This document is based on the author's personal experience setting up FreeBSD as a PPP dialup router using FreeBSD's kernel-mode PPP (/usr/sbin/pppd), and assumes the reader's familiarity with UNIX administration basics. Essentially this document is a walk-through of configuring a FreeBSD system with two modems to be a TCP/IP dialup router. The author assumes you will be able to modify all of the following samples to suit your needs.
The author runs a 486DX/33 with 8MB RAM as a TCP/IP dialup router with 2 modems and one ethernet adaptor, allowing 2 users simultaneous access to route through the ethernet adaptor to an internal LAN, then to the internet through a corporate firewall. This modest machine works exceptionally well, even with 2 concurrent users. More modems would probably require a beefier machine, your mileage may vary.
11.5.1.1 Prerequisites
You have set up your system for dialup access as documented in section 10.4 of the FreeBSD Handbook. Once you have configured FreeBSD to accept a dial-up connection and you are able to connect and log in using your favourite terminal emulator, you are ready to proceed.
You have FreeBSD 2.0.5 RELEASE or newer
You know how to re-compile a custom kernel
You understand the basics of TCP/IP
You have a working ppp client that is capable of negotiating an IP address at connect time. Two examples of this are Trumpet Winsock v2 or Windows 95.
The dialup router is a member in good standng of an existing TCP/IP network, with a static (never changes) IP address, and all routes properly set. If you can't reach a certain IP address from the console, chances are neither can the dialup clients.
You do have two IP addresses on the same subnet as the dialup router to devote to dialup clients.
You want your system to use pppd, the kernel-level ppp. If you want to use user-process ppp, check section 11.1 of the FreeBSD handbook.
11.5.1.2 Assumptions
This document assumes that
The machine to be the dialup router has two modems, configured as ttyd0 and ttyd1.
Both modems are set to auto-answer, either through a NVRAM setting, or by tip at startup (see section 10.4 of the FreeBSD handbook)
The machine which is to be the dialup router has a statically assigned (never changes) IP address.
You have at least one reserved IP address for each simultaneous client you want to be able to connect.
For the purposes of this document, the term dialup router and server are used interchangably. Both terms are used to denote a FreeBSD machine with a valid, full-time ethernet connection to which you wish to be able to connect using a modem and subsequently route TCP/IP. Similarly, client and user are used to denote any machine running ppp which calls the server and wishes to access the network the server is connected to.
11.5.2 Preparing Your Kernel For ppp
PPPD requires that your kernel has been built with ppp support. An easy way to check if (and how many) ppp adaptors are configured for your kernel, is to enter
netstat -i
and somewhere in the output you should see
ppp0* 1500 0 0 0 0 0
ppp1* 1500 0 0 0 0 0
This shows that I have 2 ppp adaptors configured for this kernel. You will need 1 ppp adaptor for each simultaneous connection you wish to support. For our sample we will need 2, one for each modem on the system.
If you don't see 2 ppp adaptors in the output from netstat -i, you will need to add
pseudo-device ppp X
to your kernel configuration file, where X is the number of ppp adaptors you wish to have available.
For the sake of our example, we will need 2 ppp adaptors, so the entery in the kernel config file will be
pseudo-device ppp 2
To behave as a dialup router, you will also need to add the following options to your config file (if they aren't already there):
options GATEWAY
options ARP_PROXYALL
(PPPD may not require these entries. Can anyone verify this?)
After you modify the kernel config file, you will need to re-compile the kernel. If you don't know how to build a custom kernel, read section 5 of the FreeBSD handbook for instructions BEFORE making any of these changes.
11.5.3.0 Basic Configuration
The default options for PPP are stored in /etc/ppp/options. For our dialup router, you will need at least the following entries:
/etc/ppp/options:
crtscts # Hardware flow control
domain my.domain.ca # your domain
passive # wait for LCP
modem # modem line
proxyarp # use ARP proxy routing
For our example, we will assign an IP address to each modem, this is done using the files /etc/ppp/options.ttyd0 and /etc/ppp/options.ttyd1
/etc/ppp/options.ttyd0:
xxx.xxx.xxx.xxx:yyy.yyy.yyy.yyy # ip's of local and remote hosts
/etc/ppp/options.ttyd1:
xxx.xxx.xxx.xxx:zzz.zzz.zzz.zzz # ip's of local and remote hosts
where
xxx.xxx.xxx.xxx is the IP address of the server (the FreeBSD machine)
yyy.yyy.yyy.yyy is the IP address of the first dialup user
zzz.zzz.zzz.zzz is the IP address of the second dialup user Note the colons between IP addresses. Don't forget these.
The proxyarp option takes care of all the routing, so all you need for the remote clients IP addresses are two free IP addresses on the same subnet as the server's IP address
11.5.4 Manually Started ppp
A manual ppp session is ready to go. Login using your username and password, then at the command prompt, enter
/usr/sbin/pppd
If you don't want shell access and instead want a correct login to immediately run PPP, see below:
11.5.5 Automatically Starting ppp Without Using PAP
Set up each user, and use chpass to set /usr/sbin/pppd as the default shell. Whenever that user logs in, pppd will automatically run, check which modem the login is on (ttyd0 or ttyd1), and then assign the appropriate IP address depending on which modem the call is received on. This also works fine if you only have one userID set this way and have multiple people login using this ID.
11.5.5.1 Using A Unique Address For Each ppp User
If you wish to assign a permanent IP address to each user, remove /etc/ppp/options.ttyd0 and /etc/ppp/options.ttyd1 and place a .ppprc file in each user's home directory containing
xxx.xxx.xxx.xxx:yyy.yyy.yyy.yyy # ip's of local and remote hosts
where
xxx.xxx.xxx.xxx is the IP address of the server (the FreeBSD machine)
yyy.yyy.yyy.yyy is the IP address of this user
For either of the above the user's (client) ppp MUST be set up to negotiate a dynamic IP address. Implementation of this varies from client to client, but usually it involves setting 0.0.0.0 in the client's PPP setup.
11.5.6 Automatically Started ppp Using PAP (no login)
This is by far the slickest configuration. This immediately connects an incoming call to pppd, and then uses PAP (Password Authentication Protocol) to authenticate the client. The end result of this is that there is no initial terminal session for a user to go through, making the automatic login process easy. (Clients must still enter a userID and password in their client software somewhere, but this is usually a one-time process.)
Add the following line to your /etc/ppp/options file:
+pap #Force PAP authentication
Then you must create /etc/ppp/pap-secrets file like this:
DO NOT forget the -detach switch in ttys. Failure to include the -detach switch will cause init to continuously spawn instances of pppd, crashing the server. I do not -repeat do not- know this from personal experience. There is no way I would create a gazillion (10^69) instances of pppd, thus causing the server to spew copious amounts of sulphurous black smoke, forcing me to drive to the office to reset the server at 11:30pm. Never, I tell you.
The passwords may be encrypted using crypt, but as all files in /etc/ppp
should be owned by root, and have group and other access revoked, your passwords should be relatively secure.