DSL with User PPP and Static IP

Jacob D. Hunt jhunt at kyder.com
Fri Jan 23 11:47:46 PST 2004 

Thanks for the suggestions.

I have implemented all the changes including disabling the IPFW firewall
NAT.  I simplified the /etc/ppp/ppp.conf file and made sure it still worked
using the dynamic config of "set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0
0.0.0.0".  I then proceeded to change that line to "set ifaddr 69.37.6.193
69.37.6.198 255.255.255.248".  It is my assumption that this will set my
address to .193, with a gateway of .198 and a netmask of .248.

After making these changes, tun0 is once again opened by a pid, but nothing
connects.  I am including updated copies of the ppp.conf file and
/var/log/ppp.log.

Thanks again for your help,


Jacob @ Jerry's Transmission Service
Guilford, CT

-------SAMPLE PPP.CONF-------
default:
  set log Phase tun
  set timeout 0

sbcglobal:
  set device PPPoE:dc0:
  set authname jerry.transmission at sbcglobal.net
  set authkey snet03
  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
  add default HISADDR
  enable dns

loop:
  set timeout 0
  set log phase chat connect lcp ipcp command
  set device localhost:pptp
  set dial
  set login
  set ifaddr 192.168.0.1 192.168.0.200-192.168.0.253 255.255.255.255
  set server /tmp/loop "" 0177

loop-in:
  set timeout 0
  set log phase lcp ipcp command
  allow mode direct

pptp:
  load loop
  enable loop
  disable pap
  enable passwdauth
  enable proxy
  accept dns
  set dns 192.168.0.1 192.168.0.2
  set nbns 192.168.0.15 192.168.0.16
  set device !/etc/ppp/secure

-------END PPP.CONF-------

-------SAMPLE PPP.LOG-------
Jan 23 14:27:27 jerrystransmission ppp[282]: Phase: Using interface: tun0 
Jan 23 14:27:27 jerrystransmission ppp[282]: Phase: deflink: Created in
closed state 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: PPP Started (ddial
mode). 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: bundle: Establish 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: deflink: closed ->
opening 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: deflink:
Connected! 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: deflink: opening
-> dial 
Jan 23 14:27:27 jerrystransmission ppp[283]: tun0: Phase: deflink: dial ->
carrier 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: Received
NGM_PPPOE_ACNAME (hook "62031090089590-") 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: Received
NGM_PPPOE_SESSIONID 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: Received
NGM_PPPOE_SUCCESS 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: deflink: carrier
-> login 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: deflink: login ->
lcp 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Warning: deflink:
Reducing configured MRU from 1500 to 1492 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: bundle:
Authenticate 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: deflink: his =
PAP, mine = none 
Jan 23 14:27:28 jerrystransmission ppp[283]: tun0: Phase: Pap Output:
jerry.transmission at sbcglobal.net ******** 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Phase: Pap Input: SUCCESS
() 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Phase: deflink: lcp ->
open 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Phase: bundle: Network 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Phase: deflink: IPV6CP
protocol reject closes IPV6CP ! 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Phase: deflink: IPV6CP
protocol reject closes IPV6CP ! 
Jan 23 14:27:29 jerrystransmission ppp[283]: tun0: Warning: ff02:8::/32:
Change route failed: errno: Network is unreachable 
Jan 23 14:27:33 jerrystransmission ppp[283]: tun0: Phase: deflink: IPV6CP
protocol reject closes IPV6CP ! 
Jan 23 14:27:42 jerrystransmission last message repeated 3 times

-------END PPP.LOG-------



> 
> Jacob
> Your rc.conf is all wrong, you are doing the nat process in both
> 'user ppp' and IPFW, this is wrong.
> The default IPFW firewall rules are useless in protecting you.
> If you want stateful ipfw rules which will give you max in
> protection and that will work as is for your situation let me know.
> 
> -------SAMPLE RC.CONF-------
>  ifconfig_em0="inet 192.168.2.1  netmask 255.255.0.0"
> ifconfig_dc0=up
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="YES"
> ppp_profile="dialisp"
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
>  -------END RC.CONF-------
> 
> 
> 
> see if this works for you. Please let me know the out come.
> 
> ####################  start of DSL ppp.conf  ###################
> default:
> 
>  set log Phase tun             #use to avoid excessive log sizes
>  set timeout 0		    	 # no idle time out, will not disconnect
> 
> 
> dialisp:
>  set device PPPoE:XXX          # replace xxx with your Nic card
> device name
>  set authname YOURLOGINNAME    # Replace with your ISP account IP
>  set authkey YOURPASSWORD      # Replace with your ISP account
> password
>  add default HISADDR           # Add a (sticky) default route
> (Mandatory)
>  enable dns		             # Gets the ISP's DNS IP address & places
> them
> 			             # in resolv.conf for reference by FBSD box.
> 
> 
> 
>  ###############   End of DSL ppp.conf
> #################################
> 
> 
> 
> Replace the XXX in the [set device PPPoE:XXX] statement with the Nic
> card FBSD interface name. Sometimes it will be necessary to use a
> service tag to establish your connection depending on how your ISP
> and/or the phone company has it's DSL network configured. Service
> tags are used to distinguish between different PPPoE servers
> attached to a given network. You should have been given any required
> service tag information in the documentation provided by your ISP.
> If you cannot locate it there, ask your ISP's tech support
> personnel.  This is the format of the command with the service tag
> added
> 
> set device PPPoE:XXX:service_tag
> 
> 
> The xxxx is the FBSD interface name used by PPPoE, the interface
> must be UP, (IE: enabled). It is only used as transport, and does
> not need to be assigned an IP address. This can be done
> automatically at boot time by updating the /etc/rc.conf file. The
> format of the statement to add is  ifconfig_xxxx=up   where xxxx is
> Nic card FBSD interface name used by PPPoE that you specified in the
> /etc/ppp/ppp.conf file.
> 
>   ee /etc/rc.conf         add following statement
> 
>   ifconfig_xxxx=up
> 
> 
> To setup user ppp to dial your ISP automatically at FBSD boot time,
> you have to add the following statements to the rc.conf file. The
> ddial option means to redial every time the connection to the ISP
> gets dropped.
> 
>    ee /etc/rc.conf
> 
>    # Activate user ppp auto start at boot time
>    ppp_enable="YES"             # Start User ppp task
>    ppp_mode="ddial"             # ddial, auto, background
>    ppp_profile="dialisp"        # section in ppp.conf to
> 
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Jerrys
> Transmission
> Sent: Friday, January 23, 2004 9:40 AM
> To: freebsd-questions at freebsd.org
> Subject: DSL with User PPP and Static IP
> 
> Hello,
> 
> I have just started working for a local auto transmission repair
> shop and am
> trying to get the local server up and running.  Specifically, the
> server
> works great with dynamic IPs assigned from the DSL provider (using
> PPPoE)
> but it burps when I attempt a static IP as per the handbook's "Using
> User
> PPP" section.
> 
> Our business was given the following values for connecting to the
> Internet:
> 
> Net:  69.37.6.192
> Gateway:  69.37.6.198
> Netmask:  255.255.255.248
> Broadcast:  69.37.6.199
> Static IPs 193-197
> 
> 
> When I change /etc/ppp/ppp.conf (sample attached) to:
> 
> set ifaddr 69.37.6.193 69.37.6.198 255.255.255.248
> 
> tun0 is "Opened by PID xxx" but does not show any IP addresses, and
> the
> connection does not work.  If I leave the ifaddr to the dynamic
> setting
> (which includes the 0.0.0.0) everything works fine.  I am including
> a sample
> of our local ppp.conf, ifconfig output, and relevant parts of
> rc.conf for reference.
> Please note, the ifconfig output shows the missing inet line when a
> static
> config is attempted.
> 
> Any help would be greatly appreciated.
> 
> Thanks again,
> 
> Jacob @ Jerry's Transmission Service
> Guilford, CT  06437
> 
> 
> --------SAMPLE PPP.CONF-------
> default:
>   set log Phase Chat LCP IPCP CCP tun command
>   nat enable yes
>   nat same_ports yes
>   nat use_sockets yes
>   set redial 15 28800
>   set reconnect 15 28800
> 
> sbcglobal:
>   set device PPPoE:dc0:
>   set mru 1492
>   set mtu 1492
>   set speed sync
>   enable lqr
>   set lqrperiod 5
>   set cd 5
>   set dial
>   set login
>   set timeout 0
>   set authname [CENSORED]
>   set authkey [CENSORED]
>   set ifaddr 69.37.6.193 69.37.6.198 255.255.255.248
>   add default HISADDR
>   enable dns
> 
> loop:
>   set timeout 0
>   set log phase chat connect lcp ipcp command
>   set device localhost:pptp
>   set dial
>   set login
>   set ifaddr 192.168.0.1 192.168.0.200-192.168.0.253 255.255.255.255
>   set server /tmp/loop "" 0177
> 
> loop-in:
>   set timeout 0
>   set log phase lcp ipcp command
>   allow mode direct
> 
> pptp:
>   load loop
>   enable loop
>   disable pap
>   enable passwdauth
>   enable proxy
>   accept dns
>   set dns 192.168.0.1 192.168.0.2
>   set nbns 192.168.0.15 192.168.0.16
>   set device !/etc/ppp/secure
> 
> -------END PPP.CONF-------
> 
> 
> -------SAMPLE IFCONFIG-------
> dc0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu
> 1492
>         inet6 fe80::204:5aff:fe7f:75d4%dc0 prefixlen 64 scopeid 0x1
>         inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
>         ether 00:04:5a:7f:75:d4
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=3<rxcsum,txcsum>
>         inet6 fe80::207:e9ff:fe70:801b%em0 prefixlen 64 scopeid 0x2
>         inet 192.168.2.1 netmask 0xffff0000 broadcast
> 192.168.255.255
>         ether 00:07:e9:70:80:1b
>         media: Ethernet autoselect (100baseTX <half-duplex>)
>         status: active
> lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
> faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
>         inet 127.0.0.1 netmask 0xff000000
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
>         Opened by PID 501
> -------END IFCONFIG-------
> 
> 
> -------SAMPLE RC.CONF-------
> network_interfaces="auto"
> ifconfig_em0="inet 192.168.2.1  netmask 255.255.0.0"
> ifconfig_dc0="inet 10.0.0.1 mtu 1492 netmask 255.0.0.0 -arp up"
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="YES"
> ppp_profile="sbcglobal"
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="tun0"
> natd_flags="-u -m -dynamic -s"
> named_enable="YES"
> -------END RC.CONF-------
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-questions mailing list