This chapter provides detailed conceptual information about Solaris PPP 4.0. Topics include the following:Using PPP Options in Files and on the Command Line Configuring User-Specific Options Specifying Information for Communicating With the Dial-in Server Configuring Modem Speed for a Dial-up Link Defining the Conversation on the Dial-up Link Authenticating Callers on a Link Creating an IP Addressing Scheme for Callers Creating PPPoE Tunnels for DSL Support Solaris PPP 4.0 contains a large set of options, which you use to define your PPP configuration. You use these options in the PPP configuration files, or on the command line, or by using a combination of files and command-line options. This section contains detailed information about the use of PPP options in configuration files and as arguments to PPP commands.Solaris PPP 4.0 configuration is very flexible.You can define PPP options in the following places:PPP configuration files PPP commands that are issued on the command line A combination of both places The next table lists the PPP configuration files and commands.File or Command Definition For Information /etc/ppp/options A file that contains characteristics that apply by default to all PPP links on the system, for example, whether the machine requires peers to authenticate themselves. If this file is absent, nonroot users are prohibited from using PPP. /etc/ppp/options Configuration File /etc/ppp/options.ttyname A file that describes the characteristics of all communications over the serial port ttyname. /etc/ppp/options.ttyname Configuration File /etc/ppp/peers Directory that usually contains information about peers with which a dial-out machine connects. Files in this directory are used with the call option of the pppd command. Specifying Information for Communicating With the Dial-in Server /etc/ppp/peers/peer-name A file that contains characteristics of the remote peer peer-name. Typical characteristics include the remote peer's phone number and chat script for negotiating the link with the peer. /etc/ppp/peers/peer-name File /etc/ppp/pap-secrets A file that contains the necessary security credentials for Password Authentication Protocol (PAP) authentication. /etc/ppp/pap-secrets File /etc/ppp/chap-secrets A file that contains the necessary security credentials for Challenge-Handshake Authentication Protocol (CHAP) authentication. /etc/ppp/chap-secrets File ~/.ppprc File in the home directory of a PPP user, most often used with dial-in servers. This file contains specific information about each user's configuration. Configuring $HOME/.ppprc on a Dial-in Server pppd options Command and options for initiating a PPP link and describing its characteristics. How PPP Options Are Processed Refer to the pppd1M man page for details on the PPP files. pppd (1M) also includes comprehensive descriptions of all options that are available to the pppd command. Sample templates for all the PPP configuration files are available in /etc/ppp. The pppd daemon parses the following:All Solaris PPP 4.0 operations are handled by the pppd daemon, which starts when a user runs the pppd command. When a user calls a remote peer, the following occurs:/etc/ppp/options $HOME/.ppprc Any files that are opened by the file or call option in /etc/ppp/options and $HOME/.ppprc pppd scans the command line to determine the device in use. The daemon does not yet interpret any options that are encountered. pppd tries to discover the serial device to use by using these criteria:If a serial device is specified on the command line, or a previously processed configuration file, pppd uses the name of that device. If no serial device is named, then pppd searches for the notty, pty, or socket option on the command line. If one of these options is specified, pppd assumes that no device name exists. Otherwise, if pppd discovers that standard input is attached to a tty, then the name of the tty is used. If pppd still cannot find a serial device, pppd terminates the connection and issues an error. pppd then checks for the existence of the /etc/ppp/options.ttyname file. If the file is found, pppd parses the file. pppd processes any options on the command line. pppd negotiates the Link Control Protocol (LCP) to set up the link. (Optional) If authentication is required, pppd reads /etc/ppp/pap-secrets or /etc/ppp/chap-secrets to authenticate the opposite peer. The file /etc/ppp/peers/peer-name is read when the pppd daemon encounters the option call peer-name on the command line or in the other configuration files. Solaris PPP 4.0 configuration includes the concept of privileges. Privileges determine the precedence of configuration options, particularly when the same option is invoked in more than one place. An option that is invoked from a privileged source takes precedence over the same option that is invoked from a nonprivileged source.The only privileged user is superuser (root), with the UID of zero. All other users are not privileged. The following configuration files are privileged regardless of their ownership:/etc/ppp/options /etc/ppp/options.ttyname /etc/ppp/peers/peer-name The file $HOME/.ppprc is owned by the user. Options that are read from $HOME/.ppprc and from the command line are privileged only if the user who is invoking pppd is root.Arguments that follow the file option are privileged. Some options require the invoking user or source to be privileged in order to work. Options that are invoked on the command line are assigned the privileges of the user who is running the pppd command. These options are not privileged unless the user who is invoking pppd is root.Option Status Explanation domain Privileged Requires privileges for use. linkname Privileged Requires privileges for use. noauth Privileged Requires privileges for use. nopam Privileged Requires privileges for use. pam Privileged Requires privileges for use. plugin Privileged Requires privileges for use. privgroup Privileged Requires privileges for use. allow-ip addresses Privileged Requires privileges for use. name hostname Privileged Requires privileges for use. plink Privileged Requires privileges for use. noplink Privileged Requires privileges for use. plumbed Privileged Requires privileges for use. proxyarp Becomes privileged if noproxyarp has been specified Cannot be overridden by an unprivileged use. defaultroute Privileged if nodefaultroute is set in a privileged file or by a privileged user Cannot be overridden by an unprivileged user. disconnect Privileged if set in a privileged file or by a privileged user Cannot be overridden by an unprivileged user. bsdcomp Privileged if set in a privileged file or by a privileged user The nonprivileged user cannot specify a code size that is larger than the privileged user has specified. deflate Privileged if set in a privileged file or by a privileged user The nonprivileged user cannot specify a code size that is larger than the privileged user has specified. connect Privileged if set in a privileged file or by a privileged user Cannot be overridden by an nonprivileged user. init Privileged if set in a privileged file or by a privileged user Cannot be overridden by an nonprivileged user. pty Privileged if set in a privileged file or by a privileged user Cannot be overridden by an nonprivileged user. welcome Privileged if set in a privileged file or by a privileged user Cannot be overridden by an nonprivileged user. ttyname Privileged if set in a privileged fileNot privileged if set in a nonprivileged file Opened with root permissions regardless of who invokes pppd.Opened with the privileges of the user who invokes pppd. You use the /etc/ppp/options file to define global options for all PPP communications on the local machine. /etc/ppp/options is a privileged file. /etc/ppp/options should be owned by root, although pppd does not enforce this rule. Options that you define in /etc/ppp/options have precedence over definitions of the same options in all other files and the command line. Typical options that you might use in /etc/ppp/options include the following:lock – Enables UUCP-style file locking noauth – Indicates that the machine does not authenticate callers The Solaris PPP 4.0 software does not include a default /etc/ppp/options file. pppd does not require the /etc/ppp/options file to work. If a machine does not have an /etc/ppp/options file, only root can run pppd on that machine. You must create /etc/ppp/options by using a text editor, as shown in How to Define Communications Over the Serial Line. If a machine does not require global options, you can create an empty /etc/ppp/options file. Then, both root and regular users can run pppd on the local machine.The /etc/ppp/options.tmpl contains helpful comments about the /etc/ppp/options file plus three common options for the global /etc/ppp/options file.lock nodefaultroute noproxyarpOption Definition lock Enables UUCP-style file locking nodefaultroute Specifies that no default route is defined noproxyarp Disallows proxyarp To use /etc/ppp/options.tmpl as the global options file, rename /etc/ppp/options.tmpl to /etc/ppp/options. Then, modify the file contents as needed by your site. To find examples of the /etc/ppp/options file, refer to the following:For a dial-out machine, see How to Define Communications Over the Serial Line. For a dial-in server, see How to Define Communications Over the Serial Line (Dial-in Server). For PAP support on a dial-in server, see How to Add PAP Support to the PPP Configuration Files (Dial-in Server). For PAP support on a dial-out machine, see How to Add PAP Support to the PPP Configuration Files (Dial-out Machine). For CHAP support on a dial-in server, see How to Add CHAP Support to the PPP Configuration Files (Dial-in Server). You can configure the characteristics of communications on the serial line in the /etc/ppp/options.ttyname file. /etc/ppp/options.ttyname is a privileged file that is read by pppd after parsing any existing /etc/ppp/options and existing $HOME/.ppprc files. Otherwise, pppd reads /etc/ppp/options.ttyname after parsing /etc/ppp/options.ttyname is used for both dial-up and leased-line links. ttyname represents a particular serial port on a machine, such as cua/a or cua/b, where a modem or ISDN TA might be attached. When naming the /etc/ppp/options.ttyname file, replace the slash (/) in the device name with a dot (.). For example, the options file for device cua/b should be named /etc/ppp/options.cua.b. Solaris PPP 4.0 does not require an /etc/ppp/options.ttyname file to work correctly. Your server might have only one serial line for PPP. Furthermore, the server requires few options. In this instance, you can specify any required options in another configuration file or on the command line. For a dial-up link, you might choose to create individual /etc/ppp/options.ttyname files for every serial port on a dial-in server with a modem attached. Typical options include the following:IP address required by the dial-in serverSet this option if you require incoming callers on serial port ttyname to use a particular IP address. Your address space might have a limited number of IP addresses that are available for PPP in comparison to the number of potential callers. In this situation, consider assigning an IP address to each serial interface that is used for PPP on the dial-in server. This assignment implements dynamic addressing for PPP. asyncmap map-valueThe asyncmap option maps control characters that cannot be received over the serial line by the particular modem or ISDN TA. When the xonxoff option is used, pppd automatically sets an asyncmap of 0xa0000.map-value states, in hexadecimal format, the control characters that are problematic. init "chat -U -f /etc/ppp/mychat"The init option tells the modem to initialize communications over the serial line by using the information in the chat U command. The modem uses the chat string in the file /etc/ppp/mychat. Security parameters that are listed in the pppd(1m) man page For a dial-out system, you can create an /etc/ppp/options.ttyname file for the serial port that is connected to the modem, or choose not to use /etc/ppp/options.ttyname. Solaris PPP 4.0 does not require an /etc/ppp/options.ttyname file to work correctly. A dial-out machine might have only one serial line for PPP. Furthermore, the dial-out machine might require few options. You can specify any required options in another configuration file or on the command line. The /etc/ppp/options.ttya.tmpl file contains helpful comments about the /etc/ppp/options.tty-name file. The template contains three common options for the /etc/ppp/options.tty-name file.38400 asyncmap 0xa0000 :192.168.1.1 Option Definition 38400 Use this baud rate for port ttya. asyncmap 0xa0000 Assign the asyncmap value of 0xa0000 so that the local machine can communicate with broken peers. :192.168.1.1 Assign the IP address 192.168.1.1 to all peers that are calling in over the link. To use /etc/ppp/options.ttya.tmpl at your site, rename /etc/ppp/options.tmpl to /etc/ppp/options.ttya-name. Replace ttya-name with the name of the serial port with the modem. Then modify the file contents as needed by your site. To find examples of the /etc/ppp/options.ttyname files, refer to the following:For a dial-out machine, see How to Define Communications Over the Serial Line. For a dial-in server, see How to Define Communications Over the Serial Line (Dial-in Server). This section contains detailed information about setting up users on the dial-in server.The $HOME/.ppprc file is intended for users who are configuring preferred PPP options. As administrator, you can also configure $HOME/.ppprc for users.The options in $HOME/.ppprc are privileged only when the user who is invoking the file is privileged.When a caller uses the pppd command to initiate a call, the .ppprc file is the second file that is checked by the pppd daemon.See Setting Up Users of the Dial-in Server for instructions about setting up $HOME/.ppprc on the dial-in server. The $HOME/.ppprc file is not needed on the dial-out machine for Solaris PPP 4.0 to work correctly. Additionally, you do not need to have a $HOME/.ppprc on a dial-out machine, except for special circumstances. Create one or more .ppprc files if you do the following:Allow multiple users with differing communications needs to call remote peers from the same machine. In such an instance, create individual .ppprc files in the home directories of each user who must dial out. Need to specify options that control problems specific to your link, such as disabling Van Jacobson compression. See James Carlson's PPP Design, Implementation, and Debugging and the pppd1M man page for assistance in troubleshooting link problems. Because the .ppprc file is most often used when configuring a dial-in server, refer to How to Configure Users of the Dial-in Server for configuration instructions for .ppprc. To communicate with a dial-in server, you need to gather information about the server. Then edit a few files. Most significantly, you must configure the communications requirements of all dial-in servers that the dial-out machine needs to call. You can specify options about a dial-in server, such as an ISP phone number, in the /etc/ppp/options.ttyname file. However, the optimum place to configure peer information is in /etc/ppp/peers/peer-name files.The /etc/ppp/peers/peer-name file is not needed on the dial-out machine for Solaris PPP 4.0 to work correctly. Use the /etc/ppp/peers/peer-name file to provide information for communicating with a particular peer. /etc/ppp/peers/peer-name allows ordinary users to invoke preselected privileged options that users are not allowed to set.For example, a nonprivileged user cannot override the noauth option if noauth is specified in the /etc/ppp/peers/peer-name file. Suppose the user wants to set up a link to peerB, which does not provide authentication credentials. As superuser, you can create a /etc/ppp/peers/peerB file that includes the noauth option. noauth indicates that the local machine does not authenticate calls from peerB.The pppd daemon reads /etc/ppp/peers/peer-name when pppd encounters the following option: call peer-nameYou can create a /etc/ppp/peers/peer-name file for each target peer with which the dial-out machine needs to communicate. This practice is particularly convenient for permitting ordinary users to invoke special dial-out links without needing root privileges.Typical options that you specify in /etc/ppp/peers/peer-name include the following:user user-nameSupply user-name to the dial-in server, as the login name of the dial-out machine, when authenticating with PAP or CHAP. remotename peer-nameUse peer-name as the name of the dial-in machine. remotename is used in conjunction with PAP or CHAP authentication when scanning the /etc/ppp/pap-secrets or /etc/ppp/chap-secrets files. connect "chat chat_script..." Open communication to the dial-in server by using the instructions in the chat script. noauthDo not authenticate the peer peer-name when initiating communications. noipdefaultSet the initial IP address that is used in negotiating with the peer to 0.0.0.0. Use noipdefault when setting up a link to most ISPs to help facilitate IPCP negotiation between the peers. defaultrouteInstall a default IPv4 route when IP is established on the link. See the pppd1M man page for more options that might apply to a specific target peer. The /etc/ppp/peers/myisp.tmpl file contains helpful comments about the /etc/ppp/peers/peer-name file. The template concludes with common options that you might use for an /etc/ppp/peers/peer-name file:connect "/usr/bin/chat -f /etc/ppp/myisp-chat" user myname remotename myisp noauth noipdefault defaultroute updetach noccp Option Definition connect "/usr/bin/chat -f /etc/ppp/myisp-chat" Call the peer by using the chat script /etc/ppp/myisp-chat. user myname Use this account name for the local machine. myname is the name for this machine in the peer's /etc/ppp/pap-secrets file. remotename myisp Recognize myisp as the name of the peer in the local machine's /etc/ppp/pap-secrets file. noauth Do not require calling peers to provide authentication credentials. noipdefault Do not use a default IP address for the local machine. defaultroute Use the default route that is assigned to the local machine. updetach Log errors in the PPP log files, rather than on the standard output. noccp Do not use CCP compression. To use /etc/ppp/peers/myisp.tmpl at your site, rename /etc/ppp/peers/myisp.tmpl to /etc/ppp/peers/.peer-name. Replace peer-name with the name of the peer to be called. Then modify the file contents as needed by your site. To find examples of the /etc/ppp/peers/peer-name files, refer to the following:For a dial-out machine, see How to Define the Connection With an Individual Peer. For a local machine on a leased line, see How to Configure a Machine on a Leased Line. For support of PAP authentication on a dial-out machine, see How to Add PAP Support to the PPP Configuration Files (Dial-out Machine). For support of CHAP authentication on a dial-out machine, see How to Add CHAP Support to the PPP Configuration Files (Dial-out Machine). For support of PPPoE on a client system, see Setting Up the PPPoE Client. A major issue in modem configuration is designating the speed at which the modem should operate. The following guidelines apply to modems that are used with Sun Microsystems computers:Older SPARC systems – Check the hardware documentation that accompanies the system. Many SPARCstation machines require modem speed not to exceed 38400 bps. UltraSPARC machines – Set the modem speed to 115200 bps, which is useful with modern modems and fast enough for a dial-up link. If you plan to use a dual-channel ISDN TA with compression, you need to increase the modem speed. The limit on an UltraSPARC is 460800 bps for an asynchronous link. For a dial-out machine, set the modem speed in the PPP configuration files, such as /etc/ppp/peers/peer-name, or by specifying the speed as an option for pppd.For a dial-in server, you need to set the speed by using the ttymon facility or the Solaris Management Console, as described in Configuring Devices on the Dial-in Server. The dial-out machine and its remote peer communicate across the PPP link by negotiating and exchanging various instructions. When configuring a dial-out machine, you need to determine what instructions are required by the local and remote modems. Then you create a file that is called a chat script that contains these instructions. This section discusses information about configuring modems and creating chat scripts.Each remote peer that the dial-out machine needs to connect to probably requires its own chat script.Chat scripts are typically used only on dial-up links. Leased-line links do not use chat scripts unless the link includes an asynchronous interface that requires startup configuration. The contents of the chat script are determined by the requirements of your modem model or ISDN TA, and the remote peer. These contents appear as a set of expect-send strings. The dial-out machine and its remote peers exchange the strings as part of the communications initiation process. An expect string contains characters that the dial-out host machine expects to receive from the remote peer to initiate conversation. A send string contains characters that the dial-out machine sends to the remote peer after receiving the expect string.Information in the chat script usually includes the following:Modem commands, often referred to as AT commands, which enable the modem to transmit data over the telephone Phone number of the target peerThis phone number might be the number that is required by your ISP, or a dial-in server at a corporate site, or an individual machine. Time-out value, if required Login sequence that is expected from the remote peer Login sequence that is sent by the dial-out machine This section contains chat scripts that you can use as a reference for creating your own chat scripts. The modem manufacturer's guide and information from your ISP and other target hosts contain chat requirements for the modem and your target peers. In addition, numerous PPP web sites have sample chat scripts. The following is a basic chat script that you can use as a template for creating your own chat scripts.ABORT BUSY ABORT 'NO CARRIER' REPORT CONNECT TIMEOUT 10 "" AT&F1M0&M5S2=255 SAY "Calling myserver\n" TIMEOUT 60 OK "ATDT1-123-555-1212" ogin: pppuser ssword: \q\U % pppdThe next table describes the contents of the chat script.Script Contents Explanation ABORT BUSY Abort transmission if the modem receives this message from the opposite peer. ABORT 'NO CARRIER' Abort transmission if the modem reports ABORT 'NO CARRIER' when dialing. The cause for this message is usually a dialing or modem negotiation failure. REPORT CONNECT Gather the CONNECT string from the modem. Print the string. TIMEOUT 10 Set initial timeout to 10 seconds. The modem's response should be immediate. "" AT&F1M0&M5S2=255 M0 – Turn off the speaker during connect.&M5 – Make the modem require error control. S2=255 – Disable the TIES “+++” break sequence. SAY "Calling myserver\n" Display the message Calling myserver on the local machine. TIMEOUT 60 Reset the timeout to 60 seconds to allow more time for link negotiation. OK "ATDT1-123-555-1212" Call the remote peer by using the phone number 123-555-1212. ogin: pppuser Log in to the peer by using UNIX-style login. Supply the user name pppuser. ssword: \q\U \q – Do not log if debugging with the v option.\U – Insert in this location the contents of the string that follows U, which is specified on the command line. Usually, the string contains the password. % pppd Wait for the % shell prompt, and run the pppd command. Solaris PPP 4.0 includes the /etc/ppp/myisp-chat.tmpl, which you can modify for use at your site. /etc/ppp/myisp-chat.tmpl is similar to the basic modem chat script except that the template does not include a login sequence.ABORT BUSY ABORT 'NO CARRIER' REPORT CONNECT TIMEOUT 10 "" "AT&F1" OK "AT&C1&D2" SAY "Calling myisp\n" TIMEOUT 60 OK "ATDT1-123-555-1212" CONNECT \cScript Contents Explanation ABORT BUSY Abort transmission if the modem receives this message from the opposite peer. ABORT 'NO CARRIER Abort transmission if the modem reports ABORT 'NO CARRIER' when dialing. The cause for this message is usually a dialing or modem negotiation failure. REPORT CONNECT Gather the CONNECT string from the modem. Print the string. TIMEOUT 10 Set initial timeout to 10 seconds. The modem's response should be immediate. "" "AT&F1" Reset the modem to factory defaults. OK "AT&C1&D2" Reset the modem so that, for &C1, DCD from the modem follows carrier. If the remote side hangs up the phone for some reason, then the DCD drops. For &D2, DTR high-to-low transition causes the modem to go “on-hook” or hang up. SAY "Calling myisp\n" Display the message “Calling myisp” on the local machine. TIMEOUT 60 Reset the timeout to 60 seconds to allow more time for link negotiation. OK "ATDT1-123-555-1212" Call the remote peer by using the phone number 123-555-1212. CONNECT \c Wait for the CONNECT message from the opposite peer's modem. Use the next chat script as a template for calling an ISP from a dial-out machine with a U.S. Robotics Courier modem.ABORT BUSY ABORT 'NO CARRIER' REPORT CONNECT TIMEOUT 10 "" AT&F1M0&M5S2=255 SAY "Calling myisp\n" TIMEOUT 60 OK "ATDT1-123-555-1212" CONNECT \c \r \d\c SAY "Connected; running PPP\n"The following table describes the contents of the chat script.Script Contents Explanation ABORT BUSY Abort transmission if the modem receives this message from the opposite peer. ABORT 'NO CARRIER' Abort transmission if the modem receives this message from the opposite peer. REPORT CONNECT Gather the CONNECT string from the modem. Print the string. TIMEOUT 10 Set initial timeout to 10 seconds. The modem's response should be immediate. "" AT&F1M0M0M0M0&M5S2=255 M0 – Turn off the speaker during connect.&M5 – Make the modem require error control. S2=255 – Disable the TIES “+++” break sequence. SAY "Calling myisp\n" Display the message Calling myisp on the local machine. TIMEOUT 60 Reset the timeout to 60 seconds to allow more time for link negotiation. OK "ATDT1-123-555-1212" Call the remote peer by using the phone number 123-555-1212. CONNECT \c Wait for the CONNECT message from the opposite peer's modem. \r \d\c Wait until the end of the CONNECT message. SAY “Connected; running PPP\n” Display the informative message Connected; running PPP on the local machine. The next chat script is a basic script that is enhanced for calling a remote Solaris peer or other UNIX-type peer. This chat script is used in How to Create the Instructions for Calling a Peer. SAY "Calling the peer\n" TIMEOUT 10 ABORT BUSY ABORT 'NO CARRIER' ABORT ERROR REPORT CONNECT "" AT&F1&M5S2=255 TIMEOUT 60 OK ATDT1-123-555-1234 CONNECT \c SAY "Connected; logging in.\n" TIMEOUT 5 ogin:--ogin: pppuser TIMEOUT 20 ABORT 'ogin incorrect' ssword: \qmypassword "% " \c SAY "Logged in. Starting PPP on peer system.\n" ABORT 'not found' "" "exec pppd" ~ \cThe following table explains the parameters of the chat script.Script Contents Explanation TIMEOUT 10 Set initial timeout to 10 seconds. The modem's response should be immediate. ABORT BUSY Abort transmission if the modem receives this message from the opposite peer. ABORT 'NO CARRIER' Abort transmission if the modem receives this message from the opposite peer. ABORT ERROR Abort transmission if the modem receives this message from the opposite peer. REPORT CONNECT Gather the CONNECT string from the modem. Print the string. "" AT&F1&M5S2=255 &M5 – Make the modem require error control. S2=255 – Disable the TIES “+++” break sequence. TIMEOUT 60 Reset the timeout to 60 seconds to allow more time for link negotiation. OK ATDT1-123-555-1234 Call the remote peer by using the phone number 123-555-1212. CONNECT \c Wait for the CONNECT message from the opposite peer's modem. SAY "Connected; logging in.\n" Display the informative message Connected; logging in to give the user status. TIMEOUT 5 Change the timeout to enable quick display of the login prompt. ogin:--ogin: pppuser Wait for the login prompt. If the prompt is not received, send a RETURN and wait. Then, send the user name pppuser to the peer. The sequence that follows is referred to by most ISPs as the PAP login. However, the PAP login is not related in any way to PAP authentication. TIMEOUT 20 Change the timeout to 20 seconds to allow for slow password verification. ssword: \qmysecrethere Wait for the password prompt from the peer. When the prompt is received, send the password \qmysecrethere. The \q prevents the password from being written to the system log files. "% " \c Wait for a shell prompt from the peer. The chat script uses the C shell. Change this value if the user prefers to log in with a different shell. SAY "Logged in. Starting PPP on peer system.\n" Display the informative message Logged in. Starting PPP on peer system to give the user status. ABORT 'not found' Abort the transmission if the shell encounters errors. "" "exec pppd" Start pppd on the peer. ~ \c Wait for PPP to start on the peer. Starting PPP right after the CONNECT \c is often called a PAP login by ISPs, though the PAP login is actually not part of PAP authentication.The phrase ogin:--ogin: pppuser instructs the modem to send the user name pppuser in response to the login prompt from the dial-in server. pppuser is a special PPP user account name that was created for remote user1 on the dial-in server. For instructions about creating PPP user accounts on a dial-in server, refer to How to Configure Users of the Dial-in Server. The following chat script is for calling from a dial-out machine with a ZyXEL omni.net. ISDN TA. SAY "Calling the peer\n" TIMEOUT 10 ABORT BUSY ABORT 'NO CARRIER' ABORT ERROR REPORT CONNECT "" AT&FB40S83.7=1&K44&J3X7S61.3=1S0=0S2=255 OK ATDI18882638234 CONNECT \c \r \d\c SAY "Connected; running PPP\n"The following table explains the parameters of the chat script.Script Contents Explanation SAY "Calling the peer" Display this message on the screen of the dial-out machine. TIMEOUT 10 Set the initial timeout to 10 seconds. ABORT BUSY Abort transmission if the modem receives this message from the opposite peer. ABORT 'NO CARRIER' Abort transmission if the modem receives this message from the opposite peer. ABORT ERROR Abort transmission if the modem receives this message from the opposite peer. REPORT CONNECT Gather the CONNECT string from the modem. Print the string. "" AT&FB40S83.7=1&K44&J3X7S61.3=1S0=0S2=255 The letters in this line have the following meaning:&F – Use factory default B40 – Do asynchronous PPP conversion S83.7=1 – Use data over speech bearer &K44 – Enable CCP compression &J3 – Enable MP X7 – Report DCE side rates S61.3=1 – Use packet fragmentation S0=0 – No auto answer S2=255 – Disable TIES escape OK ATDI18882638234 Make an ISDN call. For multilink, the second call is placed to the same telephone number, which is normally what is required by most ISPs. If the remote peer requires a different second phone number, append “+nnnn.”. nnnn represents the second phone number. CONNECT \c Wait for the CONNECT message from the opposite peer's modem. \r \d\c Wait until the end of the CONNECT message. SAY "Connected; running PPP\n" Display this message on the screen of the dial-out machine. Refer to the chat1M man page for descriptions of options and other detailed information about the chat script. For an explanation of expect-send strings, refer to Chat-Script Field in /etc/uucp/Systems File. A number of web sites offer sample chat scripts and assistance in creating the chat scripts. For example, see http://ppp.samba.org/ppp/index.html. You call chat scripts by using the connect option. You can use connect "chat ..." in any PPP configuration file or on the command line. Chat scripts are not executable, but the program that is invoked by connect must be executable. You might use the chat utility as the program to be invoked by connect. In this instance, if you store the chat script in an external file through the f option, then your chat script file is not executable.The chat program that is described in chat(1m) executes the actual chat script. The pppd daemon invokes the chat program whenever pppd encounters the connect "chat ..." option.You can use any external program, such as Perl or Tcl, to create advanced chat scripts. Solaris PPP 4.0 provides the chat utility as a convenience. Create the chat script as an ASCII file. Invoke the chat script in any PPP configuration file by using the following syntax:connect 'chat -f /etc/ppp/chatfile'The -f flag indicates that a file name is to follow. /etc/ppp/chatfile represents the name of the chat file. Give read permission for the external chat file to the user who runs the pppd command.The chat program always runs with the user's privileges, even if the connect 'chat ...' option is invoked from a privileged source. Thus, a separate chat file that is read with the -f option must be readable by the invoking user. This privilege can be a security problem if the chat script contains passwords or other sensitive information. You can place the entire chat script conversation on a single line, similar to the following:connect 'chat "" "AT&F1" OK ATDT5551212 CONNECT "\c"'The complete chat script follows the chat keyword. The script terminates with "\c"'. You use this form in any PPP configuration file or on the command line as an argument to pppd. If the chat script that is needed for a particular peer is long or complicated, consider creating the script as a separate file. External chat files are easy to maintain and to document. You can add comments to the chat file by preceding the comments with the hash (#) sign.The procedure How to Create the Instructions for Calling a Peer shows the use of a chat script that is contained in an external file. You can create a chat file that is an executable script to be run automatically when the dial-up link is initiated. Thus, you can run additional commands during link initiation, such as stty for parity settings, besides the commands that are contained in a traditional chat script.This executable chat script logs in to an old-style UNIX system that requires 7 bits with even parity. The system then changes to 8 bits with no parity when running PPP.#!/bin/sh chat "" "AT&F1" OK "ATDT555-1212" CONNECT "\c" stty evenp chat ogin: pppuser ssword: "\q\U" % "exec pppd" stty -evenp Use your text editor to create an executable chat program, such as the previous example. Make the chat program executable.# chmod +x /etc/ppp/chatprogram Invoke the chat program.connect /etc/ppp/chatprogramChat programs do not have to be located within the /etc/ppp file system. You can store chat programs in any location. This section explains how the PPP authentication protocols work and explains the databases that are associated with the authentication protocols.PAP authentication is somewhat similar in operation to the UNIX login program, though PAP does not grant shell access to the user. PAP uses the PPP configuration files and PAP database in the form of the /etc/ppp/pap-secrets file for setting up authentication. PAP also uses /etc/ppp/pap-secrets for defining PAP security credentials. These credentials include a peer name, a “user name” in PAP parlance, and a password. PAP credentials also contain related information for each caller who is permitted to link to the local machine. The PAP user names and passwords can be identical to or different from the UNIX user names and passwords in the password database.The PAP database is implemented in the /etc/ppp/pap-secrets file. Machines on both sides of the PPP link must have properly configured PAP credentials in their /etc/ppp/pap-secrets files for successful authentication. The caller (authenticatee) supplies credentials in the user and password columns of the /etc/ppp/pap-secrets file or in the obsolete +ua file. The server (authenticator) validates these credentials against information in /etc/ppp/pap-secrets, through the UNIX passwd database, or in the PAM facility.The /etc/ppp/pap-secrets file has the following syntax.myclient ISP-server mypassword *The parameters have the following meaning.myclientPAP user name of the caller. Often, this name is identical to the caller's UNIX user name, particularly if the dial-in server uses the login option of PAP. ISP-serverName of the remote machine, often a dial-in server. mypasswordCaller's PAP password. *IP address that is associated with the caller. Use an asterisk (*) to indicate any IP address. PAP passwords are sent over the link in the clear, that is, in readable ASCII format. For the caller (authenticatee), the PAP password must be stored in the clear in any of the following locations:In /etc/ppp/pap-secrets In another external file In a named pipe through the pap-secrets @ feature As an option to pppd, either on the command line or in a PPP configuration file Through the +ua file On the server (authenticator), the PAP password can be hidden by doing one of the following:Specifying papcrypt and using passwords that are hashed by crypt(3C) in the pap-secrets file. Specifying the login option to pppd and omitting the password from the pap-secrets file by placing double quotes ("") in the password column. In this instance, authentication is performed through the UNIX passwd database or the pam(3pam) mechanism. PAP authentication occurs in the following sequence.

The following context describes the sequence that is shown in the flow diagram.

The caller (authenticatee) calls the remote peer (authenticator) and provides its PAP user name and password as part of link negotiation. The peer verifies the identity of the caller in its /etc/ppp/pap-secrets file. If the peer uses the login option of PAP, the peer verifies the caller's user name and password in its password database. If authentication is successful, the peer continues link negotiation with the caller. If authentication fails, the link is dropped. (Optional) If the caller authenticates responses from remote peers, the remote peer must send its own PAP credentials to the caller. Thus, the remote peer becomes the authenticatee and the caller the authenticator. (Optional) The original caller reads its own /etc/ppp/pap-secrets to verify the identity of the remote peer.If the original caller does require authentication credentials from the remote peer, Step 1 and Step 4 happen in parallel. If the peer is authenticated, negotiation continues. Otherwise, the link is dropped. Negotiation between caller and peer continues until the link is successfully established. You can add the login option for authenticating PAP credentials to any PPP configuration file. When login is specified, for example, in /etc/ppp/options, pppd verifies that the caller's PAP credentials exist in the Solaris password database. The following shows the format of a /etc/ppp/pap-secrets file with the login option.joe * "" * sally * "" * sue * "" *The parameters have the following meanings.Callerjoe, sally, and sue are the names of the authorized callers. ServerAsterisk (*), which indicates that any server name is valid. The name option is not required in the PPP configuration files. PasswordDouble quotes, which indicate that any password is valid.If a password is in this column, then the password from the peer must match both the PAP password and the UNIX passwd database. IP AddressesAsterisk (*), which indicates that any IP address is allowed. CHAP authentication uses the notion of the challenge and response, which means that the peer (authenticator) challenges the caller (authenticatee) to prove its identity. The challenge includes a random number and a unique ID that is generated by the authenticator. The caller must use the ID, random number, and its CHAP security credentials to generate the proper response (handshake) to send to the peer.CHAP security credentials include a CHAP user name and a CHAP “secret.” The CHAP secret is an arbitrary string that is known to both the caller and the peer before they negotiate a PPP link. You configure CHAP security credentials in the CHAP database, /etc/ppp/chap-secrets. The CHAP database is implemented in the /etc/ppp/chap-secrets file. Machines on both sides of the PPP link must have each others' CHAP credentials in their /etc/ppp/chap-secrets files for successful authentication. Unlike PAP, the shared secret must be in the clear on both peers. You cannot use crypt, PAM, or the PPP login option with CHAP. The /etc/ppp/chap-secrets file has the following syntax.myclient myserver secret5748 *The parameters have the following meanings:myclientCHAP user name of the caller. This name can be the same as or different from the caller's UNIX user name. myserverName of the remote machine, often a dial-in server. secret5748Caller's CHAP secret.Unlike PAP passwords, CHAP secrets are never sent over the link. Rather, CHAP secrets are used when the local machines compute the response. *IP address that is associated with the caller. Use an asterisk (*) to indicate any IP address. CHAP authentication occurs in the following sequence.

The following context describes the sequence that is shown in the flow diagram.

Two peers that are about to initiate communications agree on a secret to be used for authentication during negotiation of a PPP link. The administrators of both machines add the secret, CHAP user names, and other CHAP credentials to the /etc/ppp/chap-secrets database of their respective machines. The caller (authenticatee) calls the remote peer (authenticator). The authenticator generates a random number and an ID, and sends this data to the authenticatee as a challenge. The authenticatee looks up the peer's name and secret in its /etc/ppp/chap-secrets database. The authenticatee calculates a response by applying the MD5 computational algorithm to the secret and the peer's random number challenge. Then the authenticatee sends the results as its response to the authenticator. The authenticator looks up the authenticatee's name and secret in its /etc/ppp/chap-secrets database. The authenticator calculates its own figure by applying MD5 to the number that was generated as the challenge and the secret for the authenticatee in /etc/ppp/chap-secrets. The authenticator compares its results with the response from the caller. If the two numbers are the same, the peer has successfully authenticated the caller, and link negotiation continues. Otherwise the link is dropped. Consider creating one or more IP addresses for all incoming calls instead of assigning a unique IP address to each remote user. Dedicated IP addresses are particularly important if the number of potential callers exceeds the number of serial ports and modems on the dial-in server. You can implement a number of different scenarios, depending on your site's needs. Moreover, the scenarios are not mutually exclusive.Dynamic addressing involves the assignment to each caller of the IP address that is defined in /etc/ppp/options.ttyname. Dynamic addressing occurs on a per-serial port basis. When a call arrives over a serial line, the caller receives the IP address in the /etc/ppp/options.ttyname file for the call's serial interface.For example, suppose a dial-in server has four serial interfaces that provide dial-up service to incoming calls:For serial port term/a, create the file /etc/ppp/options.term.a with the following entry::10.1.1.1 For serial port term/b, create the file /etc/ppp/options.term.b with the following entry::10.1.1.2 For serial port term/c, create the file /etc/ppp/options.term.c with the following entry::10.1.1.3 For serial port term/d, create the file /etc/ppp/options.term.d with the following entry::10.1.1.4 With the previous addressing scheme, an incoming call on serial interface /dev/term/c is given the IP address 10.1.1.3 for the duration of the call. After the first caller hangs up, a later call that comes in over serial interface /dev/term/c is also given the IP address 10.1.1.3.The advantages of dynamic addressing include the following:You can track PPP network usage down to the serial port. You can assign a minimum number of IP addresses for PPP use. You can administer IP filtering in a more simplified fashion. If your site implements PPP authentication, you can assign specific, static IP addresses to individual callers. In this scenario, every time a dial-out machine calls the dial-in server, the caller receives the same IP address. You implement static addresses in either the pap-secrets or chap-secrets database. Here is a example of an /etc/ppp/pap-secrets file that defines static IP addresses.joe myserver joepasswd 10.10.111.240 sally myserver sallypasswd 10.10.111.241 sue myserver suepasswd 10.10.111.242Callerjoe, sally, and sue are the names of the authorized callers. Servermyserver indicates the name of the server. Passwordjoepasswd, sallypasswd, and suepasswd indicate the passwords for each caller. IP Addresses10.10.111.240 and 10.10.111.241 and 10.10.111.242 are the IP addresses assigned to each caller. Here is a example of an /etc/ppp/chap-secrets file that defines static IP addresses.account1 myserver secret5748 10.10.111.244 account2 myserver secret91011 10.10.111.245Calleraccount1 and account2 indicate the names of the callers. Servermyserver indicates the name of the server for each caller. Passwordsecret5748 and secret91011 indicates the CHAP secret for each caller. IP Addresses10.10.111.244 and 10.10.111.245 are the IP addresses for each caller. If you are using either PAP or CHAP authentication, you can assign IP addresses to callers by the sppp unit number. The following shows an example of this usage.myclient ISP-server mypassword 10.10.111.240/28+The plus sign (+) indicates that the unit number is added to the IP address. Note the following: Addresses 10.10.111.240 through 10.10.111.255 are assigned to remote users. sppp0 gets IP address 10.10.111.240. sppp1 gets IP address 10.10.111.241 and so on. By using PPPoE, you can provide PPP over high-speed digital services to multiple clients that are using one or more DSL modems. PPPoE implements these services by creating an Ethernet tunnel through three participants: the enterprise, the telephone company, and the service provider.For an overview and description of how PPPoE works, see PPPoE Overview. For tasks for setting up PPPoE tunnels, see Chapter 20, Setting Up a PPPoE Tunnel (Tasks). This section contains detailed information about PPPoE commands and files, which is summarized in the next table.File or Command Description For Instructions /etc/ppp/pppoe A file that contains characteristics that are applied by default to all tunnels that were set up by PPPoE on the system /etc/ppp/pppoe File /etc/ppp/pppoe.device A file that contains characteristics of a particular interface that is used by PPPoE for a tunnel /etc/ppp/pppoe.device File /etc/ppp/pppoe.if File that lists the Ethernet interface over which runs the tunnel that is set up by PPPoE /etc/ppp/pppoe.if File /usr/sbin/sppptun Command for configuring the Ethernet interfaces that are involved in a PPPoE tunnel /usr/sbin/sppptun Command /usr/lib/inet/pppoed Command and options for using PPPoE to set up a tunnel /usr/lib/inet/pppoed Daemon The interfaces that are used at either end of the PPPoE tunnel must be configured before the tunnel can support PPP communications. Use /usr/sbin/sppptun and /etc/ppp/pppoe.if files for this purpose. You must use these tools to configure Ethernet interfaces on all Solaris PPPoE clients and PPPoE access servers.The /etc/ppp/pppoe.if file lists the names of all Ethernet interfaces on a host to be used for the PPPoE tunnels. This file is processed during system boot when the interfaces that are listed are plumbed for use in PPPoE tunnels.You need to create explicitly /etc/ppp/pppoe.if. Type the name of one interface to be configured for PPPoE on each line.The following example shows an /etc/ppp/pppoe.if file for a server that offers three interfaces for PPPoE tunnels.# cat /etc/ppp/pppoe.if hme1 hme2 hme3PPPoE clients usually have only one interface that is listed in /etc/ppp/pppoe.if. You can use the /usr/sbin/sppptun command to manually plumb and unplumb the Ethernet interfaces to be used for PPPoE tunnels. By contrast, /etc/ppp/pppoe.if is only read when the system boots. These interfaces should correspond to the interfaces that are listed in /etc/ppp/pppoe.if.sppptun plumbs the Ethernet interfaces that are used in PPPoE tunnels in a manner that is similar to the ifconfig command. Unlike ifconfig, you must plumb interfaces twice to support PPPoE because two Ethernet protocol numbers are involved.The basic syntax for sppptun is as follows:# /usr/sbin/sppptun plumb pppoed device-name device-name:pppoed # /usr/sbin/sppptun plumb pppoe device-name device-name:pppoeIn this syntax, device-name is the name of the device to be plumbed for PPPoE.The first time that you issue the sppptun command, the discovery protocol pppoed is plumbed on the interface. The second time that you run sppptun, the session protocol pppoe is plumbed. sppptun prints the name of the interface that was just plumbed. You use this name to unplumb the interface, when necessary.For more information, refer to the sppptun1M man page. The following example shows how to manually plumb an interface for PPPoE by using /usr/sbin/sppptun.# /usr/sbin/sppptun plumb pppoed hme0 hme0:pppoed # /dev/sppptun plumb pppoe hme0 hme0:pppoeThis example shows how to list the interfaces on an access server that was plumbed for PPPoE.# /usr/sbin/sppptun query hme0:pppoe hme0:pppoed hme1:pppoe hme1:pppoed hme2:pppoe hme2:pppoedThis example shows how to unplumb an interface.# sppptun unplumb hme0:pppoed # sppptun unplumb hme0:pppoe A service provider that offers DSL services or support to customers can use an access server that is running Solaris PPPoE. The PPPoE access server and client do function in the traditional client-server relationship. This relationship is similar to the relationship of the dial-out machine and dial-in server on a dial-up link. One PPPoE system initiates communications and one PPPoE system answers. By contrast, the PPP protocol has no notion of the client-server relationship. PPP considers both systems equal peers.The commands and files that set up a PPPoE access server include the following: /usr/sbin/sppptun Command /usr/lib/inet/pppoed Daemon /etc/ppp/pppoe File /etc/ppp/pppoe.device File pppoe.so Shared Object The pppoed daemon accepts broadcasts for services from prospective PPPoE clients. Additionally, pppoed negotiates the server side of the PPPoE tunnel and runs pppd, the PPP daemon, over that tunnel. You configure pppoed services in the /etc/ppp/pppoe and /etc/ppp/pppoe.device files. If /etc/ppp/pppoe exists when the system boots, pppoed runs automatically. You can also explicitly run the pppoed daemon on the command line by typing /usr/lib/inet/pppoed. The /etc/ppp/pppoe file describes the services that are offered by an access server plus options that define how PPP runs over the PPPoE tunnel. You can define services for individual interfaces, or globally, that is, for all interfaces on the access server. The access server sends the information in the /etc/ppp/pppoe file in response to a broadcast from a potential PPPoE client. The following is the basic syntax of /etc/ppp/pppoe:global-options service service-name service-specific-options device interface-name The parameters have the following meanings.global-optionsSets the default options for the /etc/ppp/pppoe file. These options can be any options that are available through pppoed or pppd. For complete lists of options, see the man pages pppoed1M and pppd1M.For example, you must list the Ethernet interfaces that are available for the PPPoE tunnel as part of global options. If you do not define devices in /etc/ppp/pppoe, the services are not offered on any interface.To define devices as a global option, use the following form:device interface <,interface>interface specifies the interface where the service listens for potential PPPoE clients. If more than one interface is associated with the service, separate each name with a comma. service service-nameStarts the definition of the service service-name. service-name is a string that can be any phrase that is appropriate to the services that are provided. service-specific-optionsLists the PPPoE and PPP options specific to this service. device interface-nameSpecifies the interface where the previously listed service is available. For additional options to /etc/ppp/pppoe, refer to the pppoed1M and pppd1M man pages.A typical /etc/ppp/pppoe file might resemble the following.device hme1,hme2,hme3 service internet pppd "name internet-server" service intranet pppd "192.168.1.1:" service debug device hme1 pppd "debug name internet-server" In this file, the following values apply.hme1,hme2,hme3Three interfaces on the access server to be used for PPPoE tunnels. service internetAdvertises a service that is called internet to prospective clients. The provider that offers the service also determines how internet is defined. For example, a provider might interpret internet to mean various IP services, as well as access to the Internet. pppdSets the command-line options that are used when the caller invokes pppd. The option "name internet-server" gives the name of the local machine, the access server, as internet-server. service intranetAdvertises another service that is called intranet to prospective clients. pppd "192.168.1.1:"Sets the command-line options that are used when the caller invokes pppd. When the caller invokes pppd, 192.168.1.1 is set as the IP address for the local machine, the access server. service debugAdvertises a third service, debugging, on the interfaces that are defined for PPPoE. device hme1Restricts debugging to PPPoE tunnels to hme1. pppd "debug name internet-server"Sets the command-line options that are used when the caller invokes pppd, in this instance, PPP debugging on internet-server, the local machine. The /etc/ppp/pppoe.device file describes the services that are offered on one interface of a PPPoE access server. /etc/ppp/pppoe.device also includes options that define how PPP runs over the PPPoE tunnel. /etc/ppp/pppoe.device is an optional file, which operates exactly like the global /etc/ppp/pppoe. However, if /etc/ppp/pppoe.device is defined for an interface, its parameters have precedence for that interface over the global parameters that are defined in /etc/ppp/pppoe.The basic syntax of /etc/ppp/pppoe.device is as follows:service service-name service-specific-options service another-service-name service-specific-options The only difference between this syntax and the syntax of /etc/ppp/pppoe is that you cannot use the device option that is shown in /etc/ppp/pppoe File. pppoe.so is the PPPoE shared object file that must be invoked by PPPoE access servers and clients. This file limits MTU and MRU to 1492, filters packets from the driver, and negotiates the PPPoE tunnel, along with pppoed. On the access server side, pppoe.so is automatically invoked by the pppd daemon. This section contains samples of all files that are used to configure an access server. The access server is multihomed. The server is attached to three subnets: green, orange, and purple. pppoed runs as root on the server, which is the default.PPPoE clients can access the orange and purple networks through interfaces hme0 and hme1. Clients log in to the server by using the standard UNIX login. The server authenticates the clients by using PAP.The green network is not advertised to clients. The only way clients can access green is by directly specifying “green-net” and supplying CHAP authentication credentials. Moreover, only clients joe and mary are allowed to access the green network by using static IP addresses.service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:" service purple-net device hme0,hme1 pppd "require-pap login name purple-server purple-server:" service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcard This sample describes the services that are available from the access server. The first service section describes the services of the orange network.service orange-net device hme0,hme1 pppd "require-pap login name orange-server orange-server:"Clients access the orange network over interfaces hme0 and hme1. The options that are given to the pppd command force the server to require PAP credentials from potential clients. The pppd options also set the server's name to orange-server, as used in the pap-secrets file.The service section for the purple network is identical to the service section of the orange network except for the network and server names.The next section describes the services of the green network:service green-net device hme1 pppd "require-chap name green-server green-server:" nowildcardThis section restricts client access to interface hme1. Options that are given to the pppd command force the server to require CHAP credentials from prospective clients. The pppd options also set the server name to green-server, to be used in the chap-secrets file. The nowildcard option specifies that the existence of the green network is not advertised to clients.For this access server scenario just discussed, you might set up the following /etc/ppp/options file. auth proxyarp nodefaultroute name no-service # don't authenticate otherwise The option name no-service overrides the server name that is normally searched for during PAP or CHAP authentication. The server's default name is the one found by the /usr/bin/hostname command. The name option in the previous example changes the server's name to no-service. The name no-service is not likely to be found in a pap or chap-secrets file. This action prevents a random user from running pppd and overriding the auth and name options that are set in /etc/ppp/options. pppd then fails because no secrets can be found for the client with a server name of no-service.The access server scenario uses the following /etc/hosts file. 172.16.0.1 orange-server 172.17.0.1 purple-server 172.18.0.1 green-server 172.18.0.2 joes-pc 172.18.0.3 marys-pc Here is the /etc/ppp/pap-secrets file that is used for PAP authentication for clients that attempt to access the orange and purple networks.* orange-server "" 172.16.0.2/16+ * purple-server "" 172.17.0.2/16+ Here is the /etc/ppp/chap-secrets file that is used for CHAP authentication. Note that only clients joe and mary are listed in the file. joe green-server "joe's secret" joes-pc mary green-server "mary's secret" marys-pc To run PPP over a DSL modem, a machine must become a PPPoE client. You have to plumb an interface to run PPPoE, and then use the pppoec utility to “discover” the existence of an access server. Thereafter, the client can create the PPPoE tunnel over the DSL modem and run PPP.The PPPoE client relates to the access server in the traditional client-server model. The PPPoE tunnel is not a dial-up link, but the tunnel is configured and operated in much the same manner. The commands and files that set up a PPPoE client include the following:/usr/sbin/sppptun Command /usr/lib/inet/pppoec Utility pppoe.so Shared Object /etc/ppp/peers/peer-name File /etc/ppp/options Configuration File The /usr/lib/inet/pppoec utility is responsible for negotiating the client side of a PPPoE tunnel. pppoec is similar to the Solaris PPP 4.0 chat utility. You do not invoke pppoec directly. Rather, you start /usr/lib/inet/pppoec as an argument to the connect option of pppd. pppoe.so is the PPPoE shared object that must be loaded by PPPoE to provide PPPoE capability to access servers and clients. The pppoe.so shared object limits MTU and MRU to 1492, filters packets from the driver, and handles runtime PPPoE messages.On the client side, pppd loads pppoe.so when the user specifies the plugin pppoe.so option. When you define an access server to be discovered by pppoec, you use options that apply to both pppoec and the pppd daemon. An /etc/ppp/peers/peer-name file for an access server requires the following parameters:sppptun – Name for the serial device that is used by the PPPoE tunnel. plugin pppoe.so – Instructs pppd to load the pppoe.so shared object. connect "/usr/lib/inet/pppoec device" – Starts a connection. connect then invokes the pppoec utility over device, the interface that is plumbed for PPPoE. The remaining parameters in the /etc/ppp/peers/peer-name file should apply to the PPP link on the server. Use the same options that you would for /etc/ppp/peers/peer-name on a dial-out machine. Try to limit the number of options to the minimum you need for the PPP link.The following example is introduced in How to Define a PPPoE Access Server Peer.# cat /etc/ppp/peers/dslserve sppptun plugin pppoe.so connect "/usr/lib/inet/pppoec hme0" noccp noauth user Red password redsecret noipdefault defaultroute This file defines parameters to be used when setting up a PPPoE tunnel and PPP link to access server dslserve. The options that are included are as follows.Option Description sppptun Defines sppptun as the name of the serial device. plugin pppoe.so Instructs pppd to load the pppoe.so shared object. connect "/usr/lib/inet/pppoec hme0" Runs pppoec and designates hme0 as the interface for the PPPoE tunnel and PPP link. noccp Turns off CCP compression on the link.Many ISPs use only proprietary compression algorithms. Turning off the publicly available CCP algorithm saves negotiation time and avoids very occasional interoperability problems. noauth Stops pppd from demanding authentication credentials from the access server. Most ISPs do not provide authentication credentials to customers. user Red Sets the name Red as the user name for the client, which is required for PAP authentication by the access server. password redsecret Defines redsecret as the password to be provided to the access server for PAP authentication. noipdefault Assigns 0.0.0.0 as the initial IP address. defaultroute Tells pppd to install a default IPv4 route after IPCP negotiation. You should include defaultroute in /etc/ppp/peers/peer-name when the link is the system's link to the Internet, which is true for a PPPoE client.