Date: Sun, 20 Oct 1996 22:09:51 +0930 (CST) From: Peter Childs <pjchilds@imforei.apana.org.au> To: FreeBSD-gnats-submit@freebsd.org Subject: docs/1847: new handbook iijppp server section Message-ID: <199610201239.WAA21346@al.imforei.apana.org.au> Resent-Message-ID: <199610201250.FAA13576@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1847 >Category: docs >Synopsis: new handbook iijppp server section >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Oct 20 05:50:01 PDT 1996 >Last-Modified: >Originator: Peter Childs >Organization: Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object! >Release: FreeBSD 2.2-CURRENT i386 >Environment: FreeBSD ! >Description: New handbook addition on using iijppp in a server role. Also misc fixes to client section. >How-To-Repeat: >Fix: apply suggested patch... *** userppp.sgml.orig Sun Oct 20 13:44:17 1996 --- userppp.sgml Sun Oct 20 21:16:29 1996 *************** *** 3,22 **** <sect>Setting up user PPP<label id="userppp"> ! <p><em>Contributed by &a.nik;<newline> ! 28 July 1995</em>. <!-- This FAQ/HowTo is intended to get you up and running with iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5 (and above). ! I hope this document turns into a collaborative effort, largely ! because I am not really much of an authority on PPP. I have got ! it working, and want to pass on details of what I did so that ! other people can get it working. But I am not 100% clear on some ! details, so I hope that by writing this and having others ! flesh out some of the information I am going to learn something ! as well. --> <p>User PPP was introduced to FreeBSD in release 2.0.5 as an --- 3,16 ---- <sect>Setting up user PPP<label id="userppp"> ! <p><em>Contributed by &a.nik; 28 July 1995.<newline> ! Updated by &a.pjc; 20 Oct 1996</em>. <!-- This FAQ/HowTo is intended to get you up and running with iijppp, also known as the <em>user level ppp</em> for FreeBSD 2.0.5 (and above). ! It also outlines using iijppp as a ppp server. --> <p>User PPP was introduced to FreeBSD in release 2.0.5 as an *************** *** 37,54 **** compiled into the kernel, as the program can use the generic tunnel device to get data into and out of the kernel. ! From here on out, user ppp will be referred to as simply as ppp unless a ! distinction need to be made be it and any other PPP client/server software. Unless otherwise stated, all commands in this section should be executed as root. ! Parts in this section marked with an asterisk (*) are ! incomplete. Comments and suggestions are appreciated and ! should be submitted to &a.nik;. Thanks to Rob Snow <rsnow@txdirect.net> who proved to be a mine of ! useful information when I was first experimenting with user ppp. ! <sect1><heading>Before you start</heading> <p>This document assumes you are in roughly this position: --- 31,114 ---- compiled into the kernel, as the program can use the generic tunnel device to get data into and out of the kernel. ! From here on out, user ppp will be referred to simply as ppp unless a ! distinction need to be made between and any other PPP client/server software. Unless otherwise stated, all commands in this section should be executed as root. ! Comments and suggestions regarding client ppp ! should be submitted to &a.nik;. Comments regarding server ppp should be ! submitted to &a.pjc;. Thanks to Rob Snow <rsnow@txdirect.net> who proved to be a mine of ! useful information on user ppp. ! <sect1><heading>Building a ppp ready kernel</heading> ! ! <p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is ! necessary to make sure that support for this device has been compiled ! in to your kernel. ! ! To check this, go to your kernel compile directory (probably /sys/i386/conf) ! and examine your kernel configuration file. You will need one tunnel device ! for each ppp session you wish to run concurrently. For example if you only ! have one modem and wish to dial your services provider you will need the line ! <tscreen><verb> ! pseudo-device tun 1 ! </verb></tscreen> ! in it somewhere. ! The stock GENERIC kernel has this as standard, so if you ! have not installed a custom kernel you do not have to change anything. ! ! If, however, you are setting up a server and could have 16 dialup ! ppp connections at any one time then you will need a line like ! <tscreen><verb> ! pseudo-device tun 16 ! </verb></tscreen> ! ! You can check how many tunnel devices your current kernel has by typing ! the following: ! <tscreen><verb> ! # ifconfig -a ! tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 ! inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff ! tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576 ! tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 ! inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff ! tun3: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500 ! </verb></tscreen> ! which in this case shows four tunnel devices, two of which are ! currently configured and being used. ! ! If your kernel configuration file does not have a tunnel device entry in it ! you should add the line, re-compile and re-install the kernel. Boot ! from this new kernel. Please refer to the ! <ref id="kernelconfig" name="Configuring the FreeBSD Kernel"> ! section for more information on kernel configuration. ! ! <sect1><heading>Check the tun device(s)</heading> ! ! <p>For each tunnel device (tun) you have configured in your kernel you will ! need to ensure there is a corresponding device. ! ! The easiest way to make sure that the devices are configured correctly is ! to re-make it. To this end, execute the following commands: ! <tscreen><verb> ! # cd /dev ! # ./MAKEDEV tun0 ! </verb></tscreen> ! ! If you require 16 tunnel devices in your kernel you will then need to also ! create the additional tun1 to tun15 devices like so: ! <tscreen><verb> ! # cd /dev ! # foreach i ( 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ) ! foreach? ./MAKEDEV tun$i ! foreach? end ! </verb></tscreen> ! ! <sect1><heading>Working as a PPP client</heading> ! ! <sect2><heading>Before you start</heading> <p>This document assumes you are in roughly this position: *************** *** 80,120 **** In addition, I have assumed that because your connection to the Internet is not full time you are not running a name server (<tt>named(8)</tt>). ! <sect1><heading>Building a ppp ready kernel</heading> ! ! <p>As the description states, ``ppp'' uses the kernel ``tun'' device. It is ! necessary to make sure that your kernel has support for this device compiled ! in. ! ! To check this, go to your kernel compile directory (probably /sys/i386/conf) ! and examine your kernel configuration file. It needs to have the line ! <tscreen><verb> ! pseudo-device tun 1 ! </verb></tscreen> ! in it somewhere. The stock GENERIC kernel has this as standard, so if you ! have not installed a custom kernel you do not have to change anything. ! If your kernel configuration file does not have this line in it then you ! should add the line, re-compile and then re-install the kernel. Boot from ! this new kernel. Please refer to the ! <ref id="kernelconfig" name="Configuring the FreeBSD Kernel"> ! section for more information on kernel configuration. ! ! ! <sect1><heading>Check the tun device</heading> ! ! <p>My experiences with ppp have only been with one ``tun'' device (tun0). If ! you have used more (i.e., a number other than `1' in the pseudo-device line ! in the kernel configuration file) then alter all references to ``tun0'' ! below to reflect whichever device number you are using. ! ! The easiest way to make sure that the tun0 device is configured correctly is ! to re-make it. To this end, execute the following commands: ! <tscreen><verb> ! # cd /dev ! # ./MAKEDEV tun0 ! </verb></tscreen> ! ! <sect1><heading>PPP Configuration</heading> <p>The meat of the problem. --- 140,146 ---- In addition, I have assumed that because your connection to the Internet is not full time you are not running a name server (<tt>named(8)</tt>). ! <sect2><heading>PPP Configuration</heading> <p>The meat of the problem. *************** *** 137,143 **** whether you are using static or dynamic IP addresses. ! <sect2><heading>Configure the resolver(5)</heading> <p>The resolver is the part of the networking system that turns IP addresses into hostnames. It can be configured to look for maps that describe IP to --- 163,169 ---- whether you are using static or dynamic IP addresses. ! <sect3><heading>Configure the resolver(5)</heading> <p>The resolver is the part of the networking system that turns IP addresses into hostnames. It can be configured to look for maps that describe IP to *************** *** 169,175 **** namedflags="NO" </verb></tscreen> ! <sect2><heading>Create the /etc/hosts(5) file</heading> <p>This file should contain the IP addresses and names of machines on your network. At a bare minimum it should contain entries for the machine --- 195,201 ---- namedflags="NO" </verb></tscreen> ! <sect3><heading>Create the /etc/hosts(5) file</heading> <p>This file should contain the IP addresses and names of machines on your network. At a bare minimum it should contain entries for the machine *************** *** 191,197 **** <!-- XXX <em>(* What should they do if they are allocated an IP address dynamically?)</em> --> ! <sect2><heading>Create the /etc/resolv.conf file</heading> <p><tt>/etc/resolv.conf</tt> contains some extra information required when you are not running a nameserver. It points the resolver routines at real --- 217,223 ---- <!-- XXX <em>(* What should they do if they are allocated an IP address dynamically?)</em> --> ! <sect3><heading>Create the /etc/resolv.conf file</heading> <p><tt>/etc/resolv.conf</tt> contains some extra information required when you are not running a nameserver. It points the resolver routines at real *************** *** 207,213 **** Which are Demon Internet's two nameservers. Add as many ``nameserver'' lines as your ISP provides nameservers. ! <sect1><heading>PPP and static IP addresses</heading> <p>Probably the easiest to configure for. You will need to create three files in the <tt>/etc/ppp</tt> directory. --- 233,239 ---- Which are Demon Internet's two nameservers. Add as many ``nameserver'' lines as your ISP provides nameservers. ! <sect2><heading>PPP and static IP addresses</heading> <p>Probably the easiest to configure for. You will need to create three files in the <tt>/etc/ppp</tt> directory. *************** *** 220,226 **** <tscreen><verb> 1 default: 2 set device /dev/cuaa0 ! 3 set speed 9600 4 disable lqr 5 deny lqr 6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK --- 246,252 ---- <tscreen><verb> 1 default: 2 set device /dev/cuaa0 ! 3 set speed 38400 4 disable lqr 5 deny lqr 6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK *************** *** 240,248 **** <tag/Line 2:/ Identifies the device that has the modem hanging from it. COM1: is <tt>/dev/cuaa0</tt> and COM2: is <tt>/dev/cuaa1</tt>. ! <tag/Line 3:/ Sets the speed you want to connect at. ! <tag/* Lines 4 and 5:/ Do not know exactly what effect these lines have <tag/Line 6:/ Dial string commands. user ppp uses the <tt>chat(8)</tt> language. Check the manual page for information on the features --- 266,276 ---- <tag/Line 2:/ Identifies the device that has the modem hanging from it. COM1: is <tt>/dev/cuaa0</tt> and COM2: is <tt>/dev/cuaa1</tt>. ! <tag/Line 3:/ Sets your port speed. ! <tag/Lines 4 and 5:/ Deny and disable Line Quality Monitoring. It is a good ! idea to do this by default since most vendors implementations of this are ! broken and may cause your link to hang up soon after connecting. <tag/Line 6:/ Dial string commands. user ppp uses the <tt>chat(8)</tt> language. Check the manual page for information on the features *************** *** 288,294 **** You may or may not want to do this, depending on how many people have access to your ppp system. ! <sect1><heading>PPP and Dynamic IP configuration</heading> <!-- XXX --> <p>If your service provider does not assign static IP numbers, --- 316,322 ---- You may or may not want to do this, depending on how many people have access to your ppp system. ! <sect2><heading>PPP and Dynamic IP configuration</heading> <!-- XXX --> <p>If your service provider does not assign static IP numbers, *************** *** 299,305 **** </verb></tscreen> See the <tt>ppp(8)</tt> manual page for more detailed information. ! <sect1><heading>Final system configuration</heading> <p>You now have PPP configured, but there are a few more things to do before it is ready to work. They all involve editing the <tt>/etc/sysconfig</tt> --- 327,333 ---- </verb></tscreen> See the <tt>ppp(8)</tt> manual page for more detailed information. ! <sect2><heading>Final system configuration</heading> <p>You now have PPP configured, but there are a few more things to do before it is ready to work. They all involve editing the <tt>/etc/sysconfig</tt> *************** *** 363,366 **** --- 391,627 ---- # ppp -auto provider </verb></tscreen> This line could be added to your <tt>/etc/rc.local</tt> file. + + <sect1><heading>Working as a PPP server</heading> + + <p>This section describes setting up iijppp in a server role. + + <sect2><heading>Which getty?</heading> + + <p>The section entitled + <ref id="dialup" name="Configuring FreeBSD for Dialup Services"> provides + a good description on enabling dialup services using getty. + + An alternative to getty is + <url url="http://www.leo.org/~doering/mgetty/index.html" name="mgetty">, + a smarter version of getty designed with dialup lines in mind. + + The advantages of using mgetty is that it actively <em>talks</em> to + modems, meaning if port is turned off in <tt>/etc/ttys</tt> then + your modem won't answer the phone. + + Later versions of mgetty (from 0.99beta onwards) also support the + automatic detection of PPP streams, allowing your clients script-less + access to your server. + + Obtaining and configuring mgetty correctly is beyond the scope of + this document. + + <sect2><heading>Setting up a PPP shell for dynamic-IP users</heading> + + <p>Create a file called <tt>/etc/ppp/ppp-shell</tt> containing the + following: + <tscreen><verb> + #!/bin/sh + IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'` + CALLEDAS="$IDENT" + TTY=`tty` + + if [ x$IDENT = xdialup ]; then + IDENT=`basename $TTY` + fi + + echo "PPP for $CALLEDAS on $TTY" + echo "Starting PPP for $IDENT" + + exec /usr/sbin/ppp -direct $IDENT + </verb><tscreen> + + This script should be executable. Now make a symbolic link called + <tt>ppp-dialup</tt> to this script using the following commands: + <tscreen><verb> + # ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-dialup + </verb></tscreen> + + You should use this script as the <em>shell</em> for all your dialup + ppp users. This is an example from <tt>/etc/password</tt> + for a dialup PPP user with username pchilds. (remember don't directly + edit the password file, use <tt>vipw</tt>) + + <tscreen><verb> + pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup + </verb></tscreen> + + Create a <tt>/home/ppp</tt> directory that is world readable + containing the following 0 byte files + <tscreen><verb> + -r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin + -r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts + </verb></tscreen> + + which prevents <tt>/etc/motd</tt> from being displayed. + + <sect2><heading>Setting up a PPP shell for static-IP users</heading> + + <p>Create the <tt>ppp-shell</tt> file as above and for each account with + statically assigned IPs create a symbolic link to <tt>ppp-shell</tt>. + + For example, if you have three dialup customers fred, sam, and mary, that you + route class C networks for, you would type the following: + <tscreen><verb> + # ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred + # ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam + # ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary + </verb></tscreen> + + Each of these users dialup accounts should have their shell set to the symbolic + link created above. (ie. mary's shell should be <tt>/etc/ppp/ppp-mary</tt>) + + <sect2><heading>Setting up ppp.conf for dynamic-IP users</heading> + + <p>The <tt>/etc/ppp/ppp.conf</tt> file should contain something along + the lines of + + <tscreen><verb> + default: + disable lqr + set debug phase lcp chat + set timeout 0 + + ttyd0: + set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255 + enable proxy + + ttyd1: + set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255 + enable proxy + </verb></tscreen> + + Note the indenting is important. + + The <tt>default:</tt> section is loaded for each session. For each + dialup line enabled in <tt>/etc/ttys</tt> create an entry similar + to the one for <tt>ttyd0:</tt> above. Each line should get a unique + IP from your pool of ip address for dynamic users. + + <sect2><heading>Setting up ppp.conf for static-IP users</heading> + + <p>Along with the contents of the sample <tt>/etc/ppp/ppp.conf</tt> + above you should add a section for each of the statically assigned + dialup users. We will continue with our fred, sam, and mary example. + + <tscreen><verb> + fred: + set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255 + + sam: + set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255 + + mary: + set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255 + </verb></tscreen> + + The file <tt>/etc/ppp/ppp.linkup</tt> should also contain routing + information for each static IP user if required. The line below + would add a route for the <tt>203.14.101.0</tt> class C via + the client's ppp link. + + <tscreen><verb> + fred: + add 203.14.101.0 netmask 255.255.255.0 HISADDR + + sam: + add 203.14.102.0 netmask 255.255.255.0 HISADDR + + mary: + add 203.14.103.0 netmask 255.255.255.0 HISADDR + </verb></tscreen> + + <sect2><heading>More on mgetty, AutoPPP, and MS extensions</heading> + + <sect3><heading>Mgetty and AutoPPP</heading> + + <p>Configuring and compiling mgetty with the AUTO_PPP option enabled + allows mgetty to detect the LCP phase of PPP connections and automatically + spawn off a ppp shell. However, since the default login/password sequence + does not occur it is necessary to authenticate users using either PAP + or CHAP. + + This section assumes the user has successfully configured, compiled, and + installed a version of mgetty with the AUTO_PPP option (v0.99beta or later) + + Make sure your <tt>/usr/local/etc/mgetty+sendfax/login.config</tt> file + has the following in it: + + <tscreen><verb> + /AutoPPP/ - - /etc/ppp/ppp-pap-dialup + </verb></tscreen> + + This will tell mgetty to run the <tt>ppp-pap-dialup</tt> script for + detected PPP connections. + + Create a file called <tt>/etc/ppp/ppp-pap-dialup</tt> containing the + following (the file should be executable): + + <tscreen><verb> + #!/bin/sh + TTY=`tty` + IDENT=`basename $TTY` + exec /usr/sbin/ppp -direct pap$IDENT + </verb><tscreen> + + For each dialup line enabled in <tt>/etc/ttys</tt> create a corresponding + entry in <tt>/etc/ppp/ppp.conf</tt>. This will happily co-exist with + the definitions we created above. + + <tscreen><verb> + papttyd0: + enable pap + set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255 + enable proxy + + papttyd1: + enable pap + set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255 + enable proxy + </verb></tscreen> + + Each user logging in with this method will need to have a username/password + in <tt>/etc/ppp/ppp.secret</tt> file, or alternatively add the + <tscreen><verb> + enable passwdauth + </verb></tscreen> + option to authenticate users via pap from the <tt>/etc/password</tt> file. (*) + + (*) Note this option only available in 2.2-961014-SNAP or later, or by + getting the updated ppp code for 2.1.x. (see MS extensions below for details) + + <sect3><heading>MS extentions</heading> + + <p>From 2.2-961014-SNAP onwards it is possible to allow the automatic + negotiation of DNS and NetBIOS name servers with clients supporting + this feature (namely Win95/NT clients). See RFC1877 for more details + on the protocol. + + If you wish to take advantage of this feature (and the passwdauth + feature above) but are using 2.1.x based systems an updated + iijppp is available from + <url url="ftp://ftp.imforei.apana.org.au/pub/freebsd/ppp-plus/" + name="ftp://ftp.imforei.apana.org.au:/pub/freebsd/ppp-plus/">. + + An example of enabling these extensions in your + <tt>/etc/ppp/ppp.conf</tt> file is illustrated below. + + <tscreen><verb> + default: + disable lqr + set debug phase lcp chat + set timeout 0 + enable msext + set ns 203.14.100.1 203.14.100.2 + set nbns 203.14.100.5 + </verb></tscreen> + + This will tell the clients the primary and secondary + name server addresses, and a netbios nameserver host. *** authors.sgml.orig Sun Oct 20 14:11:21 1996 --- authors.sgml Sun Oct 20 14:12:57 1996 *************** *** 95,100 **** --- 95,104 ---- <tt><htmlurl url='mailto:nik@blueberry.co.uk' name='<nik@blueberry.co.uk>'></tt>"> + <!ENTITY a.pjc "Peter Childs + <tt><htmlurl url='mailto:pjchilds@imforei.apana.org.au' + name='<pjchilds@imforei.apana.org.au>'></tt>"> + <!ENTITY a.phk "Poul-Henning Kamp <tt><htmlurl url='mailto:phk@FreeBSD.ORG' name='<phk@FreeBSD.ORG>'></tt>"> >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610201239.WAA21346>