HardenedBSD/share/doc/handbook/userppp.sgml
Brian Somers d06ae27bd3 Update configuration examples & instructions.
This should go into 2.2 as the examples bearly work for
static IP numbers (and don't for dynamic ones).
1997-03-14 04:17:44 +00:00

387 lines
15 KiB
Plaintext

<!-- $Id: userppp.sgml,v 1.12 1997/02/22 12:59:40 peter Exp $ -->
<!-- The FreeBSD Documentation Project -->
<sect>Setting up user PPP<label id="userppp">
<p><em>Contributed by &a.nik;<newline>
28 July 1995</em>.
<p><em>Updated by &a.brian;<newline>
14 March 1997</em>.
<!-- This FAQ/HowTo is intended to get you up and running with
iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5
(and above).
I hope this document turns into a collaborative effort, largely
because I am not really much of an authority on PPP. I have got
it working, and want to pass on details of what I did so that
other people can get it working. But I am not 100% clear on some
details, so I hope that by writing this and having others
flesh out some of the information I am going to learn something
as well.
-->
<p>User PPP was introduced to FreeBSD in release 2.0.5 as an
addition to the existing kernel implementation of PPP. So,
what is different about this new PPP that warrants its
addition? To quote from the manual page:
<quote>
This is a user process PPP software package. Normally, PPP is
implemented as a part of the kernel (e.g. as managed by pppd) and
it is thus somewhat hard to debug and/or modify its behavior. However,
in this implementation PPP is done as a user process with the help of
the tunnel device driver (tun).
</quote>
In essence, this means that rather than running a PPP daemon, the ppp
program can be run as and when desired. No PPP interface needs to be
compiled into the kernel, as the program can use the generic tunnel
device to get data into and out of the kernel.
From here on out, user ppp will be referred to as simply as ppp unless a
distinction need to be made be it and any other PPP client/server software.
Unless otherwise stated, all commands in this section should be
executed as root.
Parts in this section marked with an asterisk (*) are
incomplete. Comments and suggestions are appreciated and
should be submitted to &a.nik;.
Thanks to Rob Snow &lt;rsnow@txdirect.net&gt; who proved to be a mine of
useful information when I was first experimenting with user ppp.
<sect1><heading>Before you start</heading>
<p>This document assumes you are in roughly this position:
You have an account with an Internet Service Provider (ISP) which lets you
use PPP. Further, you have a modem (or other device) connected and
configured correctly which allows you to connect to your ISP.
You are going to need the following information to hand:
<itemize>
<item>IP address of your ISP's gateway
<item>Your ISP's netmask setting
<item>IP addresses of one or more nameservers
<item>If your ISP allocates you a static IP address and/or hostname then
you will need that as well. If not, you will need to know from what
range of IP addresses your allocated IP address will fall in.
</itemize>
If you do not have any of this information then contact your ISP and make
sure they provide it to you.
As well as this, you may need the files required to recompile
your kernel. Check <ref id="kernelconfig" name="Kernel
Configuration"> for more information on how to acquire these.
In addition, I have assumed that because your connection to the Internet is
not full time you are not running a name server (<tt>named(8)</tt>).
<sect1><heading>Building a ppp ready kernel</heading>
<p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is
necessary to make sure that your kernel has support for this device compiled
in.
To check this, go to your kernel compile directory (probably /sys/i386/conf)
and examine your kernel configuration file. It needs to have the line
<tscreen><verb>
pseudo-device tun 1
</verb></tscreen>
in it somewhere. The stock GENERIC kernel has this as standard, so if you
have not installed a custom kernel you do not have to change anything.
If your kernel configuration file does not have this line in it then you
should add the line, re-compile and then re-install the kernel. Boot from
this new kernel. Please refer to the
<ref id="kernelconfig" name="Configuring the FreeBSD Kernel">
section for more information on kernel configuration.
<sect1><heading>Check the tun device</heading>
<p>My experiences with ppp have only been with one ``tun'' device (tun0). If
you have used more (i.e., a number other than `1' in the pseudo-device line
in the kernel configuration file) then alter all references to ``tun0''
below to reflect whichever device number you are using.
The easiest way to make sure that the tun0 device is configured correctly is
to re-make it. To this end, execute the following commands:
<tscreen><verb>
# cd /dev
# ./MAKEDEV tun0
</verb></tscreen>
<sect1><heading>PPP Configuration</heading>
<p>The meat of the problem.
Confusingly, it appears that both user ppp and pppd (the kernel level
implementation of PPP) both assume configuration files kept in
/etc/ppp. However, the sample configuration files provided are good for
user ppp, so keep them around for reference. The easiest way to do this is:
<tscreen><verb>
# cd /etc
# mv ppp ppp.orig
# mkdir ppp
</verb></tscreen>
Configuring ppp requires that you edit somewhere between one and three
files, depending on your requirements. What you put in them depends to some
extent on whether your ISP allocates IP addresses statically (i.e., you get
given one IP address, and always use that one) or dynamically (i.e., your IP
address can be different during different PPP sessions).
However, there are a few things that you should do first, regardless of
whether you are using static or dynamic IP addresses.
<sect2><heading>Configure the resolver(5)</heading>
<p>The resolver is the part of the networking system that turns IP addresses
into hostnames. It can be configured to look for maps that describe IP to
hostname mappings in one of two places.
The first is a file called <tt>/etc/hosts</tt> (<tt>man 5 hosts</tt>).
The second is the Internet Domain Name Service, a distributed
data base, the discussion of which is beyond the realm of this document.
The resolver is a set of system calls that do the mappings,
and you have to tell them where to get their information
from. You do this by editing the file <tt>/etc/host.conf</tt>. Do
<bf>not</bf> call this file <tt>/etc/hosts.conf</tt> (note the extra
``s'') as the results can be confusing.
This file should contain the following two lines,
<tscreen><verb>
hosts
bind
</verb></tscreen>
which instruct the resolver to look in the file <tt>/etc/hosts</tt> first,
and then to consult the DNS if the name was not found in the
<tt>/etc/hosts</tt> file.
It is probably a good idea to make sure you are not running the ``named''
service. Check your <tt>/etc/sysconfig</tt> file for the line that refers
to ``namedflags'', and make sure the line reads
<tscreen><verb>
namedflags="NO"
</verb></tscreen>
<sect2><heading>Create the /etc/hosts(5) file</heading>
<p>This file should contain the IP addresses and names of machines on your
network. At a bare minimum it should contain entries for the machine
which will be running ppp. Assuming that your machine is called
foo.bar.com with the IP address 10.0.0.1, <tt>/etc/hosts</tt> should
contain:
<tscreen><verb>
127.0.0.1 localhost
10.0.0.1 foo.bar.com foo
</verb></tscreen>
The first line defines the alias ``localhost'' as a synonym for the
current machine. Regardless of your own IP address, the IP address for
this line should always be 127.0.0.1. The second line maps the name
``foo.bar.com'' (and the shorthand ``foo'') to the IP address 10.0.0.1.
If your provider allocates you a static IP address then use this in place
of 10.0.0.1.
<!-- XXX <em>(* What should they do if they are
allocated an IP address dynamically?)</em> -->
<sect2><heading>Create the /etc/resolv.conf file</heading>
<p><tt>/etc/resolv.conf</tt> contains some extra information required when
you are not running a nameserver. It points the resolver routines at real
nameservers, and specifies some other information.
At the very least, <tt>/etc/resolv.conf</tt> should contain one line with
a nameserver which can be queried. You should enter this as an IP
address. My <tt>/etc/resolv.conf</tt> contains:
<tscreen><verb>
nameserver 158.152.1.193
nameserver 158.152.1.65
</verb></tscreen>
Which are Demon Internet's two nameservers. Add as many ``nameserver''
lines as your ISP provides nameservers.
<sect1><heading>PPP and static IP addresses</heading>
<p>Probably the easiest to configure for. You will need to create three files
in the <tt>/etc/ppp</tt> directory.
The first of these is <tt>ppp.conf</tt>. It should look similar to the
example below. Note that lines that end in a ``:'' start in column 1, all
other lines should be indented as shown.
<tt>/etc/ppp/ppp.conf</tt>
<tscreen><verb>
1 default:
2 set device /dev/cuaa0
3 set speed 9600
4 disable lqr
5 deny lqr
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK
\\dATDT\\T TIMEOUT 40 CONNECT"
7 provider:
8 set phone 01234567890
9 set login "TIMEOUT 10 gin:-BREAK-gin: foo word: bar col: ppp"
10 set timeout 120
11 set ifaddr x.x.x.x y.y.y.y
12 delete ALL
13 add 0 0 HISADDR
14 set openmode active
</verb></tscreen>
Do not include the line numbers, they are just for this discussion.
<descrip>
<tag/Line 1:/ Identifies the default entry. Commands in this entry are
executed automatically when ppp is run.
<tag/Line 2:/ Identifies the device that has the modem hanging from it.
COM1: is <tt>/dev/cuaa0</tt> and COM2: is <tt>/dev/cuaa1</tt>.
<tag/Line 3:/ Sets the speed you want to connect at.
<tag/Line 4:/ Tells us not to request LQR. LQR is a "keepalive" protocol
used by ppp.
<tag/Line 5:/ Tells us not to accept LQR negotiation from the other side.
<tag/Line 6:/ Dial string commands. user ppp uses the <tt>chat(8)</tt>
language. Check the manual page for information on the features
of this language.
<tag/Line 7:/ Identifies an entry for a provider called ``provider''.
<tag/Line 8:/ Sets the phone number for this provider. Do not include any
spaces in the phone number.
<tag/Line 9:/ Sets the login string sequence. In this example, the string is
for a service who's login session looks like
<tscreen><verb>
J. Random Provider
login: foo
password: bar
protocol: ppp
</verb></tscreen>
You will need to alter this script to suit your own needs. It is
written in the <tt>chat(8)</tt> language.
<tag/Line 10:/ Sets the default timeout (in seconds) for the connection. So
the connection will be closed automatically after 120 seconds
of inactivity.
<tag/Line 11:/ Sets the interface addresses. The string x.x.x.x should be
replaced by the IP address that your provider allocates you. The
string y.y.y.y should be replaced by the IP address that your
ISP indicated for their gateway.
<tag/Line 12:/ Deletes all existing routing table entries for the
acquired tun device.
<tag/Line 13:/ Adds a default route to your ISPs IP number.
<tag/Line 14:/ Tells our side to begin negotiation. This is not always
necessary, but it does no harm to have both sides initiating
the Line Control Protocol (LCP).
</descrip>
Now you have to edit the file <tt>/etc/ppp/ppp.linkup</tt>:
<tscreen><verb>
x.x.x.x:
delete ALL
add 0 0 HISADDR
</verb></tscreen>
Replace x.x.x.x with your IP address as before. This file is used to
automatically delete all existing routes for the acquired line and
add a default route from your ISP (who's address is automatically
inserted with the HISADDR macro) to you.
With a static IP number assigned by your ISP, you don't actually
need an entry in <tt>/etc/ppp.linkup</tt>, but again, it doesn't
do any harm to have it.
Finally, you can create the file <tt>/etc/ppp/ppp.secret</tt>, which sets
some passwords to prevent people messing around with ppp on your system.
You may or may not want to do this, depending on how many people have
access to your ppp system.
<sect1><heading>PPP and Dynamic IP configuration</heading>
<!-- XXX -->
<p>If your service provider does not assign static IP numbers,
<tt>ppp</tt> can be configured to negotiate the local address. This is
done by "guessing" an IP number and allowing ppp to set it up correctly
using the LCP at connection time.
<tscreen><verb>
ifaddr 10.0.1.1/0 10.0.1.2/0
delete ALL
add 0 0 HISADDR
</verb></tscreen>
You should NOT use 0 as either IP address. If you do, ppp will not be
able to set up the correct initial entries in the routing table.
See the pmdemand entry in the files <tt>/etc/ppp/ppp.conf.sample</tt> and
<tt>/etc/ppp/ppp.linkup.sample</tt> for a detailed example.
<sect1><heading>Final system configuration</heading>
<p>You now have PPP configured, but there are a few more things to do before
it is ready to work. They all involve editing the <tt>/etc/sysconfig</tt>
file.
Working from the top down in this file, make sure the ``hostname='' line
is set, e.g.,
<tscreen><verb>
hostname=foo.bar.com
</verb></tscreen>
Look for the network_interfaces variable, and make sure the tun0 device is
NOT added to the list. My line looks like
<tscreen><verb>
network_interfaces="lo0 ep0"
</verb></tscreen>
because I have an ethernet card (ep0) to configure as well.
Set the router program to ``NO'' with the line
<tscreen><verb>
router=NO
</verb></tscreen>
It is important that this is not set to <tt>routed</tt> (the default)
as <tt>routed</tt> tends to delete the routing table entries made by
ppp.
It is probably worth your while ensuring that the ``sendmail_flags'' line
does not include the ``-q'' option, otherwise sendmail will attempt to do
a network lookup every now and then, possibly causing your machine to dial
out. My sendmail line looks like
<tscreen><verb>
sendmail_flags="-bd"
</verb></tscreen>
The upshot of this is that I must force sendmail to re-examine the
mailqueue whenever I have the PPP link up, by typing
<tscreen><verb>
# /usr/sbin/sendmail -q
</verb></tscreen>
If you don't like this, it is possible to set up a "dfilter" to block
SMTP traffic. Refer to the sample files for further details.
That should be about all you need to do to get PPP working. All that is
left is to reboot the machine.
You can now either type
<tscreen><verb>
# ppp
</verb></tscreen>
and then ``dial provider'' to start the PPP session, or, if you want ppp
to establish sessions automatically when there is outbound traffic, type
<tscreen><verb>
# ppp -auto provider
</verb></tscreen>
This line could be added to your <tt>/etc/rc.local</tt> file.