Date: Sun, 11 May 1997 17:09:06 +0200 From: Dirk-Willem van Gulik <Dirk.vanGulik@jrc.it> To: freebsd-doc@FreeBSD.ORG, brian@awfulhak.org, nik@blueberry.co.uk Subject: PPP (user side) Message-ID: <3375E112.103F@jrc.it>
next in thread | raw e-mail | index | archive | help
Is someone currently giving the user-side PPP section an over haul ? I just worked my way trhough it; as I was moving form kernel ppp to user ppp; and found the following things a bit lacking... Reading throuhg the ppp, handbook and ppp.conf.example files I missed the very common case of having a FreeBSD box acting as a dialin for a normal flat LAN, and where you want the dialin client to be proxy-ed onto the LAN with no routing or anything fancy. If so; please consider these additions.. (or let me know where to send them...) 13.1.2 If you plan to act as a PPP server or gateway between the machines connected over the PPP lines and your local area (ether)network; you will also have to enable the GATEWAY in the kernel; and quite possible the IPFIREWALL. Just add the lines options GATEWAY # options IPFIREWALL to the kernel configuration file. Unless you need it; do not enable the IPFIREWALL option. However in a lot of situations it is a very effective way to keep the PPP line clear of all kinds of traffic; and to ensure some rudimentory safety. If you add the IPFIREWALL option; do not forget to set the 'firewall' directive in sysconfig to YES; and to 'allow' some sort of traffic in the /etc/rc.firewall file. Uncommenting the line /sbin/ipfw add 65000 pass all from any to any will ensure that after a reboot one actually can make connections to and from the machine by opening up it completely again. * For reasons unclear to me; setting the * 'gateway' flag to YES in the /etc/sysconfig * file does not seem nessesary. 13.1.3 Additional check... Using 'ifconfig -a' should give an entry like tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500 13.1.X Specific to dial-in user-PPP server on a normal LAN (with not nessesarily routing) where you want the LAN connected machine to fully proxy for the connected PPP box. This proxying implies that you propably do not have any decent routing on your site. And you might find it safer to disable/kill the routed/gated deamons during experimenting :-) Somewhere afterwards in a section ons etting up a user-ppp server; Check out the ppp command man-pages; in particular the section on RECEIVING INCOMING PPP CONNECTIONS Point 1; Some Additional hints for most/hayes modems; add a line like this to /etc/remote mymodem:dv=/dev/cuaa1:br#38400 Now you can easily access the modem with tip mymodem Try 'AT'; most hayes modems will give you an 'OK' back. If this is not the case, try ATZ or AT&F1 or ATE1Q0 This should reset or factory reset the modem or with the last command just enable echo and result strings so you can see what you do. See http://sckb.ucssc.indiana.edu/kb/data/aaqc.html for a summary. And check that you get the OK prompt on an 'AT'. Now switch off the 'echo back' and 'results strings' and set to modem to auto-answer after '5' rings. ATQ1ES0=5 and AT&W0 to program it into permanent memory. That should cause the modem to pick up the phone; even after being switched on and off. Point 2. You propably want to add a label; for example /usr/sbin/ppp -direct dialins and let that correspond to something like dialins: disable pap disable chap enable proxy set ifaddr 100.1.2.3 100.1.2.4 Where 100.1.2.3 is the server's address and 100.1.2.4 is the client. The 'enable proxy' line allows proxy forwarding. (The above is the simplest of examples; but that way it is easy to ensure that things work. Feel free to upgrade to dynamix things....) Now when testing things; a usefull command (after someone has dialed in) is ifconfig -a to see if there is a tunnel; you should see something like 100.0.0.1 -> 100.0.0.2 in the listing for the tun0 device. Furthermore with arp -a | grep proxy One can check/see if the machine is proxying the connected client correctly. Configurations used 1. Server-side kernel config tun 1 , GATEWAY 2. Client-side kernel config tun 1 3. server side /etc/passwd ppp:*:1003:1003:PPP Login User:/home/ppp:/usr/sbin/ppplogin 4. server side /etc/ppp/ppp.conf default: set device /dev/cuaa1 set speed 38400 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\T TIMEOUT 40 CONNECT" dialins: disable pap disable chap enable proxy set timeout 1200 set ifaddr 100.0.0.1 100.0.0.2 5. server side /usr/sbin/ppp.login #!/bin/sh /usr/sbin/ppp -direct dialins 6. client side /etc/ppp/ppp/conf default: set device /dev/cuaa1 set speed 38400 disable lqr deny lqr set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\T TIMEOUT 40 CONNECT" set login "TIMEOUT 5 login:-\\r-login: \\U word: \\P PPP" dialup: set authname ppp set authkey mypasswordforppp set timeout 1200 dial 7. client side /etc/ppp/ppp.linkup MYADDR: add 0 0 HISADDR And that is it. Hope this helps someone. Dw. http://ewse.ceo.org http://enrm.ceo.org DWvGulik@Dialis.xs4all.nl Dirk.vanGulik@jrc.it +39 332 78 0014 +39 332 78 9549 fax +39 332 78 9185 ISEI/ESBA; The Center For Earth Observation Joint Research Centre of the European Communities, Ispra, Italy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3375E112.103F>