3.Dd 20 September 1995 4.Os FreeBSD 5.Dt PPP 8 6.Sh NAME 7.Nm ppp 8.Nd 9Point to Point Protocol (aka iijppp) 10.Sh SYNOPSIS 11.Nm 12.Op Fl auto | background | ddial | direct | dedicated 13.Op Fl alias 14.Op Ar system 15.Sh DESCRIPTION 16This is a user process 17.Em PPP 18software package. Normally, 19.Em PPP 20is implemented as a part of the kernel (e.g. as managed by pppd) and it's 21thus somewhat hard to debug and/or modify its behavior. However, in this 22implementation 23.Em PPP 24is done as a user process with the help of the 25tunnel device driver (tun). 26 27.Sh Major Features 28 29.Bl -diag 30.It Provides interactive user interface. 31Using its command mode, the user can 32easily enter commands to establish the connection with the remote end, check 33the status of connection and close the connection. All functions can 34also be optionally password protected for security. 35 36.It Supports both manual and automatic dialing. 37Interactive mode has a 38.Dq term 39command which enables you to talk to your modem directly. When your 40modem is connected to the remote peer and it starts to talk 41.Em PPP 42, the 43.Em PPP 44software detects it and switches to packet 45mode automatically. Once you have determined the proper sequence for connecting 46with the remote host, you can write a chat script to define the necessary 47dialing and login procedure for later convenience. 48 49.It Supports on-demand dialup capability. 50By using auto mode, 51.Nm 52will act as a daemon and wait for a packet to be sent over the 53.Em PPP 54link. When this happens, the daemon automatically dials and establishes the 55connection. 56 57In almost the same manner ddial mode (dedicated or demon dialing) 58also automatically dials and establishes the connection. However, it 59differs in that it will dial the remote site any time it detects the 60link is down, even if there are no packets to be sent. This mode is 61useful for full-time connections who worry less about line charges 62and more about being connected full time. 63 64.It Supports packet aliasing. 65Packet aliasing, more commonly known as masquerading, allows computers 66on a private, unregistered network to access the internet. The 67.Em PPP 68host acts as a masquerading gateway. IP addresses as well as TCP and 69UDP port numbers are aliased for outgoing packets and de-aliased for 70returning packets. 71 72.It Supports background PPP connections. 73In background mode, if 74.Nm 75successfully establishes the connection, it will become a daemon. 76Otherwise, it will exit with an error. 77 78.It Supports server-side PPP connections. 79Can act as server which accepts incoming 80.Em PPP 81connections. 82 83.It Supports PAP and CHAP authentication. 84 85.It Supports Proxy Arp. 86When 87.Em PPP 88is set up as server, you can also configure it to do proxy arp for your 89connection. 90 91.It Supports packet filtering. 92User can define four kinds of filters: 93.Em ifilter 94for incoming packets, 95.Em ofilter 96for outgoing packets, 97.Em dfilter 98to define a dialing trigger packet and 99.Em afilter 100for keeping a connection alive with the trigger packet. 101 102.It Tunnel driver supports bpf. 103The user can use 104.Xr tcpdump 1 105to check the packet flow over the 106.Em PPP 107link. 108 109.It Supports PPP over TCP capability. 110 111 112.It Supports IETF draft Predictor-1 compression. 113.Nm 114supports not only VJ-compression but also Predictor-1 compression. 115Normally, a modem has built-in compression (e.g. v42.bis) and the system 116may receive higher data rates from it as a result of such compression. 117While this is generally a good thing in most other situations, this 118higher speed data imposes a penalty on the system by increasing the 119number of serial interrupts the system has to process in talking to the 120modem and also increases latency. Unlike VJ-compression, Predictor-1 121compression pre-compresses 122.Em all 123data flowing through the link, thus reducing overhead to a minimum. 124 125.It Supports Microsofts IPCP extentions. 126Name Server Addresses and NetBIOS Name Server Addresses can be negotiated 127with clients using the Microsoft 128.Em PPP 129stack (ie. Win95, WinNT) 130 131.It Runs under BSDI-1.1 and FreeBSD. 132 133.El 134 135 136Patches for NeXTSTEP 3.2 are also available on the net. 137 138.Sh GETTING STARTED 139 140When you first run 141.Nm 142you may need to deal with some initial configuration details. First, 143your kernel should include a tunnel device (the default in FreeBSD 2.0.5 144and later). If it doesn't, you'll need to rebuild your kernel with the 145following line in your kernel configuration file: 146 147.Dl pseudo-device tun 1 148 149You should set the numeric field to the maximum number of 150.Em PPP 151connections you wish to support. 152 153Second, check your 154.Pa /dev 155directory for the tunnel device entry 156.Pa /dev/tun0. 157If it doesn't exist, you can create it by running "MAKEDEV tun0" 158 159.Sh MANUAL DIALING 160 161% 162.Nm 163User Process PPP written by Toshiharu OHNO. 164 165* If you set your hostname and password in 166.Pa /etc/ppp/ppp.secret , 167you can't do 168anything except run the quit and help commands * 169 170ppp on "your hostname"> help 171 passwd : Password for security 172 quit : Quit the PPP program 173 help : Display this message 174 175ppp on tama> pass <password> 176 177* "on" will change to "ON" if you specify the correct password. * 178 179ppp ON tama> 180 181* You can now specify the device name, speed and parity 182for your modem, and whether 183CTS/RTS signalling should be used (CTS/RTS is used by default). 184If your hardware does not provide CTS/RTS lines (as 185may happen when you are connected directly to certain ppp-capable 186terminal servers), 187.Nm 188will never send any output through the port; it 189waits for a signal which never comes. 190Thus, if you have a direct line and can't seem to make 191a connection, try turning ctsrts off: * 192 193 194ppp ON tama> set line /dev/cuaa0 195 196ppp ON tama> set speed 38400 197 198ppp ON tama> set parity even 199 200ppp ON tama> set ctsrts on 201 202ppp ON tama> show modem 203 204* Modem related parameters are shown in here * 205 206ppp ON tama> 207 208* Use term command to talk with your modem * 209 210ppp ON tama> term 211 at 212 OK 213 atdt123456 214 CONNECT 215 216 login: ppp 217 Password: 218 219* PPP started in remote side. When the peer start to talk PPP, the 220program will detect it automatically and return to command mode. * 221 222ppp ON tama> 223 224.Nm PPP 225ON tama> 226 227* NOW, you are connected! Note that 228.Sq PPP 229in the prompt has changed to capital letters to indicate this. * 230 231PPP ON tama> show lcp 232 233* You'll see LCP status * 234 235PPP ON tama> show ipcp 236 237* You'll see IPCP status. At this point, your machine has a host route 238to the peer. If you want to add a default route entry, then enter the 239following command. * 240 241PPP ON tama> add 0 0 HISADDR 242 243* The string 244.Sq HISADDR 245represents the IP address of connected peer. * 246 247PPP ON tama> 248 249* Use network applications (i.e. ping, telnet, ftp) in other windows * 250 251PPP ON tama> show log 252 253* Gives you some logging messages * 254 255PPP ON tama> close 256 257* The connection is closed and modem will be disconnected. * 258 259ppp ON tama> quit 260 261% 262 263.Sh AUTOMATIC DIALING 264 265To use automatic dialing, you must prepare some Dial and Login chat scripts. 266See the example definitions in 267.Pa /etc/ppp/ppp.conf.sample 268(the format of ppp.conf is pretty simple). 269 270.Bl -bullet -compact 271.It 272Each line contains one command, label or comment. 273.It 274A line starting with a 275.Sq # 276character is treated as a comment line. 277.It 278A label name has to start in the first column and should be followed by 279a colon (:). 280.It 281A command line must contain a space or tab in the first column. 282.El 283 284Once ppp.conf is ready, specify the destination label name when you 285invoke 286.Nm ppp . 287Commands associated with the destination label are then 288executed. Note that the commands associated with the 289.Dq default 290label are ALWAYS executed. 291 292Once the connection is made, you'll find that the 293.Nm ppp 294portion of the prompt has changed to 295.Nm PPP . 296 297 % ppp pm2 298 ... 299 ppp ON tama> dial 300 dial OK! 301 login OK! 302 PPP ON tama> 303 304If the 305.Pa /etc/ppp/ppp.linkup 306file is available, its contents are executed 307when the 308.Em PPP 309connection is established. See the provided example which adds a 310default route. The string HISADDR represents the IP address of the 311remote peer. 312 313.Sh BACKGROUND DIALING 314 315If you want to establish a connection using 316.Nm ppp non-interactively (such as from a 317.Xr crontab(5) 318entry or an 319.Xr at(1) 320script) you should use the 321.Fl background 322option. You must also specify the destination label in 323.Pa /etc/ppp/ppp.conf 324to use. 325 326When 327.Fl background 328is specified, 329.Nm 330attempts to establish the connection. If this attempt fails, 331.Nm ppp 332exits immediately with a non-zero exit code. 333 334If it succeeds, then 335.Nm ppp 336becomes a daemon, and returns an exit status of zero to its caller. 337The daemon exits automatically if the connection is dropped by the 338remote system, or it receives a TERM signal. 339 340The file 341.Pa /var/run/ppp.tun0.pid 342contains the process id number of the 343.Nm ppp 344program that is using the tunnel device tun0. 345 346.Sh DIAL ON DEMAND 347 348To play with demand dialing, you must use the 349.Fl auto 350or 351.Fl ddial 352option. You must also specify the destination label in 353.Pa /etc/ppp/ppp.conf 354to use. It should contain the 355.Dq ifaddr 356command to define the remote peer's IP address. (refer to 357.Pa /etc/ppp/ppp.conf.sample ) 358 359 % ppp -auto pm2demand 360 ... 361 % 362 363When 364.Fl auto 365or 366.Fl ddial 367is specified, 368.Nm 369runs as a daemon but you can still configure or examine its 370configuration by using the diagnostic port as follows: 371 372 373 % telnet localhost 3000 374 Trying 127.0.0.1... 375 Connected to localhost.spec.co.jp. 376 Escape character is '^]'. 377 User Process PPP. Written by Toshiharu OHNO. 378 Working as auto mode. 379 PPP on tama> show ipcp 380 what ? 381 PPP on tama> pass xxxx 382 PPP ON tama> show ipcp 383 IPCP [OPEND] 384 his side: xxxx 385 .... 386 387.Pp 388Each 389.Nm 390daemon has an associated port number which is computed as "3000 + 391tunnel_device_number". If 3000 is not good base number, edit defs.h in 392the ppp sources ( 393.Pa /usr/src/usr.sbin/ppp ) 394and recompile it. 395 396When an outgoing packet is detected, 397.Nm 398will perform the dialing action (chat script) and try to connect 399with the peer. 400 401If the connect fails, the default behavior is to wait 30 seconds 402and then attempt to connect when another outgoing packet is detected. 403This behavior can be changed with 404.Bd -literal -offset indent 405set redial seconds|random[.nseconds|random] [dial_attempts] 406.Ed 407.Pp 408.Sq Seconds 409is the number of seconds to wait before attempting 410to connect again. If the argument is 411.Sq random , 412the delay period is a random value between 0 and 30 seconds. 413.Sq Nseconds 414is the number of seconds to wait before attempting 415to dial the next number in a list of numbers (see the 416.Dq set phone 417command). The default is 3 seconds. Again, if the argument is 418.Sq random , 419the delay period is a random value between 0 and 30 seconds. 420.Sq dial_attempts 421is the number of times to try to connect for each outgoing packet 422that is received. The previous value is unchanged if this parameter 423is omitted. If a value of zero is specified for 424.Sq dial_attempts , 425.Nm ppp 426will keep trying until a connection is made. 427.Bd -literal -offset indent 428set redial 10.3 4 429.Ed 430.Pp 431will attempt to connect 4 times for each outgoing packet that is 432detected with a 3 second delay between each number and a 10 second 433delay after all numbers have been tried. If multiple phone numbers 434are specified, the total number of attempts is still 4 (it does not 435attempt each number 4 times). 436 437Modifying the dial delay is very useful when running 438.Nm 439in demand 440dial mode on both ends of the link. If each end has the same timeout, 441both ends wind up calling each other at the same time if the link 442drops and both ends have packets queued. 443
| 3.Dd 20 September 1995 4.Os FreeBSD 5.Dt PPP 8 6.Sh NAME 7.Nm ppp 8.Nd 9Point to Point Protocol (aka iijppp) 10.Sh SYNOPSIS 11.Nm 12.Op Fl auto | background | ddial | direct | dedicated 13.Op Fl alias 14.Op Ar system 15.Sh DESCRIPTION 16This is a user process 17.Em PPP 18software package. Normally, 19.Em PPP 20is implemented as a part of the kernel (e.g. as managed by pppd) and it's 21thus somewhat hard to debug and/or modify its behavior. However, in this 22implementation 23.Em PPP 24is done as a user process with the help of the 25tunnel device driver (tun). 26 27.Sh Major Features 28 29.Bl -diag 30.It Provides interactive user interface. 31Using its command mode, the user can 32easily enter commands to establish the connection with the remote end, check 33the status of connection and close the connection. All functions can 34also be optionally password protected for security. 35 36.It Supports both manual and automatic dialing. 37Interactive mode has a 38.Dq term 39command which enables you to talk to your modem directly. When your 40modem is connected to the remote peer and it starts to talk 41.Em PPP 42, the 43.Em PPP 44software detects it and switches to packet 45mode automatically. Once you have determined the proper sequence for connecting 46with the remote host, you can write a chat script to define the necessary 47dialing and login procedure for later convenience. 48 49.It Supports on-demand dialup capability. 50By using auto mode, 51.Nm 52will act as a daemon and wait for a packet to be sent over the 53.Em PPP 54link. When this happens, the daemon automatically dials and establishes the 55connection. 56 57In almost the same manner ddial mode (dedicated or demon dialing) 58also automatically dials and establishes the connection. However, it 59differs in that it will dial the remote site any time it detects the 60link is down, even if there are no packets to be sent. This mode is 61useful for full-time connections who worry less about line charges 62and more about being connected full time. 63 64.It Supports packet aliasing. 65Packet aliasing, more commonly known as masquerading, allows computers 66on a private, unregistered network to access the internet. The 67.Em PPP 68host acts as a masquerading gateway. IP addresses as well as TCP and 69UDP port numbers are aliased for outgoing packets and de-aliased for 70returning packets. 71 72.It Supports background PPP connections. 73In background mode, if 74.Nm 75successfully establishes the connection, it will become a daemon. 76Otherwise, it will exit with an error. 77 78.It Supports server-side PPP connections. 79Can act as server which accepts incoming 80.Em PPP 81connections. 82 83.It Supports PAP and CHAP authentication. 84 85.It Supports Proxy Arp. 86When 87.Em PPP 88is set up as server, you can also configure it to do proxy arp for your 89connection. 90 91.It Supports packet filtering. 92User can define four kinds of filters: 93.Em ifilter 94for incoming packets, 95.Em ofilter 96for outgoing packets, 97.Em dfilter 98to define a dialing trigger packet and 99.Em afilter 100for keeping a connection alive with the trigger packet. 101 102.It Tunnel driver supports bpf. 103The user can use 104.Xr tcpdump 1 105to check the packet flow over the 106.Em PPP 107link. 108 109.It Supports PPP over TCP capability. 110 111 112.It Supports IETF draft Predictor-1 compression. 113.Nm 114supports not only VJ-compression but also Predictor-1 compression. 115Normally, a modem has built-in compression (e.g. v42.bis) and the system 116may receive higher data rates from it as a result of such compression. 117While this is generally a good thing in most other situations, this 118higher speed data imposes a penalty on the system by increasing the 119number of serial interrupts the system has to process in talking to the 120modem and also increases latency. Unlike VJ-compression, Predictor-1 121compression pre-compresses 122.Em all 123data flowing through the link, thus reducing overhead to a minimum. 124 125.It Supports Microsofts IPCP extentions. 126Name Server Addresses and NetBIOS Name Server Addresses can be negotiated 127with clients using the Microsoft 128.Em PPP 129stack (ie. Win95, WinNT) 130 131.It Runs under BSDI-1.1 and FreeBSD. 132 133.El 134 135 136Patches for NeXTSTEP 3.2 are also available on the net. 137 138.Sh GETTING STARTED 139 140When you first run 141.Nm 142you may need to deal with some initial configuration details. First, 143your kernel should include a tunnel device (the default in FreeBSD 2.0.5 144and later). If it doesn't, you'll need to rebuild your kernel with the 145following line in your kernel configuration file: 146 147.Dl pseudo-device tun 1 148 149You should set the numeric field to the maximum number of 150.Em PPP 151connections you wish to support. 152 153Second, check your 154.Pa /dev 155directory for the tunnel device entry 156.Pa /dev/tun0. 157If it doesn't exist, you can create it by running "MAKEDEV tun0" 158 159.Sh MANUAL DIALING 160 161% 162.Nm 163User Process PPP written by Toshiharu OHNO. 164 165* If you set your hostname and password in 166.Pa /etc/ppp/ppp.secret , 167you can't do 168anything except run the quit and help commands * 169 170ppp on "your hostname"> help 171 passwd : Password for security 172 quit : Quit the PPP program 173 help : Display this message 174 175ppp on tama> pass <password> 176 177* "on" will change to "ON" if you specify the correct password. * 178 179ppp ON tama> 180 181* You can now specify the device name, speed and parity 182for your modem, and whether 183CTS/RTS signalling should be used (CTS/RTS is used by default). 184If your hardware does not provide CTS/RTS lines (as 185may happen when you are connected directly to certain ppp-capable 186terminal servers), 187.Nm 188will never send any output through the port; it 189waits for a signal which never comes. 190Thus, if you have a direct line and can't seem to make 191a connection, try turning ctsrts off: * 192 193 194ppp ON tama> set line /dev/cuaa0 195 196ppp ON tama> set speed 38400 197 198ppp ON tama> set parity even 199 200ppp ON tama> set ctsrts on 201 202ppp ON tama> show modem 203 204* Modem related parameters are shown in here * 205 206ppp ON tama> 207 208* Use term command to talk with your modem * 209 210ppp ON tama> term 211 at 212 OK 213 atdt123456 214 CONNECT 215 216 login: ppp 217 Password: 218 219* PPP started in remote side. When the peer start to talk PPP, the 220program will detect it automatically and return to command mode. * 221 222ppp ON tama> 223 224.Nm PPP 225ON tama> 226 227* NOW, you are connected! Note that 228.Sq PPP 229in the prompt has changed to capital letters to indicate this. * 230 231PPP ON tama> show lcp 232 233* You'll see LCP status * 234 235PPP ON tama> show ipcp 236 237* You'll see IPCP status. At this point, your machine has a host route 238to the peer. If you want to add a default route entry, then enter the 239following command. * 240 241PPP ON tama> add 0 0 HISADDR 242 243* The string 244.Sq HISADDR 245represents the IP address of connected peer. * 246 247PPP ON tama> 248 249* Use network applications (i.e. ping, telnet, ftp) in other windows * 250 251PPP ON tama> show log 252 253* Gives you some logging messages * 254 255PPP ON tama> close 256 257* The connection is closed and modem will be disconnected. * 258 259ppp ON tama> quit 260 261% 262 263.Sh AUTOMATIC DIALING 264 265To use automatic dialing, you must prepare some Dial and Login chat scripts. 266See the example definitions in 267.Pa /etc/ppp/ppp.conf.sample 268(the format of ppp.conf is pretty simple). 269 270.Bl -bullet -compact 271.It 272Each line contains one command, label or comment. 273.It 274A line starting with a 275.Sq # 276character is treated as a comment line. 277.It 278A label name has to start in the first column and should be followed by 279a colon (:). 280.It 281A command line must contain a space or tab in the first column. 282.El 283 284Once ppp.conf is ready, specify the destination label name when you 285invoke 286.Nm ppp . 287Commands associated with the destination label are then 288executed. Note that the commands associated with the 289.Dq default 290label are ALWAYS executed. 291 292Once the connection is made, you'll find that the 293.Nm ppp 294portion of the prompt has changed to 295.Nm PPP . 296 297 % ppp pm2 298 ... 299 ppp ON tama> dial 300 dial OK! 301 login OK! 302 PPP ON tama> 303 304If the 305.Pa /etc/ppp/ppp.linkup 306file is available, its contents are executed 307when the 308.Em PPP 309connection is established. See the provided example which adds a 310default route. The string HISADDR represents the IP address of the 311remote peer. 312 313.Sh BACKGROUND DIALING 314 315If you want to establish a connection using 316.Nm ppp non-interactively (such as from a 317.Xr crontab(5) 318entry or an 319.Xr at(1) 320script) you should use the 321.Fl background 322option. You must also specify the destination label in 323.Pa /etc/ppp/ppp.conf 324to use. 325 326When 327.Fl background 328is specified, 329.Nm 330attempts to establish the connection. If this attempt fails, 331.Nm ppp 332exits immediately with a non-zero exit code. 333 334If it succeeds, then 335.Nm ppp 336becomes a daemon, and returns an exit status of zero to its caller. 337The daemon exits automatically if the connection is dropped by the 338remote system, or it receives a TERM signal. 339 340The file 341.Pa /var/run/ppp.tun0.pid 342contains the process id number of the 343.Nm ppp 344program that is using the tunnel device tun0. 345 346.Sh DIAL ON DEMAND 347 348To play with demand dialing, you must use the 349.Fl auto 350or 351.Fl ddial 352option. You must also specify the destination label in 353.Pa /etc/ppp/ppp.conf 354to use. It should contain the 355.Dq ifaddr 356command to define the remote peer's IP address. (refer to 357.Pa /etc/ppp/ppp.conf.sample ) 358 359 % ppp -auto pm2demand 360 ... 361 % 362 363When 364.Fl auto 365or 366.Fl ddial 367is specified, 368.Nm 369runs as a daemon but you can still configure or examine its 370configuration by using the diagnostic port as follows: 371 372 373 % telnet localhost 3000 374 Trying 127.0.0.1... 375 Connected to localhost.spec.co.jp. 376 Escape character is '^]'. 377 User Process PPP. Written by Toshiharu OHNO. 378 Working as auto mode. 379 PPP on tama> show ipcp 380 what ? 381 PPP on tama> pass xxxx 382 PPP ON tama> show ipcp 383 IPCP [OPEND] 384 his side: xxxx 385 .... 386 387.Pp 388Each 389.Nm 390daemon has an associated port number which is computed as "3000 + 391tunnel_device_number". If 3000 is not good base number, edit defs.h in 392the ppp sources ( 393.Pa /usr/src/usr.sbin/ppp ) 394and recompile it. 395 396When an outgoing packet is detected, 397.Nm 398will perform the dialing action (chat script) and try to connect 399with the peer. 400 401If the connect fails, the default behavior is to wait 30 seconds 402and then attempt to connect when another outgoing packet is detected. 403This behavior can be changed with 404.Bd -literal -offset indent 405set redial seconds|random[.nseconds|random] [dial_attempts] 406.Ed 407.Pp 408.Sq Seconds 409is the number of seconds to wait before attempting 410to connect again. If the argument is 411.Sq random , 412the delay period is a random value between 0 and 30 seconds. 413.Sq Nseconds 414is the number of seconds to wait before attempting 415to dial the next number in a list of numbers (see the 416.Dq set phone 417command). The default is 3 seconds. Again, if the argument is 418.Sq random , 419the delay period is a random value between 0 and 30 seconds. 420.Sq dial_attempts 421is the number of times to try to connect for each outgoing packet 422that is received. The previous value is unchanged if this parameter 423is omitted. If a value of zero is specified for 424.Sq dial_attempts , 425.Nm ppp 426will keep trying until a connection is made. 427.Bd -literal -offset indent 428set redial 10.3 4 429.Ed 430.Pp 431will attempt to connect 4 times for each outgoing packet that is 432detected with a 3 second delay between each number and a 10 second 433delay after all numbers have been tried. If multiple phone numbers 434are specified, the total number of attempts is still 4 (it does not 435attempt each number 4 times). 436 437Modifying the dial delay is very useful when running 438.Nm 439in demand 440dial mode on both ends of the link. If each end has the same timeout, 441both ends wind up calling each other at the same time if the link 442drops and both ends have packets queued. 443
|
451 452To terminate the program, type 453 454 PPP ON tama> close 455 ppp ON tama> quit all 456 457.Pp 458A simple 459.Dq quit 460command will terminate the telnet connection but not the program itself. 461You must use 462.Dq quit all 463to terminate the program as well. 464 465.Sh PACKET ALIASING 466 467The 468.Fl alias 469command line option enables packet aliasing. This allows the 470ppp host to act as a masquerading gateway for other computers over 471a local area network. Outgoing IP packets are are aliased so that 472they appear to come from the ppp host, and incoming packets are 473de-aliased so that they are routed to the correct machine on the 474local area network. 475 476Packet aliasing allows computers on private, unregistered 477subnets to have internet access, although they are invisible 478from the outside world. 479 480In general, correct ppp operation should first be verified 481with packet aliasing disabled. Then, the 482.Fl alias 483option should be switched on, and network applications (web browser, 484telnet, ftp, ping, traceroute) should be checked on the ppp host. 485Finally, the same or similar applications should be checked on other 486computers in the LAN. 487 488If network applications work correctly on the ppp host, but not on 489other machines in the LAN, then the masquerading software is working 490properly, but the host is either not forwarding or possibly receiving 491IP packets. Check that IP forwarding is enabled in /etc/sysconfig 492and that other machines have designated the ppp host as the gateway 493for the LAN. 494 495.Sh PACKET FILTERING 496 497This implementation supports packet filtering. There are three kinds of 498filters: ifilter, ofilter and dfilter. Here are the basics: 499 500.Bl -bullet -compact 501.It 502A filter definition has the following syntax: 503 504set filter-name rule-no action [src_addr/src_width] [dst_addr/dst_width] 505[proto [src [lt|eq|gt] port ]] [dst [lt|eq|gt] port] [estab] 506.Bl -enum 507.It 508.Sq filter-name 509should be one of ifilter, ofilter, or dfilter. 510.It 511There are two actions: 512.Sq permit 513and 514.Sq deny . 515If a given packet 516matches the rule, the associated action is taken immediately. 517.It 518.Sq src_width 519and 520.Sq dst_width 521work like a netmask to represent an address range. 522.It 523.Sq proto 524must be one of icmp, udp or tcp. 525.It 526.Sq port number 527can be specified by number and service name from 528.Pa /etc/services . 529 530.El 531 532.It 533Each filter can hold up to 20 rules, starting from rule 0. 534 535The entire rule set is not effective until rule 0 is defined. 536 537.It 538If no rule is matched to a packet, that packet will be discarded 539(blocked). 540 541.It 542Use 543.Dq set filter-name -1 544to flush all rules. 545 546.El 547 548See 549.Pa /etc/ppp/ppp.conf.filter.example . 550 551 552.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1) 553 554To handle an incoming 555.Em PPP 556connection request, follow these steps: 557 558.Bl -enum 559.It 560Make sure the modem and (optionally) 561.Pa /etc/rc.serial 562is configured correctly. 563.Bl -bullet -compact 564.It 565Use Hardware Handshake (CTS/RTS) for flow control. 566.It 567Modem should be set to NO echo back (ATE0) and NO results string (ATQ1). 568.El 569 570.It 571Edit 572.Pa /etc/ttys 573to enable a getty on the port where the modem is attached. 574 575For example: 576 577.Dl ttyd1 "/usr/libexec/getty std.38400" dialup on secure 578 579Don't forget to send a HUP signal to the init process to start the getty. 580 581.Dl # kill -HUP 1 582 583.It 584Prepare an account for the incoming user. 585.Bd -literal 586ppp:xxxx:66:66:PPP Login User:/home/ppp:/usr/local/bin/ppplogin 587.Ed 588 589.It 590Create a 591.Pa /usr/local/bin/ppplogin 592file with the following contents: 593.Bd -literal -offset indent 594#!/bin/sh -p 595exec /usr/sbin/ppp -direct 596.Ed 597 598(You can specify a label name for further control.) 599 600.Pp 601Direct mode ( 602.Fl direct ) 603lets 604.Nm 605work with stdin and stdout. You can also telnet to port 3000 to get 606command mode control in the same manner as client-side 607.Nm. 608 609.It 610Optional support for Microsoft's IPCP Name Server and NetBIOS 611Name Server negotiation can be enabled use 612.Dq enable msext 613and 614.Dq set ns pri-addr [sec-addr] 615along with 616.Dq set nbns pri-addr [sec-addr] 617in your ppp.conf file 618 619.El 620 621.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 2) 622 623This method differs in that it recommends the use of 624.Em mgetty+sendfax 625to handle the modem connections. The latest version 0.99 626can be compiled with the 627.Dq AUTO_PPP 628option to allow detection of clients speaking PPP to the login 629prompt. 630 631Follow these steps: 632 633.Bl -enum 634.It 635Get, configure, and install mgetty+sendfax v0.99 or later (beta) 636making sure you have used the AUTO_PPP option. 637.It 638Edit 639.Pa /etc/ttys 640to enable a mgetty on the port where the modem is attached. 641 642For example: 643 644.Dl cuaa1 "/usr/local/sbin/mgetty -s 57600" dialup on 645 646.It 647Prepare an account for the incoming user. 648.Bd -literal 649Pfred:xxxx:66:66:Fred's PPP:/home/ppp:/etc/ppp/ppp-dialup 650.Ed 651 652.It 653Examine the files 654.Pa /etc/ppp/sample.ppp-dialup 655.Pa /etc/ppp/sample.ppp-pap-dialup 656and 657.Pa /etc/ppp/sample.ppp.conf 658for ideas. ppp-pap-dialup is supposed to be called from 659.Pa /usr/local/etc/mgetty+sendfax/login.conf 660from a line like 661 662.Dl /AutoPPP/ - - /etc/ppp/ppp-pap-dialup 663.El 664 665.Sh SETTING IDLE, LINE QUALITY REQUEST, RETRY TIMER 666 667To check/set idletimer, use the 668.Dq show timeout 669and 670.Dq set timeout [lqrtimer [retrytimer]] 671commands. 672 673 Ex: 674.Dl ppp ON tama> set timeout 600 675 676The timeout period is measured in seconds, the default values for which 677are timeout = 180 or 3 min, lqrtimer = 30sec and retrytimer = 3sec. 678To disable the idle timer function, 679use the command 680.Dq set timeout 0 . 681 682In 683.Fl auto 684mode, an idle timeout causes the 685.Em PPP 686session to be 687closed, though the 688.Nm 689program itself remains running. Another trigger packet will cause it to 690attempt to reestablish the link. 691 692.Sh Predictor-1 compression 693 694This version supports CCP and Predictor type 1 compression based on 695the current IETF-draft specs. As a default behavior, 696.Nm 697will attempt to use (or be willing to accept) this capability when the 698peer agrees (or requests it). 699 700To disable CCP/predictor functionality completely, use the 701.Dq disable pred1 702and 703.Dq deny pred1 704commands. 705 706.Sh Controlling IP address 707 708.Nm 709uses IPCP to negotiate IP addresses. Each side of the connection 710specifies the IP address that it's willing to use, and if the requested 711IP address is acceptable then 712.Nm 713returns ACK to the requester. Otherwise, 714.Nm 715returns NAK to suggest that the peer use a different IP address. When 716both sides of the connection agree to accept the received request (and 717send ACK), IPCP is set to the open state and a network level connection 718is established. 719 720To control this IPCP behavior, this implementation has the 721.Dq set ifaddr 722command for defining the local and remote IP address: 723 724.Nm set ifaddr 725.Op src_addr Op dst_addr Op netmask Op trg_addr 726 727Where, 728.Sq src_addr 729is the IP address that the local side is willing to use and 730.Sq dst_addr 731is the IP address which the remote side should use. 732.Sq netmask 733is interface netmask. 734.Sq trg_addr 735is the IP address which used in address negotiation. 736 737Ex: 738.Dl set ifaddr 192.244.177.38 192.244.177.2 255.255.255.0 739 740The above specification means: 741.Bl -bullet -compact 742.It 743I strongly want to use 192.244.177.38 as my IP address, and I'll 744disagree if the peer suggests that I use another address. 745 746.It 747I strongly insist that peer use 192.244.177.2 as own side address and 748don't permit it to use any IP address but 192.244.177.2. When peer 749request another IP address, I always suggest that it use 192.244.177.2. 750 751.It 752My interface netmask will be 255.255.255.0. 753 754.It 755This is all fine when each side has a pre-determined IP address, however 756it is often the case that one side is acting as a server which controls 757all IP addresses and the other side should obey the direction from it. 758.El 759 760In order to allow more flexible behavior, `ifaddr' variable allows the 761user to specify IP address more loosely: 762 763.Dl set ifaddr 192.244.177.38/24 192.244.177.2/20 764 765A number followed by a slash (/) represent the number of bits significant in 766the IP address. The above example signifies that: 767 768.Bl -bullet -compact 769.It 770I'd like to use 192.244.177.38 as my address if it is possible, but I'll 771also accept any IP address between 192.244.177.0 and 192.244.177.255. 772 773.It 774I'd like to make him use 192.244.177.2 as his own address, but I'll also 775permit him to use any IP address between 192.244.176.0 and 776192.244.191.255. 777 778.It 779As you may have already noticed, 192.244.177.2 is equivalent to saying 780192.244.177.2/32. 781 782.It 783As an exception, 0 is equivalent to 0.0.0.0/0, meaning that I have no 784preferred IP address and will obey the remote peer's selection. 785 786.It 787192.244.177.2/0 means that I'll accept/permit any IP address but I'll 788try to insist that 192.244.177.2 be used first. 789.El 790 791.Sh Connecting with your service provider 792 793The following steps should be taken when connecting to your ISP: 794 795.Bl -enum 796.It 797Describe your provider's phone number(s) in the dial script using the 798.Dq set phone 799command. This command allows you to set multiple phone numbers for 800dialing and redialing separated by a colon (:). For example: 801.Bd -literal -offset indent 802set phone "1234567:2345678" 803.Ed 804.Pp 805Here, the first number is attempted. If the connection fails, the second 806number is attempted after the next number redial period. If the second number 807also fails, the first is tried again after the redial period has expired. 808The selected phone number is substituted for the \\T string in the 809.Dq set dial 810command (see below). 811 812.It 813Set up your redial requirements using 814.Dq set redial . 815For example, if you have a bad telephone line or your provider is 816usually engaged (not so common these days), you may want to specify 817the following: 818.Bd -literal -offset indent 819set redial 10 4 820.Ed 821.Pp 822This says that up to 4 phone calls should be attempted with a pause of 10 823seconds before dialing the first number again. 824 825.It 826Describe your login procedure using the 827.Dq set dial 828and 829.Dq set login 830commands. The 831.Dq set dial 832command is used to talk to your modem and establish a link with your 833ISP, for example: 834.Bd -literal -offset indent 835set dial "ABORT BUSY ABORT NO\\\\sCARRIER TIMEOUT 4 \\"\\" ATZ OK-ATZ-OK ATDT\\\\T TIMEOUT 60 CONNECT" 836.Ed 837.Pp 838This modem "chat" string means: 839 840.Bl -bullet 841.It 842Abort if the string "BUSY" or "NO CARRIER" are received. 843.It 844Set the timeout to 4. 845.It 846Expect nothing. 847.It 848Send ATZ. 849.It 850Expect OK. If that's not received, send ATZ and expect OK. 851.It 852Send ATDTxxxxxxx where xxxxxxx is the next number in the phone list from 853above. 854.It 855Set the timeout to 60. 856.It 857Wait for the CONNECT string. 858.El 859 860Once the connection is established, the login script is executed. This 861script is written in the same style as the dial script: 862.Bd -literal -offset indent 863set login "TIMEOUT 15 login:-\\\\r-login: awfulhak word: xxx ocol: PPP HELLO" 864.Ed 865.Pp 866This login "chat" string means: 867 868.Bl -bullet 869.It 870Set the timeout to 15 seconds. 871.It 872Expect "login:". If it's not received, send a carriage return and expect 873"login:" again. 874.It 875Send "awfulhak" 876.It 877Expect "word:" (the tail end of a "Password:" prompt). 878.It 879Send "xxx". 880.It 881Expect "ocol:" (the tail end of a "Protocol:" prompt). 882.It 883Send "PPP". 884.It 885Expect "HELLO". 886.El 887.Pp 888Login scripts vary greatly between ISPs. 889 890.It 891Use 892.Dq set line 893and 894.Dq set sp 895to specify your serial line and speed, for example: 896.Bd -literal -offset indent 897set line /dev/cuaa0 898set sp 115200 899.Ed 900.Pp 901Cuaa0 is the first serial port on FreeBSD. Cuaa1 is the second etc. A 902speed of 115200 should be specified if you have a modem capable of bit 903rates of 28800 or more. In general, the serial speed should be about 904four times the modem speed. 905 906.It 907Use 908.Dq set ifaddr 909command to define the IP address. 910.Bl -bullet 911.It 912If you know what IP address your provider uses, then use it as the remote 913address, otherwise choose something like 10.0.0.2/0 (see below). 914.It 915If your provider has assigned a particular IP address to you, then use 916it as your address. 917.It 918If your provider assigns your address dynamically, choose a suitably 919unobtrusive and unspecific IP number as your address. 10.0.0.1/0 would 920be appropriate. The bit after the / specifies how many bits of the 921address you consider to be important, so if you wanted to insist on 922something in the class C network 1.2.3.0, you could specify 1.2.3.0/24. 923.El 924.Pp 925An example for a connection where you don't know your IP number or your 926ISPs IP number would be: 927.Bd -literal -offset indent 928set ifaddr 10.0.0.1/0 10.0.0.2/0 929.Ed 930 931.It 932In most cases, your ISP will also be your default router. If this is 933the case, add the lines 934.Bd -literal -offset indent 935delete ALL 936add 0 0 HISADDR 937.Ed 938.Pp 939to 940.Pa ppp.conf . 941.Pp 942This tells 943.Nm ppp 944to delete all routing entries already made by 945.Nm ppp , 946then to add a default route to HISADDR. HISADDR is a macro meaning the 947"other side"s IP number. 948.Pp 949If you're using dynamic IP numbers, you must also put these two lines 950in the 951.Pa ppp.linkup 952file. Then, once the link has been established and 953.Nm ppp 954knows the actual IP numbers in use, all previous (and probably incorrect) 955entries are deleted and a default to the correct IP number is added. Use 956the same label as the one used in 957.Pa ppp.conf . 958.Pp 959If commands are being typed interactively, the only requirement is 960to type 961.Bd -literal -offset indent 962add 0 0 HISADDR 963.Ed 964.Pp 965after a successful dial. 966 967.It 968If your provider requests that you use PAP/CHAP authentication methods, add 969the next lines to your 970.Pa ppp.conf 971file: 972.Bd -literal -offset indent 973enable pap (or enable chap) 974disable chap (or disable pap) 975set authname MyName 976set authkey MyPassword 977.Ed 978 979.It 980It is also worth adding the following line: 981.Bd -literal -offset indent 982set openmode active 983.Ed 984.Pp 985This tells 986.Nm ppp 987to initiate LCP. Without this line, there's a possibility 988of both sides of the connection just sitting there and looking at 989eachother rather than communicating. 990 991.El 992 993Please refer to 994.Pa /etc/ppp/ppp.conf.sample 995and 996.Pa /etc/ppp/ppp.linkup.sample 997for some real examples. The pmdemand label should be appropriate for most 998ISPs. 999 1000.Sh Logging facility 1001 1002.Nm 1003is able to generate the following log info into 1004.Pa /var/log/ppp.log : 1005 1006.Bl -column SMMMMMM -offset indent -compat 1007.It Li Phase Phase transition log output 1008.It Li Chat Generate Chat script trace log 1009.It Li Connect Generate complete Chat log 1010.It Li Carrier Log Chat lines with 'CARRIER' 1011.It Li LQM Generate LQR report 1012.It Li LCP Generate LCP/IPCP packet trace 1013.It Li Link Log address assignments and link up/down events 1014.It Li TCP/IP Dump TCP/IP packet 1015.It Li HDLC Dump HDLC packet in hex 1016.It Li Async Dump async level packet in hex 1017.El 1018 1019The 1020.Dq set debug 1021command allows you to set logging output level, of which 1022multiple levels can be specified. The default is equivalent to 1023.Dq set debug carrier link phase . 1024 1025If a HUP signal is received, the log file is closed and re-opened 1026to facilitate log file rotation. 1027 1028.Sh MORE DETAILS 1029 1030.Bl -bullet -compact 1031.It 1032Please read the Japanese doc for complete explanation. It may not be 1033useful for non-japanese readers, but examples in the document may help 1034you to guess. 1035 1036.It 1037Please read example configuration files. 1038 1039.It 1040Use 1041.Dq help , 1042.Dq show ? , 1043.Dq set ? 1044and 1045.Dq set ? <var> 1046commands. 1047 1048.It 1049NetBSD and BSDI-1.0 were supported in previous releases but are no 1050longer supported in this release. Please contact the author if you need 1051old driver code. 1052.El 1053 1054.Sh FILES 1055.Nm 1056refers to three files: ppp.conf, ppp.linkup and ppp.secret. 1057These files are placed in 1058.Pa /etc/ppp , 1059but the user can create his own files under his $HOME directory as 1060.Pa .ppp.conf , 1061.Pa .ppp.linkup 1062and 1063.Pa .ppp.secret. 1064.Nm 1065will always try to consult the user's personal setup first. 1066 1067.Bl -tag -width flag 1068.Pa $HOME/ppp/.ppp.[conf|linkup|secret] 1069User dependent configuration files. 1070 1071.Pa /etc/ppp/ppp.conf 1072System default configuration file. 1073 1074.Pa /etc/ppp/ppp.secret 1075An authorization file for each system. 1076 1077.Pa /etc/ppp/ppp.linkup 1078A file to check when 1079.Nm 1080establishes a network level connection. 1081 1082.Pa /var/log/ppp.log 1083Logging and debugging information file. 1084 1085.Pa /var/spool/lock/Lck..* 1086tty port locking file. 1087 1088.Pa /var/run/PPP.system 1089Holds the pid for ppp -auto system. 1090 1091.Pa /var/run/ppp.tun0.pid 1092The process id (pid) of the ppp program connected to the ppp0 device. 1093 1094.Pa /etc/services 1095Get port number if port number is using service name. 1096.El 1097.Sh SEE ALSO 1098.Xr chat 8 , 1099.Xr pppd 8 1100.Sh HISTORY 1101This program was submitted in FreeBSD-2.0.5 Atsushi Murai (amurai@spec.co.jp). 1102 1103.Sh AUTHORS 1104Toshiharu OHNO (tony-o@iij.ad.jp)
| 482 483To terminate the program, type 484 485 PPP ON tama> close 486 ppp ON tama> quit all 487 488.Pp 489A simple 490.Dq quit 491command will terminate the telnet connection but not the program itself. 492You must use 493.Dq quit all 494to terminate the program as well. 495 496.Sh PACKET ALIASING 497 498The 499.Fl alias 500command line option enables packet aliasing. This allows the 501ppp host to act as a masquerading gateway for other computers over 502a local area network. Outgoing IP packets are are aliased so that 503they appear to come from the ppp host, and incoming packets are 504de-aliased so that they are routed to the correct machine on the 505local area network. 506 507Packet aliasing allows computers on private, unregistered 508subnets to have internet access, although they are invisible 509from the outside world. 510 511In general, correct ppp operation should first be verified 512with packet aliasing disabled. Then, the 513.Fl alias 514option should be switched on, and network applications (web browser, 515telnet, ftp, ping, traceroute) should be checked on the ppp host. 516Finally, the same or similar applications should be checked on other 517computers in the LAN. 518 519If network applications work correctly on the ppp host, but not on 520other machines in the LAN, then the masquerading software is working 521properly, but the host is either not forwarding or possibly receiving 522IP packets. Check that IP forwarding is enabled in /etc/sysconfig 523and that other machines have designated the ppp host as the gateway 524for the LAN. 525 526.Sh PACKET FILTERING 527 528This implementation supports packet filtering. There are three kinds of 529filters: ifilter, ofilter and dfilter. Here are the basics: 530 531.Bl -bullet -compact 532.It 533A filter definition has the following syntax: 534 535set filter-name rule-no action [src_addr/src_width] [dst_addr/dst_width] 536[proto [src [lt|eq|gt] port ]] [dst [lt|eq|gt] port] [estab] 537.Bl -enum 538.It 539.Sq filter-name 540should be one of ifilter, ofilter, or dfilter. 541.It 542There are two actions: 543.Sq permit 544and 545.Sq deny . 546If a given packet 547matches the rule, the associated action is taken immediately. 548.It 549.Sq src_width 550and 551.Sq dst_width 552work like a netmask to represent an address range. 553.It 554.Sq proto 555must be one of icmp, udp or tcp. 556.It 557.Sq port number 558can be specified by number and service name from 559.Pa /etc/services . 560 561.El 562 563.It 564Each filter can hold up to 20 rules, starting from rule 0. 565 566The entire rule set is not effective until rule 0 is defined. 567 568.It 569If no rule is matched to a packet, that packet will be discarded 570(blocked). 571 572.It 573Use 574.Dq set filter-name -1 575to flush all rules. 576 577.El 578 579See 580.Pa /etc/ppp/ppp.conf.filter.example . 581 582 583.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1) 584 585To handle an incoming 586.Em PPP 587connection request, follow these steps: 588 589.Bl -enum 590.It 591Make sure the modem and (optionally) 592.Pa /etc/rc.serial 593is configured correctly. 594.Bl -bullet -compact 595.It 596Use Hardware Handshake (CTS/RTS) for flow control. 597.It 598Modem should be set to NO echo back (ATE0) and NO results string (ATQ1). 599.El 600 601.It 602Edit 603.Pa /etc/ttys 604to enable a getty on the port where the modem is attached. 605 606For example: 607 608.Dl ttyd1 "/usr/libexec/getty std.38400" dialup on secure 609 610Don't forget to send a HUP signal to the init process to start the getty. 611 612.Dl # kill -HUP 1 613 614.It 615Prepare an account for the incoming user. 616.Bd -literal 617ppp:xxxx:66:66:PPP Login User:/home/ppp:/usr/local/bin/ppplogin 618.Ed 619 620.It 621Create a 622.Pa /usr/local/bin/ppplogin 623file with the following contents: 624.Bd -literal -offset indent 625#!/bin/sh -p 626exec /usr/sbin/ppp -direct 627.Ed 628 629(You can specify a label name for further control.) 630 631.Pp 632Direct mode ( 633.Fl direct ) 634lets 635.Nm 636work with stdin and stdout. You can also telnet to port 3000 to get 637command mode control in the same manner as client-side 638.Nm. 639 640.It 641Optional support for Microsoft's IPCP Name Server and NetBIOS 642Name Server negotiation can be enabled use 643.Dq enable msext 644and 645.Dq set ns pri-addr [sec-addr] 646along with 647.Dq set nbns pri-addr [sec-addr] 648in your ppp.conf file 649 650.El 651 652.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 2) 653 654This method differs in that it recommends the use of 655.Em mgetty+sendfax 656to handle the modem connections. The latest version 0.99 657can be compiled with the 658.Dq AUTO_PPP 659option to allow detection of clients speaking PPP to the login 660prompt. 661 662Follow these steps: 663 664.Bl -enum 665.It 666Get, configure, and install mgetty+sendfax v0.99 or later (beta) 667making sure you have used the AUTO_PPP option. 668.It 669Edit 670.Pa /etc/ttys 671to enable a mgetty on the port where the modem is attached. 672 673For example: 674 675.Dl cuaa1 "/usr/local/sbin/mgetty -s 57600" dialup on 676 677.It 678Prepare an account for the incoming user. 679.Bd -literal 680Pfred:xxxx:66:66:Fred's PPP:/home/ppp:/etc/ppp/ppp-dialup 681.Ed 682 683.It 684Examine the files 685.Pa /etc/ppp/sample.ppp-dialup 686.Pa /etc/ppp/sample.ppp-pap-dialup 687and 688.Pa /etc/ppp/sample.ppp.conf 689for ideas. ppp-pap-dialup is supposed to be called from 690.Pa /usr/local/etc/mgetty+sendfax/login.conf 691from a line like 692 693.Dl /AutoPPP/ - - /etc/ppp/ppp-pap-dialup 694.El 695 696.Sh SETTING IDLE, LINE QUALITY REQUEST, RETRY TIMER 697 698To check/set idletimer, use the 699.Dq show timeout 700and 701.Dq set timeout [lqrtimer [retrytimer]] 702commands. 703 704 Ex: 705.Dl ppp ON tama> set timeout 600 706 707The timeout period is measured in seconds, the default values for which 708are timeout = 180 or 3 min, lqrtimer = 30sec and retrytimer = 3sec. 709To disable the idle timer function, 710use the command 711.Dq set timeout 0 . 712 713In 714.Fl auto 715mode, an idle timeout causes the 716.Em PPP 717session to be 718closed, though the 719.Nm 720program itself remains running. Another trigger packet will cause it to 721attempt to reestablish the link. 722 723.Sh Predictor-1 compression 724 725This version supports CCP and Predictor type 1 compression based on 726the current IETF-draft specs. As a default behavior, 727.Nm 728will attempt to use (or be willing to accept) this capability when the 729peer agrees (or requests it). 730 731To disable CCP/predictor functionality completely, use the 732.Dq disable pred1 733and 734.Dq deny pred1 735commands. 736 737.Sh Controlling IP address 738 739.Nm 740uses IPCP to negotiate IP addresses. Each side of the connection 741specifies the IP address that it's willing to use, and if the requested 742IP address is acceptable then 743.Nm 744returns ACK to the requester. Otherwise, 745.Nm 746returns NAK to suggest that the peer use a different IP address. When 747both sides of the connection agree to accept the received request (and 748send ACK), IPCP is set to the open state and a network level connection 749is established. 750 751To control this IPCP behavior, this implementation has the 752.Dq set ifaddr 753command for defining the local and remote IP address: 754 755.Nm set ifaddr 756.Op src_addr Op dst_addr Op netmask Op trg_addr 757 758Where, 759.Sq src_addr 760is the IP address that the local side is willing to use and 761.Sq dst_addr 762is the IP address which the remote side should use. 763.Sq netmask 764is interface netmask. 765.Sq trg_addr 766is the IP address which used in address negotiation. 767 768Ex: 769.Dl set ifaddr 192.244.177.38 192.244.177.2 255.255.255.0 770 771The above specification means: 772.Bl -bullet -compact 773.It 774I strongly want to use 192.244.177.38 as my IP address, and I'll 775disagree if the peer suggests that I use another address. 776 777.It 778I strongly insist that peer use 192.244.177.2 as own side address and 779don't permit it to use any IP address but 192.244.177.2. When peer 780request another IP address, I always suggest that it use 192.244.177.2. 781 782.It 783My interface netmask will be 255.255.255.0. 784 785.It 786This is all fine when each side has a pre-determined IP address, however 787it is often the case that one side is acting as a server which controls 788all IP addresses and the other side should obey the direction from it. 789.El 790 791In order to allow more flexible behavior, `ifaddr' variable allows the 792user to specify IP address more loosely: 793 794.Dl set ifaddr 192.244.177.38/24 192.244.177.2/20 795 796A number followed by a slash (/) represent the number of bits significant in 797the IP address. The above example signifies that: 798 799.Bl -bullet -compact 800.It 801I'd like to use 192.244.177.38 as my address if it is possible, but I'll 802also accept any IP address between 192.244.177.0 and 192.244.177.255. 803 804.It 805I'd like to make him use 192.244.177.2 as his own address, but I'll also 806permit him to use any IP address between 192.244.176.0 and 807192.244.191.255. 808 809.It 810As you may have already noticed, 192.244.177.2 is equivalent to saying 811192.244.177.2/32. 812 813.It 814As an exception, 0 is equivalent to 0.0.0.0/0, meaning that I have no 815preferred IP address and will obey the remote peer's selection. 816 817.It 818192.244.177.2/0 means that I'll accept/permit any IP address but I'll 819try to insist that 192.244.177.2 be used first. 820.El 821 822.Sh Connecting with your service provider 823 824The following steps should be taken when connecting to your ISP: 825 826.Bl -enum 827.It 828Describe your provider's phone number(s) in the dial script using the 829.Dq set phone 830command. This command allows you to set multiple phone numbers for 831dialing and redialing separated by a colon (:). For example: 832.Bd -literal -offset indent 833set phone "1234567:2345678" 834.Ed 835.Pp 836Here, the first number is attempted. If the connection fails, the second 837number is attempted after the next number redial period. If the second number 838also fails, the first is tried again after the redial period has expired. 839The selected phone number is substituted for the \\T string in the 840.Dq set dial 841command (see below). 842 843.It 844Set up your redial requirements using 845.Dq set redial . 846For example, if you have a bad telephone line or your provider is 847usually engaged (not so common these days), you may want to specify 848the following: 849.Bd -literal -offset indent 850set redial 10 4 851.Ed 852.Pp 853This says that up to 4 phone calls should be attempted with a pause of 10 854seconds before dialing the first number again. 855 856.It 857Describe your login procedure using the 858.Dq set dial 859and 860.Dq set login 861commands. The 862.Dq set dial 863command is used to talk to your modem and establish a link with your 864ISP, for example: 865.Bd -literal -offset indent 866set dial "ABORT BUSY ABORT NO\\\\sCARRIER TIMEOUT 4 \\"\\" ATZ OK-ATZ-OK ATDT\\\\T TIMEOUT 60 CONNECT" 867.Ed 868.Pp 869This modem "chat" string means: 870 871.Bl -bullet 872.It 873Abort if the string "BUSY" or "NO CARRIER" are received. 874.It 875Set the timeout to 4. 876.It 877Expect nothing. 878.It 879Send ATZ. 880.It 881Expect OK. If that's not received, send ATZ and expect OK. 882.It 883Send ATDTxxxxxxx where xxxxxxx is the next number in the phone list from 884above. 885.It 886Set the timeout to 60. 887.It 888Wait for the CONNECT string. 889.El 890 891Once the connection is established, the login script is executed. This 892script is written in the same style as the dial script: 893.Bd -literal -offset indent 894set login "TIMEOUT 15 login:-\\\\r-login: awfulhak word: xxx ocol: PPP HELLO" 895.Ed 896.Pp 897This login "chat" string means: 898 899.Bl -bullet 900.It 901Set the timeout to 15 seconds. 902.It 903Expect "login:". If it's not received, send a carriage return and expect 904"login:" again. 905.It 906Send "awfulhak" 907.It 908Expect "word:" (the tail end of a "Password:" prompt). 909.It 910Send "xxx". 911.It 912Expect "ocol:" (the tail end of a "Protocol:" prompt). 913.It 914Send "PPP". 915.It 916Expect "HELLO". 917.El 918.Pp 919Login scripts vary greatly between ISPs. 920 921.It 922Use 923.Dq set line 924and 925.Dq set sp 926to specify your serial line and speed, for example: 927.Bd -literal -offset indent 928set line /dev/cuaa0 929set sp 115200 930.Ed 931.Pp 932Cuaa0 is the first serial port on FreeBSD. Cuaa1 is the second etc. A 933speed of 115200 should be specified if you have a modem capable of bit 934rates of 28800 or more. In general, the serial speed should be about 935four times the modem speed. 936 937.It 938Use 939.Dq set ifaddr 940command to define the IP address. 941.Bl -bullet 942.It 943If you know what IP address your provider uses, then use it as the remote 944address, otherwise choose something like 10.0.0.2/0 (see below). 945.It 946If your provider has assigned a particular IP address to you, then use 947it as your address. 948.It 949If your provider assigns your address dynamically, choose a suitably 950unobtrusive and unspecific IP number as your address. 10.0.0.1/0 would 951be appropriate. The bit after the / specifies how many bits of the 952address you consider to be important, so if you wanted to insist on 953something in the class C network 1.2.3.0, you could specify 1.2.3.0/24. 954.El 955.Pp 956An example for a connection where you don't know your IP number or your 957ISPs IP number would be: 958.Bd -literal -offset indent 959set ifaddr 10.0.0.1/0 10.0.0.2/0 960.Ed 961 962.It 963In most cases, your ISP will also be your default router. If this is 964the case, add the lines 965.Bd -literal -offset indent 966delete ALL 967add 0 0 HISADDR 968.Ed 969.Pp 970to 971.Pa ppp.conf . 972.Pp 973This tells 974.Nm ppp 975to delete all routing entries already made by 976.Nm ppp , 977then to add a default route to HISADDR. HISADDR is a macro meaning the 978"other side"s IP number. 979.Pp 980If you're using dynamic IP numbers, you must also put these two lines 981in the 982.Pa ppp.linkup 983file. Then, once the link has been established and 984.Nm ppp 985knows the actual IP numbers in use, all previous (and probably incorrect) 986entries are deleted and a default to the correct IP number is added. Use 987the same label as the one used in 988.Pa ppp.conf . 989.Pp 990If commands are being typed interactively, the only requirement is 991to type 992.Bd -literal -offset indent 993add 0 0 HISADDR 994.Ed 995.Pp 996after a successful dial. 997 998.It 999If your provider requests that you use PAP/CHAP authentication methods, add 1000the next lines to your 1001.Pa ppp.conf 1002file: 1003.Bd -literal -offset indent 1004enable pap (or enable chap) 1005disable chap (or disable pap) 1006set authname MyName 1007set authkey MyPassword 1008.Ed 1009 1010.It 1011It is also worth adding the following line: 1012.Bd -literal -offset indent 1013set openmode active 1014.Ed 1015.Pp 1016This tells 1017.Nm ppp 1018to initiate LCP. Without this line, there's a possibility 1019of both sides of the connection just sitting there and looking at 1020eachother rather than communicating. 1021 1022.El 1023 1024Please refer to 1025.Pa /etc/ppp/ppp.conf.sample 1026and 1027.Pa /etc/ppp/ppp.linkup.sample 1028for some real examples. The pmdemand label should be appropriate for most 1029ISPs. 1030 1031.Sh Logging facility 1032 1033.Nm 1034is able to generate the following log info into 1035.Pa /var/log/ppp.log : 1036 1037.Bl -column SMMMMMM -offset indent -compat 1038.It Li Phase Phase transition log output 1039.It Li Chat Generate Chat script trace log 1040.It Li Connect Generate complete Chat log 1041.It Li Carrier Log Chat lines with 'CARRIER' 1042.It Li LQM Generate LQR report 1043.It Li LCP Generate LCP/IPCP packet trace 1044.It Li Link Log address assignments and link up/down events 1045.It Li TCP/IP Dump TCP/IP packet 1046.It Li HDLC Dump HDLC packet in hex 1047.It Li Async Dump async level packet in hex 1048.El 1049 1050The 1051.Dq set debug 1052command allows you to set logging output level, of which 1053multiple levels can be specified. The default is equivalent to 1054.Dq set debug carrier link phase . 1055 1056If a HUP signal is received, the log file is closed and re-opened 1057to facilitate log file rotation. 1058 1059.Sh MORE DETAILS 1060 1061.Bl -bullet -compact 1062.It 1063Please read the Japanese doc for complete explanation. It may not be 1064useful for non-japanese readers, but examples in the document may help 1065you to guess. 1066 1067.It 1068Please read example configuration files. 1069 1070.It 1071Use 1072.Dq help , 1073.Dq show ? , 1074.Dq set ? 1075and 1076.Dq set ? <var> 1077commands. 1078 1079.It 1080NetBSD and BSDI-1.0 were supported in previous releases but are no 1081longer supported in this release. Please contact the author if you need 1082old driver code. 1083.El 1084 1085.Sh FILES 1086.Nm 1087refers to three files: ppp.conf, ppp.linkup and ppp.secret. 1088These files are placed in 1089.Pa /etc/ppp , 1090but the user can create his own files under his $HOME directory as 1091.Pa .ppp.conf , 1092.Pa .ppp.linkup 1093and 1094.Pa .ppp.secret. 1095.Nm 1096will always try to consult the user's personal setup first. 1097 1098.Bl -tag -width flag 1099.Pa $HOME/ppp/.ppp.[conf|linkup|secret] 1100User dependent configuration files. 1101 1102.Pa /etc/ppp/ppp.conf 1103System default configuration file. 1104 1105.Pa /etc/ppp/ppp.secret 1106An authorization file for each system. 1107 1108.Pa /etc/ppp/ppp.linkup 1109A file to check when 1110.Nm 1111establishes a network level connection. 1112 1113.Pa /var/log/ppp.log 1114Logging and debugging information file. 1115 1116.Pa /var/spool/lock/Lck..* 1117tty port locking file. 1118 1119.Pa /var/run/PPP.system 1120Holds the pid for ppp -auto system. 1121 1122.Pa /var/run/ppp.tun0.pid 1123The process id (pid) of the ppp program connected to the ppp0 device. 1124 1125.Pa /etc/services 1126Get port number if port number is using service name. 1127.El 1128.Sh SEE ALSO 1129.Xr chat 8 , 1130.Xr pppd 8 1131.Sh HISTORY 1132This program was submitted in FreeBSD-2.0.5 Atsushi Murai (amurai@spec.co.jp). 1133 1134.Sh AUTHORS 1135Toshiharu OHNO (tony-o@iij.ad.jp)
|