4885 lines
161 KiB
Plaintext
4885 lines
161 KiB
Plaintext
Linux PPP HOWTO
|
||
Robert Hart, hartr@interweft.com.au
|
||
v3.0, 31 March 1997
|
||
|
||
This document shows how to connect your Linux PC to a PPP server, how
|
||
to use PPP to link two LANs together and provides one method of set
|
||
ting up your Linux computer as a PPP server.The document also provides
|
||
help in debugging non-functional PPP connections.
|
||
______________________________________________________________________
|
||
|
||
Table of Contents
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
1. Introduction
|
||
|
||
1.1 Clients and Servers
|
||
1.2 Differences between Linux distributions
|
||
1.3 Distribution specific PPP configuration tools
|
||
|
||
2. IP Numbers
|
||
|
||
3. Aims of this Document
|
||
|
||
3.1 Setting up a PPP Client
|
||
3.2 Linking two LANs or a LAN to the Internet using PPP
|
||
3.3 Setting up a PPP server
|
||
3.4 Using PPP over a direct null modem connection
|
||
3.5 This document at present does NOT cover...
|
||
|
||
4. Software versions covered
|
||
|
||
5. Other Useful/Important Documents
|
||
|
||
5.1 Useful Linux Mailing Lists
|
||
|
||
6. Overview of what has to be done to get PPP working as a client
|
||
|
||
6.1 Obtaining/Installing the software
|
||
6.2 Compiling PPP support into the kernel
|
||
6.3 Obtaining information from your ISP
|
||
6.4 Configuring your modem and serial port
|
||
6.5 Setting up Name to Address Resolution (DNS)
|
||
6.6 PPP and root Privileges
|
||
6.7 Checking your distribution PPP Files and setting up the PPP Options
|
||
6.8 If your PPP server uses PAP (Password Authentication Protocol)
|
||
6.9 Connecting to the PPP server by hand
|
||
6.10 Automating your PPP Connection
|
||
6.11 Shutting down the link
|
||
6.12 If you have problems
|
||
6.13 After the link comes up
|
||
6.14 Problems with standard IP services on a Dynamic IP number PPP link
|
||
|
||
7. Configuring your Linux Kernel
|
||
|
||
7.1 Installing the Linux Kernel source
|
||
7.2 Knowing your hardware
|
||
7.3 Kernel compilation - the Linux 1.2.13 kernel
|
||
7.4 Kernel compilation - the Linux 1.3.x and 2.0.x kernels
|
||
7.5 Note on PPP-2.2 and
|
||
7.6 General kernel config considerations for PPP
|
||
|
||
8. Getting the Information you need about the PPP server
|
||
|
||
9. Configuring your modem and serial port
|
||
|
||
9.1 A note about serial ports and speed capabilities
|
||
9.2 Serial Port Names
|
||
9.3 Configuring your modem
|
||
9.4 Note on Serial Flow Control
|
||
9.5 Testing your modem for dial out
|
||
|
||
10. Setting up Name to Address Resolution (DNS)
|
||
|
||
10.1 The
|
||
10.2 The
|
||
|
||
11. Using PPP and root privileges
|
||
|
||
12. Setting up the PPP connection files
|
||
12.1 The supplied options.tpl file
|
||
12.2 What options should I use? (No PAP/CHAP)
|
||
|
||
13. If your PPP server uses PAP (Password Authentication Protocol)
|
||
|
||
13.1 Using MSCHAP
|
||
13.2 The PAP/CHAP secrets file
|
||
13.3 The PAP secrets file
|
||
13.4 The CHAP secrets file
|
||
13.5 Handling multiple PAP-authenticated connections
|
||
|
||
14. Setting up the PPP connection manually
|
||
|
||
15. Automating your connections - Creating the connection scripts
|
||
|
||
15.1 Connection scripts for User name/Password Authentication
|
||
15.2 The ppp-on script
|
||
15.3 Editing the supplied PPP startup scripts
|
||
15.3.1 The ppp-on script
|
||
15.3.2 The ppp-on-dialer script
|
||
15.4 What a Chat script means...
|
||
15.4.1 Starting PPP at the server end
|
||
15.5 A chat script for PAP/CHAP authenticated connections
|
||
15.6 The pppd
|
||
|
||
16. Testing your connection script
|
||
|
||
17. Shutting down the PPP link
|
||
|
||
18. Debugging
|
||
|
||
18.1 I have compiled PPP support into the kernel, but...
|
||
18.1.1 Are you booting the right kernel? Whilst you
|
||
18.1.2 Did you compile ppp kernel support as a module?
|
||
18.1.3 Are you using the correct version of PPP for your kernel?
|
||
18.1.4 Are you running pppd as root?
|
||
18.2 My modem connects but ppp never starts up
|
||
18.3 The syslog says "
|
||
18.3.1 You are not correctly logging into the server
|
||
18.3.2 You are not starting PPP on the server
|
||
18.3.3 The remote PPP process is slow to start
|
||
18.4 Default route not set
|
||
18.5 Other Problems
|
||
|
||
19. Getting Help when totally stuck
|
||
|
||
20. Common Problems once the link is working
|
||
|
||
20.1 I can't see beyond the PPP server I connect to
|
||
20.2 I can send email, but not receive it
|
||
20.3 Why can't people finger, WWW, gopher, talk etc to my machine?
|
||
|
||
21. Using Internet services with Dynamic IP numbers
|
||
|
||
21.1 Setting up email
|
||
21.2 Setting Up a local Name server
|
||
|
||
22. Linking two networks using PPP
|
||
|
||
22.1 Setting up the IP numbers
|
||
22.2 Setting up the routing
|
||
22.3 Network security
|
||
|
||
23. After the link comes up - the
|
||
|
||
23.1 Special routing
|
||
23.2 Handling email queues
|
||
23.3 A sample
|
||
23.4 Handling email
|
||
|
||
24. Using
|
||
|
||
25. Routing issues on a LAN
|
||
|
||
25.1 Note on Security
|
||
|
||
26. Setting up a PPP server
|
||
|
||
26.1 Kernel compilation
|
||
26.2 Overview of the server system
|
||
26.3 Getting the software together
|
||
26.4 Setting up standard (shell access) dialup.
|
||
26.5 Setting up the PPP options files
|
||
26.6 Setting pppd up to allow users to (successfully) run it
|
||
26.7 Setting up the global alias for pppd
|
||
|
||
27. Using PPP across a null modem (direct serial) connection
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
|
||
Copyright
|
||
|
||
This document is distributed under the terms of the GPL (GNU Public
|
||
License).
|
||
|
||
|
||
Distribution
|
||
|
||
|
||
This document will be posted to comp.os.linux.answers as new versions
|
||
of the document are produced. It is also available in HTML format at:-
|
||
|
||
|
||
· Linux Howto Index <http://sunsite.unc.edu/mdw/linux.html#howto>
|
||
|
||
· PPP-HOWTO <http://www.interweft.com.au/other/ppp-howto/ppp-
|
||
howto.html>
|
||
|
||
|
||
Other formats (SGML, ASCII, postscript, DVI) are available from Howtos
|
||
- other formats <ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/other-
|
||
formats>.
|
||
|
||
|
||
As sunsite.unc.edu carries a very heavy load, please use an
|
||
appropriate mirror site close to you.
|
||
|
||
|
||
Acknowledgements
|
||
|
||
|
||
A growing number of people have provided me with assistance in
|
||
preparing this document. Special thanks go to Al Longyear for the
|
||
guidance on PPP itself (if there are mistakes here, they are mine not
|
||
his), Greg Hankins (maintainer of the Linux Howto system)and Debi
|
||
Tackett (of MaximumAccess.com) for many helpful suggestions on style,
|
||
content order, logic and clarity of explanations.
|
||
|
||
|
||
|
||
Finally, to the many people who have contacted me by email offering
|
||
comments - my thanks. As with all HOWTO authors, the satisfaction of
|
||
helping is all the payment we receive and it is enough. By writing
|
||
this HOWTO I am repaying in a small way the debt I - and all other
|
||
Linux users - owe to the people who write and maintain our OS of
|
||
choice.
|
||
|
||
|
||
1. Introduction
|
||
|
||
PPP (the Point to Point Protocol) is a mechanism for creating and
|
||
running IP (the Internet Protocol) and other network protocols over a
|
||
serial link - be that a direct serial connection (using a null-modem
|
||
cable), over a telnet established link or a link made using modems and
|
||
telephone lines (and of course using digital lines such as ISDN).
|
||
|
||
|
||
Using PPP, you can connect your Linux PC to a PPP server and access
|
||
the resources of the network to which the server is connected (almost)
|
||
as if you were directly connected to that network.
|
||
|
||
|
||
You can also set up your Linux PC as a PPP server, so that other
|
||
computers can dial into your computer and access the resources on your
|
||
local PC and/or network.
|
||
|
||
|
||
As PPP is a peer-to-peer system, you can also use PPP on two Linux PCs
|
||
to link together two networks (or a local network to the Internet),
|
||
creating a Wide Area Network (WAN).
|
||
|
||
|
||
One major difference between PPP and an Ethernet connection is of
|
||
course speed - a standard Ethernet connection operates at 10 Mbs (Mega
|
||
- million bits per second) maximum theoretical throughput, whereas an
|
||
analogue modem operates at speeds up to 56 kbps (kilo - thousand bits
|
||
per second).
|
||
|
||
|
||
Also, depending on the type of PPP connection, there may be some
|
||
limitations in usage of some applications and services.
|
||
|
||
|
||
1.1. Clients and Servers
|
||
|
||
PPP is strictly a peer to peer protocol; there is (technically) no
|
||
difference between the machine that dials in and the machine that is
|
||
dialed into. However, for clarity's sake, it is useful to think in
|
||
terms of servers and clients.
|
||
|
||
|
||
When you dial into a site to establish a PPP connection, you are a
|
||
client. The machine to which you connect is the server.
|
||
|
||
|
||
When you are setting up a Linux box to receive and handle dial in PPP
|
||
connections, you are setting up a PPP server.
|
||
|
||
|
||
Any Linux PC can be both a PPP server and client - even simultaneously
|
||
if you have more than one serial port (and modem if necessary). As
|
||
stated above, there is no real difference between clients and servers
|
||
as far as PPP is concerned, once the connection is made.
|
||
|
||
|
||
|
||
This document refers to the machine that initiates the call (that
|
||
dials in) as the CLIENT, whilst the machine that answers the
|
||
telephone, checks the authentication of the dial in request (using
|
||
user names, passwords and possibly other mechanisms) is referred to as
|
||
the SERVER.
|
||
|
||
|
||
The use of PPP as a client to link one or more machines at a location
|
||
into the Internet is, probably, the one in which most people are
|
||
interested - that is using their Linux PC as a client.
|
||
|
||
|
||
The procedure described in this document will allow you to establish
|
||
and automate your Internet connection.
|
||
|
||
|
||
This document will also give you guidance in setting up your Linux PC
|
||
as a PPP server and in linking two LANs together (with full routing)
|
||
using PPP (this is frequently characterised as establishing a WAN -
|
||
wide area network - link).
|
||
|
||
|
||
1.2. Differences between Linux distributions
|
||
|
||
There are many different Linux distributions and they all have their
|
||
own idiosyncrasies and ways of doing things.
|
||
|
||
|
||
In particular, there are two different ways a Linux (and Unix)
|
||
computer actually starts up, configures its interfaces and so forth.
|
||
|
||
|
||
These are BSD system initialisation and System V system
|
||
initialisation. If you dip into some of the Unix news groups, you will
|
||
find occasional religious wars between proponents of these two
|
||
systems. If that sort of thing amuses you, have fun burning bandwidth
|
||
and join in!
|
||
|
||
|
||
Possibly the most widely used distributions are
|
||
|
||
|
||
· Slackware
|
||
which uses BSD style system initialisation
|
||
|
||
· Red Hat (and its former associate Caldera)
|
||
which use SysV system initialisation (although in a slightly
|
||
modified form)
|
||
|
||
· Debian
|
||
which uses SysV system initialisation
|
||
|
||
|
||
BSD style initialisation typically keeps its initialisation files in
|
||
/etc/... and these files are:-
|
||
|
||
|
||
______________________________________________________________________
|
||
/etc/rc
|
||
/etc/rc.local
|
||
/etc/rc.serial
|
||
(and possibly other files)
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Of recent times, some BSD system initialisation schemes use a
|
||
/etc/rc.d... directory to hold the start up file rather than putting
|
||
everything into /etc.
|
||
|
||
|
||
|
||
System V initialisation keeps its initialisation files in directories
|
||
under /etc/... or /etc/rc.d/... and a number of subdirectories under
|
||
there:-
|
||
|
||
|
||
______________________________________________________________________
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 init.d
|
||
-rwxr-xr-x 1 root root 1776 Feb 9 05:01 rc
|
||
-rwxr-xr-x 1 root root 820 Jan 2 1996 rc.local
|
||
-rwxr-xr-x 1 root root 2567 Jul 5 20:30 rc.sysinit
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 rc0.d
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 rc1.d
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 rc2.d
|
||
drwxr-xr-x 2 root root 1024 Jul 18 18:07 rc3.d
|
||
drwxr-xr-x 2 root root 1024 May 27 1995 rc4.d
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 rc5.d
|
||
drwxr-xr-x 2 root root 1024 Jul 6 15:12 rc6.d
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
If you are trying to track down where your Ethernet interface and
|
||
associated network routes are actually configured, you will need to
|
||
track through these files to actually find where the commands are that
|
||
do this.
|
||
|
||
|
||
1.3. Distribution specific PPP configuration tools
|
||
|
||
On some installations (for example Red Hat and Caldera), there is a X
|
||
Windows configured PPP dial up system. This HOWTO does not cover these
|
||
distribution specific tools. If you are having problems with them,
|
||
contact the distributors directly!
|
||
|
||
|
||
|
||
For Red Hat 4.x users, there is now a Red Hat PPP-TIP
|
||
<http://www.interweft.com.au> in the Linux resources area and also
|
||
from Red Hat Software <http://www.redhat.com> in the support area.
|
||
|
||
|
||
2. IP Numbers
|
||
|
||
Every device that connects to the Internet must have its own, unique
|
||
IP number. These are assigned centrally by a designated authority for
|
||
each country.
|
||
|
||
|
||
If you are connecting a local area network (LAN) to the Internet, YOU
|
||
MUST use an IP number from your own assigned network range for all the
|
||
computers and devices you have on your LAN. You MUST NOT pick IP
|
||
numbers out of the air and use these whilst connecting to another LAN
|
||
(let alone the Internet). At worst this will simply not work at all
|
||
and could cause total havoc as your 'stolen' IP number starts
|
||
interfering with the communications of another computer that is
|
||
already using the IP number you have picked out of the air.
|
||
|
||
|
||
|
||
Please note that the IP numbers used throughout this document (with
|
||
some exceptions) are from the 'unconnected network numbers' series
|
||
that are reserved for use by networks that are not (ever) connected to
|
||
the Internet.
|
||
|
||
|
||
There are IP numbers that are specifically dedicated to LANs that do
|
||
not connect to the Internet. The IP number sequences are:-
|
||
|
||
|
||
· One A Class Network Address
|
||
10.0.0.0 (netmask 255.0.0.0)
|
||
|
||
· 16 B Class Network Addresses
|
||
172.16.0.0 - 172.31.0.0 (netmask 255.255.0.0)
|
||
|
||
· 256 C Class Network Addresses
|
||
192.168.0.0 - 192.168.255.0 (netmask 255.255.255.0)
|
||
|
||
|
||
If you have a LAN for which you have not been allocated IP numbers by
|
||
the responsible authority in your country, you should use one of the
|
||
network numbers from the above sequences for your machines.
|
||
|
||
|
||
These numbers should never be used on the Internet.
|
||
|
||
|
||
However, they can be used for the local Ethernet on a machine that is
|
||
connecting to the Internet. This is because IP numbers are actually
|
||
allocated to a network interface, not to a computer. So whilst your
|
||
Ethernet interface may use 10.0.0.1 (for example), when you hook onto
|
||
the Internet using PPP, your PPP interface will be given another (and
|
||
valid) IP number by the server. Your PC will have Internet
|
||
connectivity, but the other computers on your LAN will not.
|
||
|
||
|
||
However, using Linux and the IP Masquerade (also known as NAT -
|
||
Network address Translation) capabilities of the Linux and the ipfwadm
|
||
software, you can connect your LAN to the Internet (with some
|
||
restriction of services), even if you do not have valid IP numbers for
|
||
the machines on your Ethernet.
|
||
|
||
|
||
For more information on how to do this see the IP Masquerade mini-
|
||
HOWTO at Linux IP Masquerade mini HOWTO
|
||
<http://sunsite.unc.edu/mdw/HOWTO/mini/IP-Masquerade>
|
||
|
||
|
||
For most users, who are connecting a single machine to an Internet
|
||
service provider via PPP, obtaining an IP number (or more accurately,
|
||
a network number) will not be necessary.
|
||
|
||
|
||
If you wish to connect a small LAN to the Internet, many Internet
|
||
Service Providers (ISPs) can provide you with a dedicated subnet (a
|
||
specific sequence of IP numbers) from their existing IP address space.
|
||
Alternatively, use IP Masquerading.
|
||
|
||
|
||
For users, who are connecting a single PC to the Internet via an ISP,
|
||
most providers use dynamic IP number assignment. That is, as part of
|
||
the connection process, the PPP service you contact will tell your
|
||
machine what IP number to use for the PPP interface during the current
|
||
session. This number will not be the same every time you connect to
|
||
your ISP.
|
||
With dynamic IP numbers, you are not given the same IP number each
|
||
time you connect. This has implications for server type applications
|
||
on your Linux machine such as sendmail, ftpd, httpd and so forth.
|
||
These services are based on the premise that the computer offering the
|
||
service is accessible at the same IP number all the time (or at least
|
||
the same fully qualified domain name - FQDN - and that DNS resolution
|
||
of the name to IP address is available).
|
||
|
||
|
||
The limitations of service due to dynamic IP number assignment (and
|
||
ways to work around these, where possible) are discussed later in the
|
||
document.
|
||
|
||
|
||
3. Aims of this Document
|
||
|
||
3.1. Setting up a PPP Client
|
||
|
||
This document provides guidance to people who wish to use Linux and
|
||
PPP to dial into a PPP server and set up an IP connection using PPP.
|
||
It assumes that PPP has been compiled and installed on your Linux
|
||
machine (but does briefly cover reconfiguring/recompiling your kernel
|
||
to include PPP support).
|
||
|
||
|
||
Whilst DIP (the standard way of creating a SLIP connection) can be
|
||
used to set up a PPP connection, DIP scripts are generally quite
|
||
complex. For this reason, this document does NOT cover using DIP to
|
||
set up a PPP connection.
|
||
|
||
|
||
Instead, this document describes the standard Linux PPP software
|
||
(chat/pppd).
|
||
|
||
|
||
3.2. Linking two LANs or a LAN to the Internet using PPP
|
||
|
||
This document provides (basic) information on linking two LANs or a
|
||
LAN to the Internet using PPP.
|
||
|
||
|
||
3.3. Setting up a PPP server
|
||
|
||
This document provides guidance on how to configure your Linux PC as a
|
||
PPP server (allowing other people to dial into your Linux PC and
|
||
establish a PPP connection).
|
||
|
||
|
||
You should note that there are a myriad of ways of setting up Linux as
|
||
a PPP server. This document gives one method - that used by the author
|
||
to set up several small PPP servers (each of 16 modems).
|
||
|
||
|
||
This method is known to work well. However, it is not necessarily the
|
||
best method.
|
||
|
||
|
||
3.4. Using PPP over a direct null modem connection
|
||
|
||
This document provides a brief overview of using PPP to link two Linux
|
||
PCs via a null modem cable. It is possible to link other OS's to Linux
|
||
this way as well. To do so, you will need to consult the documentation
|
||
for the operating system you are interested in.
|
||
|
||
|
||
|
||
3.5. This document at present does NOT cover...
|
||
|
||
|
||
· Compiling the PPP daemon software
|
||
See the documentation that comes with the version of pppd you are
|
||
using.
|
||
|
||
· Connecting and configuring a modem to Linux (in detail)
|
||
See the Serial-HOWTO and for modem specific initialisation, see
|
||
Modem Setup Information <http://www.in.net/info/modems/index.html>
|
||
for information that may help you to configure your modem.
|
||
|
||
· Using DIP to make PPP connections
|
||
Use chat instead...
|
||
|
||
· Using socks or IP Masquerade
|
||
There are perfectly good documents already covering these two
|
||
packages.
|
||
|
||
· Using diald to set up an automated connection
|
||
See the diald documentation for information on this.
|
||
|
||
· Using EQL to gang together two modems into a single PPP link.
|
||
|
||
· Distribution specific PPP connection methods (such as the Red Hat
|
||
4.x network configuration tool.
|
||
See the distribution for documentation on the methods used.
|
||
|
||
· The growing number of tools available to automate PPP set up
|
||
See the appropriate documentation.
|
||
|
||
|
||
4. Software versions covered
|
||
|
||
This HOWTO assumes that you are using a Linux 1.2.x kernel with the
|
||
PPP 2.1.2 software or Linux 1.3.X/2.0.x and PPP 2.2.
|
||
|
||
|
||
At the time of writing, the latest official version of PPP available
|
||
for Linux is ppp-2.2f. The new version (ppp-2.3) is still in beta.
|
||
|
||
|
||
It is possible to use PPP 2.2.0 with kernel 1.2.13. This requires
|
||
kernel patches. It is recommended that version 1.2.13 kernel users
|
||
move up to ppp-2.2 as it includes several bug fixes and enhancements.
|
||
|
||
|
||
Also, you should particularly note that you cannot use the PPP 2.1.2
|
||
software with Linux kernel version 2.0.X.
|
||
|
||
|
||
Please note that this document does NOT cover problems arising from
|
||
the use of loadable modules for Linux kernel 2.0.x. Please see the
|
||
kerneld mini-HOWTO and the kernel/module 2.0.x documentation (in the
|
||
Linux 2.0.x source tree at /usr/src/linux/Documentation/...).
|
||
|
||
|
||
As this document is designed to assist new users, it is highly
|
||
recommended that you use a version of the Linux kernel and the
|
||
appropriate PPP version that are known to be stable together.
|
||
|
||
|
||
5. Other Useful/Important Documents
|
||
|
||
Users are advised to read :-
|
||
|
||
· the documentation that comes with the PPP package;
|
||
|
||
· the pppd and chat man pages;
|
||
(use man chat and man pppd to explore these)
|
||
|
||
· the Linux Network Administration Guide (NAG);
|
||
see The Network Administrators' Guide
|
||
<http://sunsite.unc.edu/mdw/LDP-books/nag-1.0/nag.html>
|
||
|
||
· the Net-2/3 HOWTO;
|
||
see Linux NET-2/3-HOWTO
|
||
<http://sunsite.unc.edu/mdw/HOWTO/NET-2-HOWTO.html>
|
||
|
||
· Linux kernel documentation installed in
|
||
/usr/src/linux/Documentation when you install the Linux source
|
||
code;
|
||
|
||
· The modem setup information page - see Modem Setup Information
|
||
<http://www.in.net/info/modems/index.html>
|
||
|
||
· The excellent Unix/Linux books published by O'Reilly and
|
||
Associates. See (O'Reilly and Associates On-Line Catalogue <
|
||
http://www.ora.com/>). If you are new to Unix/Linux, run (don't
|
||
walk) to your nearest computer book shop and invest in a number of
|
||
these immediately!
|
||
|
||
· The PPP-FAQ maintained by Al Longyear, available from Linux PPP-FAQ
|
||
<ftp://sunsite.unc.edu/pub/Linux/docs/faqs>.
|
||
This contains a great deal of useful information in question/answer
|
||
format that is very useful when working out why PPP is not working
|
||
(properly).
|
||
|
||
· The growing number of Linux books from various publishing houses
|
||
and authors;
|
||
You are actively encouraged to check the currency of these books.
|
||
Linux development and distributions tend to evolve fairly rapidly,
|
||
whilst the revision of books move (generally) much more slowly!
|
||
Buying an excellent book (and there are many) that is now out of
|
||
date will cause new users considerable confusion and frustration.
|
||
|
||
|
||
The best general starting point for Linux documentation is The Linux
|
||
Documentation Project Home Page <http://sunsite.unc.edu/mdw/>. The
|
||
HOWTO's tend to be revised reasonably regularly.
|
||
|
||
|
||
Whilst you can use this document to create your PPP link without
|
||
reading any of these documents, you will have a far better
|
||
understanding of what is going on if you do so! You will also be able
|
||
to address problems yourself (or at least ask more intelligent
|
||
questions on the comp.os.linux... newsgroups or Linux mailing lists).
|
||
|
||
|
||
These documents (as well as various others, including the relevant
|
||
RFCs) provide additional and more detailed explanation than is
|
||
possible in this HOWTO.
|
||
|
||
|
||
If you are connecting a LAN to the Internet using PPP, you will need
|
||
to know a reasonable amount about TCP/IP networking. In addition to
|
||
the documents above, you will find the O'Reilly books "TCP/IP Network
|
||
Administration" and "Building Internet Firewalls" of considerable
|
||
benefit!
|
||
|
||
|
||
|
||
5.1. Useful Linux Mailing Lists
|
||
|
||
There are many Linux mailing lists that operate as a means of
|
||
communication between users of many levels of ability. By all means
|
||
subscribe to those that interest you and contribute your expertise and
|
||
views.
|
||
|
||
|
||
A word to the wise: some lists are specifically aimed at "high
|
||
powered" users and/or specific topics. Whilst no-one will complain if
|
||
you 'lurk' (subscribe but don't post messages), you are likely to earn
|
||
heated comments (if not outright flames) if you post 'newbie'
|
||
questions to inappropriate lists.
|
||
|
||
|
||
This is not because guru level users hate new users, but because these
|
||
lists are there to handle the specific issues at particular levels of
|
||
difficulty.
|
||
|
||
|
||
By all means join the lists that offer open subscription, but keep
|
||
your comments relevant to the subject of the list!
|
||
|
||
|
||
A good starting point for Linux mailing lists is Linux Mailing List
|
||
Directory <http://summer.snu.ac.kr/~djshin/linux/mail-
|
||
list/index.shtml>
|
||
|
||
|
||
6. Overview of what has to be done to get PPP working as a client
|
||
|
||
This document contains a great deal of information - and with each
|
||
version it grows!
|
||
|
||
|
||
|
||
As a consequence, this section aims to provide a concise overview of
|
||
the actions you will need to take to get your Linux system connected
|
||
as a client to a PPP server.
|
||
|
||
|
||
6.1. Obtaining/Installing the software
|
||
|
||
If your Linux distribution does not include the PPP software, you will
|
||
need to obtain this from the Linux PPP daemon
|
||
<ftp://sunsite.unc.edu/pub/Linux/system/Network/serial/ppp/ppp-2.2.0f.tar.gz>.
|
||
|
||
|
||
This is the latest official version at the time of writing. However,
|
||
choose the latest version available from this site (ppp-2.3 is in beta
|
||
at the time of writing and should be released soon).
|
||
|
||
|
||
The PPP package contains instructions on how to compile and install
|
||
the software so this HOWTO does not!
|
||
|
||
|
||
6.2. Compiling PPP support into the kernel
|
||
|
||
Linux PPP operations come in two parts
|
||
|
||
· the PPP daemon mentioned above
|
||
|
||
· kernel support for PPP
|
||
|
||
|
||
Many distributions seem to provide PPP kernel support in their default
|
||
installation kernels, but others do not.
|
||
|
||
|
||
If at boot your kernel reports messages like
|
||
|
||
|
||
______________________________________________________________________
|
||
PPP Dynamic channel allocation code copyright 1995 Caldera, Inc.
|
||
PPP line discipline registered.
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
your kernel does have PPP support compiled in.
|
||
|
||
|
||
That said, you will probably want to compile your own kernel whatever
|
||
your distribution to provide the most efficient use of system
|
||
resources given your particular hardware configuration. It is worth
|
||
remembering that the kernel cannot be swapped out of memory and so
|
||
keeping the kernel as small as possible has advantages on a memory
|
||
limited machine.
|
||
|
||
|
||
This document provides minimal kernel re-compilation instructions at
|
||
section ``Configuring your Linux Kernel''.
|
||
|
||
|
||
For greater detail, see the Kernel-HOWTO at The Linux Kernel HOWTO
|
||
<http://sunsite.unc.edu/mdw/HOWTO/Kernel-HOWTO.html>
|
||
|
||
|
||
6.3. Obtaining information from your ISP
|
||
|
||
There are an almost infinite number of ways in which a PPP server can
|
||
be set up. In order to connect to your ISP (or corporate PPP server to
|
||
access your intranet), you will need to obtain information on how the
|
||
PPP server operates.
|
||
|
||
|
||
Because you are using Linux, you may have some difficulty with some
|
||
ISP help desks (and work site based PPP intranet servers) which know
|
||
only about MS Windows clients.
|
||
|
||
|
||
However, a rapidly growing number of ISPs use Linux to provide their
|
||
service - and Linux is also penetrating the corporate environment as
|
||
well, so you may be lucky if you do strike problems.
|
||
|
||
|
||
Section ``Getting the Information you need about the PPP server''
|
||
tells you what you need to know about the PPP server to which you are
|
||
going to connect - and how to find out the information you need to
|
||
know.
|
||
|
||
|
||
6.4. Configuring your modem and serial port
|
||
|
||
In order to connect to a PPP server and to obtain the best possible
|
||
data transfer rate, your modem needs to be configured correctly.
|
||
|
||
|
||
Similarly, the serial ports on your modem and computer need to be set
|
||
up correctly.
|
||
Section ``Configuring your modem and serial port'' provides
|
||
information on this.
|
||
|
||
|
||
6.5. Setting up Name to Address Resolution (DNS)
|
||
|
||
In addition to the files that run PPP and perform the automated log in
|
||
to the PPP server, there are a number of text configuration files that
|
||
have to be set up for your computer to be able to resolve names like
|
||
www.interweft.com.au to the IP address that is actually used to
|
||
contact that computer. These are:-
|
||
|
||
|
||
· /etc/resolv.conf
|
||
|
||
· /etc/host.conf
|
||
|
||
|
||
Section ``Setting up Name to Address Resolution'' for details on
|
||
setting this up.
|
||
|
||
|
||
In particular, you do NOT need to run a name server on your Linux PC
|
||
in order to connect to the Internet (although you may wish to). All
|
||
you need is to know the IP number of at least one name server that you
|
||
can use (preferably one at your ISPs site).
|
||
|
||
|
||
6.6. PPP and root Privileges
|
||
|
||
As establishing a PPP link between you Linux computer and another PPP
|
||
server requires manipulation of network devices (the PPP interface is
|
||
a network interface) and the kernel routing table, pppd requires root
|
||
privileges.
|
||
|
||
|
||
For details on this, see section ``Using PPP and root privileges''.
|
||
|
||
|
||
6.7. Checking your distribution PPP Files and setting up the PPP
|
||
Options
|
||
|
||
There are a number of configuration and dialer files that need to be
|
||
set up to get PPP operational. There are examples as part of the PPP
|
||
distribution and this section shows what files you should have:-
|
||
|
||
|
||
______________________________________________________________________
|
||
/etc/ppp/options
|
||
/etc/ppp/scripts/ppp-on
|
||
/etc/ppp/scripts/ppp-on-dialer
|
||
/etc/ppp/options.tpl
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
You may need to create some additional files depending on exactly what
|
||
you are aiming to achieve with PPP:-
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
/etc/ppp/options.ttyXX
|
||
/etc/ppp/ip-up
|
||
/etc/ppp/pap-secrets
|
||
/etc/ppp/chap-secrets
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
In addition, the PPP daemon can use a large number of command line
|
||
options and it is important to use the right ones; so this section
|
||
takes you through the standard PPP options and helps you choose the
|
||
options you should use.
|
||
|
||
|
||
For details on this, see ``Setting up the PPP connection files''.
|
||
|
||
|
||
6.8. If your PPP server uses PAP (Password Authentication Protocol)
|
||
|
||
Many ISPs and corporate PPP servers use PAP. If your server does not
|
||
require you to use PAP (if you can log in manually and receive the
|
||
standard user name/password text based prompts it does not use PAP),
|
||
you can safely ignore this section.
|
||
|
||
|
||
Instead of logging into such a server using a user name and password
|
||
when prompted to enter them by the server, a PPP server using PAP does
|
||
not require a text based login.
|
||
|
||
|
||
The user authentication information instead is exchanged as part of
|
||
the link control protocol (LCP) which is the first part of
|
||
establishing a PPP link.
|
||
|
||
|
||
Section ``If your PPP server uses PAP (Password Authentication
|
||
Protocol)'' provides information on the files you need to set up to
|
||
establish a PPP link using PAP.
|
||
|
||
|
||
6.9. Connecting to the PPP server by hand
|
||
|
||
Having set up the basic files, it is a good idea to test these by
|
||
connecting (using minicom or seyon) and starting pppd on your Linux PC
|
||
by hand.
|
||
|
||
|
||
See Section ``Setting up the PPP connection manually'' for full
|
||
details of setting this up.
|
||
|
||
|
||
6.10. Automating your PPP Connection
|
||
|
||
Once you are able to log in by hand, you can now move to setting up a
|
||
set of scripts that will automate the establishment of the connection.
|
||
|
||
|
||
Section ``Automating your connections - Creating the connection
|
||
scripts'' covers setting up the necessary scripts, with considerable
|
||
attention paid to chat and scripting the login process to the PPP
|
||
server.
|
||
|
||
|
||
|
||
This section discusses scripts for user name/password authentication
|
||
as well as scripts for PAP/CHAP authenticating servers.
|
||
|
||
|
||
6.11. Shutting down the link
|
||
|
||
Once your link is up and working, you need to be able to deactivate
|
||
the link.
|
||
|
||
|
||
This is covered in Section ``Shutting down the PPP link''.
|
||
|
||
|
||
6.12. If you have problems
|
||
|
||
Many people have problems getting PPP to work straight away. The
|
||
variation in PPP servers and how they require you to set up the
|
||
connection is enormous. Similarly, there are many options to PPP - and
|
||
some combinations of these just do not work together, ever.
|
||
|
||
|
||
In addition to the problems of logging in and starting the PPP
|
||
service, there are problems with the modems and the actual telephone
|
||
lines as well!
|
||
|
||
|
||
Section ``Fixing problems'' provides some basic information about
|
||
common errors, how to isolate these and fix them.
|
||
|
||
|
||
This is NOT intended to provide more than just the basics. Al Longyear
|
||
maintains the PPP-FAQ which contains much more information on this
|
||
topic!
|
||
|
||
|
||
6.13. After the link comes up
|
||
|
||
Once a PPP link is operational (specifically, once the IP layer is
|
||
operational), Linux PPP can automatically run (as the root user), a
|
||
script to perform any function you can write a script to accomplish.
|
||
|
||
|
||
Section ``After the link comes up'' provides information on the
|
||
/etc/ppp/ip-up script, the parameters it receives from PPP and how to
|
||
use it to do things like acquire your email from your ISP account,
|
||
send any queued email waiting transmission on your machine and such.
|
||
|
||
|
||
6.14. Problems with standard IP services on a Dynamic IP number PPP
|
||
link
|
||
|
||
As noted in the introduction, dynamic IP numbers affect the ability of
|
||
your Linux PC to act as a server on the Internet.
|
||
|
||
|
||
Section ``Problems with standard IP services on a Dynamic IP number
|
||
PPP link'' provides information on the (main) services affected and
|
||
what you can do (if anything) to overcome this.
|
||
|
||
|
||
7. Configuring your Linux Kernel
|
||
|
||
In order to use PPP, your Linux kernel must be compiled to include PPP
|
||
support. Obtain the Linux source code for your kernel if you do not
|
||
already have this - it belongs in /usr/src/linux on Linux's standard
|
||
file system.
|
||
Check out this directory - many Linux distributions install the source
|
||
tree (the files and subdirectories) as part of their installation
|
||
process.
|
||
|
||
|
||
At bootup, your Linux kernel prints out a great deal of information.
|
||
Amongst this is information about PPP support if the kernel includes
|
||
this. To view this information, look at your syslog file or use dmesg
|
||
| less to display the information to the screen. If your kernel
|
||
includes PPP support, you will see lines like
|
||
|
||
|
||
______________________________________________________________________
|
||
PPP Dynamic channel allocation code copyright 1995 Caldera, Inc.
|
||
PPP line discipline registered.
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
(this is for the Linux 2.0.x kernel series).
|
||
|
||
|
||
Linux kernel sources can be obtained by ftp from sunsite.unc.edu or
|
||
its mirror sites.
|
||
|
||
|
||
7.1. Installing the Linux Kernel source
|
||
|
||
The following are brief instructions for obtaining and installing the
|
||
Linux kernel sources. Full information can be obtained from The Linux
|
||
Kernel HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Kernel-HOWTO.html>.
|
||
|
||
|
||
In order to install and compile the Linux kernel, you need to be
|
||
logged in as root.
|
||
|
||
|
||
1. Change directory to the /usr/src directory
|
||
cd /usr/src
|
||
|
||
2. Check in /usr/src/linux to see if you already have the sources
|
||
installed.
|
||
|
||
3. If you don't have the sources, get them from Linux kernel source
|
||
directory <ftp://sunsite.unc.edu/pub/Linux/kernel/v2.0> or your
|
||
nearest mirror.
|
||
If you are looking for earlier versions of the kernel (such as
|
||
1.2.X), these are kept in Old Linux kernel source directory
|
||
<ftp://sunsite.unc.edu/pub/Linux/kernel/old>.
|
||
|
||
4. Choose the appropriate kernel - usually the most recent one
|
||
available is what you are looking for. Retrieve this and put the
|
||
source tar file in /usr/src.
|
||
Note: a 'tar' file is an archive - possibly compressed (as are the
|
||
Linux kernel source tar files) containing many files in a number of
|
||
directories. It is the Linux equivalent of a DOS multi-directory
|
||
zip file.
|
||
|
||
5. If you already have the Linux sources installed but are upgrading
|
||
to a new kernel, you must remove the old sources. Use the command
|
||
rm -rf /usr/src/linux
|
||
|
||
6. Now uncompress and extract the sources using the command
|
||
tar xzf linux-2.0.XX.tar.gz
|
||
|
||
7. Now, cd /usr/src/linux and read the README file. This contains an
|
||
excellent explanation of how to go about configuring and compiling
|
||
a new kernel. Read this file (it's a good idea to print it out and
|
||
have a copy handy whilst you are compiling until you have done this
|
||
enough times to know your way around).
|
||
|
||
|
||
7.2. Knowing your hardware
|
||
|
||
You MUST know what cards/devices you have inside your PC if you are
|
||
going to recompile your kernel!!! For some devices (such as sound
|
||
cards) you will also need to know various settings (such as IRQ's, I/O
|
||
addresses and such).
|
||
|
||
|
||
7.3. Kernel compilation - the Linux 1.2.13 kernel
|
||
|
||
To start the configuration process, follow the instructions in the
|
||
README file to properly install the sources. You start the kernel
|
||
configuration process with
|
||
|
||
|
||
|
||
make config
|
||
|
||
|
||
|
||
|
||
|
||
In order to use PPP, you must configure the kernel to include PPP
|
||
support (PPP requires BOTH pppd AND kernel support for PPP).
|
||
|
||
|
||
______________________________________________________________________
|
||
PPP (point-to-point) support (CONFIG_PPP) [n] y
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Answer the other make config questions according to the hardware in
|
||
your PC and the features of the Linux operating system you want. Then
|
||
continue to follow the README to compile and install your new kernel.
|
||
|
||
|
||
The 1.2.13 kernel creates only 4 PPP devices. For multi- port serial
|
||
cards, you will need to edit the kernel PPP sources to obtain more
|
||
ports. (See the README.linux file that comes as part of the PPP-2.1.2
|
||
distribution for full details of the simple edits you need to make).
|
||
|
||
|
||
Note: the 1.2.13 configuration dialogue does NOT allow you to go
|
||
backwards - so if you make a mistake in answering one of the questions
|
||
in the make config dialogue, exit by typing CTRL C and start again.
|
||
|
||
|
||
7.4. Kernel compilation - the Linux 1.3.x and 2.0.x kernels
|
||
|
||
For Linux 1.3.x and 2.0.x, you can use a similar process as for Linux
|
||
1.2.13. Again, follow the instructions in the README file to properly
|
||
install the sources. You start the kernel configuration process with
|
||
|
||
|
||
|
||
make config
|
||
|
||
However, you also have the choice of
|
||
|
||
|
||
make menuconfig
|
||
|
||
|
||
|
||
|
||
|
||
This provides a menu based configuration system with online help that
|
||
allows you to move backwards and forwards in the configuration
|
||
process.
|
||
|
||
|
||
There is also a highly recommended X windows based configuration
|
||
interface
|
||
|
||
|
||
make xconfig
|
||
|
||
|
||
|
||
|
||
|
||
You can compile PPP support directly into your kernel or as a loadable
|
||
module.
|
||
|
||
|
||
If you only use PPP some of the time that your Linux machine is
|
||
operating, then compiling PPP support as a loadable module is
|
||
recommended. Using 'kerneld', your kernel will automatically load the
|
||
module(s) required to provide PPP support when you start your PPP link
|
||
process. This saves valuable memory space: no part of the kernel can
|
||
be swapped out of memory, but loadable modules are automatically
|
||
removed if they are not in use.
|
||
|
||
|
||
To do this, you need to enable loadable module support:-
|
||
|
||
______________________________________________________________________
|
||
Enable loadable module support (CONFIG_MODULES) [Y/n/?] y
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
To add PPP kernel support, answer the following question:-
|
||
|
||
______________________________________________________________________
|
||
PPP (point-to-point) support (CONFIG_PPP) [M/n/y/?]
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
For a PPP loadable module, answer M, otherwise for PPP compiled in as
|
||
part of the kernel, answer Y.
|
||
|
||
|
||
Unlike kernel 1.2.13, kernel 2.0.x creates PPP devices on the fly as
|
||
needed and it is not necessary to hack the sources to increase
|
||
available PPP device numbers at all.
|
||
|
||
|
||
|
||
|
||
|
||
7.5. Note on PPP-2.2 and /proc/net/dev
|
||
|
||
If you are using PPP-2.2, you will find that a side effect of the 'on
|
||
the fly' creation of the PPP devices is that no devices show up if you
|
||
look in the /proc/net file system until a device is created by
|
||
starting up pppd:-
|
||
|
||
|
||
______________________________________________________________________
|
||
[hartr@archenland hartr]$ cat /proc/net/dev
|
||
Inter-| Receive | Transmit
|
||
face |packets errs drop fifo frame|packets errs drop fifo colls carrier
|
||
lo: 92792 0 0 0 0 92792 0 0 0 0 0
|
||
eth0: 621737 13 13 0 23 501621 0 0 0 1309 0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Once you have one (or more) ppp services started, you will see entries
|
||
such as this (from a ppp server):-
|
||
|
||
|
||
______________________________________________________________________
|
||
[root@kepler /root]# cat /proc/net/dev
|
||
Inter-| Receive | Transmit
|
||
face |packets errs drop fifo frame|packets errs drop fifo colls carrier
|
||
lo: 428021 0 0 0 0 428021 0 0 0 0 0
|
||
eth0:4788257 648 648 319 650 1423836 0 0 0 4623 5
|
||
ppp0: 2103 3 3 0 0 2017 0 0 0 0 0
|
||
ppp1: 10008 0 0 0 0 8782 0 0 0 0 0
|
||
ppp2: 305 0 0 0 0 297 0 0 0 0 0
|
||
ppp3: 6720 7 7 0 0 7498 0 0 0 0 0
|
||
ppp4: 118231 725 725 0 0 117791 0 0 0 0 0
|
||
ppp5: 38915 5 5 0 0 28309 0 0 0 0 0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
7.6. General kernel config considerations for PPP
|
||
|
||
If you are setting up your Linux PC as a PPP server, you must compile
|
||
in IP forwarding support. This is also necessary if you want to use
|
||
Linux to link to LANs together or your LAN to the Internet.
|
||
|
||
|
||
If you are linking a LAN to the Internet (or linking together two
|
||
LANs), you should be concerned about security. Adding support for IP
|
||
fire walls to the kernel is probably a MUST!
|
||
|
||
|
||
You will also need this if you want to use IP masquerade to connect a
|
||
LAN that uses any of the above mentioned 'unconnected' IP network
|
||
numbers.
|
||
|
||
|
||
To enable IP Masquerade and IP fire walling, you MUST answer yes to
|
||
the first question in the make config process:-
|
||
|
||
______________________________________________________________________
|
||
Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL)?
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Whilst this may sound a bit off-putting to new users, many users are
|
||
actively using the IP Masquerade and IP fire walling features of the
|
||
Linux 2.0.XX kernel with no problems.
|
||
|
||
|
||
Once you have installed and rebooted your new kernel, you can start
|
||
configuring and testing your PPP link(s).
|
||
|
||
|
||
8. Getting the Information you need about the PPP server
|
||
|
||
Before you can establish a PPP connection with a server, you need to
|
||
obtain the following information (from the sysadmin/user support
|
||
people of the PPP server):-
|
||
|
||
· The telephone number(s) to dial for the service
|
||
If you are behind a PABX, you also need the PABX number that gives
|
||
you an outside dial tone - this is frequently digit zero (0) or
|
||
nine (9).
|
||
|
||
· Does the server use DYNAMIC or STATIC IP numbers?
|
||
If the server uses STATIC IP numbers, then you may need to know
|
||
what IP number to use for your end of the PPP connection. If your
|
||
ISP is providing you with a subnet of valid IP numbers, you will
|
||
need to know the IP numbers you can use and the network mask
|
||
(netmask).
|
||
|
||
Most Internet Service Providers use DYNAMIC IP numbers. As
|
||
mentioned above, this has some implications in terms of the
|
||
services you can use.
|
||
|
||
However, even if you are using STATIC IP numbers, most PPP servers
|
||
will never (for security reasons) allow the client to specify an IP
|
||
number as this is a security risk. You do still need to know this
|
||
information!
|
||
|
||
· What are the IP numbers of the ISPs Domain Name Servers?
|
||
There should be at least two although only one is needed.
|
||
|
||
There could be a problem here. The MS Windows 95 PPP setup allows
|
||
the DNS address to be passed to the client as part of its
|
||
connection process. So your ISP (or corporate help desk) may well
|
||
tell you you don't need the IP address of the DNS server(s).
|
||
|
||
For Linux, you DO need the address of at least one DNS. The linux
|
||
implementation of PPP does not allow the setting of the DNS IP
|
||
number dynamically at connection time - and quite possibly will
|
||
never do so.
|
||
|
||
Note: whilst Linux (as a PPP client) cannot accept the DNS address
|
||
from a server, it can, when acting as a server, pass this
|
||
information to clients using the dns-addr pppd option.
|
||
|
||
· Does the server require the use of PAP/CHAP?
|
||
If this is the case you need to know the "id" and "secret" you are
|
||
to use in connecting. (These are probably your user name and
|
||
password at your ISP).
|
||
|
||
· Does the server automatically start PPP or do you need to issue any
|
||
commands to start PPP on the server once you are logged in?
|
||
If you must issue a command to start PPP, what is it?
|
||
|
||
· Is the server a Microsoft Windows NT system and, if so, is it using
|
||
the MS PAP/CHAP system?
|
||
Many corporate LANs seem to use MS Windows NT this way for
|
||
increased security.
|
||
Carefully note down this information - you are going to use it!
|
||
|
||
|
||
9. Configuring your modem and serial port
|
||
|
||
You should make sure that your modem is correctly set up and that you
|
||
know which serial port it is connected to.
|
||
|
||
|
||
Remember:-
|
||
|
||
· DOS com1: = Linux /dev/cua0 (and /dev/ttyS0)
|
||
|
||
· DOS com2: = Linux /dev/cua1 (and /dev/ttyS1)
|
||
et cetera
|
||
|
||
|
||
It is also worth remembering that if you have 4 serial ports, the
|
||
standard PC set up is to have com1 and com3 share IRQ4 and com2 and
|
||
com4 share IRQ3.
|
||
|
||
|
||
If you have devices on standard serial ports that share an IRQ with
|
||
your modem you are going to have problems. You need to make sure that
|
||
your modem serial port is on its own, unique IRQ. Many modern serial
|
||
cards (and better quality motherboard serial ports) allow you to move
|
||
the IRQ of the serial ports around.
|
||
|
||
|
||
If you are running Linux kernel 2, you can check the in-use IRQs using
|
||
cat /proc/interrupts, which will produce output like
|
||
|
||
______________________________________________________________________
|
||
0: 6766283 timer
|
||
1: 91545 keyboard
|
||
2: 0 cascade
|
||
4: 156944 + serial
|
||
7: 101764 WD8013
|
||
10: 134365 + BusLogic BT-958
|
||
13: 1 math error
|
||
15: 3671702 + serial
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This shows a serial port on IRQ4 (a mouse) and a serial port on IRQ15
|
||
(the permanent modem based PPP link to the Internet. (There is also a
|
||
serial port on com2, IRQ3 and com4 is on IRQ14, but as they are not in
|
||
use, they do not show up).
|
||
|
||
|
||
Be warned - you need to know what you are doing if you are going to
|
||
play with your IRQs! Not only do you have to open up you computer,
|
||
pull out cards and play with jumpers, but you need to know what is on
|
||
which IRQ. In my case, this is a totally SCSI based PC, and so I can
|
||
disable the on motherboard IDE interfaces that normally use IRQ14 and
|
||
15!
|
||
|
||
|
||
You should also remember that if your PC boots other operating
|
||
systems, moving IRQs around may well mean that OS cannot boot properly
|
||
- or at all!
|
||
|
||
|
||
|
||
If you do move your serial ports to non-standard IRQs, then you need
|
||
to tell Linux which IRQ each port is using. This is done using
|
||
setserial and is best done as part of the boot process in rc.local or
|
||
rc.serial which is called from rc.local or as part of the SysV
|
||
initialisation. For the machine illustrated above, the commands used
|
||
are
|
||
|
||
______________________________________________________________________
|
||
/bin/setserial -b /dev/ttyS2 IRQ 11
|
||
/bin/setserial -b /dev/ttyS3 IRQ 15
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
However, if you are using serial modules dynamically loaded when
|
||
required by the kerneld process, you cannot set and forget the IRQ etc
|
||
once at boot time. This is because if the serial module is unloaded,
|
||
Linux forgets the special settings.
|
||
|
||
|
||
So, if you are loading the serial module on demand, you will need to
|
||
reconfigure the IRQs etc each time the module is loaded.
|
||
|
||
|
||
9.1. A note about serial ports and speed capabilities
|
||
|
||
If you are using a high speed (external) modem (14,400 Baud or above),
|
||
your serial port needs to be capable of handling the throughput that
|
||
such a modem is capable of producing, particularly when the modems are
|
||
compressing the data.
|
||
|
||
|
||
This requires your serial port to use a modern UART (Universal
|
||
Asynchronous Receiver Transmitter) such as a 16550(A). If you are
|
||
using an old machine (or old serial card), it is quite possible that
|
||
your serial port has only an 8250 UART, which will cause you
|
||
considerable problems when used with a high speed modem.
|
||
|
||
|
||
Use the command
|
||
|
||
|
||
setserial -a /dev/ttySx
|
||
|
||
|
||
|
||
|
||
|
||
to get Linux to report to you the type of UART you have. If you do not
|
||
have a 16550A type UART, invest in a new serial card (available for
|
||
under $50). When you purchase a new card, make sure you can move the
|
||
IRQs around on it!
|
||
|
||
|
||
Note: the first versions of the 16550 UART chip had an error. This was
|
||
rapidly discovered and a revision of the chip was released - the
|
||
16550A UART. A relatively small number of the faulty chips did however
|
||
get into circulation. It is unlikely that you will encounter one of
|
||
these but you should look for a response that says 16550A,
|
||
particularly on serial cards of some vintage.
|
||
|
||
|
||
|
||
|
||
|
||
9.2. Serial Port Names
|
||
|
||
Historically, Linux used cuaX devices for dial out and ttySx devices
|
||
for dial in.
|
||
|
||
|
||
The kernel code that required this was changed in kernel version 2.0.x
|
||
and you should now use ttySx for both dial in and dial out. I
|
||
understand that the cuaX device names may well disappear in future
|
||
kernel versions.
|
||
|
||
|
||
9.3. Configuring your modem
|
||
|
||
You will need to configure your modem correctly for PPP - to do this
|
||
READ YOUR MODEM MANUAL! Most modems come with a factory default
|
||
setting that selects the options required for PPP. The minimum
|
||
configuration specifies:-
|
||
|
||
· Hardware flow control (RTS/CTS) (&K3 on many Hayes modems)
|
||
|
||
Other settings (in standard Hayes commands) you should investigate
|
||
are:-
|
||
|
||
· E1 Command/usr/src/linux-2.0.27/include/linux/serial.h Echo ON
|
||
(required for chat to operate)
|
||
|
||
· Q0 Report result codes (required for chat to operate)
|
||
|
||
· S0=0 Auto Answer OFF (unless you want your modem to answer the
|
||
phone)
|
||
|
||
· &C1 Carrier Detect ON only after connect
|
||
|
||
· &S0 Data Set Ready (DSR) always ON
|
||
|
||
· (depends) Data Terminal Ready
|
||
|
||
|
||
There is a site offering modem setups for a growing variety of modem
|
||
makes and models at Modem setup information
|
||
<http://www.in.net/info/modems/index.html> which may assist you in
|
||
this.
|
||
|
||
|
||
It is also worth while investigating how the modem's serial interface
|
||
between your computer and modem operates. Most modern modems allow you
|
||
to run the serial interface at a FIXED speed whilst allowing the
|
||
telephone line interface to change its speed to the highest speed it
|
||
and the remote modem can both handle.
|
||
|
||
|
||
This is known as split speed operation. If your modem supports this,
|
||
lock the modem's serial interface to its highest available speed
|
||
(usually 115,200 baud but maybe 38,400 baud for 14,400 baud modems).
|
||
|
||
|
||
Use your communications software (e.g. minicom or seyon) to find out
|
||
about your modem configuration and set it to what is required for PPP.
|
||
Many modems report their current settings in response to AT&V, but you
|
||
should consult your modem manual.
|
||
|
||
|
||
If you completely mess up the settings, you can return to sanity
|
||
(usually) by issuing an AT&F - return to factory settings. (For most
|
||
modem modems I have encountered, the factory settings include all you
|
||
need for PPP - but you should check).
|
||
|
||
|
||
Once you have worked out the modem setup string required write it
|
||
down. You now have a decision: you can store these settings in your
|
||
modem non-volatile memory so they can be recalled by issuing the
|
||
appropriate AT command. Alternatively you can pass the correct
|
||
settings to your modem as part of the PPP dialing process.
|
||
|
||
|
||
If you only use your modem from Linux to call into your ISP or
|
||
corporate server, the simplest set up will have you save your modem
|
||
configuration in non-volatile RAM.
|
||
|
||
|
||
If on the other hand, you modem is used by other applications and
|
||
operating systems, it is safest to pass this information to the modem
|
||
as each call is made so that the modem is guaranteed to be in the
|
||
correct state for the call. (This has the added advantage also of
|
||
recording the modem setup string in case the modem looses the
|
||
contents of its NV-RAM, which can indeed happen).
|
||
|
||
|
||
9.4. Note on Serial Flow Control
|
||
|
||
When data is traveling on serial communication lines, it can happen
|
||
that data arrives faster than a computer can handle it (the computer
|
||
may be busy doing something else - remember, Linux is a multi-user,
|
||
multi- tasking operating system). In order to ensure that data is not
|
||
lost (data does not over run in the input buffer and hence get lost),
|
||
some method of controlling the flow of data is necessary.
|
||
|
||
|
||
There are two ways of doing this on serial lines:-
|
||
|
||
· Using hardware signals (Clear To Send/Request to Send - CTS/RTS)
|
||
|
||
· Using software signals (control S and control Q, also known as
|
||
XON/XOFF).
|
||
|
||
|
||
Whilst the latter may be fine for a terminal (text) link, data on a
|
||
PPP link uses all 8 bits - and it is quite probable that somewhere in
|
||
the data there will be data bytes that translate as control S and
|
||
control Q. So, if a modem is set up to use software flow control,
|
||
things can rapidly go berserk!
|
||
|
||
|
||
For high speed links using PPP (which uses 8 bits of data) hardware
|
||
flow control is vital and it is for this reason that you must use
|
||
hardware flow control.
|
||
|
||
|
||
9.5. Testing your modem for dial out
|
||
|
||
Now that you have sorted out the serial port and modem settings it is
|
||
a good idea to make sure that these setting do indeed work by dialing
|
||
you ISP and seeing if you can connect.
|
||
|
||
|
||
Using you terminal communications package (such as minicom), set up
|
||
the modem initialisation required for PPP and dial into the PPP server
|
||
you want to connect to with a PPP session.
|
||
|
||
|
||
|
||
(Note: at this stage we are NOT trying to make a PPP connection - just
|
||
establishing that we have the right phone number and also to find out
|
||
exactly what the server sends to us in order to get logged in and
|
||
start PPP).
|
||
|
||
|
||
During this process, either capture (log to a file) the entire login
|
||
process or carefully (very carefully) write down exactly what prompts
|
||
the server gives to let you know it is time to enter your user name
|
||
and password (and any other commands needed to establish the PPP
|
||
connection).
|
||
|
||
|
||
If your server uses PAP, you should not see a login prompt, but should
|
||
instead see the (text representation) of the link control protocol
|
||
(which looks like garbage) starting on your screen.
|
||
|
||
|
||
A few words of warning:-
|
||
|
||
|
||
· some servers are quite intelligent: you can log in using text based
|
||
user name/passwords OR using PAP. So if your ISP or corporate site
|
||
uses PAP but you do not see the garbage start up immediately, this
|
||
may not mean you have done something wrong.
|
||
|
||
· some servers require you to enter some text initially and then
|
||
start a standard PAP sequence.
|
||
|
||
· Some PPP servers are passive - that is they simply sit there
|
||
sending nothing until the client that is dialing in sends them a
|
||
valid lcp packet. If the ppp server you are connecting to operates
|
||
in passive mode, you will never see the garbage!
|
||
|
||
· Some servers do not start PPP until you press ENTER - so it is
|
||
worth trying this if you correctly log in and do not see the
|
||
garbage!
|
||
|
||
|
||
It is worth dialing in at least twice - some servers change their
|
||
prompts (e.g. with the time!) every time you log in. The two critical
|
||
prompts your Linux box needs to be able to identify every time you
|
||
dial in are:-
|
||
|
||
· the prompt that requests you to enter your user name;
|
||
|
||
· the prompt that requests you to enter your password;
|
||
|
||
|
||
If you have to issue a command to start PPP on the server, you will
|
||
also need to find out the prompt the server gives you once you are
|
||
logged in to tell you that you can now enter the command to start ppp.
|
||
|
||
|
||
If your server automatically starts PPP, once you have logged in, you
|
||
will start to see garbage on your screen - this is the PPP server
|
||
sending your machine information to start up and configure the PPP
|
||
connection.
|
||
|
||
|
||
This should look something like this :-
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
~y}#.!}!}!} }8}!}$}%U}"}&} } } } }%}& ...}'}"}(}"} .~~y}
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
(and it just keeps on coming!)
|
||
|
||
|
||
On some systems PPP must be explicitly started on the server. This is
|
||
usually because the server has been set up to allow PPP logins and
|
||
shell logins using the same user name/password pair. If this is the
|
||
case, issue this command once you have logged in. Again, you will see
|
||
the garbage as the server end of the PPP connection starts up.
|
||
|
||
|
||
If you do not see this immediately after connecting (and logging in
|
||
and starting the PPP server if required), press Enter to see if this
|
||
starts the PPP server...
|
||
|
||
|
||
At this point, you can hang up your modem (usually, type +++ quickly
|
||
and then issue the ATHO command once your modem responds with OK).
|
||
|
||
|
||
If you can't get your modem to work, read your modem manual, the man
|
||
pages for your communications software and the Serial HOWTO! Once you
|
||
have this sorted out, carry on as above.
|
||
|
||
|
||
10. Setting up Name to Address Resolution (DNS)
|
||
|
||
Whilst we humans like to give names to things, computers really like
|
||
numbers. On a TCP/IP network (which is what the Internet is), we call
|
||
machines by a particular name - and every machine lives in a
|
||
particular "domain". For example, my Linux workstation is called
|
||
archenland and it resides in the interweft.com.au domain. Its human
|
||
readable address is thus archenland.interweft.com.au (which is known
|
||
as the FQDN - fully qualified domain name).
|
||
|
||
|
||
However, for this machine to be found by other computers on the
|
||
Internet, it is actually known by its IP number when computers are
|
||
communicating across the Internet.
|
||
|
||
|
||
Translating (resolving) machine (and domain) names into the numbers
|
||
actually used on the Internet is the business of machines that offer
|
||
the Domain Name Service.
|
||
|
||
|
||
What happens is this:-
|
||
|
||
|
||
· your machine needs to know the IP address of a particular computer.
|
||
The application requiring this information asks the 'resolver' on
|
||
your Linux PC to provide this information;
|
||
|
||
· the resolver queries the local host file (/etc/hosts and/or the
|
||
domain name servers it knows about (the exact behaviour of the
|
||
resolver is determined by /etc/host.conf);
|
||
|
||
· if the answer is found in the host file, this answer is returned;
|
||
|
||
|
||
· if a domain name server is specified, your PC queries this machine;
|
||
|
||
· if the DNS machine already knows the IP number for the required
|
||
name, it returns it. If it does not, it queries other name servers
|
||
across the Internet to find the information. The name server than
|
||
passes this information back to the requesting resolver - which
|
||
gives the information to the requesting application.
|
||
|
||
|
||
When you make a PPP connection, you need to tell your Linux machine
|
||
where it can get host name to IP number (address resolution)
|
||
information so that you can use the machine names but your computer
|
||
can translate these to the IP numbers it needs to do its work.
|
||
|
||
|
||
One way is to enter every host that you want to talk to into the
|
||
/etc/hosts file (which is in reality totally impossible if you are
|
||
connecting to the Internet); another is to use the machine IP numbers
|
||
as opposed to the names (an impossible memory task for all but the
|
||
smallest LANs).
|
||
|
||
|
||
The best way is to set up Linux so that it knows where to go to get
|
||
this name to number information - automatically. This service is
|
||
provided by the Domain Name Server (DNS) system. All that is necessary
|
||
is to enter the IP number(s) for the domain name servers into your
|
||
/etc/resolv.conf file.
|
||
|
||
|
||
10.1. The /etc/resolv.conf file
|
||
|
||
Your PPP server sysadmin/user support people should provide you with
|
||
two DNS IP numbers (only one is necessary - but two gives some
|
||
redundancy in the event of failure).
|
||
|
||
|
||
As previously mentioned, Linux cannot set its name server IP number in
|
||
the way that MS Windows 95 does. So you must insist (politely) that
|
||
your ISP provide you with this information!
|
||
|
||
|
||
Your /etc/resolv.conf should look something like :-
|
||
|
||
|
||
______________________________________________________________________
|
||
domain your.isp.domain.name
|
||
nameserver 10.25.0.1
|
||
nameserver 10.25.1.2
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Edit this file (creating it if necessary) to represent the information
|
||
that your ISP has provided. It should have ownership and permissions
|
||
as follows :-
|
||
|
||
|
||
|
||
-rw-r--r-- 1 root root 73 Feb 19 01:46 /etc/resolv.conf
|
||
|
||
|
||
|
||
|
||
|
||
|
||
If you have already set up a /etc/resolv.conf because you are on a
|
||
LAN, simply add the IP numbers of the PPP DNS servers to your existing
|
||
file.
|
||
|
||
|
||
10.2. The /etc/host.conf file
|
||
|
||
You should also check that your /etc/host.conf file is correctly set
|
||
up. This should look like
|
||
|
||
______________________________________________________________________
|
||
order hosts,bind
|
||
multi on
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This tells the resolver to use information in the host file before it
|
||
sends queries to the DNS for resolution.
|
||
|
||
|
||
11. Using PPP and root privileges
|
||
|
||
Because PPP needs to set up networking devices, change the kernel
|
||
routing table and so forth, it requires root privileges to do this.
|
||
|
||
|
||
If users other than root are to set up PPP connections, the pppd
|
||
program should be setuid root :-
|
||
|
||
|
||
|
||
-rwsr-xr-x 1 root root 95225 Jul 11 00:27 /usr/sbin/pppd
|
||
|
||
|
||
|
||
|
||
|
||
If /usr/sbin/pppd is not set up this way, then as root issue the
|
||
command:-
|
||
|
||
|
||
|
||
|
||
chmod u+s /usr/sbin/pppd
|
||
|
||
|
||
|
||
|
||
|
||
What this does is make pppd run with root privileges even if the
|
||
binary is run by an ordinary user. This allows a normal user to run
|
||
pppd with the necessary privileges to set up the network interfaces
|
||
and the kernel routing table.
|
||
|
||
|
||
Programs that run 'set uid root' are potential security holes and you
|
||
should be extremely cautious about making programs 'suid root'. A
|
||
number of programs (including pppd) have been carefully written to
|
||
minimise the danger of running suid root, so you should be safe with
|
||
this one (but no guarantees).
|
||
|
||
|
||
Depending on how you want your system to operate - specifically if you
|
||
want ANY user on your system to be able to initiate a PPP link, you
|
||
should make your ppp-on/off scripts world read/execute. (This is
|
||
probably fine if your PC is used ONLY by you).
|
||
|
||
|
||
However, if you do NOT want just anyone to be able to start up a PPP
|
||
connection (for example, your children have accounts on your Linux PC
|
||
and you do not want them hooking into the Internet without your
|
||
supervision), you will need to establish a PPP group (as root, edit
|
||
/etc/group) and :-
|
||
|
||
· Make pppd suid root, owned by user root and group PPP, with the
|
||
'other' permissions on this file empty. It should then look like
|
||
|
||
|
||
-rwsr-x--- 1 root PPP 95225 Jul 11 00:27 /usr/sbin/pppd
|
||
|
||
|
||
|
||
|
||
|
||
|
||
· Make the ppp-on/off scripts owned by user root and group PPP
|
||
|
||
· Make the ppp-on/off scripts read/executable by group PPP
|
||
|
||
|
||
-rwxr-x--- 1 root PPP 587 Mar 14 1995 /usr/sbin/ppp-on
|
||
-rwxr-x--- 1 root PPP 631 Mar 14 1995 /usr/sbin/ppp-off
|
||
|
||
|
||
|
||
|
||
|
||
· Make the other access rights for ppp-on/off nill.
|
||
|
||
· add the users who will be firing up PPP to the PPP group in
|
||
/etc/group
|
||
|
||
|
||
Even if you do this, ordinary users will STILL not be able to shut
|
||
down the link under software control! Running the ppp-off script
|
||
requires root privileges. However, any user can just turn off the
|
||
modem (or disconnect the telephone line from an internal modem).
|
||
|
||
|
||
An alternative (and better method) to this set up is to use the sudo
|
||
program. This offers superior security and will allow you to set
|
||
things up so that any (authorised) user can activate/deactivate the
|
||
link using the scripts. Using sudo will allow an authorised user to
|
||
activate/deactivate the PPP link cleanly and securely.
|
||
|
||
|
||
12. Setting up the PPP connection files
|
||
|
||
You now need to be logged in as root to create the directories and
|
||
edit the files needed to set up PPP, even if you want PPP to be
|
||
accessible to all users.
|
||
|
||
|
||
PPP uses a number of files to connect and set up a PPP connection.
|
||
These differ in name and location between PPP 2.1.2 and 2.2.
|
||
|
||
|
||
For PPP 2.1.2 the files are:-
|
||
|
||
|
||
______________________________________________________________________
|
||
/usr/sbin/pppd # the PPP binary
|
||
/usr/sbin/ppp-on # the dialer/connection script
|
||
/usr/sbin/ppp-off # the disconnection script
|
||
/etc/ppp/options # the options pppd uses for all connections
|
||
/etc/ppp/options.ttyXX # the options specific to a connection on this port
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
For PPP 2.2 the files are:-
|
||
|
||
|
||
______________________________________________________________________
|
||
/usr/sbin/pppd # the PPP binary
|
||
/etc/ppp/scripts/ppp-on # the dialer/connection script
|
||
/etc/ppp/scripts/ppp-on-dialer # part 1 of the dialer script
|
||
/etc/ppp/scripts/ppp-off # the actual chat script itself
|
||
/etc/ppp/options # the options pppd uses for all connections
|
||
/etc/ppp/options.ttyXX # the options specific to a connection on this port
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Red Hat Linux users should note that the standard Red Hat 4.X
|
||
installation places these scripts in /usr/doc/ppp-2.2.0f-2/scripts.
|
||
|
||
|
||
In your /etc directory there should be a ppp directory:-
|
||
|
||
|
||
|
||
drwxrwxr-x 2 root root 1024 Oct 9 11:01 ppp
|
||
|
||
|
||
|
||
|
||
|
||
If it does not exist - create it with these ownerships and
|
||
permissions.
|
||
|
||
|
||
If the directory already existed, it should contain a template options
|
||
file called options.tpl. This file is included below in case it does
|
||
not.
|
||
|
||
|
||
Print it out as it contains an explanation of nearly all the PPP
|
||
options (these are useful to read in conjunction with the pppd man
|
||
pages). Whilst you can use this file as the basis of your
|
||
/etc/ppp/options file, it is probably better to create your own
|
||
options file that does not include all the comments in the template -
|
||
it will be much shorter and easier to read/maintain.
|
||
|
||
|
||
If you have multiple serial lines/modems (typically the case for PPP
|
||
servers), create a general /etc/ppp/options file containing the
|
||
options that are common for all the serial ports on which you are
|
||
supporting dial in/out and set up individual option files for each
|
||
serial line on which you will be establishing a PPP connection with
|
||
the individual settings required for each port.
|
||
|
||
|
||
|
||
These port specific option files are named options.ttyx1,
|
||
options.ttyx2 and so forth (where x is the appropriate letter for your
|
||
serial ports).
|
||
|
||
|
||
However, for a single PPP connection, you can happily use the
|
||
/etc/ppp/options file. Alternatively, you can put all the options as
|
||
arguments in the pppd command itself.
|
||
|
||
|
||
It is easier to maintain a setup that uses /etc/ppp/options.ttySx
|
||
files. If you use PPP to connect to a number of different sites, you
|
||
can create option files for each site in /etc/ppp/options.site and
|
||
then specify the option file as a parameter to the PPP command as you
|
||
connect (using the file option-file pppd option to pppd on the command
|
||
line).
|
||
|
||
|
||
12.1. The supplied options.tpl file
|
||
|
||
Some distributions of PPP seem to have lost the options.tpl file, so
|
||
here is the complete file. I suggest that you do NOT edit this file to
|
||
create your /etc/ppp/options file(s). Rather, copy this to a new file
|
||
and then edit that. If you mess up your edits, you can then go back to
|
||
the original and start again.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
# /etc/ppp/options -*- sh -*- general options for pppd
|
||
# created 13-Jul-1995 jmk
|
||
# autodate: 01-Aug-1995
|
||
# autotime: 19:45
|
||
|
||
# Use the executable or shell command specified to set up the serial
|
||
# line. This script would typically use the "chat" program to dial the
|
||
# modem and start the remote ppp session.
|
||
#connect "echo You need to install a connect command."
|
||
|
||
# Run the executable or shell command specified after pppd has
|
||
# terminated the link. This script could, for example, issue commands
|
||
# to the modem to cause it to hang up if hardware modem control signals
|
||
# were not available.
|
||
#disconnect "chat -- \d+++\d\c OK ath0 OK"
|
||
|
||
# async character map -- 32-bit hex; each bit is a character
|
||
# that needs to be escaped for pppd to receive it. 0x00000001
|
||
# represents '\x01', and 0x80000000 represents '\x1f'.
|
||
#asyncmap 0
|
||
|
||
# Require the peer to authenticate itself before allowing network
|
||
# packets to be sent or received.
|
||
#auth
|
||
|
||
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
|
||
# on the serial port.
|
||
#crtscts
|
||
|
||
# Use software flow control (i.e. XON/XOFF) to control the flow of data
|
||
# on the serial port.
|
||
#xonxoff
|
||
|
||
# Add a default route to the system routing tables, using the peer as
|
||
# the gateway, when IPCP negotiation is successfully completed. This
|
||
# entry is removed when the PPP connection is broken.
|
||
#defaultroute
|
||
|
||
# Specifies that certain characters should be escaped on transmission
|
||
# (regardless of whether the peer requests them to be escaped with its
|
||
# async control character map). The characters to be escaped are
|
||
# specified as a list of hex numbers separated by commas. Note that
|
||
# almost any character can be specified for the escape option, unlike
|
||
# the asyncmap option which only allows control characters to be
|
||
# specified. The characters which may not be escaped are those with hex
|
||
# values 0x20 - 0x3f or 0x5e.
|
||
#escape 11,13,ff
|
||
|
||
# Don't use the modem control lines.
|
||
#local
|
||
|
||
# Specifies that pppd should use a UUCP-style lock on the serial device
|
||
# to ensure exclusive access to the device.
|
||
#lock
|
||
|
||
# Use the modem control lines. On Ultrix, this option implies hardware
|
||
# flow control, as for the crtscts option. (This option is not fully
|
||
# implemented.)
|
||
#modem
|
||
|
||
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
|
||
# will ask the peer to send packets of no more than <n> bytes. The
|
||
# minimum MRU value is 128. The default MRU value is 1500. A value of
|
||
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
|
||
# bytes of data).
|
||
#mru 542
|
||
|
||
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
|
||
# notation (e.g. 255.255.255.0).
|
||
#netmask 255.255.255.0
|
||
|
||
# Disables the default behaviour when no local IP address is specified,
|
||
# which is to determine (if possible) the local IP address from the
|
||
# hostname. With this option, the peer will have to supply the local IP
|
||
# address during IPCP negotiation (unless it specified explicitly on the
|
||
# command line or in an options file).
|
||
#noipdefault
|
||
|
||
# Enables the "passive" option in the LCP. With this option, pppd will
|
||
# attempt to initiate a connection; if no reply is received from the
|
||
# peer, pppd will then just wait passively for a valid LCP packet from
|
||
# the peer (instead of exiting, as it does without this option).
|
||
#passive
|
||
|
||
# With this option, pppd will not transmit LCP packets to initiate a
|
||
# connection until a valid LCP packet is received from the peer (as for
|
||
# the "passive" option with old versions of pppd).
|
||
#silent
|
||
|
||
# Don't request or allow negotiation of any options for LCP and IPCP
|
||
# (use default values).
|
||
#-all
|
||
|
||
# Disable Address/Control compression negotiation (use default, i.e.
|
||
# address/control field disabled).
|
||
#-ac
|
||
|
||
# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
|
||
# all control characters).
|
||
#-am
|
||
|
||
# Don't fork to become a background process (otherwise pppd will do so
|
||
# if a serial device is specified).
|
||
#-detach
|
||
|
||
# Disable IP address negotiation (with this option, the remote IP
|
||
# address must be specified with an option on the command line or in an
|
||
# options file).
|
||
#-ip
|
||
|
||
# Disable magic number negotiation. With this option, pppd cannot
|
||
# detect a looped-back line.
|
||
#-mn
|
||
|
||
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
|
||
# 1500).
|
||
#-mru
|
||
|
||
# Disable protocol field compression negotiation (use default, i.e.
|
||
# protocol field compression disabled).
|
||
#-pc
|
||
|
||
# Require the peer to authenticate itself using PAP.
|
||
# This requires TWO WAY authentication - do NOT use this for a standard
|
||
# PAP authenticated link to an ISP as this will require the ISP machine
|
||
# to authenticate itself to your machine (and it will not be able to).
|
||
#+pap
|
||
|
||
# Don't agree to authenticate using PAP.
|
||
#-pap
|
||
|
||
# Require the peer to authenticate itself using CHAP [Cryptographic
|
||
# Handshake Authentication Protocol] authentication.
|
||
# This requires TWO WAY authentication - do NOT use this for a standard
|
||
# CHAP authenticated link to an ISP as this will require the ISP machine
|
||
# to authenticate itself to your machine (and it will not be able to).
|
||
#+chap
|
||
|
||
# Don't agree to authenticate using CHAP.
|
||
#-chap
|
||
|
||
# Disable negotiation of Van Jacobson style IP header compression (use
|
||
# default, i.e. no compression).
|
||
#-vj
|
||
|
||
# Increase debugging level (same as -d). If this option is given, pppd
|
||
# will log the contents of all control packets sent or received in a
|
||
# readable form. The packets are logged through syslog with facility
|
||
# daemon and level debug. This information can be directed to a file by
|
||
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
|
||
# pppd is compiled with extra debugging enabled, it will log messages
|
||
# using facility local2 instead of daemon).
|
||
#debug
|
||
|
||
# Append the domain name <d> to the local host name for authentication
|
||
# purposes. For example, if gethostname() returns the name porsche,
|
||
# but the fully qualified domain name is porsche.Quotron.COM, you would
|
||
# use the domain option to set the domain name to Quotron.COM.
|
||
#domain <d>
|
||
|
||
# Enable debugging code in the kernel-level PPP driver. The argument n
|
||
# is a number which is the sum of the following values: 1 to enable
|
||
# general debug messages, 2 to request that the contents of received
|
||
# packets be printed, and 4 to request that the contents of transmitted
|
||
# packets be printed.
|
||
#kdebug n
|
||
|
||
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
|
||
# requests a smaller value via MRU negotiation, pppd will request that
|
||
# the kernel networking code send data packets of no more than n bytes
|
||
# through the PPP network interface.
|
||
#mtu <n>
|
||
|
||
# Set the name of the local system for authentication purposes to <n>.
|
||
# This will probably have to be set to your ISP user name if you are
|
||
# using PAP/CHAP.
|
||
#name <n>
|
||
|
||
# Set the user name to use for authenticating this machine with the peer
|
||
# using PAP to <u>.
|
||
# Do NOT use this if you are using 'name' above!
|
||
#user <u>
|
||
|
||
# Enforce the use of the host name as the name of the local system for
|
||
# authentication purposes (overrides the name option).
|
||
#usehostname
|
||
|
||
# Set the assumed name of the remote system for authentication purposes
|
||
# to <n>.
|
||
#remotename <n>
|
||
|
||
# Add an entry to this system's ARP [Address Resolution Protocol]
|
||
# table with the IP address of the peer and the Ethernet address of this
|
||
# system.
|
||
#proxyarp
|
||
|
||
# Use the system password database for authenticating the peer using
|
||
# PAP.
|
||
#login
|
||
|
||
# If this option is given, pppd will send an LCP echo-request frame to
|
||
# the peer every n seconds. Under Linux, the echo-request is sent when
|
||
# no packets have been received from the peer for n seconds. Normally
|
||
# the peer should respond to the echo-request by sending an echo-reply.
|
||
# This option can be used with the lcp-echo-failure option to detect
|
||
# that the peer is no longer connected.
|
||
#lcp-echo-interval <n>
|
||
|
||
# If this option is given, pppd will presume the peer to be dead if n
|
||
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
|
||
# If this happens, pppd will terminate the connection. Use of this
|
||
# option requires a non-zero value for the lcp-echo-interval parameter.
|
||
# This option can be used to enable pppd to terminate after the physical
|
||
# connection has been broken (e.g., the modem has hung up) in
|
||
# situations where no hardware modem control lines are available.
|
||
#lcp-echo-failure <n>
|
||
|
||
# Set the LCP restart interval (retransmission timeout) to <n> seconds
|
||
# (default 3).
|
||
#lcp-restart <n>
|
||
|
||
# Set the maximum number of LCP terminate-request transmissions to <n>
|
||
# (default 3).
|
||
#lcp-max-terminate <n>
|
||
|
||
# Set the maximum number of LCP configure-request transmissions to <n>
|
||
# (default 10).
|
||
# Some PPP servers are slow to start up. You may need to increase this
|
||
# if you keep getting 'serial line looped back' errors and your are SURE
|
||
# that you have logged in correctly and PPP should be starting on the server.
|
||
#lcp-max-configure <n>
|
||
|
||
# Set the maximum number of LCP configure-NAKs returned before starting
|
||
# to send configure-Rejects instead to <n> (default 10).
|
||
#lcp-max-failure <n>
|
||
|
||
# Set the IPCP restart interval (retransmission timeout) to <n>
|
||
# seconds (default 3).
|
||
#ipcp-restart <n>
|
||
|
||
# Set the maximum number of IPCP terminate-request transmissions to <n>
|
||
# (default 3).
|
||
#ipcp-max-terminate <n>
|
||
|
||
# Set the maximum number of IPCP configure-request transmissions to <n>
|
||
# (default 10).
|
||
#ipcp-max-configure <n>
|
||
|
||
# Set the maximum number of IPCP configure-NAKs returned before starting
|
||
# to send configure-Rejects instead to <n> (default 10).
|
||
#ipcp-max-failure <n>
|
||
|
||
# Set the PAP restart interval (retransmission timeout) to <n> seconds
|
||
# (default 3).
|
||
#pap-restart <n>
|
||
|
||
# Set the maximum number of PAP authenticate-request transmissions to
|
||
# <n> (default 10).
|
||
#pap-max-authreq <n>
|
||
|
||
# Set the CHAP restart interval (retransmission timeout for
|
||
# challenges) to <n> seconds (default 3).
|
||
#chap-restart <n>
|
||
# Set the maximum number of CHAP challenge transmissions to <n>
|
||
# (default 10).
|
||
#chap-max-challenge
|
||
|
||
# If this option is given, pppd will re-challenge the peer every <n>
|
||
# seconds.
|
||
#chap-interval <n>
|
||
|
||
# With this option, pppd will accept the peer's idea of our local IP
|
||
# address, even if the local IP address was specified in an option.
|
||
#ipcp-accept-local
|
||
|
||
# With this option, pppd will accept the peer's idea of its (remote) IP
|
||
# address, even if the remote IP address was specified in an option.
|
||
#ipcp-accept-remote
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
|
||
12.2. What options should I use? (No PAP/CHAP)
|
||
|
||
Well, as in all things that depends (sigh). The options specified here
|
||
should work with most servers.
|
||
|
||
|
||
However, if it does NOT work, READ THE TEMPLATE FILE
|
||
(/etc/ppp/options.tpl) and the pppd man pages and speak to the
|
||
sysadmin/user support people who run the server to which you are
|
||
connecting.
|
||
|
||
|
||
You should also note that the connect scripts presented here also use
|
||
some command line options to pppd to make things a bit easier to
|
||
change.
|
||
|
||
|
||
______________________________________________________________________
|
||
# /etc/ppp/options (NO PAP/CHAP)
|
||
#
|
||
# Prevent pppd from forking into the background
|
||
-detach
|
||
#
|
||
# use the modem control lines
|
||
modem
|
||
# use uucp style locks to ensure exclusive access to the serial device
|
||
lock
|
||
# use hardware flow control
|
||
crtscts
|
||
# create a default route for this connection in the routing table
|
||
defaultroute
|
||
# do NOT set up any "escaped" control sequences
|
||
asyncmap 0
|
||
# use a maximum transmission packet size of 552 bytes
|
||
mtu 552
|
||
# use a maximum receive packet size of 552 bytes
|
||
mru 552
|
||
#
|
||
#-------END OF SAMPLE /etc/ppp/options (no PAP/CHAP)
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
|
||
13. Protocol) If your PPP server uses PAP (Password Authentication
|
||
|
||
If the server to which you are connecting requires PAP or CHAP
|
||
authentication, you have a little bit more work.
|
||
|
||
|
||
To the above options file, add the following lines
|
||
|
||
______________________________________________________________________
|
||
#
|
||
# force pppd to use your ISP user name as your 'host name' during the
|
||
# authentication process
|
||
name <your ISP user name> # you need to edit this line
|
||
#
|
||
# If you are running a PPP *server* and need to force PAP or CHAP
|
||
# uncomment the appropriate one of the following lines. Do NOT use
|
||
# these is you are a client connecting to a PPP server (even if it uses PAP
|
||
# or CHAP) as this tells the SERVER to authenticate itself to your
|
||
# machine (which almost certainly can't do - and the link will fail).
|
||
#+chap
|
||
#+pap
|
||
#
|
||
# If you are using ENCRYPTED secrets in the /etc/ppp/pap-secrets
|
||
# file, then uncomment the following line.
|
||
# Note: this is NOT the same as using MS encrypted passwords as can be
|
||
# set up in MS RAS on Windows NT.
|
||
#+papcrypt
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
13.1. Using MSCHAP
|
||
|
||
Microsoft Windows NT RAS can be set up to use a variation on CHAP
|
||
(Challenge/Handshake Authentication Protocol). In your PPP sources tar
|
||
ball, you will find a file called README.MSCHAP80 that discusses this.
|
||
|
||
|
||
You can determine if the server is requesting authentication using
|
||
this protocol by enabling debugging for pppd. If the server is
|
||
requesting MS CHAP authentication, you will see lines like
|
||
|
||
|
||
______________________________________________________________________
|
||
rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap 80> <magic 0x46a3>]
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
The critical information here is auth chap 80.
|
||
|
||
|
||
In order to use MS CHAP, you will need to recompile pppd to support
|
||
this. Please see the instructions in the README.MSCHAP80 file in the
|
||
PPP source file for instructions on how to compile and use this
|
||
variation.
|
||
|
||
|
||
You should note that at present this code supports only Linux PPP
|
||
clients connecting to an MS Windows NT server. It does NOT support
|
||
setting up a Linux PPP server to use MSCHAP80 authentication from
|
||
clients.
|
||
|
||
|
||
13.2. The PAP/CHAP secrets file
|
||
|
||
If you are using pap or chap authentication, then you also need to
|
||
create the secrets file. These are:
|
||
|
||
______________________________________________________________________
|
||
/etc/ppp/pap-secrets
|
||
/etc/ppp/chap-secrets
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
They must be owned by user root, group root and have file permissions
|
||
740 for security.
|
||
|
||
|
||
The first point to note about PAP and CHAP is that they are designed
|
||
to authenticate computer systems not users.
|
||
|
||
|
||
"Huh? What's the difference?" I hear you ask.
|
||
|
||
|
||
Well now, once your computer has made its PPP connection to the
|
||
server, ANY user on your system can use that connection - not just
|
||
you. This is why you can set up a WAN (wide area network) link that
|
||
joins two LANs (local area networks) using PPP.
|
||
|
||
|
||
PAP can (and for CHAP DOES) require bidirectional authentication -
|
||
that is a valid name and secret is required on each computer for the
|
||
other computer involved. However, this is NOT the way most PPP servers
|
||
offering dial up PPP PAP-authenticated connections operate.
|
||
|
||
|
||
That being said, your ISP will probably have given you a user name and
|
||
password to allow you to connect to their system and thence the
|
||
Internet. Your ISP is not interested in your computer's name at all,
|
||
so you will probably need to use the user name at your ISP as the name
|
||
for your computer.
|
||
|
||
|
||
This is done using the name user name option to pppd. So, if you are
|
||
to use the user name given you by your ISP, add the line
|
||
|
||
______________________________________________________________________
|
||
name your_user name_at_your_ISP
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
to your /etc/ppp/options file.
|
||
|
||
|
||
Technically, you should really use user our_user name_at_your_ISP for
|
||
PAP, but pppd is sufficiently intelligent to interpret name as user if
|
||
it is required to use PAP. The advantage of using the name option is
|
||
that this is also valid for CHAP.
|
||
|
||
|
||
As PAP is for authenticating computers, technically you need also to
|
||
specify a remote computer name. However, as most people only have one
|
||
ISP, you can use a wild card (*) for the remote host name in the
|
||
secrets file.
|
||
|
||
It is also worth noting that many ISPs operate multiple modem banks
|
||
connected to different terminal servers - each with a different name,
|
||
but ACCESSED from a single (rotary) dial in number. It can therefore
|
||
be quite difficult in some circumstances to know ahead of time what
|
||
the name of the remote computer is, as this depends on which terminal
|
||
server you connect to!
|
||
|
||
|
||
13.3. The PAP secrets file
|
||
|
||
The /etc/ppp/pap-secrets file looks like
|
||
|
||
______________________________________________________________________
|
||
# Secrets for authentication using PAP
|
||
# client server secret acceptable_local_IP_addresses
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
The four fields are white space delimited and the last one can be
|
||
blank (which is what you want for a dynamic and probably static IP
|
||
allocation from your ISP).
|
||
|
||
|
||
Suppose your ISP gave you a user name of fred and a password of
|
||
flintstone you would set the name fred option in
|
||
/etc/ppp/options[.ttySx] and set up your /etc/ppp/pap-secrets file as
|
||
follows
|
||
|
||
|
||
______________________________________________________________________
|
||
# Secrets for authentication using PAP
|
||
# client server secret acceptable local IP addresses
|
||
fred * flintstone
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This says for the local machine name fred (which we have told pppd to
|
||
use even though it is not our local machine name) and for ANY server,
|
||
use the password (secret) of flintstone.
|
||
|
||
|
||
Note that we do not need to specify a local IP address, unless we are
|
||
required to FORCE a particular local, static IP address. Even if you
|
||
try this, it is unlikely to work as most PPP servers (for security
|
||
reasons) do not allow the remote system to set the IP number they are
|
||
to be given.
|
||
|
||
|
||
13.4. The CHAP secrets file
|
||
|
||
This requires that you have mutual authentication methods - that is
|
||
you must allow for both your machine to authenticate the remote server
|
||
AND the remote server to authenticate your machine.
|
||
|
||
|
||
So, if your machine is fred and the remote is barney, your machine
|
||
would set name fred remotename barney and the remote machine would set
|
||
name barney remotename fred in their respective /etc/ppp/options.ttySx
|
||
files.
|
||
|
||
|
||
|
||
The /etc/chap-secrets file for fred would look like
|
||
|
||
______________________________________________________________________
|
||
# Secrets for authentication using CHAP
|
||
# client server secret acceptable local IP addresses
|
||
fred barney flintstone
|
||
barney fred wilma
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
and for barney
|
||
|
||
|
||
______________________________________________________________________
|
||
# Secrets for authentication using CHAP
|
||
# client server secret acceptable local IP addresses
|
||
barney fred flintstone
|
||
fred barney wilma
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Note in particular that both machines must have entries for
|
||
bidirectional authentication. This allows the local machine to
|
||
authenticate itself to the remote AND the remote machine to
|
||
authenticate itself to the local machine.
|
||
|
||
|
||
13.5. Handling multiple PAP-authenticated connections
|
||
|
||
Some users have more than one server to which they connect that use
|
||
PAP. Provided that your user name is different on each machine to
|
||
which you want to connect, this is not a problem.
|
||
|
||
|
||
However, many users have the same user name on two (or more - even
|
||
all) systems to which they connect. This then presents a problem in
|
||
correctly selecting the appropriate line from /etc/ppp/pap-secrets.
|
||
|
||
|
||
As you might expect, PPP provides a mechanism for overcoming this. PPP
|
||
allows you to set an 'assumed name' for the remote (server) end of the
|
||
connection using the remotename option to pppd.
|
||
|
||
|
||
Let us suppose that you connect to two PPP servers using the username
|
||
fred. You set up your /etc/ppp/pap-secrets something like
|
||
|
||
|
||
______________________________________________________________________
|
||
fred pppserver1 barney
|
||
fred pppserver2 wilma
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Now, to set connect to pppserver1 you would use name fred remotename
|
||
pppserver1 in your ppp-options and for pppserver2 name fred remotename
|
||
pppserver2.
|
||
|
||
|
||
|
||
As you can select the ppp options file to use with pppd using the file
|
||
filename option, you can set up a script to connect to each of your
|
||
PPP servers, correctly picking the options file to use and hence
|
||
selecting the right remotename option.
|
||
|
||
|
||
14. Setting up the PPP connection manually
|
||
|
||
Now that you have created your /etc/ppp/options and /etc/resolv.conf
|
||
files (and, if necessary, the /etc/ppp/pap|chap-secrets file), you can
|
||
test the settings by manually establishing a PPP connection. (Once we
|
||
have the manual connection working, we will automate the process).
|
||
|
||
|
||
To do this, your communications software must be capable of quitting
|
||
WITHOUT resetting the modem. Minicom can do this - ALT Q (or in older
|
||
version of minicom CTRL A Q)
|
||
|
||
|
||
Make sure you are logged in as root.
|
||
|
||
|
||
Fire up you communications software (such as minicom), dial into the
|
||
PPP server and log in as normal. If you need to issue a command to
|
||
start up PPP on the server, do so. You will now see the garbage you
|
||
saw before.
|
||
|
||
|
||
If you are using pap or chap, then merely connecting to the remote
|
||
system should start ppp on the remote and you will see the garbage
|
||
without logging in (although this may not happen for some servers -
|
||
try pressing Enter and see if the garbage starts up).
|
||
|
||
|
||
Now quit the communications software without resetting the modem (ALT
|
||
Q or CTL A Q in minicom) and at the Linux prompt (as root) type
|
||
|
||
|
||
______________________________________________________________________
|
||
pppd -d -detach /dev/ttySx 38400 &
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
The -d option turns on debugging - the ppp connection start up
|
||
conversation will be logged to your system log - which is useful if
|
||
you are having trouble.
|
||
|
||
|
||
Your modem lights should now flash as the PPP connection is
|
||
established. It will take a short while for the PPP connection to be
|
||
made.
|
||
|
||
|
||
At this point you can look at the PPP interface, by issuing the
|
||
command
|
||
|
||
|
||
______________________________________________________________________
|
||
ifconfig
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
In addition to any Ethernet and loop back devices you have, you should
|
||
see something like :-
|
||
|
||
|
||
______________________________________________________________________
|
||
ppp0 Link encap:Point-Point Protocol
|
||
inet addr:10.144.153.104 P-t-P:10.144.153.51 Mask:255.255.255.0
|
||
UP POINTOPOINT RUNNING MTU:552 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Where
|
||
|
||
· inet addr:10.144.153.10 is the IP number of your end of the link.
|
||
|
||
· P-t-P:10.144.153.5 is the SERVER's IP number.
|
||
|
||
(Naturally, ifconfig will not report these IP numbers, but the ones
|
||
used by your PPP server.)
|
||
|
||
|
||
Note: ifconfig also tells you that the link is UP and RUNNING!
|
||
|
||
|
||
If you get no ppp device listed or something like
|
||
|
||
|
||
______________________________________________________________________
|
||
ppp0 Link encap:Point-Point Protocol
|
||
inet addr:0.0.0.0 P-t-P:0.0.0.0 Mask:0.0.0.0
|
||
POINTOPOINT MTU:1500 Metric:1
|
||
RX packets:0 errors:0 dropped:0 overruns:0
|
||
TX packets:0 errors:0 dropped:0 overruns:0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Your PPP connection has not been made...see the later section on
|
||
debugging!
|
||
|
||
|
||
You should also be able to see a route to the the remote host (and
|
||
beyond). To do this, issue the command
|
||
|
||
|
||
______________________________________________________________________
|
||
route -n
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
You should se something like:-
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
Kernel routing table
|
||
Destination Gateway Genmask Flags MSS Window Use Iface
|
||
10.144.153.3 * 255.255.255.255 UH 1500 0 1 ppp0
|
||
127.0.0.0 * 255.0.0.0 U 3584 0 11 lo
|
||
10.0.0.0 * 255.0.0.0 U 1500 0 35 eth0
|
||
default 10.144.153.3 * UG 1500 0 5 ppp0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Of particular importance here, notice we have TWO entries pointing to
|
||
our ppp interface.
|
||
|
||
|
||
The first is a HOST route (indicated by the H flag) and that allows us
|
||
to see the host to which we are connected to - but no further.
|
||
|
||
|
||
The second is the default route (established by giving pppd the option
|
||
defaultroute. This is the route that tells our Linux PC to send any
|
||
packets NOT destined for the local Ethernet(s) - to which we have
|
||
specific network routes - to the PPP server itself. The PPP server
|
||
then is responsible for routing our packets out onto the Internet and
|
||
routing the return packets back to us.
|
||
|
||
|
||
If you do not see a routing table with two entries, something is
|
||
wrong. In particular if your syslog shows a message telling you pppd
|
||
is not replacing an existing default route, then you have a default
|
||
route pointing at your Ethernet interface - which MUST be replaced by
|
||
a specific network route: YOU CAN ONLY HAVE ONE DEFAULT ROUTE!!!
|
||
|
||
|
||
You will need to explore your system initialisation files to find out
|
||
where this default route is being set up (it will use a route add
|
||
default... command). Change this command to something like route add
|
||
net....
|
||
|
||
|
||
Now test the link by 'pinging' the server at its IP number as reported
|
||
by the ifconfig output, i.e.
|
||
|
||
|
||
______________________________________________________________________
|
||
ping 10.144.153.51
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
You should receive output like
|
||
|
||
|
||
______________________________________________________________________
|
||
PING 10.144.153.51 (10.144.153.51): 56 data bytes
|
||
64 bytes from 10.144.153.51: icmp_seq=0 ttl=255 time=328.3 ms
|
||
64 bytes from 10.144.153.51: icmp_seq=1 ttl=255 time=190.5 ms
|
||
64 bytes from 10.144.153.51: icmp_seq=2 ttl=255 time=187.5 ms
|
||
64 bytes from 10.144.153.51: icmp_seq=3 ttl=255 time=170.7 ms
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This listing will go on for ever - to stop it press CTRL C, at which
|
||
point you will receive some more information :-
|
||
|
||
|
||
______________________________________________________________________
|
||
--- 10.144.153.51 ping statistics ---
|
||
4 packets transmitted, 4 packets received, 0% packet loss
|
||
round-trip min/avg/max = 170.7/219.2/328.3 ms
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
So far so good.
|
||
|
||
|
||
Now try pinging a host by name (not the name of the PPP server itself)
|
||
but a host at another site that you KNOW is probably going to be up
|
||
and running...). For example
|
||
|
||
|
||
______________________________________________________________________
|
||
ping sunsite.unc.edu
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This time there will be a bit of a pause as Linux obtains the IP
|
||
number for the fully qualified host name you have 'ping'ed from the
|
||
DNS you specified in /etc/resolv.conf - so don't worry (but you will
|
||
see your modem lights flash). Shortly you will receive output like
|
||
|
||
|
||
______________________________________________________________________
|
||
PING sunsite.unc.edu (152.2.254.81): 56 data bytes
|
||
64 bytes from 152.2.254.81: icmp_seq=0 ttl=254 time=190.1 ms
|
||
64 bytes from 152.2.254.81: icmp_seq=1 ttl=254 time=180.6 ms
|
||
64 bytes from 152.2.254.81: icmp_seq=2 ttl=254 time=169.8 ms
|
||
64 bytes from 152.2.254.81: icmp_seq=3 ttl=254 time=170.6 ms
|
||
64 bytes from 152.2.254.81: icmp_seq=4 ttl=254 time=170.6 ms
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Again, stop the output by pressing CTRL C and get the statistics...
|
||
|
||
|
||
______________________________________________________________________
|
||
--- sunsite.unc.edu ping statistics ---
|
||
5 packets transmitted, 5 packets received, 0% packet loss
|
||
round-trip min/avg/max = 169.8/176.3/190.1 ms
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
If you don't get any response, try pinging the IP address of the DNS
|
||
server at your ISP's site. If you get a result from this, then it
|
||
looks like you have a problem with /etc/resolv.conf.
|
||
|
||
|
||
If this doesn't work, you have a routing problem, or your ISP has a
|
||
problem routing packets back to you. Check your routing table as shown
|
||
above and if that is OK, contact your ISP. A good test of the ISP is
|
||
to use another operating system to connect. If you can get beyond your
|
||
ISP with that, then the problem is at your end.
|
||
|
||
|
||
If everything works, shut down the connection by typing
|
||
|
||
|
||
______________________________________________________________________
|
||
ppp-off
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
After a short pause, the modem should hang itself up.
|
||
|
||
|
||
If that does not work, either turn off your modem or fire up your
|
||
communications software and interrupt the modem with +++ and then hang
|
||
up with ATH0 when you receive the modem's OK prompt.
|
||
|
||
|
||
You may also need to clean up the lock file created by pppd
|
||
|
||
______________________________________________________________________
|
||
rm -f /var/lock/LCK..ttySx
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
15. Automating your connections - Creating the connection scripts
|
||
|
||
Whilst you can continue to log in by hand as shown above, it is much
|
||
neater to set up some scripts to do this automatically for you.
|
||
|
||
|
||
A set of scripts automates the log in and PPP start up so all you have
|
||
to do (as root or as a member of the PPP group) is issue a single
|
||
command to fire up your connection.
|
||
|
||
|
||
15.1. Connection scripts for User name/Password Authentication
|
||
|
||
If your ISP does NOT require the use of PAP/CHAP, these are the
|
||
scripts for you!
|
||
|
||
|
||
If the ppp package installed correctly, you should have two example
|
||
files. For PPP 2.1.2 they are in /usr/sbin and for PPP 2.2 they are
|
||
in /etc/ppp/scripts. They are called
|
||
|
||
|
||
for PPP-2.1.2
|
||
|
||
|
||
|
||
ppp-on
|
||
ppp-off
|
||
|
||
|
||
|
||
|
||
|
||
and for PPP-2.2
|
||
|
||
ppp-off
|
||
ppp-on
|
||
ppp-on-dialer
|
||
|
||
|
||
|
||
|
||
|
||
Now, if you are using PPP 2.1.2, I strongly urge you to delete the
|
||
sample files. There are potential problems with these - and don't tell
|
||
me they work fine - I used them for ages too (and recommended them in
|
||
the first version of this HOWTO)!
|
||
|
||
|
||
For the benefit of PPP 2.1.2 users, here are BETTER template versions,
|
||
taken from the PPP 2.2 distribution. I suggest you copy and use these
|
||
scripts instead of the old PPP-2.1.2 scripts.
|
||
|
||
|
||
15.2. The ppp-on script
|
||
|
||
This is the first of a PAIR of scripts that actually fire up the
|
||
connection.
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/sh
|
||
#
|
||
# Script to initiate a PPP connection. This is the first part of the
|
||
# pair of scripts. This is not a secure pair of scripts as the codes
|
||
# are visible with the 'ps' command. However, it is simple.
|
||
#
|
||
# These are the parameters. Change as needed.
|
||
TELEPHONE=555-1212 # The telephone number for the connection
|
||
ACCOUNT=george # The account name for logon (as in 'George Burns')
|
||
PASSWORD=gracie # The password for this account (and 'Gracie Allen')
|
||
LOCAL_IP=0.0.0.0 # Local IP address if known. Dynamic = 0.0.0.0
|
||
REMOTE_IP=0.0.0.0 # Remote IP address if desired. Normally 0.0.0.0
|
||
NETMASK=255.255.255.0 # The proper netmask if needed
|
||
#
|
||
# Export them so that they will be available to 'ppp-on-dialer'
|
||
export TELEPHONE ACCOUNT PASSWORD
|
||
#
|
||
# This is the location of the script which dials the phone and logs
|
||
# in. Please use the absolute file name as the $PATH variable is not
|
||
# used on the connect option. (To do so on a 'root' account would be
|
||
# a security hole so don't ask.)
|
||
#
|
||
DIALER_SCRIPT=/etc/ppp/ppp-on-dialer
|
||
#
|
||
# Initiate the connection
|
||
#
|
||
#
|
||
exec /usr/sbin/pppd debug /dev/ttySx 38400 \
|
||
$LOCAL_IP:$REMOTE_IP \
|
||
connect $DIALER_SCRIPT
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Here is the ppp-on-dialer script:-
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/sh
|
||
#
|
||
# This is part 2 of the ppp-on script. It will perform the connection
|
||
# protocol for the desired connection.
|
||
#
|
||
/usr/sbin/chat -v \
|
||
TIMEOUT 3 \
|
||
ABORT '\nBUSY\r' \
|
||
ABORT '\nNO ANSWER\r' \
|
||
ABORT '\nRINGING\r\n\r\nRINGING\r' \
|
||
'' \rAT \
|
||
'OK-+++\c-OK' ATH0 \
|
||
TIMEOUT 30 \
|
||
OK ATDT$TELEPHONE \
|
||
CONNECT '' \
|
||
ogin:--ogin: $ACCOUNT \
|
||
assword: $PASSWORD
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
For PPP-2.2, the ppp-off script looks like:-
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/sh
|
||
######################################################################
|
||
#
|
||
# Determine the device to be terminated.
|
||
#
|
||
if [ "$1" = "" ]; then
|
||
DEVICE=ppp0
|
||
else
|
||
DEVICE=$1
|
||
fi
|
||
|
||
######################################################################
|
||
#
|
||
# If the ppp0 pid file is present then the program is running. Stop it.
|
||
if [ -r /var/run/$DEVICE.pid ]; then
|
||
kill -INT `cat /var/run/$DEVICE.pid`
|
||
#
|
||
# If the kill did not work then there is no process running for this
|
||
# pid. It may also mean that the lock file will be left. You may wish
|
||
# to delete the lock file at the same time.
|
||
if [ ! "$?" = "0" ]; then
|
||
rm -f /var/run/$DEVICE.pid
|
||
echo "ERROR: Removed stale pid file"
|
||
exit 1
|
||
fi
|
||
#
|
||
# Success. Let pppd clean up its own junk.
|
||
echo "PPP link to $DEVICE terminated."
|
||
exit 0
|
||
fi
|
||
#
|
||
# The ppp process is not running for ppp0
|
||
echo "ERROR: PPP link is not active on $DEVICE"
|
||
exit 1
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
15.3. Editing the supplied PPP startup scripts
|
||
|
||
As the new scripts come in two parts, we will edit them in turn.
|
||
|
||
|
||
15.3.1. The ppp-on script
|
||
|
||
You will need to edit the script to reflect YOUR user name at your
|
||
ISP, YOUR password at your ISP, the telephone number of your ISP.
|
||
|
||
|
||
Each of the lines like TELEPHONE= actually set up shell variables that
|
||
contain the information to the right of the '=' (excluding the
|
||
comments of course). So edit each of these lines so it is correct for
|
||
your ISP and connection.
|
||
|
||
|
||
Also, as you are setting the IP number (if you need to) in the
|
||
/etc/ppp/options file, DELETE the line that says
|
||
|
||
|
||
______________________________________________________________________
|
||
$LOCAL_IP:$REMOTE_IP \
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Also, make sure that the shell variable DIALER_SCRIPT points at the
|
||
full path and name of the dialer script that you are actually going to
|
||
use. So, if you have moved this or renamed the script, make sure you
|
||
edit this line correctly in the ppp-on script!
|
||
|
||
|
||
15.3.2. The ppp-on-dialer script
|
||
|
||
This is the second of the scripts that actually brings up our ppp
|
||
link.
|
||
|
||
|
||
Note: a chat script is normally all on one line. the backslashes are
|
||
used to allow line continuations across several physical lines (for
|
||
human readability) and do not form part of the script itself.
|
||
|
||
|
||
However, it is very useful to look at it in detail so that we
|
||
understand what it is actually (supposed) to be doing!
|
||
|
||
|
||
15.4. What a Chat script means...
|
||
|
||
A chat script is a sequence of "expect string" "send string" pairs. In
|
||
particular, note that we ALWAYS expect something before we send
|
||
something.
|
||
|
||
|
||
If we are to send something WITHOUT receiving anything first, we must
|
||
use an empty expect string (indicated by "") and similarly for
|
||
expecting something without sending anything! Also, if a string
|
||
consists of several words, (e.g. NO CARRIER), you must quote the
|
||
string so that it is seen as a single entity by chat.
|
||
|
||
|
||
The chat line in our template is:-
|
||
|
||
|
||
______________________________________________________________________
|
||
exec /usr/sbin/chat -v
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Invoke chat, the -v tells chat to copy ALL its I/O into the system log
|
||
(usually /var/log/messages). Once you are happy that the chat script
|
||
is working reliably, edit this line to remove the -v to save
|
||
unnecessary clutter in your syslog.
|
||
|
||
|
||
______________________________________________________________________
|
||
TIMEOUT 3
|
||
______________________________________________________________________
|
||
|
||
|
||
This sets the timeout for the receipt of expected input to three sec
|
||
onds. You may need to increase this to say 5 or 10 seconds if you are
|
||
using a really slow modem!
|
||
|
||
|
||
______________________________________________________________________
|
||
ABORT '\nBUSY\r'
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
If the string BUSY is received, abort the operation.
|
||
|
||
|
||
______________________________________________________________________
|
||
ABORT '\nNO ANSWER\r'
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
If the string NO ANSWER is received, abort the operation
|
||
|
||
|
||
______________________________________________________________________
|
||
ABORT '\nRINGING\r\n\r\nRINGING\r'
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
If the (repeated) string RINGING is received, abort the operation.
|
||
This is because someone is ringing your phone line!
|
||
|
||
|
||
______________________________________________________________________
|
||
" \rAT
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Expect nothing from the modem and send the string AT.
|
||
|
||
|
||
______________________________________________________________________
|
||
OK-+++\c-OK ATH0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This one is a bit more complicated as it uses some of chat's error
|
||
recovery capabilities.
|
||
|
||
|
||
What is says is...Expect OK, if it is NOT received (because the modem
|
||
is not in command mode) then send +++ (the standard Hayes-compatible
|
||
modem string that returns the modem to command mode) and expect OK.
|
||
Then send ATH0 (the modem hang up string). This allows your script to
|
||
cope with the situation of your modem being stuck on-line!
|
||
|
||
|
||
______________________________________________________________________
|
||
TIMEOUT 30
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Set the timeout to 30 seconds for the remainder of the script. If you
|
||
experience trouble with the chat script aborting due to timeouts,
|
||
increase this to 45 seconds or more.
|
||
|
||
|
||
______________________________________________________________________
|
||
OK ATDT$TELEPHONE
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Expect OK (the modem's response to the ATH0 command) and dial the
|
||
number we want to call.
|
||
|
||
|
||
______________________________________________________________________
|
||
CONNECT ''
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Expect CONNECT (which our modem sends when the remote modem answers)
|
||
and send nothing in reply.
|
||
|
||
|
||
______________________________________________________________________
|
||
ogin:--ogin: $ACCOUNT
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Again, we have some error recovery built in here. Expect the login
|
||
prompt (...ogin:) but if we don't receive it by the timeout, send a
|
||
return and then look for the login prompt again. When the prompt is
|
||
received, send the username (stored in the shell variable $ACCOUNT).
|
||
|
||
|
||
______________________________________________________________________
|
||
assword: $PASSWORD
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
Expect the password prompt and send our password (again, stored in a
|
||
shell variable).
|
||
|
||
|
||
This chat script has reasonable error recovery capability. Chat has
|
||
considerably more features than demonstrated here. For more
|
||
information consult the chat manual page (man 8 chat).
|
||
|
||
|
||
15.4.1. Starting PPP at the server end
|
||
|
||
Whilst the ppp-on-dialer script is fine for servers that automatically
|
||
start pppd at the server end once you have logged in, some servers
|
||
require that you explicitly start PPP on the server.
|
||
|
||
|
||
If you need to issue a command to start up PPP on the server, you DO
|
||
need to edit the ppp-on-dialer script.
|
||
|
||
|
||
At the END of the script (after the password line) add an additional
|
||
expect send pair - this one would look for your login prompt (beware
|
||
of characters that have a special meaning in the Bourne shell - such
|
||
as $ and [ or ] (open and close square brackets).
|
||
|
||
|
||
Once chat has found the shell prompt, chat must issue the ppp start up
|
||
command required for your ISPs PPP server.
|
||
|
||
|
||
In my case, my PPP server uses the standard Linux Bash prompt
|
||
|
||
______________________________________________________________________
|
||
[hartr@kepler hartr]$
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
and requires that I type
|
||
|
||
|
||
______________________________________________________________________
|
||
ppp
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
to start up PPP on the server.
|
||
|
||
|
||
It is a good idea to allow for a bit of error recovery here, so in my
|
||
case I use
|
||
|
||
______________________________________________________________________
|
||
hartr--hartr ppp
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This says, if we don't receive the prompt within the timeout, send a
|
||
carriage return and looks for the prompt again.
|
||
|
||
|
||
Once the prompt is received, then send the string ppp.
|
||
|
||
|
||
Note: don't forget to add a \ to the end of the previous line so chat
|
||
still thinks the entire chat script is on one line!
|
||
|
||
Unfortunately, some servers produce a very variable set of prompts!
|
||
You may need to log in several times using minicom to understand what
|
||
is going on and pick the stable "expect" strings.
|
||
|
||
|
||
15.5. A chat script for PAP/CHAP authenticated connections
|
||
|
||
If your ISP is using PAP/CHAP, then your chat script is much simpler.
|
||
All your chat script needs to do is dial the telephone, wait for a
|
||
connect and then let pppd handle the logging in!
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/sh
|
||
#
|
||
# This is part 2 of the ppp-on script. It will perform the connection
|
||
# protocol for the desired connection.
|
||
#
|
||
exec /usr/sbin/chat -v \
|
||
TIMEOUT 3 \
|
||
ABORT '\nBUSY\r' \
|
||
ABORT '\nNO ANSWER\r' \
|
||
ABORT '\nRINGING\r\n\r\nRINGING\r' \
|
||
'' \rAT \
|
||
'OK-+++\c-OK' ATH0 \
|
||
TIMEOUT 30 \
|
||
OK ATDT$TELEPHONE \
|
||
CONNECT '' \
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
|
||
|
||
15.6. The pppd debug and file option_file options
|
||
|
||
As we have already seen, you can turn on debug information logging
|
||
with the -d option to pppd. The 'debug' option is equivalent to this.
|
||
|
||
|
||
As we are establishing a new connection with a new script, leave in
|
||
the debug option for now. (Warning: if your disk space is tight,
|
||
logging pppd exchanges can rapidly extend your syslog file and run you
|
||
into trouble - but to do this you must fail to connect and keep on
|
||
trying for quite a few minutes).
|
||
|
||
|
||
Once you are happy that all is working properly, then you can remove
|
||
this option.
|
||
|
||
|
||
If you have called your ppp options file anything other than
|
||
/etc/ppp/options or /etc/ppp/options.ttySx, specify the file name with
|
||
the file option to pppd - e.g.
|
||
|
||
|
||
______________________________________________________________________
|
||
exec /usr/sbin/pppd debug file options.myserver /dev/ttyS0 38400 \
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
|
||
|
||
16. Testing your connection script
|
||
|
||
Open a new root Xterm (if you are in X) or open a new virtual console
|
||
and log in as root.
|
||
|
||
|
||
In this new session, issue the command
|
||
|
||
|
||
|
||
tail -f /var/log/messages
|
||
|
||
|
||
|
||
|
||
|
||
(or whatever your system log file is).
|
||
|
||
|
||
In the first window (or virtual console) issue the command
|
||
|
||
|
||
|
||
ppp-on &
|
||
|
||
|
||
|
||
|
||
|
||
(or whatever name you have called your edited version of
|
||
/usr/sbin/ppp- on). If you do not put the script into the background
|
||
by specifying & at the end of the command, you will not get your
|
||
terminal prompt back until ppp exits (when the link terminates).
|
||
|
||
|
||
Now switch back to the window that is tracking your system log.
|
||
|
||
|
||
You will see something like the following (provided you specified -v
|
||
to chat and -d to pppd)....this is the chat script and responses being
|
||
logged to the system log file followed by the start up information for
|
||
pppd :-
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
Oct 21 16:09:58 hwin chat[19868]: abort on (NO CARRIER)
|
||
Oct 21 16:09:59 hwin chat[19868]: abort on (BUSY)
|
||
Oct 21 16:09:59 hwin chat[19868]: send (ATZ^M)
|
||
Oct 21 16:09:59 hwin chat[19868]: expect (OK)
|
||
Oct 21 16:10:00 hwin chat[19868]: ATZ^M^M
|
||
Oct 21 16:10:00 hwin chat[19868]: OK -- got it
|
||
Oct 21 16:10:00 hwin chat[19868]: send (ATDT722298^M)
|
||
Oct 21 16:10:00 hwin chat[19868]: expect (CONNECT)
|
||
Oct 21 16:10:00 hwin chat[19868]: ^M
|
||
Oct 21 16:10:22 hwin chat[19868]: ATDT722298^M^M
|
||
Oct 21 16:10:22 hwin chat[19868]: CONNECT -- got it
|
||
Oct 21 16:10:22 hwin chat[19868]: send (^M)
|
||
Oct 21 16:10:22 hwin chat[19868]: expect (ogin:)
|
||
Oct 21 16:10:23 hwin chat[19868]: kepler login: -- got it
|
||
Oct 21 16:10:23 hwin chat[19868]: send (hartr^M)
|
||
Oct 21 16:10:23 hwin chat[19868]: expect (ssword:)
|
||
Oct 21 16:10:23 hwin chat[19868]: hartr^M
|
||
Oct 21 16:10:23 hwin chat[19868]: Password: -- got it
|
||
Oct 21 16:10:23 hwin chat[19868]: send (??????^M)
|
||
Oct 21 16:10:23 hwin chat[19868]: expect (hartr)
|
||
Oct 21 16:10:24 hwin chat[19868]: [hartr -- got it
|
||
Oct 21 16:10:24 hwin chat[19868]: send (ppp^M)
|
||
Oct 21 16:10:27 hwin pppd[19872]: pppd 2.1.2 started by root, uid 0
|
||
Oct 21 16:10:27 hwin pppd[19873]: Using interface ppp0
|
||
Oct 21 16:10:27 hwin pppd[19873]: Connect: ppp0 <--> /dev/cua1
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_sdata(LCP): Sent code 1, id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: LCP: sending Configure-Request, id 1
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_rconfreq(LCP): Rcvd id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: rcvd MRU
|
||
Oct 21 16:10:27 hwin pppd[19873]: (1500)
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: rcvd ASYNCMAP
|
||
Oct 21 16:10:27 hwin pppd[19873]: (0)
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: rcvd MAGICNUMBER
|
||
Oct 21 16:10:27 hwin pppd[19873]: (a098b898)
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: rcvd PCOMPRESSION
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: rcvd ACCOMPRESSION
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: lcp_reqci: returning CONFACK.
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_sdata(LCP): Sent code 2, id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_rconfack(LCP): Rcvd id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_sdata(IPCP): Sent code 1, id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: IPCP: sending Configure-Request, id 1
|
||
Oct 21 16:10:27 hwin pppd[19873]: fsm_rconfreq(IPCP): Rcvd id 1.
|
||
Oct 21 16:10:27 hwin pppd[19873]: ipcp: received ADDR
|
||
Oct 21 16:10:27 hwin pppd[19873]: (10.144.153.51)
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: ipcp: received COMPRESSTYPE
|
||
Oct 21 16:10:27 hwin pppd[19873]: (45)
|
||
Oct 21 16:10:27 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:27 hwin pppd[19873]: ipcp: returning Configure-ACK
|
||
Oct 21 16:10:28 hwin pppd[19873]: fsm_sdata(IPCP): Sent code 2, id 1.
|
||
Oct 21 16:10:30 hwin pppd[19873]: fsm_sdata(IPCP): Sent code 1, id 1.
|
||
Oct 21 16:10:30 hwin pppd[19873]: IPCP: sending Configure-Request, id 1
|
||
Oct 21 16:10:30 hwin pppd[19873]: fsm_rconfreq(IPCP): Rcvd id 255.
|
||
Oct 21 16:10:31 hwin pppd[19873]: ipcp: received ADDR
|
||
Oct 21 16:10:31 hwin pppd[19873]: (10.144.153.51)
|
||
Oct 21 16:10:31 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:31 hwin pppd[19873]: ipcp: received COMPRESSTYPE
|
||
Oct 21 16:10:31 hwin pppd[19873]: (45)
|
||
Oct 21 16:10:31 hwin pppd[19873]: (ACK)
|
||
Oct 21 16:10:31 hwin pppd[19873]: ipcp: returning Configure-ACK
|
||
Oct 21 16:10:31 hwin pppd[19873]: fsm_sdata(IPCP): Sent code 2, id 255.
|
||
Oct 21 16:10:31 hwin pppd[19873]: fsm_rconfack(IPCP): Rcvd id 1.
|
||
Oct 21 16:10:31 hwin pppd[19873]: ipcp: up
|
||
Oct 21 16:10:31 hwin pppd[19873]: local IP address 10.144.153.104
|
||
Oct 21 16:10:31 hwin pppd[19873]: remote IP address 10.144.153.51
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
(Note - I am using STATIC IP numbers - hence my machine sent that to
|
||
the PPP server - you won't see this if you are using DYNAMIC IP
|
||
numbers.) Also, this server requires a specific command to start ppp
|
||
at its end.
|
||
|
||
|
||
This looks OK - so test it out as before with pings to IP numbers and
|
||
host names.
|
||
|
||
|
||
Fire up you web browser or whatever and go surfing - you are
|
||
connected!
|
||
|
||
|
||
17. Shutting down the PPP link
|
||
|
||
When you have finished with the PPP link, use the standard ppp-off
|
||
command to shut it down (remember - you need to be root or a member of
|
||
the PPP group!).
|
||
|
||
|
||
In your system log you will see something like:-
|
||
|
||
|
||
______________________________________________________________________
|
||
Oct 21 16:10:45 hwin pppd[19873]: Interrupt received: terminating link
|
||
Oct 21 16:10:45 hwin pppd[19873]: ipcp: down
|
||
Oct 21 16:10:45 hwin pppd[19873]: default route ioctl(SIOCDELRT): Bad address
|
||
Oct 21 16:10:45 hwin pppd[19873]: fsm_sdata(LCP): Sent code 5, id 2.
|
||
Oct 21 16:10:46 hwin pppd[19873]: fsm_rtermack(LCP).
|
||
Oct 21 16:10:46 hwin pppd[19873]: Connection terminated.
|
||
Oct 21 16:10:46 hwin pppd[19873]: Exit.
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Don't worry about the SIOCDELRT - this is just pppd noting that it is
|
||
terminating and is nothing to worry about.
|
||
|
||
|
||
18. Debugging
|
||
|
||
There are any number of reasons that your connection does not work -
|
||
chat has failed to complete correctly, you have a dirty line, etc. So
|
||
check your syslog for indications.
|
||
|
||
|
||
18.1. I have compiled PPP support into the kernel, but...
|
||
|
||
A very common problem is that people compile PPP support into the
|
||
kernel and yet when they try to run pppd, the kernel complains that it
|
||
does not support ppp! There are a variety of reasons this can occur.
|
||
|
||
|
||
|
||
18.1.1. Whilst you have recompiled your kernel to support ppp, you
|
||
are not booting the new kernel. This can happen if you do not update
|
||
/etc/lilo.conf and rerun lilo. Are you booting the right kernel?
|
||
|
||
A good check on the kernel can be obtained by issuing the command
|
||
uname -a, which should produce a line like
|
||
|
||
|
||
______________________________________________________________________
|
||
Linux archenland 2.0.28 #2 Thu Feb 13 12:31:37 EST 1997 i586
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This gives the kernel version and the date on which this kernel was
|
||
compiled - which should give you a pretty good idea of what is going
|
||
on.
|
||
|
||
|
||
18.1.2. Did you compile ppp kernel support as a module?
|
||
|
||
If you compiled your kernel ppp support as a module, but did not make
|
||
and install the modules, then you can get this error. Check the
|
||
kernel-HOWTO and the README file in /usr/src/linux!
|
||
|
||
|
||
Another module connected possibility is that you are expecting
|
||
required modules to be automatically loaded, but are not running the
|
||
kerneld daemon (which auto-loads and unloads modules on the fly).
|
||
Check the kerneld mini-HOWTO for information on setting up kerneld.
|
||
|
||
|
||
18.1.3. Are you using the correct version of PPP for your kernel?
|
||
|
||
You must use ppp-2.2 with kernel version 2.0.x. You can use ppp-2.2
|
||
with kernel version 1.2.x (if you patch the kernel) otherwise you must
|
||
use ppp-2.1.2.
|
||
|
||
|
||
18.1.4. Are you running pppd as root?
|
||
|
||
If you are not running pppd as the root user (and pppd is not suid to
|
||
root), you can receive this message.
|
||
|
||
|
||
18.2. My modem connects but ppp never starts up
|
||
|
||
There are innumerable variations on this (take a look in
|
||
comp.os.linux...).
|
||
|
||
|
||
A VERY common mistake is that you have mistyped something in your
|
||
scripts. The only thing to do here is to make sure you are logging the
|
||
chat conversation between you Linux PC and the server into your syslog
|
||
(/var/log/messages) and then go through this line by line to make.
|
||
You may need to dial into the ppp server manually to check things out
|
||
again.
|
||
|
||
|
||
You need to check the log against the actual prompts very carefully -
|
||
and bear in mind that we humans have a tendency to read what we THINK
|
||
we have typed - not what is actually there!
|
||
|
||
|
||
|
||
18.3. The syslog says " serial line is not 8 bit clean ..."
|
||
|
||
There are variations on this too - such as serial line looped back
|
||
etc., and the cause can be one (or a sequence) of a number of things.
|
||
|
||
|
||
To understand what is going on here, it is necessary to grasp a bit of
|
||
what is going on behind the scenes in pppd itself.
|
||
|
||
|
||
When pppd starts up, it sends LCP (link control protocol) packets to
|
||
the remote machine. If it receives a valid response it then goes on to
|
||
the next stage (using IPCP - IP control protocol packets) and only
|
||
when this negotiation completes is the actual IP layer started so that
|
||
you can use the PPP link.
|
||
|
||
|
||
If there is no ppp server operating at the remote end when your PC
|
||
sends lcp packets, these get reflected by the login process at the far
|
||
end. As these packets use 8 bits, reflecting them strips the 8th bit
|
||
(remember, ASCII is a 7 bit code). PPP sees this and complains
|
||
accordingly.
|
||
|
||
|
||
There are several reasons this reflection can occur.
|
||
|
||
|
||
18.3.1. You are not correctly logging into the server
|
||
|
||
When your chat script completes, pppd starts on your PC. However, if
|
||
you have not completed the log in process to the server (including
|
||
sending any command required to start PPP on the server), PPP will
|
||
not start.
|
||
|
||
|
||
So, the lcp packets are reflected and you receive this error.
|
||
|
||
|
||
You need to carefully check and correct (if necessary) your chat
|
||
script (see above).
|
||
|
||
|
||
18.3.2. You are not starting PPP on the server
|
||
|
||
Some PPP servers require you to enter a command and/or a RETURN after
|
||
completing the log in process before the remote end starts ppp.
|
||
|
||
|
||
Check your chat script (see above).
|
||
|
||
|
||
If you log in manually and find you need to send a RETURN after this
|
||
to start PPP, simply add a blank expect/send pair to the end of your
|
||
chat script (an empty send string actually sends a RETURN).
|
||
|
||
|
||
18.3.3. The remote PPP process is slow to start
|
||
|
||
This one is a bit tricksy!
|
||
|
||
|
||
By default, your Linux pppd is compiled to send a maximum of 10 lcp
|
||
configuration requests. If the server is a bit slow to start up, all
|
||
10 such requests can be sent before the remote PPP is ready to receive
|
||
them.
|
||
|
||
On your machine, pppd sees all 10 requests reflected back (with the
|
||
8th bit stripped) and exits.
|
||
|
||
|
||
There are two ways round this:-
|
||
|
||
|
||
Add lcp-max-configure 30 to your ppp options. This increases the
|
||
maximum number of lcp configure packets pppd sends before giving up.
|
||
For really slow server, you may need even more than this.
|
||
|
||
|
||
Alternatively, you can get a bit tricksy in return. You may have
|
||
noticed that when you logged in by hand to the PPP server and PPP
|
||
started there, the first character of the ppp garbage that appears was
|
||
always the tilde character (~).
|
||
|
||
|
||
Using this knowledge we can add a new expect/send pair to the end of
|
||
the chat script which expects a tilde and sends nothing. This would
|
||
look like:-
|
||
|
||
|
||
______________________________________________________________________
|
||
\~ ''
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Note: as the tilde character has a special meaning in the shell, it
|
||
must be escaped (and hence the leading backslash).
|
||
|
||
|
||
18.4. Default route not set
|
||
|
||
If pppd refuses to set up a default route, it is because (quite
|
||
correctly) it refuses remove/replace an existing default route.
|
||
|
||
|
||
The usual reason that this error occurs is that some distributions set
|
||
up a default route via your Ethernet card as opposed to setting up a
|
||
specific network route.
|
||
|
||
|
||
See the Linux NAG and the Net2/3 HOWTOs for information on correctly
|
||
setting up your Ethernet card and associated routes.
|
||
|
||
|
||
An alternative to this is that your LAN uses a gateway/router already
|
||
and your routing table has been set up to point the default route at
|
||
this.
|
||
|
||
|
||
Fixing up this last situation can require a fair bit of IP networking
|
||
knowledge and is beyond the scope of this HOWTO. It is suggested you
|
||
obtain some expert advice (via the news groups of from someone locally
|
||
you can ask).
|
||
|
||
|
||
18.5. Other Problems
|
||
|
||
There are many reasons apart from these that ppp fails to connect
|
||
and/or operate properly.
|
||
|
||
|
||
Look in the PPP FAQ (which is really a series of questions and
|
||
answers). This is a very comprehensive document and the answers ARE
|
||
there! From my own (sad) experience, if the answer to your problems is
|
||
not there, the problem is NOT ppp's fault! In my case I was using an
|
||
ELF kernel that I had not upgraded to the appropriate kernel modules.
|
||
I only wasted about 2 days (and most of one night) cursing what had
|
||
been a perfect PPP server before the light dawned!
|
||
|
||
|
||
19. Getting Help when totally stuck
|
||
|
||
If you can't get your PPP link to work, go back through this document
|
||
and check everything - in conjunction with the output created by
|
||
"chat-v..." and "pppd -d" in you system log.
|
||
|
||
|
||
Also consult the PPP documentation and FAQ plus the other documents
|
||
mention herein!
|
||
|
||
|
||
If you are still stuck, try the comp.os.linux.misc and
|
||
comp.os.linux.networking newsgroups are reasonably regularly scanned
|
||
by people that can help you with PPP as is comp.protocols.ppp
|
||
|
||
|
||
You can try sending me personal email, but I do have a day job (and a
|
||
life) and I do not guarantee to respond quickly (if at all) as this
|
||
depends on my current work load and the state of my private life!
|
||
|
||
|
||
In particular - DO NOT POST REAMS OF DEBUGGING OUTPUT TO THE NEWS
|
||
GROUPS NOR SEND IT TO ME BY EMAIL - the former wastes huge amounts of
|
||
network bandwidth and the latter will be consigned to /dev/null
|
||
(unless I have specifically requested it).
|
||
|
||
|
||
20. Common Problems once the link is working
|
||
|
||
One problem you will find is that many service providers will only
|
||
support the connection software package that they distribute to new
|
||
accounts. This is (typically) for Microsoft Windows :-( - and many
|
||
service provider help desks seem to know nothing about Unix (or
|
||
Linux). So, be prepared for limited assistance from them!
|
||
|
||
|
||
You could of course do the individual a favour and educate then about
|
||
Linux (any ISP help desk person should be reasonably 'with it' in
|
||
Internet terms and that means they should have a home Linux box - of
|
||
course it does)!
|
||
|
||
|
||
20.1. I can't see beyond the PPP server I connect to
|
||
|
||
OK - your PPP connection is up and running and you can ping the PPP
|
||
server by IP number (the second or "remote" IP number shown by
|
||
ifconfig ppp0), but you can't reach anything beyond this.
|
||
|
||
|
||
First of all, try pinging the IP numbers you have specified in
|
||
/etc/resolv.conf as name servers. If this works, you can see beyond
|
||
your PPP server (unless this has the same IP number as the "remote" IP
|
||
number of your connection). So now try pinging the full Internet name
|
||
of your service provider - eg
|
||
|
||
|
||
|
||
ping my.provider.net.au
|
||
|
||
|
||
|
||
|
||
|
||
If this does NOT work, you have a problem with the name resolution.
|
||
This is probably because of a typo in your /etc/resolv.conf file.
|
||
Check this carefully against the information you acquired by ringing
|
||
your service provider. If all looks OK, ring your service provider and
|
||
check that you wrote down the IP numbers correctly.
|
||
|
||
|
||
If it STILL doesn't work (and your service provider confirms that his
|
||
name servers are up and running), you have a problem somewhere else -
|
||
and I suggest you check carefully through your Linux installation
|
||
(looking particularly for file permissions).
|
||
|
||
|
||
If you STILL can't ping your service provider's IP name servers by IP
|
||
number, either they are down (give them a voice call and check) or
|
||
there is a routing problem at your service provider's end. Again, ring
|
||
them and check this out.
|
||
|
||
|
||
One possibility is that the "remote end" is a Linux PPP server where
|
||
the IP forwarding option has not been specified in the kernel!
|
||
|
||
|
||
A good general test is to try connecting to your service provider
|
||
using the software that most supply for (gulp) Microsoft Windows. If
|
||
everything works from another operating system to exactly the same
|
||
account, then the problem is with your Linux system and NOT your
|
||
service provider.
|
||
|
||
|
||
20.2. I can send email, but not receive it
|
||
|
||
If you are using dynamic IP numbers, this is perfectly normal. See
|
||
"Setting up Services" below.
|
||
|
||
|
||
20.3. Why can't people finger, WWW, gopher, talk etc to my machine?
|
||
|
||
Again, if you are using dynamic IP numbers, this is perfectly normal.
|
||
See "Setting up Services" below.
|
||
|
||
|
||
|
||
21. Using Internet services with Dynamic IP numbers
|
||
|
||
If you are using dynamic IP numbers (and many service providers will
|
||
only give you a dynamic IP number unless you pay significantly more
|
||
for your connection), then you have to recognise the limitations this
|
||
imposes.
|
||
|
||
|
||
First of all, outbound service requests will work just fine. That is,
|
||
you can send email using sendmail (provided you have correctly set up
|
||
sendmail), ftp files from remote sites, finger users on other
|
||
machines, browse the web etc.
|
||
|
||
|
||
In particular, you can answer email that you have brought down to your
|
||
machine whilst you are off line. Mail will simply sit in your mail
|
||
queue until you dial back into your ISP.
|
||
However, your machine is NOT connected to the Internet 24 hours a day,
|
||
nor does it have the same IP number every time it is connected. So it
|
||
is impossible for you to receive email directed to your machine, and
|
||
very difficult to set up a web or ftp server that your friends can
|
||
access! As far as the Internet is concerned your machine does not
|
||
exist as a unique, permanently contactable machine as it does not have
|
||
a unique IP number (remember - other machines will be using the IP
|
||
number when they are allocated it on dial in).
|
||
|
||
|
||
If you set up a WWW (or any other server), it is totally unknown by
|
||
any user on the Internet UNLESS they know that your machine is
|
||
connected AND its actual (current) IP number. There are a number of
|
||
ways they can get this info, ranging from you ringing them, sending
|
||
them email to tell them or cunning use of ".plan" files on a shell
|
||
account at your service provider (assuming that your provider allows
|
||
shell and finger access).
|
||
|
||
|
||
Now, for most users, this is not a problem - all that most people want
|
||
is to send and receive email (using your account on your service
|
||
provider) and make outbound connections to WWW, ftp and other servers
|
||
on the Internet. If you MUST have inbound connections to your server,
|
||
you should really get a static IP number. Alternatively you can
|
||
explore the methods hinted at above...
|
||
|
||
|
||
21.1. Setting up email
|
||
|
||
Even for dynamic IP numbers, you can certainly configure sendmail on
|
||
your machine to send out any email that you compose locally.
|
||
Configuration of sendmail can be obscure and difficult - so this
|
||
document does not attempt to tell you how to do this. However, you
|
||
should probably configure sendmail so that your Internet service
|
||
provider is designated as your "smart relay" host (the sendmail.cf DS
|
||
option). (For more sendmail configuration info, see the sendmail
|
||
documents - and look at the m4 configurations that come with sendmail.
|
||
There is almost certain to be one there that will meet your needs).
|
||
|
||
|
||
There are also excellent books on Sendmail (notably the 'bible' from
|
||
O'Reilly and Associates), but these are almost certainly overkill for
|
||
most users!
|
||
|
||
|
||
Once you have sendmail configured, you will probably want to have
|
||
sendmail dispatch any messages that have been sitting in the outbound
|
||
mail queue as soon as the PPP connection comes up. To do this, add the
|
||
command
|
||
|
||
|
||
|
||
sendmail -q &
|
||
|
||
|
||
|
||
|
||
|
||
to your /etc/ppp/ip-up script (see below).
|
||
|
||
|
||
Inbound email is a problem for dynamic IP numbers. The way to handle
|
||
this is to:-
|
||
|
||
· configure your mail user agent so that all mail is sent out with a
|
||
"reply to" header giving your email address at your Internet
|
||
Service provider.
|
||
If you can, you should also set your FROM address to be your email
|
||
address at your ISP as well.
|
||
|
||
· use the popclient, fetchmail programs to retrieve your email from
|
||
your service provider. Alternatively, if your ISP is using IMAP,
|
||
use an IMAP enabled mail user agent (such as pine).
|
||
|
||
|
||
You can automate this process at dial up time by putting the necessary
|
||
commands in the /etc/ppp/ip-up script (see below).
|
||
|
||
|
||
21.2. Setting Up a local Name server
|
||
|
||
Whilst you can quite happily use the domain name servers located at
|
||
your ISP, you can also set up a local caching only (secondary) name
|
||
server that is brought up by the ip-up script. The advantage of
|
||
running a local (caching only) name server is that it will save you
|
||
time (and bandwidth) if you frequently contact the same sites during a
|
||
long on-line session.
|
||
|
||
|
||
DNS configuration for a caching only nameserver (that uses a
|
||
"forwarders' line in the named.boot file pointing at your ISPs DNS) is
|
||
relatively simple. The O'Reilly book (DNS and Bind) explains all you
|
||
want to know about this.
|
||
|
||
|
||
There is also a DNS-HOWTO available.
|
||
|
||
|
||
|
||
If you are running a small LAN that can access the Internet through
|
||
you Linux PC (using IP Masquerade for example), it is probably a good
|
||
idea to run a local name server (with a forwarders directive) whilst
|
||
the link is up as this will minimise the bandwidth and delays
|
||
associated with name resolution.
|
||
|
||
|
||
One point of Nettiquette: ask permission from your ISP before you
|
||
start using a secondary, caching only name server in your ISP's
|
||
domain. Properly configured, your DNS will not cause any problems to
|
||
your ISP at all, but if you get things wrong, it can cause problems.
|
||
|
||
|
||
22. Linking two networks using PPP
|
||
|
||
There is basically no difference between linking a single Linux PC to
|
||
a PPP server and linking two LANs using PPP on a machine on each LAN.
|
||
Remember, PPP is a peer to peer protocol.
|
||
|
||
|
||
However, you DEFINITELY need to understand about how routing is
|
||
established. Read the NET-2 howto and the Linux Network Administrator
|
||
Guide (NAG). You will also find " TCP/IP Network Administration"
|
||
(published by O'Reilly and Assoc - ISBN 0-937175-82-X) to be of
|
||
invaluable assistance.
|
||
|
||
|
||
If you are going to be sub networking an IP network number on either
|
||
side of the link, you will also find the Linux (draft) sub networking
|
||
mini-howto) to be of use. This is available at Linux Sub networking
|
||
mini-HOWTO <http://www.interweft.com.au/other/>.
|
||
|
||
|
||
In order to link two LANs, you must be using different IP network
|
||
numbers (or subnets of the same network number) and you will need to
|
||
use static IP numbers - or use IP masquerade. If you want to use IP
|
||
masquerade, see the IP masquerade mini-howto for instructions on
|
||
setting that up.
|
||
|
||
|
||
22.1. Setting up the IP numbers
|
||
|
||
Arrange with the network administrator of the other LAN the IP numbers
|
||
that will be used for each end of the PPP interface. If you are using
|
||
static IP numbers, this will also probably require you to dial into a
|
||
specific telephone number.
|
||
|
||
|
||
Now edit the appropriate /etc/ppp/options[.ttyXX] file - it's a good
|
||
idea to have a specific modem and port at your end for this
|
||
connection. This may well require you to change your /etc/ppp/options
|
||
file - and create appropriate options.ttyXX files for any other
|
||
connections!
|
||
|
||
|
||
Specify the IP numbers for your end of the PPP link in the appropriate
|
||
options file exactly as shown above for static IP numbers.
|
||
|
||
|
||
22.2. Setting up the routing
|
||
|
||
You must arrange that packets on your local LAN are routed across the
|
||
interface that the PPP link establishes. This is a two stage process.
|
||
|
||
|
||
First of all, you need to establish a route from the machine running
|
||
the PPP link to the network(s) at the far end of the link. If the link
|
||
is to the Internet, this can be handled by a default route established
|
||
by pppd itself at your end of the connection using the 'defaultroute'
|
||
option to pppd.
|
||
|
||
|
||
|
||
If however, the link is only linking two LANs, then a specific network
|
||
route must be added for each network that is accessible across the
|
||
link. This is done using a 'route' command for each network in the
|
||
/etc/ppp/ip-up script (see After the link comes up...) for
|
||
instructions on doing this.
|
||
|
||
|
||
The second thing you need to do is to tell the other computers on your
|
||
LAN that your Linux computer is actually the 'gateway' for the
|
||
network(s) at the far end of the ppp link.
|
||
|
||
|
||
Of course, the network administrator at the other end of the link has
|
||
to do all this too! However, as s/he will be routing packets to your
|
||
specific networks, a specific network route will be required, not a
|
||
default route (unless the LANs at the far and of the link are linking
|
||
into you to access the Internet across your connection).
|
||
|
||
|
||
22.3. Network security
|
||
|
||
If you are linking you LAN to the Internet using PPP - or even just to
|
||
a "foreign" LAN, you need to think about security issues. I strongly
|
||
urge you to think about setting up a firewall!
|
||
|
||
|
||
You should also speak to the LAN administrator at your site BEFORE you
|
||
start linking to foreign LANs or the Internet this way. Failure to do
|
||
so could earn you anything from no reaction to really serious trouble!
|
||
|
||
|
||
23. After the link comes up - the /etc/ppp/ip-up script
|
||
|
||
Once the PPP link is established, pppd looks for /etc/ppp/ip-up. If
|
||
this script exists and is executable, the PPP daemon executes the
|
||
script. This allows you to automate any special routing commands that
|
||
may be necessary and any other actions that you want to occur every
|
||
time the PPP link is activated.
|
||
|
||
|
||
This is just a shell script and can do anything that a shell script
|
||
can do (i.e. virtually anything you want).
|
||
|
||
|
||
For example, you can get sendmail to dispatch any waiting outbound
|
||
messages in the mail queue.
|
||
|
||
|
||
Similarly, you can insert the commands into ip-up to collect (using
|
||
pop) any email waiting for you at your ISP.
|
||
|
||
|
||
There are restrictions on /etc/ppp/ip-up:-
|
||
|
||
|
||
· It runs in a deliberately restricted environment to enhance
|
||
security. This means you must give a full path to binaries etc.
|
||
|
||
· Technically, /etc/ppp/ip-up is a program not a script. This means
|
||
it can be directly executed - and hence it requires the standard
|
||
file magic (#!/bin/bash) at the start of the first line and must be
|
||
readable and executable by root.
|
||
|
||
|
||
23.1. Special routing
|
||
|
||
If you are linking two LANs, you will need to set up specific routes
|
||
to the 'foreign' LANs. This is easily done using the /etc/ppp/ip-up
|
||
script. The only difficulty arises if your machine handles multiple
|
||
PPP links.
|
||
|
||
|
||
This is because the /etc/ppp/ip-up is executed for EVERY ppp
|
||
connection that comes up, so you need to carefully execute the correct
|
||
routing commands for the particular link that comes up - and not when
|
||
any other link comes up!
|
||
|
||
|
||
23.2. Handling email queues
|
||
|
||
When the link between two LANs comes up, you may well want to make
|
||
sure that email that is queued at either end is flushed - sent out to
|
||
its destination. This is done by adding the appropriate sendmail
|
||
invocation.
|
||
|
||
|
||
Using the bash 'case' statement on an appropriate parameter that pppd
|
||
passes into the script accomplishes this. For example, this is the
|
||
/etc/ppp/ip-up script I use to handle our WAN links and the link to my
|
||
home Ethernet (also handled on the same ppp server).
|
||
|
||
|
||
23.3. A sample /etc/ppp/ip-up script
|
||
|
||
The example below provides a variety of example uses.
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/bash
|
||
#
|
||
# Script which handles the routing issues as necessary for pppd
|
||
# Only the link to Newman requires this handling.
|
||
#
|
||
# When the ppp link comes up, this script is called with the following
|
||
# parameters
|
||
# $1 the interface name used by pppd (e.g. ppp3)
|
||
# $2 the tty device name
|
||
# $3 the tty device speed
|
||
# $4 the local IP address for the interface
|
||
# $5 the remote IP address
|
||
# $6 the parameter specified by the 'ipparam' option to pppd
|
||
#
|
||
case "$5" in
|
||
# Handle the routing to the Newman Campus server
|
||
202.12.126.1)
|
||
/sbin/route add -net 202.12.126.0 gw 202.12.126.1
|
||
# and flush the mail queue to get their email there asap!
|
||
/usr/sbin/sendmail -q &
|
||
;;
|
||
139.130.177.2)
|
||
# Our Internet link
|
||
# When the link comes up, start the time server and synchronise to the world
|
||
# provided it is not already running
|
||
if [ ! -f /var/lock/subsys/xntpd ]; then
|
||
/etc/rc.d/init.d/xntpd.init start &
|
||
fi
|
||
# Start the news server (if not already running)
|
||
if [ ! -f /var/lock/subsys/news ]; then
|
||
/etc/rc.d/init.d/news start &
|
||
fi
|
||
;;
|
||
203.18.8.104)
|
||
# Get the email down to my home machine as soon as the link comes up
|
||
# No routing is required as my home Ethernet is handled by IP
|
||
# masquerade and proxyarp routing.
|
||
/usr/sbin/sendmail -q &
|
||
;;
|
||
*)
|
||
esac
|
||
exit 0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
As a result of bringing up the ppp link to our Newman campus and this
|
||
script, we end up with the following routing table entries (this
|
||
machine also is our general dial up PPP server AND handles our
|
||
Internet link). I have interspersed comments in the output to help
|
||
explain what each entry is) :-
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
[root@kepler /root]# route -n
|
||
Kernel routing table
|
||
Destination Gateway Genmask Flags MSS Window Use Iface
|
||
# the HOST route to our remote internet gateway
|
||
139.130.177.2 * 255.255.255.255 UH 1500 0 134 ppp4
|
||
# the HOST route to our Newman campus server
|
||
202.12.126.1 * 255.255.255.255 UH 1500 0 82 ppp5
|
||
# the HOST route to my home ethernet
|
||
203.18.8.104 * 255.255.255.255 UH 1500 0 74 ppp3
|
||
# two of our general dial up PPP lines
|
||
203.18.8.64 * 255.255.255.255 UH 552 0 0 ppp2
|
||
203.18.8.62 * 255.255.255.255 UH 552 0 1 ppp1
|
||
# the specific network route to the Newman campus LAN
|
||
202.12.126.0 202.12.126.1 255.255.255.0 UG 1500 0 0 ppp5
|
||
# the route to our local Ethernet (super-netting two adjacent C classes)
|
||
203.18.8.0 * 255.255.254.0 U 1500 0 1683 eth0
|
||
# the route to the loop back device
|
||
127.0.0.0 * 255.0.0.0 U 3584 0 483 lo
|
||
# the default route to the Internet
|
||
default 139.130.177.2 * UG 1500 0 3633 ppp4
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
23.4. Handling email
|
||
|
||
The previous section shows how to handle the outgoing mail - simply by
|
||
flushing the mail queue once the link is up.
|
||
|
||
|
||
If you are running a WAN link, you can arrange with the network
|
||
administrator of the remote LAN to do exactly the same thing. For
|
||
example, at the Newman Campus end of our WAN link, the /etc/ppp/ip-up
|
||
script looks like :-
|
||
|
||
|
||
______________________________________________________________________
|
||
#!/bin/bash
|
||
#
|
||
# Script which handles the routing issues as necessary for pppd
|
||
# Only the link to Hedland requires this handling.
|
||
#
|
||
# When the ppp link comes up, this script is called with the following
|
||
# parameters
|
||
# $1 the interface name used by pppd (e.g. ppp3)
|
||
# $2 the tty device name
|
||
# $3 the tty device speed
|
||
# $4 the local IP address for the interface
|
||
# $5 the remote IP address
|
||
# $6 the parameter specified by the 'ipparam' option to pppd
|
||
#
|
||
case "$5" in
|
||
203.18.8.4)
|
||
/usr/sbin/sendmail -q
|
||
;;
|
||
*)
|
||
esac
|
||
exit 0
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
|
||
If however you have only a dynamic IP PPP link to your ISP, you need
|
||
to get your email from the account on your ISPs machine. This is
|
||
usually done using the POP (Post Office Protocol). This process can be
|
||
handled using the 'popclient' program - and the ip-up script can
|
||
automate this process for you too!
|
||
|
||
|
||
Simply create a /etc/ppp/ip-up script that contains the appropriate
|
||
invocation of popclient. For my laptop that runs Red Hat Linux (which
|
||
I take on any travels), this is
|
||
|
||
|
||
______________________________________________________________________
|
||
popclient -3 -c -u hartr -p <password> kepler.hedland.edu.au |formail -s procmail
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
You could use slurp or whatever to do the same for news, and so forth.
|
||
Remember, the ip-up script is just a standard bash script and so can
|
||
be used to automate ANY function that needs to be accomplished every
|
||
time the appropriate PPP link comes up.
|
||
|
||
|
||
24. Using /etc/ppp/ip-down
|
||
|
||
You can create a script that will be executed once the link has been
|
||
terminated. This is stored in /etc/ppp/ip-down. It can be used to undo
|
||
anything special that you did in the corresponding /etc/ppp/ip-up
|
||
script.
|
||
|
||
|
||
25. Routing issues on a LAN
|
||
|
||
If you are connected to a LAN but still want to use PPP on your
|
||
personal Linux machine , you need to address some issues of the routes
|
||
packets need to take from your machine to reach your LAN (through your
|
||
Ethernet interface) and also to the remote PPP server and beyond.
|
||
|
||
|
||
This section does NOT attempt to teach you about routing - it deals
|
||
only with a simple, special case of (static) routing!
|
||
|
||
|
||
I strongly urge you to read the Linux Network Administrator Guide
|
||
(NAG) if you are NOT familiar with routing. Also the O'Reilly book
|
||
"TCP/IP Network Administration" covers this topic in a very
|
||
understandable form.
|
||
|
||
|
||
The basic rule of static routing is that the DEFAULT route should be
|
||
the one that points to the MOST number of network addresses. For other
|
||
networks, enter specific routes to the routing table.
|
||
|
||
|
||
The ONLY situation I am going to cover here is where your Linux box is
|
||
on a LAN that is not connected to the Internet - and you want to dial
|
||
out to the Internet for personal use whilst still connected to the
|
||
LAN.
|
||
|
||
|
||
First of all, make sure that your Ethernet route is set up to the
|
||
specific network addresses available across your LAN - NOT set to the
|
||
default route!
|
||
|
||
Check this by issuing a route command, you should see something like
|
||
the following:-
|
||
|
||
|
||
|
||
[root@hwin /root]# route -n
|
||
Kernel routing table
|
||
Destination Gateway Genmask Flags MSS Window Use Iface
|
||
loopback * 255.255.255.0 U 1936 0 50 lo
|
||
10.0.0.0 * 255.255.255.0 U 1436 0 565 eth0
|
||
|
||
|
||
|
||
|
||
|
||
If your Ethernet interface (eth0) is pointing at the default route,
|
||
(the first column will show "default" in the eth0 line) you need to
|
||
change your Ethernet initialisation scripts to make it point at the
|
||
specific network numbers rather than the default route (consult the
|
||
Net2 HOWTO and NAG).
|
||
|
||
|
||
This will allow pppd to set up your default route as shown below:-
|
||
|
||
|
||
|
||
[root@hwin /root]# route -n
|
||
Kernel routing table
|
||
|
||
Destination Gateway Genmask Flags MSS Window Use Iface
|
||
10.144.153.51 * 255.255.255.255 UH 488 0 0 ppp0
|
||
127.0.0.0 * 255.255.255.0 U 1936 0 50 lo
|
||
10.1.0.0 * 255.255.255.0 U 1436 0 569 eth0
|
||
default 10.144.153.51 * UG 488 0 3 ppp0
|
||
|
||
|
||
|
||
|
||
|
||
As you can see, we have a host route to the PPP server (
|
||
10.144.153.51) via ppp0 and also a default network route that uses the
|
||
PPP server as its gateway.
|
||
|
||
|
||
If your set up needs to be more complex than this - read the routing
|
||
documents already mentioned and consult an expert at your site!
|
||
|
||
|
||
If your LAN already has routers on it, you will already have gateways
|
||
established to the wider networks available at your site. You should
|
||
STILL point your default route at the PPP interface - and make the
|
||
other routes specific to the networks they serve.
|
||
|
||
|
||
25.1. Note on Security
|
||
|
||
When you set up a Linux box on an existing LAN to link into the
|
||
Internet, you are potentially opening your entire LAN to the Internet
|
||
- and the hackers that reside there. Before you do this, I strongly
|
||
urge you to consult your network administrator and site security
|
||
policy. If your PPP connection to the Internet is used to successfully
|
||
attack your site, you will at the very least earn the intense anger of
|
||
your fellow users, network and system administrators. You may also
|
||
find yourself in very much more serious trouble!
|
||
|
||
|
||
Before you connect a LAN to the Internet, you should consider the
|
||
security implications of even a DYNAMIC connection - hence the earlier
|
||
reference to the O'Reilly "Building Internet Firewalls"!
|
||
|
||
|
||
26. Setting up a PPP server
|
||
|
||
As already mentioned, there are many ways to do this. What I present
|
||
here is the way I do it (using a Cyclades multi-port serial card) and
|
||
a rotary dial in set of telephone lines.
|
||
|
||
|
||
If you don't like the method I present here, please feel free to go
|
||
your own way. I would however, be pleased to include additional
|
||
methods in future versions of the HOWTO. So, please send me your
|
||
comments and methods!
|
||
|
||
|
||
Please note, this section only concerns setting up Linux as a PPP
|
||
server. I do not (ever) intend to include information on setting up
|
||
special terminal servers and such.
|
||
|
||
|
||
Also, I have yet to experiment with shadow passwords (but will be
|
||
doing so sometime). Information currently presented does NOT therefore
|
||
include any bells and whistles that are required by the shadow suite.
|
||
|
||
|
||
26.1. Kernel compilation
|
||
|
||
All the earlier comments regarding kernel compilation and kernel
|
||
versions versus pppd versions apply. This section assumes that you
|
||
have read the earlier sections of this document!
|
||
|
||
|
||
For a PPP server, you MUST include IP forwarding in your kernel. You
|
||
may also wish to include other capabilities (such as IP fire walls,
|
||
accounting etc etc).
|
||
|
||
|
||
If you are using a multi-port serial card, then you must obviously
|
||
include the necessary drivers in your kernel too!
|
||
|
||
|
||
26.2. Overview of the server system
|
||
|
||
We offer dial up PPP (and SLIP) accounts and shell accounts using the
|
||
same user name/password pair. This has the advantages (for us) that a
|
||
user requires only one account and can use it for all types of
|
||
connectivity.
|
||
|
||
|
||
As we are an educational organisation, we do not charge our staff and
|
||
students for access, and so do not have to worry about accounting and
|
||
charging issues.
|
||
|
||
|
||
We operate a firewall between our site and the Internet, and this
|
||
restricts some user access as the dial up lines are inside our
|
||
(Internet) firewall (for fairly obvious reasons, details of our other
|
||
internal fire walls are not presented here and are irrelevant in any
|
||
case).
|
||
|
||
|
||
The process a user goes through to establish a PPP link to our site
|
||
(once they have a valid account of course) is :-
|
||
· Dial into our rotary dialer (this is a single phone number that
|
||
connects to a bank of modems - the first free modem is then used).
|
||
|
||
· Log in using a valid user name and password pair.
|
||
|
||
· At the shell prompt, issue the command ppp to start PPP on the
|
||
server.
|
||
|
||
· Start PPP on their PC (be it running Windows, DOS, Linux MAC OS or
|
||
whatever - that is their problem).
|
||
|
||
|
||
The server uses individual /etc/ppp/options.ttyXX files for each dial
|
||
in port that set the remote IP number for dynamic IP allocation. The
|
||
server users proxyarp routing for the remote clients (set via the
|
||
appropriate option to pppd). This obviates the need for routed or
|
||
gated.
|
||
|
||
|
||
When the user hangs up at their end, pppd detects this and tells the
|
||
modem to hang up, bringing down the PPP link at the same time.
|
||
|
||
|
||
26.3. Getting the software together
|
||
|
||
You will need the following software:-
|
||
|
||
· Linux, properly compiled to include the necessary options.
|
||
|
||
· The appropriate version of pppd for your kernel.
|
||
|
||
· A 'getty' program that intelligently handles modem communications.
|
||
We use getty_ps2.0.7h, but mgetty is highly thought of. I
|
||
understand that mgetty can detect a call that is using pap/chap
|
||
(pap is the standard for Windows95) and invoke pppd automatically,
|
||
but I have yet to explore this.
|
||
|
||
· An operational domain name server (DNS) that is accessible to your
|
||
dial up users.
|
||
You should really be running your own DNS if possible...
|
||
|
||
|
||
26.4. Setting up standard (shell access) dialup.
|
||
|
||
Before you can set up your PPP server, your Linux box must be capable
|
||
of handling standard dial up access.
|
||
|
||
|
||
This howto does NOT cover setting this up. Please see the
|
||
documentation of the getty of your choice and serial HOWTO for
|
||
information on this.
|
||
|
||
|
||
26.5. Setting up the PPP options files
|
||
|
||
You will need to set up the overall /etc/ppp/options with the common
|
||
options for all dial up ports. The options we use are:-
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
______________________________________________________________________
|
||
asyncmap 0
|
||
netmask 255.255.254.0
|
||
proxyarp
|
||
lock
|
||
crtscts
|
||
modem
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
Note - we do NOT use any (obvious) routing - and in particular there
|
||
is no defaultroute option. The reason for this is that all you (as a
|
||
PPP server) are required to do is to route packets from the ppp client
|
||
out across your LAN/Internet and route packets to the client from your
|
||
LAN and beyond.
|
||
|
||
|
||
All that is necessary for this is a host route to the client machine
|
||
and the use of the 'proxyarp' option to pppd.
|
||
|
||
|
||
The 'proxyarp' option sets up (surprise) a proxy ARP entry in the PPP
|
||
server's ARP table that basically says 'send all packets destined for
|
||
the PPP client to me'. This is the easiest way to set up routing to a
|
||
single PPP client - but you cannot use this if you are routing between
|
||
two LANs - you must add proper network routes which can't use proxy
|
||
ARP.
|
||
|
||
|
||
You will almost certainly wish to provide dynamic IP number allocation
|
||
to your dial up users. You can accomplish this by allocating an IP
|
||
number to each dial up port. Now, create a /etc/ppp/options.ttyXX for
|
||
each dial up port.
|
||
|
||
|
||
In this, simply put the local (server) IP number and the IP number
|
||
that is to be used for that port. For example
|
||
|
||
|
||
______________________________________________________________________
|
||
kepler:slip01
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
In particular, note that you can use valid host names in this file (I
|
||
find that I only remember the IP numbers of critical machines and
|
||
devices on my networks - names are more meaningful)!
|
||
|
||
|
||
26.6. Setting pppd up to allow users to (successfully) run it
|
||
|
||
As starting a ppp link implies configuring a kernel device (a network
|
||
interface) and manipulating the kernel routing tables, special
|
||
privileges are required - in fact full root privileges.
|
||
|
||
|
||
Fortunately, pppd has been designed to be 'safe' to run set uid to
|
||
root. So you will need to
|
||
|
||
______________________________________________________________________
|
||
chmod u+s /usr/sbin/pppd
|
||
______________________________________________________________________
|
||
|
||
When you list the file, it should then appear as
|
||
|
||
______________________________________________________________________
|
||
-rwsr-xr-x 1 root root 74224 Apr 28 07:17 /usr/sbin/pppd
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
If you do not do this, users will be unable to set up their ppp link.
|
||
|
||
|
||
26.7. Setting up the global alias for pppd
|
||
|
||
In order to simplify things for our dial up PPP users, we create a
|
||
global alias (in /etc/bashrc) so that one simple command will start
|
||
ppp on the server once they are logged in.
|
||
|
||
|
||
This looks like
|
||
|
||
______________________________________________________________________
|
||
alias ppp="exec /usr/sbin/pppd -detach"
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
What this does is
|
||
|
||
· exec : this means replace the running program (in this case the
|
||
shell) with the program that is run.
|
||
|
||
· pppd -detach : start up pppd and do NOT fork into the background.
|
||
This ensures that when pppd exits there is no process hanging
|
||
around.
|
||
|
||
When a user logs in like this, they will appear in the output of 'w'
|
||
as
|
||
|
||
______________________________________________________________________
|
||
6:24pm up 3 days, 7:00, 4 users, load average: 0.05, 0.03, 0.00
|
||
User tty login@ idle JCPU PCPU what
|
||
hartr ttyC0 3:05am 9:14 -
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
And that is it...I told you this was a simple, basic PPP server
|
||
system!
|
||
|
||
|
||
27. Using PPP across a null modem (direct serial) connection
|
||
|
||
This is very simple - there is no modem in the way so things are much
|
||
simpler.
|
||
|
||
|
||
First of all, choose one of the machines as a 'server', setting up a
|
||
getty on the serial port so you can test that you do have connectivity
|
||
using minicom to access the serial port on the 'client'.
|
||
|
||
|
||
Once you have this functioning, you can remove the getty UNLESS you
|
||
want to make sure that the connection is validated using user
|
||
name/password pairs as for a dial up connection. As you have 'physical
|
||
control' of both machines, I will presume that you do NOT want to do
|
||
this.
|
||
|
||
|
||
Now, on the server, remove the getty and make sure that you have the
|
||
serial ports on both machines configured correctly using 'setserial'.
|
||
|
||
|
||
All you need to do now is to start pppd on both systems. I will assume
|
||
that the connection uses /dev/ttyS34 on both machines. So, on both
|
||
machines execute the command:-
|
||
|
||
|
||
______________________________________________________________________
|
||
pppd -detach crtscts lock <local IP>:<remote IP> /dev/ttyS3 38400 &
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
This will bring up the link - but as yet you have no routing
|
||
specified. You can test the link by pinging to and fro to each
|
||
machine. If this works, bring down the link by killing one of the pppd
|
||
processes.
|
||
|
||
|
||
The routing you need will of course depend on exactly what you are
|
||
trying to do. Generally, one of the machines will be connected to an
|
||
Ethernet (and beyond) and so the routing required is exactly the same
|
||
as for a PPP server and client.
|
||
|
||
|
||
So on the Ethernet equipped machine, the pppd command would be
|
||
|
||
|
||
______________________________________________________________________
|
||
pppd -detach crtscts lock proxyarp <local IP>:<remote IP> /dev/ttyS3 38400 &
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
|
||
and on the other machine
|
||
|
||
|
||
______________________________________________________________________
|
||
pppd -detach crtscts lock defaultroute <local IP>:<remote IP> /dev/ttyS3 38400 &
|
||
______________________________________________________________________
|
||
|
||
|
||
|
||
If you are linking two networks (using a serial link!) or have more
|
||
complex routing requirements, you can use /etc/ppp/ip-up in exactly
|
||
the same way as mentioned earlier in this document.
|
||
|
||
|
||
|
||
|
||
Robert Hart
|
||
Port Hedland, Western Australia
|
||
Melbourne, Victoria, Australia August/October 1996 January/March 1997
|
||
|
||
|
||
|
||
|