mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
357 lines
14 KiB
Plaintext
357 lines
14 KiB
Plaintext
|
<!-- $Id:$ -->
|
||
|
<!-- The FreeBSD Documentation Project -->
|
||
|
|
||
|
<sect>Setting up user PPP<label id="userppp">
|
||
|
|
||
|
<p><em>Contributed by &a.nik;<newline>
|
||
|
28 July 1995</em>.
|
||
|
|
||
|
<!-- This FAQ/HowTo is intended to get you up and running with
|
||
|
iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5
|
||
|
(and above).
|
||
|
|
||
|
I hope this document turns into a collaborative effort, largely
|
||
|
because I am not really much of an authority on PPP. I've got
|
||
|
it working, and want to pass on details of what I did so that
|
||
|
other people can get it working. But I'm not 100% clear on some
|
||
|
details, so I hope that by writing this and haveing others
|
||
|
flesh out some of the information I'm going to learn something
|
||
|
as well.
|
||
|
-->
|
||
|
|
||
|
<p>User PPP was intruduced to FreeBSD in release 2.0.5 as an
|
||
|
addition to the exisiting kernel implementation of PPP. So,
|
||
|
what is different about this new PPP that warrants its
|
||
|
addition? To quote from the manual page:
|
||
|
|
||
|
<quote>
|
||
|
This is a user process PPP software package. Normally, PPP is
|
||
|
implemented as a part of the kernel (e.g. as managed by pppd) and
|
||
|
it's thus somewhat hard to debug and/or modify its behavior. However,
|
||
|
in this implementation PPP is done as a user process with the help of
|
||
|
the tunnel device driver (tun).
|
||
|
</quote>
|
||
|
|
||
|
In essence, this means that rather than running a PPP daemon, the ppp
|
||
|
program can be run as and when desired. No PPP interface needs to be
|
||
|
compiled into the kernel, as the program can use the generic tunnel
|
||
|
device to to get data into and out of the kernel.
|
||
|
|
||
|
From here on out, user ppp will be referred to as simply as ppp unless a
|
||
|
distinction need to be made be it and any other PPP client/server software.
|
||
|
Unless otherwise stated, all commands in this section should be
|
||
|
executed as root.
|
||
|
|
||
|
Parts in this section marked with an asterisk (*) are
|
||
|
incomplete. Comments and suggestions are appreciated and
|
||
|
should be submitted to &a.nik;.
|
||
|
Thanks to Rob Snow <rsnow@txdirect.net> who proved to be a mine of
|
||
|
useful information when I was first experimenting with user ppp.
|
||
|
|
||
|
<sect1>Before you start
|
||
|
|
||
|
<p>This document assumes you're in roughly this position:
|
||
|
|
||
|
You have an account with an Internet Service Provider (ISP) which lets you
|
||
|
use PPP. Further, you have a modem (or other device) connected and
|
||
|
configured correctly which allows you to connect to your ISP.
|
||
|
|
||
|
You are going to need the following information to hand:
|
||
|
|
||
|
<itemize>
|
||
|
<item>IP address of your ISP's gateway
|
||
|
|
||
|
<item>Your ISP's netmask setting
|
||
|
|
||
|
<item>IP adresses of one or more nameservers
|
||
|
|
||
|
<item>If your ISP allocates you a static IP address and/or hostname then
|
||
|
you will need that as well. If not, you will need to know from what
|
||
|
range of IP addresses your allocated IP address will fall in.
|
||
|
</itemize>
|
||
|
|
||
|
If you do not have any of this information then contact your ISP and make
|
||
|
sure they provide it to you.
|
||
|
|
||
|
As well as this, you may need the files required to recompile
|
||
|
your kernel. Check <ref id="kernelconfig" name="Kernel
|
||
|
Configuration"> for more information on how to acquire these.
|
||
|
|
||
|
In addition, I've assumed that because your connection to the Internet is
|
||
|
not full time you are not running a name server (<tt>named(8)</tt>).
|
||
|
|
||
|
<sect1>Building a ppp ready kernel
|
||
|
|
||
|
<p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is
|
||
|
necessary to make sure that your kernel has support for this device compiled
|
||
|
in.
|
||
|
|
||
|
To check this, go to your kernel compile directory (probably /sys/i386/conf)
|
||
|
and examine your kernel configuration file. It needs to have the line
|
||
|
<tscreen><verb>
|
||
|
pseudo-device tun 1
|
||
|
</verb></tscreen>
|
||
|
in it somewhere. The stock GENERIC kernel has this as standard, so if you
|
||
|
have not installed a custom kernel you don't have to change anything.
|
||
|
If your kernel configuration file does not have this line in it then you
|
||
|
should add the line, re-compile and then re-install the kernel. Boot from
|
||
|
this new kernel.
|
||
|
|
||
|
<sect1>Check the tun device
|
||
|
|
||
|
<p>My experiences with ppp have only been with one ``tun'' device (tun0). If
|
||
|
you have used more (i.e., a number other than `1' in the pseudo-device line
|
||
|
in the kernel configuration file) then alter all references to ``tun0''
|
||
|
below to reflect whichever device number you are using.
|
||
|
|
||
|
The easiest way to make sure that the tun0 device is configured correctly is
|
||
|
to re-make it. To this end, execute the following commands,
|
||
|
<tscreen><verb>
|
||
|
# cd /dev
|
||
|
# ./MAKEDEV tun0
|
||
|
</verb></tscreen>
|
||
|
|
||
|
<sect1>PPP Configuration
|
||
|
|
||
|
<p>The meat of the problem.
|
||
|
|
||
|
Confusingly, it appears that both user ppp and pppd (the kernel level
|
||
|
implementation of PPP) both assume configuration files kept in
|
||
|
/etc/ppp. However, the sample configuration files provided are good for
|
||
|
user ppp, so keep them around for reference. The easiest way to do this is,
|
||
|
<tscreen><verb>
|
||
|
# cd /etc
|
||
|
# mv ppp ppp.orig
|
||
|
# mkdir ppp
|
||
|
</verb></tscreen>
|
||
|
Configuring ppp requires that you edit somewhere between one and three
|
||
|
files, depending on your requirements. What you put in them depends to some
|
||
|
extent on whether your ISP allocates IP addresses statically (i.e., you get
|
||
|
given one IP address, and always use that one) or dynamically (i.e., your IP
|
||
|
address can be different during different PPP sessions).
|
||
|
|
||
|
However, there are a few things that you should do first, regardless of
|
||
|
whether you are using static or dynamic IP addresses.
|
||
|
|
||
|
|
||
|
<sect2>Configure the resolver(5)
|
||
|
|
||
|
<p>The resolver is the part of the networking system that turns IP addresses
|
||
|
into hostnames. It can be configured to look for maps that describe IP to
|
||
|
hostname mappings in one of two places.
|
||
|
|
||
|
The first is a file called /etc/hosts (``hosts'' in section 5 of the
|
||
|
manual). The second is the Internet Domain Name Service, a distributed
|
||
|
data base, the discussion of which is beyond the realm of this document.
|
||
|
|
||
|
The resolver is a set of system calls that do the mappings,
|
||
|
and you have to tell them where to get their information
|
||
|
from. You do this by editing the file /etc/host.conf. Do
|
||
|
<bf>not</bf> call this file /etc/hosts.conf (note the extra
|
||
|
``s'') as the results can be confusing.
|
||
|
|
||
|
This file should contain the following two lines,
|
||
|
<tscreen><verb>
|
||
|
hosts
|
||
|
bind
|
||
|
</verb></tscreen>
|
||
|
which instruct the resolver to look in the file /etc/hosts first, and
|
||
|
then to consult the DNS if the name was not found in the /etc/hosts file.
|
||
|
|
||
|
It's probably a good idea to make sure you are not running the ``named''
|
||
|
service. Check your /etc/sysconfig file for the line that refers to
|
||
|
``namedflags'', and make sure the line reads
|
||
|
<tscreen><verb>
|
||
|
namedflags="NO"
|
||
|
</verb></tscreen>
|
||
|
|
||
|
<sect2>Create the /etc/hosts(5) file
|
||
|
|
||
|
<p>This file should contain the IP addresses and names of machines on your
|
||
|
network. At a bare minimum it should contain entries for the machine
|
||
|
which will be running ppp. Assuming that you're machine is called
|
||
|
foo.bar.com with the IP address 10.0.0.1, /etc/hosts should contain
|
||
|
<tscreen><verb>
|
||
|
127.0.0.0 localhost
|
||
|
10.0.0.1 foo.bar.com foo
|
||
|
</verb></tscreen>
|
||
|
The first line defines the alias ``localhost'' as a synonym for the
|
||
|
current machine. Regardless of your own IP address, the IP address for
|
||
|
this line should always be 127.0.0.1. The second line maps the name
|
||
|
``foo.bar.com'' (and the shorthand ``foo'') to the IP address 10.0.0.1.
|
||
|
|
||
|
If your provider allocates you a static IP address then use this in place
|
||
|
of 10.0.0.1.
|
||
|
|
||
|
<!-- XXX --> <em>(* What should they do if they are
|
||
|
allocated an IP address dynamically?)</em>
|
||
|
|
||
|
<sect2>Create the /etc/resolv.conf file
|
||
|
|
||
|
<p>/etc/resolv.conf contains some extra information required when you are
|
||
|
not running a nameserver. It points the resolver routines at real
|
||
|
nameservers, and specifies some other information.
|
||
|
|
||
|
At the very least, /etc/resolv.conf should contain one line with a
|
||
|
nameserver which can be queried. You should enter this as an IP
|
||
|
address. My /etc/resolv.conf contains
|
||
|
<tscreen><verb>
|
||
|
nameserver 158.152.1.193
|
||
|
nameserver 158.152.1.65
|
||
|
</verb></tscreen>
|
||
|
Which are Demon Internet's two nameservers. Add as many ``nameserver''
|
||
|
lines as your ISP provides nameservers.
|
||
|
|
||
|
<sect1>PPP and static IP addresses
|
||
|
|
||
|
<p>Probably the easiest to configure for. You will need to create three files
|
||
|
in the /etc/ppp directory.
|
||
|
|
||
|
The first of these is ppp.conf. It should look similar to the example
|
||
|
below. Note that lines that end in a ``:'' start in column 1, all other
|
||
|
lines should be indented as shown.
|
||
|
|
||
|
/etc/ppp/ppp.conf
|
||
|
<tscreen><verb>
|
||
|
1 default:
|
||
|
2 set device /dev/cuaa0
|
||
|
3 set speed 9600
|
||
|
4 disable lqr
|
||
|
5 deny lqr
|
||
|
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK
|
||
|
\\dATDT\\T TIMEOUT 40 CONNECT"
|
||
|
7 provider:
|
||
|
8 set phone 01234567890
|
||
|
9 set login "TIMEOUT 10 gin:-BREAK-gin: foo word: bar col: ppp"
|
||
|
10 set timeout 120
|
||
|
11 set ifaddr x.x.x.x y.y.y.y
|
||
|
</verb></tscreen>
|
||
|
Don't include the line numbers, they're just for this discussion.
|
||
|
|
||
|
<descrip>
|
||
|
<tag/Line 1:/ Identifies the default entry. Commands in this entry are
|
||
|
executed automatically when ppp is run.
|
||
|
|
||
|
<tag/Line 2:/ Identifies the device that has the modem hanging from it.
|
||
|
COM1: is /dev/cuaa0 and COM2: is /dev/cuaa1
|
||
|
|
||
|
<tag/Line 3:/ Sets the speed you want to connect at.
|
||
|
|
||
|
<tag/* Lines 4 and 5:/ Don't know exactly what effect these lines have
|
||
|
|
||
|
<tag/Line 6:/ Dial string commands. user ppp uses the chat(8) language. Check
|
||
|
the manual page for information on the features of this
|
||
|
language.
|
||
|
|
||
|
<tag/Line 7:/ Identifies an entry for a provider called ``provider''.
|
||
|
|
||
|
<tag/Line 8:/ Sets the phone number for this provider. Don't include any
|
||
|
spaces in the phone number.
|
||
|
|
||
|
<tag/Line 9:/ Set's the login string sequence. In this example, the string is
|
||
|
for a service who's login session looks like
|
||
|
<tscreen><verb>
|
||
|
J. Random Provider
|
||
|
login: foo
|
||
|
password: bar
|
||
|
protocol: ppp
|
||
|
</verb></tscreen>
|
||
|
You will need to alter this script to suit your own needs. It is
|
||
|
written in the chat(8) language.
|
||
|
|
||
|
<tag/Line 10:/ Sets the default timeout (in seconds) for the connection. So
|
||
|
the connectioned will be closed automatically after 120 seconds
|
||
|
of inactivity.
|
||
|
|
||
|
<tag/Line 11:/ Sets the interface addresses. The string x.x.x.x should be
|
||
|
replaced by the IP address that your provider allocates you. The
|
||
|
string y.y.y.y should be replaced by the IP address that your
|
||
|
ISP indicated for their gateway.
|
||
|
</descrip>
|
||
|
|
||
|
Now you have to edit the file /etc/ppp/ppp.linkup:
|
||
|
<tscreen><verb>
|
||
|
x.x.x.x:
|
||
|
add 0 0 HISADDR
|
||
|
</verb></tscreen>
|
||
|
Replace x.x.x.x with your IP address as before. This file is used to
|
||
|
automatically add a default route from your ISP (who's address is
|
||
|
automatically inserted with the HISADDR macro) to you.
|
||
|
|
||
|
Finally, you can create the file /etc/ppp/ppp.secret, which sets some
|
||
|
passwords to prevent people messing around with ppp on your system. You
|
||
|
may or may not want to do this, depending on how many people have access
|
||
|
to your ppp system.
|
||
|
|
||
|
<sect1>* PPP and Dynamic IP configuration
|
||
|
|
||
|
<!-- XXX
|
||
|
<p>* Don't have a clue how to do this. Could someone who does
|
||
|
submit something to go in here?
|
||
|
-->
|
||
|
|
||
|
<sect1>Final system configuration
|
||
|
|
||
|
<p>You now have PPP configured, but there's a few more things to do before
|
||
|
it's ready to work. They all involve editing the /etc/sysconfig file.
|
||
|
|
||
|
Working from the top down in this file, make sure the ``hostname='' line
|
||
|
is set, e.g.,
|
||
|
<tscreen><verb>
|
||
|
hostname=foo.bar.com
|
||
|
</verb></tscreen>
|
||
|
Look for the network_interfaces variable, and make sure the tun0 device is
|
||
|
added to the list. My line looks like
|
||
|
<tscreen><verb>
|
||
|
network_interfaces="lo0 tun0 ep0"
|
||
|
</verb></tscreen>
|
||
|
but I have an ethernet card (ep0) to configure as well.
|
||
|
|
||
|
Now add an ifconfig line for the tun0 device. It should look something
|
||
|
like
|
||
|
<tscreen><verb>
|
||
|
ifconfig_tun0="inet foo.bar.com y.y.y.y netmask 0xffffffff"
|
||
|
</verb></tscreen>
|
||
|
as before, change ``foo.bar.com'' to be your hostname, y.y.y.y is the IP
|
||
|
address of your providers gateway, and 0xffffffff is the netmask they
|
||
|
provided you with (in hexadecimal). Two common values for the netmask are
|
||
|
<tscreen><verb>
|
||
|
255.255.255.255 = 0xffffffff
|
||
|
255.255.255.0 = 0xffffff00
|
||
|
</verb></tscreen>
|
||
|
Set the routed flags to ``-s'' with the line
|
||
|
<tscreen><verb>
|
||
|
routedflags=-s
|
||
|
</verb></tscreen>
|
||
|
It's probably worth your while ensuring that the ``sendmail_flags'' line
|
||
|
does not include the ``-q'' option, otherwise sendmail will attempt to do
|
||
|
a network lookup every now and then, possibly causing your machine to dial
|
||
|
out. My sendmail line looks like
|
||
|
<tscreen><verb>
|
||
|
sendmail_flags="-bd"
|
||
|
</verb></tscreen>
|
||
|
The upshot of this is that I must force sendmail to re-examine the
|
||
|
mailqueue whenever I have the PPP link up, by typing
|
||
|
<tscreen><verb>
|
||
|
# /usr/sbin/sendmail -q
|
||
|
</verb></tscreen>
|
||
|
That should be about all you need to do to get PPP working with a static
|
||
|
IP address. All that's left is to reboot the machine. During startup the
|
||
|
tun0 device should be detected, and two lines like the following should be
|
||
|
printed,
|
||
|
<tscreen><verb>
|
||
|
tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 1500
|
||
|
inet x.x.x.x --> y.y.y.y netmask 0xffffffff
|
||
|
</verb></tscreen>
|
||
|
At this point, it should all be working. You can now either type
|
||
|
<tscreen><verb>
|
||
|
# ppp
|
||
|
</verb></tscreen>
|
||
|
and then ``dial provider'' to start the PPP session, or, if you want ppp
|
||
|
to establish sessions automatically when there is outbound traffic, type
|
||
|
<tscreen><verb>
|
||
|
# ppp -auto provider
|
||
|
</verb></tscreen>
|
||
|
This line could be added to your /etc/rc.local file.
|
||
|
|