Опубликован: 06.08.2012 | Уровень: специалист | Доступ: платный
Лекция 20:

Configuring PPP

Setting up user PPP: the details

The user PPP configuration files are in the directory /etc/ppp. In addition to them, you probably want to modify /etc/rc.conf to start PPP and possibly to include global Internet information. The main configuration file is /etc/ppp/ppp.conf. It contains a number of multi-line entries headed by a label. For example, the default entry looks like:

default:
  set log Phase Chat LCP IPCP CCP tun command
  ident user-ppp VERSION (built COMPILATIONDATE)

  # Ensure that "device" references the correct serial port
  # for your modem. (cuaa0 = COM1, cuaa1 = COM2)
  #
  set device /dev/cuaa1    device to use

  set speed 115200         connect at 115, 200 bps
  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
           \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 
  set timeout 180          # 3minute idle timer (the default)
  enable dns               # request DNS info (for resolv. conf)

Let’s look at this entry in detail.

  • Note the format: labels begin at the beginning of the line, and other entries must be indented by one character.
  • The line default: identifies the default entry. This entry is always run when PPP starts.
  • The set log line specifies which events to log. This can be helpful if you run into problems.
  • The ident line specifies what identification the system will present to the other end of the connection. You don’t need to change it.
  • The set device line specifies the device that PPP should use to establish the connection, in this case the second serial port, /dev/cuaa1. For PPPoE connections, use the name of the Ethernet interface, prep ended by the text PPPoE.
    set device PPPoE:xl0
    
  • For modem connections, the set speed line sets the speed of the link between the modem and the computer. Some older PCs had problems at 115, 200 bps, but you shouldn’t have any need to change it anymore, especially since the next lower speed for conventional PC hardware is 57, 600 bps, which is too slow to use the full bandwidth when compression is enabled.
  • Also for modems only, set dial describes a chat script, a series of responses and commands to be exchanged with the modem.
  • enable dns tells PPP to get information about name servers when setting up the link. If the remote site supplies this information, you don't need to set it manually. You should remove this line if you're running a local name server, which I strongly recommend. See "Chapter 21" , The Domain Name Service, for more details.

The default entry alone does not supply enough information to create a link. In particular, it does not specify who to call or what user name or password to use. In addition to the default entry, you need an entry describing how to connect to a specific site. The bare minimum would be the first three set lines of the papchap entry in ppp.conf:

papchap:
  #
  #edit the next three lines and replace the items in caps with
  #the values which have been assigned by your ISP. 
  #

  set phone PHONE_NUM
  set authname USERNAME
  set authkey PASSWORD

  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
  add default HISADDR    #Add a (sticky) default route

PPP calls this entry a profile. papchap is the profile supplied in the default installation. You can change the name, for example to the name of your ISP. This is particularly useful if you connect to more than one ISP (for example, with a laptop). In these examples, we'll stick with papchap.

As the comment states, replace the texts PHONE_NUM, USERNAME and PASSWORD with your specific information. If you are using PPPoE, replace the set phone line with a set device line as discussed above.

The last two lines may or may not be needed. The line set ifaddr specifies addresses to assign to each end of the link, and that they can be overridden. This line is seldom needed, even for static addressing: the ISP will almost always allocate the correct address. We'll look at this issue again below when we discuss dynamic addresses.

Finally, the last line tells ppp to set a default route on this interface when the line comes up. HISADDR is a keyword specifying the other end of the link. This is the only way to specify the route for dynamic addressing, but it works just as well for static addressing. If your primary connection to the Internet is via a different interface, remove this entry.

Negotiation

As we saw on page 342, you need to decide who starts negotiation. By default, user PPP starts negotiation. If the other end needs to start negotiation, add the following line to your /etc/ppp/ppp.conf:

set openmode passive

User PPP uses four keywords to specify how to negotiate:

  • To enable a feature means: "request this feature. "
  • To disable a feature means: "do not request this feature. "
  • To accept a feature means: "if the other side requests this feature, accept it. "
  • To deny a feature means: "if the other side requests this feature, refuse it. "

We'll see examples of this in the following sections.

Requesting LQR

By default, user PPP disables LQR, because it has been found to cause problems under certain circumstances, but it accepts it for modem lines. If you want to enable it, include the following line in your dial entry:

enable lqr

Authentication

The configuration file syntax is the same for PAP and CHAP. Normally, your ISP assigns you both system name and authorization key. Assuming your system name is FREEBIE, and your key is X4dWg9327, you would include the following lines in your configuration entry:

set authname FREEBIE
set authkey X4dWg9327

User PPP accepts requests for PAP and CHAP authentication automatically, so this is all you need to do unless you intend to authenticate the other end, which is not normal with ISPs.

/etc/ppp/ppp. secret

The PPP system name and authentication key for PAP or CHAP are important data. Anybody who has this information can connect to your ISP and use the service at your expense. Of course, you should set the permissions of your /etc/ppp/ppp.conf to –r-------- and the owner to root, but it's easy and costly to make am is take when changing the configuration. There is an alternative: store the keys in the file /etc/ppp/ppp.secret. Here's a sample:

#Sysname  Secret Key    Peer's IP address
oscar     OurSecretKey  192.244.184.34/24
FREEBIE   X4dWg9327     192.244.184.33/32
gw        localPasswForControl

There are a few things to note here:

  • As usual, lines starting with # are comments.
  • The other lines contain three values: the system name, the authentication key, and possibly an IP address.
  • The last line is a password for connecting to the ppp process locally: you can connect to the process by starting:
    # telnet local host 3000
    

The local password entry matches the host name. See the man page ppp(8) for further details.

Бехзод Сайфуллаев
Бехзод Сайфуллаев
Узбекистан, Бухара, Бухарский институт высоких технологий, 2013
Василь Остапенко
Василь Остапенко
Россия