3.Dd 20 September 1995
4.Os FreeBSD
5.Dt PPP 8
6.Sh NAME
7.Nm ppp
8.Nd
9Point to Point Protocol (aka iijppp)
10.Sh SYNOPSIS
11.Nm
12.Op Fl auto | background | ddial | direct | dedicated
13.Op Fl alias
14.Op Ar system
15.Sh DESCRIPTION
16This is a user process
17.Em PPP
18software package. Normally,
19.Em PPP
20is implemented as a part of the kernel (e.g. as managed by pppd) and it's
21thus somewhat hard to debug and/or modify its behavior. However, in this
22implementation
23.Em PPP
24is done as a user process with the help of the
25tunnel device driver (tun).
26
27.Sh Major Features
28
29.Bl -diag
30.It Provides interactive user interface.
31Using its command mode, the user can
32easily enter commands to establish the connection with the remote end, check
33the status of connection and close the connection. All functions can
34also be optionally password protected for security.
35
36.It Supports both manual and automatic dialing.
37Interactive mode has a
38.Dq term
39command which enables you to talk to your modem directly. When your
40modem is connected to the remote peer and it starts to talk
41.Em PPP
42, the
43.Em PPP
44software detects it and switches to packet
45mode automatically. Once you have determined the proper sequence for connecting
46with the remote host, you can write a chat script to define the necessary
47dialing and login procedure for later convenience.
48
49.It Supports on-demand dialup capability.
50By using auto mode,
51.Nm
52will act as a daemon and wait for a packet to be sent over the
53.Em PPP
54link. When this happens, the daemon automatically dials and establishes the
55connection.
56
57In almost the same manner ddial mode (dedicated or demon dialing)
58also automatically dials and establishes the connection. However, it
59differs in that it will dial the remote site any time it detects the
60link is down, even if there are no packets to be sent. This mode is
61useful for full-time connections who worry less about line charges
62and more about being connected full time.
63
64.It Supports packet aliasing.
65Packet aliasing, more commonly known as masquerading, allows computers
66on a private, unregistered network to access the internet. The
67.Em PPP
68host acts as a masquerading gateway. IP addresses as well as TCP and
69UDP port numbers are aliased for outgoing packets and de-aliased for
70returning packets.
71
72.It Supports background PPP connections.
73In background mode, if
74.Nm
75successfully establishes the connection, it will become a daemon.
76Otherwise, it will exit with an error.
77
78.It Supports server-side PPP connections.
79Can act as server which accepts incoming
80.Em PPP
81connections.
82
83.It Supports PAP and CHAP authentication.
84
85.It Supports Proxy Arp.
86When
87.Em PPP
88is set up as server, you can also configure it to do proxy arp for your
89connection.
90
91.It Supports packet filtering.
92User can define four kinds of filters:
93.Em ifilter
94for incoming packets,
95.Em ofilter
96for outgoing packets,
97.Em dfilter
98to define a dialing trigger packet and
99.Em afilter
100for keeping a connection alive with the trigger packet.
101
102.It Tunnel driver supports bpf.
103The user can use
104.Xr tcpdump 1
105to check the packet flow over the
106.Em PPP
107link.
108
109.It Supports PPP over TCP capability.
110
111
112.It Supports IETF draft Predictor-1 compression.
113.Nm
114supports not only VJ-compression but also Predictor-1 compression.
115Normally, a modem has built-in compression (e.g. v42.bis) and the system
116may receive higher data rates from it as a result of such compression.
117While this is generally a good thing in most other situations, this
118higher speed data imposes a penalty on the system by increasing the
119number of serial interrupts the system has to process in talking to the
120modem and also increases latency. Unlike VJ-compression, Predictor-1
121compression pre-compresses
122.Em all
123data flowing through the link, thus reducing overhead to a minimum.
124
125.It Supports Microsofts IPCP extentions.
126Name Server Addresses and NetBIOS Name Server Addresses can be negotiated
127with clients using the Microsoft
128.Em PPP
129stack (ie. Win95, WinNT)
130
131.It Runs under BSDI-1.1 and FreeBSD.
132
133.El
134
135
136Patches for NeXTSTEP 3.2 are also available on the net.
137
138.Sh GETTING STARTED
139
140When you first run
141.Nm
142you may need to deal with some initial configuration details. First,
143your kernel should include a tunnel device (the default in FreeBSD 2.0.5
144and later). If it doesn't, you'll need to rebuild your kernel with the
145following line in your kernel configuration file:
146
147.Dl pseudo-device tun 1
148
149You should set the numeric field to the maximum number of
150.Em PPP
151connections you wish to support.
152
153Second, check your
154.Pa /dev
155directory for the tunnel device entry
156.Pa /dev/tun0.
157If it doesn't exist, you can create it by running "MAKEDEV tun0"
158
159.Sh MANUAL DIALING
160
161%
162.Nm
163User Process PPP written by Toshiharu OHNO.
164
165* If you set your hostname and password in
166.Pa /etc/ppp/ppp.secret ,
167you can't do
168anything except run the quit and help commands *
169
170ppp on "your hostname"> help
171 passwd : Password for security
172 quit : Quit the PPP program
173 help : Display this message
174
175ppp on tama> pass <password>
176
177* "on" will change to "ON" if you specify the correct password. *
178
179ppp ON tama>
180
181* You can now specify the device name, speed and parity
182for your modem, and whether
183CTS/RTS signalling should be used (CTS/RTS is used by default).
184If your hardware does not provide CTS/RTS lines (as
185may happen when you are connected directly to certain ppp-capable
186terminal servers),
187.Nm
188will never send any output through the port; it
189waits for a signal which never comes.
190Thus, if you have a direct line and can't seem to make
191a connection, try turning ctsrts off: *
192
193
194ppp ON tama> set line /dev/cuaa0
195
196ppp ON tama> set speed 38400
197
198ppp ON tama> set parity even
199
200ppp ON tama> set ctsrts on
201
202ppp ON tama> show modem
203
204* Modem related parameters are shown in here *
205
206ppp ON tama>
207
208* Use term command to talk with your modem *
209
210ppp ON tama> term
211 at
212 OK
213 atdt123456
214 CONNECT
215
216 login: ppp
217 Password:
218
219* PPP started in remote side. When the peer start to talk PPP, the
220program will detect it automatically and return to command mode. *
221
222ppp ON tama>
223
224.Nm PPP
225ON tama>
226
227* NOW, you are connected! Note that
228.Sq PPP
229in the prompt has changed to capital letters to indicate this. *
230
231PPP ON tama> show lcp
232
233* You'll see LCP status *
234
235PPP ON tama> show ipcp
236
237* You'll see IPCP status. At this point, your machine has a host route
238to the peer. If you want to add a default route entry, then enter the
239following command. *
240
241PPP ON tama> add 0 0 HISADDR
242
243* The string
244.Sq HISADDR
245represents the IP address of connected peer. *
246
247PPP ON tama>
248
249* Use network applications (i.e. ping, telnet, ftp) in other windows *
250
251PPP ON tama> show log
252
253* Gives you some logging messages *
254
255PPP ON tama> close
256
257* The connection is closed and modem will be disconnected. *
258
259ppp ON tama> quit
260
261%
262
263.Sh AUTOMATIC DIALING
264
265To use automatic dialing, you must prepare some Dial and Login chat scripts.
266See the example definitions in
267.Pa /etc/ppp/ppp.conf.sample
268(the format of ppp.conf is pretty simple).
269
270.Bl -bullet -compact
271.It
272Each line contains one command, label or comment.
273.It
274A line starting with a
275.Sq #
276character is treated as a comment line.
277.It
278A label name has to start in the first column and should be followed by
279a colon (:).
280.It
281A command line must contain a space or tab in the first column.
282.El
283
284Once ppp.conf is ready, specify the destination label name when you
285invoke
286.Nm ppp .
287Commands associated with the destination label are then
288executed. Note that the commands associated with the
289.Dq default
290label are ALWAYS executed.
291
292Once the connection is made, you'll find that the
293.Nm ppp
294portion of the prompt has changed to
295.Nm PPP .
296
297 % ppp pm2
298 ...
299 ppp ON tama> dial
300 dial OK!
301 login OK!
302 PPP ON tama>
303
304If the
305.Pa /etc/ppp/ppp.linkup
306file is available, its contents are executed
307when the
308.Em PPP
309connection is established. See the provided example which adds a
310default route. The string HISADDR represents the IP address of the
311remote peer.
312
313.Sh BACKGROUND DIALING
314
315If you want to establish a connection using
316.Nm ppp non-interactively (such as from a
317.Xr crontab(5)
318entry or an
319.Xr at(1)
320script) you should use the
321.Fl background
322option. You must also specify the destination label in
323.Pa /etc/ppp/ppp.conf
324to use.
325
326When
327.Fl background
328is specified,
329.Nm
330attempts to establish the connection. If this attempt fails,
331.Nm ppp
332exits immediately with a non-zero exit code.
333
334If it succeeds, then
335.Nm ppp
336becomes a daemon, and returns an exit status of zero to its caller.
337The daemon exits automatically if the connection is dropped by the
338remote system, or it receives a TERM signal.
339
340The file
341.Pa /var/run/ppp.tun0.pid
342contains the process id number of the
343.Nm ppp
344program that is using the tunnel device tun0.
345
346.Sh DIAL ON DEMAND
347
348To play with demand dialing, you must use the
349.Fl auto
350or
351.Fl ddial
352option. You must also specify the destination label in
353.Pa /etc/ppp/ppp.conf
354to use. It should contain the
355.Dq ifaddr
356command to define the remote peer's IP address. (refer to
357.Pa /etc/ppp/ppp.conf.sample )
358
359 % ppp -auto pm2demand
360 ...
361 %
362
363When
364.Fl auto
365or
366.Fl ddial
367is specified,
368.Nm
369runs as a daemon but you can still configure or examine its
370configuration by using the diagnostic port as follows:
371
372
373 % telnet localhost 3000
374 Trying 127.0.0.1...
375 Connected to localhost.spec.co.jp.
376 Escape character is '^]'.
377 User Process PPP. Written by Toshiharu OHNO.
378 Working as auto mode.
379 PPP on tama> show ipcp
380 what ?
381 PPP on tama> pass xxxx
382 PPP ON tama> show ipcp
383 IPCP [OPEND]
384 his side: xxxx
385 ....
386
387.Pp
388Each
389.Nm
390daemon has an associated port number which is computed as "3000 +
391tunnel_device_number". If 3000 is not good base number, edit defs.h in
392the ppp sources (
393.Pa /usr/src/usr.sbin/ppp )
394and recompile it.
395
396When an outgoing packet is detected,
397.Nm
398will perform the dialing action (chat script) and try to connect
399with the peer.
400
401If the connect fails, the default behavior is to wait 30 seconds
402and then attempt to connect when another outgoing packet is detected.
403This behavior can be changed with
404.Bd -literal -offset indent
405set redial seconds|random[.nseconds|random] [dial_attempts]
406.Ed
407.Pp
408.Sq Seconds
409is the number of seconds to wait before attempting
410to connect again. If the argument is
411.Sq random ,
412the delay period is a random value between 0 and 30 seconds.
413.Sq Nseconds
414is the number of seconds to wait before attempting
415to dial the next number in a list of numbers (see the
416.Dq set phone
417command). The default is 3 seconds. Again, if the argument is
418.Sq random ,
419the delay period is a random value between 0 and 30 seconds.
420.Sq dial_attempts
421is the number of times to try to connect for each outgoing packet
422that is received. The previous value is unchanged if this parameter
423is omitted. If a value of zero is specified for
424.Sq dial_attempts ,
425.Nm ppp
426will keep trying until a connection is made.
427.Bd -literal -offset indent
428set redial 10.3 4
429.Ed
430.Pp
431will attempt to connect 4 times for each outgoing packet that is
432detected with a 3 second delay between each number and a 10 second
433delay after all numbers have been tried. If multiple phone numbers
434are specified, the total number of attempts is still 4 (it does not
435attempt each number 4 times).
436
437Modifying the dial delay is very useful when running
438.Nm
439in demand
440dial mode on both ends of the link. If each end has the same timeout,
441both ends wind up calling each other at the same time if the link
442drops and both ends have packets queued.
443
| 3.Dd 20 September 1995
4.Os FreeBSD
5.Dt PPP 8
6.Sh NAME
7.Nm ppp
8.Nd
9Point to Point Protocol (aka iijppp)
10.Sh SYNOPSIS
11.Nm
12.Op Fl auto | background | ddial | direct | dedicated
13.Op Fl alias
14.Op Ar system
15.Sh DESCRIPTION
16This is a user process
17.Em PPP
18software package. Normally,
19.Em PPP
20is implemented as a part of the kernel (e.g. as managed by pppd) and it's
21thus somewhat hard to debug and/or modify its behavior. However, in this
22implementation
23.Em PPP
24is done as a user process with the help of the
25tunnel device driver (tun).
26
27.Sh Major Features
28
29.Bl -diag
30.It Provides interactive user interface.
31Using its command mode, the user can
32easily enter commands to establish the connection with the remote end, check
33the status of connection and close the connection. All functions can
34also be optionally password protected for security.
35
36.It Supports both manual and automatic dialing.
37Interactive mode has a
38.Dq term
39command which enables you to talk to your modem directly. When your
40modem is connected to the remote peer and it starts to talk
41.Em PPP
42, the
43.Em PPP
44software detects it and switches to packet
45mode automatically. Once you have determined the proper sequence for connecting
46with the remote host, you can write a chat script to define the necessary
47dialing and login procedure for later convenience.
48
49.It Supports on-demand dialup capability.
50By using auto mode,
51.Nm
52will act as a daemon and wait for a packet to be sent over the
53.Em PPP
54link. When this happens, the daemon automatically dials and establishes the
55connection.
56
57In almost the same manner ddial mode (dedicated or demon dialing)
58also automatically dials and establishes the connection. However, it
59differs in that it will dial the remote site any time it detects the
60link is down, even if there are no packets to be sent. This mode is
61useful for full-time connections who worry less about line charges
62and more about being connected full time.
63
64.It Supports packet aliasing.
65Packet aliasing, more commonly known as masquerading, allows computers
66on a private, unregistered network to access the internet. The
67.Em PPP
68host acts as a masquerading gateway. IP addresses as well as TCP and
69UDP port numbers are aliased for outgoing packets and de-aliased for
70returning packets.
71
72.It Supports background PPP connections.
73In background mode, if
74.Nm
75successfully establishes the connection, it will become a daemon.
76Otherwise, it will exit with an error.
77
78.It Supports server-side PPP connections.
79Can act as server which accepts incoming
80.Em PPP
81connections.
82
83.It Supports PAP and CHAP authentication.
84
85.It Supports Proxy Arp.
86When
87.Em PPP
88is set up as server, you can also configure it to do proxy arp for your
89connection.
90
91.It Supports packet filtering.
92User can define four kinds of filters:
93.Em ifilter
94for incoming packets,
95.Em ofilter
96for outgoing packets,
97.Em dfilter
98to define a dialing trigger packet and
99.Em afilter
100for keeping a connection alive with the trigger packet.
101
102.It Tunnel driver supports bpf.
103The user can use
104.Xr tcpdump 1
105to check the packet flow over the
106.Em PPP
107link.
108
109.It Supports PPP over TCP capability.
110
111
112.It Supports IETF draft Predictor-1 compression.
113.Nm
114supports not only VJ-compression but also Predictor-1 compression.
115Normally, a modem has built-in compression (e.g. v42.bis) and the system
116may receive higher data rates from it as a result of such compression.
117While this is generally a good thing in most other situations, this
118higher speed data imposes a penalty on the system by increasing the
119number of serial interrupts the system has to process in talking to the
120modem and also increases latency. Unlike VJ-compression, Predictor-1
121compression pre-compresses
122.Em all
123data flowing through the link, thus reducing overhead to a minimum.
124
125.It Supports Microsofts IPCP extentions.
126Name Server Addresses and NetBIOS Name Server Addresses can be negotiated
127with clients using the Microsoft
128.Em PPP
129stack (ie. Win95, WinNT)
130
131.It Runs under BSDI-1.1 and FreeBSD.
132
133.El
134
135
136Patches for NeXTSTEP 3.2 are also available on the net.
137
138.Sh GETTING STARTED
139
140When you first run
141.Nm
142you may need to deal with some initial configuration details. First,
143your kernel should include a tunnel device (the default in FreeBSD 2.0.5
144and later). If it doesn't, you'll need to rebuild your kernel with the
145following line in your kernel configuration file:
146
147.Dl pseudo-device tun 1
148
149You should set the numeric field to the maximum number of
150.Em PPP
151connections you wish to support.
152
153Second, check your
154.Pa /dev
155directory for the tunnel device entry
156.Pa /dev/tun0.
157If it doesn't exist, you can create it by running "MAKEDEV tun0"
158
159.Sh MANUAL DIALING
160
161%
162.Nm
163User Process PPP written by Toshiharu OHNO.
164
165* If you set your hostname and password in
166.Pa /etc/ppp/ppp.secret ,
167you can't do
168anything except run the quit and help commands *
169
170ppp on "your hostname"> help
171 passwd : Password for security
172 quit : Quit the PPP program
173 help : Display this message
174
175ppp on tama> pass <password>
176
177* "on" will change to "ON" if you specify the correct password. *
178
179ppp ON tama>
180
181* You can now specify the device name, speed and parity
182for your modem, and whether
183CTS/RTS signalling should be used (CTS/RTS is used by default).
184If your hardware does not provide CTS/RTS lines (as
185may happen when you are connected directly to certain ppp-capable
186terminal servers),
187.Nm
188will never send any output through the port; it
189waits for a signal which never comes.
190Thus, if you have a direct line and can't seem to make
191a connection, try turning ctsrts off: *
192
193
194ppp ON tama> set line /dev/cuaa0
195
196ppp ON tama> set speed 38400
197
198ppp ON tama> set parity even
199
200ppp ON tama> set ctsrts on
201
202ppp ON tama> show modem
203
204* Modem related parameters are shown in here *
205
206ppp ON tama>
207
208* Use term command to talk with your modem *
209
210ppp ON tama> term
211 at
212 OK
213 atdt123456
214 CONNECT
215
216 login: ppp
217 Password:
218
219* PPP started in remote side. When the peer start to talk PPP, the
220program will detect it automatically and return to command mode. *
221
222ppp ON tama>
223
224.Nm PPP
225ON tama>
226
227* NOW, you are connected! Note that
228.Sq PPP
229in the prompt has changed to capital letters to indicate this. *
230
231PPP ON tama> show lcp
232
233* You'll see LCP status *
234
235PPP ON tama> show ipcp
236
237* You'll see IPCP status. At this point, your machine has a host route
238to the peer. If you want to add a default route entry, then enter the
239following command. *
240
241PPP ON tama> add 0 0 HISADDR
242
243* The string
244.Sq HISADDR
245represents the IP address of connected peer. *
246
247PPP ON tama>
248
249* Use network applications (i.e. ping, telnet, ftp) in other windows *
250
251PPP ON tama> show log
252
253* Gives you some logging messages *
254
255PPP ON tama> close
256
257* The connection is closed and modem will be disconnected. *
258
259ppp ON tama> quit
260
261%
262
263.Sh AUTOMATIC DIALING
264
265To use automatic dialing, you must prepare some Dial and Login chat scripts.
266See the example definitions in
267.Pa /etc/ppp/ppp.conf.sample
268(the format of ppp.conf is pretty simple).
269
270.Bl -bullet -compact
271.It
272Each line contains one command, label or comment.
273.It
274A line starting with a
275.Sq #
276character is treated as a comment line.
277.It
278A label name has to start in the first column and should be followed by
279a colon (:).
280.It
281A command line must contain a space or tab in the first column.
282.El
283
284Once ppp.conf is ready, specify the destination label name when you
285invoke
286.Nm ppp .
287Commands associated with the destination label are then
288executed. Note that the commands associated with the
289.Dq default
290label are ALWAYS executed.
291
292Once the connection is made, you'll find that the
293.Nm ppp
294portion of the prompt has changed to
295.Nm PPP .
296
297 % ppp pm2
298 ...
299 ppp ON tama> dial
300 dial OK!
301 login OK!
302 PPP ON tama>
303
304If the
305.Pa /etc/ppp/ppp.linkup
306file is available, its contents are executed
307when the
308.Em PPP
309connection is established. See the provided example which adds a
310default route. The string HISADDR represents the IP address of the
311remote peer.
312
313.Sh BACKGROUND DIALING
314
315If you want to establish a connection using
316.Nm ppp non-interactively (such as from a
317.Xr crontab(5)
318entry or an
319.Xr at(1)
320script) you should use the
321.Fl background
322option. You must also specify the destination label in
323.Pa /etc/ppp/ppp.conf
324to use.
325
326When
327.Fl background
328is specified,
329.Nm
330attempts to establish the connection. If this attempt fails,
331.Nm ppp
332exits immediately with a non-zero exit code.
333
334If it succeeds, then
335.Nm ppp
336becomes a daemon, and returns an exit status of zero to its caller.
337The daemon exits automatically if the connection is dropped by the
338remote system, or it receives a TERM signal.
339
340The file
341.Pa /var/run/ppp.tun0.pid
342contains the process id number of the
343.Nm ppp
344program that is using the tunnel device tun0.
345
346.Sh DIAL ON DEMAND
347
348To play with demand dialing, you must use the
349.Fl auto
350or
351.Fl ddial
352option. You must also specify the destination label in
353.Pa /etc/ppp/ppp.conf
354to use. It should contain the
355.Dq ifaddr
356command to define the remote peer's IP address. (refer to
357.Pa /etc/ppp/ppp.conf.sample )
358
359 % ppp -auto pm2demand
360 ...
361 %
362
363When
364.Fl auto
365or
366.Fl ddial
367is specified,
368.Nm
369runs as a daemon but you can still configure or examine its
370configuration by using the diagnostic port as follows:
371
372
373 % telnet localhost 3000
374 Trying 127.0.0.1...
375 Connected to localhost.spec.co.jp.
376 Escape character is '^]'.
377 User Process PPP. Written by Toshiharu OHNO.
378 Working as auto mode.
379 PPP on tama> show ipcp
380 what ?
381 PPP on tama> pass xxxx
382 PPP ON tama> show ipcp
383 IPCP [OPEND]
384 his side: xxxx
385 ....
386
387.Pp
388Each
389.Nm
390daemon has an associated port number which is computed as "3000 +
391tunnel_device_number". If 3000 is not good base number, edit defs.h in
392the ppp sources (
393.Pa /usr/src/usr.sbin/ppp )
394and recompile it.
395
396When an outgoing packet is detected,
397.Nm
398will perform the dialing action (chat script) and try to connect
399with the peer.
400
401If the connect fails, the default behavior is to wait 30 seconds
402and then attempt to connect when another outgoing packet is detected.
403This behavior can be changed with
404.Bd -literal -offset indent
405set redial seconds|random[.nseconds|random] [dial_attempts]
406.Ed
407.Pp
408.Sq Seconds
409is the number of seconds to wait before attempting
410to connect again. If the argument is
411.Sq random ,
412the delay period is a random value between 0 and 30 seconds.
413.Sq Nseconds
414is the number of seconds to wait before attempting
415to dial the next number in a list of numbers (see the
416.Dq set phone
417command). The default is 3 seconds. Again, if the argument is
418.Sq random ,
419the delay period is a random value between 0 and 30 seconds.
420.Sq dial_attempts
421is the number of times to try to connect for each outgoing packet
422that is received. The previous value is unchanged if this parameter
423is omitted. If a value of zero is specified for
424.Sq dial_attempts ,
425.Nm ppp
426will keep trying until a connection is made.
427.Bd -literal -offset indent
428set redial 10.3 4
429.Ed
430.Pp
431will attempt to connect 4 times for each outgoing packet that is
432detected with a 3 second delay between each number and a 10 second
433delay after all numbers have been tried. If multiple phone numbers
434are specified, the total number of attempts is still 4 (it does not
435attempt each number 4 times).
436
437Modifying the dial delay is very useful when running
438.Nm
439in demand
440dial mode on both ends of the link. If each end has the same timeout,
441both ends wind up calling each other at the same time if the link
442drops and both ends have packets queued.
443
|
451
452To terminate the program, type
453
454 PPP ON tama> close
455 ppp ON tama> quit all
456
457.Pp
458A simple
459.Dq quit
460command will terminate the telnet connection but not the program itself.
461You must use
462.Dq quit all
463to terminate the program as well.
464
465.Sh PACKET ALIASING
466
467The
468.Fl alias
469command line option enables packet aliasing. This allows the
470ppp host to act as a masquerading gateway for other computers over
471a local area network. Outgoing IP packets are are aliased so that
472they appear to come from the ppp host, and incoming packets are
473de-aliased so that they are routed to the correct machine on the
474local area network.
475
476Packet aliasing allows computers on private, unregistered
477subnets to have internet access, although they are invisible
478from the outside world.
479
480In general, correct ppp operation should first be verified
481with packet aliasing disabled. Then, the
482.Fl alias
483option should be switched on, and network applications (web browser,
484telnet, ftp, ping, traceroute) should be checked on the ppp host.
485Finally, the same or similar applications should be checked on other
486computers in the LAN.
487
488If network applications work correctly on the ppp host, but not on
489other machines in the LAN, then the masquerading software is working
490properly, but the host is either not forwarding or possibly receiving
491IP packets. Check that IP forwarding is enabled in /etc/sysconfig
492and that other machines have designated the ppp host as the gateway
493for the LAN.
494
495.Sh PACKET FILTERING
496
497This implementation supports packet filtering. There are three kinds of
498filters: ifilter, ofilter and dfilter. Here are the basics:
499
500.Bl -bullet -compact
501.It
502A filter definition has the following syntax:
503
504set filter-name rule-no action [src_addr/src_width] [dst_addr/dst_width]
505[proto [src [lt|eq|gt] port ]] [dst [lt|eq|gt] port] [estab]
506.Bl -enum
507.It
508.Sq filter-name
509should be one of ifilter, ofilter, or dfilter.
510.It
511There are two actions:
512.Sq permit
513and
514.Sq deny .
515If a given packet
516matches the rule, the associated action is taken immediately.
517.It
518.Sq src_width
519and
520.Sq dst_width
521work like a netmask to represent an address range.
522.It
523.Sq proto
524must be one of icmp, udp or tcp.
525.It
526.Sq port number
527can be specified by number and service name from
528.Pa /etc/services .
529
530.El
531
532.It
533Each filter can hold up to 20 rules, starting from rule 0.
534
535The entire rule set is not effective until rule 0 is defined.
536
537.It
538If no rule is matched to a packet, that packet will be discarded
539(blocked).
540
541.It
542Use
543.Dq set filter-name -1
544to flush all rules.
545
546.El
547
548See
549.Pa /etc/ppp/ppp.conf.filter.example .
550
551
552.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1)
553
554To handle an incoming
555.Em PPP
556connection request, follow these steps:
557
558.Bl -enum
559.It
560Make sure the modem and (optionally)
561.Pa /etc/rc.serial
562is configured correctly.
563.Bl -bullet -compact
564.It
565Use Hardware Handshake (CTS/RTS) for flow control.
566.It
567Modem should be set to NO echo back (ATE0) and NO results string (ATQ1).
568.El
569
570.It
571Edit
572.Pa /etc/ttys
573to enable a getty on the port where the modem is attached.
574
575For example:
576
577.Dl ttyd1 "/usr/libexec/getty std.38400" dialup on secure
578
579Don't forget to send a HUP signal to the init process to start the getty.
580
581.Dl # kill -HUP 1
582
583.It
584Prepare an account for the incoming user.
585.Bd -literal
586ppp:xxxx:66:66:PPP Login User:/home/ppp:/usr/local/bin/ppplogin
587.Ed
588
589.It
590Create a
591.Pa /usr/local/bin/ppplogin
592file with the following contents:
593.Bd -literal -offset indent
594#!/bin/sh -p
595exec /usr/sbin/ppp -direct
596.Ed
597
598(You can specify a label name for further control.)
599
600.Pp
601Direct mode (
602.Fl direct )
603lets
604.Nm
605work with stdin and stdout. You can also telnet to port 3000 to get
606command mode control in the same manner as client-side
607.Nm.
608
609.It
610Optional support for Microsoft's IPCP Name Server and NetBIOS
611Name Server negotiation can be enabled use
612.Dq enable msext
613and
614.Dq set ns pri-addr [sec-addr]
615along with
616.Dq set nbns pri-addr [sec-addr]
617in your ppp.conf file
618
619.El
620
621.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 2)
622
623This method differs in that it recommends the use of
624.Em mgetty+sendfax
625to handle the modem connections. The latest version 0.99
626can be compiled with the
627.Dq AUTO_PPP
628option to allow detection of clients speaking PPP to the login
629prompt.
630
631Follow these steps:
632
633.Bl -enum
634.It
635Get, configure, and install mgetty+sendfax v0.99 or later (beta)
636making sure you have used the AUTO_PPP option.
637.It
638Edit
639.Pa /etc/ttys
640to enable a mgetty on the port where the modem is attached.
641
642For example:
643
644.Dl cuaa1 "/usr/local/sbin/mgetty -s 57600" dialup on
645
646.It
647Prepare an account for the incoming user.
648.Bd -literal
649Pfred:xxxx:66:66:Fred's PPP:/home/ppp:/etc/ppp/ppp-dialup
650.Ed
651
652.It
653Examine the files
654.Pa /etc/ppp/sample.ppp-dialup
655.Pa /etc/ppp/sample.ppp-pap-dialup
656and
657.Pa /etc/ppp/sample.ppp.conf
658for ideas. ppp-pap-dialup is supposed to be called from
659.Pa /usr/local/etc/mgetty+sendfax/login.conf
660from a line like
661
662.Dl /AutoPPP/ - - /etc/ppp/ppp-pap-dialup
663.El
664
665.Sh SETTING IDLE, LINE QUALITY REQUEST, RETRY TIMER
666
667To check/set idletimer, use the
668.Dq show timeout
669and
670.Dq set timeout [lqrtimer [retrytimer]]
671commands.
672
673 Ex:
674.Dl ppp ON tama> set timeout 600
675
676The timeout period is measured in seconds, the default values for which
677are timeout = 180 or 3 min, lqrtimer = 30sec and retrytimer = 3sec.
678To disable the idle timer function,
679use the command
680.Dq set timeout 0 .
681
682In
683.Fl auto
684mode, an idle timeout causes the
685.Em PPP
686session to be
687closed, though the
688.Nm
689program itself remains running. Another trigger packet will cause it to
690attempt to reestablish the link.
691
692.Sh Predictor-1 compression
693
694This version supports CCP and Predictor type 1 compression based on
695the current IETF-draft specs. As a default behavior,
696.Nm
697will attempt to use (or be willing to accept) this capability when the
698peer agrees (or requests it).
699
700To disable CCP/predictor functionality completely, use the
701.Dq disable pred1
702and
703.Dq deny pred1
704commands.
705
706.Sh Controlling IP address
707
708.Nm
709uses IPCP to negotiate IP addresses. Each side of the connection
710specifies the IP address that it's willing to use, and if the requested
711IP address is acceptable then
712.Nm
713returns ACK to the requester. Otherwise,
714.Nm
715returns NAK to suggest that the peer use a different IP address. When
716both sides of the connection agree to accept the received request (and
717send ACK), IPCP is set to the open state and a network level connection
718is established.
719
720To control this IPCP behavior, this implementation has the
721.Dq set ifaddr
722command for defining the local and remote IP address:
723
724.Nm set ifaddr
725.Op src_addr Op dst_addr Op netmask Op trg_addr
726
727Where,
728.Sq src_addr
729is the IP address that the local side is willing to use and
730.Sq dst_addr
731is the IP address which the remote side should use.
732.Sq netmask
733is interface netmask.
734.Sq trg_addr
735is the IP address which used in address negotiation.
736
737Ex:
738.Dl set ifaddr 192.244.177.38 192.244.177.2 255.255.255.0
739
740The above specification means:
741.Bl -bullet -compact
742.It
743I strongly want to use 192.244.177.38 as my IP address, and I'll
744disagree if the peer suggests that I use another address.
745
746.It
747I strongly insist that peer use 192.244.177.2 as own side address and
748don't permit it to use any IP address but 192.244.177.2. When peer
749request another IP address, I always suggest that it use 192.244.177.2.
750
751.It
752My interface netmask will be 255.255.255.0.
753
754.It
755This is all fine when each side has a pre-determined IP address, however
756it is often the case that one side is acting as a server which controls
757all IP addresses and the other side should obey the direction from it.
758.El
759
760In order to allow more flexible behavior, `ifaddr' variable allows the
761user to specify IP address more loosely:
762
763.Dl set ifaddr 192.244.177.38/24 192.244.177.2/20
764
765A number followed by a slash (/) represent the number of bits significant in
766the IP address. The above example signifies that:
767
768.Bl -bullet -compact
769.It
770I'd like to use 192.244.177.38 as my address if it is possible, but I'll
771also accept any IP address between 192.244.177.0 and 192.244.177.255.
772
773.It
774I'd like to make him use 192.244.177.2 as his own address, but I'll also
775permit him to use any IP address between 192.244.176.0 and
776192.244.191.255.
777
778.It
779As you may have already noticed, 192.244.177.2 is equivalent to saying
780192.244.177.2/32.
781
782.It
783As an exception, 0 is equivalent to 0.0.0.0/0, meaning that I have no
784preferred IP address and will obey the remote peer's selection.
785
786.It
787192.244.177.2/0 means that I'll accept/permit any IP address but I'll
788try to insist that 192.244.177.2 be used first.
789.El
790
791.Sh Connecting with your service provider
792
793The following steps should be taken when connecting to your ISP:
794
795.Bl -enum
796.It
797Describe your provider's phone number(s) in the dial script using the
798.Dq set phone
799command. This command allows you to set multiple phone numbers for
800dialing and redialing separated by a colon (:). For example:
801.Bd -literal -offset indent
802set phone "1234567:2345678"
803.Ed
804.Pp
805Here, the first number is attempted. If the connection fails, the second
806number is attempted after the next number redial period. If the second number
807also fails, the first is tried again after the redial period has expired.
808The selected phone number is substituted for the \\T string in the
809.Dq set dial
810command (see below).
811
812.It
813Set up your redial requirements using
814.Dq set redial .
815For example, if you have a bad telephone line or your provider is
816usually engaged (not so common these days), you may want to specify
817the following:
818.Bd -literal -offset indent
819set redial 10 4
820.Ed
821.Pp
822This says that up to 4 phone calls should be attempted with a pause of 10
823seconds before dialing the first number again.
824
825.It
826Describe your login procedure using the
827.Dq set dial
828and
829.Dq set login
830commands. The
831.Dq set dial
832command is used to talk to your modem and establish a link with your
833ISP, for example:
834.Bd -literal -offset indent
835set dial "ABORT BUSY ABORT NO\\\\sCARRIER TIMEOUT 4 \\"\\" ATZ OK-ATZ-OK ATDT\\\\T TIMEOUT 60 CONNECT"
836.Ed
837.Pp
838This modem "chat" string means:
839
840.Bl -bullet
841.It
842Abort if the string "BUSY" or "NO CARRIER" are received.
843.It
844Set the timeout to 4.
845.It
846Expect nothing.
847.It
848Send ATZ.
849.It
850Expect OK. If that's not received, send ATZ and expect OK.
851.It
852Send ATDTxxxxxxx where xxxxxxx is the next number in the phone list from
853above.
854.It
855Set the timeout to 60.
856.It
857Wait for the CONNECT string.
858.El
859
860Once the connection is established, the login script is executed. This
861script is written in the same style as the dial script:
862.Bd -literal -offset indent
863set login "TIMEOUT 15 login:-\\\\r-login: awfulhak word: xxx ocol: PPP HELLO"
864.Ed
865.Pp
866This login "chat" string means:
867
868.Bl -bullet
869.It
870Set the timeout to 15 seconds.
871.It
872Expect "login:". If it's not received, send a carriage return and expect
873"login:" again.
874.It
875Send "awfulhak"
876.It
877Expect "word:" (the tail end of a "Password:" prompt).
878.It
879Send "xxx".
880.It
881Expect "ocol:" (the tail end of a "Protocol:" prompt).
882.It
883Send "PPP".
884.It
885Expect "HELLO".
886.El
887.Pp
888Login scripts vary greatly between ISPs.
889
890.It
891Use
892.Dq set line
893and
894.Dq set sp
895to specify your serial line and speed, for example:
896.Bd -literal -offset indent
897set line /dev/cuaa0
898set sp 115200
899.Ed
900.Pp
901Cuaa0 is the first serial port on FreeBSD. Cuaa1 is the second etc. A
902speed of 115200 should be specified if you have a modem capable of bit
903rates of 28800 or more. In general, the serial speed should be about
904four times the modem speed.
905
906.It
907Use
908.Dq set ifaddr
909command to define the IP address.
910.Bl -bullet
911.It
912If you know what IP address your provider uses, then use it as the remote
913address, otherwise choose something like 10.0.0.2/0 (see below).
914.It
915If your provider has assigned a particular IP address to you, then use
916it as your address.
917.It
918If your provider assigns your address dynamically, choose a suitably
919unobtrusive and unspecific IP number as your address. 10.0.0.1/0 would
920be appropriate. The bit after the / specifies how many bits of the
921address you consider to be important, so if you wanted to insist on
922something in the class C network 1.2.3.0, you could specify 1.2.3.0/24.
923.El
924.Pp
925An example for a connection where you don't know your IP number or your
926ISPs IP number would be:
927.Bd -literal -offset indent
928set ifaddr 10.0.0.1/0 10.0.0.2/0
929.Ed
930
931.It
932In most cases, your ISP will also be your default router. If this is
933the case, add the lines
934.Bd -literal -offset indent
935delete ALL
936add 0 0 HISADDR
937.Ed
938.Pp
939to
940.Pa ppp.conf .
941.Pp
942This tells
943.Nm ppp
944to delete all routing entries already made by
945.Nm ppp ,
946then to add a default route to HISADDR. HISADDR is a macro meaning the
947"other side"s IP number.
948.Pp
949If you're using dynamic IP numbers, you must also put these two lines
950in the
951.Pa ppp.linkup
952file. Then, once the link has been established and
953.Nm ppp
954knows the actual IP numbers in use, all previous (and probably incorrect)
955entries are deleted and a default to the correct IP number is added. Use
956the same label as the one used in
957.Pa ppp.conf .
958.Pp
959If commands are being typed interactively, the only requirement is
960to type
961.Bd -literal -offset indent
962add 0 0 HISADDR
963.Ed
964.Pp
965after a successful dial.
966
967.It
968If your provider requests that you use PAP/CHAP authentication methods, add
969the next lines to your
970.Pa ppp.conf
971file:
972.Bd -literal -offset indent
973enable pap (or enable chap)
974disable chap (or disable pap)
975set authname MyName
976set authkey MyPassword
977.Ed
978
979.It
980It is also worth adding the following line:
981.Bd -literal -offset indent
982set openmode active
983.Ed
984.Pp
985This tells
986.Nm ppp
987to initiate LCP. Without this line, there's a possibility
988of both sides of the connection just sitting there and looking at
989eachother rather than communicating.
990
991.El
992
993Please refer to
994.Pa /etc/ppp/ppp.conf.sample
995and
996.Pa /etc/ppp/ppp.linkup.sample
997for some real examples. The pmdemand label should be appropriate for most
998ISPs.
999
1000.Sh Logging facility
1001
1002.Nm
1003is able to generate the following log info into
1004.Pa /var/log/ppp.log :
1005
1006.Bl -column SMMMMMM -offset indent -compat
1007.It Li Phase Phase transition log output
1008.It Li Chat Generate Chat script trace log
1009.It Li Connect Generate complete Chat log
1010.It Li Carrier Log Chat lines with 'CARRIER'
1011.It Li LQM Generate LQR report
1012.It Li LCP Generate LCP/IPCP packet trace
1013.It Li Link Log address assignments and link up/down events
1014.It Li TCP/IP Dump TCP/IP packet
1015.It Li HDLC Dump HDLC packet in hex
1016.It Li Async Dump async level packet in hex
1017.El
1018
1019The
1020.Dq set debug
1021command allows you to set logging output level, of which
1022multiple levels can be specified. The default is equivalent to
1023.Dq set debug carrier link phase .
1024
1025If a HUP signal is received, the log file is closed and re-opened
1026to facilitate log file rotation.
1027
1028.Sh MORE DETAILS
1029
1030.Bl -bullet -compact
1031.It
1032Please read the Japanese doc for complete explanation. It may not be
1033useful for non-japanese readers, but examples in the document may help
1034you to guess.
1035
1036.It
1037Please read example configuration files.
1038
1039.It
1040Use
1041.Dq help ,
1042.Dq show ? ,
1043.Dq set ?
1044and
1045.Dq set ? <var>
1046commands.
1047
1048.It
1049NetBSD and BSDI-1.0 were supported in previous releases but are no
1050longer supported in this release. Please contact the author if you need
1051old driver code.
1052.El
1053
1054.Sh FILES
1055.Nm
1056refers to three files: ppp.conf, ppp.linkup and ppp.secret.
1057These files are placed in
1058.Pa /etc/ppp ,
1059but the user can create his own files under his $HOME directory as
1060.Pa .ppp.conf ,
1061.Pa .ppp.linkup
1062and
1063.Pa .ppp.secret.
1064.Nm
1065will always try to consult the user's personal setup first.
1066
1067.Bl -tag -width flag
1068.Pa $HOME/ppp/.ppp.[conf|linkup|secret]
1069User dependent configuration files.
1070
1071.Pa /etc/ppp/ppp.conf
1072System default configuration file.
1073
1074.Pa /etc/ppp/ppp.secret
1075An authorization file for each system.
1076
1077.Pa /etc/ppp/ppp.linkup
1078A file to check when
1079.Nm
1080establishes a network level connection.
1081
1082.Pa /var/log/ppp.log
1083Logging and debugging information file.
1084
1085.Pa /var/spool/lock/Lck..*
1086tty port locking file.
1087
1088.Pa /var/run/PPP.system
1089Holds the pid for ppp -auto system.
1090
1091.Pa /var/run/ppp.tun0.pid
1092The process id (pid) of the ppp program connected to the ppp0 device.
1093
1094.Pa /etc/services
1095Get port number if port number is using service name.
1096.El
1097.Sh SEE ALSO
1098.Xr chat 8 ,
1099.Xr pppd 8
1100.Sh HISTORY
1101This program was submitted in FreeBSD-2.0.5 Atsushi Murai (amurai@spec.co.jp).
1102
1103.Sh AUTHORS
1104Toshiharu OHNO (tony-o@iij.ad.jp)
| 482
483To terminate the program, type
484
485 PPP ON tama> close
486 ppp ON tama> quit all
487
488.Pp
489A simple
490.Dq quit
491command will terminate the telnet connection but not the program itself.
492You must use
493.Dq quit all
494to terminate the program as well.
495
496.Sh PACKET ALIASING
497
498The
499.Fl alias
500command line option enables packet aliasing. This allows the
501ppp host to act as a masquerading gateway for other computers over
502a local area network. Outgoing IP packets are are aliased so that
503they appear to come from the ppp host, and incoming packets are
504de-aliased so that they are routed to the correct machine on the
505local area network.
506
507Packet aliasing allows computers on private, unregistered
508subnets to have internet access, although they are invisible
509from the outside world.
510
511In general, correct ppp operation should first be verified
512with packet aliasing disabled. Then, the
513.Fl alias
514option should be switched on, and network applications (web browser,
515telnet, ftp, ping, traceroute) should be checked on the ppp host.
516Finally, the same or similar applications should be checked on other
517computers in the LAN.
518
519If network applications work correctly on the ppp host, but not on
520other machines in the LAN, then the masquerading software is working
521properly, but the host is either not forwarding or possibly receiving
522IP packets. Check that IP forwarding is enabled in /etc/sysconfig
523and that other machines have designated the ppp host as the gateway
524for the LAN.
525
526.Sh PACKET FILTERING
527
528This implementation supports packet filtering. There are three kinds of
529filters: ifilter, ofilter and dfilter. Here are the basics:
530
531.Bl -bullet -compact
532.It
533A filter definition has the following syntax:
534
535set filter-name rule-no action [src_addr/src_width] [dst_addr/dst_width]
536[proto [src [lt|eq|gt] port ]] [dst [lt|eq|gt] port] [estab]
537.Bl -enum
538.It
539.Sq filter-name
540should be one of ifilter, ofilter, or dfilter.
541.It
542There are two actions:
543.Sq permit
544and
545.Sq deny .
546If a given packet
547matches the rule, the associated action is taken immediately.
548.It
549.Sq src_width
550and
551.Sq dst_width
552work like a netmask to represent an address range.
553.It
554.Sq proto
555must be one of icmp, udp or tcp.
556.It
557.Sq port number
558can be specified by number and service name from
559.Pa /etc/services .
560
561.El
562
563.It
564Each filter can hold up to 20 rules, starting from rule 0.
565
566The entire rule set is not effective until rule 0 is defined.
567
568.It
569If no rule is matched to a packet, that packet will be discarded
570(blocked).
571
572.It
573Use
574.Dq set filter-name -1
575to flush all rules.
576
577.El
578
579See
580.Pa /etc/ppp/ppp.conf.filter.example .
581
582
583.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1)
584
585To handle an incoming
586.Em PPP
587connection request, follow these steps:
588
589.Bl -enum
590.It
591Make sure the modem and (optionally)
592.Pa /etc/rc.serial
593is configured correctly.
594.Bl -bullet -compact
595.It
596Use Hardware Handshake (CTS/RTS) for flow control.
597.It
598Modem should be set to NO echo back (ATE0) and NO results string (ATQ1).
599.El
600
601.It
602Edit
603.Pa /etc/ttys
604to enable a getty on the port where the modem is attached.
605
606For example:
607
608.Dl ttyd1 "/usr/libexec/getty std.38400" dialup on secure
609
610Don't forget to send a HUP signal to the init process to start the getty.
611
612.Dl # kill -HUP 1
613
614.It
615Prepare an account for the incoming user.
616.Bd -literal
617ppp:xxxx:66:66:PPP Login User:/home/ppp:/usr/local/bin/ppplogin
618.Ed
619
620.It
621Create a
622.Pa /usr/local/bin/ppplogin
623file with the following contents:
624.Bd -literal -offset indent
625#!/bin/sh -p
626exec /usr/sbin/ppp -direct
627.Ed
628
629(You can specify a label name for further control.)
630
631.Pp
632Direct mode (
633.Fl direct )
634lets
635.Nm
636work with stdin and stdout. You can also telnet to port 3000 to get
637command mode control in the same manner as client-side
638.Nm.
639
640.It
641Optional support for Microsoft's IPCP Name Server and NetBIOS
642Name Server negotiation can be enabled use
643.Dq enable msext
644and
645.Dq set ns pri-addr [sec-addr]
646along with
647.Dq set nbns pri-addr [sec-addr]
648in your ppp.conf file
649
650.El
651
652.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 2)
653
654This method differs in that it recommends the use of
655.Em mgetty+sendfax
656to handle the modem connections. The latest version 0.99
657can be compiled with the
658.Dq AUTO_PPP
659option to allow detection of clients speaking PPP to the login
660prompt.
661
662Follow these steps:
663
664.Bl -enum
665.It
666Get, configure, and install mgetty+sendfax v0.99 or later (beta)
667making sure you have used the AUTO_PPP option.
668.It
669Edit
670.Pa /etc/ttys
671to enable a mgetty on the port where the modem is attached.
672
673For example:
674
675.Dl cuaa1 "/usr/local/sbin/mgetty -s 57600" dialup on
676
677.It
678Prepare an account for the incoming user.
679.Bd -literal
680Pfred:xxxx:66:66:Fred's PPP:/home/ppp:/etc/ppp/ppp-dialup
681.Ed
682
683.It
684Examine the files
685.Pa /etc/ppp/sample.ppp-dialup
686.Pa /etc/ppp/sample.ppp-pap-dialup
687and
688.Pa /etc/ppp/sample.ppp.conf
689for ideas. ppp-pap-dialup is supposed to be called from
690.Pa /usr/local/etc/mgetty+sendfax/login.conf
691from a line like
692
693.Dl /AutoPPP/ - - /etc/ppp/ppp-pap-dialup
694.El
695
696.Sh SETTING IDLE, LINE QUALITY REQUEST, RETRY TIMER
697
698To check/set idletimer, use the
699.Dq show timeout
700and
701.Dq set timeout [lqrtimer [retrytimer]]
702commands.
703
704 Ex:
705.Dl ppp ON tama> set timeout 600
706
707The timeout period is measured in seconds, the default values for which
708are timeout = 180 or 3 min, lqrtimer = 30sec and retrytimer = 3sec.
709To disable the idle timer function,
710use the command
711.Dq set timeout 0 .
712
713In
714.Fl auto
715mode, an idle timeout causes the
716.Em PPP
717session to be
718closed, though the
719.Nm
720program itself remains running. Another trigger packet will cause it to
721attempt to reestablish the link.
722
723.Sh Predictor-1 compression
724
725This version supports CCP and Predictor type 1 compression based on
726the current IETF-draft specs. As a default behavior,
727.Nm
728will attempt to use (or be willing to accept) this capability when the
729peer agrees (or requests it).
730
731To disable CCP/predictor functionality completely, use the
732.Dq disable pred1
733and
734.Dq deny pred1
735commands.
736
737.Sh Controlling IP address
738
739.Nm
740uses IPCP to negotiate IP addresses. Each side of the connection
741specifies the IP address that it's willing to use, and if the requested
742IP address is acceptable then
743.Nm
744returns ACK to the requester. Otherwise,
745.Nm
746returns NAK to suggest that the peer use a different IP address. When
747both sides of the connection agree to accept the received request (and
748send ACK), IPCP is set to the open state and a network level connection
749is established.
750
751To control this IPCP behavior, this implementation has the
752.Dq set ifaddr
753command for defining the local and remote IP address:
754
755.Nm set ifaddr
756.Op src_addr Op dst_addr Op netmask Op trg_addr
757
758Where,
759.Sq src_addr
760is the IP address that the local side is willing to use and
761.Sq dst_addr
762is the IP address which the remote side should use.
763.Sq netmask
764is interface netmask.
765.Sq trg_addr
766is the IP address which used in address negotiation.
767
768Ex:
769.Dl set ifaddr 192.244.177.38 192.244.177.2 255.255.255.0
770
771The above specification means:
772.Bl -bullet -compact
773.It
774I strongly want to use 192.244.177.38 as my IP address, and I'll
775disagree if the peer suggests that I use another address.
776
777.It
778I strongly insist that peer use 192.244.177.2 as own side address and
779don't permit it to use any IP address but 192.244.177.2. When peer
780request another IP address, I always suggest that it use 192.244.177.2.
781
782.It
783My interface netmask will be 255.255.255.0.
784
785.It
786This is all fine when each side has a pre-determined IP address, however
787it is often the case that one side is acting as a server which controls
788all IP addresses and the other side should obey the direction from it.
789.El
790
791In order to allow more flexible behavior, `ifaddr' variable allows the
792user to specify IP address more loosely:
793
794.Dl set ifaddr 192.244.177.38/24 192.244.177.2/20
795
796A number followed by a slash (/) represent the number of bits significant in
797the IP address. The above example signifies that:
798
799.Bl -bullet -compact
800.It
801I'd like to use 192.244.177.38 as my address if it is possible, but I'll
802also accept any IP address between 192.244.177.0 and 192.244.177.255.
803
804.It
805I'd like to make him use 192.244.177.2 as his own address, but I'll also
806permit him to use any IP address between 192.244.176.0 and
807192.244.191.255.
808
809.It
810As you may have already noticed, 192.244.177.2 is equivalent to saying
811192.244.177.2/32.
812
813.It
814As an exception, 0 is equivalent to 0.0.0.0/0, meaning that I have no
815preferred IP address and will obey the remote peer's selection.
816
817.It
818192.244.177.2/0 means that I'll accept/permit any IP address but I'll
819try to insist that 192.244.177.2 be used first.
820.El
821
822.Sh Connecting with your service provider
823
824The following steps should be taken when connecting to your ISP:
825
826.Bl -enum
827.It
828Describe your provider's phone number(s) in the dial script using the
829.Dq set phone
830command. This command allows you to set multiple phone numbers for
831dialing and redialing separated by a colon (:). For example:
832.Bd -literal -offset indent
833set phone "1234567:2345678"
834.Ed
835.Pp
836Here, the first number is attempted. If the connection fails, the second
837number is attempted after the next number redial period. If the second number
838also fails, the first is tried again after the redial period has expired.
839The selected phone number is substituted for the \\T string in the
840.Dq set dial
841command (see below).
842
843.It
844Set up your redial requirements using
845.Dq set redial .
846For example, if you have a bad telephone line or your provider is
847usually engaged (not so common these days), you may want to specify
848the following:
849.Bd -literal -offset indent
850set redial 10 4
851.Ed
852.Pp
853This says that up to 4 phone calls should be attempted with a pause of 10
854seconds before dialing the first number again.
855
856.It
857Describe your login procedure using the
858.Dq set dial
859and
860.Dq set login
861commands. The
862.Dq set dial
863command is used to talk to your modem and establish a link with your
864ISP, for example:
865.Bd -literal -offset indent
866set dial "ABORT BUSY ABORT NO\\\\sCARRIER TIMEOUT 4 \\"\\" ATZ OK-ATZ-OK ATDT\\\\T TIMEOUT 60 CONNECT"
867.Ed
868.Pp
869This modem "chat" string means:
870
871.Bl -bullet
872.It
873Abort if the string "BUSY" or "NO CARRIER" are received.
874.It
875Set the timeout to 4.
876.It
877Expect nothing.
878.It
879Send ATZ.
880.It
881Expect OK. If that's not received, send ATZ and expect OK.
882.It
883Send ATDTxxxxxxx where xxxxxxx is the next number in the phone list from
884above.
885.It
886Set the timeout to 60.
887.It
888Wait for the CONNECT string.
889.El
890
891Once the connection is established, the login script is executed. This
892script is written in the same style as the dial script:
893.Bd -literal -offset indent
894set login "TIMEOUT 15 login:-\\\\r-login: awfulhak word: xxx ocol: PPP HELLO"
895.Ed
896.Pp
897This login "chat" string means:
898
899.Bl -bullet
900.It
901Set the timeout to 15 seconds.
902.It
903Expect "login:". If it's not received, send a carriage return and expect
904"login:" again.
905.It
906Send "awfulhak"
907.It
908Expect "word:" (the tail end of a "Password:" prompt).
909.It
910Send "xxx".
911.It
912Expect "ocol:" (the tail end of a "Protocol:" prompt).
913.It
914Send "PPP".
915.It
916Expect "HELLO".
917.El
918.Pp
919Login scripts vary greatly between ISPs.
920
921.It
922Use
923.Dq set line
924and
925.Dq set sp
926to specify your serial line and speed, for example:
927.Bd -literal -offset indent
928set line /dev/cuaa0
929set sp 115200
930.Ed
931.Pp
932Cuaa0 is the first serial port on FreeBSD. Cuaa1 is the second etc. A
933speed of 115200 should be specified if you have a modem capable of bit
934rates of 28800 or more. In general, the serial speed should be about
935four times the modem speed.
936
937.It
938Use
939.Dq set ifaddr
940command to define the IP address.
941.Bl -bullet
942.It
943If you know what IP address your provider uses, then use it as the remote
944address, otherwise choose something like 10.0.0.2/0 (see below).
945.It
946If your provider has assigned a particular IP address to you, then use
947it as your address.
948.It
949If your provider assigns your address dynamically, choose a suitably
950unobtrusive and unspecific IP number as your address. 10.0.0.1/0 would
951be appropriate. The bit after the / specifies how many bits of the
952address you consider to be important, so if you wanted to insist on
953something in the class C network 1.2.3.0, you could specify 1.2.3.0/24.
954.El
955.Pp
956An example for a connection where you don't know your IP number or your
957ISPs IP number would be:
958.Bd -literal -offset indent
959set ifaddr 10.0.0.1/0 10.0.0.2/0
960.Ed
961
962.It
963In most cases, your ISP will also be your default router. If this is
964the case, add the lines
965.Bd -literal -offset indent
966delete ALL
967add 0 0 HISADDR
968.Ed
969.Pp
970to
971.Pa ppp.conf .
972.Pp
973This tells
974.Nm ppp
975to delete all routing entries already made by
976.Nm ppp ,
977then to add a default route to HISADDR. HISADDR is a macro meaning the
978"other side"s IP number.
979.Pp
980If you're using dynamic IP numbers, you must also put these two lines
981in the
982.Pa ppp.linkup
983file. Then, once the link has been established and
984.Nm ppp
985knows the actual IP numbers in use, all previous (and probably incorrect)
986entries are deleted and a default to the correct IP number is added. Use
987the same label as the one used in
988.Pa ppp.conf .
989.Pp
990If commands are being typed interactively, the only requirement is
991to type
992.Bd -literal -offset indent
993add 0 0 HISADDR
994.Ed
995.Pp
996after a successful dial.
997
998.It
999If your provider requests that you use PAP/CHAP authentication methods, add
1000the next lines to your
1001.Pa ppp.conf
1002file:
1003.Bd -literal -offset indent
1004enable pap (or enable chap)
1005disable chap (or disable pap)
1006set authname MyName
1007set authkey MyPassword
1008.Ed
1009
1010.It
1011It is also worth adding the following line:
1012.Bd -literal -offset indent
1013set openmode active
1014.Ed
1015.Pp
1016This tells
1017.Nm ppp
1018to initiate LCP. Without this line, there's a possibility
1019of both sides of the connection just sitting there and looking at
1020eachother rather than communicating.
1021
1022.El
1023
1024Please refer to
1025.Pa /etc/ppp/ppp.conf.sample
1026and
1027.Pa /etc/ppp/ppp.linkup.sample
1028for some real examples. The pmdemand label should be appropriate for most
1029ISPs.
1030
1031.Sh Logging facility
1032
1033.Nm
1034is able to generate the following log info into
1035.Pa /var/log/ppp.log :
1036
1037.Bl -column SMMMMMM -offset indent -compat
1038.It Li Phase Phase transition log output
1039.It Li Chat Generate Chat script trace log
1040.It Li Connect Generate complete Chat log
1041.It Li Carrier Log Chat lines with 'CARRIER'
1042.It Li LQM Generate LQR report
1043.It Li LCP Generate LCP/IPCP packet trace
1044.It Li Link Log address assignments and link up/down events
1045.It Li TCP/IP Dump TCP/IP packet
1046.It Li HDLC Dump HDLC packet in hex
1047.It Li Async Dump async level packet in hex
1048.El
1049
1050The
1051.Dq set debug
1052command allows you to set logging output level, of which
1053multiple levels can be specified. The default is equivalent to
1054.Dq set debug carrier link phase .
1055
1056If a HUP signal is received, the log file is closed and re-opened
1057to facilitate log file rotation.
1058
1059.Sh MORE DETAILS
1060
1061.Bl -bullet -compact
1062.It
1063Please read the Japanese doc for complete explanation. It may not be
1064useful for non-japanese readers, but examples in the document may help
1065you to guess.
1066
1067.It
1068Please read example configuration files.
1069
1070.It
1071Use
1072.Dq help ,
1073.Dq show ? ,
1074.Dq set ?
1075and
1076.Dq set ? <var>
1077commands.
1078
1079.It
1080NetBSD and BSDI-1.0 were supported in previous releases but are no
1081longer supported in this release. Please contact the author if you need
1082old driver code.
1083.El
1084
1085.Sh FILES
1086.Nm
1087refers to three files: ppp.conf, ppp.linkup and ppp.secret.
1088These files are placed in
1089.Pa /etc/ppp ,
1090but the user can create his own files under his $HOME directory as
1091.Pa .ppp.conf ,
1092.Pa .ppp.linkup
1093and
1094.Pa .ppp.secret.
1095.Nm
1096will always try to consult the user's personal setup first.
1097
1098.Bl -tag -width flag
1099.Pa $HOME/ppp/.ppp.[conf|linkup|secret]
1100User dependent configuration files.
1101
1102.Pa /etc/ppp/ppp.conf
1103System default configuration file.
1104
1105.Pa /etc/ppp/ppp.secret
1106An authorization file for each system.
1107
1108.Pa /etc/ppp/ppp.linkup
1109A file to check when
1110.Nm
1111establishes a network level connection.
1112
1113.Pa /var/log/ppp.log
1114Logging and debugging information file.
1115
1116.Pa /var/spool/lock/Lck..*
1117tty port locking file.
1118
1119.Pa /var/run/PPP.system
1120Holds the pid for ppp -auto system.
1121
1122.Pa /var/run/ppp.tun0.pid
1123The process id (pid) of the ppp program connected to the ppp0 device.
1124
1125.Pa /etc/services
1126Get port number if port number is using service name.
1127.El
1128.Sh SEE ALSO
1129.Xr chat 8 ,
1130.Xr pppd 8
1131.Sh HISTORY
1132This program was submitted in FreeBSD-2.0.5 Atsushi Murai (amurai@spec.co.jp).
1133
1134.Sh AUTHORS
1135Toshiharu OHNO (tony-o@iij.ad.jp)
|