601 lines
16 KiB
HTML
601 lines
16 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Setting up the PPP connection files</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.52"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux PPP HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Using PPP and root privileges"
|
|
HREF="root.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="What options should I use? (No PAP/CHAP)"
|
|
HREF="x970.html"></HEAD
|
|
><BODY
|
|
CLASS="CHAPTER"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
><A
|
|
HREF="http://www.linuxports.com/howto/ppp"
|
|
TARGET="_top"
|
|
>Linux PPP HOWTO</A
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="root.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x970.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="CHAPTER"
|
|
><H1
|
|
><A
|
|
NAME="OPTIONS"
|
|
>Chapter 15. Setting up the PPP connection files</A
|
|
></H1
|
|
><DIV
|
|
CLASS="TOC"
|
|
><DL
|
|
><DT
|
|
><B
|
|
>Table of Contents</B
|
|
></DT
|
|
><DT
|
|
>15.1. <A
|
|
HREF="options.html#AEN964"
|
|
>The supplied options.tpl file</A
|
|
></DT
|
|
><DT
|
|
>15.2. <A
|
|
HREF="x970.html"
|
|
>What options should I use? (No PAP/CHAP)</A
|
|
></DT
|
|
><DT
|
|
>15.3. <A
|
|
HREF="x980.html"
|
|
>Other options to consider adding</A
|
|
></DT
|
|
></DL
|
|
></DIV
|
|
><P
|
|
>You now need to be logged in as <I
|
|
CLASS="EMPHASIS"
|
|
>root</I
|
|
> to create the directories and
|
|
edit the files needed to set up PPP, even if you want PPP to be
|
|
accessible to all users.</P
|
|
><P
|
|
>PPP uses a number of files to connect and set up a PPP connection. These
|
|
differ in name and location between PPP 2.1.2 and 2.2+.</P
|
|
><P
|
|
>For PPP 2.1.2 the files are:-</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>/usr/sbin/pppd # the PPP binary
|
|
/usr/sbin/ppp-on # the dialer/connection script
|
|
/usr/sbin/ppp-off # the disconnection script
|
|
/etc/ppp/options # the options pppd uses for all connections
|
|
/etc/ppp/options.ttyXX # the options specific to a connection on this port</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>For PPP 2.2 the files are:-</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>/usr/sbin/pppd # the PPP binary
|
|
/etc/ppp/scripts/ppp-on # the dialer/connection script
|
|
/etc/ppp/scripts/ppp-on-dialer # part 1 of the dialer script
|
|
/etc/ppp/scripts/ppp-off # the actual chat script itself
|
|
/etc/ppp/options # the options pppd uses for all connections
|
|
/etc/ppp/options.ttyXX # the options specific to a connection on this port</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>Red Hat Linux users should note that the standard Red Hat 4.X installation
|
|
places these scripts in <TT
|
|
CLASS="LITERAL"
|
|
>/usr/doc/ppp-2.2.0f-2/scripts</TT
|
|
>.</P
|
|
><P
|
|
>In your /etc directory there should be a ppp directory:-</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>drwxrwxr-x 2 root root 1024 Oct 9 11:01 ppp</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
><P
|
|
>If it does not exist - create it with these ownerships and permissions.</P
|
|
><P
|
|
>If the directory already existed, it should contain a template options
|
|
file called <I
|
|
CLASS="EMPHASIS"
|
|
>options.tpl</I
|
|
>. This file is included below in case it
|
|
does not.</P
|
|
><P
|
|
>Print it out as it contains an explanation of nearly all the PPP options
|
|
(these are useful to read in conjunction with the pppd man pages).
|
|
Whilst you can use this file as the basis of your
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options</TT
|
|
> file, it is probably better to create your own
|
|
options file that does not include all the comments in the template - it
|
|
will be much shorter and easier to read/maintain.</P
|
|
><P
|
|
>If you have multiple serial lines/modems, (typically the case for PPP
|
|
servers), create a general <TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options</TT
|
|
> file containing the
|
|
options that are common for all the serial ports on which you are
|
|
supporting dial in/out and set up individual option files for each serial
|
|
line on which you will be establishing a PPP connection with the
|
|
individual settings required for each port.</P
|
|
><P
|
|
>These port specific option files are named <TT
|
|
CLASS="LITERAL"
|
|
>options.ttyx1</TT
|
|
>,
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>options.ttyx2</TT
|
|
> and so forth (where x is the appropriate letter for
|
|
your serial ports).</P
|
|
><P
|
|
>However, for a single PPP connection, you can happily use the
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options</TT
|
|
> file. Alternatively, you can put all the
|
|
options as arguments in the pppd command itself.</P
|
|
><P
|
|
>It is easier to maintain a setup that uses
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options.ttySx</TT
|
|
> files. If you use PPP to connect to a
|
|
number of different sites, you can create option files for each site in
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options.site</TT
|
|
> and then specify the option file as a
|
|
parameter to the PPP command as you connect (using the <TT
|
|
CLASS="LITERAL"
|
|
>file
|
|
option-file</TT
|
|
> pppd option to pppd on the command line).</P
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN964"
|
|
>15.1. The supplied options.tpl file</A
|
|
></H1
|
|
><P
|
|
>Some distributions of PPP seem to have lost the options.tpl file, so
|
|
here is the complete file. I suggest that you do NOT edit this file to
|
|
create your <TT
|
|
CLASS="LITERAL"
|
|
>/etc/ppp/options</TT
|
|
> file(s). Rather, copy this to a
|
|
new file and then edit that. If you mess up your edits, you can then go
|
|
back to the original and start again.</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
># /etc/ppp/options -*- sh -*- general options for pppd
|
|
# created 13-Jul-1995 jmk
|
|
# autodate: 01-Aug-1995
|
|
# autotime: 19:45
|
|
|
|
# Use the executable or shell command specified to set up the serial
|
|
# line. This script would typically use the "chat" program to dial the
|
|
# modem and start the remote ppp session.
|
|
#connect "echo You need to install a connect command."
|
|
|
|
# Run the executable or shell command specified after pppd has
|
|
# terminated the link. This script could, for example, issue commands
|
|
# to the modem to cause it to hang up if hardware modem control signals
|
|
# were not available.
|
|
#disconnect "chat -- \d+++\d\c OK ath0 OK"
|
|
|
|
# async character map -- 32-bit hex; each bit is a character
|
|
# that needs to be escaped for pppd to receive it. 0x00000001
|
|
# represents '\x01', and 0x80000000 represents '\x1f'.
|
|
#asyncmap 0
|
|
|
|
# Require the peer to authenticate itself before allowing network
|
|
# packets to be sent or received.
|
|
#auth
|
|
|
|
# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
|
|
# on the serial port.
|
|
#crtscts
|
|
|
|
# Use software flow control (i.e. XON/XOFF) to control the flow of data
|
|
# on the serial port.
|
|
#xonxoff
|
|
|
|
# Add a default route to the system routing tables, using the peer as
|
|
# the gateway, when IPCP negotiation is successfully completed. This
|
|
# entry is removed when the PPP connection is broken.
|
|
#defaultroute
|
|
|
|
# Specifies that certain characters should be escaped on transmission
|
|
# (regardless of whether the peer requests them to be escaped with its
|
|
# async control character map). The characters to be escaped are
|
|
# specified as a list of hex numbers separated by commas. Note that
|
|
# almost any character can be specified for the escape option, unlike
|
|
# the asyncmap option which only allows control characters to be
|
|
# specified. The characters which may not be escaped are those with hex
|
|
# values 0x20 - 0x3f or 0x5e.
|
|
#escape 11,13,ff
|
|
|
|
# Don't use the modem control lines.
|
|
#local
|
|
|
|
# Specifies that pppd should use a UUCP-style lock on the serial device
|
|
# to ensure exclusive access to the device.
|
|
#lock
|
|
|
|
# Use the modem control lines. On Ultrix, this option implies hardware
|
|
# flow control, as for the crtscts option. (This option is not fully
|
|
# implemented.)
|
|
#modem
|
|
|
|
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. pppd
|
|
# will ask the peer to send packets of no more than <n> bytes. The
|
|
# minimum MRU value is 128. The default MRU value is 1500. A value of
|
|
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
|
|
# bytes of data).
|
|
#mru 542
|
|
|
|
# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
|
|
# notation (e.g. 255.255.255.0).
|
|
#netmask 255.255.255.0
|
|
|
|
# Disables the default behaviour when no local IP address is specified,
|
|
# which is to determine (if possible) the local IP address from the
|
|
# hostname. With this option, the peer will have to supply the local IP
|
|
# address during IPCP negotiation (unless it specified explicitly on the
|
|
# command line or in an options file).
|
|
#noipdefault
|
|
|
|
# Enables the "passive" option in the LCP. With this option, pppd will
|
|
# attempt to initiate a connection; if no reply is received from the
|
|
# peer, pppd will then just wait passively for a valid LCP packet from
|
|
# the peer (instead of exiting, as it does without this option).
|
|
#passive
|
|
|
|
# With this option, pppd will not transmit LCP packets to initiate a
|
|
# connection until a valid LCP packet is received from the peer (as for
|
|
# the "passive" option with old versions of pppd).
|
|
#silent
|
|
|
|
# Don't request or allow negotiation of any options for LCP and IPCP
|
|
# (use default values).
|
|
#-all
|
|
|
|
# Disable Address/Control compression negotiation (use default, i.e.
|
|
# address/control field disabled).
|
|
#-ac
|
|
|
|
# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
|
|
# all control characters).
|
|
#-am
|
|
|
|
# Don't fork to become a background process (otherwise pppd will do so
|
|
# if a serial device is specified).
|
|
#-detach
|
|
|
|
# Disable IP address negotiation (with this option, the remote IP
|
|
# address must be specified with an option on the command line or in an
|
|
# options file).
|
|
#-ip
|
|
|
|
# Disable magic number negotiation. With this option, pppd cannot
|
|
# detect a looped-back line.
|
|
#-mn
|
|
|
|
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
|
|
# 1500).
|
|
#-mru
|
|
|
|
# Disable protocol field compression negotiation (use default, i.e.
|
|
# protocol field compression disabled).
|
|
#-pc
|
|
|
|
# Require the peer to authenticate itself using PAP.
|
|
# This requires TWO WAY authentication - do NOT use this for a standard
|
|
# PAP authenticated link to an ISP as this will require the ISP machine
|
|
# to authenticate itself to your machine (and it will not be able to).
|
|
#+pap
|
|
|
|
# Don't agree to authenticate using PAP.
|
|
#-pap
|
|
|
|
# Require the peer to authenticate itself using CHAP [Cryptographic
|
|
# Handshake Authentication Protocol] authentication.
|
|
# This requires TWO WAY authentication - do NOT use this for a standard
|
|
# CHAP authenticated link to an ISP as this will require the ISP machine
|
|
# to authenticate itself to your machine (and it will not be able to).
|
|
#+chap
|
|
|
|
# Don't agree to authenticate using CHAP.
|
|
#-chap
|
|
|
|
# Disable negotiation of Van Jacobson style IP header compression (use
|
|
# default, i.e. no compression).
|
|
#-vj
|
|
|
|
# Increase debugging level (same as -d). If this option is given, pppd
|
|
# will log the contents of all control packets sent or received in a
|
|
# readable form. The packets are logged through syslog with facility
|
|
# daemon and level debug. This information can be directed to a file by
|
|
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
|
|
# pppd is compiled with extra debugging enabled, it will log messages
|
|
# using facility local2 instead of daemon).
|
|
#debug
|
|
|
|
# Append the domain name <d> to the local host name for authentication
|
|
# purposes. For example, if gethostname() returns the name porsche,
|
|
# but the fully qualified domain name is porsche.Quotron.COM, you would
|
|
# use the domain option to set the domain name to Quotron.COM.
|
|
#domain <d>
|
|
|
|
# Enable debugging code in the kernel-level PPP driver. The argument n
|
|
# is a number which is the sum of the following values: 1 to enable
|
|
# general debug messages, 2 to request that the contents of received
|
|
# packets be printed, and 4 to request that the contents of transmitted
|
|
# packets be printed.
|
|
#kdebug n
|
|
|
|
# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
|
|
# requests a smaller value via MRU negotiation, pppd will request that
|
|
# the kernel networking code send data packets of no more than n bytes
|
|
# through the PPP network interface.
|
|
#mtu <n>
|
|
|
|
# Set the name of the local system for authentication purposes to <n>.
|
|
# This will probably have to be set to your ISP user name if you are
|
|
# using PAP/CHAP.
|
|
#name <n>
|
|
|
|
# Set the user name to use for authenticating this machine with the peer
|
|
# using PAP to <u>.
|
|
# Do NOT use this if you are using 'name' above!
|
|
#user <u>
|
|
|
|
# Enforce the use of the host name as the name of the local system for
|
|
# authentication purposes (overrides the name option).
|
|
#usehostname
|
|
|
|
# Set the assumed name of the remote system for authentication purposes
|
|
# to <n>.
|
|
#remotename <n>
|
|
|
|
# Add an entry to this system's ARP [Address Resolution Protocol]
|
|
# table with the IP address of the peer and the Ethernet address of this
|
|
# system.
|
|
#proxyarp
|
|
|
|
# Use the system password database for authenticating the peer using
|
|
# PAP.
|
|
#login
|
|
|
|
# If this option is given, pppd will send an LCP echo-request frame to
|
|
# the peer every n seconds. Under Linux, the echo-request is sent when
|
|
# no packets have been received from the peer for n seconds. Normally
|
|
# the peer should respond to the echo-request by sending an echo-reply.
|
|
# This option can be used with the lcp-echo-failure option to detect
|
|
# that the peer is no longer connected.
|
|
#lcp-echo-interval <n>
|
|
|
|
# If this option is given, pppd will presume the peer to be dead if n
|
|
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
|
|
# If this happens, pppd will terminate the connection. Use of this
|
|
# option requires a non-zero value for the lcp-echo-interval parameter.
|
|
# This option can be used to enable pppd to terminate after the physical
|
|
# connection has been broken (e.g., the modem has hung up) in
|
|
# situations where no hardware modem control lines are available.
|
|
#lcp-echo-failure <n>
|
|
|
|
# Set the LCP restart interval (retransmission timeout) to <n> seconds
|
|
# (default 3).
|
|
#lcp-restart <n>
|
|
|
|
# Set the maximum number of LCP terminate-request transmissions to <n>
|
|
# (default 3).
|
|
#lcp-max-terminate <n>
|
|
|
|
# Set the maximum number of LCP configure-request transmissions to <n>
|
|
# (default 10).
|
|
# Some PPP servers are slow to start up. You may need to increase this
|
|
# if you keep getting 'serial line looped back' errors and your are SURE
|
|
# that you have logged in correctly and PPP should be starting on the server.
|
|
#lcp-max-configure <n>
|
|
|
|
# Set the maximum number of LCP configure-NAKs returned before starting
|
|
# to send configure-Rejects instead to <n> (default 10).
|
|
#lcp-max-failure <n>
|
|
|
|
# Set the IPCP restart interval (retransmission timeout) to <n>
|
|
# seconds (default 3).
|
|
#ipcp-restart <n>
|
|
|
|
# Set the maximum number of IPCP terminate-request transmissions to <n>
|
|
# (default 3).
|
|
#ipcp-max-terminate <n>
|
|
|
|
# Set the maximum number of IPCP configure-request transmissions to <n>
|
|
# (default 10).
|
|
#ipcp-max-configure <n>
|
|
|
|
# Set the maximum number of IPCP configure-NAKs returned before starting
|
|
# to send configure-Rejects instead to <n> (default 10).
|
|
#ipcp-max-failure <n>
|
|
|
|
# Set the PAP restart interval (retransmission timeout) to <n> seconds
|
|
# (default 3).
|
|
#pap-restart <n>
|
|
|
|
# Set the maximum number of PAP authenticate-request transmissions to
|
|
# <n> (default 10).
|
|
#pap-max-authreq <n>
|
|
|
|
# Set the CHAP restart interval (retransmission timeout for
|
|
# challenges) to <n> seconds (default 3).
|
|
#chap-restart <n>
|
|
|
|
# Set the maximum number of CHAP challenge transmissions to <n>
|
|
# (default 10).
|
|
#chap-max-challenge
|
|
|
|
# If this option is given, pppd will re-challenge the peer every <n>
|
|
# seconds.
|
|
#chap-interval <n>
|
|
|
|
# With this option, pppd will accept the peer's idea of our local IP
|
|
# address, even if the local IP address was specified in an option.
|
|
#ipcp-accept-local
|
|
|
|
# With this option, pppd will accept the peer's idea of its (remote) IP
|
|
# address, even if the remote IP address was specified in an option.
|
|
#ipcp-accept-remote</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
> </P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="root.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x970.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Using PPP and root privileges</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>What options should I use? (No PAP/CHAP)</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |