DSL on Solaris -- HOW TO

The new place I moved appeared to not have a digital cable available, so I had to switch to xDSL as a "broadband" transport.

There were some issues with getting the right software for Solaris, since this is what I have as a mix of firewall, router, web server and so on. Then there is connection problems, mostly impacting IP filter and the fact, that I have an external DNS server that needed to be updated when an IP address changes.

Not all xDSL providers authenticate you by the modem's serial number and then let the pure ip to flow, assigning you either static or DHCP dynamic IP address. Some of them, including one I picked, do not. Instead, they require the PPP authentication, using PPP over Ethernet tunneling, described in RFC 2516.

There are two software lines to go, to make DSL work, one is using the Solaris PPP/PPPoE packages, the other is using the GNU software. Below, you'll find the description of how to use it with the GNU sfuff, though I myself recommend to go with the Solaris packages. For how to install Solaris packages, refer to http://www.techgirl-net.com/pppoe.html page. You still might want to read the sections about IPF on this page though.

So, to let the ball rolling, you'll need the following pieces:

Both of those packages compile without troubles, there is no special configration to be done, I was really thankful to the guys who are developing those. pppd should come first, and rp-pppoe should be able to see where it was installed to.
Also, if you're building for 64bit kernel, you'll either need a SUN C compiler, or the very latest gcc (version >3.2, I believe) in order to produce 64-bit kernel modules for Solaris.

Now, you'll need to know the username and password to connect to the database. Usually what happens, is that they are assigned to you when you sign up, or you may get an installation CD, and the software will guide you through the process of getting one. Of course, for that, the modem should be plugged into a system the provider supports officially. Then, edit the rp-pppoe configuration file, usually located at /etc/ppp/pppoe.conf, provide the interface name, for Solaris it mostly either hme0 for 100Mbps cards, le0 for 10 Mbps cards or qfeX for quadriple ethernet cards. Put your user name to USER= line.

Now, create file /etc/ppp/pap-secrets. It should say:

# cat /etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client        server  secret                  IP addresses
veselov@sbcglobal.net    *      "mypassword"
Just in case, link or copy this file to chap-secrets in case your provider uses CHAP over PAP authentication style. The client id in secrets should match whichever was specified as your name in pppoe.conf file.

You're ready to try your new xDSL connection. Type <bin_dir>/adsl-start to connect.
If there're any problems, try reading the FAQ that comes with rp-pppoe

Now, it is wise to have an IP blocking software installed like ip firewall, or ip filter. The best match for Solaris would be ipf package. Each time your IP address changes, you'll need to restart the ipf, or at least reconfigure the tables, since they are bound to the ip address on the system and at least the external interface. Note, that in case when PPPoE is used, your external interface would be pppX instead of local physical interface. Here is the patch to the ipfboot script, provided along with the ipf 3.4.23. When using this script, copy the ipf.conf and ipnat.conf files to ipf.conf.orig and ipnat.conf.orig respectively, and replace local interface name with $EXTIF define, and the external ip address with $LOCALIP define. Then, each time ipf is started, the correct values will be entered into the config files.
There has been a 2 second sleep inserted into the ipfboot script, just before the module is unloaded. The reason is that sometimes, the daemon doesn't have enough time to finish itself before script goes and tries to delete the module, so kernel doesn't remove the module with the resource is busy exception.

Also, there should be a way to automatically restart ipf when ip address changes. rp-pppoe will keep trying to reestablish the link when it has been dropped, so all there is needed to be done, is to detect when address is changed, and restart the ipf. The only troubles with that is that your system will not be protected by ipf at the time between address changes and ipf restarts. Here is the link to the checkdsl script, that is supposed to be ran from cron each minute or two. That would reasonable, I guess. adsl-start and adsl-stop scripts should be in the PATH for checkdsl. Also, there is a call to updatedhs that you can delete, if you don't have a hostname in the DHS domain.
The reason the interface is beeing searched for, is that sometimes pppd selects the ppp1 rather than ppp0 name for the interface, probably because some resources don't get released properly.

Since I have domain name in the DHS group, the hostname to ip mapping should get resolved when address changes. I just used one of those programs DHS offers to use to do that automatically.

A very good idea is to move your DSL modem as far away from your computer(s) as possible. I had connection fail every few hours when the modem was near my boxes, every day or so when I moved about 6 feet from my boxes, and once may be 6 months, after I moved it away about 15 feet. So it does matter very much (at least with those SpeedStream modems).

This page was accessed times.

(C) Pawel S. Veselov, 2002.

[Back] Return to my homepage
[Or (better) press "BACK" button on your cool browser ;)]