Date: Fri, 23 May 2014 17:28:33 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44922 - head/en_US.ISO8859-1/books/handbook/ppp-and-slip Message-ID: <201405231728.s4NHSXxm053568@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri May 23 17:28:33 2014 New Revision: 44922 URL: http://svnweb.freebsd.org/changeset/doc/44922 Log: Some shuffling in Configuring PPP to improve the flow of this section. More commits to come. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:12:05 2014 (r44921) +++ head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:28:33 2014 (r44922) @@ -459,7 +459,29 @@ create <filename>/etc/ppp/ppp.linkup</filename> with the above two lines. More examples for this file can be found in <filename>/usr/share/examples/ppp/</filename>.</para> - </sect2> + + <para>By default, the <command>ppp</command> command must be + run as the <systemitem class="username">root</systemitem> + user. To change this default, add the account of the user + who should run <command>ppp</command> to the + <systemitem class="groupname">network</systemitem> group in + <filename>/etc/group</filename>.</para> + + <para>Then, give the user access to one or more entries in + <filename>/etc/ppp/ppp.conf</filename> using the + <command>allow</command> command. For example, to give + <systemitem class="username">fred</systemitem> and + <systemitem class="username">mary</systemitem> + permission to only the <literal>provider:</literal> entry, + add this line to the <literal>provider:</literal> + section:</para> + + <programlisting>allow users <replaceable>fred mary</replaceable></programlisting> + + <para>To give the specified users access to all entries, put + that line in the <literal>default</literal> section + instead.</para> + </sect2> <?ignore <sect2> <title>Receiving Incoming Calls</title> @@ -513,30 +535,7 @@ </step> </procedure> </sect2> - ?> - <sect2> - <title><application>PPP</application> Permissions</title> - - <para>The <command>ppp</command> command must normally be - run as the <systemitem class="username">root</systemitem> user. To instead - allow <command>ppp</command> to run in server mode as a - normal user, that user must be given permission to run - <command>ppp</command> by adding them to the - <systemitem class="groupname">network</systemitem> group in - <filename>/etc/group</filename>.</para> - - <para>The user also needs access to one or more sections of - the configuration file using the - <command>allow</command> command:</para> - - <programlisting>allow users fred mary</programlisting> - - <para>If this command is used in the - <literal>default</literal> section, it gives the specified - users access to everything.</para> - </sect2> - <?ignore <sect2> <title><acronym>PPP</acronym> Shells for Dynamic <acronym>IP</acronym> Users</title> @@ -681,101 +680,9 @@ mary: add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting> </sect2> ?> - <sect2 xml:id="userppp-mgetty"> - <title><command>mgetty</command> and AutoPPP</title> - - <indexterm> - <primary><command>mgetty</command></primary> - </indexterm> - - <indexterm> - <primary>AutoPPP</primary> - </indexterm> - - <indexterm> - <primary>LCP</primary> - </indexterm> - <para><xref linkend="dialup"/> provides a good description - on enabling dial-up services using &man.getty.8;.</para> - - <para>An alternative to <command>getty</command> is <link xlink:href="http://mgetty.greenie.net/">mgetty</link>; (from - <package>comms/mgetty+sendfax</package> - port), a smarter version of <command>getty</command> - designed with dial-up lines in mind.</para> - - <para>The advantages of using <command>mgetty</command> is - that it actively <emphasis>talks</emphasis> to modems, - meaning if port is turned off in - <filename>/etc/ttys</filename> then the modem will not - answer the phone.</para> - - <para>Later versions of <command>mgetty</command> (from - 0.99beta onwards) also support the automatic detection of - <acronym>PPP</acronym> streams, allowing clients - scriptless access to the server.</para> - - <para>Refer to <xref linkend="userppp-mgetty"/> for more - information on <command>mgetty</command>.</para> - - <para>By default the <package>comms/mgetty+sendfax</package> port - comes with the <literal>AUTO_PPP</literal> option enabled - allowing <command>mgetty</command> to detect the LCP - phase of <acronym>PPP</acronym> connections and - automatically spawn off a ppp shell. However, since the - default login/password sequence does not occur it is - necessary to authenticate users using either PAP or - CHAP.</para> - - <para>This section assumes the user has successfully - compiled, and installed the <package>comms/mgetty+sendfax</package> port on - his system.</para> - - <para>Ensure that - <filename>/usr/local/etc/mgetty+sendfax/login.config</filename> - has the following:</para> - - <programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting> - - <para>This tells <command>mgetty</command> to run - <filename>ppp-pap-dialup</filename> for detected - <acronym>PPP</acronym> connections.</para> - - <para>Create an executable file called - <filename>/etc/ppp/ppp-pap-dialup</filename> containing - the following:</para> - - <programlisting>#!/bin/sh -exec /usr/sbin/ppp -direct pap$IDENT</programlisting> - - <para>For each dial-up line enabled in - <filename>/etc/ttys</filename>, create a corresponding - entry in <filename>/etc/ppp/ppp.conf</filename>. This - will happily co-exist with the definitions we created - above.</para> - - <programlisting>pap: - enable pap - set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 - enable proxy</programlisting> - - <para>Each user logging in with this method will need to - have a username/password in - <filename>/etc/ppp/ppp.secret</filename> file, or - alternatively add the following option to authenticate - users via PAP from the <filename>/etc/passwd</filename> - file.</para> - - <programlisting>enable passwdauth</programlisting> - - <para>To assign some users a static <acronym>IP</acronym> - number, specify the number as the third argument in - <filename>/etc/ppp/ppp.secret</filename>. See - <filename>/usr/share/examples/ppp/ppp.secret.sample</filename> - for examples.</para> - </sect2> <sect2> - <title>MS Extensions</title> + <title>Advanced Configuration</title> <indexterm> <primary>DNS</primary> @@ -817,9 +724,8 @@ set nbns 203.14.100.5</programlisting> dns</literal> line is omitted, <acronym>PPP</acronym> will use the values found in <filename>/etc/resolv.conf</filename>.</para> - </sect2> - <sect2 xml:id="userppp-PAPnCHAP"> + <sect3 xml:id="userppp-PAPnCHAP"> <title>PAP and CHAP Authentication</title> <indexterm><primary>PAP</primary></indexterm> @@ -888,32 +794,9 @@ set nbns 203.14.100.5</programlisting> </listitem> </varlistentry> </variablelist> - </sect2> - - <sect2> - <title>Changing the <command>ppp</command> Configuration - on the Fly</title> - - <para>It is possible to talk to the <command>ppp</command> - program while it is running in the background, but only - if a suitable diagnostic port has been set up. To do - this, add the following line to the configuration:</para> - - <programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting> - - <para>This will tell PPP to listen to the specified - &unix; domain socket, asking clients for the specified - password before allowing access. The - <literal>%d</literal> in the name is replaced with the - <filename>tun</filename> device number that is in - use.</para> - - <para>Once a socket has been set up, the &man.pppctl.8; - program may be used in scripts that wish to manipulate - the running program.</para> - </sect2> + </sect3> - <sect2 xml:id="userppp-nat"> + <sect3 xml:id="userppp-nat"> <title>Using <acronym>PPP</acronym> Network Address Translation Capability</title> @@ -944,6 +827,7 @@ nat port tcp 10.0.0.2:http http</program <para>or do not trust the outside at all</para> <programlisting>nat deny_incoming yes</programlisting> + </sect3> </sect2> <sect2 xml:id="userppp-final"> @@ -1034,6 +918,10 @@ ifconfig_tun0=</programlisting> <para>An alternative is to set up a <quote>dfilter</quote> to block SMTP traffic. Refer to the sample files for further details.</para> + </sect2> + + <sect2> + <title>Using <command>ppp</command></title> <para>All that is left is to reboot the machine. After rebooting, either type:</para> @@ -1048,7 +936,119 @@ ifconfig_tun0=</programlisting> type:</para> <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen> - </sect2> + + <para>It is possible to talk to the <command>ppp</command> + program while it is running in the background, but only + if a suitable diagnostic port has been set up. To do + this, add the following line to the configuration:</para> + + <programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting> + + <para>This will tell PPP to listen to the specified + &unix; domain socket, asking clients for the specified + password before allowing access. The + <literal>%d</literal> in the name is replaced with the + <filename>tun</filename> device number that is in + use.</para> + + <para>Once a socket has been set up, the &man.pppctl.8; + program may be used in scripts that wish to manipulate + the running program.</para> + </sect2> + + <sect2 xml:id="userppp-mgetty"> + <title>Configuring Dial-in Services</title> + + <indexterm> + <primary><command>mgetty</command></primary> + </indexterm> + + <indexterm> + <primary>AutoPPP</primary> + </indexterm> + + <indexterm> + <primary>LCP</primary> + </indexterm> + <para><xref linkend="dialup"/> provides a good description + on enabling dial-up services using &man.getty.8;.</para> + + <para>An alternative to <command>getty</command> is + <package>comms/mgetty+sendfax</package> + port), a smarter version of <command>getty</command> + designed with dial-up lines in mind.</para> + + <para>The advantages of using <command>mgetty</command> is + that it actively <emphasis>talks</emphasis> to modems, + meaning if port is turned off in + <filename>/etc/ttys</filename> then the modem will not + answer the phone.</para> + + <para>Later versions of <command>mgetty</command> (from + 0.99beta onwards) also support the automatic detection of + <acronym>PPP</acronym> streams, allowing clients + scriptless access to the server.</para> + + <para>Refer to <link xlink:href="http://mgetty.greenie.net/doc/mgetty_toc.html">http://mgetty.greenie.net/doc/mgetty_toc.html</link>; + for more + information on <command>mgetty</command>.</para> + + <para>By default the <package>comms/mgetty+sendfax</package> port + comes with the <literal>AUTO_PPP</literal> option enabled + allowing <command>mgetty</command> to detect the LCP + phase of <acronym>PPP</acronym> connections and + automatically spawn off a ppp shell. However, since the + default login/password sequence does not occur it is + necessary to authenticate users using either PAP or + CHAP.</para> + + <para>This section assumes the user has successfully + compiled, and installed the <package>comms/mgetty+sendfax</package> port on + his system.</para> + + <para>Ensure that + <filename>/usr/local/etc/mgetty+sendfax/login.config</filename> + has the following:</para> + + <programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting> + + <para>This tells <command>mgetty</command> to run + <filename>ppp-pap-dialup</filename> for detected + <acronym>PPP</acronym> connections.</para> + + <para>Create an executable file called + <filename>/etc/ppp/ppp-pap-dialup</filename> containing + the following:</para> + + <programlisting>#!/bin/sh +exec /usr/sbin/ppp -direct pap$IDENT</programlisting> + + <para>For each dial-up line enabled in + <filename>/etc/ttys</filename>, create a corresponding + entry in <filename>/etc/ppp/ppp.conf</filename>. This + will happily co-exist with the definitions we created + above.</para> + + <programlisting>pap: + enable pap + set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 + enable proxy</programlisting> + + <para>Each user logging in with this method will need to + have a username/password in + <filename>/etc/ppp/ppp.secret</filename> file, or + alternatively add the following option to authenticate + users via PAP from the <filename>/etc/passwd</filename> + file.</para> + + <programlisting>enable passwdauth</programlisting> + + <para>To assign some users a static <acronym>IP</acronym> + number, specify the number as the third argument in + <filename>/etc/ppp/ppp.secret</filename>. See + <filename>/usr/share/examples/ppp/ppp.secret.sample</filename> + for examples.</para> + </sect2> </sect1> <sect1 xml:id="ppp-troubleshoot">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405231728.s4NHSXxm053568>