-PPP for Linux Version 2.2.0
-============= based on
- ppp-2.2.0
- Mar 1995
-
-Michael Callahan callahan@maths.ox.ac.uk
-Al Longyear longyear@netcom.com
-
- Contents:
- INTRODUCTION
- CREDITS
- CHANGES FROM THE PREVIOUS VERSION
- FUTURE PLANS
- INSTALLATION
- GENERAL NETWORK CONFIGURATION
- CONNECTING TO A PPP SERVER
- IF IT WORKS
- IF IT DOESN'T WORK
- IF IT STILL DOESN'T WORK (OR, BUG REPORTS)
- DYNAMIC ADDRESS ASSIGNMENT
- SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS
- SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS WITH DYNAMIC IP
- ADDITIONAL INFORMATION
- DIP SUPPORT
- CONCLUSION
-
-
-INTRODUCTION
-
-This file is substantially derived from the previous version for
-the pppd process 2.2.0. Michael Callahan wrote that version. This
-particular version was written, modified, hacked, changed, whatever,
-by Al Longyear. If you find errors in this document, they are probably
-mine and not Michael's.
-
-This is a PPP driver for Linux. It has been used by many people and
-seems to be quite stable. It is capable of being used either as a
-'client'--for connecting a Linux machine to a local Internet provider,
-for example--or as a 'server'--allowing a Linux machine with a modem
-and an Ethernet connection to the Internet to provide dial-in PPP
-links. (In fact, the PPP protocol does not make the distinction
-between client and server, but this is the way people often think
-about it.)
+ PPP for Linux
+ -------------
+
+ Paul Mackerras
+ 8 March 2001
+
+ for ppp-2.4.2
+ Updated for ppp-2.4.5, Sep 08
+
+1. Introduction
+---------------
+
+The Linux PPP implementation includes both kernel and user-level
+parts. This package contains the user-level part, which consists of
+the PPP daemon (pppd) and associated utilities. In the past this
+package has contained updated kernel drivers. This is no longer
+necessary, as the current kernel sources contain up-to-date drivers
+(and have done since the 2.4.x kernel series).
+
+The Linux PPP implementation is capable of being used both for
+initiating PPP connections (as a `client') or for handling incoming
+PPP connections (as a `server'). Note that this is an operational
+distinction, based on how the connection is created, rather than a
+distinction that is made in the PPP protocols themselves.
+
+Mostly this package is used for PPP connections over modems connected
+via asynchronous serial ports, so this guide concentrates on this
+situation.
The PPP protocol consists of two parts. One is a scheme for framing
and encoding packets, the other is a series of protocols called LCP,
-IPCP, UPAP and CHAP, for negotiating link options and for
+IPCP, PAP and CHAP, for negotiating link options and for
authentication. This package similarly consists of two parts: a
kernel module which handles PPP's low-level framing protocol, and a
user-level program called pppd which implements PPP's negotiation
the link down, when it negotiates a graceful disconnect.
-CREDITS
-
-I (MJC) wrote the original kernel driver from scratch. Laurence
-Culhane and Fred van Kempen's slip.c was priceless as a model (a
-perusal of the files will reveal that I often mimicked what slip.c
-did). Otherwise I just implemented what pppd needs, using RFC1331 as
-a guide. For the most part, the Linux driver provides the same
-interface as the free 386BSD and SunOS drivers. The exception is that
-Linux has no support for asynchronous I/O, so I hacked an ioctl into
-the PPP kernel module that provides a signal when packets appear and
-made pppd use this instead.
-
-Al Longyear ported version 2.2 of pppd (from the free package
-ppp-2.2.0) to Linux. He also provided several enhancements to both
-the kernel driver and the OS-independent part of pppd. His
-contributions to Linux PPP have been immense, and so this release
-is being distributed over both our names.
-
-The pppd program comes from the free distribution of PPP for Suns and
-386BSD machines, maintained by Paul Mackerras. This package lists
-"thanks to" Brad Parker, Greg Christy, Drew D. Perkins, Rick Adams and
-Chris Torek.
-
-Jim Freeman added the code to support a ppp module and to dynamically
-extend the number of ppp devices. All ppp devices listed in the Space.c
-will be unlinked when the kernel is loaded. This feature makes the use
-of '16 channel' support obsolete.
-
-
-
-CHANGES FROM THE PREVIOUS VERSION
-
-- The number of devices for the PPP device has been made dynamic. It was
- previously configured with the default value of four devices.
-
-- The problems dealing with other systems such as Windows NT and their
- authenticiation has been corrected. It will now generate the proper
- responses to allow the system to choose a valid authentication protocol.
-
-- The kernel debug value has changed. Previously it was a level. It is now
- a bit map with various bits meaning certain types of debug information.
-
- 0 - No debug information is generated
- 1 - Debug messages
- 2 - Log incoming packets
- 4 - Log outgoing packets
- 8 - Log tty output buffers
- 16 - Log tty input buffers
-
- If you wish to use any combination, add the values together. For example,
- '7' will log debug messages and incoming packages and outgoing packets.
-
- The default setting is 0.
-
- The simple IP trace which ppp.c performed when 'kdebug' was greater than
- 127 has been removed. You should use tcpdump for this type of trace
- actions.
-
-- Support is added for compression control protocol. At the present time
- only the BSD-Compress compression protocol is supported.
-
-- There are two queues for output frames. This avoids some problems which
- occured with the previous version and some PPP packages which exchanged
- echo frames with Linux.
-
-- The echo frames are now proper. Previously, it would generate extra
- characters and this caused some providers to not respond to the 'junk'.
-
-- The max-echo-failure option will now properly disconnect the line.
-
-- There are other changes which are listed in the general README file. Please
- read that file as well for changes.
-
-- There is no limit to the number of ppp devices which you may use. Jim Freeman
- has added code to create them upon demand and to re-use the ones which have
- been closed. There is no code, nor plans to write code, to remove (delete)
- the un-used devices. So, if your system goes to a spurt and uses 3000 ppp
- devices, it will remain at that level until you next reload the kernel.
-
-
-
-FUTURE PLANS
-
-The IPX support is still minimal. There is code which will only work with
-the 1.3 version of the networking software. The pppd process will still
-require changes to support the IPXCP and a change to the driver to properly
-enable/disable the IPX frames. Jim Freeman is reportily working on the IPX
-support.
-
-
-
-INSTALLATION
-
-This version of PPP has been tested on 1.1.x (x>=14) It will probably
-not work on kernels much earlier than this due to a change in the
-routing code. If you have an earlier kernel, please upgrade.
-
-joining the PPP channel of linux-activists:
-
- This isn't really part of installation, but if you DO use
- Linux PPP you should do this. Send a message with the line
- subscribe linux-ppp
- contained in the body to majordomo@vger.rutgers.edu
-
- You may use
+2. Installation
+---------------
- subscribe linux-ppp myname@mail.address
+2.1 Kernel driver
- if you wish the linux-ppp information sent to a different mail
- address.
+Assuming you are running a recent 2.4 or 2.6 (or later) series kernel,
+the kernel source code will contain an up-to-date kernel PPP driver.
+If the PPP driver was included in your kernel configuration when your
+kernel was built, then you only need to install the user-level
+programs. Otherwise you will need to get the source tree for your
+kernel version, configure it with PPP included, and recompile. Most
+Linux distribution vendors ship kernels with PPP included in the
+configuration.
- To leave the mail list, send 'unsubscribe linux-ppp' to the same
- mail address.
+The PPP driver can be either compiled into the kernel or compiled as a
+kernel module. If it is compiled into the kernel, the PPP driver is
+included in the kernel image which is loaded at boot time. If it is
+compiled as a module, the PPP driver is present in one or more files
+under /lib/modules and is loaded into the kernel when needed.
- You can send to the list by mailing to
- linux-ppp@vger.rutgers.edu. This is a majordomo mailing list and
- is unlike the earlier version on hut.fi. There is no magic header
- required for this list. In addition, it is gated to the usenet
- group linux.dev.ppp. You may choose to read the few messages posted
- there.
+The 2.2 series kernels contain an older version of the kernel PPP
+driver, one which doesn't support multilink. If you want multilink,
+you need to run a 2.4 or 2.6 series kernel. The kernel PPP driver
+was completely rewritten for the 2.4 series kernels to support
+multilink and to allow it to operate over diverse kinds of
+communication medium (the 2.2 driver only operates over serial ports
+and devices which look like serial ports, such as pseudo-ttys).
-Usenet News Groups
+Under the 2.2 kernels, if PPP is compiled as a module, the PPP driver
+modules should be present in the /lib/modules/`uname -r`/net directory
+(where `uname -r` represents the kernel version number). The PPP
+driver module itself is called ppp.o, and there will usually be
+compression modules there, ppp_deflate.o and bsd_comp.o, as well as
+slhc.o, which handles TCP/IP header compression. If the PPP driver is
+compiled into the kernel, the compression code will still be compiled
+as modules, for kernels before 2.2.17pre12. For 2.2.17pre12 and later,
+if the PPP driver is compiled in, the compression code will also.
- There are three applicable usenet news groups for the PPP code. Please
- choose the group which applies the closest to the type of problem
- which you are experiencing.
+Under the 2.4 kernels, there are two PPP modules, ppp_generic.o and
+ppp_async.o, plus the compression modules (ppp_deflate.o, bsd_comp.o
+and slhc.o). If the PPP generic driver is compiled into the kernel,
+the other four can then be present either as modules or compiled into
+the kernel. There is a sixth module, ppp_synctty.o, which is used for
+synchronous tty devices such as high-speed WAN adaptors.
- comp.os.linux.networking
- - Trouble setting routes, running name services, using telnet, ftp,
- news, etc.
- - It will not compile.
- comp.os.linux.setup
- - Trouble installing the package from BINARIES only. This does *NOT*
- include problems with compiling the package.
+2.2 User-level programs
- comp.protocols.ppp
- - How do I use the package?
- - How do I connect to .... services?
- - Why does this not work?
- - All other types of questions on how to use just the PPP code.
+If you obtained this package in .rpm or .deb format, you simply follow
+the usual procedure for installing the package.
- PLEASE don't assume that just because you are using PPP as your
- network device driver that all problems with your networking are a
- problem of PPP. PPP is *NOT* responsible for your modem disconnecting,
- routing to other servers, running telnet, etc. Calling the problem
- 'ppp' on usenet may cause it to be ignored by the people who
- actually work on the networking code.
+If you are using the .tar.gz form of this package, then cd into the
+ppp-2.4.5 directory you obtained by unpacking the archive and issue
+the following commands:
-Installation procedure:
+$ ./configure
+$ make
+# make install
-The installation procedure has been totally revised for this
-version. Due to feedback from other users, it was felt that a more
-automated installation procedure be performed.
+The `make install' has to be done as root. This makes and installs
+four programs and their man pages: pppd, chat, pppstats and pppdump.
+If the /etc/ppp configuration directory doesn't exist, the `make
+install' step will create it and install some default configuration
+files.
-Use the following procedure for all kernel versions. There are six steps
-numbered one through six. Please do them in order and not skip one.
-1. Issue the command:
+2.3 System setup for 2.4 kernels
-./configure
+Under the 2.4 series kernels, pppd needs to be able to open /dev/ppp,
+character device (108,0). If you are using udev (as most distributions
+do), the /dev/ppp node should be created by udevd.
-from the top level directory of pppd. This is the directory which
-contains this README.linux file. The result of this will be to build a
-set of symbolic links to the makefiles. They should link 'Makefile' to
-'Makefile.linux' in each of the directories.
+Otherwise you may need to create a /dev/ppp device node with the
+commands:
-2. Issue the command:
+# mknod /dev/ppp c 108 0
+# chmod 600 /dev/ppp
-make kernel
-from the top level directory. This will install the various include
-files and source files into the proper directory for the linux
-kernel. If you don't have the kernel installed in the /usr/src/kernel
-directory then it will not work. Instead it will print a message to
-the effect that you need to specify the kernel location on the
-kinstall command.
+2.4 System setup under 2.2 series kernels
-The actual message will say:
+Under the 2.2 series kernels, you should add the following to your
+/etc/modules.conf or /etc/conf.modules:
-There appears to be no kernel source distribution in /usr/src/linux.
-Give the top-level kernel source directory as the argument to
-this script.
-usage: kinstall.sh [linux-source-directory]
+alias tty-ldisc-3 ppp
+alias ppp-compress-21 bsd_comp
+alias ppp-compress-24 ppp_deflate
+alias ppp-compress-26 ppp_deflate
-If, and only if, you receive this message, do the following:
- a. Change to the 'linux' directory with the command:
+3. Getting help with problems
+-----------------------------
-cd linux
+If you have problems with your PPP setup, or you just want to ask some
+questions, or better yet if you can help others with their PPP
+questions, then you should join the linux-ppp mailing list. Send an
+email to majordomo@vger.kernel.org with a line in the body saying
- b. Issue the command:
+subscribe linux-ppp
-./kinstall.sh /usr/src/linux
+To leave the mailing list, send an email to majordomo@vger.kernel.org
+with a line in the body saying
-or use the proper location for the kernel rather than
-/usr/src/linux. For example, if you have the kernel installed in
-/usr1/kernel then the command would be:
+unsubscribe linux-ppp
-./kinstall.sh /usr1/kernel
+To send a message to the list, email it to linux-ppp@vger.kernel.org.
+You don't have to be subscribed to send messages to the list.
-The script will validate that the kernel is properly installed into
-that directory and check the level of the kernel. The installation
-will not be accepted if your kernel is too early.
+You can also email me (paulus@samba.org) but I am overloaded with
+email and I can't respond to most messages I get in a timely fashion.
-The installation procedure will copy only the files which are
-needed. It will not replace any file which should not be
-replaced. Please don't second-guess the installation script and
-attempt to do the procedure on your own. There are some very subtle
-dependencies and if you are not careful, the installation will not
-work.
+There are also several relevant news groups, such as comp.protocols.ppp,
+comp.os.linux.networking, or comp.os.linux.setup.
-You are free to run the installation script as many times as you
-wish. The additional executions will only change the files which have
-not been changed.
-3. Build the kernel.
+4. Configuring your dial-out PPP connections
+--------------------------------------------
-You must rebuild the kernel with this package. The driver is totally
-new and will not work with the older daemon and the newer daemon will
-not work with the older kernel driver. If you don't know how to build
-a kernel, then you should read the README file in the kernel source
-directory.
+Some Linux distribution makers include tools in their distributions
+for setting up PPP connections. For example, for Red Hat Linux and
+derivatives, you should probably use linuxconf or netcfg to set up
+your PPP connections.
-If you wish module support then you need to have the 'modules-1.1.87'
-package installed as the minimum version. Earlier versions of the module
-support will not work properly.
+The two main windowing environments for Linux, KDE and Gnome, both
+come with GUI utilities for configuring and controlling PPP dial-out
+connections. They are convenient and relatively easy to configure.
-Instructions on building the kernel with modules are given in the
-README.modules in the kernel source directory.
+A third alternative is to use a PPP front-end package such as wvdial
+or ezppp. These also will handle most of the details of talking to
+the modem and setting up the PPP connection for you.
-4. Build the programs.
+Assuming that you don't want to use any of these tools, you want to
+set up the configuration manually yourself, then read on. This
+document gives a brief description and example. More details can be
+found by reading the pppd and chat man pages and the PPP-HOWTO.
-The programs are built next. The command to build the programs is fairly
-simple. Just issue the command:
+We assume that you have a modem that uses the Hayes-compatible AT
+command set connected to an async serial port (e.g. /dev/ttyS0) and
+that you are dialling out to an ISP.
-make
+The trickiest and most variable part of setting up a dial-out PPP
+connection is the part which involves getting the modem to dial and
+then invoking PPP service at the far end. Generally, once both ends
+are talking PPP the rest is relatively straightforward.
-from the top level directory where this README.linux file is located.
+Now in fact pppd doesn't know anything about how to get modems to dial
+or what you have to say to the system at the far end to get it to talk
+PPP. That's handled by an external program such as chat, specified
+with the connect option to pppd. Chat takes a series of strings to
+expect from the modem interleaved with a series of strings to send to
+the modem. See the chat man page for more information. Here is a
+simple example for connecting to an ISP, assuming that the ISP's
+system starts talking PPP as soon as it answers the phone:
-5. Install the programs.
-
-You may use the command
-
-make install
-
-to install the various programs. They will be installed into the
-/usr/lib/ppp directory. You may not like this directory for the
-executables. The directory name is called BINDIR and is set in the
-file 'linux/Makefile.linux'.
-
-6. Reboot to the new kernel.
-
-After building the new kernel, you will need to actually use it. Reboot
-the Linux system and you may then use the new pppd program.
-
-7. Load optional modules.
-
-If you are using loadable modules for the ppp or bsd compression then
-you must load them after the kernel has been started. The following
-relative order must be maintained.
-
-Sequence Module Description
- 1 slhc.o VJ header compression
- 2 ppp.o PPP driver
- 3 bsd_comp.o BSD compression for PPP's compression protocol.
-
-You may elect not to load the BSD compression module if you desire. There
-is a controversy regarding a Motorola software patent and while it is
-believed that this code does not infringe upon the patent, it is however
-an optional component.
-
-In addition, if memory is a premium, do not run the BSD compression. It
-may take large amounts of memory (up to 2.6 meg) for high compression
-lengths to hold the compression dictionaries.
-
-Without the BSD compression module, the PPP driver will not accept PPP's
-compression control protocol for BSD compression.
-
-
-
-GENERAL NETWORK CONFIGURATION
-
-Since many people don't use the Linux networking code at all until
-they get a PPP link, this section describes generally what's needed to
-get things running. In principle none of this is special to PPP. For
-more details, you should consult the relevant Linux HOWTOs. If you
-already understand network setup, you can skip this section.
-
-The first file that requires attention is the rc script that does
-network configuration at boot time, called /etc/rc.net or
-/etc/rc.d/rc.net.{1,2} or something similar, depending on your Linux
-distribution. This file should 'ifconfig' the loopback interface lo,
-and should add an interface route for it. These lines might look
-something like this:
-
- $CONFIG lo 127.0.0.1
- $ROUTE add loopback
-or
- /sbin/ifconfig lo 127.0.0.1
- /sbin/route add 127.0.0.1
-
-However, it should *not* config an ethernet card or install any other
-routes (unless you actually have an ethernet card, in which case I'll
-assume you know what to do). Many distributions will provide scripts
-that expect you to have an ethernet card.
-
-You also need to decide whether you want to allow incoming
-telnet/ftp/finger, etc. If so, you should have the rc startup script
-run the 'inetd' daemon.
-
-Next, you should set up /etc/hosts to have two lines. The first
-should just give the loopback or localhost address and the second
-should give your own host name and the IP address your PPP connection
-will use. For example:
-
- 127.0.0.1 loopback localhost # useful aliases
- 192.1.1.17 billpc.president.whitehouse.gov bill # my hostname
- 192.1.1.23 chelseapc.president.whitehouse.gov chelseapc
-
-where my IP address is 192.1.1.17 and my hostname is
-billpc.president.whitehouse.gov. (Not really, you understand.) If
-your PPP server does dynamic IP address assignment, give a guess as to
-an address you might get (see also "Dynamic Address Assignment"
-below).
-
-Finally, you need to configure the domain name system by putting
-appropriate lines in /etc/resolv.conf . It should look something like
-this:
-
- domain president.whitehouse.gov
- search president.whitehouse.gov whitehouse.gov
- nameserver 192.1.2.1
- nameserver 192.1.2.10
-
-Assuming there are nameservers at 192.1.2.1 and 192.1.2.10, then when
-you get connected with PPP, you can reach hosts whose full names are
-'hillarypc.president.whitehouse.gov' and 'chelseapc.whitehouse.gov' by
-the names 'hillarypc' and 'chelseapc'. You can probably find out the
-right domain name to use and the IP numbers of nameservers from
-whoever's providing your PPP link.
-
-
-
-CONNECTING TO A PPP SERVER
-
-To use PPP, you invoke the pppd program with appropriate options.
-Everything you need to know is contained in the pppd(8) manual page.
-However, it's useful to see some examples:
-
-Example 1: A simple dial-up connection.
-
-Here's a command for connecting to a PPP server by modem.
-
- pppd connect 'chat -v "" ATDT5551212 CONNECT "" ogin: ppp word: whitewater' \
- /dev/cua1 38400 debug crtscts modem defaultroute 192.1.1.17
+pppd connect 'chat -v "" AT OK ATDT5551212 ~' \
+ /dev/ttyS0 57600 crtscts debug defaultroute
Going through pppd's options in order:
- connect 'chat etc...' This gives a command to run to contact the
+ connect 'chat ...' This gives a command to run to contact the
PPP server. Here the supplied 'chat' program is used to dial a
remote computer. The whole command is enclosed in single quotes
because pppd expects a one-word argument for the 'connect' option.
-v verbose mode; log what we do to syslog
"" don't wait for any prompt, but instead...
+ AT send the string "AT"
+ OK expect the response "OK", then
ATDT5551212 dial the modem, then
- CONNECT wait for answer
- "" send a return (null text followed by usual return)
- ogin: ppp word: whitewater log in.
-
- /dev/cua1 specify the callout serial port cua1
- 38400 specify baud rate
- debug log status in syslog
- crtscts use hardware flow control between computer and modem
- (at 38400 this is a must)
- modem indicate that this is a modem device; pppd will hang up the
- phone before and after making the call
- defaultroute once the PPP link is established, make it the default
- route; if you have a PPP link to the Internet this
- is probably what you want
-
- 192.1.1.17 this is a degenerate case of a general option
- of the form x.x.x.x:y.y.y.y . Here x.x.x.x is the local IP
- address and y.y.y.y is the IP address of the remote end of the
- PPP connection. If this option is not specified, or if just
- one side is specified, then x.x.x.x defaults to the IP address
- associated with the local machine's hostname (in /etc/hosts),
- and y.y.y.y is determined by the remote machine. So if this
- example had been taken from the fictional machine 'billpc',
- this option would actually be redundant.
-
-pppd will write error messages and debugging logs to the syslogd
-daemon using the facility name "daemon". These messages may already be
-logged to the console or to a file like /usr/adm/messages; consult
-your /etc/syslog.conf file to see. If you want to make all pppd
-messages go to the console, add the line
-
- daemon.* /dev/console
- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ ~ wait for a ~ character, indicating the start
+ of a PPP frame from the server
+
+ /dev/ttyS0 specifies which serial port the modem is connected to
+ 57600 specifies the baud rate to use
+ crtscts use hardware flow control using the RTS & CTS signals
+ debug log the PPP negotiation with syslog
+ defaultroute add default network route via the PPP link
+
+Pppd will write error messages and debugging logs to the syslogd
+daemon using the facility name "daemon". These messages may already
+be logged to the console or to a file like /var/log/messages; consult
+your /etc/syslog.conf file to see. If you want to make all pppd
+messages go to a file such as /var/log/ppp-debug, add the line
+
+daemon.* /var/log/ppp-debug
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is one or more tabs. Do not use spaces.
-to syslog.conf; make sure to put one or more TAB characters between
-the two fields.
-
-Example 2: Connecting to PPP server over hard-wired link.
-
-This is a slightly more complicated example. This is the script I run
-to make my own PPP link, which is over a hard-wired Gandalf link to an
-Ultrix machine running Morningstar PPP.
-
- pppd connect /etc/ppp/ppp-connect defaultroute noipdefault debug \
- kdebug 0 /dev/cua0 9600
-
-Here /etc/ppp/ppp-connect is the following script:
- #!/bin/sh
- /etc/ppp/sendbreak
- chat -v -t60 "" \; "service :" blackice ogin: callahan word: PASSWORD \
- black% "stty -echo; ppp" "Starting PPP now" && sleep 5
-
-This sends a break to wake up my terminal server, sends a semicolon
-(which lets my terminal server do autobaud detection), then says we
-want the service "blackice". It logs in, waits for a shell prompt
-("black%"), then starts PPP. The -t60 argument sets the timeout to a
-minute, since things here are sometimes very slow.
-
-The "&& sleep 5" causes the script to pause for 5 seconds, unless chat
-fails in which case it exits immediately. This is just to give the
-PPP server time to start (it's very slow). Also, the "stty -echo"
-turned out to be very important for me; without it, my pppd would
-sometimes start to send negotiation packets before the remote PPP
-server had time to turn off echoing. The negotiation packets would
-then get sent back to my local machine, be rejected (PPP is able to
-detect loopback) and pppd would fail before the remote PPP server even
-got going. The "stty -echo" command prevents this confusion. This
-kind of problem should only ever affect a *very* few people who
-connect to a PPP server that runs as a command on a slow Unix machine,
-but I wanted to mention it because it took me several frustrating
-hours to figure out.
-
-The pppd options are mostly familiar. Two that are new are
-"noipdefault" and "kdebug 1". "noipdefault" tells pppd to ask the
-remote end for the IP address to use; this is necessary if the PPP
-server implements dynamic IP address assignment as mine does (i.e., I
-don't know what address I'll get ahead of time). "kdebug 1" sets the
-kernel debugging level to 1, enabling slightly chattier messages from
-the ppp kernel code.
-
-Anyway, assuming your connection is working, you should see chat dial
-the modem, then perhaps some messages from pppd (depending on your
-syslog.conf setup), then some kernel messages like this:
-
- ppp: channel ppp0 mtu changed to 1500
- ppp: channel ppp0 open
- ppp: channel ppp0 going up for IP packets!
-
-(These messages will only appear if you gave the option "kdebug 1" and
-have kern.info messages directed to the screen.) Simultaneously, pppd
-is also writing interesting things to /usr/adm/messages (or other log
-file, depending on syslog.conf).
-
-
-IF IT WORKS
-
-If you think you've got a connection, there are a number of things you
-can do to test it.
-
-First, type
+to syslog.conf; make sure to put one or more TAB characters (not
+spaces!) between the two fields. Then you need to create an empty
+/var/log/ppp-debug file with a command such as
- /sbin/ifconfig
+ touch /var/log/ppp-debug
+
+and then restart syslogd, usually by sending it a SIGHUP signal with a
+command like this:
+
+ killall -HUP syslogd
+
+
+4.1 Is the link up?
- (ifconfig may live elsewhere, depending on your distribution.)
-This should show you all the network interfaces that are 'UP'. ppp0
-should be one of them, and you should recognize the first IP address
-as your own and the "P-t-P address" (or point-to-point address) the
-address of your server. Here's what it looks like on my machine:
+The main way to tell if your PPP link is up and operational is the
+ifconfig ("interface configuration") command. Type
-lo Link encap Local Loopback
- inet addr 127.0.0.1 Bcast 127.255.255.255 Mask 255.0.0.0
- UP LOOPBACK RUNNING MTU 2000 Metric 1
- RX packets 0 errors 0 dropped 0 overrun 0
- TX packets 0 errors 0 dropped 0 overrun 0
+ /sbin/ifconfig
+
+at a shell prompt. It should print a list of interfaces including one
+like this example:
ppp0 Link encap Point-to-Point Protocol
- inet addr 192.76.32.2 P-t-P 129.67.1.165 Mask 255.255.255.0
+ inet addr 192.76.32.3 P-t-P 129.67.1.165 Mask 255.255.255.0
UP POINTOPOINT RUNNING MTU 1500 Metric 1
RX packets 33 errors 0 dropped 0 overrun 0
TX packets 42 errors 0 dropped 0 overrun 0
-Now, type
+Assuming that ifconfig shows the ppp network interface, you can test
+the link using the ping command like this:
- ping z.z.z.z
+ /sbin/ping -c 3 129.67.1.165
-where z.z.z.z is the address of your name server. This should work.
-Here's what it looks like for me:
+where the address you give is the address shown as the P-t-P address
+in the ifconfig output. If the link is operating correctly, you
+should see output like this:
- waddington:~$ ping 129.67.1.165
PING 129.67.1.165 (129.67.1.165): 56 data bytes
64 bytes from 129.67.1.165: icmp_seq=0 ttl=255 time=268 ms
64 bytes from 129.67.1.165: icmp_seq=1 ttl=255 time=247 ms
64 bytes from 129.67.1.165: icmp_seq=2 ttl=255 time=266 ms
- ^C
--- 129.67.1.165 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 247/260/268 ms
- waddington:~$
-
-Try typing:
-
- netstat -nr
-
-This should show three routes, something like this:
-
-Kernel routing table
-Destination Gateway Genmask Flags Metric Ref Use Iface
-129.67.1.165 0.0.0.0 255.255.255.255 UH 0 0 6 ppp0
-127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
-0.0.0.0 129.67.1.165 0.0.0.0 UG 0 0 6298 ppp0
-
-If your output looks similar but doesn't have the destination 0.0.0.0
-line (which refers to the default route used for connections), you may
-have run pppd without the 'defaultroute' option.
-
-At this point you can try telnetting/ftping/fingering whereever you
-want, bearing in mind that you'll have to use numeric IP addresses
-unless you've set up your /etc/resolv.conf correctly.
-
-
-IF IT DOESN'T WORK
-
-If you don't seem to get a connection, the thing to do is to collect
-'debug' output from pppd. To do this, make sure you run pppd with the
-'debug' option, and put the following two lines in your
-/etc/syslog.conf file:
-
- daemon.* /dev/console
- daemon.* /usr/adm/ppplog
-
-This will cause pppd's messages to be written to the current virtual
-console and to the file /usr/adm/ppplog. Note that the left-hand
-field and the right-hand field must be separated by at least one TAB
-character. After modifying /etc/syslog.conf, you must execute the
-command 'kill -HUP <pid>' where <pid> is the process ID of the
-currently running syslogd process to cause it to re-read the
-configuration file.
-
-Some messages to look for:
- - "pppd[NNN]: Connected..." means that the "connect" script has
- completed successfully.
- - "pppd[NNN]: sent [LCP ConfReq"... means that pppd has attempted to
- begin negotiation with the remote end.
- - "pppd[NNN]: recv [LCP ConfReq"... means that pppd has received a
- negotiation frame from the remote end.
- - "pppd[NNN]: ipcp up" means that pppd has reached the point where
- it believes the link is ready for IP traffic to travel across it.
-
-If you never see a "recv" message then there may be serious problems
-with your link. (For example, the link may not be passing all 8
-bits.) If that's the case, it would be useful to collect a debug log
-which contains all the bytes being passed between your computer and
-the remote PPP server. To do this, alter your syslog.conf lines to
-look like this
-
- daemon.*,kern.* /dev/console
- daemon.*,kern.* /usr/adm/ppplog
-
-and HUP the syslog daemon as before. Then, run pppd with the option
-"kdebug 25". Whatever characters arrive over the PPP terminal line
-will appear in the debugging output.
-
-Occasionally you may see a message like
-
- ppp_toss: tossing frame, reason = 4
-
-The PPP code is throwing away a packet ("frame") from the remote
-server because of a serial overrun. This means your CPU isn't able to
-read characters from the serial port as quickly as they arrive; the
-best solution is to get a 16550A serial chip, which gives the CPU some
-grace period. Reasons other than 4 indicate other kinds of serial
-errors, which should not occur.
-
-During the initial connection sequence, you may see one or more
-messages which indicate "bad fcs". This refers to a checksum error in
-a received PPP frame, and usually occurs at the start of a session
-when the peer system is sending some "text" messages, such as "hello
-this is the XYZ company". Messages of "bad fcs" once the link is
-established and the routes have been added are not normal and indicate
-transmission errors or noise on the telephone line.
-
-
-IF IT STILL DOESN'T WORK (OR, BUG REPORTS)
-
-If you're still having difficulty, send the linux-ppp list a bug
-report. It is extremely important to include as much information as
-possible; for example:
-
- - the version number of the kernel you are using
- - the version number of Linux PPP you are using
- - the exact command you use to start the PPP session
- - log output from a session run with the 'debug' option, captured
- using daemon.*,kern.* in your syslog.conf file
- - the type of PPP peer that you are connecting to (eg, Xyzzy Corp
- terminal server, Morningstar PPP software, etc)
- - the kind of connection you use (modem, hardwired, etc...)
-
-
-DYNAMIC ADDRESS ASSIGNMENT
-
-You can use Linux PPP with a PPP server which assigns a different IP
-address every time you connect. This action is automatically performed
-when you don't have a local IP address.
-
- pppd connect 'chat -v "" ATDT5551212 CONNECT "" ogin: ppp word: whitewater' \
- /dev/cua1 38400 noipdefault debug crtscts modem defaultroute
-
-The noipdefault, added to the above example, suppresses the attempts
-of pppd to deduce its own IP address by looking it up in the
-/etc/hosts file. Since the process does not have an IP address, one
-will be assigned to it from the configuration file on the remote
-system.
-
-Sometimes you may get an error message like "Cannot assign requested
-address" when you use a Linux client (for example, "talk"). This
-happens when the IP address given in /etc/hosts for our hostname
-differs from the IP address used by the PPP interface. The solution
-is to use ifconfig ppp0 to get the interface address and then edit
-/etc/hosts appropriately.
-
-
-
-SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS
-
-Suppose you want to permit another machine to call yours up and start
-a PPP session. This is possible using Linux PPP.
-
-One way is to create an account named, say, 'ppp', with the login
-shell being a short script that starts pppd. For example, the passwd
-entry might look like this:
-
- ppp:(encrypted password):102:50:PPP client login:/home/ppp:/usr/sbin/pppd
-
-In addition, you would edit the file ~ppp/.ppprc to have the following
-pieces of information:
-
--detach
-modem
-crtscts
-lock
-:192.1.2.23
-
-Here we will insist that the remote machine use IP address 192.1.2.23,
-while the local PPP interface will use the IP address associated with
-this machine's hostname in /etc/hosts. The '-detach' option is required
-for a server. It tells the pppd process not to terminate until the modem
-is disconnected. Should it fork, the init process would restart the getty
-process and the this would cause a severe conflict over the port.
-
-The 'modem' option indicates that the connection is via a switched circuit
-(using a modem) and that the pppd process should monitor the DCD signal
-from the modem.
-
-The 'crtscts' option tells the pppd process to use hardware RTS/CTS flow
-control for the modem.
-
-The 'lock' option tells pppd to lock the tty device. This will use the UUCP
-style locking file in the lock directory.
-
-This setup is sufficient if you just want to connect two machines so
-that they can talk to one another. If you want to use Linux PPP to
-connect a single machine to an entire network, or to connect two
-networks together, then you need to arrange for packets to be routed
-from the networks to the PPP link. Setting up a link between networks
-is beyond the scope of this document; you should examine the routing
-options in the manual page for pppd carefully and find out about
-routed, etc.
-
-Let's consider just the first case. Suppose you have a Linux machine
-attached to an Ethernet, and you want to allow its PPP peer to be able
-to communicate with hosts on that Ethernet. To do this, you should
-have the remote machine use an IP address that would normally appear
-to be on the local Ethernet segment and you should give the 'proxyarp'
-option to pppd on the server. Suppose, for example, we have this
-setup:
-
- 192.1.2.23 192.1.2.17
-+-----------+ PPP link +----------+
-| chelseapc | ------------------- | billpc |
-+-----------+ +----------+
- | Ethernet
- ----------------------------------- 192.1.2.x
-
-Here the PPP and Ethernet interfaces of billpc will have IP address
-192.1.2.17. (It's OK for one or more PPP interfaces on a machine to
-share an IP address with an Ethernet interface.) There is an
-appropriate entry in /etc/passwd on billpc to allow chelseapc to call
-in. It will run pppd when the user signs on to the system and pppd will
-take the options from the user option file.
-
-In addition, you would edit the file ~ppp/.ppprc to have the following
-piece of information:
-
--detach
-modem
-crtscts
-lock
-192.1.2.17:192.1.2.23
-proxyarp
-
-When the link comes up, pppd will enter a "proxy arp" entry for
-chelseapc into the arp table on billpc. What this means effectively
-is that billpc will pretend to the other machines on the 192.1.2.x
-Ethernet that its Ethernet interface is ALSO the interface for
-chelseapc (192.1.2.23) as well as billpc (192.1.2.17). In practice
-this means that chelseapc can communicate just as if it was directly
-connected to the Ethernet.
-
-
-
-SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS WITH DYNAMIC IP
-
-The use of dynamic IP assignments is not much different from that
-using static IP addresses. Rather than putting the IP address into the
-single file ~ppp/.ppprc, you would put the IP address for each of the
-incoming terminals into the /etc/ppp/options.tty files. ('tty' is the
-name of the tty device. For example /etc/ppp/options.ttyS0 is used for
-the /dev/ttyS0 device.)
-
-To each of the serial devices, you would attach a modem. To the
-modems, attach the telephone lines. Place all of the telephone lines
-into a hunt group so that the telephone system will select the
-non-busy telephone and subsequently, the modem. By selecting the
-modem, the user will select a tty device and the tty device will
-select the IP address. Run a getty process against the tty device such
-as /dev/ttyS0.
-
-(The general consensus among the users is that you should *not* use
-the agetty process to monitor a modem. Use either getty_ps' uugetty
-process or mgetty from the mgetty+sendfax package.)
-
-
-SECURITY CONCERNS ABOUT INCOMING PPP CONNECTIONS
-
-The following security should be considered with the ppp connections.
-
-1. Never put the pppd program file into the /etc/shells file. It is not
-a legal shell for the general user. In addition, if the shell is missing
-from the shells file, the ftpd process will not allow the user to access
-the system via ftp. You would not want Joe Hacker using the ppp account
-via ftp.
-
-2. Ensure that the directory /etc/ppp is owned by 'root' and permits
-only write access to the root user.
-
-3. The files /etc/ppp/options must be owned by root and accessible only
-from that user. Never permit any other user access to this file.
-
-4. The files /etc/ppp/ip-up and /etc/ppp/ip-down will be executed by the
-pppd process while it is root. Ensure that these files are writable only
-from the root user.
-
-5. If you use an incoming PPP connection, you should do the following as
-the root user:
-
-a) Invalidate the files for rhosts and forward
-rm -f ~ppp/.rhosts ~ppp/.forward
-touch ~ppp/.rhosts ~ppp/.forward
-chmod 444 ~ppp/.rhosts ~ppp/.forward
-
-b) Prevent users from sending mail to the user 'ppp'.
-
-This is best performed by creating a system alias 'ppp' and have it
-point to the name "THIS_USER_CANNOT_RECEIVE_MAIL". It has no special
-meaning other than the obvious one.
-
-For sendmail, the sequence is fairly easy. Edit the /etc/aliases file
-and add the line:
-
-ppp:THIS_USER_CANNOT_RECEIVE_MAIL
-
-Then run the sendmail program with the option '-bi' to rebuild the
-alias database.
-
-c) Secure the ppp file properly.
-chown root ~ppp/.ppprc
-chmod 444 ~ppp/.ppprc
-
-You may wish to extend the security by creating a group 'ppp' and putting
-the ppp user into that group, along with the binaries for pppd and pppstats.
-Then you may secure the binaries so that they are executable from the owner
-(which should be root) and the group only. All other users would be denied
-all access to the files and executables.
-
-d) Prevent the motd file from being sent to the ppp user.
-touch ~ppp/.hushlogin
-chown root ~ppp/.hushlogin
-chmod 444 ~ppp/.hushlogin
-
-
-ADDITIONAL INFORMATION
-
-Besides this document, additional information may be found in:
-
-- The file README in the source package
-- The PPP-HOWTO on sunsite.unc.edu
-- The Net-2-HOWTO on sunsite.unc.edu
-- The Network Administration Guide published by O'Rielly and Associates
-
-Please consult these sources of information should you have questions
-about the program. If you still can not find your answer then ask either
-the usenet news groups or the mail list.
-
-
-
-DIP SUPPORT
-
-The dip program used by Linux is not directly supported by the PPP
-package as such. Please don't ask the PPP porting group questions
-about dip. It does work in two areas.
-
-1. If you use it as a parameter to 'connect' then you can use the scripting
- language and establish the connection. You would use the standard set of
- PPP options.
-
-2. dip-3.3.7m-uri and later versions support a 'mode ppp' function
- which will invoke the pppd program. That is all that it does. It will
- not pass any parameters to pppd other than its required '-detach' to
- allow dip to detect the normal termination of pppd.
-
- The following information comes from John Phillips in an article which he
- posted to comp.os.linux.setup.
-
-Assuming that you already know how dip supports SLIP, these points
-are relative to a working SLIP set-up.
-
-1. You need dip-3.3.7m-uri, and, of course, PPP compiled into the
-kernel.
-
-2. Make sure pppd is where dip thinks it is: /usr/lib/ppp/pppd, or
-make a link from there to where pppd really is. (Or re-compile dip
-to tell it where pppd is on your system - see pathnames.h).
-
-3. The key differences between the dip script for PPP, compared to one
-for SLIP are:
-
- a. Use "mode PPP" instead of "mode SLIP"
-
- b. Don't set certain options such as mtu and default - these are set
- by pppd from the file /etc/ppp/options. Mine looks like this:
-
- crtscts
- modem
- defaultroute
- asyncmap 0x00000000
- mru 576
- mtu 576
-
- The actual parameters and values may depend on your IP supplier
- and his set-up.
-
- c. Tell your IP supplier's start-up code to use ppp, not slip: I
- use "send nolqm,idle=240\n" instead of "send slip,idle=240,mru=576\n"
- at the "protocol: " prompt. ("nolqm" asks for ppp without the line
- quality monitoring protocol, which is not - I think - supported in
- Linux PPP.) This prompt may be different (or absent) with another
- IP supplier.
-
- d. You don't need "get $local <name>", since the ppp protocol
- negotiates this at start-up. You still need "get $remote <name>".
- (This may also vary with IP supplier - you may need to set some
- more parameters in /etc/ppp/options to work with yours - see "man
- pppd" for details of the options supported by pppd.)
-
-4. The dip script will exit after dialling and starting up pppd. When
-ppp negotiation is completed and IP comes up, pppd runs /etc/ppp/ip-up.
-This file can contain things you want to run when the network comes up
-(e.g. running the mail queue).
-
-5. When IP goes down (e.g. after you close down the link with "dip -k"),
-pppd runs /etc/ppp/ip-down, which can contain things you want to do on
-close-down.
-
-
-
-CONCLUSION
-
-Good luck!
-Al and Michael