ppp
ppp copied to clipboard
ppp-project
What is the recommended way of using ppp with systemd
Hi!
Up until now I was using Ubuntu 20.04 which has ppp version 2.4.7-2+4.1ubuntu5.1 with my own systemd unit file something like this:
[Unit]
Description=PPPoE connection
After=networking.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/pon provider
ExecStop=/usr/bin/poff -a
[Install]
WantedBy=multi-user.target
This worked fine. Then I upgraded to Ubuntu 22.04 which has ppp version 2.4.9-1+1ubuntu3, and something changed.
Every time I restarted the above service I noticed in the logs that ppp terminates twice (receives SIGTERM twice) which has complications for me. (because I have a couple of ip-down.d/ip-up.d scripts which needs to finish before it ppp should be considered started/stopped)
Tried to figure out what is going on and it seems that it terminates once with poff -a and once because systemd sends the TERM signal to it almost immediately after executing ExecStop.
I cannot decide if the working of systemd changed between 20.04 and 22.04 or ppp changed the way it handles the SIGTERM or something else.
For now I've modified the unit file to this
[Unit]
Description=PPPoE connection
After=networking.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/pon provider
ExecStop=/bin/bash -c '/usr/bin/poff -a && sleep 5'
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
But this is obviously a hack. Can you suggest me how to handle ppp with systemd?
@electrofloat Have you seen https://github.com/ppp-project/ppp/pull/370 ?
Could very well be that the systemd notification support broke during the 2.4.7 to 2.4.9 time frame. Also, the build system since 2.4.9 has changed drastically, and that pull request fixes one of these issues.
Yes I have, but I'm not sure how that solves the above issue.
in #370 a new configure parameter is added --enable-systemd which is great, but unless I'm missing something that in itself won't change the issue I have.
Ubuntu does not ship a systemd unit file for ppp in 22.04 so everyone has to write their own. Even if ppp is configured with --enable-systemd it only adds a feature called: - up_sdnotify, to have pppd notify systemd when the link is up. - if I'm not mistaken - which I'm not sure that it is helping with the service receiving the TERM signal twice.
This is my example systemd unit to tie the lifetime a PPPoE pppd instance to an Ethernet interface:
[Unit]
Description=PPPoE connection for %I
Documentation=man:pppd(8)
BindsTo=sys-devices-virtual-net-%i.device
After=sys-devices-virtual-net-%i.device
[Service]
Type=notify
ExecStart=/usr/sbin/pppd plugin rp-pppoe.so %I call %I linkname %I up_sdnotify persist
ExecStop=/bin/kill $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
SuccessExitStatus=5 12 13 14
Restart=on-failure
StandardOutput=null
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=/run/
ProtectKernelTunables=yes
ProtectControlGroups=yes
SystemCallFilter=~@mount
SystemCallArchitectures=native
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
[Install]
WantedBy=sys-devices-virtual-net-%i.device
(This is a few years old: I think that more sandboxing could be added now.)
The virtual interface is created with:
auto eth9
iface eth9 inet static
address 192.168.100.2/30
pre-up ip link add link eth0 $IFACE type macvlan
post-down ip link del $IFACE
up iptables -A POSTROUTING -d 192.168.1.1 -j SNAT --to-source 192.168.1.2
down iptables -D POSTROUTING -d 192.168.1.1 -j SNAT --to-source 192.168.1.2
If you have an Ethernet port dedicated to PPPoE then you can use sys-subsystem-net-devices-%i.device instead.
Could that unit be included somewhere in the sources of this project (maybe in contrib ?), so that packagers of systemd-based distros could converge on it ? Or is that out of scope of the project ?
