From owner-svn-doc-head@FreeBSD.ORG Fri May 23 17:28:33 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C31AB3D9; Fri, 23 May 2014 17:28:33 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A467D2411; Fri, 23 May 2014 17:28:33 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4NHSXp3053569; Fri, 23 May 2014 17:28:33 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4NHSXxm053568; Fri, 23 May 2014 17:28:33 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201405231728.s4NHSXxm053568@svn.freebsd.org> From: Dru Lavigne Date: Fri, 23 May 2014 17:28:33 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44922 - head/en_US.ISO8859-1/books/handbook/ppp-and-slip X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2014 17:28:33 -0000 Author: dru Date: Fri May 23 17:28:33 2014 New Revision: 44922 URL: http://svnweb.freebsd.org/changeset/doc/44922 Log: Some shuffling in Configuring PPP to improve the flow of this section. More commits to come. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:12:05 2014 (r44921) +++ head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:28:33 2014 (r44922) @@ -459,7 +459,29 @@ create /etc/ppp/ppp.linkup with the above two lines. More examples for this file can be found in /usr/share/examples/ppp/. - + + By default, the ppp command must be + run as the root + user. To change this default, add the account of the user + who should run ppp to the + network group in + /etc/group. + + Then, give the user access to one or more entries in + /etc/ppp/ppp.conf using the + allow command. For example, to give + fred and + mary + permission to only the provider: entry, + add this line to the provider: + section: + + allow users fred mary + + To give the specified users access to all entries, put + that line in the default section + instead. + Receiving Incoming Calls @@ -513,30 +535,7 @@ - ?> - - <application>PPP</application> Permissions - - The ppp command must normally be - run as the root user. To instead - allow ppp to run in server mode as a - normal user, that user must be given permission to run - ppp by adding them to the - network group in - /etc/group. - - The user also needs access to one or more sections of - the configuration file using the - allow command: - - allow users fred mary - - If this command is used in the - default section, it gives the specified - users access to everything. - - <acronym>PPP</acronym> Shells for Dynamic <acronym>IP</acronym> Users @@ -681,101 +680,9 @@ mary: add 203.14.103.0 netmask 255.255.255.0 HISADDR ?> - - <command>mgetty</command> and AutoPPP - - - mgetty - - - - AutoPPP - - - - LCP - - provides a good description - on enabling dial-up services using &man.getty.8;. - - An alternative to getty is mgetty (from - comms/mgetty+sendfax - port), a smarter version of getty - designed with dial-up lines in mind. - - The advantages of using mgetty is - that it actively talks to modems, - meaning if port is turned off in - /etc/ttys then the modem will not - answer the phone. - - Later versions of mgetty (from - 0.99beta onwards) also support the automatic detection of - PPP streams, allowing clients - scriptless access to the server. - - Refer to for more - information on mgetty. - - By default the comms/mgetty+sendfax port - comes with the AUTO_PPP option enabled - allowing mgetty to detect the LCP - phase of PPP connections and - automatically spawn off a ppp shell. However, since the - default login/password sequence does not occur it is - necessary to authenticate users using either PAP or - CHAP. - - This section assumes the user has successfully - compiled, and installed the comms/mgetty+sendfax port on - his system. - - Ensure that - /usr/local/etc/mgetty+sendfax/login.config - has the following: - - /AutoPPP/ - - /etc/ppp/ppp-pap-dialup - - This tells mgetty to run - ppp-pap-dialup for detected - PPP connections. - - Create an executable file called - /etc/ppp/ppp-pap-dialup containing - the following: - - #!/bin/sh -exec /usr/sbin/ppp -direct pap$IDENT - - For each dial-up line enabled in - /etc/ttys, create a corresponding - entry in /etc/ppp/ppp.conf. This - will happily co-exist with the definitions we created - above. - - pap: - enable pap - set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 - enable proxy - - Each user logging in with this method will need to - have a username/password in - /etc/ppp/ppp.secret file, or - alternatively add the following option to authenticate - users via PAP from the /etc/passwd - file. - - enable passwdauth - - To assign some users a static IP - number, specify the number as the third argument in - /etc/ppp/ppp.secret. See - /usr/share/examples/ppp/ppp.secret.sample - for examples. - - MS Extensions + Advanced Configuration DNS @@ -817,9 +724,8 @@ set nbns 203.14.100.5 dns line is omitted, PPP will use the values found in /etc/resolv.conf. - - + PAP and CHAP Authentication PAP @@ -888,32 +794,9 @@ set nbns 203.14.100.5 - - - - Changing the <command>ppp</command> Configuration - on the Fly - - It is possible to talk to the ppp - program while it is running in the background, but only - if a suitable diagnostic port has been set up. To do - this, add the following line to the configuration: - - set server /var/run/ppp-tun%d DiagnosticPassword 0177 - - This will tell PPP to listen to the specified - &unix; domain socket, asking clients for the specified - password before allowing access. The - %d in the name is replaced with the - tun device number that is in - use. - - Once a socket has been set up, the &man.pppctl.8; - program may be used in scripts that wish to manipulate - the running program. - + - + Using <acronym>PPP</acronym> Network Address Translation Capability @@ -944,6 +827,7 @@ nat port tcp 10.0.0.2:http httpor do not trust the outside at all nat deny_incoming yes + @@ -1034,6 +918,10 @@ ifconfig_tun0= An alternative is to set up a dfilter to block SMTP traffic. Refer to the sample files for further details. + + + + Using <command>ppp</command> All that is left is to reboot the machine. After rebooting, either type: @@ -1048,7 +936,119 @@ ifconfig_tun0= type: &prompt.root; ppp -auto provider - + + It is possible to talk to the ppp + program while it is running in the background, but only + if a suitable diagnostic port has been set up. To do + this, add the following line to the configuration: + + set server /var/run/ppp-tun%d DiagnosticPassword 0177 + + This will tell PPP to listen to the specified + &unix; domain socket, asking clients for the specified + password before allowing access. The + %d in the name is replaced with the + tun device number that is in + use. + + Once a socket has been set up, the &man.pppctl.8; + program may be used in scripts that wish to manipulate + the running program. + + + + Configuring Dial-in Services + + + mgetty + + + + AutoPPP + + + + LCP + + provides a good description + on enabling dial-up services using &man.getty.8;. + + An alternative to getty is + comms/mgetty+sendfax + port), a smarter version of getty + designed with dial-up lines in mind. + + The advantages of using mgetty is + that it actively talks to modems, + meaning if port is turned off in + /etc/ttys then the modem will not + answer the phone. + + Later versions of mgetty (from + 0.99beta onwards) also support the automatic detection of + PPP streams, allowing clients + scriptless access to the server. + + Refer to http://mgetty.greenie.net/doc/mgetty_toc.html + for more + information on mgetty. + + By default the comms/mgetty+sendfax port + comes with the AUTO_PPP option enabled + allowing mgetty to detect the LCP + phase of PPP connections and + automatically spawn off a ppp shell. However, since the + default login/password sequence does not occur it is + necessary to authenticate users using either PAP or + CHAP. + + This section assumes the user has successfully + compiled, and installed the comms/mgetty+sendfax port on + his system. + + Ensure that + /usr/local/etc/mgetty+sendfax/login.config + has the following: + + /AutoPPP/ - - /etc/ppp/ppp-pap-dialup + + This tells mgetty to run + ppp-pap-dialup for detected + PPP connections. + + Create an executable file called + /etc/ppp/ppp-pap-dialup containing + the following: + + #!/bin/sh +exec /usr/sbin/ppp -direct pap$IDENT + + For each dial-up line enabled in + /etc/ttys, create a corresponding + entry in /etc/ppp/ppp.conf. This + will happily co-exist with the definitions we created + above. + + pap: + enable pap + set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 + enable proxy + + Each user logging in with this method will need to + have a username/password in + /etc/ppp/ppp.secret file, or + alternatively add the following option to authenticate + users via PAP from the /etc/passwd + file. + + enable passwdauth + + To assign some users a static IP + number, specify the number as the third argument in + /etc/ppp/ppp.secret. See + /usr/share/examples/ppp/ppp.secret.sample + for examples. +