mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-26 10:53:39 +01:00
1130b656e5
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
367 lines
14 KiB
Plaintext
367 lines
14 KiB
Plaintext
<!-- $FreeBSD$ -->
|
|
<!-- The FreeBSD Documentation Project -->
|
|
|
|
<sect>Setting up user PPP<label id="userppp">
|
|
|
|
<p><em>Contributed by &a.nik;<newline>
|
|
28 July 1995</em>.
|
|
|
|
<!-- This FAQ/HowTo is intended to get you up and running with
|
|
iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5
|
|
(and above).
|
|
|
|
I hope this document turns into a collaborative effort, largely
|
|
because I am not really much of an authority on PPP. I have got
|
|
it working, and want to pass on details of what I did so that
|
|
other people can get it working. But I am not 100% clear on some
|
|
details, so I hope that by writing this and having others
|
|
flesh out some of the information I am going to learn something
|
|
as well.
|
|
-->
|
|
|
|
<p>User PPP was introduced to FreeBSD in release 2.0.5 as an
|
|
addition to the existing kernel implementation of PPP. So,
|
|
what is different about this new PPP that warrants its
|
|
addition? To quote from the manual page:
|
|
|
|
<quote>
|
|
This is a user process PPP software package. Normally, PPP is
|
|
implemented as a part of the kernel (e.g. as managed by pppd) and
|
|
it is thus somewhat hard to debug and/or modify its behavior. However,
|
|
in this implementation PPP is done as a user process with the help of
|
|
the tunnel device driver (tun).
|
|
</quote>
|
|
|
|
In essence, this means that rather than running a PPP daemon, the ppp
|
|
program can be run as and when desired. No PPP interface needs to be
|
|
compiled into the kernel, as the program can use the generic tunnel
|
|
device to get data into and out of the kernel.
|
|
|
|
From here on out, user ppp will be referred to as simply as ppp unless a
|
|
distinction need to be made be it and any other PPP client/server software.
|
|
Unless otherwise stated, all commands in this section should be
|
|
executed as root.
|
|
|
|
Parts in this section marked with an asterisk (*) are
|
|
incomplete. Comments and suggestions are appreciated and
|
|
should be submitted to &a.nik;.
|
|
Thanks to Rob Snow <rsnow@txdirect.net> who proved to be a mine of
|
|
useful information when I was first experimenting with user ppp.
|
|
|
|
<sect1><heading>Before you start</heading>
|
|
|
|
<p>This document assumes you are in roughly this position:
|
|
|
|
You have an account with an Internet Service Provider (ISP) which lets you
|
|
use PPP. Further, you have a modem (or other device) connected and
|
|
configured correctly which allows you to connect to your ISP.
|
|
|
|
You are going to need the following information to hand:
|
|
|
|
<itemize>
|
|
<item>IP address of your ISP's gateway
|
|
|
|
<item>Your ISP's netmask setting
|
|
|
|
<item>IP addresses of one or more nameservers
|
|
|
|
<item>If your ISP allocates you a static IP address and/or hostname then
|
|
you will need that as well. If not, you will need to know from what
|
|
range of IP addresses your allocated IP address will fall in.
|
|
</itemize>
|
|
|
|
If you do not have any of this information then contact your ISP and make
|
|
sure they provide it to you.
|
|
|
|
As well as this, you may need the files required to recompile
|
|
your kernel. Check <ref id="kernelconfig" name="Kernel
|
|
Configuration"> for more information on how to acquire these.
|
|
|
|
In addition, I have assumed that because your connection to the Internet is
|
|
not full time you are not running a name server (<tt>named(8)</tt>).
|
|
|
|
<sect1><heading>Building a ppp ready kernel</heading>
|
|
|
|
<p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is
|
|
necessary to make sure that your kernel has support for this device compiled
|
|
in.
|
|
|
|
To check this, go to your kernel compile directory (probably /sys/i386/conf)
|
|
and examine your kernel configuration file. It needs to have the line
|
|
<tscreen><verb>
|
|
pseudo-device tun 1
|
|
</verb></tscreen>
|
|
in it somewhere. The stock GENERIC kernel has this as standard, so if you
|
|
have not installed a custom kernel you do not have to change anything.
|
|
If your kernel configuration file does not have this line in it then you
|
|
should add the line, re-compile and then re-install the kernel. Boot from
|
|
this new kernel. Please refer to the
|
|
<ref id="kernelconfig" name="Configuring the FreeBSD Kernel">
|
|
section for more information on kernel configuration.
|
|
|
|
|
|
<sect1><heading>Check the tun device</heading>
|
|
|
|
<p>My experiences with ppp have only been with one ``tun'' device (tun0). If
|
|
you have used more (i.e., a number other than `1' in the pseudo-device line
|
|
in the kernel configuration file) then alter all references to ``tun0''
|
|
below to reflect whichever device number you are using.
|
|
|
|
The easiest way to make sure that the tun0 device is configured correctly is
|
|
to re-make it. To this end, execute the following commands:
|
|
<tscreen><verb>
|
|
# cd /dev
|
|
# ./MAKEDEV tun0
|
|
</verb></tscreen>
|
|
|
|
<sect1><heading>PPP Configuration</heading>
|
|
|
|
<p>The meat of the problem.
|
|
|
|
Confusingly, it appears that both user ppp and pppd (the kernel level
|
|
implementation of PPP) both assume configuration files kept in
|
|
/etc/ppp. However, the sample configuration files provided are good for
|
|
user ppp, so keep them around for reference. The easiest way to do this is:
|
|
<tscreen><verb>
|
|
# cd /etc
|
|
# mv ppp ppp.orig
|
|
# mkdir ppp
|
|
</verb></tscreen>
|
|
Configuring ppp requires that you edit somewhere between one and three
|
|
files, depending on your requirements. What you put in them depends to some
|
|
extent on whether your ISP allocates IP addresses statically (i.e., you get
|
|
given one IP address, and always use that one) or dynamically (i.e., your IP
|
|
address can be different during different PPP sessions).
|
|
|
|
However, there are a few things that you should do first, regardless of
|
|
whether you are using static or dynamic IP addresses.
|
|
|
|
|
|
<sect2><heading>Configure the resolver(5)</heading>
|
|
|
|
<p>The resolver is the part of the networking system that turns IP addresses
|
|
into hostnames. It can be configured to look for maps that describe IP to
|
|
hostname mappings in one of two places.
|
|
|
|
The first is a file called <tt>/etc/hosts</tt> (<tt>man 5 hosts</tt>).
|
|
The second is the Internet Domain Name Service, a distributed
|
|
data base, the discussion of which is beyond the realm of this document.
|
|
|
|
The resolver is a set of system calls that do the mappings,
|
|
and you have to tell them where to get their information
|
|
from. You do this by editing the file <tt>/etc/host.conf</tt>. Do
|
|
<bf>not</bf> call this file <tt>/etc/hosts.conf</tt> (note the extra
|
|
``s'') as the results can be confusing.
|
|
|
|
This file should contain the following two lines,
|
|
<tscreen><verb>
|
|
hosts
|
|
bind
|
|
</verb></tscreen>
|
|
which instruct the resolver to look in the file <tt>/etc/hosts</tt> first,
|
|
and then to consult the DNS if the name was not found in the
|
|
<tt>/etc/hosts</tt> file.
|
|
|
|
It is probably a good idea to make sure you are not running the ``named''
|
|
service. Check your <tt>/etc/sysconfig</tt> file for the line that refers
|
|
to ``namedflags'', and make sure the line reads
|
|
<tscreen><verb>
|
|
namedflags="NO"
|
|
</verb></tscreen>
|
|
|
|
<sect2><heading>Create the /etc/hosts(5) file</heading>
|
|
|
|
<p>This file should contain the IP addresses and names of machines on your
|
|
network. At a bare minimum it should contain entries for the machine
|
|
which will be running ppp. Assuming that your machine is called
|
|
foo.bar.com with the IP address 10.0.0.1, <tt>/etc/hosts</tt> should
|
|
contain:
|
|
<tscreen><verb>
|
|
127.0.0.1 localhost
|
|
10.0.0.1 foo.bar.com foo
|
|
</verb></tscreen>
|
|
The first line defines the alias ``localhost'' as a synonym for the
|
|
current machine. Regardless of your own IP address, the IP address for
|
|
this line should always be 127.0.0.1. The second line maps the name
|
|
``foo.bar.com'' (and the shorthand ``foo'') to the IP address 10.0.0.1.
|
|
|
|
If your provider allocates you a static IP address then use this in place
|
|
of 10.0.0.1.
|
|
|
|
<!-- XXX <em>(* What should they do if they are
|
|
allocated an IP address dynamically?)</em> -->
|
|
|
|
<sect2><heading>Create the /etc/resolv.conf file</heading>
|
|
|
|
<p><tt>/etc/resolv.conf</tt> contains some extra information required when
|
|
you are not running a nameserver. It points the resolver routines at real
|
|
nameservers, and specifies some other information.
|
|
|
|
At the very least, <tt>/etc/resolv.conf</tt> should contain one line with
|
|
a nameserver which can be queried. You should enter this as an IP
|
|
address. My <tt>/etc/resolv.conf</tt> contains:
|
|
<tscreen><verb>
|
|
nameserver 158.152.1.193
|
|
nameserver 158.152.1.65
|
|
</verb></tscreen>
|
|
Which are Demon Internet's two nameservers. Add as many ``nameserver''
|
|
lines as your ISP provides nameservers.
|
|
|
|
<sect1><heading>PPP and static IP addresses</heading>
|
|
|
|
<p>Probably the easiest to configure for. You will need to create three files
|
|
in the <tt>/etc/ppp</tt> directory.
|
|
|
|
The first of these is <tt>ppp.conf</tt>. It should look similar to the
|
|
example below. Note that lines that end in a ``:'' start in column 1, all
|
|
other lines should be indented as shown.
|
|
|
|
<tt>/etc/ppp/ppp.conf</tt>
|
|
<tscreen><verb>
|
|
1 default:
|
|
2 set device /dev/cuaa0
|
|
3 set speed 9600
|
|
4 disable lqr
|
|
5 deny lqr
|
|
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK
|
|
\\dATDT\\T TIMEOUT 40 CONNECT"
|
|
7 provider:
|
|
8 set phone 01234567890
|
|
9 set login "TIMEOUT 10 gin:-BREAK-gin: foo word: bar col: ppp"
|
|
10 set timeout 120
|
|
11 set ifaddr x.x.x.x y.y.y.y
|
|
</verb></tscreen>
|
|
Do not include the line numbers, they are just for this discussion.
|
|
|
|
<descrip>
|
|
<tag/Line 1:/ Identifies the default entry. Commands in this entry are
|
|
executed automatically when ppp is run.
|
|
|
|
<tag/Line 2:/ Identifies the device that has the modem hanging from it.
|
|
COM1: is <tt>/dev/cuaa0</tt> and COM2: is <tt>/dev/cuaa1</tt>.
|
|
|
|
<tag/Line 3:/ Sets the speed you want to connect at.
|
|
|
|
<tag/* Lines 4 and 5:/ Do not know exactly what effect these lines have
|
|
|
|
<tag/Line 6:/ Dial string commands. user ppp uses the <tt>chat(8)</tt>
|
|
language. Check the manual page for information on the features
|
|
of this language.
|
|
|
|
<tag/Line 7:/ Identifies an entry for a provider called ``provider''.
|
|
|
|
<tag/Line 8:/ Sets the phone number for this provider. Do not include any
|
|
spaces in the phone number.
|
|
|
|
<tag/Line 9:/ Sets the login string sequence. In this example, the string is
|
|
for a service who's login session looks like
|
|
<tscreen><verb>
|
|
J. Random Provider
|
|
login: foo
|
|
password: bar
|
|
protocol: ppp
|
|
</verb></tscreen>
|
|
You will need to alter this script to suit your own needs. It is
|
|
written in the <tt>chat(8)</tt> language.
|
|
|
|
<tag/Line 10:/ Sets the default timeout (in seconds) for the connection. So
|
|
the connection will be closed automatically after 120 seconds
|
|
of inactivity.
|
|
|
|
<tag/Line 11:/ Sets the interface addresses. The string x.x.x.x should be
|
|
replaced by the IP address that your provider allocates you. The
|
|
string y.y.y.y should be replaced by the IP address that your
|
|
ISP indicated for their gateway.
|
|
</descrip>
|
|
|
|
Now you have to edit the file <tt>/etc/ppp/ppp.linkup</tt>:
|
|
<tscreen><verb>
|
|
x.x.x.x:
|
|
add 0 0 HISADDR
|
|
</verb></tscreen>
|
|
Replace x.x.x.x with your IP address as before. This file is used to
|
|
automatically add a default route from your ISP (who's address is
|
|
automatically inserted with the HISADDR macro) to you.
|
|
|
|
Finally, you can create the file <tt>/etc/ppp/ppp.secret</tt>, which sets
|
|
some passwords to prevent people messing around with ppp on your system.
|
|
You may or may not want to do this, depending on how many people have
|
|
access to your ppp system.
|
|
|
|
<sect1><heading>PPP and Dynamic IP configuration</heading>
|
|
|
|
<!-- XXX -->
|
|
<p>If your service provider does not assign static IP numbers,
|
|
<tt>ppp</tt> can be configured to negotiate the local address. This is
|
|
done by specifying 0 as the local IP address:
|
|
<tscreen><verb>
|
|
set ifaddr 0 0
|
|
</verb></tscreen>
|
|
See the <tt>ppp(8)</tt> manual page for more detailed information.
|
|
|
|
<sect1><heading>Final system configuration</heading>
|
|
|
|
<p>You now have PPP configured, but there are a few more things to do before
|
|
it is ready to work. They all involve editing the <tt>/etc/sysconfig</tt>
|
|
file.
|
|
|
|
Working from the top down in this file, make sure the ``hostname='' line
|
|
is set, e.g.,
|
|
<tscreen><verb>
|
|
hostname=foo.bar.com
|
|
</verb></tscreen>
|
|
Look for the network_interfaces variable, and make sure the tun0 device is
|
|
added to the list. My line looks like
|
|
<tscreen><verb>
|
|
network_interfaces="lo0 tun0 ep0"
|
|
</verb></tscreen>
|
|
but I have an ethernet card (ep0) to configure as well.
|
|
|
|
Now add an ifconfig line for the tun0 device. It should look something
|
|
like
|
|
<tscreen><verb>
|
|
ifconfig_tun0="inet foo.bar.com y.y.y.y netmask 0xffffffff"
|
|
</verb></tscreen>
|
|
as before, change ``foo.bar.com'' to be your hostname, y.y.y.y is the IP
|
|
address of your providers gateway, and 0xffffffff is the netmask they
|
|
provided you with (in hexadecimal). Two common values for the netmask are
|
|
<tscreen><verb>
|
|
255.255.255.255 = 0xffffffff
|
|
255.255.255.0 = 0xffffff00
|
|
</verb></tscreen>
|
|
Set the routed flags to ``-s'' with the line
|
|
<tscreen><verb>
|
|
routedflags=-s
|
|
</verb></tscreen>
|
|
It is probably worth your while ensuring that the ``sendmail_flags'' line
|
|
does not include the ``-q'' option, otherwise sendmail will attempt to do
|
|
a network lookup every now and then, possibly causing your machine to dial
|
|
out. My sendmail line looks like
|
|
<tscreen><verb>
|
|
sendmail_flags="-bd"
|
|
</verb></tscreen>
|
|
The upshot of this is that I must force sendmail to re-examine the
|
|
mailqueue whenever I have the PPP link up, by typing
|
|
<tscreen><verb>
|
|
# /usr/sbin/sendmail -q
|
|
</verb></tscreen>
|
|
That should be about all you need to do to get PPP working with a static
|
|
IP address. All that is left is to reboot the machine. During startup the
|
|
tun0 device should be detected, and two lines like the following should be
|
|
printed,
|
|
<tscreen><verb>
|
|
tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 1500
|
|
inet x.x.x.x --> y.y.y.y netmask 0xffffffff
|
|
</verb></tscreen>
|
|
At this point, it should all be working. You can now either type
|
|
<tscreen><verb>
|
|
# ppp
|
|
</verb></tscreen>
|
|
and then ``dial provider'' to start the PPP session, or, if you want ppp
|
|
to establish sessions automatically when there is outbound traffic, type
|
|
<tscreen><verb>
|
|
# ppp -auto provider
|
|
</verb></tscreen>
|
|
This line could be added to your <tt>/etc/rc.local</tt> file.
|
|
|