diff options
Diffstat (limited to 'etc/ppp/ppp.conf.sample')
-rw-r--r-- | etc/ppp/ppp.conf.sample | 315 |
1 files changed, 315 insertions, 0 deletions
diff --git a/etc/ppp/ppp.conf.sample b/etc/ppp/ppp.conf.sample new file mode 100644 index 00000000000..6543fff16c2 --- /dev/null +++ b/etc/ppp/ppp.conf.sample @@ -0,0 +1,315 @@ +################################################################# +# +# PPP Sample Configuration File +# +# Originally written by Toshiharu OHNO +# +# $Id: ppp.conf.sample,v 1.1 1997/11/23 20:27:39 brian Exp $ +# +################################################################# + +# This file is separated into sections. Each section is named with +# a label starting in column 0 and followed directly by a ``:''. The +# section continues until the next section. Blank lines and lines +# beginning with ``#'' are ignored. +# +# Lines beginning with "!include" will ``include'' another file. You +# may want to ``!include ~/.ppp.conf'' for backwards compatibility. +# + +# Default setup. Always executed when PPP is invoked. +# This section is *not* loaded by the ``load'' or ``dial'' commands. +# +# This is the best place to specify your modem device, it's DTR rate, +# and any logging specification. Logging specs should be done first +# so that subsequent commands are logged. +# +default: + set log Phase Chat Connect Carrier LCP IPCP CCP tun command + set device /dev/cuaa1 + set speed 115200 + deny lqr + set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" + +# Client side PPP +# +# Although the PPP protocol is a peer to peer protocol, we normally +# consider the side that makes the connection as the client and the +# side that receives the connection as the server. Authentication +# is required by the server either using a unix-style login proceedure +# or by demanding PAP or CHAP authentication from the client. +# + +# An on demand example where we have dynamic IP addresses: +# If the peer assigns us an arbitrary IP (most ISPs do this) and we +# can't predict what their IP will be either, take a wild guess at +# some IPs that you can't currently route to. Ensure that the "delete" +# and "add" lines are also present in the pmdemand section of ppp.linkup +# so that when we connect, things will be put straight. +# +# This will work with static IP numbers too. You can also use this entry +# if you don't want on-demand dialup. The "set ifaddr", "delete" and +# "add" lines are required for on-demand. Note, for dynamic IP numbers, +# whether dialing manually or on demand, there should *always* be an entry +# in ppp.linkup. +# +# The /0 bit in "set ifaddr" says that we insist on 0 bits of the +# specified IP actually being correct, therefore, the other side can assign +# any IP numbers. +# +# The forth arg to "set ifaddr" makes us send "0.0.0.0" as our requested +# IP number, forcing the peer to make the decision. +# +pmdemand: + set phone 1234567 + set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp" + set timeout 120 + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + delete ALL + add 0 0 HISADDR + +# When we want to use PAP or CHAP instead of using a unix-style login +# proceedure, we do the following. Note, the peer suggests whether we +# should send PAP or CHAP. By default, we send whatever we're asked for. +# +PAPorCHAPpmdemand: + set phone 1234567 + set login + set authname MyName + set authkey MyKey + set timeout 120 + set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 + delete ALL + add 0 0 HISADDR + +# On demand dialup example with static IP addresses: +# Here, the local side uses 192.244.185.226 and the remote side +# uses 192.244.176.44. +# +# # ppp -auto ondemand +# +# It is not necessary to have an entry in ppp.linkup when both IP numbers +# are static. Be warned though, the MYADDR: label is executed from +# ppp.linkup if the "ondemand:" and "192.244.176.44" labels are not found. +# +ondemand: + set phone 1234567 + set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp" + set timeout 120 + set ifaddr 192.244.185.226 192.244.176.44 255.255.255.0 + delete ALL + add 0 0 HISADDR + +# Example segments +# +# The following lines may be included as part of your configuration +# section and aren't themselves complete. They're provided as examples +# of how to achieve different things. + +examples: +# Multi-phone example. Numbers separated by a : are used sequentially. +# Numbers separated by a | are used if the previous dial or login script +# failed. Usually, you will prefer to use only one of | or :, but both +# are allowed. +# + set phone 12345678|12345679:12345670|12345671 +# +# When in -auto, -ddial, -direct or -background mode, ppp can accept +# control instructions from the ``pppctl'' program. First, you must +# set up your control socket. It's safest to use a UNIX domain socket: +# + set server /var/run/internet 0660 +# +# Although a TCP port may be used if you want to allow control +# connections from other machines: +# + set server 6670 +# +# If we have a ``strange'' modem that must be re-initialized when we +# hangup: +# + set hangup "\"\" AT OK-AT-OK ATZ OK" +# +# To adjust logging withouth blasting the setting in default: +# + set log -command +tcp/ip +# +# To see log messages on the screen in interactive mode: +# + set log local LCP IPCP CCP +# +# If you're seeing a lot of magic number problems and failed connections, +# try this (check out the FAQ): +# + set openmode passive +# +# For noisy lines, we may want to reconnect (up to 20 times) after loss +# of carrier: +# + set reconnect 3 20 +# +# When playing server for M$ clients, tell them who our name servers are: +# + set ns 10.0.0.1 10.0.0.2 + set nbns 10.0.0.1 10.0.0.2 + enable msext +# +# If we're using the -alias switch, redirect ftp and http to an internal +# machine: +# + alias port 10.0.0.2:ftp ftp + alias port 10.0.0.2:http http +# +# or don't trust the outside at all +# + alias deny_incoming yes +# +# I trust user brian to run ppp, so this goes in the `default' section: +# + allow user brian +# +# But label `internet' contains passwords that even brian can't have, so +# I empty out the user access list in that section: +# + allow users +# +# I also may wish to set up my ppp login script so that it asks the client +# for the label they wish to use. I may only want user ``dodgy'' to access +# their own label in direct mode: +# +dodgy: + allow user dodgy + allow mode direct +# +# If we don't want ICMP and DNS packets to keep the connection alive: +# + set afilter 0 deny icmp + set afilter 1 deny udp src eq 53 + set afilter 2 deny udp dst eq 53 + set afilter 3 permit 0/0 0/0 +# +# And we don't want ICMPs to cause a dialup: +# + set dfilter 0 deny icmp + set dfilter 1 permit 0/0 0/0 +# +# Once the line's up, allow connections for ident (113), telnet (23), +# ftp (20 & 21), DNS (53), my place of work (192.244.191.0/24), +# ICMP (ping) and traceroute (>33433). +# +# Anything else is blocked by default +# + set ifilter 0 permit tcp dst eq 113 + set ofilter 0 permit tcp src eq 113 + set ifilter 1 permit tcp src eq 23 estab + set ofilter 1 permit tcp dst eq 23 + set ifilter 2 permit tcp src eq 21 estab + set ofilter 2 permit tcp dst eq 21 + set ifilter 3 permit tcp src eq 20 dst gt 1023 + set ofilter 3 permit tcp dst eq 20 + set ifilter 4 permit udp src eq 53 + set ofilter 4 permit udp dst eq 53 + set ifilter 5 permit 192.244.191.0/24 0/0 + set ofilter 5 permit 0/0 192.244.191.0/24 + set ifilter 6 permit icmp + set ofilter 6 permit icmp + set ifilter 7 permit udp dst gt 33433 + set ofilter 7 permit udp dst gt 33433 + + +# Server side PPP +# If you want the remote system to authenticate itself, you insist +# that the peer uses CHAP (or PAP) with the "enable" keyword. Both CHAP and +# PAP are disabled by default (we usually only "enable" on of them if the +# other side is dialing into our server). +# When the peer authenticates itself, we use ppp.secret for verification. +# +# Ppp is launched with: +# # ppp -direct CHAPserver +# +# Note: We can supply a third field in ppp.secret specifying the IP address +# for that user. +# +CHAPserver: + enable chap + enable proxy + set ifaddr 192.244.176.44 292.244.184.31 + +# If we wish to act as a server, allowing PAP access according to +# accounts in /etc/passwd, we do this: +# +PAPServerwithPASSWD: + enable pap + enable passwdauth + enable proxy + set ifaddr 192.244.176.44 292.244.184.31 + + +# Example to connect using a null-modem cable: +# The important thing here is to allow the lqr packets on both sides. +# Without them enabled, we can't tell if the line's dropped - there +# should always be carrier on a direct connection. +# Here, the server sends lqr's every 10 seconds and quits if three in a +# row fail. +# +# Make sure you don't have "deny lqr" in your default: on the client ! +# +direct-client: + set dial "" + set line /dev/cuaa0 + set sp 115200 + set timeout 900 10 3 + set log Phase Chat LQM + set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp HELLO" + set ifaddr 10.0.4.2 10.0.4.1 + enable lqr + accept lqr + +direct-server: + set timeout 900 10 3 + set log Phase LQM + set ifaddr 10.0.4.1 10.0.4.2 + enable lqr + accept lqr + + +# Example for PPP over TCP. +# We assume that inetd on tcpsrv.mynet has been +# configured to run "ppp -direct tcp-server" when it gets a connection on +# port 1234. Read the man page for further details +# +tcp-client: + set device tcpsrv.mynet:1234 + set dial + set login + set escape 0xff + set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 + +tcp-server: + set escape 0xff + set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 + +# If you want to test ppp, do it through a loopback: +# +# Requires a line in /etc/services: +# ppploop 6671/tcp # loopback ppp daemon +# +# and a line in /etc/inetd.conf: +# ppploop stream tcp nowait root /usr/sbin/ppp ppp -direct loop-in +# +loop: + set timeout 0 + set log phase chat connect lcp ipcp command + set device localhost:ppploop + set dial + set login + set escape 0xff + set ifaddr 127.0.0.2 127.0.0.3 + set openmode passive + set server /tmp/loop "" + +loop-in: + set timeout 0 + set log phase chat connect lcp ipcp command + set escape 0xff + allow mode direct |