PID} > /dev/null 2>&1
[ ! -d /proc/${PID} ] && { $LOGGER daemon.info $"PPTP link torn down"; exit 0; }
$LOGGER daemon.err $"Problems in terminating PPP."
exit 1
FILE: /etc/sysconfig/network-scripts/route-CONNID: Create
ADDRESS0=192.168.63.0
NETMASK0=255.255.255.0
#this is the P-t-P (remote) address at the end of the PPTP tunnel.
GATEWAY0=10.52.63.1
No comments:
Post a Comment