5 Point-to-Point Connections

The Tru64 UNIX system supports point-to-point connections using the Serial Line Internet Protocol (SLIP) and the Point-to-Point Protocol (PPP).

This chapter describes:

The SLIP and PPP environments

How to configure SLIP and PPP dial-in and dial-out systems

How to configure a modem for use with the operating system

For troubleshooting information, see Section 14.14 for SLIP and Section 14.15 for PPP.

5.1 Serial Line Internet Protocol (SLIP)

The Serial Line Internet Protocol (SLIP) is a protocol used to run IP over serial lines between two hosts. You can connect the two hosts either directly or over telephone circuits using modems. TCP/IP commands (such as rlogin, ftp, and ping) can be run over the SLIP connection.

5.1.1 SLIP Environment

In the SLIP environment, systems can be directly connected to each other, if they are in close proximity, or connected through modems and a telephone network, if they are not. Figure 5-1 shows both of these simple SLIP configurations. Figure 5-2 shows a SLIP connection between two systems with host B acting as a gateway system.

Figure 5-1: Sample Simple SLIP Configuration

Figure 5-2: SLIP Configuration with Gateway System

5.1.2 Planning SLIP

This section describes those tasks you must complete before configuring SLIP.

5.1.2.1 Verifying the Hardware

When you verify the hardware, you verify both the cables and modems, if used.

Make sure you use the correct cable to connect to the serial port of your system. If you do not, you might experience signal degradation and the software will fail to function properly.

If the two systems are in close proximity to each other, use one of the null modem cables listed in Table 5-1.

Table 5-1: Types of Null Modem Cable

Cable Number	Description
`BC22D-xx` ^{[Footnote 2]}	Asynchronous null modem cable (male DB25 pin to female DB25 pin cable)
`BC22R-xx` ^{[Footnote 2]}	RS-232 null modem cable (male DB25 pin to female DB25 pin cable)
`BC24C-xx` ^{[Footnote 2]}	25-wire null modem cable (male DB25 pin to female DB25 pin cable)
`BC29Q-xx` ^{[Footnote 2]}	Male DB9 pin to female DB9 pin cable

If the two systems are connected through modems and telephone lines, see Table 5-7 for a list of modem cables to use.

When using modems with SLIP, adhere to the following guidelines:

Use modems that can handle a serial port speed of 38,400 bits per second (bps). If the modems you plan to use cannot handle a serial port speed of 38,400 bps, you should set them to the highest speed to which they can be set.

Use modems that are V.34bis compliant with V.42bis compression. Alternatively, you can use modems that support the Microcom Network Protocol (MNP) because both V.42bis and MNP implement a subset of the other protocol.

Set the modems to 8 bits, no parity, and connect them to the telephone network.

Use hardware flow control, if possible. High-speed modems often fall back to a lower data rate when line degradation occurs.

Note

Do not use software flow control (XON/XOFF). It will corrupt the data stream causing the TCP layer over IP to issue retransmit requests for overruns.

5.1.2.2 Preparing for the Configuration

After you verify the communication hardware, you set up the system to run SLIP.

Figure 5-3 shows the SLIP Setup Worksheet, which you can use to record the information that you need to configure SLIP. The following sections explain the information you need to record on this worksheet. If you are viewing this manual online, you can use the print feature to print the worksheet.

Figure 5-3: SLIP Setup Worksheet

Type of connection

Check Hardwired if the two systems are connected by a null modem cable, such as BC22D-xx. Check Modem if the two systems are connected by modem cables, modems, and telephone network.

Type of system

Check dial-in if the system is to answer calls from remote systems. Check dial-out if the system is to place calls to a remote system.

Local IP address

Your system's SLIP interface IP address. Each SLIP interface must have an IP address. For more information on SLIP, see the Technical Overview and startslip(8).

Network mask

Your network's subnetwork mask. This must be the same for both systems. See Section 2.2 for more information on the network mask.

Destination IP address

The destination system's SLIP interface IP address.

Terminal name

The name of a valid terminal device in the /dev directory that has a cable connection. This can be either the full path name (for example, /dev/tty00) or the name in the /dev directory (for example, tty00). For more information on the terminal line specification, see startslip(8). If you are unsure of the terminal device, see port(7).

Speed

The serial port speed used to connect the systems to each other or a system and the modem. The default speed is 9600 bps. For more information on the speed, see startslip(8).

SLIP login information

The login information for the SLIP connection. This includes user name, password, and login sequence; for example, the login prompt used on dial-out connections.

startslip subcommands

For dial-out systems, Table 5-2 shows the mandatory startslip subcommands that you specify when you create a setup script file. Table 5-3 shows the optional startslip subcommands.

Table 5-2: Mandatory startslip Subcommands

Subcommand	Information Required
`myip`	Your system's IP address.
`dstip`	The destination system's IP address.
`netmask`	The network mask for the subnetwork.
`hardwired`	None. Specifies that the two systems are connected by a null modem cable.
`modemtype`	The type of modem used, unless you have a direct connection.
`opentty`	The serial line and line speed.
`dial`	The telephone number to dial.
`expect`	The information that you expect to receive on the serial line; for example, login sequences.
`send`	The information that you want to send on the serial line.
`connslip`	Configures the network interface and attaches the serial line to the network interface.

Table 5-3: Optional startslip Subcommands

Subcommand	Description
`debug`	Generates debugging messages to the log file specified.
`gateway`	Specifies that the destination system is a gateway to another system on a LAN.
`icmpsup`	Suppresses Internet Control Message Protocol (ICMP) traffic. ICMP traffic (such as that generated by the `ping` command) cannot be sent over the SLIP connection. This frees line bandwidth for more critical traffic.
`tcpauto`	Specifies that he local system compress TCP headers when it detects that the remote system is compressing them. This option can be useful if you do not know whether the remote system is doing TCP header compression.
	Note: If the `tcpauto` option is enabled on both systems, TCP header compression does not occur. One of the two systems must explicitly enable TCP header compression.
`tcpcomp`	Compresses TCP headers before they are sent over the SLIP connection. Compressing the TCP header allows for faster data transfers. The remote system must support this option to decompress the headers when they arrive at the remote end.

See startslip(8) for a complete list of the startslip subcommands.

slhosts file options

For dial-in systems, Table 5-4 shows a list of options for each SLIP link specified in the /etc/slhosts file.

Table 5-4: slhosts File Options

Option	Description
`debug`	Generates debugging messages to the `daemon.log` file.
`icmpsup`	Suppresses Internet Control Message Protocol (ICMP) traffic. ICMP traffic (such as that generated by the `ping` command) cannot be sent over the SLIP connection. This frees line bandwidth for more critical traffic.
`tcpauto`	Specifies that the local system compress TCP headers when it detects that the remote system is compressing them. This option can be useful if you do not know whether the remote system is doing TCP header compression. This is the default.
`tcpcomp`	Compresses TCP headers before they are sent over the SLIP connection. Compressing the TCP header allows for faster data transfers. The remote system must support this option to decompress the headers when they arrive at the remote end. Do not specify the `tcpcomp` and `tcpauto` options together.

See slhosts(4) for more information.

Gateway

For dial-in systems, if your system is to act as a gateway for a dial-out system to access the LAN, check Yes; otherwise, check No.

5.1.3 Configuring SLIP

To configure SLIP, you must have verified the communications hardware and completed the configuration worksheet.

A system in a SLIP environment can have one of the following roles:

Dial-in system

Dial-out system

You edit system files and use the startslip program to configure both dial-in connections and dial-out connections.

5.1.3.1 Configuring a Dial-In System

To configure a dial-in system, log in as root and complete the following steps:

Set up your modem for dial-in access. See Section 5.3.2 for more information.

Note

You should use a getty process for SLIP dial-in access.

Edit the /etc/passwd file and create a dedicated entry for a SLIP user. For the login shell field, specify /usr/sbin/startslip. The login name you specify here is used to find an entry in the /etc/slhosts file, for example:
```
slip1:password:10:20:Remote SLIP User:/usr/users/guest:/usr/sbin/startslip
 
```

Edit the /etc/slhosts file and create an entry for the login name using the information from the worksheet. The /etc/slhosts file entry has the following syntax:
```
login_name remote_ip local_ip netmask option
```
For example, if host D is the dial-in system in Figure 5-1, the entry is as follows:
```
slip1 1.2.3.6 1.2.3.5 255.255.255.0 nodebug
 
```
See slhosts(4) for more information.

Edit the /etc/inittab file and create an entry for each terminal device that is to run SLIP. For example:
```
modem:3:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100
```
See inittab(4) for more information.

Issue the init q command to start the getty process immediately.

If the dial-in system will be a gateway for the dial-out system to reach other systems on the LAN, the dial-in system must be configured as an IP router and must also run gated. See Chapter 2 for basic network setup information.

If problems occur while using SLIP, see Section 14.14.

5.1.3.2 Configuring a Dial-Out System

To configure a dial-out connection, log in as root and complete the following steps:

Verify that there is an entry for your modem name in the /etc/acucap file. If your modem does not have an entry in the /etc/acucap file, do the following:

Copy an entry similar to that of your modem.

Modify the modem attributes to match your modem's attributes. Set up the modem for dial-out access by including the AT commands listed in Table 5-5 in the synchronization string (ss) of the entry. The other modem settings can remain as they are.

Table 5-5: Modem Commands for Dial-Out Access

Command	Description
`at&c1`	Normal Carrier Detect (CD) operation. Tells the modem to not raise Carrier Detect until it sees Carrier Detect from the other modem.
`at&d2`	Normal Data Terminal Ready (DTR) operation. This tells the modem to hang up the line when DTR drops; for example, when the user logs off the system.
`ate1`	Turns on echoing.
`atq0`	Displays the result codes.
`ats0=0`	Does not answer the phone.

In addition, include the debug option (db). With debugging turned on, the modem will provide you with additional information with which to tune the modem attributes in the file. See acucap(4) for more information.

If you use getty to provide access to the system from a modem and a getty process is already running, do the following:
1. Edit the /etc/inittab file and change the Action field of the modem entry from respawn to off as follows:
```
modem:23:off:/usr/sbin/getty /dev/tty00 M38400 vt100
 
```
  See inittab(4) for more information.
2. Issue the init q command to terminate the getty process.

Create a file that contains startslip subcommands for SLIP dial-out connections by doing the following:
1. Copy the sample script file from the startslip(8) reference page to a new script file.
2. Use the tip command to dial out and log in to the remote system, writing down the exact prompt and login sequence on the worksheet.
3. Edit the script file, modify the expect subcommands with the prompt and login information, and modify other subcommands with information from the worksheet.
Note

The sample script file specifies the debug subcommand and a debug file name at the beginning of the file.
See startslip(8) for more information.

Invoke the startslip command with the -i filename option. The filename is the name of the file containing the startslip subcommands.

After making the connection, startslip runs in the background. The telephone number (if any) and the process ID are logged in the /var/run/ttyxx .tel-pid file.

If problems occur while using SLIP, see Section 14.14.

5.1.4 Terminating a SLIP Dial-Out Connection

To terminate a SLIP dial-out connection, do the following:

Determine the process ID of the startslip process to kill by using the following command:
```
# cat /var/run/ttyxx.tel-pid
phonenum  8021455  pid 821
```
In the previous command, ttyxx specifies the terminal line used for the SLIP connection. If multiple SLIP connections are active on your system, there will be multiple files in the /var/run directory.

Kill the startslip process by using the following command and specifying the process ID returned in step 1:
```
# kill 821
```

Alternatively, you can turn off your modem to terminate the dial-out connection.

5.2 Point-to-Point Protocol (PPP)

The Point-to-Point Protocol (PPP) provides a standard way to transmit datagrams over a serial link and a standard way for the systems at either end of the link (peers) to negotiate various optional characteristics of the link. Using PPP, a serial link can be used to transmit Internet Protocol (IP) datagrams, allowing TCP/IP connections between the peers.

The Tru64 UNIX PPP subsystem is derived from public domain ppp-2.3.1, and supports IP datagrams. See RFC 1661, RFC 1662, RFC 1332, and RFC 1334 for more information about PPP.

Establishing a PPP connection between two systems basically involves setting up a serial link and running pppd on both ends of the link.

Systems in a PPP environment can have the following roles:

Dial-out system

Dial-in system

5.2.1 PPP Environment

Systems using PPP can be directly connected to each other if they are in close proximity, or connected through modems and a telephone network if they are not. Figure 5-4 shows two simple PPP configurations with PPP connections between two systems.

Figure 5-4: Simple PPP Configurations

Figure 5-5 shows two PPP connections. The first is between host A and host B, with host B acting as a gateway system. The second is between personal computer E and host D through terminal server C. The latter configuration might be common for employees working at home and dialing in to a system at work.

Figure 5-5: Network PPP Configuration

5.2.1.1 Chat Scripts

A chat script can be used to automate the dial-out process for a PPP connection. You can configure it to wait for output from a remote system and reply with responses that you specify.

Each entry in a chat script has the following format:

string_chat_expects string_chat_sends

For example, a chat script might contain the following information:

"" atdt2135476   [1]
CONNECT   [2]
login: myname   [3]
Password: "\qmypassword"   [4]
"$ " "\qpppd"  [5]
"\qpppd" local_addr:[6]

When this chat script is executed, the following steps are taken:

The chat program expects nothing and sends a dial command to the modem. [Return to example]

The chat program expects a CONNECT message and sends a carriage return (implied). [Return to example]

The chat program expects the login: string and sends the myname string. [Return to example]

The chat program expects the Password: string and sends the mypassword string. The \q prevents chat from logging the password when you use the -v option. [Return to example]

The chat program expects the shell prompt ($) and sends pppd to start the pppd daemon on the remote machine. The \q cancels the effect of the previous \q. [Return to example]

If you want the local address of the PPP link to differ from the IP address for the local host's Ethernet or other broadcast interface, put the desired address on the pppd command line with a colon appended. [Return to example]

You can create a unique chat script for each remote system to which you connect. Once the scripts are created, you establish a PPP connection to a given system by executing the appropriate script with the chat command, as follows:


# chat /etc/ppp/chat-script

See the chat(8) reference page for more information on the chat command and chat scripts.

5.2.1.2 PPP Options

When you invoke the pppd daemon, you can specify options for it on the command line. These options allow you to configure basic settings such as the speed of the connection, the local and remote IP addresses, and the netmask for the network interface. They also allow you to configure advanced settings such as the types of flow control, authentication, and routing to use.

If you use certain settings each time you initiate a PPP connection, you can automatically enable these settings for each connection by editing the following files:

/etc/ppp/options -- This file contains system default options that are read before user default options and command line options. This file contains any options that you want pppd to use whenever it runs. If authentication is required, add the auth and usehostname options to this file.

Note

If the /etc/ppp/options file does not exist or is unreadable by pppd, the daemon will not run. Only root should be able to write to this file.

/etc/ppp/options.tty.xx -- This file contains options specific to the serial port /tty.xx.

$HOME/.ppprc -- This file contains the user default options that are read before command line options.

Depending on your configuration, one options file might overrule another for certain parameters. For example, if you specify one set of values for parameters in the /etc/ppp/options file, then specify a different set of values for the same parameters in a /etc/ppp/options.tty.xx file, the settings in the latter file are used when you connect through the specified serial port.

See pppd(8) for a list of the pppd options. See Section 5.2.3.2 for information about how to use the SysMan Menu utility to create options files.

5.2.1.3 Authentication

PPP provides three protocols for authenticating hosts and for authenticating your host system to others:

Password Authentication Protocol (PAP)

Challenge Handshake Authentication Protocol (CHAP)

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

All protocols exchange secrets in order to complete the authentication process. PAP secrets are contained in the /etc/ppp/pap-secrets file; CHAP secrets are contained in the /etc/ppp/chap-secrets file. Only root should be able to read these files. The /etc/ppp/pap-secrets and the /etc/ppp/chap-secrets files for PAP and CHAP have the following format:

client server secret ip_address...

client -- Name of the machine to be authenticated

server -- Name of the machine requiring the authentication

secret -- Password or CHAP secret known by both client and server

IP address -- Zero or more IP addresses that the client can use (this field is only used on the server)

For example, if a LAN-connected host named work requires authentication, and a host named home connects to it and authenticates itself using CHAP, the /etc/ppp/chap-secrets file on each machine must contain an entry similar to the following:

home	work	"an unguessable secret"	home.my.domain

Note

The /etc/ppp directory contains files of secrets used for authentication, and should not be in a partition that is exported using NFS and accessible by other hosts.

If authentication is required, the /etc/ppp/options file must contain the auth and usehostname options.

Note, the MS-CHAP protocol exchange secrets are located in the /etc/ppp/chap-secrets file. The format for this protocol is as follows:

username server secret

username -- User name of the user to be authenticated

server -- Name of the machine requiring the authentication

secret -- Password or CHAP secret known by both client and server

5.2.2 Planning PPP

This section describes the tasks you must complete before configuring PPP.

5.2.2.1 Verifying the Hardware

Verify that you have the hardware to connect to the serial port of your system. If the two systems are in close proximity to each other, use one of the null modem cables listed in Table 5-1.

If the two systems are connected through modems and telephone lines, see Table 5-7 for a list of modem cables to use. The modems are set to 8 bit, no parity, and connected to the telephone network.

5.2.2.2 Verifying PPP Support in the Kernel

To verify that PPP is supported in the kernel, enter the following command:

# sysconfig -s | grep ppp

If PPP is not loaded and configured, do the following:

Log in as root.

Rebuild the kernel by running the doconfig utility and selecting the Point-to-Point (PPP) option.

Make a backup copy of the current /vmunix kernel file.

Copy the newly-created /sys/HOSTNAME/vmunix kernel file to the /vmunix file.

Reboot the system.

5.2.2.3 Preparing for Configuration

After you verify PPP support in the kernel, you configure PPP.

Figure 5-6 shows the PPP Setup Worksheet, which you can use to record the information that you need to configure PPP. The following sections explain the information you need to record on this worksheet. If you are viewing this manual online, you can use the print feature to print the worksheet.

Figure 5-6: PPP Setup Worksheet

Type of system

Check dial-in if the system is to answer calls from remote systems. Check dial-out if the system is to place calls to a remote system.

Local IP address

The local system's IP address. For systems connected to a local area network (LAN), this address is already assigned if you configured your network software; it is the IP address of the LAN interface.

If you have a standalone system, you must assign it an IP address. If you are using PPP to link your system to a host that is connected to the Internet, assign the local system an address that is on the same subnetwork as the remote host. If the other host is not connected to the Internet, assign the local system any IP address.

Remote IP address

The remote system's IP address.

Network mask

Your network's subnetwork mask. This must be the same for both systems. See Section 2.2 for more information on the network mask.

Terminal name

The name of any valid terminal device in the /dev directory. This can be either the full path name (for example, /dev/tty01) or the name in the /dev directory (for example, tty01). If you are unsure of the terminal device, see ports(7).

Speed

The speed of the modem (or null modem) used to connect the systems and the terminal line specification. If your modem automatically senses the line speed or if you are using a null modem cable between hosts, you can specify any speed up to the maximum supported by the hosts. This is usually 38400 bps.

Level of authentication

The level of authentication required. In general, if your system is connected to a LAN, you should require that the remote host authenticate itself and restrict the remote host's choice of IP address based on its identity. Otherwise, a remote host might impersonate another host on the local subnet.

Note

If you are configuring PPP for the first time, do not enable authentication until you can successfully establish a link.

Type of authentication

If you are using PAP authentication, check PAP. If you are using CHAP authentication, check CHAP.

Options

Table 5-6 describes some advanced options that are commonly configured. You can use the SysMan Menu utility to configure these options, as described in Section 5.2.3.2.

Table 5-6: slhosts File Options

Option	Description
Async Character Conversion Map (asyncmap)	If the serial line is not completely 8-bit transparent, specify this option; `asyncmap 200a000` is appropriate if the serial link includes a `telnet` link.
Maximum Receive Unit (MRU) Negotiation	To improve performance for multiple IP connections, reduce the Maximum Receive Unit (MRU) on the local and remote system. It is best to set the MRU value to 296.
Hardware Flow Control(RTS/CTS)	Enables hardware flow control on the serial device. If the modem does not support hardware flow control, do not add this entry. See your modem documentation to verify this information.
LCP Echo-Request Interval (lcp-echo-interval)	Sends a Link Control Protocol (LCP) echo request frame to the remote system every 60 seconds. This determines whether the link to the remote system is still active.
Maximum LCP-Echo Requests (lcp-echo-failure)	If the local system does not receive a response from the remote system after 5 LCP echo request frames, `pppd` considers the link dead and tears down the connection.
Force peer to supply local IP address (noipdefault)	Specifies that the remote system (ISP) is to provide the local system an IP address, unless an IP address is specified explicitly on the command line or in an options file.
Enable debugging (debug)	Enables debugging. All messages are sent to the file specified in the `/etc/syslog.conf` file. After your connection is working correctly, remove this entry.

See pppd(8) for a complete list of pppd options.

5.2.3 Configuring a Dial-Out System with PPP

If the system will place calls to a remote system, you must establish a dial-out connection, which requires you to perform the following tasks:

Setting up initial communications

Creating options files

Setting up authentication

Setting up message logging

Initiating and monitoring the PPP connection

The following sections discuss these configuration tasks.

5.2.3.1 Setting Up Initial Communications for a Dial-Out System

After you connect your modem to a serial port on your system, do the following:

Verify that you can communicate with the modem:
1. Edit the /etc/remote file and copy the kdebug entry.
2. Modify the new entry, providing a system name, the terminal device name (tty00 or tty01 depending on your system), the speed, and parity. See remote(4) for more information.
3. Use the tip command to access the modem as follows:
```
% tip system_name
```
  The system_name is stored in the /etc/remote file.
4. If your modem is using the AT command language, enter the following command:
```
AT [RETURN]
```
  If the modem is not in quiet mode, it responds with an OK message.

Contact the administrator of the remote system or your Internet Service Provider (ISP) and obtain the following information:
- Your remote IP address and netmask, unless the remote system assigns the IP address dynamically
- Characters that might need to be escaped
- Instructions on how to log in and use the remote service
This information is used to create a chat script, which automates the dial-out process. A chat script is a file that contains a list of commands used by the chat program to direct the modem what number to dial and what information to send to the remote system to start the pppd daemon.

Note

You can use the tip command to dial out and log in to the remote system to collect additional information about the process. Write down the exact prompt, login sequence, and pppd start-up sequence for use in the chat script.

Create a chat script, as described in Section 5.2.1.1, to automate the dial-out process.

5.2.3.2 Creating Options Files for a Dial-Out System

Use the SysMan Menu of the Common Desktop Environment (CDE) Application Manager to create PPP options files. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To create an options file for a dial-out system, do the following:

From the SysMan Menu, select Networking-->Additional Network Services-->Serial Line Networking-->Point-to-Point Protocol (PPP)-->Create option files to display the PPP Option Files dialog box.
Alternatively, enter the following command on a command line:
```
# /usr/bin/sysman ppp_options
```

Select a file from the list that is displayed and select Modify. Or, do the following to create a new options file:
1. Select the New File... option to display the Create PPP Options File dialog box.
2. Enter the new file name and select OK.
The Modify PPP Options File dialog box is displayed.

Select Dial-Out Options and select Configure to display the Dial-Out Options dialog box. Complete the fields using the information that you gathered on the PPP Setup Worksheet.
If your system is standalone and you are connecting to the Internet through the remote system, add a default route via the remote host. Under the System Routing Tables option, select the appropriate radio button.
See pppd(8) for a complete list of pppd options.

Select OK to close the Dial-Out Options dialog box.

Select Advanced PPP Options if you want to configure additional PPP options. Make the necessary changes, then select OK to close the associated dialog box.

Select OK in the Modify PPP Options File dialog box to save the changes and to close the dialog box.

Select Exit to close the PPP Option Files dialog box.

You can use the SysMan Menu utility to copy, modify, and delete option files. See the online help for more information.

5.2.3.3 Setting Up Authentication for a Dial-Out System

The chap-secrets and pap-secrets files contain entries that can be used for authentication purposes, as discussed in Section 5.2.1.3. The following sections describe how to create entries in these files.

5.2.3.3.1 Creating Entries in the PAP Secrets File

Use the SysMan Menu of the Common Desktop Environment (CDE) Application Manager to create entries in the pap-secrets file. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To create entries in the pap-secrets file, follow these steps:

From the SysMan Menu, select Networking-->Additional Network Services-->Serial Line Networking-->Point-to-Point Protocol (PPP)-->Modify pap-secrets file to display the Modify pap-secrets File dialog box.
Alternatively, enter the following command on a command line:
```
# /usr/bin/sysman pap
```

Select Add to display the Add pap-secrets Entry dialog box. Supply the requested information.

Select OK to save the current changes and close the dialog box. The Modify pap-secrets File dialog box displays the new entry.

Repeat steps 2 and 3 as many times as necessary.

Select Exit to close the Modify pap-secrets File dialog box.

You can also use the SysMan Menu utility to modify or delete entries in the PAP secrets file. See the online help for more information.

5.2.3.3.2 Creating Entries in the CHAP Secrets File

Use the SysMan Menu of the Common Desktop Environment (CDE) Application Manager to create entries in the chap-secrets file. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To create entries in the chap-secrets file, follow these steps:

From the SysMan Menu, select Networking-->Additional Network Services-->Serial Line Networking-->Point-to-Point Protocol (PPP)-->Modify chap-secrets file to display the Modify chap-secrets File dialog box.
Alternatively, enter the following command on a command line:
```
# /usr/bin/sysman chap
```

Select Add to display the Add chap-secrets Entry dialog box. Supply the requested information.

Select OK to save the current changes and close the dialog box. The Modify chap-secrets File dialog box displays the new entry.

Repeat steps 2 and 3 as many times as necessary.

Select Exit to close the Modify chap-secrets File dialog box.

You can also use the SysMan Menu utility to modify or delete entries in the CHAP secrets file. See the online help for more information.

5.2.3.4 Setting Up Message Logging

To set up message logging, complete the following steps:

Edit the /etc/syslog.conf file, as follows:

Note

Whitespace in the /etc/syslog.conf file, as in the following procedure, must consist of tab characters. Spaces are not acceptable. See syslogd(8) for further information.
1. Add the local2 facility (used by the pppd daemon and the chat program) to the line that specifies /dev/console as the message destination, as follows:
```
kern.debug;local2.notice                   /dev/console
 
```
  In this example, the notice severity level is specified. For more information about this severity level and logging system messages in general, see the System Administration guide.
2. Add the following entry to the file to create a ppp-log file:
```
local2.debug                   /etc/ppp/ppp-log
 
```
3. Save the edits and close the file.

Stop and restart the syslogd daemon by entering the following commands:
```
# /sbin/init.d/syslog stop
# /sbin/init.d/syslog start
```

5.2.3.5 Initiating and Monitoring a PPP Connection

Before initiating a PPP connection, note the following guidelines:

Do not use the ifconfig command to configure the addresses of the ppp interface. The pppd daemon assigns addresses and identifies the interface as running.

Whether you run pppd manually on the remote machine or use a script file on the local machine to run pppd on the remote machine, do not provide a device name to pppd; it uses the controlling tty by default.

Once you have configured your system for a PPP dial-out connection, initiate the connection as follows:

Invoke the pppd daemon on the local system to connect to the remote system. For example, the following command starts a link on tty01 and specifies the connect option to run the chat program using the specified chat script file.
```
% pppd /dev/tty01 38400 connect 'chat -f /etc/ppp/chat-script'
```

Issue the following command to monitor the ppp-log file and to determine whether the PPP connection is active:
```
% tail -f /etc/ppp/ppp-log
```

If problems occur while using PPP, see Section 14.15.

5.2.3.5.1 Connecting to a Microsoft NT Remote Access Server

This section describes how to establish a dial-out connection from a Tru64 UNIX system to a Microsoft NT Remote Access Server (RAS).

You will need to supply the following information in the /etc/ppp/chap-secrets file:

NT login name and password

NT domain name

For details on creating the /etc/ppp/chap-secrets file, refer to Section 5.2.3.3.2 and the pppd(8) reference page.

Configuring an NT RAS Server

To configure a Tru64 UNIX system to allow dial-out access to an NT RAS server, do the following:

Log in as root.

Create an /etc/ppp/chap-secrets file. For example, if you are dialing into a server named money with a username of monopoly and a password of candlestick, create the chap-secrets file as follows:
```
#
# secret for logging into an NT RAS server
#
  monopoly   money   candlestick
```

Issue the pppd command with the user and remote name arguments to select the secret for the server money. For example:
```
# pppd tty00 38400 username monopoly remotename money
 
```

If the RAS server you dial out to is not a standalone server or a domain controller, you might need to prepend your NT domain name to your username. To do this from the command line, enter a command similar to the following in which empire is the domain name:

# pppd tty00 38400 user 'empire\\monopoly' remotename money

Note

Single quotes are required in the previous example to escape the backslash characters.

Alternatively, you can place this information in the /etc/ppp/chap-secrets file as follows:

#
# secret for logging into an NT RAS server
#
empire\\monopoly    money   candlestick

You can also use the chat program to automate any dialog that is required to establish a dial-out connection. See Section 5.2.1.1 for information on using the chat program.

During authentication, Microsoft Windows does not send its node name to the PPP peer. The peer must know beforehand the node name of the Microsoft Windows system to select the correct secret from the chap-secrets file. You can do this by setting the remotename option of the pppd daemon. If this is not done, authentication might fail and the PPP link will be disconnected.

Solving Microsoft CHAP Authentication Problems

Microsoft CHAP (MS-CHAP) returns error codes if authentication fails. To log the error messages, invoke the pppd command with the debug option. The error code format is as follows:

rcvd [CHAP Failure id=0x0 "E=NUM R=1"]

NUM is the error code that MS-CHAP returns.

Possible error codes include:

Error Code	Explanation
E=646	Your NT account has restricted log in hours. At this time of day you may not log on.
E=647	Your NT account has been disabled.
E=648	Your NT account password has expired. (Note that `pppd` cannot negotiate a change of password.)
E=649	You are not permitted to dial in.
E=691	The RAS server could not validate your username. You supplied an incorrect password, or you need to prepend your domain name to your username.

5.2.4 Configuring a Dial-In System with PPP

If the system will answer calls from remote systems, you must establish a dial-in connection, which requires you to perform the following tasks:

Setting up initial communications

Creating options files

The following sections discuss these configuration tasks.

5.2.4.1 Setting Up Initial Communications for a Dial-In System

To configure a dial-in system, complete the following steps after you connect your modem to a serial port:

Set up your modem for dial-in access. See Section 5.3.2 for more information.

Edit the /etc/passwd file and create a dedicated entry for a PPP user. For the login shell field, specify /usr/sbin/startppp, which starts the pppd daemon for dial-in connections. For example:
```
ppp1:password:10:20:Remote PPP User:/usr/users/guest:/usr/sbin/startppp
 
```

Edit the /etc/inittab file and create an entry for each terminal device that is to run PPP. For example:
```
modem:3:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100
```
See inittab(4) for more information.

Issue the init q command to immediately start the getty process.

If the dial-in system will be a gateway for the dial-out system to reach other systems on the LAN, the dial-in system must be configured as an IP router and must run the gated daemon. Edit the /etc/gated.conf file and delete the nobroadcast option (if specified) in the rip statement. See Chapter 2 for basic network setup information and gated.conf(4) for gated options.

5.2.4.2 Creating Options Files for a Dial-In System

Use the SysMan Menu of the Common Desktop Environment (CDE) Application Manager to create PPP options files. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

To create an options file for a dial-in system, do the following:

From the SysMan Menu, select Networking-->Additional Network Services-->Serial Line Networking-->Point-to-Point Protocol (PPP)-->Create option files to display the PPP Option Files dialog box.

Select a file from the list that is displayed and select Modify. Or, do the following to create a new options file:
1. Select the New File option to display the Create PPP Options File dialog box.
2. Enter the new file name and select OK.
The Modify PPP Options File dialog box is displayed.

Select Dial-In Options and select Configure to display the Dial-In Options dialog box. Complete the input fields using the information that you gathered on the PPP Setup Worksheet. By default, an entry is automatically added to the Address Resolution Protocol (ARP) table. If you do not want an entry to be added, set the appropriate radio button to the On position.

Select OK to close the Dial-In Options dialog box.

Select Advanced PPP Options if you want to configure additional PPP options. Make the necessary changes, then select OK to close the associated dialog box.

Select OK in the Modify PPP Options File dialog box to save the changes and to close the dialog box.

Select Exit to close the PPP Option Files dialog box.

You can also use the SysMan Menu utility to copy, modify, and delete option files. See the online help for more information.

5.2.5 Terminating PPP Connections

To terminate the PPP link, send a TERM or INTR signal to one of the pppd daemons by issuing the following command:

# kill `cat /etc/ppp/pppxx.pid`

In the previous command, pppxx specifies the pppd used for the PPP connection. The pppd specified in the command notifies other related pppd daemons to terminate (clean up and exit).

If pppd is connected to a hardware serial port connected to a modem, it should receive a HUP signal when the modem hangs up, which causes it to clean up and exit. This action depends on the driver and its current settings.

5.3 Guidelines for Using Modems

The operating system software enables you to use a variety of modems for point-to-point connections to systems that are not in close proximity to each other. These connections can be Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP), and UNIX-to-UNIX Copy Program (UUCP) connections. In addition, these connections can be basic dial-out/dial-in connections; for example, you can log in to a remote system to perform remote system administration.

This section presents general guidelines for using modems on Tru64 UNIX systems for all types of connections. See Section 5.1.2.1 for specific information on SLIP and PPP connections and see Chapter 10 for information about UUCP connections.

5.3.1 Using the Correct Modem Cables

You must use the correct cable to connect a modem to the serial port. Use of an incorrect cable might result in signal loss and associated software errors. Table 5-7 lists the cables you should use to connect modems. The cable connector is either 25-pin or 9-pin, depending on the type of serial port on your system. See the hardware documentation for your system if you are uncertain about the type of serial port.

Note

DECconnect cables do not provide a sufficient number of wires for full modem control; do not use them.

Table 5-7: Types of Modem Cable

Cable Number	Description
`BC22E-xx` ^{[Footnote 3]}	16-wire modem cable (male DB25 pin to female DB25 pin cable)
`BC22F-xx` ^{[Footnote 3]}	25-wire modem cable (male DB25 pin to female DB25 pin cable)
`BC29P-xx` ^{[Footnote 3]}	Male DB25 pin to female DB9 pin cable
PC modem cable	Male DB25 pin to female DB9 pin cable

5.3.2 Configuring a System for Dial-In Access

After you obtain the correct cable and connect your modem to it and the telephone network, do the following:

Edit the /etc/remote file and create an entry similar to the kdebug entry. For example, if your modem is connected to the tty00 port and you will use a speed of 38,400 bps to access the modem, create an entry similar to the following:
```
b38400:dv=/dev/tty00:br#38400:pa=none
 
```
Note

Some modems set their speed to the serial port rate. Be sure to access the modem using the same speed that you will specify to the getty or uugetty utility. Otherwise, you might not be able to log in because of a mismatch.

Use the tip command to access the modem as follows:
```
tip b38400
```
The tip utility responds with a connected message. You can now communicate with the modem.

If your modem uses the AT command set, a standard language for communication between terminals and modems, enter the following command to verify that the modem is ready and listening:
```
at [Return]
```
If the modem is not in quiet mode, it responds with an OK message.

Configure the modem for dial-in access as specified in Section 5.3.2.1.

Edit the /etc/inittab file and create an entry for the modem. If you want to use the modem line in nonshared mode, create an entry similar to the following:
```
modem:23:respawn:/usr/sbin/getty /dev/tty00 M38400 vt100
 
```
If you want to use the modem line in shared mode (for dial-out and dial-in connections), use the uugetty utility instead of the getty utility and create an entry similar to the following:
```
modem:23:respawn:/usr/lib/uucp/uugetty -r -t 60 tty00 38400
 
```
If you specify a speed greater than 9600 bps, you must edit the /etc/uugettydefs file and create an entry for the speed you want.
With the uugetty utility, you can use the tip and cu utilities, but differences in file locking might prevent the use of third-party utilities.

Note

If you want to use the uugetty utility, you must install the UNIX-to-UNIX Copy Facility subset.

As root, start the getty or uugetty process by entering the following command:
```
init q
```
The getty or uugetty process starts, then goes to sleep, waiting for someone to dial in to the system.

5.3.2.1 Setting Up a Modem for Dial-In Access

To configure your modem for dial-in access, you need to send various commands to the modem by using the AT command set. Table 5-8 lists the AT commands required. These command settings are generally the same as the default settings for most modems, but you can enter them again to verify that your modem is correctly configured.

Table 5-8: Modem Commands for Dial-In Access

Command	Description
`at&c1`	Normal Carrier Detect (CD) operation. Tells the modem not to raise Carrier Detect until it sees Carrier Detect from the other modem.
`at&d2`	Normal Data Terminal Ready (DTR) operation. This tells the modem to hang up the line when DTR drops. For example, when the user logs off the system.
`atq1`	Sets the modem to quiet mode. Result codes are not sent to the system.
`ate0`	Echo off. This prevents the modem from echoing the login prompt issued by the `getty` process.
`ats0=n`	Specifies the number of rings to wait before answering. If `n` = 0 (zero), the modem will not answer.
`at&w0`	Saves the current modem settings in NVRAM.

You can enter these commands individually or as one command. For example:

at&c1&d2q1e0s0=n&w0 [Return]

Enter the following command to verify the results (these characters are not displayed on the screen because you turned echo off with the e0 command):

at&v[Return]

The active profile and stored profile 0 should both reflect the values you entered.

In addition to the specified settings, you should configure the type of flow control to use for the connection between the computer and the modem. The operating system supports both hardware and software flow control. If your computer supports hardware flow control, set the modem and the serial line to use hardware flow control by using the appropriate commands. If hardware flow control is not supported, you should use software flow control. See the manuals for your computer and your modem for more information.

5.3.3 Configuring Your System for Dial-Out Access

After you obtain the correct cable and connect your modem to it and the telephone network, do the following:

Verify that there is an entry for the modem specified with the modemtype subcommand in the /etc/acucap file. If an entry does not exist, do the following:
1. Copy an entry similar to that of your modem. The following entry is for a US Robotics modem for use in shared mode with tip:
```
us|US|US Robotics (28.8 fax/data modem):\
      :cr:hu:ls:re:ss=AT\rATE1Q0&C0X0&A0\r:sr=OK:\
      :sd#250000:di=ATD:dt\r:\
      :dd#50000:fd#50:os=CONNECT:ds=\d+++\dATZ\r\dATS0=2\r:\
      :ab=\d+++\dATZ\r\dATS0=2:
```
2. Modify the modem attributes to match those of your modem and include the debug option (db). With debugging turned on, the modem will provide you with additional information with which to tune the modem attributes in the file. See acucap(4) for more information.

Create an entry in the /etc/remote file for the system you want to call, as specified in Section 5.3.3.1.

If you use the getty utility to provide access to the system from a modem and a getty process is already running, do the following:
1. Edit the /etc/inittab file and change the Action field of the modem entry from respawn to off as follows:
```
modem:23:off:/usr/sbin/getty /dev/tty00 M38400 vt100
 
```
  See inittab(4) for more information.
2. Issue the init q command to terminate the getty process.

Use the tip command, specifying the -baud_rate flag and the telephone number to dial out as follows:
```
tip -38400 8881234
```
In this example, tip strips the minus sign (-) from the baud rate and concatenates the tip command name and the baud rate to create the string tip38400. Then, tip searches the /etc/remote file for the entry matching the string. The entry in the /etc/remote file points to the capability information in the us38400 entry to initialize the modem.
You can specify the telephone number on the command line to share the same modem attributes for outgoing connections that have different telephone numbers.
When you log off the remote system and exit tip, the saved settings are restored and the modem is ready for the next user. If used in shared mode, the modem is available for dial-in access.

5.3.3.1 Creating Entries in the /etc/remote File

The /etc/remote file stores information about the dial-out connections that you establish.

You can use this file to supply the terminal device name, connection speed, and the /etc/acucap file that defines your modem. For example, the following two entries are for the modem specified in step 1a of Section 5.3.3:

tip38400:tc=us38400   [1]
us38400|38400 Baud dial out via US Robotics modem:\   [2]
      :el=^U^C^R^O^D^S^Q@:ie=#%$:oe=^D:\   [3]
      :dv=/dev/tty00:br#38400:ps=none:at=us:du:      [4]

Points to the us38400 entry specifying shared capabilities for modems [Return to example]

First line of the us38400 entry [Return to example]

Defines end-of-line characters, and input and output end-of-file marks [Return to example]

Defines the device to open for the connection, the speed, the parity, the name of the /etc/acucap entry, and the dial-up line [Return to example]

You might use generic entries like these to connect to any number of remote systems.

Optionally, you can create an entry for each remote system you contact. Then you can include settings that are specific to those systems, for example, their phone numbers. See remote(4) for more information.