# rp-pppoe kills pap-secrets

## DarkSpir

Hi there,

big problem. I updated ppp yesterday and after reboot I noticed: No Internet for me anymore. After checking the config I noticed a clean and virgin pap-secrets file, that contains only "user" MyPeer "passwd".

Okay, I searched for the ISP account data and couldn't find it so I called my ISP today and they were so nice to send it again by fax.  :Smile: 

I nano'ed /etc/ppp/pap-secrets and set up something like "usernametheISPgaveme" * "Someshittypassword". After that I did a sweet net.eth1 start and a tail -f /var/log/messages | tail ppp in another ssh-window. It gave me:

```

Jan  2 21:59:49 sunflare pppd[6053]: pppd 2.4.4 started by root, uid 0

Jan  2 21:59:49 sunflare pppd[6053]: using channel 206

Jan  2 21:59:49 sunflare pppd[6053]: Using interface ppp0

Jan  2 21:59:49 sunflare pppd[6053]: Connect: ppp0 <--> /dev/pts/2

Jan  2 21:59:49 sunflare pppoe[6013]: PADS: Service-Name: ''

Jan  2 21:59:49 sunflare pppoe[6013]: PPP session is 1658 (0x67a)

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x810bd336>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP ConfReq id=0x46 <mru 1492> <auth pap> <magic 0x45990ba8>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP ConfAck id=0x46 <mru 1492> <auth pap> <magic 0x45990ba8>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x810bd336>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP EchoReq id=0x0 magic=0x810bd336]

Jan  2 21:59:50 sunflare pppd[6053]: sent [PAP AuthReq id=0x1 user="correctusername" password=<hidden>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP EchoRep id=0x0 magic=0x45990ba8]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP ConfReq id=0x1 <mru 1456> <auth pap> <magic 0x3c808dd4>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0x63898e26>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP ConfAck id=0x1 <mru 1456> <auth pap> <magic 0x3c808dd4>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP ConfAck id=0x2 <mru 1492> <magic 0x63898e26>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [LCP EchoReq id=0x0 magic=0x63898e26]

Jan  2 21:59:50 sunflare pppd[6053]: sent [PAP AuthReq id=0x2 user="alsocorrectusername" password=<hidden>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP EchoRep id=0x0 magic=0x3c808dd4]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [PAP AuthAck id=0x2 ""]

Jan  2 21:59:50 sunflare pppd[6053]: PAP authentication succeeded

Jan  2 21:59:50 sunflare pppd[6053]: sent [CCP ConfReq id=0x1 <bsd v1 15>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [IPCP ConfReq id=0x1 <addr 195.238.128.130>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [IPCP ConfAck id=0x1 <addr 195.238.128.130>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 07 15 03 2f]

Jan  2 21:59:50 sunflare pppd[6053]: Protocol-Reject for 'Compression Control Protocol' (0x80fd) received

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [IPCP ConfNak id=0x1 <addr 195.238.138.247> <ms-dns1 195.238.133.98> <ms-dns3 195.238.142.100>]

Jan  2 21:59:50 sunflare pppd[6053]: sent [IPCP ConfReq id=0x2 <addr 195.238.138.247> <ms-dns1 195.238.133.98> <ms-dns3 195.238.142.100>]

Jan  2 21:59:50 sunflare pppd[6053]: rcvd [IPCP ConfAck id=0x2 <addr 195.238.138.247> <ms-dns1 195.238.133.98> <ms-dns3 195.238.142.100>]

Jan  2 21:59:50 sunflare pppd[6053]: local  IP address 195.238.138.247

Jan  2 21:59:50 sunflare pppd[6053]: remote IP address 195.238.128.130

Jan  2 21:59:50 sunflare pppd[6053]: primary   DNS address 195.238.133.98

Jan  2 21:59:50 sunflare pppd[6053]: secondary DNS address 195.238.142.100

Jan  2 21:59:50 sunflare pppd[6053]: Script /etc/ppp/ip-up started (pid 16430)

Jan  2 21:59:52 sunflare pppd[17199]: unrecognized option 'MyPeer'

Jan  2 21:59:52 sunflare pppd[6053]: Script /etc/ppp/ip-up finished (pid 16430), status = 0x1

```

ppp0 was up since then, everything looked fine... but: No default route. Internet access worked only after a route add default gw 195.238.128.130 (in /etc/ppp/pppoe.conf the flag DEFAULTROUTE is set to yes). Plus: Around the time ip-up was started, something set my pap-secrets back to "user" MyPeer "passwd". I checked the ip-up script and found nothing suspicious.

Is there someone with a good idea what's going on here?

Edit:

Damn, I'm just too stupid to post in the right forum. Someone please move it to Networking & Security pretty-please?  :Smile: 

----------

## didymos

I'd just get rid of rp-pppoe and use the pppd plugin.  Then you can have a net.ppp0 symlink to net.lo in /etc/init.d, and the configuration can go into /etc/conf.d/net like any other interface.  Here's my config for reference:

```

/etc/conf.d/net

config_ppp0=( "ppp" )

link_ppp0="br0"  <--- I'm using a wireless/wired bridge, just change to your normal interface, eth1

plugins_ppp0=( "pppoe")

username_ppp0='<username>'

pppd_ppp0=(

    "noauth"

    "defaultroute"

    "default-asyncmap"

    "ipcp-accept-remote"

    "ipcp-accept-local"

    "lcp-echo-interval 60"

    "lcp-echo-failure 5"

    "persist"

    "holdoff 2"

    "debug" 

    "sync" <---  see below

    "mru 1492"

    "mtu 1492"

    "lock")

```

For the "sync" option to work, you have to enable "Non-standard serial port support" in the character devices section of the kernel config, and then make " HDLC line discipline support" built-in or a module.  Of course, you don't need sync, so you can skip it if you want.  Make sure you build the kernel with pppoe support.  If your ISP automatically sets up DNS, just copy the ip numbers it sets up, and make them permanent by adding them to resolv.conf, or use whois to get the authoritative servers for the domain.

----------

## DarkSpir

I tried that after my post here. The pppd also kills /etc/ppp/pap-secrets and it does it before it tries to make a connection. Where rp-pppoe is working a little bit, the pppd plugin totally fails.  :Smile: 

----------

## didymos

Ok, make sure you only have these files in /etc/ppp:

```

chap-secrets  chap-secrets.example  ip-down  ip-up  options  pap-secrets  pap-secrets.example peers

```

The permissions should be:

```

total 8

-rw------- 1 root root  128 2006-12-02 17:48 chap-secrets

-rw------- 1 root root   78 2006-12-05 00:52 chap-secrets.example

-rwxr-xr-x 1 root root  960 2006-12-05 00:52 ip-down

-rwxr-xr-x 1 root root 1482 2006-12-05 00:52 ip-up

-rw-r--r-- 1 root root    5 2006-12-05 00:52 options

-rw-r--r-- 1 root root    5 2006-12-05 00:52 peers

-rw------- 1 root root  129 2006-12-02 17:47 pap-secrets

-rw------- 1 root root   77 2006-12-05 00:52 pap-secrets.example

```

The MyPeer crap is coming from some  file in that directory.  Both peers and  options should just be empty files, and anything other than the ones listed are not from the ppp package.

One other thing: what is your version of baselayout?

----------

## didymos

Oh yeah, you can set the password in /etc/conf.d/net if you want. Just add this line:

```

password_ppp0='<somepassword>'

```

This should override anything from pap-secrets, but it may not be as secure.  I don't know if you can have /etc/conf.d/net with -rw------ permissions or not; if you can, then it's just as "safe" as pap-secrets.

----------

## DarkSpir

Okay, I'm at work now so I can't test anything with my Gentoo router right now. I remember, that there are many other files in /etc/ppp, a direcory called peers, some files like chat-MyPeer and shit. I deleted already the peers-directory and the chat-stuff but something is recreating it in the connecting process.

baselayout is 1.12.something as far as I can remember, rp-pppoe is 3.7 and ppp... uh. Dunno. ^^"" I'll post it in the evening after work (I love my neighbourhood for setting up about 6 unencrypted WLAN networks).

----------

## DarkSpir

Hmm, sounds like a mayor fsckup. I can delete every file in /etc/ppp except those you posted. After the first connect try something is generating the whole stuff new. password_ppp0="blabla" doesn't work.

Here's my solution:

1) I've got an old, unused system and I'm going to run fli4l on it to get internet access.

2) After that I'm going to reinstall the Gentoo router, hoping to get rid of this problem this way.

I already tried to unmerge rp-pppoe and ppp, delete /etc/ppp and all files that emerge won't unmerge because of confpro and stuff and remerge ppp and rp-pppoe. Didn't help. There must be something outside the ppp-package causing the problem.

But thanks for your help anyway!  :Smile: 

----------

## didymos

That's weird.  If you figure it out, post something because now I want to know what the hell was doing that.

----------

## didymos

Oh, one more idea:  If you do "equery depends -D ppp", does anything show up?

----------

## JasonX

I have the same problem after upgrading my ppp from 2.4.2-r15 to 2.4.4-r4

Something overrides again and again my pap-secrets file (I'm glad that i have a backup)

But I have another problem after upgrade - my ppp + pptpd server overrides table of routes after any user is connected ...

Have anybody some suggestion ?

----------

## didymos

Well, I'm not sure what your routing needs are.  I'm guessing the problem is pppd setting the default route.  If that's the case, you can add "nodefaultroute" to the options you're passing to pppd.  Of course, you'll have to set routes so that the traffic you want uses the ppp interface.

----------

## JasonX

Before user connects to server

172.27.10.218  *                         255.255.255.255 UH    0      0        0 ppp0

192.168.20.0    192.168.254.251  255.255.255.0   UG    0      0        0 eth1

172.20.97.0      192.168.254.251  255.255.255.0   UG    0      0        0 eth1

192.168.1.0      192.168.254.251  255.255.255.0   UG    0      0        0 eth1

172.20.99.0      192.168.254.251  255.255.255.0   UG    0      0        0 eth1

192.168.0.0      *                         255.255.255.0   U     0      0        0 eth0

172.27.0.0        *                         255.255.255.0   U     0      0        0 eth2

192.168.254.0   *                         255.255.255.0   U     0      0        0 eth1

192.168.8.0      192.168.254.251   255.255.255.0   UG    0      0        0 eth1

192.168.76.0    192.168.254.251    255.255.254.0   UG    0      0        0 eth1

192.168.10.0    192.168.254.251    255.255.254.0   UG    0      0        0 eth1

192.168.18.0    192.168.254.251    255.255.254.0   UG    0      0        0 eth1

loopback          *                          255.0.0.0       U     0      0        0 lo

After user connects

192.168.20.0   192.168.254.251     255.255.255.0   UG     0      0        0 eth1

172.20.97.0     192.168.254.251     255.255.255.0   UG    0      0        0 eth1

192.168.1.0     192.168.254.251     255.255.255.0   UG    0      0        0 eth1

172.20.99.0     192.168.254.251     255.255.255.0   UG    0      0        0 eth1

192.168.0.0     *                            255.255.255.0   U     0      0        0 eth0

172.27.0.0      *                             255.255.255.0   U     0      0        0 eth2

192.168.254.0   *                           255.255.255.0   U     0      0        0 eth1

192.168.8.0     192.168.254.251       255.255.255.0   UG    0      0        0 eth1

192.168.76.0    192.168.254.251       255.255.254.0   UG    0      0        0 eth1

192.168.10.0    192.168.254.251      255.255.254.0   UG    0      0        0 eth1

192.168.18.0    192.168.254.251       255.255.254.0   UG    0      0        0 eth1

loopback        *                              255.0.0.0             U     0      0        0 lo

default         172.27.0.1                    0.0.0.0              UG    0      0        0 eth2

As you can see the default route disappear's

And one more problem : when user connects and i restart my ptppd sometheng overwrite's my pap-secret's file.

And when anybody connect's to pptpd sometheng overwrite's my pap-secret's file.

And there "user" MyPeer "passwd"

Can anybody handle with it ?

----------

## JasonX

Strange thing ...

All my problems has solved after i restart my daemon with nodefaultroute and with defaultroute params ...

Or may be after i update some packet's in my world ...

I afraid to reboot my server now  :Smile: 

Have anybody this problem ?

----------

## JasonX

Provided to be none of my problems was'n solved ...

It was pleasant bug ...Last edited by JasonX on Mon Jan 22, 2007 8:12 pm; edited 1 time in total

----------

## JasonX

My question about my route and pap-secrets file still actual because with or without nodefaut route 

picture stays the same - default route of the system disappears ...

----------

## JasonX

This is so stuped question that no one visitor posted nothin ?

----------

## didymos

OK, what routes are you setting in /etc/conf.d/net?

----------

## JasonX

modules=( "iproute2" )

config_eth0=( "192.168.0.1/24" )

config_eth1=( "192.168.254.250/24" )

config_eth2=( "172.27.0.10/24" )

routes_eth2=( "default via 172.27.0.1" )

----------

## k0pe

 *DarkSpir wrote:*   

> There must be something outside the ppp-package causing the problem.

 

I had the same problem. It was net.ppp0 that changes pap-secrets. I disabled autocfgfiles.

```
AUTOCFGFILES="no"
```

this will solve the problem and get your connection back. Though i still get 'unrecognized option 'MyPeer''

----------

## JasonX

yes

i saw this

and edited this file

----------

