aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
blob: 9a84ff1fe946dbb112033cead7cc6e6d0ae394ef (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
<!--
     The FreeBSD Documentation Project

     $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml,v 1.18 2000/01/11 03:50:32 jim Exp $
-->

<chapter id="ppp-and-slip">
  <title>PPP and SLIP</title>
  
  <para>If your connection to the Internet is through a modem, or you wish to
    provide other people with dialup connections to the Internet using
    FreeBSD, you have the option of using PPP or SLIP.  Furthermore, two
    varieties of PPP are provided: <emphasis>user</emphasis> (sometimes
    referred to as <emphasis>iijppp</emphasis>) and
    <emphasis>kernel</emphasis>.  The procedures for configuring both types of
    PPP, and for setting up SLIP are described in this chapter.</para>
  
  <sect1 id="userppp">
    <title>Setting up User PPP</title>
    
    <para>User PPP was introduced to FreeBSD in release 2.0.5 as an addition
      to the existing kernel implementation of PPP.  So, what is different
      about this new PPP that warrants its addition? To quote from the manual
      page:</para>
		
    <blockquote>
      <para>This is a user process PPP software package.  Normally, PPP is
	implemented as a part of the kernel (e.g. as managed by
	<command>pppd</command>) and it is thus somewhat hard to debug and/or
	modify its behavior.  However, in this implementation PPP is done as a
	user process with the help of the tunnel device driver
	(<devicename>tun</devicename>).</para>
    </blockquote>
    
    <para>In essence, this means that rather than running a PPP daemon, the
      ppp program can be run as and when desired.  No PPP interface needs to
      be compiled into the kernel, as the program can use the generic tunnel
      device to get data into and out of the kernel.</para>

    <para>From here on out, user ppp will be referred to simply as ppp unless
      a distinction needs to be made between it and any other PPP
      client/server software such as <command>pppd</command>.  Unless
      otherwise stated, all commands in this section should be executed as
      root.</para>

    <para>There are a large number of enhancements in version 2 of ppp.  You
      can discover what version you have by running ppp with no arguments and
      typing <command>show version</command> at the prompt.  It is a simple
      matter to upgrade to the latest version of ppp (under any version of
      FreeBSD) by downloading the latest archive via  <ulink
	url="http://www.Awfulhak.org/ppp.html">www.Awfulhak.org</ulink>.</para>
    
    <sect2>
      <title>Before you start</title>
      
      <para>This document assumes you are in roughly this position:</para>
      
      <para>You have an account with an Internet Service Provider (ISP) which
	lets you use PPP.  Further, you have a modem (or other device)
	connected and configured correctly which allows you to connect to your
	ISP.</para>
      
      <para>You are going to need the following information to hand:</para>
	  
      <itemizedlist>
	<listitem>
	  <para>Your ISPs phone number(s).</para>
	</listitem>

	<listitem>
	  <para>Your login name and password.  This can be either a regular
	    unix style login/password pair, or a PPP PAP or CHAP
	    login/password pair.</para>
	</listitem>

	<listitem>
	  <para>The IP addresses of one or more nameservers.  Normally, you
	    will be given two IP numbers.  You <emphasis>must</emphasis> have
	    this information for <application>PPP</application> version 1.x
	    unless you run your own nameserver.  From version 2 onwards,
	    <application>PPP</application> supports nameserver address
	    negotiation.  If your ISP supports this, then using the command
	    <command>enable dns</command> in your config file will tell
	    <application>PPP</application> to set the nameservers for
	    you.</para>
	</listitem>
      </itemizedlist>
      
      <para>The following information may have been supplied by your ISP, but
	is not strictly necessary:</para>
      
      <itemizedlist>
	<listitem>
	  <para>The IP address of your ISP's gateway.  The gateway is the
	    machine to which you will connect and will be set up as your
	    <emphasis>default route</emphasis>.  If your ISP hasn't given you
	    this number, we can make one up and your ISP's PPP server will
	    tell us the correct value when we connect.</para>
	      
	  <para>This IP number is referred to as <literal>HISADDR</literal>
	    by ppp.</para>
	</listitem>

	<listitem>
	  <para>Your ISP's netmask.  If your ISP hasn't given you this
	    information, you can safely use a netmask of <hostid
	      role="netmask">255.255.255.0</hostid>.</para>
	  
	  <para>If your ISP allocates you a static IP address and hostname
	    then you can enter this information.  Otherwise, we simply let the
	    peer assign whatever IP number it sees fit.</para>
	</listitem>
      </itemizedlist>
      
      <para>If you do not have any of the required information, contact your
	ISP and make sure they provide it to you.</para>
    </sect2>
    
    <sect2>
      <title>Building a ppp ready kernel</title>
      
      <para>As the description states, <command>ppp</command> uses the kernel
	<devicename>tun</devicename> device.  It is necessary to make sure
	that your kernel has support for this device compiled in.</para>
	  
      <para>To check this, go to your kernel compile directory
	(<filename>/sys/i386/conf</filename> or
	<filename>/sys/pc98/conf</filename>) and examine your kernel
	configuration file.  It needs to have the line

	<programlisting>
pseudo-device tun 1</programlisting>

	in it somewhere.  The stock <filename>GENERIC</filename> kernel has
	this as standard, so if you have not installed a custom kernel or you
	do not have a <filename>/sys</filename> directory, you do not have to
	change anything.</para>

      <para>If your kernel configuration file does not have this line in it,
	or you need to configure more than one <devicename>tun</devicename> device (for example, if you
	are setting up a server and could have 16 dialup ppp connections at
	any one time then you will need to use <literal>16</literal> instead
	of <literal>1</literal>), then you should add the line, re-compile,
	re-install and boot the new kernel.  Please refer to the  <link
	  linkend="kernelconfig">Configuring the FreeBSD Kernel</link> section
	for more information on kernel configuration.</para>
	  
      <para>You can check how many tunnel devices your current kernel has by
	typing the following:</para>
	  
      <screen>&prompt.root; <userinput>ifconfig -a</userinput>
tun0: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
        inet 200.10.100.1 --&gt; 203.10.100.24 netmask 0xffffffff
tun1: flags=8050&lt;POINTOPOINT,RUNNING,MULTICAST&gt; mtu 576
tun2: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
        inet 203.10.100.1 --&gt; 203.10.100.20 netmask 0xffffffff
tun3: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</screen>
	    
	  
      <para>This case shows four tunnel devices, two of which are currently
	configured and being used.  It should be noted that the
	<literal>RUNNING</literal> flag above indicates that the interface has
	been used at some point&mdash;it is not an error if your interface
	does not show up as <literal>RUNNING</literal>.</para>
	  
      <para>If you have a kernel without the <devicename>tun</devicename> device, and you can not
	rebuild it for some reason, all is not lost.  You should be able to
	dynamically load the code.  Refer to the appropriate
	  &man.modload.8; and &man.lkm.4; pages for further details.</para>
	  
      <para>You may also wish to take this opportunity to configure a
	firewall.  Details can be found in the <link
	  linkend="firewalls">Firewalls</link> section.</para>
    </sect2>
    
    <sect2>
      <title>Check the tun device</title>
      
      <para>Most users will only require one <devicename>tun</devicename>
	device (<filename>/dev/tun0</filename>).  If you have used more (i.e.,
	a number other than <literal>1</literal> in the
	<literal>pseudo-device</literal> line in the kernel configuration
	file) then alter all references to <devicename>tun0</devicename> below
	to reflect whichever device number you are using.</para>
	  
      <para>The easiest way to make sure that the
	<devicename>tun0</devicename> device is configured correctly is to
	re-make it.  To do this, execute the following commands:</para>
	  
      <screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>./MAKEDEV tun0</userinput></screen>
      
      <para>If you require 16 tunnel devices in your kernel, you will need to
	create more than just <devicename>tun0</devicename>:</para>
      
      <screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>./MAKEDEV tun15</userinput></screen>
		  
      <para>Also, to confirm that the kernel is configured correctly, the
	following command should give the indicated output:</para>
      	    
      <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
tun0: flags=8050&lt;POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500</screen>

      <para>The <literal>RUNNING</literal> flag may not yet be set, in which
	case you will see:</para>
            
      <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
tun0: flags=8010&lt;POINTOPOINT,MULTICAST> mtu 1500</screen>
    </sect2>
    
    <sect2>
      <title>Name Resolution Configuration</title>
	  
      <para>The resolver is the part of the system that turns IP addresses
	into hostnames and vice versa.  It can be configured to look for maps
	that describe IP to hostname mappings in one of two places. The first
	is a file called <filename>/etc/hosts</filename> (<command>man 5
	  hosts</command>).  The second is the Internet Domain Name Service
	(DNS), a distributed data base, the discussion of which is beyond the
	scope of this document.</para>
	  
      <para>This section describes briefly how to configure your
	resolver.</para>
	  
      <para>The resolver is a set of system calls that do the name mappings,
	but you have to tell them where to find their information.  You do
	this by first editing the file <filename>/etc/host.conf</filename>.
	Do <emphasis>not</emphasis> call this file
	<filename>/etc/hosts.conf</filename> (note the extra
	<literal>s</literal>) as the results can be confusing.</para>

      <sect3>
	<title>Edit the <filename>/etc/host.conf</filename> file</title>

	<para>This file should contain the following two lines (in this
	  order):</para>
		    
	<programlisting>
hosts
bind</programlisting>
	    
	<para>These instructs the resolver to first look in the file
	  <filename>/etc/hosts</filename>, and then to consult the DNS if the
	  name was not found.</para>
      </sect3>
      
      <sect3>
	<title>Edit the <filename>/etc/hosts</filename>(5) file</title>

	<para>This file should contain the IP addresses and names of machines
	  on your network.  At a bare minimum it should contain entries for
	  the machine which will be running ppp.  Assuming that your machine
	  is called <hostid role="fqdn">foo.bar.com</hostid> with the IP
	  address <hostid role="ipaddr">10.0.0.1</hostid>,
	  <filename>/etc/hosts</filename> should contain:</para>
	    
	<programlisting>
127.0.0.1    localhost
10.0.0.1     foo.bar.com		  foo</programlisting>

	<para>The first line defines the alias <hostid>localhost</hostid> as a
	  synonym for the current machine.  Regardless of your own IP address,
	  the IP address for this line should always be <hostid
	    role="ipaddr">127.0.0.1</hostid>.  The second line maps the name
	  <hostid role="fqdn">foo.bar.com</hostid> (and the shorthand
	  <hostid>foo</hostid>) to the IP address <hostid
	    role="ipaddr">10.0.0.1</hostid>.</para>
	    
	<para>If your provider allocates you a static IP address and name,
	  then use these in place of the <hostid
	    role="ipaddr">10.0.0.1</hostid> entry.</para>
      </sect3>
      
      <sect3>
	<title>Edit the <filename>/etc/resolv.conf</filename> file</title>

	<para><filename>/etc/resolv.conf</filename> tells the resolver how to
	  behave.  If you are running your own DNS, you may leave this file
	  empty.  Normally, you will need to enter the following
	  line(s):</para>
	    
	<programlisting>
nameserver <replaceable>x.x.x.x</replaceable>
nameserver <replaceable>y.y.y.y</replaceable>
domain <replaceable>bar.com</replaceable></programlisting>
	    
	<para>The <hostid
	    role="ipaddr"><replaceable>x.x.x.x</replaceable></hostid> and
	  <hostid role="ipaddr"><replaceable>y.y.y.y</replaceable></hostid>
	  addresses are those given to you by your ISP.  Add as many
	  <literal>nameserver</literal> lines as your ISP provides.  The
	  <literal>domain</literal> line defaults to your hostname's domain,
	  and is probably unnecessary.  Refer to the
	  <filename>resolv.conf</filename> manual page for details of other
	  possible entries in this file.</para>

	<para>If you are running PPP version 2 or greater, the <command>enable
	    dns</command> command will tell PPP to request that your ISP
	  confirms the nameserver values.  If your ISP supplies different
	  addresses (or if there are no nameserver lines in
	  <filename>/etc/resolv.conf</filename>), PPP will rewrite the file
	  with the ISP-supplied values.</para>
      </sect3>
    </sect2>
    
    <sect2>
      <title><command>ppp</command> Configuration</title>
      
      <para>Both user ppp and <command>pppd</command> (the kernel level
	implementation of PPP) use configuration files located in the
	<filename>/etc/ppp</filename> directory.  The sample configuration
	files provided are a good reference for user ppp, so don't delete
	them.</para>
	  
      <para>Configuring <command>ppp</command> requires that you edit a number
	of files, depending on your requirements.  What you put in them
	depends to some extent on whether your ISP allocates IP addresses
	statically (i.e., you get given one IP address, and always use that
	one) or dynamically (i.e., your IP address can be different for each
	PPP session).</para>
	  
      <sect3 id="userppp-staticIP">
	<title>PPP and Static IP addresses</title>

	<para>You will need to create a configuration file called
	  <filename>/etc/ppp/ppp.conf</filename>.  It should look similar to
	  the example below.</para>

	<note>
	  <para>Lines that end in a <literal>:</literal> start in the first
	    column, all other lines should be indented as shown using spaces
	    or tabs.</para>
	</note>

	<programlisting>
1     default:
2       set device /dev/cuaa0
3       set speed 115200
4       set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5     provider:
6       set phone "(0123) 456 7890"
7       set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8       set timeout 300
9       set ifaddr <replaceable>x.x.x.x</replaceable> <replaceable>y.y.y.y</replaceable> 255.255.255.0 0.0.0.0
10      add default HISADDR	  
11      enable dns</programlisting>

	<para>Do not include the line numbers, they are just for reference in
	  this discussion.</para>
	    
	<variablelist>
	  <varlistentry>
	    <term>Line 1:</term>

	    <listitem>
	      <para>Identifies the default entry.  Commands in this entry are
		executed automatically when ppp is run.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 2:</term>
		  
	    <listitem>
	      <para>Identifies the device to which the modem is connected.
		<devicename>COM1:</devicename> is
		<filename>/dev/cuaa0</filename> and
		<devicename>COM2:</devicename> is
		<filename>/dev/cuaa1</filename>.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 3:</term>
	    
	    <listitem>
	      <para>Sets the speed you want to connect at.  If 115200 doesn't
		work (it should with any reasonably new modem), try 38400
		instead.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 4:</term>
	    
	    <listitem>
	      <para>The dial string.  User PPP uses an expect-send syntax
		similar to the &man.chat.8; program.  Refer to the
		manual page for information on the features of this
		language.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 5:</term>
	    
	    <listitem>
	      <para>Identifies an entry for a provider called
		&ldquo;provider&rdquo;.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 6:</term>
	    
	    <listitem>
	      <para>Sets the phone number for this provider.  Multiple phone
		numbers may be specified using the <literal>:</literal> or
		<literal>|</literal> character as a separator.  The difference
		between these separators is described in &man.ppp.8;.
		To summarize, if you want to rotate through the numbers, use
		the <literal>:</literal>.  If you want to always attempt to
		dial the first number first and only use the other numbers if
		the first number fails, use the <literal>|</literal>.  Always
		quote the entire set of phone numbers as shown.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 7:</term>
	    
	    <listitem>
	      <para>The login string is of the same chat-like syntax as the
		dial string.  In this example, the string works for a service
		whose login session looks like this:</para>
		    
	      <screen>J. Random Provider
login: <replaceable>foo</replaceable>
password: <replaceable>bar</replaceable>
protocol: ppp</screen>
		    
	      <para>You will need to alter this script to suit your own needs.
		When you write this script for the first time, you should
		enable &ldquo;chat&rdquo; logging to ensure that the
		conversation is going as expected.</para>

	      <para>If you're using PAP or CHAP, there will be no login at
		this point, so your login string can be left blank.  See <link
		  linkend="userppp-PAPnCHAP">PAP and CHAP
		  authentication</link> for further details.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 8:</term>
	    
	    <listitem>
	      <para>Sets the default timeout (in seconds) for the connection.
		Here, the connection will be closed automatically after 300
		seconds of inactivity.  If you never want to timeout, set this
		value to zero.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 9:</term>
	    
	    <listitem>
	      <para>Sets the interface addresses.  The string
		<replaceable>x.x.x.x</replaceable> should be replaced by the
		IP address that your provider has allocated to you.  The
		string <replaceable>y.y.y.y</replaceable> should be replaced
		by the IP address that your ISP indicated for their gateway
		(the machine to which you connect).  If your ISP hasn't given
		you a gateway address, use <hostid
		  role="netmask">10.0.0.2/0</hostid>.  If you need to use a
		&ldquo;guessed&rdquo; address, make sure that you create an
		entry in <filename>/etc/ppp/ppp.linkup</filename> as per the
		instructions for <link linkend="userppp-dynamicIP">PPP and
		  Dynamic IP addresses</link>.  If this line is omitted,
		<command>ppp</command> cannot run in <option>-auto</option> or
		<option>-dynamic</option> mode.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 10:</term>
	    
	    <listitem>
	      <para>Adds a default route to your ISPs gateway.  The special
		word <literal>HISADDR</literal> is replaced with the gateway
		address specified on line 9.  It is important that this line
		appears after line 9, otherwise <literal>HISADDR</literal>
		will not yet be initialized.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 11:</term>
	    
	    <listitem>
	      <para>This line tells PPP to ask your ISP to confirm that your
		nameserver addresses are correct.  If your ISP supports this
		facility, PPP can then update
		<filename>/etc/resolv.conf</filename> with the correct
		nameserver entries.</para>
	    </listitem>
	  </varlistentry>
	</variablelist>

	<para>It is not necessary to add an entry to
	  <filename>ppp.linkup</filename> when you have a static IP address as
	  your routing table entries are already correct before you connect.
	  You may however wish to create an entry to invoke programs after
	  connection.  This is explained later with the sendmail
	  example.</para>

	<para>Example configuration files can be found in the
	  <filename>/etc/ppp</filename> directory.</para>
      </sect3>
      
      <sect3 id="userppp-dynamicIP">
	<title>PPP and Dynamic IP addresses</title>

	<para>If your service provider does not assign static IP numbers,
	  <command>ppp</command> can be configured to negotiate the local and
	  remote addresses.  This is done by &ldquo;guessing&rdquo; an IP
	  number and allowing <command>ppp</command> to set it up correctly
	  using the IP Configuration Protocol (IPCP) after connecting.  The
	  <filename>ppp.conf</filename> configuration is the same as <link
	    linkend="userppp-staticIP">PPP and Static IP addresses</link>,
	  with the following change:</para>
	    
	<programlisting>
9      set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0</programlisting>
	    
	<para>Again, do not include the line numbers, they are just for
	  reference in this discussion.  Indentation of at least one space is
	  required.</para>
	    
	<variablelist>
	  <varlistentry>
	    <term>Line 9:</term>

	    <listitem>
	      <para>The number after the <literal>/</literal> character is the
		number of bits of the address that ppp will insist on.  You
		may wish to use IP numbers more appropriate to your
		circumstances, but the above example will always work.</para>

	      <para>The last argument (<literal>0.0.0.0</literal>) tells PPP
		to negotiate using address <hostid
		  role="ipaddr">0.0.0.0</hostid> rather than <hostid
		  role="ipaddr">10.0.0.1</hostid>.  Do not use
		<literal>0.0.0.0</literal> as the first argument to
		<command>set ifaddr</command> as it prevents PPP from setting
		up an initial route in <option>-auto</option> mode.</para>
	    </listitem>
	  </varlistentry>
	</variablelist>

	<para>If you are running version 1.x of PPP, you will also need to
	  create an entry in <filename>/etc/ppp/ppp.linkup</filename>.
	  <filename>ppp.linkup</filename> is used after a connection has been
	  established.  At this point, <command>ppp</command> will know what
	  IP addresses should <emphasis>really</emphasis> be used. The
	  following entry will delete the existing bogus routes, and create
	  correct ones:</para>
	    
	<programlisting>
1     provider:
2       delete ALL
3       add 0 0 HISADDR</programlisting>
	    
	<variablelist>
	  <varlistentry>
	    <term>Line 1:</term>
	    
	    <listitem>
	      <para>On establishing a connection, <command>ppp</command> will
		look for an entry in <filename>ppp.linkup</filename> according
		to the following rules: First, try to match the same label as
		we used in <filename>ppp.conf</filename>.  If that fails, look
		for an entry for the IP number of our gateway.  This entry is
		a four-octet IP style label.  If we still haven't found an
		entry, look for the <literal>MYADDR</literal> entry.</para>
	    </listitem>
	  </varlistentry>
		
	  <varlistentry>
	    <term>Line 2:</term>
	    
	    <listitem>
	      <para>This line tells <command>ppp</command> to delete all
		existing routes for the acquired tun interface (except the
		direct route entry).</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 3:</term>
	    
	    <listitem>
	      <para>This line tells <command>ppp</command> to add a default
		route that points to <literal>HISADDR</literal>.
		<literal>HISADDR</literal> will be replaced with the IP number
		of the gateway as negotiated in the IPCP.</para>
	    </listitem>
	  </varlistentry>
	</variablelist>

	<para>See the pmdemand entry in the files
	  <filename>/etc/ppp/ppp.conf.sample</filename> and
	  <filename>/etc/ppp/ppp.linkup.sample</filename> for a detailed
	  example.</para>

	<para>Version 2 of PPP introduces &ldquo;sticky routes&rdquo;.  Any
	  <literal>add</literal> or <literal>delete</literal> lines that
	  contain <literal>MYADDR</literal> or <literal>HISADDR</literal> will
	  be remembered, and any time the actual values of
	  <literal>MYADDR</literal> or <literal>HISADDR</literal> change, the
	  routes will be re-applied.  This removes the necessity of repeating
	  these lines in <filename>ppp.linkup</filename>.</para>
	  </sect3>
      
      <sect3>
	<title>Receiving incoming calls with <command>ppp</command></title>
	    
	<para>This section describes setting up <command>ppp</command> in a
	  server role.</para>

	<para>When you configure <command>ppp</command> to receive incoming
	  calls on a machine connected to a LAN, you must decide if you wish
	  to forward packets to the LAN.  If you do, you should allocate the
	  peer an IP number from your LAN's subnet, and use the command
	    
	  <programlisting>
enable proxy</programlisting>
	    
	  in your <filename>ppp.conf</filename> file.  You should also confirm
	  that the <filename>/etc/rc.conf</filename> file (this file used to
	  be called <filename>/etc/sysconfig</filename>) contains the
	  following:</para>
	  	    
	<programlisting>
gateway=YES</programlisting>
	  	    
	<sect4>
	  <title>Which getty?</title>
	  
	  <para><link linkend="dialup">Configuring FreeBSD for Dialup
	      Services</link> provides a good description on enabling dialup
	    services using getty.</para>
	      
	  <para>An alternative to <command>getty</command> is <ulink
	      url="http://www.leo.org/~doering/mgetty/index.html">mgetty</ulink>,
	    a smarter version of <command>getty</command> designed with dialup
	    lines in mind.</para>
	  
	  <para>The advantages of using <command>mgetty</command> is that it
	    actively <emphasis>talks</emphasis> to modems, meaning if port is
	    turned off in <filename>/etc/ttys</filename> then your modem won't
	    answer the phone.</para>
	  
	  <para>Later versions of <command>mgetty</command> (from 0.99beta
	    onwards) also support the automatic detection of PPP streams,
	    allowing your clients script-less access to your server.</para>
	      
	  <para>Refer to <link linkend="userppp-mgetty">Mgetty and
	      AutoPPP</link> for more information on
	    <command>mgetty</command>.</para>
	</sect4>

	<sect4>
	  <title>PPP permissions</title>
	  
	  <para><command>ppp</command> must normally be run as user id 0.  If
	    however you wish to allow <command>ppp</command> to run in server
	    mode as a normal user by executing <command>ppp</command> as
	    described below, that user must be given permission to run
	    <command>ppp</command> by adding them to the
	    <username>network</username> group in
	    <filename>/etc/group</filename>.</para>

	  <para>You will also need to give them access to one or more sections
	    of the configuration file using the <command>allow</command>
	    command:</para>

	  <programlisting>
allow users fred mary</programlisting>

	  <para>If this command is used in the <literal>default</literal>
	    section, it gives the specified users access to everything.</para>
	</sect4>

	<sect4>
	  <title>Setting up a PPP shell for dynamic-IP users</title>
	  
	  <para>Create a file called <filename>/etc/ppp/ppp-shell</filename>
	    containing the following:</para>
	      
	  <programlisting>
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`

if [ x$IDENT = xdialup ]; then
        IDENT=`basename $TTY`
fi

echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"

exec /usr/sbin/ppp -direct $IDENT</programlisting>
	      
	  <para>This script should be executable.  Now make a symbolic link
	    called <filename>ppp-dialup</filename> to this script using the
	    following commands:</para>
	      
	  <screen>&prompt.root; <userinput>ln -s ppp-shell /etc/ppp/ppp-dialup</userinput></screen>
	      
	  <para>You should use this script as the <emphasis>shell</emphasis>
	    for all your dialup ppp users. This is an example from
	    <filename>/etc/password</filename> for a dialup PPP user with
	    username <username>pchilds</username>.  (remember don't directly
	    edit the password file, use <command>vipw</command>)</para>
	      
	  <programlisting>
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup</programlisting>
	      
	  <para>Create a <filename>/home/ppp</filename> directory that is
	    world readable containing the following 0 byte files
	      
	    <screen>-r--r--r--   1 root     wheel           0 May 27 02:23 .hushlogin
-r--r--r--   1 root     wheel           0 May 27 02:22 .rhosts</screen>
	      
	    which prevents <filename>/etc/motd</filename> from being
	    displayed.</para>
	</sect4>

	<sect4>
	  <title>Setting up a PPP shell for static-IP users</title>
	  
	  <para>Create the <filename>ppp-shell</filename> file as above and
	    for each account with statically assigned IPs create a symbolic
	    link to <filename>ppp-shell</filename>.</para>
	      
	  <para>For example, if you have three dialup customers
	    <username>fred</username>, <username>sam</username>, and
	    <username>mary</username>, that you route class C networks for,
	    you would type the following:</para>
	      
	  <screen>&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred</userinput>
&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam</userinput>
&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary</userinput></screen>
		
	  <para>Each of these users dialup accounts should have their shell
	    set to the symbolic link created above.  (ie.
	    <username>mary</username>'s shell should be
	    <filename>/etc/ppp/ppp-mary</filename>).</para>
	</sect4>

	<sect4>
	  <title>Setting up ppp.conf for dynamic-IP users</title>
	  
	  <para>The <filename>/etc/ppp/ppp.conf</filename> file should contain
	    something along the lines of</para>
	  
	  <programlisting>
default:
  set debug phase lcp chat
  set timeout 0

ttyd0:
  set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
  enable proxy

ttyd1:
  set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
  enable proxy</programlisting>

	  <note>
	    <para>The indenting is important.</para>
	  </note>
	  
	  <para>The <literal>default:</literal> section is loaded for each
	    session.  For each dialup line enabled in
	    <filename>/etc/ttys</filename> create an entry similar to the one
	    for <literal>ttyd0:</literal> above.  Each line should get a
	    unique IP address from your pool of IP addresses for dynamic
	    users.</para>
	</sect4>

	<sect4>
	  <title>Setting up <filename>ppp.conf</filename> for static-IP
	    users</title>
	  
	  <para>Along with the contents of the sample
	    <filename>/etc/ppp/ppp.conf</filename> above you should add a
	    section for each of the statically assigned dialup users.  We will
	    continue with our <username>fred</username>,
	    <username>sam</username>, and <username>mary</username>
	    example.</para>
	      
	  <programlisting>
fred:
  set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255

sam:
  set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255

mary:
  set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255</programlisting>
	      
	  <para>The file <filename>/etc/ppp/ppp.linkup</filename> should also
	    contain routing information for each static IP user if required.
	    The line below  would add a route for the <hostid
	      role="ipaddr">203.14.101.0</hostid> class C via  the client's
	    ppp link.</para>
	      
	  <programlisting>
fred:
  add 203.14.101.0 netmask 255.255.255.0 HISADDR

sam:
  add 203.14.102.0 netmask 255.255.255.0 HISADDR

mary:
  add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting>
	</sect4>

	<sect4>
	  <title>More on <command>mgetty</command>, AutoPPP, and MS
	    extensions</title>
	      
	  <sect5 id="userppp-mgetty">
	    <title><command>mgetty</command> and AutoPPP</title>
	    
	    <para>Configuring and compiling <command>mgetty</command> with the
	      <literal>AUTO_PPP</literal> option enabled allows
	      <command>mgetty</command> to detect the LCP phase of PPP
	      connections and automatically spawn off a ppp shell. However,
	      since the default login/password sequence does not occur it is
	      necessary to authenticate users using either PAP or CHAP.</para>
		
	    <para>This section assumes the user has successfully configured,
	      compiled, and installed a version of <command>mgetty</command>
	      with the <literal>AUTO_PPP</literal> option (v0.99beta or
	      later)</para>
		
	    <para>Make sure your
	      <filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
	      file has the following in it:</para>
		
	    <programlisting>
/AutoPPP/ -     -		      /etc/ppp/ppp-pap-dialup</programlisting>
		
	    <para>This will tell <command>mgetty</command> to run the
	      <filename>ppp-pap-dialup</filename> script for detected PPP
	      connections.</para>
		
	    <para>Create a file called
	      <filename>/etc/ppp/ppp-pap-dialup</filename> containing the
	      following (the file should be executable):</para>
		
	    <programlisting>
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
		
	    <para>For each dialup line enabled in
	      <filename>/etc/ttys</filename> create a corresponding entry in
	      <filename>/etc/ppp/ppp.conf</filename>.  This will happily
	      co-exist with the definitions we created above.</para>
		
	    <programlisting>
pap:
  enable pap	      
  set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
  enable proxy</programlisting>
		
	    <para>Each user logging in with this method will need to have a
	      username/password in <filename>/etc/ppp/ppp.secret</filename>
	      file, or alternatively add the</para>
	    
	    <programlisting>
enable passwdauth</programlisting>
	    
	    <para>option to authenticate users via pap from the
	      <filename>/etc/password</filename> file.</para>

	    <para>If you wish to assign some users a static IP number, you can
	      specify the number as the third argument in
	      <filename>/etc/ppp/ppp.secret</filename>.  See
	      <filename>/etc/ppp/ppp.secret.sample</filename> for
	      examples.</para>
	  </sect5>
	  
	  <sect5>
	    <title>MS extensions</title>
	    
	    <para>It is possible to configure PPP to supply DNS and NetBIOS
	      nameserver addresses on demand.</para>

	    <para>To enable these extensions with PPP version 1.x, the
	      following lines might be added to the relevant section of
	      <filename>/etc/ppp/ppp.conf</filename>.</para>
	    
	    <programlisting>
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5</programlisting>

	    <para>And for PPP version 2 and above:</para>

	    <programlisting>
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5</programlisting>
	    
	    <para>This will tell the clients the primary and secondary name
	      server addresses, and a netbios nameserver host.</para>

	    <para>In version 2 and above, if the <literal>set dns</literal>
	      line is omitted, PPP will use the values found in
	      <filename>/etc/resolv.conf</filename>.</para>
	  </sect5>
	</sect4>
      </sect3>
      
      <sect3 id="userppp-PAPnCHAP">
	<title>PAP and CHAP authentication</title>

	<para>Some ISPs set their system up so that the authentication part of
	  your connection is done using either of the PAP or CHAP
	  authentication mechanisms.  If this is the case, your ISP will not
	  give a <prompt>login:</prompt> prompt when you connect, but will
	  start talking PPP immediately.</para>
	    
	<para>PAP is less secure than CHAP, but security is not normally an
	  issue here as passwords, although being sent as plain text with PAP,
	  are being transmitted down a serial line only. There's not much room
	  for crackers to &ldquo;eavesdrop&rdquo;.</para>
	    
	<para>Referring back to the <link linkend="userppp-staticIP">PPP and
	    Static IP addresses</link> or <link
	    linkend="userppp-dynamicIP">PPP and Dynamic IP addresses</link>
	  sections, the following alterations must be made:</para>
	    
	<programlisting>
7       set login
&hellip;
12      set authname <replaceable>MyUserName</replaceable>
13      set authkey <replaceable>MyPassword</replaceable></programlisting>
	    
	<para>As always, do not include the line numbers, they are just for
	  reference in this discussion.  Indentation of at least one space is
	  required.</para>
	    
	<variablelist>
	  <varlistentry>
	    <term>Line 7:</term>

	    <listitem>
	      <para>Your ISP will not normally require that you log into the
		server if you're using PAP or CHAP.  You must therefore
		disable your "set login" string.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 12:</term>
	    
	    <listitem>
	      <para>This line specifies your PAP/CHAP user name.  You will
		need to insert the correct value for
		<replaceable>MyUserName</replaceable>.</para>
	    </listitem>
	  </varlistentry>
	  
	  <varlistentry>
	    <term>Line 13:</term>
	    
	    <listitem>
	      <para>This line specifies your PAP/CHAP password.  You will need
		to insert the correct value for
		<replaceable>MyPassword</replaceable>.  You may want to add an
		additional line
		    
		      <programlisting>
15      accept PAP</programlisting>

		or
		    
		      <programlisting>
15      accept CHAP</programlisting>

		to make it obvious that this is the intention, but PAP and
		CHAP are both accepted by default.</para>
	    </listitem>
	  </varlistentry>
	</variablelist>
      </sect3>
      
      <sect3>
	<title>Changing your <command>ppp</command> configuration on the
	  fly</title>

	<para>It is possible to talk to the <command>ppp</command> program
	  while it is running in the background, but only if a suitable
	  diagnostic port has been set up.  To do this, add the following line
	  to your configuration:</para>

	<programlisting>
set server /var/run/ppp-tun%d DiagnosticPassword 0177</programlisting>

	<para>This will tell PPP to listen to the specified unix-domain
	  socket, asking clients for the specified password before allowing
	  access.  The <literal>%d</literal> in the name is replaced with the
	  <devicename>tun</devicename> device number that is in use.</para>
	    
	<para>Once a socket has been set up, the
	    &man.pppctl.8; program may be used in scripts that wish to
	  manipulate the running program.</para>
      </sect3>
    </sect2>
    
    <sect2 id="userppp-final">
      <title>Final system configuration</title>
      
      <para>You now have <command>ppp</command> configured, but there are a
	few more things to do before it is ready to work.  They all involve
	editing the <filename>/etc/rc.conf</filename> file (was
	<filename>/etc/sysconfig</filename>).</para>
	  
      <para>Working from the top down in this file, make sure the
	<literal>hostname=</literal> line is set, e.g.:</para>
	  
      <programlisting>
hostname=foo.bar.com</programlisting>
	  
      <para>If your ISP has supplied you with a static IP address and name,
	it's probably best that you use this name as your host name.</para>
	  
      <para>Look for the <literal>network_interfaces</literal> variable.  If
	you want to configure your system to dial your ISP on demand, make
	sure the <devicename>tun0</devicename> device is added to the list,
	otherwise remove it.</para>
	  
      <programlisting>
network_interfaces="lo0 tun0" ifconfig_tun0=</programlisting>

      <note>
	<para>The <literal>ifconfig_tun0</literal> variable should be empty,
	  and a file called <filename>/etc/start_if.tun0</filename> should be
	  created.  This file should contain the line</para>

	<programlisting>
ppp -auto mysystem</programlisting>
	    
	<para>This script is executed at network configuration time, starting
	  your ppp daemon in automatic mode.  If you have a LAN for which this
	  machine is a gateway, you may also wish to use the
	  <option>-alias</option> switch.  Refer to the manual page for
	  further details.</para>
      </note>
	  
      <para>Set the router program to <literal>NO</literal> with the
	line</para>
	  
      <programlisting>
router_enable=NO            (/etc/rc.conf)
router=NO                   (/etc/sysconfig)</programlisting>
	  
      <para>It is important that the <command>routed</command> daemon is not
	started (it's started by default) as <command>routed</command> tends
	to delete the default routing table entries created by
	<command>ppp</command>.</para>
	  
      <para>It is probably worth your while ensuring that the
	<literal>sendmail_flags</literal> line does not include the
	<option>-q</option> option, otherwise <command>sendmail</command> will
	attempt to do a network lookup every now and then, possibly causing
	your machine to dial out.  You may try:</para>
	  
      <programlisting>
sendmail_flags="-bd"</programlisting>
	  
      <para>The upshot of this is that you must force
	<command>sendmail</command> to re-examine the mail queue whenever the
	ppp link is up by typing:</para>
      
      <screen>&prompt.root; <userinput>/usr/sbin/sendmail -q</userinput></screen>
	  
      <para>You may wish to use the <command>!bg</command> command in
	<filename>ppp.linkup</filename> to do this automatically:</para>
	  
      <programlisting>
1     provider:
2       delete ALL
3       add 0 0 HISADDR
4       !bg sendmail -bd -q30m</programlisting>
	  
      <para>If you don't like this, it is possible to set up a
	&ldquo;dfilter&rdquo; to block SMTP traffic.  Refer to the sample
	files for further details.</para>
	  
      <para>All that is left is to reboot the machine.</para>
      
      <para>After rebooting, you can now either type</para>
	  
      <screen>&prompt.root; <userinput>ppp</userinput></screen>
      
      <para>and then <command>dial provider</command> to start the PPP
	session, or, if you want <command>ppp</command> to establish sessions
	automatically when there is outbound traffic (and you haven't created
	the <filename>start_if.tun0</filename> script), type</para>
	  
      <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
    </sect2>
    
    <sect2>
      <title>Summary</title>
      
      <para>To recap, the following steps are necessary when setting up ppp
	for the first time:</para>
	  
      <para>Client side:</para>
	  
      <procedure>
	<step>
	  <para>Ensure that the <devicename>tun</devicename> device is built
	    into your kernel.</para>
	</step>

	<step>
	  <para>Ensure that the
	    <filename>tun<replaceable>X</replaceable></filename> device file
	    is available in the <filename>/dev</filename> directory.</para>
	</step>

	<step>
	  <para>Create an entry in <filename>/etc/ppp/ppp.conf</filename>.
	    The <filename>pmdemand</filename> example should suffice for most
	    ISPs.</para>
	</step>

	<step>
	  <para>If you have a dynamic IP address, create an entry in
	    <filename>/etc/ppp/ppp.linkup</filename>.</para>
	</step>

	<step>
	  <para>Update your <filename>/etc/rc.conf</filename> (or
	    <filename>sysconfig</filename>) file.</para>
	</step>

	<step>
	  <para>Create a <filename>start_if.tun0</filename> script if you
	    require demand dialing.</para>
	</step>
      </procedure>
      
      <para>Server side:</para>
      
      <procedure>
	<step>
	  <para>Ensure that the <devicename>tun</devicename> device is built
	    into your kernel.</para>
	</step>

	<step>
	  <para>Ensure that the
	    <filename>tun<replaceable>X</replaceable></filename> device file
	    is available in the <filename>/dev</filename> directory.</para>
	</step>

	<step>
	  <para>Create an entry in <filename>/etc/passwd</filename> (using the
	      &man.vipw.8; program).</para>
	</step>

	<step>
	  <para>Create a profile in this users home directory that runs
	    <command>ppp -direct direct-server</command> or similar.</para>
	</step>

	<step>
	  <para>Create an entry in <filename>/etc/ppp/ppp.conf</filename>.
	    The <filename>direct-server</filename> example should
	    suffice.</para>
	</step>

	<step>
	  <para>Create an entry in
	    <filename>/etc/ppp/ppp.linkup</filename>.</para>
	</step>

	<step>
	  <para>Update your <filename>/etc/rc.conf</filename> (or
	    <filename>sysconfig</filename>) file.</para>
	</step>
      </procedure>
    </sect2>
    
    <sect2>
      <title>Acknowledgments</title>
      
      <para>This section of the handbook was last updated on Monday Aug 10,
	1998 by &a.brian;</para>
	  
      <para>Thanks to the following for their input, comments &amp;
	suggestions:</para>
      
      <para>&a.nik;</para>
      
      <para>&a.dirkvangulik;</para>
      
      <para>&a.pjc;</para>
    </sect2>
  </sect1>
  
  <sect1 id="ppp">
    <title>Setting up Kernel PPP</title>
    
    <para><emphasis>Contributed by &a.gena;.</emphasis></para>
    
    <para>Before you start setting up PPP on your machine make sure that
      <command>pppd</command> is located in <filename>/usr/sbin</filename> and
      directory <filename>/etc/ppp</filename> exists.</para>

    <para><command>pppd</command> can work in two modes:</para>

    <orderedlist>
      <listitem>
	<para>as a &ldquo;client&rdquo;, i.e. you want to connect your machine
	  to outside world via PPP serial connection or modem line.</para>
      </listitem>
      
      <listitem>
	<para>as a &ldquo;server&rdquo;, i.e. your machine is located on the
	  network and used to connect other computers using PPP.</para>
      </listitem>
    </orderedlist>
    
    <para>In both cases you will need to set up an options file
      (<filename>/etc/ppp/options</filename> or <filename>~/.ppprc</filename>
      if you have more then one user on your machine that uses PPP).</para>

    <para>You also will need some modem/serial software (preferably kermit) so
      you can dial and establish connection with remote host.</para>

    <sect2>
      <title>Working as a PPP client</title>
      
      <para>I used the following <filename>/etc/ppp/options</filename> to
	connect to CISCO terminal server PPP line.</para>

      <programlisting>
crtscts         # enable hardware flow control
modem           # modem control line
noipdefault     # remote PPP server must supply your IP address.
                # if the remote host doesn't send your IP during IPCP
                # negotiation , remove this option
passive         # wait for LCP packets
domain ppp.foo.com      # put your domain name here

:&lt;remote_ip&gt;    # put the IP of remote PPP host here
                # it will be used to route packets via PPP link
                # if you didn't specified the noipdefault option
                # change this line to &lt;local_ip&gt;:&lt;remote_ip&gt;

defaultroute    # put this if you want that PPP server will be your
                # default router</programlisting>
	  
      <para>To connect:</para>
      
      <procedure>
	<step>
	  <para>Dial to the remote host using kermit (or other modem program)
	    enter your user name and password (or whatever is needed to enable
	    PPP on the remote host)</para>
	</step>

	<step>
	  <para>Exit kermit (without hanging up the line).</para>
	</step>

	<step>
	  <para>enter:</para>
	  
	  <screen>&prompt.root; <userinput>/usr/src/usr.sbin/pppd.new/pppd <replaceable>/dev/tty01</replaceable> <replaceable>19200</replaceable></userinput></screen>

	  <para>Use the appropriate speed and device name.</para>
	</step>
      </procedure>
      
      <para>Now your computer is connected with PPP.  If the connection fails
	for some reasons you can add the <option>debug</option> option to the
	<filename>/etc/ppp/options</filename> file and check messages on the
	console to track the problem</para>
	  
      <para>Following <filename>/etc/ppp/pppup</filename> script will make all
	3 stages automatically:</para>

      <programlisting>
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing pppd, PID=' ${pid}
        kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing kermit, PID=' ${pid}
        kill -9 ${pid}
fi

ifconfig ppp0 down
ifconfig ppp0 delete

kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200</programlisting>
	  
      <para><filename>/etc/ppp/kermit.dial</filename> is kermit script that
	dials and makes all necessary authorization on the remote host.
	(Example of such script is attached to the end of this
	document)</para>
	  
      <para>Use the following <filename>/etc/ppp/pppdown</filename> script to
	disconnect the PPP line:</para>

      <programlisting>
#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
        echo 'killing pppd, PID=' ${pid}
        kill -TERM ${pid}
fi

ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing kermit, PID=' ${pid}
        kill -9 ${pid}
fi

/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptest</programlisting>
	  
      <para>Check if PPP is still running
	(<filename>/usr/etc/ppp/ppptest</filename>):</para>

      <programlisting>
#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
        echo 'pppd running: PID=' ${pid-NONE}
else
        echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0</programlisting>
	  
      <para>Hangs up modem line
	(<filename>/etc/ppp/kermit.hup</filename>):</para>

      <programlisting>
set line /dev/tty01	; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none

pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exit</programlisting>
	  
      <para>Here is an alternate method using <command>chat</command> instead
	of <command>kermit</command>.</para>
      
      <para><emphasis>Contributed by &a.rhuff;.</emphasis></para>
      
      <para>The following two files are sufficient to accomplish a pppd
	connection.</para>
      
      <para><filename>/etc/ppp/options</filename>:</para>
      
      <programlisting>
/dev/cuaa1 115200

crtscts		# enable hardware flow control
modem		# modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault	# remote PPP serve must supply your IP address.
	        # if the remote host doesn't send your IP during
                # IPCP negotiation, remove this option
passive         # wait for LCP packets
domain &lt;your.domain&gt;	# put your domain name here

:		# put the IP of remote PPP host here
	        # it will be used to route packets via PPP link
                # if you didn't specified the noipdefault option
                # change this line to &lt;local_ip&gt;:&lt;remote_ip&gt;

defaultroute	# put this if you want that PPP server will be
	        # your default router</programlisting>
	  
      <para><filename>/etc/ppp/login.chat.script</filename>:</para>
      
      <para>(This should actually go into a single line.)</para>
      
      <programlisting>
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT&lt;phone.number&gt;
  CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: &lt;login-id&gt;
  TIMEOUT 5 sword: &lt;password&gt;</programlisting>
	  
      <para>Once these are installed and modified correctly, all you need to
	do is</para>
	  
      <screen>&prompt.root; <userinput>pppd</userinput></screen>
      
      <para>This sample based primarily on information provided by: Trev
	Roydhouse &lt;Trev.Roydhouse@f401.n711.z3.fidonet.org&gt; and used by
	permission.</para>
    </sect2>
    
    <sect2>
      <title>Working as a PPP server</title>
      
      <para><filename>/etc/ppp/options</filename>:</para>

      <programlisting>
crtscts                         # Hardware flow control
netmask 255.255.255.0           # netmask ( not required )
192.114.208.20:192.114.208.165  # ip's of local and remote hosts
                                # local ip must be different from one
                                # you assigned to the ethernet ( or other )
                                # interface on your machine.
                                # remote IP is ip address that will be 
                                # assigned to the remote machine
domain ppp.foo.com              # your domain
passive                         # wait for LCP
modem                           # modem line</programlisting>
	  
      <para>Following <filename>/etc/ppp/pppserv</filename> script will enable
	ppp server on your machine:</para>

      <programlisting>
#!/bin/sh 
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing pppd, PID=' ${pid}
        kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing kermit, PID=' ${pid}
        kill -9 ${pid}
fi

# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete

# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans

# run ppp
pppd /dev/tty01 19200</programlisting>
	  
      <para>Use this <filename>/etc/ppp/pppservdown</filename> script to stop
	ppp server:</para>

      <programlisting>
#!/bin/sh 
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing pppd, PID=' ${pid}
        kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
        echo 'killing kermit, PID=' ${pid}
        kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete

kermit -y /etc/ppp/kermit.noans</programlisting>
	  
      <para>Following kermit script will enable/disable autoanswer mode on
	your modem (<filename>/etc/ppp/kermit.ans</filename>):</para>

      <programlisting>
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none

pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13   ; change this to out ATS0=0\13 if you want to disable
                ; autoanswer mod
inp 5 OK
echo \13
exit</programlisting>
	  
      <para>This <filename>/etc/ppp/kermit.dial</filename> script is used for
	dialing and authorizing on remote host.  You will need to customize it
	for your needs.  Put your login and password in this script, also you
	will need to change input statement depending on responses from your
	modem and remote host.</para>

      <programlisting>
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary            ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto                ; Then SET CARRIER if necessary,
set dial display on             ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0                       ; login prompt counter
goto slhup

:slcmd                          ; put the modem in command mode
echo Put the modem in command mode.
clear                           ; Clear unread characters from input buffer
pause 1
output +++                      ; hayes escape sequence
input 1 OK\13\10                ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd              ; if modem doesn't answer OK, try again

:slhup                          ; hang up the phone
clear                           ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13                  ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd              ; if no OK answer, put modem in command mode

:sldial                         ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10               ; put phone number here
assign \%x 0                    ; zero the time counter

:look
clear                           ; Clear unread characters from input buffer
increment \%x                   ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup

:sllogin                        ; login
assign \%x 0                    ; zero the time counter
pause 1
echo Looking for login prompt.

:slloop
increment \%x                   ; Count the seconds
clear                           ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop         ; try 10 times to get a login prompt
else goto slhup                 ; hang up and start again if 10 failures

:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit

:slnodial
echo \7No dialtone.  Check the telephone line!\7
exit 1

; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:</programlisting>
    </sect2>
  </sect1>
  
  <sect1 id="pppoe">
    <title>Setting up PPP over Ethernet (PPPoE)</title>

    <para><emphasis>Contributed by &a.jim;  (from <ulink
      url="http://www-dev.node.to/freebsd/how-tos/how-to-freebsd-pppoe.html">node.to</ulink>) 10 Jan 2000.</emphasis></para>

    <para>The following describes how to set up PPP over Ethernet, a.k.a,
      PPPoE.</para>

    <sect2>
      <title>Prerequisites</title>

      <para>There are a few requirements that your system will need to meet
        in order for PPPoE to function properly.  They are:</para>

      <itemizedlist>
        <listitem>
          <para>Kernel source for FreeBSD &rel.current;-STABLE</para>
        </listitem>

        <listitem>
          <para><application>ppp</application> and
	    <application>pppd</application> from FreeBSD
	    &rel.current;-STABLE</para>
        </listitem>

        <listitem>
          <para>Any dependencies for the above</para>
        </listitem>
      </itemizedlist>
    </sect2>

    <sect2>
      <title>Kernel Configuration</title>

      <para>You will need to set the following options in your kernel
        configuration and then <link linkend="kernelconfig">compile a new
        kernel</link>.</para>

      <itemizedlist>
        <listitem>
          <para>options NETGRAPH</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_ASYNC</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_BPF</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_CISCO</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_ECHO</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_FRAME_RELAY</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_HOLE</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_IFACE</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_KSOCKET</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_LMI</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_PPP</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_PPPOE</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_PPTPGRE</para>
        </listitem>

        <listitem>
          <para>options "NETGRAPH_RFC1490"</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_SOCKET</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_TEE</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_TTY</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_UI</para>
        </listitem>

        <listitem>
          <para>options NETGRAPH_VJC</para>
        </listitem>
      </itemizedlist>

      <para>Add the above to your kernel configuration, recompile,
        install, and then reboot your system.</para>
    </sect2>

    <sect2>
      <title>Setting up <filename>ppp.conf</filename></title>

      <para>Here is an example of a working
        <filename>ppp.conf</filename>:</para>

      <programlisting>
default: # or name_of_service_provider
  set device PPPoE:xl1 # replace xl1 with your ethernet device
  set MRU 1490
  set MTU 1490
  set authname YOURLOGINNAME
  set authkey YOURPASSWORD
  set log Phase tun command # you can add more detailed logging if you wish
  set dial
  set login "TIMEOUT 1.5 name:-\\r-login:\\U word:\\P ocol:PPP HELLO" # this isn't necessary
  set ifaddr 10.0.0.1/0 10.0.0.2/0
  add default HISADDR
  nat enable yes # if you want to enable nat for your local net
  set cd off
  set crtscts off

papchap:
  set authname YOURLOGINNAME
  set authkey YOURPASSWORD</programlisting>
    </sect2>

    <sect2>
      <title>Running <application>PPP</application></title>

      <para>As root, you can run either:</para>

      <screen>&prompt.root; <userinput>ppp -dedicated</userinput></screen>

      <para>or</para>

      <screen>&prompt.root; <userinput>ppp -dedicated name_of_service_provider</userinput></screen>

      <para>depending on how you have set up
        <filename>ppp.conf</filename>.</para>
    </sect2>

    <sect2>
      <title>Starting <application>PPP</application> at Boot</title>

      <para>Add the following to your <filename>/etc/rc.conf</filename>
        file:</para>

      <programlisting>
ppp_enable="YES"
ppp_mode="dedicated"
ppp_nat="YES"
ppp_profile="default" # or your provider</programlisting>
    </sect2>
  </sect1>

  <sect1 id="slipc">
    <title>Setting up a SLIP Client</title>
    
    <para><emphasis>Contributed by &a.asami;  8 Aug 1995.</emphasis></para>

    <para>The following is one way to set up a FreeBSD machine for SLIP on a
      static host network.  For dynamic hostname assignments (i.e., your
      address changes each time you dial up), you probably need to do
      something much fancier.</para>

    <para>First, determine which serial port your modem is connected to.  I
      have a symbolic link to <filename>/dev/modem</filename> from
      <filename>/dev/cuaa1</filename>, and only use the modem name in my
      configuration files.  It can become quite cumbersome when you need to
      fix a bunch of files in <filename>/etc</filename> and
      <filename>.kermrc</filename>'s all over the system!</para>

    <note>
      <para><filename>/dev/cuaa0</filename> is <devicename>COM1</devicename>,
	<filename>cuaa1</filename> is <devicename>COM2</devicename>,
	etc.</para>
    </note>
    
    <para>Make sure you have
      
      <programlisting>
pseudo-device   sl      1</programlisting>

      in your kernel's config file.  It is included in the
      <filename>GENERIC</filename> kernel, so this will not be a problem
      unless you deleted it.</para>

    <sect2>
      <title>Things you have to do only once</title>
	  
      <procedure>
	<step>
	  <para>Add your home machine, the gateway and nameservers to your
	    <filename>/etc/hosts</filename> file.  Mine looks like
	    this:</para>

	  <programlisting>
127.0.0.1               localhost loghost
136.152.64.181          silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1            inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9            ns1.Berkeley.edu ns1
128.32.136.12           ns2.Berkeley.edu ns2</programlisting>

	  <para>By the way, silvia is the name of the car that I had when I
	    was back in Japan (it is called 2?0SX here in U.S.).</para>
	</step>
	      
	<step>
	  <para>Make sure you have <option>hosts</option> before
	    <option>bind</option> in your <filename>/etc/host.conf</filename>.
	    Otherwise, funny things may happen.</para>
	</step>

	<step>
	  <para>Edit the file <filename>/etc/rc.conf</filename>.  Note that
	    you should edit the file <filename>/etc/sysconfig</filename>
	    instead if you are running FreeBSD previous to version
	    2.2.2.</para>
	  
	  <orderedlist>
	    <listitem>
	      <para>Set your hostname by editing the line that says:</para>
	      
	      <programlisting>
hostname=myname.my.domain</programlisting>

	      <para>You should give it your full Internet hostname.</para>
	    </listitem>
	    
	    <listitem>
	      <para>Add sl0 to the list of network interfaces by changing the
		line that says:</para>
		      
	      <programlisting>
network_interfaces="lo0"</programlisting>

	      <para>to:</para>
	      
	      <programlisting>
network_interfaces="lo0 sl0"</programlisting>
	    </listitem>
	    
	    <listitem>
	      <para>Set the startup flags of sl0 by adding a line:</para>
	      
	      <programlisting>
ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"</programlisting>
	    </listitem>
	    
	    <listitem>
	      <para>Designate the default router by changing the line:</para>

	      <programlisting>
defaultrouter=NO</programlisting>

	      <para>to:</para>

	      <programlisting>
defaultrouter=slip-gateway</programlisting>
	    </listitem>
	  </orderedlist>
	</step>

	<step>
	  <para>Make a file <filename>/etc/resolv.conf</filename> which
	    contains:</para>

	  <programlisting>
domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12</programlisting>

	  <para>As you can see, these set up the nameserver hosts.  Of course,
	    the actual domain names and addresses depend on your
	    environment.</para>
	</step>
	      
	<step>
	  <para>Set the password for root and toor (and any other accounts
	    that does not have a password).  Use passwd, do not edit the
	    <filename>/etc/passwd</filename> or
	    <filename>/etc/master.passwd</filename> files!</para>
	</step>
	      
	<step>
	  <para>Reboot your machine and make sure it comes up with the correct
	    hostname.</para>
	</step>
      </procedure>
    </sect2>
    
    <sect2>
      <title>Making a SLIP connection</title>
      
      <procedure>
	<step>
	  <para>Dial up, type <command>slip</command> at the prompt, enter
	    your machine name and password.  The things you need to enter
	    depends on your environment.  I use kermit, with a script like
	    this:</para>

	  <programlisting>
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a</programlisting>

	  <para>(of course, you have to change the hostname and password to
	    fit yours).  Then you can just type <command>slip</command> from
	    the kermit prompt to get connected.</para>

	  <note>
	    <para>Leaving your password in plain text anywhere in the
	      filesystem is generally a BAD idea.  Do it at your own risk.  I
	      am just too lazy.</para>
	  </note>
	</step>

	<step>
	  <para>Leave the kermit there (you can suspend it by
	    <command>z</command>) and as root, type:</para>

	  <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>
		  
	  <para>If you are able to <command>ping</command> hosts on the other
	    side of the router, you are connected! If it does not work, you
	    might want to try <option>-a</option> instead of
	    <option>-c</option> as an argument to slattach.</para>
	</step>
      </procedure>
    </sect2>

    <sect2>
      <title>How to shutdown the connection</title>
      
      <para>Type
	    
	      <screen>&prompt.root; <userinput>kill -INT `cat /var/run/slattach.modem.pid`</userinput></screen>

	(as root) to kill slattach.  Then go back to kermit
	(<command>fg</command> if you suspended it) and exit from it
	(<command>q</command>).</para>

      <para>The slattach man page says you have to use <command>ifconfig sl0
	  down</command> to mark the interface down, but this does not seem to
	make any difference for me.  (<command>ifconfig sl0</command> reports
	the same thing.)</para>
	  
      <para>Some times, your modem might refuse to drop the carrier (mine
	often does).  In that case, simply start kermit and quit it again. It
	usually goes out on the second try.</para>
    </sect2>
    
    <sect2>
      <title>Troubleshooting</title>
	  
      <para>If it does not work, feel free to ask me.  The things that people
	tripped over so far:</para>
	  
      <itemizedlist>
	<listitem>
	  <para>Not using <option>-c</option> or <option>-a</option> in
	    slattach (I have no idea why this can be fatal, but adding this
	    flag solved the problem for at least one person)</para>
	</listitem>

	<listitem>
	  <para>Using <option>s10</option> instead of <option>sl0</option>
	    (might be hard to see the difference on some fonts).</para>
	</listitem>

	<listitem>
	  <para>Try <command>ifconfig sl0</command> to see your interface
	    status.  I get:</para>
		  
	  <screen>&prompt.root; <userinput>ifconfig sl0</userinput>
sl0: flags=10&lt;POINTOPOINT&gt;
        inet 136.152.64.181 --&gt; 136.152.64.1 netmask ffffff00</screen>
	</listitem>
	      
	<listitem>
	  <para>Also, <command>netstat -r</command> will give the routing
	    table, in case you get the "no route to host" messages from ping.
	    Mine looks like:</para>

	  <screen>&prompt.root; <userinput>netstat -r</userinput>
Routing tables
Destination      Gateway            Flags     Refs     Use  IfaceMTU    Rtt    Netmasks:

(root node)
(root node)

Route Tree for Protocol Family inet:
(root node) =&gt;
default          inr-3.Berkeley.EDU UG          8   224515  sl0 -      -
localhost.Berkel localhost.Berkeley UH          5    42127  lo0 -       0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH          1        0  sl0 -      -
silvia.HIP.Berke localhost.Berkeley UGH        34 47641234  lo0 -       0.438
(root node)</screen>
		  
	  <para>(this is after transferring a bunch of files, your numbers
	    should be smaller).</para>
	</listitem>
      </itemizedlist>
    </sect2>
  </sect1>
  
  <sect1 id="slips">
    <title>Setting up a SLIP Server</title>
    
    <para><emphasis>Contributed by &a.ghelmer;.  v1.0, 15 May
	1995.</emphasis></para>
    
    <para>This document provides suggestions for setting up SLIP Server
      services on a FreeBSD system, which typically means configuring your
      system to automatically startup connections upon login for remote SLIP
      clients.  The author has written this document based on his experience;
      however, as your system and needs may be different, this document may
      not answer all of your questions, and the author cannot be responsible
      if you damage your system or lose data due to attempting to follow the
      suggestions here.</para>

    <para>This guide was originally written for SLIP Server services on a
      FreeBSD 1.x system.  It has been modified to reflect changes in the
      pathnames and the removal of the SLIP interface compression flags in
      early versions of FreeBSD 2.X, which appear to be the only major changes
      between FreeBSD versions.  If you do encounter mistakes in this
      document, please email the author with enough information to help
      correct the problem.</para>

    <sect2 id="slips-prereqs">
      <title>Prerequisites</title>
	  
      <para>This document is very technical in nature, so background knowledge
	is required.  It is assumed that you are familiar with the TCP/IP
	network protocol, and in particular, network and node addressing,
	network address masks, subnetting, routing, and routing protocols,
	such as RIP.  Configuring SLIP services on a dial-up server requires a
	knowledge of these concepts, and if you are not familiar with them,
	please read a copy of either Craig Hunt's <emphasis>TCP/IP Network
	  Administration</emphasis> published by O'Reilly &amp; Associates,
	Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the
	TCP/IP protocol.</para>
	  
      <para>It is further assumed that you have already setup your modem(s)
	and configured the appropriate system files to allow logins through
	your modems.  If you have not prepared your system for this yet,
	please see the tutorial for configuring dialup services; if you have a
	World-Wide Web browser available, browse the list of tutorials at
	<ulink url="http://www.FreeBSD.org/">http://www.FreeBSD.org/</ulink>;
	otherwise, check the place where you found this document for a
	document named <filename>dialup.txt</filename> or something similar.
	You may also want to check the manual pages for
	    &man.sio.4; for information on the serial port device driver and
	  &man.ttys.5;, &man.gettytab.5;, &man.getty.8;, &amp; &man.init.8;
	for information relevant to configuring the system to accept logins on
	modems, and perhaps &man.stty.1; for information on setting serial
	port parameters (such as <literal>clocal</literal> for
	directly-connected serial interfaces).</para>
    </sect2>
    
    <sect2>
      <title>Quick Overview</title>
      
      <para>In its typical configuration, using FreeBSD as a SLIP server works
	as follows: a SLIP user dials up your FreeBSD SLIP Server system and
	logs in with a special SLIP login ID that uses
	<filename>/usr/sbin/sliplogin</filename> as the special user's shell.
	The <command>sliplogin</command> program browses the file
	<filename>/etc/sliphome/slip.hosts</filename> to find a matching line
	for the special user, and if it finds a match, connects the serial
	line to an available SLIP interface and then runs the shell script
	<filename>/etc/sliphome/slip.login</filename> to configure the SLIP
	interface.</para>
      
      <sect3>
	<title>An Example of a SLIP Server Login</title>

	<para>For example, if a SLIP user ID were
	  <username>Shelmerg</username>, <username>Shelmerg</username>'s entry
	  in <filename>/etc/master.passwd</filename> would look something like
	  this (except it would be all on one line):</para>
	    
	<programlisting>
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin</programlisting>
	    
	<para>When <username>Shelmerg</username> logs in,
	  <command>sliplogin</command> will search
	  <filename>/etc/sliphome/slip.hosts</filename> for a line that had a
	  matching user ID; for example, there may be a line in
	  <filename>/etc/sliphome/slip.hosts</filename> that reads:</para>
	    
	<programlisting>
Shelmerg        dc-slip sl-helmer       0xfffffc00		  autocomp</programlisting>
	    
	<para><command>sliplogin</command> will find that matching line, hook
	  the serial line into the next available SLIP interface, and then
	  execute <filename>/etc/sliphome/slip.login</filename> like
	  this:</para>
	    
	<programlisting>
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting>
	    
	<para>If all goes well, <filename>/etc/sliphome/slip.login</filename>
	  will issue an <command>ifconfig</command> for the SLIP interface to
	  which <command>sliplogin</command> attached itself (slip interface
	  0, in the above example, which was the first parameter in the list
	  given to <filename>slip.login</filename>) to set the local IP
	  address (<hostid>dc-slip</hostid>), remote IP address
	  (<hostid>sl-helmer</hostid>), network mask for the SLIP interface
	  (<hostid role="netmask">0xfffffc00</hostid>), and any additional
	  flags (<literal>autocomp</literal>).  If something goes wrong,
	  <command>sliplogin</command> usually logs good informational
	  messages via the <literal>daemon</literal> syslog facility, which
	  usually goes into <filename>/var/log/messages</filename> (see the
	  manual pages for &man.syslogd.8; and
	    &man.syslog.conf.5, and perhaps check
	  <filename>/etc/syslog.conf</filename> to see to which files
	  <command>syslogd</command> is logging).</para>
	    
	<para>OK, enough of the examples &mdash; let us dive into setting up
	  the system.</para>
      </sect3>
    </sect2>
    
    <sect2>
      <title>Kernel Configuration</title>
      
      <para>FreeBSD's default kernels usually come with two SLIP interfaces
	defined (<devicename>sl0</devicename> and
	<devicename>sl1</devicename>); you can use <command>netstat
	  -i</command> to see whether these interfaces are defined in your
	kernel.</para>
      
      <para>Sample output from <command>netstat -i</command>:</para>
	  
      <screen>Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
ed0   1500  &lt;Link&gt;0.0.c0.2c.5f.4a         291311     0   174209     0   133
ed0   1500  138.247.224 ivory             291311     0   174209     0   133
lo0   65535 &lt;Link&gt;                            79     0       79     0     0
lo0   65535 loop        localhost             79     0       79     0     0
sl0*  296   &lt;Link&gt;                             0     0        0     0     0
sl1*  296   &lt;Link&gt;                             0     0        0     0     0</screen>
	    
      <para>The <devicename>sl0</devicename> and <devicename>sl1</devicename>
	interfaces shown in <command>netstat -i</command>'s output indicate
	that there are two SLIP interfaces built into the kernel.  (The
	asterisks after the <literal>sl0</literal> and <literal>sl1</literal>
	indicate that the interfaces are &ldquo;down&rdquo;.)</para>
	  
      <para>However, FreeBSD's default kernels do not come configured to
	forward packets (ie, your FreeBSD machine will not act as a router)
	due to Internet RFC requirements for Internet hosts (see RFC's 1009
	[Requirements for Internet Gateways], 1122 [Requirements for Internet
	Hosts &mdash; Communication Layers], and perhaps 1127 [A Perspective
	on the Host Requirements RFCs]), so if you want your FreeBSD SLIP
	Server to act as a router, you will have to edit the
	<filename>/etc/rc.conf</filename> file (called
	<filename>/etc/sysconfig</filename> in FreeBSD releases prior to
	2.2.2) and change the setting of the <literal>gateway</literal>
	variable to <option>YES</option>. If you have an older system which
	predates even the <filename>/etc/sysconfig</filename> file, then add
	the following command:

	    <programlisting>
sysctl -w net.inet.ip.forwarding = 1</programlisting>

	to your <filename>/etc/rc.local</filename> file.</para>
	  
      <para>You will then need to reboot for the new settings to take
	effect.</para>
      
      <para>You will notice that near the end of the default kernel
	configuration file (<filename>/sys/i386/conf/GENERIC</filename>) is a
	line that reads:</para>
	  
      <programlisting>
pseudo-device sl 2</programlisting>
	  
      <para>This is the line that defines the number of SLIP devices available
	in the kernel; the number at the end of the line is the maximum number
	of SLIP connections that may be operating simultaneously.</para>
	  
      <para>Please refer to <link linkend="kernelconfig">Configuring the
	  FreeBSD Kernel</link> for help in reconfiguring your kernel.</para>
    </sect2>
    
    <sect2>
      <title>Sliplogin Configuration</title>
      
      <para>As mentioned earlier, there are three files in the
	<filename>/etc/sliphome</filename> directory that are part of the
	configuration for <filename>/usr/sbin/sliplogin</filename> (see
	    &man.sliplogin.8; for the actual manual page for
	<command>sliplogin</command>): <filename>slip.hosts</filename>, which
	defines the SLIP users &amp; their associated IP addresses;
	<filename>slip.login</filename>, which usually just configures the
	SLIP interface; and (optionally) <filename>slip.logout</filename>,
	which undoes <filename>slip.login</filename>'s effects when the serial
	connection is terminated.</para>
      
      <sect3>
	<title><filename>slip.hosts</filename> Configuration</title>

	<para><filename>/etc/sliphome/slip.hosts</filename> contains lines
	  which have at least four items, separated by whitespace:</para>

	<itemizedlist>
	  <listitem>
	    <para>SLIP user's login ID</para>
	  </listitem>
	  
	  <listitem>
	    <para>Local address (local to the SLIP server) of the SLIP
	      link</para>
	  </listitem>
	  
	  <listitem>
	    <para>Remote address of the SLIP link</para>
	  </listitem>
	  
	  <listitem>
	    <para>Network mask</para>
	  </listitem>
	</itemizedlist>

	<para>The local and remote addresses may be host names (resolved to IP
	  addresses by <filename>/etc/hosts</filename> or by the domain name
	  service, depending on your specifications in
	  <filename>/etc/host.conf</filename>), and I believe the network mask
	  may be a name that can be resolved by a lookup into
	  <filename>/etc/networks</filename>.  On a sample system,
	  <filename>/etc/sliphome/slip.hosts</filename> looks like
	  this:</para>
	    
	<programlisting>
#
# login local-addr      remote-addr     mask            opt1    opt2 
#                                               (normal,compress,noicmp)
#
Shelmerg  dc-slip       sl-helmerg      0xfffffc00      autocomp</programlisting>
	    
	<para>At the end of the line is one or more of the options.</para>

	<itemizedlist>
	  <listitem>
	    <para><option>normal</option> &mdash; no header compression</para>
	  </listitem>
	  
	  <listitem>
	    <para><option>compress</option> &mdash; compress headers</para>
	  </listitem>
	  
	  <listitem>
	    <para><option>autocomp</option> &mdash; compress headers if the
	      remote end allows it</para>
	  </listitem>
	  
	  <listitem>
	    <para><option>noicmp</option> &mdash; disable ICMP packets (so any
	      &ldquo;ping&rdquo; packets will be dropped instead of using up
	      your bandwidth)</para>
	  </listitem>
	</itemizedlist>

	<para>Note that <command>sliplogin</command> under early releases of
	  FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the
	  options <option>normal</option>, <option>compress</option>,
	  <option>autocomp</option>, and <option>noicmp</option> had no effect
	  until support was added in FreeBSD 2.2 (unless your
	  <filename>slip.login</filename> script included code to make use of
	  the flags).</para>
	    
	<para>Your choice of local and remote addresses for your SLIP links
	  depends on whether you are going to dedicate a TCP/IP subnet or if
	  you are going to use &ldquo;proxy ARP&rdquo; on your SLIP server (it
	  is not &ldquo;true&rdquo; proxy ARP, but that is the terminology
	  used in this document to describe it).  If you are not sure which
	  method to select or how to assign IP addresses, please refer to the
	  TCP/IP books referenced in the <link
	    linkend="slips-prereqs">slips-prereqs</link> section and/or
	  consult your IP network manager.</para>
	    
	<para>If you are going to use a separate subnet for your SLIP clients,
	  you will need to allocate the subnet number out of your assigned IP
	  network number and assign each of your SLIP client's IP numbers out
	  of that subnet.  Then, you will probably either need to configure a
	  static route to the SLIP subnet via your SLIP server on your nearest
	  IP router, or install <command>gated</command> on your FreeBSD SLIP
	  server and configure it to talk the appropriate routing protocols to
	  your other routers to inform them about your SLIP server's route to
	  the SLIP subnet.</para>
	    
	<para>Otherwise, if you will use the &ldquo;proxy ARP&rdquo; method,
	  you will need to assign your SLIP client's IP addresses out of your
	  SLIP server's Ethernet subnet, and you will also need to adjust your
	  <filename>/etc/sliphome/slip.login</filename> and
	  <filename>/etc/sliphome/slip.logout</filename> scripts to use
	      &man.arp.8; to manage the proxy-ARP entries in the SLIP server's
	  ARP table.</para>
      </sect3>
      
      <sect3>
	<title><filename>slip.login</filename> Configuration</title>

	<para>The typical <filename>/etc/sliphome/slip.login</filename> file
	  looks like this:</para>
	    
	<programlisting>
#!/bin/sh -
#
#       @(#)slip.login  5.1 (Berkeley) 7/1/90

#
# generic login file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6</programlisting>
	    
	<para>This <filename>slip.login</filename> file merely
	  <command>ifconfig</command>'s the appropriate SLIP interface with
	  the local and remote addresses and network mask of the SLIP
	  interface.</para>
	    
	<para>If you have decided to use the &ldquo;proxy ARP&rdquo; method
	  (instead of using a separate subnet for your SLIP clients), your
	  <filename>/etc/sliphome/slip.login</filename> file will need to look
	  something like this:</para>
	    
	<programlisting>
#!/bin/sh -
#
#       @(#)slip.login  5.1 (Berkeley) 7/1/90

#
# generic login file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6 
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub</programlisting>
	    
	<para>The additional line in this <filename>slip.login</filename>,
	  <command>arp -s &#36;5 00:11:22:33:44:55 pub</command>, creates an
	  ARP entry in the SLIP server's ARP table.  This ARP entry causes the
	  SLIP server to respond with the SLIP server's Ethernet MAC address
	  whenever a another IP node on the Ethernet asks to speak to the SLIP
	  client's IP address.</para>
	    
	<para>When using the example above, be sure to replace the Ethernet
	  MAC address (<hostid role="mac">00:11:22:33:44:55</hostid>) with the
	  MAC address of your system's Ethernet card, or your &ldquo;proxy
	  ARP&rdquo; will definitely not work! You can discover your SLIP
	  server's Ethernet MAC address by looking at the results of running
	  <command>netstat -i</command>; the second line of the output should
	  look something like:</para>
	    
	<screen>ed0   1500  &lt;Link&gt;0.2.c1.28.5f.4a         191923	0   129457     0   116</screen>
	    
	<para>This indicates that this particular system's Ethernet MAC
	  address is <hostid role="mac">00:02:c1:28:5f:4a</hostid> &mdash; the
	  periods in the Ethernet MAC address given by <command>netstat
	    -i</command> must be changed to colons and leading zeros should be
	  added to each single-digit hexadecimal number to convert the address
	  into the form that
	      &man.arp.8; desires; see the manual page on &man.arp.8; for
	  complete information on usage.</para>

	<note>
	  <para>When you create <filename>/etc/sliphome/slip.login</filename>
	    and <filename>/etc/sliphome/slip.logout</filename>, the
	    &ldquo;execute&rdquo; bit (ie, <command>chmod 755
	      /etc/sliphome/slip.login /etc/sliphome/slip.logout</command>)
	    must be set, or <command>sliplogin</command> will be unable to
	    execute it.</para>
	</note>
      </sect3>
      
      <sect3>
	<title><filename>slip.logout</filename> Configuration</title>

	<para><filename>/etc/sliphome/slip.logout</filename> is not strictly
	  needed (unless you are implementing &ldquo;proxy ARP&rdquo;), but if
	  you decide to create it, this is an example of a basic
	  <filename>slip.logout</filename> script:</para>
	    
	<programlisting>
#!/bin/sh -
#
#       slip.logout

#
# logout file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down</programlisting>

	<para>If you are using &ldquo;proxy ARP&rdquo;, you will want to have
	  <filename>/etc/sliphome/slip.logout</filename> remove the ARP entry
	  for the SLIP client:</para>
	    
	<programlisting>
#!/bin/sh -
#
#       @(#)slip.logout

#
# logout file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5</programlisting>
	    
	<para>The <command>arp -d &#36;5</command> removes the ARP entry that
	  the &ldquo;proxy ARP&rdquo; <filename>slip.login</filename> added
	  when the SLIP client logged in.</para>
	    
	    <para>It bears repeating: make sure
	      <filename>/etc/sliphome/slip.logout</filename> has the execute
	      bit set for after you create it (ie, <command>chmod
		755 /etc/sliphome/slip.logout</command>).</para>
      </sect3>
    </sect2>
    
    <sect2>
      <title>Routing Considerations</title>
      
      <para>If you are not using the &ldquo;proxy ARP&rdquo; method for
	routing packets between your SLIP clients and the rest of your network
	(and perhaps the Internet), you will probably either have to add
	static routes to your closest default router(s) to route your SLIP
	client subnet via your SLIP server, or you will probably need to
	install and configure <command>gated</command> on your FreeBSD SLIP
	server so that it will tell your routers via appropriate routing
	protocols about your SLIP subnet.</para>
	  
      <sect3>
	<title>Static Routes</title>

	<para>Adding static routes to your nearest default routers can be
	  troublesome (or impossible, if you do not have authority to do
	  so...).  If you have a multiple-router network in your organization,
	  some routers, such as Cisco and Proteon, may not only need to be
	  configured with the static route to the SLIP subnet, but also need
	  to be told which static routes to tell other routers about, so some
	  expertise and troubleshooting/tweaking may be necessary to get
	  static-route-based routing to work.</para>
      </sect3>
      
      <sect3>
	<title>Running <command>gated</command></title>

	<para>An alternative to the headaches of static routes is to install
	  <command>gated</command> on your FreeBSD SLIP server and configure
	  it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to
	  tell other routers about your SLIP subnet. You can use
	  <command>gated</command> from the <link linkend="ports">ports
	    collection</link> or retrieve and build it yourself from <ulink
	    url="ftp://ftp.gated.merit.edu/research.and.development/gated/">the
	    GateD anonymous ftp site</ulink>; I believe the current version as
	  of this writing is <filename>gated-R3_5Alpha_8.tar.Z</filename>,
	  which includes support for FreeBSD &ldquo;out-of-the-box&rdquo;.
	  Complete information and documentation on <command>gated</command>
	  is available on the Web starting at <ulink
	    url="http://www.gated.merit.edu/">the Merit GateD
	    Consortium</ulink>.  Compile and install it, and then write a
	  <filename>/etc/gated.conf</filename> file to configure your gated;
	  here is a sample, similar to what the author used on a FreeBSD SLIP
	  server:</para>
	    
	<programlisting>
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;

rip yes {
  interface sl noripout noripin ;
  interface ed ripin ripout version 1 ;
  traceoptions route ;
} ;

#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
  traceoptions remnants request routes info interface ;
} ;

#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#

export proto rip interface ed {
  proto direct {
      <replaceable>xxx.xxx.yy</replaceable> mask 255.255.252.0 metric 1; # SLIP connections
  } ;
} ;

#
# Accept routes from RIP via ed Ethernet interfaces
	      
import proto rip interface ed {
  all ;
} ;</programlisting>
	    
	<para>The above sample <filename>gated.conf</filename> file broadcasts
	  routing information regarding the SLIP subnet
	  <replaceable>xxx.xxx.yy</replaceable> via RIP onto the Ethernet; if
	  you are using a different Ethernet driver than the
	  <devicename>ed</devicename> driver, you will need to change the
	  references to the <devicename>ed</devicename> interface
	  appropriately.  This sample file also sets up tracing to
	  <filename>/var/tmp/gated.output</filename> for debugging
	  <command>gated</command>'s activity; you can certainly turn off the
	  tracing options if <command>gated</command> works OK for you.  You
	  will need to change the <replaceable>xxx.xxx.yy</replaceable>'s into
	  the network address of your own SLIP subnet (be sure to change the
	  net mask in the <literal>proto direct</literal> clause as
	  well).</para>
	    
	<para>When you get <command>gated</command> built and installed and
	  create a configuration file for it, you will need to run
	  <command>gated</command> in place of <command>routed</command> on
	  your FreeBSD system; change the <filename>routed/gated</filename>
	  startup parameters in <filename>/etc/netstart</filename> as
	  appropriate for your system.  Please see the manual page for
	  <command>gated</command> for information on
	  <command>gated</command>'s command-line parameters.</para>
      </sect3>
    </sect2>
    
    <sect2>
      <title>Acknowledgments</title>
      
      <para>Thanks to these people for comments and advice regarding this
	tutorial:</para>
      
      <variablelist>
	<varlistentry>
	  <term>&a.wilko;</term>

	  <listitem>
	    <para></para>
	  </listitem>
	</varlistentry>

	<varlistentry>
	  <term>Piero Serini</term>
	  
	  <listitem>
	    <para><email>Piero@Strider.Inet.IT</email></para>
	  </listitem>
	</varlistentry>
      </variablelist>
    </sect2>
  </sect1>
</chapter>

<!-- 
     Local Variables:
     mode: sgml
     sgml-declaration: "../chapter.decl"
     sgml-indent-data: t
     sgml-omittag: nil
     sgml-always-quote-attributes: t
     sgml-parent-document: ("../book.sgml" "part" "chapter")
     End:
-->