mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 05:21:08 +01:00
d06ae27bd3
This should go into 2.2 as the examples bearly work for static IP numbers (and don't for dynamic ones).
387 lines
15 KiB
Plaintext
387 lines
15 KiB
Plaintext
<!-- $Id: userppp.sgml,v 1.12 1997/02/22 12:59:40 peter Exp $ -->
|
|
<!-- The FreeBSD Documentation Project -->
|
|
|
|
<sect>Setting up user PPP<label id="userppp">
|
|
|
|
<p><em>Contributed by &a.nik;<newline>
|
|
28 July 1995</em>.
|
|
<p><em>Updated by &a.brian;<newline>
|
|
14 March 1997</em>.
|
|
|
|
<!-- This FAQ/HowTo is intended to get you up and running with
|
|
iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5
|
|
(and above).
|
|
|
|
I hope this document turns into a collaborative effort, largely
|
|
because I am not really much of an authority on PPP. I have got
|
|
it working, and want to pass on details of what I did so that
|
|
other people can get it working. But I am not 100% clear on some
|
|
details, so I hope that by writing this and having others
|
|
flesh out some of the information I am going to learn something
|
|
as well.
|
|
-->
|
|
|
|
<p>User PPP was introduced to FreeBSD in release 2.0.5 as an
|
|
addition to the existing kernel implementation of PPP. So,
|
|
what is different about this new PPP that warrants its
|
|
addition? To quote from the manual page:
|
|
|
|
<quote>
|
|
This is a user process PPP software package. Normally, PPP is
|
|
implemented as a part of the kernel (e.g. as managed by pppd) and
|
|
it is thus somewhat hard to debug and/or modify its behavior. However,
|
|
in this implementation PPP is done as a user process with the help of
|
|
the tunnel device driver (tun).
|
|
</quote>
|
|
|
|
In essence, this means that rather than running a PPP daemon, the ppp
|
|
program can be run as and when desired. No PPP interface needs to be
|
|
compiled into the kernel, as the program can use the generic tunnel
|
|
device to get data into and out of the kernel.
|
|
|
|
From here on out, user ppp will be referred to as simply as ppp unless a
|
|
distinction need to be made be it and any other PPP client/server software.
|
|
Unless otherwise stated, all commands in this section should be
|
|
executed as root.
|
|
|
|
Parts in this section marked with an asterisk (*) are
|
|
incomplete. Comments and suggestions are appreciated and
|
|
should be submitted to &a.nik;.
|
|
Thanks to Rob Snow <rsnow@txdirect.net> who proved to be a mine of
|
|
useful information when I was first experimenting with user ppp.
|
|
|
|
<sect1><heading>Before you start</heading>
|
|
|
|
<p>This document assumes you are in roughly this position:
|
|
|
|
You have an account with an Internet Service Provider (ISP) which lets you
|
|
use PPP. Further, you have a modem (or other device) connected and
|
|
configured correctly which allows you to connect to your ISP.
|
|
|
|
You are going to need the following information to hand:
|
|
|
|
<itemize>
|
|
<item>IP address of your ISP's gateway
|
|
|
|
<item>Your ISP's netmask setting
|
|
|
|
<item>IP addresses of one or more nameservers
|
|
|
|
<item>If your ISP allocates you a static IP address and/or hostname then
|
|
you will need that as well. If not, you will need to know from what
|
|
range of IP addresses your allocated IP address will fall in.
|
|
</itemize>
|
|
|
|
If you do not have any of this information then contact your ISP and make
|
|
sure they provide it to you.
|
|
|
|
As well as this, you may need the files required to recompile
|
|
your kernel. Check <ref id="kernelconfig" name="Kernel
|
|
Configuration"> for more information on how to acquire these.
|
|
|
|
In addition, I have assumed that because your connection to the Internet is
|
|
not full time you are not running a name server (<tt>named(8)</tt>).
|
|
|
|
<sect1><heading>Building a ppp ready kernel</heading>
|
|
|
|
<p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is
|
|
necessary to make sure that your kernel has support for this device compiled
|
|
in.
|
|
|
|
To check this, go to your kernel compile directory (probably /sys/i386/conf)
|
|
and examine your kernel configuration file. It needs to have the line
|
|
<tscreen><verb>
|
|
pseudo-device tun 1
|
|
</verb></tscreen>
|
|
in it somewhere. The stock GENERIC kernel has this as standard, so if you
|
|
have not installed a custom kernel you do not have to change anything.
|
|
If your kernel configuration file does not have this line in it then you
|
|
should add the line, re-compile and then re-install the kernel. Boot from
|
|
this new kernel. Please refer to the
|
|
<ref id="kernelconfig" name="Configuring the FreeBSD Kernel">
|
|
section for more information on kernel configuration.
|
|
|
|
|
|
<sect1><heading>Check the tun device</heading>
|
|
|
|
<p>My experiences with ppp have only been with one ``tun'' device (tun0). If
|
|
you have used more (i.e., a number other than `1' in the pseudo-device line
|
|
in the kernel configuration file) then alter all references to ``tun0''
|
|
below to reflect whichever device number you are using.
|
|
|
|
The easiest way to make sure that the tun0 device is configured correctly is
|
|
to re-make it. To this end, execute the following commands:
|
|
<tscreen><verb>
|
|
# cd /dev
|
|
# ./MAKEDEV tun0
|
|
</verb></tscreen>
|
|
|
|
<sect1><heading>PPP Configuration</heading>
|
|
|
|
<p>The meat of the problem.
|
|
|
|
Confusingly, it appears that both user ppp and pppd (the kernel level
|
|
implementation of PPP) both assume configuration files kept in
|
|
/etc/ppp. However, the sample configuration files provided are good for
|
|
user ppp, so keep them around for reference. The easiest way to do this is:
|
|
<tscreen><verb>
|
|
# cd /etc
|
|
# mv ppp ppp.orig
|
|
# mkdir ppp
|
|
</verb></tscreen>
|
|
Configuring ppp requires that you edit somewhere between one and three
|
|
files, depending on your requirements. What you put in them depends to some
|
|
extent on whether your ISP allocates IP addresses statically (i.e., you get
|
|
given one IP address, and always use that one) or dynamically (i.e., your IP
|
|
address can be different during different PPP sessions).
|
|
|
|
However, there are a few things that you should do first, regardless of
|
|
whether you are using static or dynamic IP addresses.
|
|
|
|
|
|
<sect2><heading>Configure the resolver(5)</heading>
|
|
|
|
<p>The resolver is the part of the networking system that turns IP addresses
|
|
into hostnames. It can be configured to look for maps that describe IP to
|
|
hostname mappings in one of two places.
|
|
|
|
The first is a file called <tt>/etc/hosts</tt> (<tt>man 5 hosts</tt>).
|
|
The second is the Internet Domain Name Service, a distributed
|
|
data base, the discussion of which is beyond the realm of this document.
|
|
|
|
The resolver is a set of system calls that do the mappings,
|
|
and you have to tell them where to get their information
|
|
from. You do this by editing the file <tt>/etc/host.conf</tt>. Do
|
|
<bf>not</bf> call this file <tt>/etc/hosts.conf</tt> (note the extra
|
|
``s'') as the results can be confusing.
|
|
|
|
This file should contain the following two lines,
|
|
<tscreen><verb>
|
|
hosts
|
|
bind
|
|
</verb></tscreen>
|
|
which instruct the resolver to look in the file <tt>/etc/hosts</tt> first,
|
|
and then to consult the DNS if the name was not found in the
|
|
<tt>/etc/hosts</tt> file.
|
|
|
|
It is probably a good idea to make sure you are not running the ``named''
|
|
service. Check your <tt>/etc/sysconfig</tt> file for the line that refers
|
|
to ``namedflags'', and make sure the line reads
|
|
<tscreen><verb>
|
|
namedflags="NO"
|
|
</verb></tscreen>
|
|
|
|
<sect2><heading>Create the /etc/hosts(5) file</heading>
|
|
|
|
<p>This file should contain the IP addresses and names of machines on your
|
|
network. At a bare minimum it should contain entries for the machine
|
|
which will be running ppp. Assuming that your machine is called
|
|
foo.bar.com with the IP address 10.0.0.1, <tt>/etc/hosts</tt> should
|
|
contain:
|
|
<tscreen><verb>
|
|
127.0.0.1 localhost
|
|
10.0.0.1 foo.bar.com foo
|
|
</verb></tscreen>
|
|
The first line defines the alias ``localhost'' as a synonym for the
|
|
current machine. Regardless of your own IP address, the IP address for
|
|
this line should always be 127.0.0.1. The second line maps the name
|
|
``foo.bar.com'' (and the shorthand ``foo'') to the IP address 10.0.0.1.
|
|
|
|
If your provider allocates you a static IP address then use this in place
|
|
of 10.0.0.1.
|
|
|
|
<!-- XXX <em>(* What should they do if they are
|
|
allocated an IP address dynamically?)</em> -->
|
|
|
|
<sect2><heading>Create the /etc/resolv.conf file</heading>
|
|
|
|
<p><tt>/etc/resolv.conf</tt> contains some extra information required when
|
|
you are not running a nameserver. It points the resolver routines at real
|
|
nameservers, and specifies some other information.
|
|
|
|
At the very least, <tt>/etc/resolv.conf</tt> should contain one line with
|
|
a nameserver which can be queried. You should enter this as an IP
|
|
address. My <tt>/etc/resolv.conf</tt> contains:
|
|
<tscreen><verb>
|
|
nameserver 158.152.1.193
|
|
nameserver 158.152.1.65
|
|
</verb></tscreen>
|
|
Which are Demon Internet's two nameservers. Add as many ``nameserver''
|
|
lines as your ISP provides nameservers.
|
|
|
|
<sect1><heading>PPP and static IP addresses</heading>
|
|
|
|
<p>Probably the easiest to configure for. You will need to create three files
|
|
in the <tt>/etc/ppp</tt> directory.
|
|
|
|
The first of these is <tt>ppp.conf</tt>. It should look similar to the
|
|
example below. Note that lines that end in a ``:'' start in column 1, all
|
|
other lines should be indented as shown.
|
|
|
|
<tt>/etc/ppp/ppp.conf</tt>
|
|
<tscreen><verb>
|
|
1 default:
|
|
2 set device /dev/cuaa0
|
|
3 set speed 9600
|
|
4 disable lqr
|
|
5 deny lqr
|
|
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK
|
|
\\dATDT\\T TIMEOUT 40 CONNECT"
|
|
7 provider:
|
|
8 set phone 01234567890
|
|
9 set login "TIMEOUT 10 gin:-BREAK-gin: foo word: bar col: ppp"
|
|
10 set timeout 120
|
|
11 set ifaddr x.x.x.x y.y.y.y
|
|
12 delete ALL
|
|
13 add 0 0 HISADDR
|
|
14 set openmode active
|
|
</verb></tscreen>
|
|
Do not include the line numbers, they are just for this discussion.
|
|
|
|
<descrip>
|
|
<tag/Line 1:/ Identifies the default entry. Commands in this entry are
|
|
executed automatically when ppp is run.
|
|
|
|
<tag/Line 2:/ Identifies the device that has the modem hanging from it.
|
|
COM1: is <tt>/dev/cuaa0</tt> and COM2: is <tt>/dev/cuaa1</tt>.
|
|
|
|
<tag/Line 3:/ Sets the speed you want to connect at.
|
|
|
|
<tag/Line 4:/ Tells us not to request LQR. LQR is a "keepalive" protocol
|
|
used by ppp.
|
|
|
|
<tag/Line 5:/ Tells us not to accept LQR negotiation from the other side.
|
|
|
|
<tag/Line 6:/ Dial string commands. user ppp uses the <tt>chat(8)</tt>
|
|
language. Check the manual page for information on the features
|
|
of this language.
|
|
|
|
<tag/Line 7:/ Identifies an entry for a provider called ``provider''.
|
|
|
|
<tag/Line 8:/ Sets the phone number for this provider. Do not include any
|
|
spaces in the phone number.
|
|
|
|
<tag/Line 9:/ Sets the login string sequence. In this example, the string is
|
|
for a service who's login session looks like
|
|
<tscreen><verb>
|
|
J. Random Provider
|
|
login: foo
|
|
password: bar
|
|
protocol: ppp
|
|
</verb></tscreen>
|
|
You will need to alter this script to suit your own needs. It is
|
|
written in the <tt>chat(8)</tt> language.
|
|
|
|
<tag/Line 10:/ Sets the default timeout (in seconds) for the connection. So
|
|
the connection will be closed automatically after 120 seconds
|
|
of inactivity.
|
|
|
|
<tag/Line 11:/ Sets the interface addresses. The string x.x.x.x should be
|
|
replaced by the IP address that your provider allocates you. The
|
|
string y.y.y.y should be replaced by the IP address that your
|
|
ISP indicated for their gateway.
|
|
|
|
<tag/Line 12:/ Deletes all existing routing table entries for the
|
|
acquired tun device.
|
|
|
|
<tag/Line 13:/ Adds a default route to your ISPs IP number.
|
|
|
|
<tag/Line 14:/ Tells our side to begin negotiation. This is not always
|
|
necessary, but it does no harm to have both sides initiating
|
|
the Line Control Protocol (LCP).
|
|
</descrip>
|
|
|
|
Now you have to edit the file <tt>/etc/ppp/ppp.linkup</tt>:
|
|
<tscreen><verb>
|
|
x.x.x.x:
|
|
delete ALL
|
|
add 0 0 HISADDR
|
|
</verb></tscreen>
|
|
Replace x.x.x.x with your IP address as before. This file is used to
|
|
automatically delete all existing routes for the acquired line and
|
|
add a default route from your ISP (who's address is automatically
|
|
inserted with the HISADDR macro) to you.
|
|
|
|
With a static IP number assigned by your ISP, you don't actually
|
|
need an entry in <tt>/etc/ppp.linkup</tt>, but again, it doesn't
|
|
do any harm to have it.
|
|
|
|
Finally, you can create the file <tt>/etc/ppp/ppp.secret</tt>, which sets
|
|
some passwords to prevent people messing around with ppp on your system.
|
|
You may or may not want to do this, depending on how many people have
|
|
access to your ppp system.
|
|
|
|
<sect1><heading>PPP and Dynamic IP configuration</heading>
|
|
|
|
<!-- XXX -->
|
|
<p>If your service provider does not assign static IP numbers,
|
|
<tt>ppp</tt> can be configured to negotiate the local address. This is
|
|
done by "guessing" an IP number and allowing ppp to set it up correctly
|
|
using the LCP at connection time.
|
|
<tscreen><verb>
|
|
ifaddr 10.0.1.1/0 10.0.1.2/0
|
|
delete ALL
|
|
add 0 0 HISADDR
|
|
</verb></tscreen>
|
|
You should NOT use 0 as either IP address. If you do, ppp will not be
|
|
able to set up the correct initial entries in the routing table.
|
|
|
|
See the pmdemand entry in the files <tt>/etc/ppp/ppp.conf.sample</tt> and
|
|
<tt>/etc/ppp/ppp.linkup.sample</tt> for a detailed example.
|
|
|
|
<sect1><heading>Final system configuration</heading>
|
|
|
|
<p>You now have PPP configured, but there are a few more things to do before
|
|
it is ready to work. They all involve editing the <tt>/etc/sysconfig</tt>
|
|
file.
|
|
|
|
Working from the top down in this file, make sure the ``hostname='' line
|
|
is set, e.g.,
|
|
<tscreen><verb>
|
|
hostname=foo.bar.com
|
|
</verb></tscreen>
|
|
Look for the network_interfaces variable, and make sure the tun0 device is
|
|
NOT added to the list. My line looks like
|
|
<tscreen><verb>
|
|
network_interfaces="lo0 ep0"
|
|
</verb></tscreen>
|
|
because I have an ethernet card (ep0) to configure as well.
|
|
|
|
Set the router program to ``NO'' with the line
|
|
<tscreen><verb>
|
|
router=NO
|
|
</verb></tscreen>
|
|
It is important that this is not set to <tt>routed</tt> (the default)
|
|
as <tt>routed</tt> tends to delete the routing table entries made by
|
|
ppp.
|
|
|
|
It is probably worth your while ensuring that the ``sendmail_flags'' line
|
|
does not include the ``-q'' option, otherwise sendmail will attempt to do
|
|
a network lookup every now and then, possibly causing your machine to dial
|
|
out. My sendmail line looks like
|
|
<tscreen><verb>
|
|
sendmail_flags="-bd"
|
|
</verb></tscreen>
|
|
The upshot of this is that I must force sendmail to re-examine the
|
|
mailqueue whenever I have the PPP link up, by typing
|
|
<tscreen><verb>
|
|
# /usr/sbin/sendmail -q
|
|
</verb></tscreen>
|
|
If you don't like this, it is possible to set up a "dfilter" to block
|
|
SMTP traffic. Refer to the sample files for further details.
|
|
|
|
That should be about all you need to do to get PPP working. All that is
|
|
left is to reboot the machine.
|
|
|
|
You can now either type
|
|
<tscreen><verb>
|
|
# ppp
|
|
</verb></tscreen>
|
|
and then ``dial provider'' to start the PPP session, or, if you want ppp
|
|
to establish sessions automatically when there is outbound traffic, type
|
|
<tscreen><verb>
|
|
# ppp -auto provider
|
|
</verb></tscreen>
|
|
This line could be added to your <tt>/etc/rc.local</tt> file.
|
|
|