diff options
author | brian <brian@FreeBSD.org> | 1999-02-11 16:33:14 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1999-02-11 16:33:14 +0000 |
commit | 5917700a72b26364ecd450438e731a5f7ec2325d (patch) | |
tree | 1d4ae30bf5082e40d28fb15ef167119963d454a9 | |
parent | 8b86cda1310b9ff08687d347211972d6eb386730 (diff) | |
download | FreeBSD-src-5917700a72b26364ecd450438e731a5f7ec2325d.zip FreeBSD-src-5917700a72b26364ecd450438e731a5f7ec2325d.tar.gz |
Add ppp example files.
-rw-r--r-- | share/examples/ppp/ppp.conf.sample | 430 | ||||
-rw-r--r-- | share/examples/ppp/ppp.linkdown.sample | 34 | ||||
-rw-r--r-- | share/examples/ppp/ppp.linkup.sample | 49 | ||||
-rw-r--r-- | share/examples/ppp/ppp.secret.sample | 41 |
4 files changed, 554 insertions, 0 deletions
diff --git a/share/examples/ppp/ppp.conf.sample b/share/examples/ppp/ppp.conf.sample new file mode 100644 index 0000000..e6bc374 --- /dev/null +++ b/share/examples/ppp/ppp.conf.sample @@ -0,0 +1,430 @@ +################################################################# +# +# PPP Sample Configuration File +# +# Originally written by Toshiharu OHNO +# +# $Id: ppp.conf.sample,v 1.33 1998/10/03 13:12:14 brian Exp $ +# +################################################################# + +# This file is separated into sections. Each section is named with +# a label starting in column 0 and followed directly by a ``:''. The +# section continues until the next section. Blank lines and lines +# beginning with ``#'' are ignored. +# +# Lines beginning with "!include" will ``include'' another file. You +# may want to ``!include ~/.ppp.conf'' for backwards compatibility. +# + +# Default setup. Always executed when PPP is invoked. +# This section is *not* loaded by the ``load'' or ``dial'' commands. +# +# This is the best place to specify your modem device, it's DTR rate, +# and any logging specification. Logging specs should be done first +# so that subsequent commands are logged. +# +default: + set log Phase Chat LCP IPCP CCP tun command + set device /dev/cuaa1 + set speed 115200 + set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" + +# Client side PPP +# +# Although the PPP protocol is a peer to peer protocol, we normally +# consider the side that makes the connection as the client and the +# side that receives the connection as the server. Authentication +# is required by the server either using a unix-style login proceedure +# or by demanding PAP or CHAP authentication from the client. +# + +# An on demand example where we have dynamic IP addresses: +# If the peer assigns us an arbitrary IP (most ISPs do this) and we +# can't predict what their IP will be either, take a wild guess at +# some IPs that you can't currently route to. +# +# The /0 bit in "set ifaddr" says that we insist on 0 bits of the +# specified IP actually being correct, therefore, the other side can assign +# any IP numbers. +# +# The forth arg to "set ifaddr" makes us send "0.0.0.0" as our requested +# IP number, forcing the peer to make the decision. +# +# This entry also works with static IP numbers or when not in -auto mode. +# The ``add'' line adds a `sticky' default route that will be updated if +# and when any of the IP numbers are changed in IPCP negotiations. +# The "set ifaddr" is required in -auto mode. +# +# Finally, the ``enable dns'' bit tells ppp to ask the peer for the +# nameserver addresses that should be used. This isn't always supported +# by the other side, but if it is, /etc/resolv.conf will automatically be +# updated. +# +pmdemand: + set phone 1234567 + set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" + set timeout 120 + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + add default HISADDR + enable dns + +# When we want to use PAP or CHAP instead of using a unix-style login +# proceedure, we do the following. Note, the peer suggests whether we +# should send PAP or CHAP. By default, we send whatever we're asked for. +# +PAPorCHAPpmdemand: + set phone 1234567 + set login + set authname MyName + set authkey MyKey + set timeout 120 + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + add default HISADDR + enable dns + +# On demand dialup example with static IP addresses: +# Here, the local side uses 192.244.185.226 and the remote side +# uses 192.244.176.44. +# +# # ppp -auto ondemand +# +# With static IP numbers, our setup is similar to dynamic: +# Remember, ppp.linkup is searched for a "192.244.176.44" label, then +# a "ondemand" label, and finally the "MYADDR" label. +# +ondemand: + set phone 1234567 + set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" + set timeout 120 + set ifaddr 192.244.185.226 192.244.176.44 + add default HISADDR + enable dns + +# Example segments +# +# The following lines may be included as part of your configuration +# section and aren't themselves complete. They're provided as examples +# of how to achieve different things. + +examples: +# Multi-phone example. Numbers separated by a : are used sequentially. +# Numbers separated by a | are used if the previous dial or login script +# failed. Usually, you will prefer to use only one of | or :, but both +# are allowed. +# + set phone 12345678|12345679:12345670|12345671 +# +# Ppp can accept control instructions from the ``pppctl'' program. +# First, you must set up your control socket. It's safest to use +# a UNIX domain socket, and watch the permissions: +# + set server /var/tmp/internet MySecretPassword 0177 +# +# Although a TCP port may be used if you want to allow control +# connections from other machines: +# + set server 6670 MySecretpassword +# +# If you don't like ppp's builtin chat, use an external one: +# + set login "\"!chat \\\\-f /etc/ppp/ppp.dev.chat\"" +# +# If we have a ``strange'' modem that must be re-initialized when we +# hangup: +# + set hangup "\"\" AT OK-AT-OK ATZ OK" +# +# To adjust logging withouth blasting the setting in default: +# + set log -command +tcp/ip +# +# To see log messages on the screen in interactive mode: +# + set log local LCP IPCP CCP +# +# If you're seeing a lot of magic number problems and failed connections, +# try this (see the man page): +# + set openmode active 5 +# +# For noisy lines, we may want to reconnect (up to 20 times) after loss +# of carrier, with 3 second delays between each attempt: +# + set reconnect 3 20 +# +# When playing server for M$ clients, tell them who our NetBIOS name +# servers are: +# + set nbns 10.0.0.1 10.0.0.2 +# +# Inform the client if they ask for our DNS IP numbers: +# + enable dns +# +# If you don't want to tell them what's in your /etc/resolf.conf file +# with `enable dns', override the values: +# + set dns 10.0.0.1 10.0.0.2 +# +# If we're using the -alias switch, redirect ftp and http to an internal +# machine: +# + alias port 10.0.0.2:ftp ftp + alias port 10.0.0.2:http http +# +# or don't trust the outside at all +# + alias deny_incoming yes +# +# I trust user brian to run ppp, so this goes in the `default' section: +# + allow user brian +# +# But label `internet' contains passwords that even brian can't have, so +# I empty out the user access list in that section so that only root can +# have access: +# + allow users +# +# I also may wish to set up my ppp login script so that it asks the client +# for the label they wish to use. I may only want user ``dodgy'' to access +# their own label in direct mode: +# +dodgy: + allow user dodgy + allow mode direct +# +# If we don't want ICMP and DNS packets to keep the connection alive: +# + set filter alive 0 deny icmp + set filter alive 1 deny udp src eq 53 + set filter alive 2 deny udp dst eq 53 + set filter alive 3 permit 0 0 +# +# And we don't want ICMPs to cause a dialup: +# + set filter dial 0 deny icmp + set filter dial 1 permit 0 0 +# +# or any TCP SYN or RST packets (badly closed TCP channels): +# + set filter dial 2 deny 0 0 tcp syn finrst +# +# Once the line's up, allow connections for ident (113), telnet (23), +# ftp (20 & 21), DNS (53), my place of work (192.244.191.0/24), +# ICMP (ping) and traceroute (>33433). +# +# Anything else is blocked by default +# + set filter in 0 permit tcp dst eq 113 + set filter out 0 permit tcp src eq 113 + set filter in 1 permit tcp src eq 23 estab + set filter out 1 permit tcp dst eq 23 + set filter in 2 permit tcp src eq 21 estab + set filter out 2 permit tcp dst eq 21 + set filter in 3 permit tcp src eq 20 dst gt 1023 + set filter out 3 permit tcp dst eq 20 + set filter in 4 permit udp src eq 53 + set filter out 4 permit udp dst eq 53 + set filter in 5 permit 192.244.191.0/24 0/0 + set filter out 5 permit 0/0 192.244.191.0/24 + set filter in 6 permit icmp + set filter out 6 permit icmp + set filter in 7 permit udp dst gt 33433 + set filter out 7 permit udp dst gt 33433 + + +# Server side PPP +# If you want the remote system to authenticate itself, you insist +# that the peer uses CHAP (or PAP) with the "enable" keyword. Both CHAP and +# PAP are disabled by default (we usually only "enable" one of them if the +# other side is dialing into our server). +# When the peer authenticates itself, we use ppp.secret for verification. +# +# Ppp is launched with: +# # ppp -direct CHAPserver +# +# Note: We can supply a third field in ppp.secret specifying the IP address +# for that user. We can even specify a forth field to specify the +# ppp.link{up,down} label to use. +# +CHAPserver: + enable chap + enable proxy + set ifaddr 192.244.176.44 292.244.184.31 + accept dns + +# If we wish to act as a server, allowing PAP access according to +# accounts in /etc/passwd, we do this (Without `enable passwdauth', +# you may still enter ``*'' as the users password in ppp.secret and +# ppp will look it up in the passwd database. This is useful if you +# need to assign a special label or IP number or range): +# +PAPServerwithPASSWD: + enable pap + enable passwdauth + enable proxy + set ifaddr 192.244.176.44 292.244.184.31 + accept dns + + +# Example to connect using a null-modem cable: +# The important thing here is to allow the lqr packets on both sides. +# Without them enabled, we can't tell if the line's dropped - there +# should always be carrier on a direct connection. +# Here, the server sends lqr's every 10 seconds and quits if five in a +# row fail. +# +# Make sure you don't have "deny lqr" in your default: on the client ! +# If the peer denies LQR, we still send ECHO LQR packets at the given +# lqrperiod interval (ppp-style-pings). +# +direct-client: + set dial "" + set line /dev/cuaa0 + set sp 115200 + set timeout 900 + set lqrperiod 10 + set log Phase Chat LQM + set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp HELLO" + set ifaddr 10.0.4.2 10.0.4.1 + enable lqr + accept lqr + +direct-server: + set timeout 0 + set lqrperiod 10 + set log Phase LQM + set ifaddr 10.0.4.1 10.0.4.2 + enable lqr + accept lqr + + +# Example to connect via compuserve (who insist on 7 bits even parity +# during the chat phase). +# +compuserve: + set phone 1234567 + set parity even + set login "TIMEOUT 10 \"\" \"\" Name: CIS ID: 99999,9999/go:pppconnect \ + word: XXXXXXXX" + set timeout 300 + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + delete ALL + add default HISADDR + + +# Example for PPP over TCP. +# We assume that inetd on tcpsrv.mynet has been +# configured to run "ppp -direct tcp-server" when it gets a connection on +# port 1234. Read the man page for further details +# +# Note, we assume we're using a binary-clean connection. If something +# such as `rlogin' is involved, you may need to ``set escape 0xff'' +# +tcp-client: + set device tcpsrv.mynet:1234 + set dial + set login + set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 + +tcp-server: + set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 + +# If you want to test ppp, do it through a loopback: +# +# Requires a line in /etc/services: +# ppploop 6671/tcp # loopback ppp daemon +# +# and a line in /etc/inetd.conf: +# ppploop stream tcp nowait root /usr/sbin/ppp ppp -direct loop-in +# +loop: + set timeout 0 + set log phase chat connect lcp ipcp command + set device localhost:ppploop + set dial + set login + set ifaddr 127.0.0.2 127.0.0.3 + set server /var/tmp/loop "" 0177 + +loop-in: + set timeout 0 + set log phase lcp ipcp command + allow mode direct + +# If you're going to create a tunnel through a public network, your VPN +# should be set up something like this: +# +# /etc/ppp/secure (which should be executable) says: +# #! /bin/sh +# exec ssh whatevermachine /usr/sbin/ppp -direct loop-in +# +sloop: + load loop + set device !/etc/ppp/secure + +# If you wish to connect to a server that will dial back *without* using +# the ppp callback facility (rfc1570), take advantage of the fact that +# ppp doesn't look for carrier 'till `set login' is complete: +# +# Here, we expect the server to say DIALBACK then disconnect after +# we've authenticated ourselves. When this has happened, we wait +# 60 seconds for a RING. +# +dialback: + set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ OK-ATZ-OK \ + ATDT\\T TIMEOUT 60 CONNECT" + set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp TIMEOUT 15 DIALBACK \ + \"\" NO\\sCARRIER \"\" TIMEOUT 60 RING ATA CONNECT" + +# Alternatively, if the peer is using the PPP callback protocol, use +# normal dial and login scripts and add +# + set callback auth cbcp e.164 1234567 + set cbcp 1234567 + +# If we're running a ppp server that wants to only call back microsoft +# clients on numbers configured in /etc/ppp/ppp.secret (the 5th field): +# + set callback cbcp + set cbcp + set log +cbcp + set redial 3 1 + set device /dev/cuaa0 + set speed 115200 + set dial "TIMEOUT 10 \"\" AT OK-AT-OK ATDT\\T CONNECT" + +# Or if we want to allow authenticated clients to specify their own +# callback number, use this ``set cbcp'' line instead: +# + set cbcp * + +# Multilink mode is available (rfc1990). +# To enable multilink capabilities, you must specify a MRRU. 1500 is +# a reasonable value. To create new links, use the ``clone'' command +# to duplicate an existing link. If you already have more than one +# link, you must specify which link you wish to run the command on via +# the ``link'' command. +# +# You can now ``dial'' specific links, or even dial all links at the +# same time. The `dial' command may also be prefixed with a specific +# link that should do the dialing. +# + +mloop: + load loop + set mode interactive + set mrru 1500 + clone 1 2 3 + link deflink remove + # dial + # link 2 dial + # link 3 dial + +mloop-in: + set timeout 0 + set log tun phase + allow mode direct + set mrru 1500 diff --git a/share/examples/ppp/ppp.linkdown.sample b/share/examples/ppp/ppp.linkdown.sample new file mode 100644 index 0000000..c5c488a --- /dev/null +++ b/share/examples/ppp/ppp.linkdown.sample @@ -0,0 +1,34 @@ +######################################################################### +# +# Example of ppp.linkdown file +# +# This file is checked when ppp closes a connection. +# ppp searches the labels in this file as follows: +# +# 1) The label that matches the IP number assigned to our side. +# +# 2) The label specified on the command line to ppp. +# +# 3) If no label has been found, use MYADDR if it exists. +# +# +# $Id: ppp.linkdown.sample,v 1.2 1998/11/05 23:14:19 brian Exp $ +# +######################################################################### + +# We don't really need to do much here. If we have notified a DNS +# of our temporary IP number, we may want to ``un-notify'' them. +# +# If you're into sound effects when the link goes down, you can run +# ``auplay'' (assuming NAS is installed and configured). +# +MYADDR: + !bg /usr/X11R6/bin/auplay /etc/ppp/linkdown.au + +# If you're running ``ppp -auto -alias dynamic-alias-auto'', and are +# assigned a dynamic IP number by the peer, this may be worth while +# to keep the interface aliases to a minimum (see ``enable iface-alias'' +# in the man page): +# +dynamic-alias-auto: + iface clear diff --git a/share/examples/ppp/ppp.linkup.sample b/share/examples/ppp/ppp.linkup.sample new file mode 100644 index 0000000..76b4236 --- /dev/null +++ b/share/examples/ppp/ppp.linkup.sample @@ -0,0 +1,49 @@ +######################################################################### +# +# Example of ppp.linkup file +# +# This file is checked when ppp establishes a connection. +# ppp searches the labels in this file as follows: +# +# 1) The label that matches the IP number assigned to our side. +# +# 2) The label specified on the command line to ppp. +# +# 3) If no label has been found, use MYADDR if it exists. +# +# +# $Id: ppp.linkup.sample,v 1.14 1998/05/21 21:45:47 brian Exp $ +# +######################################################################### + +# It is no longer necessary to re-add the default route here as our +# ppp.conf route is `sticky' (see the man page). +# If you're into sound effects when the link comes up, you can run +# ``auplay'' (assuming NAS is installed and configured). +# +MYADDR: + !bg /usr/X11R6/bin/auplay /etc/ppp/linkup.au + +# If we've got 192.244.176.32 as our address, then regard peer as a gateway +# to 192.244.176.0 network. This may also be done in ppp.conf instead. +# +192.244.176.32: + add 192.244.176.0 0 HISADDR + +#You may want to execute a script after connecting. This script can do +# nice things such as kick off "sendmail -q", "popclient my.isp" and +# "slurp -d news". It can be passed MYADDR, HISADDR and INTERFACE +# as arguments too - useful for informing a DNS of your assigned IP. +# +# You may also want some sound effects.... +# +pmdemand: + !bg /etc/ppp/ppp.etherup.pmdemand + ! sh -c "cat /etc/ppp/linkup.au >/dev/audio" + +# If your minimum call charge is 5 minutes, you may as well stay on +# the line for that amount of time. If we want a 60 second subsequent +# timeout, set your timeout to 300 in ppp.conf and then do this: +# +min5minutes: + !bg sh -c "sleep 240; pppctl -p mypassword 3000 set timeout 60" diff --git a/share/examples/ppp/ppp.secret.sample b/share/examples/ppp/ppp.secret.sample new file mode 100644 index 0000000..14bcc9e --- /dev/null +++ b/share/examples/ppp/ppp.secret.sample @@ -0,0 +1,41 @@ +################################################## +# +# Example of ppp.secret file +# +# This file is used to authenticate incoming connections. +# You must ``enable'' either PAP or CHAP in your ppp.conf file. +# The peer may then use any of the Authname/Authkey pairs listed. +# Additionally, if ``passwdauth'' is enabled and an entry isn't +# found in this file, the passwd(5) database is used. +# +# If the password is specified as "*", look it up in passwd(5). +# This doesn't work for CHAP connections as ppp must have access +# to the unencrypted password for CHAP. +# +# If an IP address or address range is given as the third field, it +# will be assigned to the peer. A ``*'' or an empty field may be +# used as a placeholder if you do not wish to override the IP +# address, but wish to specify further fields. +# +# If a label is given as the forth field, it is used when reading +# the ppp.linkup and ppp.linkdown files. A ``*'' or an empty field +# can be used as a placeholder if you do not wish to override the +# label, but wish to specify further fields. +# +# If a phone number or list of phone numbers is given as the fifth +# field, these numbers will be used to call back the client if +# ``auth'' or ``cbcp'' callback is enabled (see ``set callback''). +# A ``*'' specifies that the client must specify the number. +# +# $Id: ppp.secret.sample,v 1.8 1998/08/07 18:44:31 brian Exp $ +# +################################################## + +# Authname Authkey Peer's IP address Label Callback + +oscar OurSecretKey 192.2.18.34 +BigBird X4dWg9327 192.2.18.33/32 +fred * * fred +subnet * 192.2.18.35-192.2.18.70 subnet +admin * * * * +homeworker * * * 1234567 |