os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Some shuffling in Configuring PPP to improve the flow of this section.

Browse source 
More commits to come.

Sponsored by:	iXsystems
This commit is contained in:
Dru Lavigne 2014-05-23 17:28:33 +00:00
parent 565eca1b4f
commit 86480ea29a
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=44922
1 changed files with 145 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

290
en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml
View file

@ -459,7 +459,29 @@
create <filename>/etc/ppp/ppp.linkup</filename> with the
above two lines. More examples for this file can be found
in <filename>/usr/share/examples/ppp/</filename>.</para>
</sect2>
<para>By default, the <command>ppp</command> command must be
run as the <systemitem class="username">root</systemitem>
user. To change this default, add the account of the user
who should run <command>ppp</command> to the
<systemitem class="groupname">network</systemitem> group in
<filename>/etc/group</filename>.</para>
<para>Then, give the user access to one or more entries in
<filename>/etc/ppp/ppp.conf</filename> using the
<command>allow</command> command. For example, to give
<systemitem class="username">fred</systemitem> and
<systemitem class="username">mary</systemitem>
permission to only the <literal>provider:</literal> entry,
add this line to the <literal>provider:</literal>
section:</para>
<programlisting>allow users <replaceable>fred mary</replaceable></programlisting>
<para>To give the specified users access to all entries, put
that line in the <literal>default</literal> section
instead.</para>
</sect2>
<?ignore <sect2>
<title>Receiving Incoming Calls</title>
@ -513,30 +535,7 @@
</step>
</procedure>
</sect2>
?>
<sect2>
<title><application>PPP</application> Permissions</title>
<para>The <command>ppp</command> command must normally be
run as the <systemitem class="username">root</systemitem> user. To instead
allow <command>ppp</command> to run in server mode as a
normal user, that user must be given permission to run
<command>ppp</command> by adding them to the
<systemitem class="groupname">network</systemitem> group in
<filename>/etc/group</filename>.</para>
<para>The user also needs access to one or more sections of
the configuration file using the
<command>allow</command> command:</para>
<programlisting>allow users fred mary</programlisting>
<para>If this command is used in the
<literal>default</literal> section, it gives the specified
users access to everything.</para>
</sect2>
<?ignore <sect2>
<title><acronym>PPP</acronym> Shells for Dynamic
<acronym>IP</acronym> Users</title>
@ -681,101 +680,9 @@ mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting>
</sect2>
?>
<sect2 xml:id="userppp-mgetty">
<title><command>mgetty</command> and AutoPPP</title>
<indexterm>
<primary><command>mgetty</command></primary>
</indexterm>
<indexterm>
<primary>AutoPPP</primary>
</indexterm>
<indexterm>
<primary>LCP</primary>
</indexterm>
<para><xref linkend="dialup"/> provides a good description
on enabling dial-up services using &man.getty.8;.</para>
<para>An alternative to <command>getty</command> is <link xlink:href="http://mgetty.greenie.net/">mgetty</link> (from
<package>comms/mgetty+sendfax</package>
port), a smarter version of <command>getty</command>
designed with dial-up lines in mind.</para>
<para>The advantages of using <command>mgetty</command> is
that it actively <emphasis>talks</emphasis> to modems,
meaning if port is turned off in
<filename>/etc/ttys</filename> then the modem will not
answer the phone.</para>
<para>Later versions of <command>mgetty</command> (from
0.99beta onwards) also support the automatic detection of
<acronym>PPP</acronym> streams, allowing clients
scriptless access to the server.</para>
<para>Refer to <xref linkend="userppp-mgetty"/> for more
information on <command>mgetty</command>.</para>
<para>By default the <package>comms/mgetty+sendfax</package> port
comes with the <literal>AUTO_PPP</literal> option enabled
allowing <command>mgetty</command> to detect the LCP
phase of <acronym>PPP</acronym> connections and
automatically spawn off a ppp shell. However, since the
default login/password sequence does not occur it is
necessary to authenticate users using either PAP or
CHAP.</para>
<para>This section assumes the user has successfully
compiled, and installed the <package>comms/mgetty+sendfax</package> port on
his system.</para>
<para>Ensure that
<filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
has the following:</para>
<programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
<para>This tells <command>mgetty</command> to run
<filename>ppp-pap-dialup</filename> for detected
<acronym>PPP</acronym> connections.</para>
<para>Create an executable file called
<filename>/etc/ppp/ppp-pap-dialup</filename> containing
the following:</para>
<programlisting>#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
<para>For each dial-up line enabled in
<filename>/etc/ttys</filename>, create a corresponding
entry in <filename>/etc/ppp/ppp.conf</filename>. This
will happily co-exist with the definitions we created
above.</para>
<programlisting>pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxy</programlisting>
<para>Each user logging in with this method will need to
have a username/password in
<filename>/etc/ppp/ppp.secret</filename> file, or
alternatively add the following option to authenticate
users via PAP from the <filename>/etc/passwd</filename>
file.</para>
<programlisting>enable passwdauth</programlisting>
<para>To assign some users a static <acronym>IP</acronym>
number, specify the number as the third argument in
<filename>/etc/ppp/ppp.secret</filename>. See
<filename>/usr/share/examples/ppp/ppp.secret.sample</filename>
for examples.</para>
</sect2>
<sect2>
<title>MS Extensions</title>
<title>Advanced Configuration</title>
<indexterm>
<primary>DNS</primary>
@ -817,9 +724,8 @@ set nbns 203.14.100.5</programlisting>
dns</literal> line is omitted,
<acronym>PPP</acronym> will use the values found in
<filename>/etc/resolv.conf</filename>.</para>
</sect2>
<sect2 xml:id="userppp-PAPnCHAP">
<sect3 xml:id="userppp-PAPnCHAP">
<title>PAP and CHAP Authentication</title>
<indexterm><primary>PAP</primary></indexterm>
@ -888,32 +794,9 @@ set nbns 203.14.100.5</programlisting>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect3>
<sect2>
<title>Changing the <command>ppp</command> Configuration
on the Fly</title>
<para>It is possible to talk to the <command>ppp</command>
program while it is running in the background, but only
if a suitable diagnostic port has been set up. To do
this, add the following line to the configuration:</para>
<programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting>
<para>This will tell PPP to listen to the specified
&unix; domain socket, asking clients for the specified
password before allowing access. The
<literal>%d</literal> in the name is replaced with the
<filename>tun</filename> device number that is in
use.</para>
<para>Once a socket has been set up, the &man.pppctl.8;
program may be used in scripts that wish to manipulate
the running program.</para>
</sect2>
<sect2 xml:id="userppp-nat">
<sect3 xml:id="userppp-nat">
<title>Using <acronym>PPP</acronym> Network Address
Translation Capability</title>
@ -944,6 +827,7 @@ nat port tcp 10.0.0.2:http http</programlisting>
<para>or do not trust the outside at all</para>
<programlisting>nat deny_incoming yes</programlisting>
</sect3>
</sect2>
<sect2 xml:id="userppp-final">
@ -1034,6 +918,10 @@ ifconfig_tun0=</programlisting>
<para>An alternative is to set up a
<quote>dfilter</quote> to block SMTP traffic. Refer to the
sample files for further details.</para>
</sect2>
<sect2>
<title>Using <command>ppp</command></title>
<para>All that is left is to reboot the machine. After
rebooting, either type:</para>
@ -1048,7 +936,119 @@ ifconfig_tun0=</programlisting>
type:</para>
<screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
</sect2>
<para>It is possible to talk to the <command>ppp</command>
program while it is running in the background, but only
if a suitable diagnostic port has been set up. To do
this, add the following line to the configuration:</para>
<programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting>
<para>This will tell PPP to listen to the specified
&unix; domain socket, asking clients for the specified
password before allowing access. The
<literal>%d</literal> in the name is replaced with the
<filename>tun</filename> device number that is in
use.</para>
<para>Once a socket has been set up, the &man.pppctl.8;
program may be used in scripts that wish to manipulate
the running program.</para>
</sect2>
<sect2 xml:id="userppp-mgetty">
<title>Configuring Dial-in Services</title>
<indexterm>
<primary><command>mgetty</command></primary>
</indexterm>
<indexterm>
<primary>AutoPPP</primary>
</indexterm>
<indexterm>
<primary>LCP</primary>
</indexterm>
<para><xref linkend="dialup"/> provides a good description
on enabling dial-up services using &man.getty.8;.</para>
<para>An alternative to <command>getty</command> is
<package>comms/mgetty+sendfax</package>
port), a smarter version of <command>getty</command>
designed with dial-up lines in mind.</para>
<para>The advantages of using <command>mgetty</command> is
that it actively <emphasis>talks</emphasis> to modems,
meaning if port is turned off in
<filename>/etc/ttys</filename> then the modem will not
answer the phone.</para>
<para>Later versions of <command>mgetty</command> (from
0.99beta onwards) also support the automatic detection of
<acronym>PPP</acronym> streams, allowing clients
scriptless access to the server.</para>
<para>Refer to <link xlink:href="http://mgetty.greenie.net/doc/mgetty_toc.html">http://mgetty.greenie.net/doc/mgetty_toc.html</link>
for more
information on <command>mgetty</command>.</para>
<para>By default the <package>comms/mgetty+sendfax</package> port
comes with the <literal>AUTO_PPP</literal> option enabled
allowing <command>mgetty</command> to detect the LCP
phase of <acronym>PPP</acronym> connections and
automatically spawn off a ppp shell. However, since the
default login/password sequence does not occur it is
necessary to authenticate users using either PAP or
CHAP.</para>
<para>This section assumes the user has successfully
compiled, and installed the <package>comms/mgetty+sendfax</package> port on
his system.</para>
<para>Ensure that
<filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
has the following:</para>
<programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
<para>This tells <command>mgetty</command> to run
<filename>ppp-pap-dialup</filename> for detected
<acronym>PPP</acronym> connections.</para>
<para>Create an executable file called
<filename>/etc/ppp/ppp-pap-dialup</filename> containing
the following:</para>
<programlisting>#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
<para>For each dial-up line enabled in
<filename>/etc/ttys</filename>, create a corresponding
entry in <filename>/etc/ppp/ppp.conf</filename>. This
will happily co-exist with the definitions we created
above.</para>
<programlisting>pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxy</programlisting>
<para>Each user logging in with this method will need to
have a username/password in
<filename>/etc/ppp/ppp.secret</filename> file, or
alternatively add the following option to authenticate
users via PAP from the <filename>/etc/passwd</filename>
file.</para>
<programlisting>enable passwdauth</programlisting>
<para>To assign some users a static <acronym>IP</acronym>
number, specify the number as the third argument in
<filename>/etc/ppp/ppp.secret</filename>. See
<filename>/usr/share/examples/ppp/ppp.secret.sample</filename>
for examples.</para>
</sect2>
</sect1>
<sect1 xml:id="ppp-troubleshoot">