Subject: Re: resetting a pppoe connection?
To: None <netbsd-users@NetBSD.org>
From: Carl Brewer <email@example.com>
Date: 02/08/2005 11:19:16
Martin Husemann wrote:
> On Mon, Feb 07, 2005 at 04:55:29PM -0300, César Catrián C. wrote:
>>clear-auth-failure=5 seems a very low default to me.
> This is from experiences with an ex-ISP of mine. They automatically disabled
> my access after 9 wrong retries. I had changed the password using their
> web thing, modified /etc/ifconfig.pppoe0 - but forgot to reload the pppoe
> configuration - after 24 hours they also forced a disconnect, and on reconnect
> my machine got locked out. No need to mention this happend late friday
> afternoon, and customer service was only available on the next monday.
> If I had known the details, I would have had the connection back up on the
> next morning - they cleared the "blocked" status in a nightly cron job.
> But I didn't know at that time and customer servcie gave very wrong advice,
> and then didn't response, etc. It took nearly a week and caused costs for
> a ISDN backup connection - and you probably understand why it's an ex-ISP
> of mine. Anyway, I used the week w/o DSL connection to implement the max-auth-*
>>I've set it to '0' in my connection.
> That's what I do on most machines too, after inintial testing.
I'd not put anything into my ppp/ip-up and ip-down scripts,
and I neglected to mention the possibly (heh ...) significant
ipf rule surrounding the interface :
pass out quick on sip0 to pppoe0:220.127.116.11 proto tcp from a.b.c.d to
Ie: I'm using that interface only for one host, everything else
goes out via a default route on a different interface via a DSL router.
I think maybe IPF gets confused if the interface goes away for a
while? anyway, that didn't/doesn't explain the inability for it to
authenticate after a failure.
My setup now looks like this :
/sbin/ipf -Fa -f /etc/ipf.conf
! /sbin/ifconfig sip3 up
! /sbin/pppoectl -e sip3 $int
! /sbin/pppoectl $int myauthproto=pap 'firstname.lastname@example.org' 'm
0.0.0.0 0.0.0.1 up
In the event of a loss of the PPPoE session, should I
have anything in ip-down to reset anything, or will the
above (with ifwatchd running) take care of that? Also, should
$int be explicitly specified as pppoe0, or is it ok as '$int' ?
Martin's suggestion to use "destroy" not "delete" I haven't
tried, and I'm not sure if it was a typo or not, but I'll
try it next time it locks up. What specifically has
been changed in the pppoe stuff since 1.6.1?
I will look to upgrading to NBSD 2.0 in the next few months,
but am a bit swamped with other stuff at the moment to do it
in the next week :)
Thanks everyone for your input,