Chapter 9 Configuring PPP

This chapter contains procedures and information for configuring PPP. The example used in the text is for the configuration with both types of PPP links-- remote hosts and their multipoint dial-in server. Chapter 11, Tailoring Your PPP Link, contains information for setting up other PPP configuration types.

• "Installing the PPP Software"

• "Sample PPP Configuration"

• "Editing UUCP Databases"

• "Modifying the /etc/passwd File"

• "Parts of Basic Configuration File"

• "Configuration File for Multipoint Dial-in Server"

• "Starting up and Stopping Your New PPP Link"

Overview of the Configuration Process

You have completed the preinstallation activities noted in Chapter 8, Preparing Your PPP Configuration. Now you can begin PPP configuration.

PPP requires that you:

1. Install the PPP software, if it isn't already installed.

2. Edit the /etc/inet/hosts files on all machines involved.

3. Edit the UUCP database files for all dial-out machines.

4. Edit the /etc/passwd and /etc/shadow files for the dial-in machine.

5. Edit the /etc/asppp.cf file on each machine on the link.

6. Start the link manager aspppd on each machine on a link.

7. Verify that PPP is running successfully.

Although you don't have to perform Tasks 1-4 in order, you must complete them before you can edit the PPP-configuration file.

The sections in this chapter explain the procedures for configuring PPP.

Installing the PPP Software

The PPP software is automatically included when you run the Solaris installation program and select the entire distribution. If you did not select the entire distribution, you need to install PPP as a separate package.

Verifying Installation

Before proceeding further, you must check that the Solaris version of PPP is installed on all machines to be involved in the PPP link. On each endpoint involved in the link, type:

# pkginfo | grep ppp

If PPP is installed, the following package names are displayed:

SUNWpppk       # Contains kernel modules
SUNWapppu      # Contains the link manager and login service
SUNWappp       # Contains configuration files

If PPP is not installed on an endpoint system, install it using either the pkgadd program or admintool software manager.

When using pkgadd to install PPP, you must install the packages in the order listed in the preceding screen box.

Refer to System Administration Guide for more information about pkgadd and admintool software manager.

Sample PPP Configuration

This and the following sections show you how to edit the appropriate files to support the most common PPP configuration: remote hosts and their dial-in server. Figure 9-1 illustrates the configuration used as the example for this chapter. It depicts three remote machines (nomada, nomadb, nomadc) and their dial-in server nubian, which compose the network 192.41.43. This is a separate network from the local area network 192.41.40, to which dial-in server nubian is directly attached. Network 192.41.40 runs NIS as its name service.

The IP number shown for each remote host is the address of its PPP network interface. However, the dial-in server has a specially created IP address for the PPP interface, 192.41.43.10, in addition to the IP address for its primary network interface, 192.41.40.45.

Figure 9-1 Sample Network of Remote Hosts and Multipoint Dial-in Server

Editing the /etc/inet/hosts File

After ensuring that PPP is installed on every machine involved in your configuration, your next task is to edit the /etc/inet/hosts files on each machine. You must add host information to the hosts database for every machine on the other end of the PPP link that the local machine needs to communicate with.

You must update /etc/inet/hosts regardless of the name service in use on the physical network. This is necessary because PPP starts before the name service daemons during the booting process.

How to Configure the Remote Machine's hosts Database

1. Become superuser and prepare to edit the /etc/inet/hosts file.

2. Add an entry with the IP address and host name of the PPP network interface for the dial-in server on the other end of the link.

   In Figure 9-1, nomada must have in its /etc/inet/hosts file an entry with the IP address for dial-in server nubian's PPP network interface. This is true also for the /etc/inet/hosts files for nomadb and nomadc.

3. Add entries with the IP addresses of any machines on the dial-in server`s physical network that the remote host can remotely log in to.

   The /etc/inet/hosts file on nomadc would look like:

   # Internet host table # 127.0.0.1 localhost loghost 192.41.43.3 nomadc 192.41.43.10 nubian-ppp 192.41.40.20 nismaster

4. Update the databases on the name server (if the network has one) with the host names and IP addresses of the remote hosts.

Multipoint Dial-in Server hosts Database

Multipoint dial-in servers must have a unique IP address for the PPP interface, besides the local IP address for the primary network interface. When configuring the hosts database for the dial-in server, you need to perform the following procedure.

How to Configure the Dial-In Server's hosts Database

1. Add an entry with the IP address for the PPP interface to the /etc/inet/hosts file for the dial-in server.

   For example, the /etc/hosts file on dial-in server nubian in Figure 9-1 would have the following entries.

   # Internet host table # 127.0.0.1 localhost loghost 192.41.43.10 nubian-ppp 192.41.40.45 nubian

2. For configurations where the server's physical network does not use a name service:

   1. Add entries to the server's /etc/inet/hosts files for each remote host served.

   2. Add entries for the remote hosts to the /etc/inet/hosts files of every machine on the physical network permitted to communicate with the remote machines.

3. Add a new network number to the dial-in server's /etc/inet/networks file for the network that consists of the server and its remote hosts.

   Refer to "Assigning a Network Number to the PPP Link" for more information.

Editing UUCP Databases

Before a machine can dial out over the PPP link, you must edit these files in its UUCP database:

• /etc/uucp/Devices

• /etc/uucp/Dialers

• /etc/uucp/Systems

You must edit these files for remote hosts serving as PPP dial-out machines. Additionally, you must edit these files on the dial-in server if it is to dial out to the remote hosts (a requirement for multipoint dial-in servers). Chapter 12, UUCP Databases and Programs, describes these files in detail.

Updating /etc/uucp/Devices for PPP

The /etc/uucp/Devices file must contain entries for every communications device that a particular host uses or must know about. For example, if a machine uses a US Robotics V.32bis modem as part of the PPP link, you should ensure that /etc/uucp/Devices has an entry similar to the following:

# Use these if you have a USrobotics V.32bis modem on Port B.
ACUEC   cua/b - 9600 usrv32bis-ec
ACUEC   cua/b - 19200 usrv32bis-ec
ACUEC   cua/b - 38400 usrv32bis-ec

Be sure that the Devices file on each PPP endpoint machine has an entry describing its modem. For more information about /etc/uucp/Devices, refer to "/etc/uucp/Devices File".

Updating /etc/uucp/Dialers for PPP

The /etc/uucp/Dialers file must have an entry describing the conversation with the modem attached to your PPP endpoint machine. Here is a sample entry for a US Robotics V.32bis modem that is part of a PPP link:

usrv32bis-ec =,-,  "" \dA\pT&FE1V1X1Q0S2=255S12=255&A1&H1&M5&B2\r\c OK\r 
\EATDT\T\r\c CONNECT\s14400/ARQ STTY=crtscts

The first parameter in the entry, usrv32bis, corresponds to the last parameter in the /etc/uucp/Devices file, linking them together. The remainder of the entry describes the characters that the modem sends, those that it expects to receive, and so on. Table 12-6 defines the control codes used in the Dialers file.

Be sure that an entry is in the Dialers file for the modem attached to each dial-out endpoint on your link. If you are unsure of the correct conversation for a particular modem, refer to the System Administration Guide and the operating manual for the modem.

Updating /etc/uucp/Systems for PPP

The /etc/uucp/Systems file contains entries for every machine to which the local host can dial out. Information in an entry might include the remote host's phone number, the line speed, and so on. Here is an example that host nomadb in Figure 9-1 might have for its dial-in server:.

nubian-ppp  Any ACUEC 38400 5551212 "" P_ZERO "" 
\r\n\c login:-\r\n\c-login:-\r\n\c-login:-
EOT-login: bnomad password: Secret-Password

The first field gives the server's host name, nubian-ppp, a value used by the asppp.cf file keyword peer_system_name. ACUEC and 38400 refer to the device and speed, and are used to select an entry from the /etc/uucp/Devices file. The remaining information includes the phone number of the machine that nomadb wants to dial in to, the login name that nomadb is using to log in, and so on. "/etc/uucp/Systems File" fully defines the parameters you need to supply to the Systems file.

On each remote host in your configuration, you must add an entry for its dial-in server. You can have additional entries in the /etc/uucp/Systems file for other machines to which the host can dial out for UUCP communications and for other PPP dial-in servers.

If the dial-in server also directly dials out to remote hosts, you must add entries to its Systems file describing each of these remote hosts.

Modifying the /etc/passwd File

To configure a dial-in server, you must also edit the /etc/passwd and /etc/shadow files.

You must add entries to the /etc/passwd file on the dial-in server for each user on a remote host authorized to log in to the server. When a remote host calls the dial-in server, it reads its UUCP databases and passes the server a user name or user ID for the host initiating the call. The server then verifies this user information in its /etc/passwd file.

If the user's password is authenticated, the server then logs the user in to a special shell for PPP hosts, /usr/sbin/aspppls. The server gets this information from the login shell entry in its /etc/passwd file. Using the example in Figure 9-1, dial-in server nubian might have the following entries in its /etc/passwd file:

bin:x:2:2::/bin:
sys:x:3:3::/bin:
uucp:x:5:5::/usr/lib/uucp:
nuucp:x:9:9::/var/spool/uucppublic:/usr/lib/uucp/uucico
news:x:6:6::/var/spool/news:/bin/csh
sundiag:x:0:1:System Diagnostic:/usr/diag/sundiag:/usr/diag/sundiag/sundiag
lily:x:20:99:Dial-in Operator:/home/nubian/lily:/bin/csh
nomada:x:21:99:R. Burton:/:/usr/sbin/aspppls
nomadb:x:22:99:T. Sherpa:/:/usr/sbin/aspppls
nomadc:x:23:99:S. Scarlett:/:/usr/sbin/aspppls

Refer to System Administration Guide for information about the /etc/passwd file.

In addition to the information in the /etc/passwd file, you update the /etc/shadow file with the passwords for the login names used by each endpoint machine permitted to dial in to the server. For more information, refer to System Administration Guide.

Editing the /etc/asppp.cf Configuration File

The /etc/asppp.cf configuration file provides the PPP link manager on one endpoint machine with information about the machine on the other end of the link--or the machines on the other end of a multipoint (or dynamic point-to-point) link. When the machine boots, the link manager uses this information to establish and maintain communication with a remote endpoint.

Parts of Basic Configuration File

The basic asppp.cf configuration file must contain at least two main sections: an ifconfig line and at least one path section. It can also contain a defaults section, which you use when you want to set the default values for an endpoint. (Refer to Chapter 11, Tailoring Your PPP Link, for a description of keywords used in the defaults section.)

Example 9-1 shows a basic configuration file such as you would create for a remote host to establish a point-to-point link with a dial-in server.

Example 9-1 Basic Configuration File

ifconfig ipdptp0 plumb nomada nubian-ppp up
   path
      interface ipdptp0
      peer_system_name nubian-ppp      # The name in the /etc/uucp/Systems file
      inactivity_timeout 300           # Allow five minutes before timing out

ifconfig Section of the asppp.cf File

The asppp.cf file must contain an ifconfig section with this syntax:

ifconfig interface-number plumb local-machine remote-machine up

Here is a description of the fields:

• ifconfig - Tells the link manager to run the ifconfig command and begin configuring the PPP interface.

• interface-number - Identifies the PPP interface ipdptpn for a point-to-point link or ipdn for a multipoint link. (Replace the n with the number of the interface.)

• plumb - Option of ifconfig that enables IP to recognize the interface.

• local-machine - Gives the name of the local endpoint, which can be the local host name or IP address.

• remote-machine - Gives the name of the remote endpoint, which can be the remote host name or IP address.

• up - Option of ifconfig that marks the interface just described as "up".

The link manager first runs the ifconfig command on the local machine to configure the ipdptp0 point-to-point interface. The zero in ipdptp0 gives the device number of the interface. The plumb option performs various activities necessary for IP to recognize the ipdptp0 interface. nomada is the name of the local host. nubian-ppp is the name of the dial-in server to which nomada connects through the point-to-point link. The ifconfig option up marks the ipdptp0 interface as up.

For more information about ifconfig, see Chapter 10, Troubleshooting PPP, and the ifconfig(1M) man page.

path Section of the asppp.cf File

The path section of the configuration file tells the link manager the name of the remote endpoint and the name of the interface linking the endpoint machines. At a minimum the path section should contain the following lines:

path
   interface interface-number
   peer_system_name endpoint-name

interface Keyword

This keyword defines the PPP interface (either ipdptpn or ipdn). In Example 9-1, the following information appears in the path section:

interface ipdptp0	  
peer_system_name nubian-ppp

The interface keyword identifies ipdptp0 as the point-to-point interface that local endpoint nomada uses to communicate with the remote endpoint in the manner described in this path section. It associates the peer_system_name with the interface.

peer_system_name Keyword

On a dial-out machine such as a remote host, the peer_system_name keyword takes the host name of the remote endpoint as its argument. This is the name of the remote endpoint given in /etc/uucp/Systems. The name need not be the same as the host name on the corresponding ifconfig line.

The argument to the peer_system_name keyword for a dial-in server has a different value. See "Configuration File for Multipoint Dial-in Server" for details.

In Example 9-1, peer_system_name identifies dial-in server nubian-ppp as the remote endpoint at the other end of this link. When the link manager reads the asppp.cf file, it then looks for the entry for nubian-ppp in the /etc/uucp/Systems file. (Recall that the Systems file contains information about how to set up communications with the remote endpoint, including that machine's telephone number. Refer to "Updating /etc/uucp/Systems for PPP".)

inactivity_timeout Keyword

The inactivity_timeout keyword is optional. It tells the link manager that the link can remain inactive for the interval designated. When that interval is passed, the link manager knows to automatically disconnect the link. The default interval is two minutes; you do not have to use inactivity_timeout unless you require a different inactivity interval.

Additional Keywords

You can supply other keywords in the asppp.cf file to define how endpoint machines should communicate. Chapter 11, Tailoring Your PPP Link, has complete information about these keywords.

Configuration File for Multipoint Dial-in Server

The asppp.cf configuration file for a multipoint dial-in server contains the same basic sections as that for a point-to-point link: an ifconfig section, at least one path section, and, if desired, a defaults section.

Example 9-2 shows a configuration file for the dial-in server nubian introduced in Figure 9-1.

Example 9-2 Configuration File for a Multipoint Dial-in Server

ifconfig ipd0 plumb nubian-ppp up

path
   interface ipd0
   peer_system_name tamerlane  # The user name this remote
                               # machine logs in with when it
                               # dials this server
   	peer_ip_address nomada
                               # nomada is a remote machine that
                               # dials in to this server

# nomadb is another remote machine that dials in to nubian

path
   interface ipd0
   peer_system_name lawrence
   peer_ip_address nomadb

# nomadc is another remote machine that dials in to nubian

path
   interface ipd0
   peer_system_name azziz
   peer_ip_address nomadc

ifconfig Section for Multipoint Dial-in Server

The ifconfig section for a multipoint dial-in server has a slightly different syntax than that for a point-to-point link. This syntax is:

ifconfig ipdn plumb server-name up

The major difference is that no destination end points are listed as arguments to ifconfig. Instead, the link manager picks up this information from the path section of the asppp.cf file.

In Example 9-2, the link manager first runs the ifconfig command on the dial-in server to configure multipoint interface ipd0. The zero in ipd0 gives the device number of the interface. The option plumb performs various activities necessary for IP to recognize the ipd0 interface. The ifconfig option up marks interface ipd0 as up.

You may have to supply a netmask + parameter on the ifconfig line if you use subnetting.

path Section for Multipoint Dial-in Server

The path section of the asppp.cf file tells the link manager the name of the remote endpoint and the name of the interface linking the endpoint machines. However, on a multipoint dial-in server, you can include more than one path section. Additionally, some of the arguments to the keywords are used differently with multipoint links.

path
    interface interface-number
    peer_system_name endpoint-username
    peer_ip_address endpoint-hostname

You need to define a path section for each nomadic endpoint with which the dial-in server can establish connections.

interface Keyword

For a multipoint dial-in server, the interface keyword defines the PPP interface ipdn. You must specify the same PPP interface in the path section for every endpoint that communicates with the server through this interface.

peer_system_name Keyword

The peer_system_name keyword takes a slightly different argument for a dial-in machine than a dial-out machine. For a dial-in server, this argument is the login name used by the remote host when it tries to establish communications with the server. This user name must already be present in the server's /etc/passwd file. When the login service reads this name, it verifies the user name in the /etc/passwd and /etc/shadow files enabling communications.

In this excerpt from Example 9-2:

path
    interface ipd0
    peer_system_name scarlett
    peer_ip_address nomadc

the argument to peer_system_name is scarlett, indicating that when nomadc logs in to nubian-ppp, it uses the login name scarlett.

peer_ip_address Keyword

The peer_ip_address keyword is required for multipoint links. It takes the host name or IP address of the remote endpoint as its argument. The example above uses the host name nomads as the argument to keyword peer_ip_address.

Additional Keywords

You can supply other keywords in the asppp.cf file to define how endpoint machines should communicate. Refer to Chapter 11, Tailoring Your PPP Link, for a complete list of keywords.

Editing the Configuration File

When editing asppp.cf:

• Separate keywords in the configuration file by white space (blanks, tabs, and new lines).

• Use a # sign before all character strings meant as comments. All characters placed between a # sign and the next new line are considered comments and ignored.

There are no other format requirements for the placement of the keywords in the file.

How to Edit the asppp.cf Configuration File

1. Become superuser on one endpoint machine and change to the /etc directory.

2. Edit the generic asppp.cf file to add the information defining the PPP link for this machine.

3. Save the file, making sure the permissions are set to 600.

4. Change to the /etc directories on the remaining endpoints and repeat Steps 2 and 3.

Adding PPP Security

After you have completed installing PPP on every machine involved in your configuration, you can add either PAP or CHAP levels of security for the PPP link by modifying the asppp.cf file. Refer to "Editing asppp.cf for PAP/CHAP Security".

Starting up and Stopping Your New PPP Link

You can start PPP either automatically, at boot time, or manually from the command line.

How to Manually Start PPP

You can start PPP manually, although this is not normally required.

1. Become superuser and type:

   # /etc/init.d/asppp start

How to Verify That PPP Is Running

1. Run the ps command:

   # ps -e | grep asppp

   The resulting output from grep should list the aspppd daemon, indicating that PPP is running.

2. If you do get results, verify that you can reach the remote PPP link by typing:

   # ping remote-host 300

   This version of ping sets a timeout value of 5 minutes (300 seconds). You should receive output similar to remote-host is alive. If you receive a different notice, such as remote-host unreachable, route configuration has failed.

3. Check for errors in the configuration process by examining the log file.

   # tail /var/adm/log/asppp.log

   The asppp.log contains error messages if any errors were encountered during configuration.

See Chapter 10, Troubleshooting PPP, for information on troubleshooting and problem solving.

How to Stop PPP

1. To stop PPP operations on your network, type:

   # /etc/init.d/asppp stop