Партнёры:
Хостинг:
NAME
aspppd, aspppls - asynchronous PPP link manager
SYNOPSIS
/usr/sbin/aspppd [ -d debug-level ]
/usr/sbin/aspppls
DESCRIPTION
aspppd is the link manager for the asynchronous data link
protocol specified in RFC1331, The Point-to-Point Protocol
(PPP) for the Transmission of Multi-protocol Datagrams over
Point-to-Point Links. It is a user level daemon that works
in concert with the IP-Dialup driver (ipdcm) and PPP streams
module ( ppp(7M)) to provide IP network services over an
analog modem using dialed voice grade telephone lines. The
link manager automates the process of connecting to a peer
(remote) host when PPP service with that host is required.
The connection process can be initiated either by sending an
IP datagram to a (disconnected) peer host or by receiving a
notification that a peer host desires to establish a con-
nection.
aspppls is the login service that connects the peer host
machine to aspppd. aspppls is invoked by the serial port
monitor when a peer machine logs into a PPP-enabled account.
Its purpose is to cause the link manager to accept the
incoming call.
OPTIONS
-d debug-level
The debug-level is a number between 0 and 9. Higher
numbers give more detailed debugging information. The
output is written to the log file /etc/log/asppp.log.
USAGE
The link manager is invoked at boot time if the configura-
tion file /etc/asppp.cf is present. After parsing the con-
figuration file and building a path object for each peer
host, it sleeps until (1) an IP datagram is routed to one of
the ipd or ipdptp interfaces (see ppp(7M)), or (2) it is
notified by the login service that a peer host is attempting
to make a connection.
In the first case, it consults the UUCP database, dials the
modem, logs into the peer host, establishes the PPP data
link, brings up IP, and forwards the IP datagram that ini-
tiated the process.
In the second case, the link manager opens the file descrip-
tor supplied by the login service, establishes the PPP data
link, and brings up IP.
If the link manager determines that there has been no IP
traffic for the period specified by the inactivity_timeout
keyword, it disconnects the link by bringing down IP and PPP
and closing the connection with the peer host.
The link manager can be reinitialized by sending it the -HUP
signal (with kill(1) for example), which causes it to
disconnect all open PPP links and reread the configuration
file.
Path
A path is an object that contains the state of a connection
with a peer host. Information such as system names, inter-
face names, timeout values, and other attributes are kept in
the path object. There exists a path for each potential
peer host. Paths are defined in the configuration file.
Interfaces
The link manager supports two types of IP layer interfaces;
the point-to-multipoint interface (ipd) and the point-to-
point interface (ipdptp) (see ppp(7M)).
The point-to-multipoint interface logically connects the
host machine to a network containing one or more peer hosts.
IP traffic to or from any of the peer hosts is routed
through the point-to-multipoint interface. When an ipd
interface is configured, only one IP address, that of the
host, is assigned. In other words, it behaves very similarly
to an Ethernet interface, although the broadcast capability
is not supported. This type of interface is well suited for
a dial in PPP server.
The point-to-point interface logically connects the host
machine with one peer host. Only IP traffic to or from the
peer host is routed through this interface. When an ipdptp
interface is configured, two IP addresses are assigned.
This type of interface is well suited to support a remote,
or nomadic, machine.
An interface must be fully configured and enabled (that is,
up) before an IP datagram will be routed to it. It's also
true that a point-to-multipoint interface must be fully con-
figured and enabled before the link manager will associate
an incoming connection with it. It's not necessary, how-
ever, for a point-to-point interface to be configured and
enabled before an incoming connection will be assigned to
it. A point-to-point interface that is "plumbed", but oth-
erwise not configured or enabled (that is, down), can be
used to accept an incoming connection if the path associated
with the potential connection contains a dynamic interface
specification (for example, interface ipdptp*). In this case
the link manager will select a disabled (down) interface,
configure the host and peer addresses, bring it up, and
assign it for the duration of the connection.
Routing
Special attention should paid to routing issues that may
arise if a host has more than one interface configured and
enabled. By definition, a host with more then one enabled
interface is a router, and the routing daemon (typically
in.routed) will advertise the routes provided by the PPP
interfaces. This is normally acceptable behavior for a dial
in server, but can cause network disruptions if not admin-
istered properly.
To prevent routing information packets (RIP) from flowing
over point-to-point interfaces, specify the norip keyword
followed by the interface name in the /etc/gateways file.
These entries, for example, prevent RIP from being sent over
ipdptp0 and ipdptp1:
norip ipdptp0
norip ipdptp1
See in.routed(1M) for further information.
Authentication
The link manager can be configured to support either the
Password Authentication Protocol (PAP) or the Challenge
Handshake Authentication Protocol (CHAP) as specified in
RFC1334. Both protocols can be configured simultaneously,
in which case, CHAP has precedence. A single host may par-
ticipate as an authenticator (the local host requests that
the peer host authenticate itself) or an authenticatee (the
local host has been asked by the peer host to authenticate
itself) or as both. It is also possible for a host to be an
authenticator for one protocol and an authenticatee for the
other protocol.
PAP is a simple protocol similar to a standard
login/password type of authentication. The PAP authentica-
tor sends a message to its peer requesting that the peer
authenticate itself. The peer responds with an authenticate
request packet that contains an id and a password (both in
plaintext). The id and password are matched against a local
copy, and if they match, the connection is established. If
they don't match, the connection is dropped.
CHAP does not pass any plaintext authentication data across
the link. The CHAP authenticator sends a challenge packet
to the peer that contains a random string. The peer then
takes the string in the challenge packet and computes a
response string that is a function of the challenge string
and a shared secret key. The peer then sends a response
packet back to the authenticator. The authenticator com-
putes a string based on the original challenge string and
the shared secret key and matches that result with the
received response. If they match, the connection is esta-
blished. Otherwise the connection is dropped.
Configuration File
The primary purpose of the /etc/asppp.cf configuration file
is to define each path used by the link manager to establish
and maintain communication with a peer system.
The file consists of a sequence of tokens separated by white
space (blanks, tabs, and new lines). There are no record
boundaries or any other constraints on the placement of the
tokens. If a token begins with a pound sign (#), all charac-
ters between the pound sign and the next newline (\n) are
ignored (that is, they are treated as a comment).
Alphanumeric tokens are case insensitive and are translated
by the lexical analyzer into lower case before further pro-
cessing.
A string is a single token that does not contain embedded
white space. The standard ANSI C \ escape sequence may be
used to embed special characters (see an ANSI C manual for a
list of escaped special characters). Use \s for the space
character. If a pound sign appears at the beginning of a
string, it must be escaped (\#) to avoid interpretation as a
comment. A NULL (\0) will truncate the string.
Groups of tokens are assembled into units known as paths
(essentially a human-readable form of the path object). A
path begins with the keyword path and ends at the token
found before any subsequent path (or defaults) keyword or at
the last token in the file. The tokens comprising a path are
further partitioned into small groups consisting mostly of
keyword/value pairs that define the attributes of the
current path. If a particular keyword/value pair is not
listed for a path, the default value is assumed.
The token sequences that begin with the substrings ipcp_ or
lcp_ refer to PPP initial configuration options as specified
in RFC1332, The PPP Internet Protocol Control Protocol
(IPCP). See the RFC for a more complete definition of these
options.
The following is an alphabetic list of the token sequences
that can be contained in a configuration file. Required
sequences are noted.
Keywords
chap_name string
One or more octets representing the identification of
this host. The name should not be NUL or CR/LF ter-
minated. The name is sent to the authenticator in a
response packet. Place this key/value pair in the
authenticatee's configuration file.
chap_peer_secret string
One or more octets, preferably at least sixteen, that
contain the secret key that is used with the challenge
value to generate the string to match with the
response received from the peer. Place this
key/value pair in the authenticator's configuration
file.
chap_peer_name string
One or more octets representing the identification of
the peer transmitting the packet. The name should not
be NUL or CR/LF terminated. The name is received from
the peer in a response packet. Place this key/value
pair in the authenticator's configuration file.
chap_secret string
One or more octets, preferably at least sixteen, that
contain the secret key that is used with the received
challenge value to generate the response sent to the
authenticator. Place this key/value pair in the
authenticatee's configuration file.
debug_level number
number is between 0 and 9. Higher numbers give more
detailed debugging information as shown in the table
below. The output is written to the
/etc/log/asppp.log file. The value set by the
debug_level keyword overrides the -d command line
option.
level meaning
__________________________________________________________
0 errors only
1 minimal information
4 some uucp chat-script info
5 all uucp chat-script info
7 maximum uucp info
8 PPP message traces
9 Raw IP packets
defaults
Indicates that all following token sequences up the
next path keyword, or the end of file, set default
attributes that affect subsequently defined paths.
default_route
When the IP layer corresponding to the current path is
fully operational, add the peer IP address to the
route table as the default destination. The route is
removed when the IP layer is brought down. Note: the
default_route keyword is only installed by point-to-
point interfaces.
ifconfig parameters
(Required) The ifconfig keyword and associated parame-
ters are passed to the shell for evaluation and execu-
tion. It's used to define an interface. See the
ifconfig(1M) man page for more information.
inactivity_timeout seconds
seconds is the maximum number of seconds that the con-
nection associated with the current path can remain
idle before it is terminated. 0 may be specified to
indicate no timeout. The default is 120 seconds.
interface ( ipdn | ipdptpn | ipdptp* )
(Required) Associates a specific point-to-multipoint
or point-to-point interface as denoted by the non-
negative integer n with the current path. The third
form, ipdptp*, indicates that the interface associated
with the path is a dynamic interface that will be
selected at connect time from a pool of previously
configured, inactive (down) point-to-point interfaces.
ipcp_async_map hex-number
Specifies the async control character map for the
current path. The hex-number is the natural (that is,
big endian) form representation of the four octets
that comprise the map. The default value is ffffffff.
ipcp_compression ( vj | off )
Indicates whether IP compression is enabled or not. If
enabled (vj), the Van Jacobson compression algorithm
is used. The default is compression (vj).
lcp_compression ( on | off )
Indicates whether PPP address, control, and protocol
field compression is enabled or not. If enabled, both
the address and control field compression and the pro-
tocol field compression options are set. The default
is compression (on).
lcp_mru number
number specifies a desired maximum receive unit packet
size in octets. The default is 1500.
negotiate_address ( on | off )
Indicates whether or not local IP address assignment
is obtained through negotiation and assigned dynami-
cally. If enabled, the local address will be obtained
from the remote end of the PPP link. If so obtained,
any local address other than 0.0.0.0 can be used to
initially configure the interface. The default is to
not negotiate (off).
pap_id string
One or more octets that represent the name of the host
which will be sent to the authenticator. To indicate a
zero length string, do not include the keyword. Place
this key/value pair in the authenticatee's configura-
tion file.
pap_password string
One or more octets that indicate the password for this
host which will be sent to the authenticator.
To indicate a zero length string, do not include the
keyword. Place this key/value pair in the
authenticatee's configuration file.
pap_peer_id string
One or more octets that indicate the name of the peer
to be authenticated. To indicate a zero length
string, do not include the keyword. Place this
key/value pair in the authenticator's configuration
file.
pap_peer_password string
One or more octets that indicate the password to be
used for authentication. To indicate a zero length
string, do not include the keyword. Place this
key/value pair in the authenticator's configuration
file.
path (Required) Indicates that all following token
sequences are to be grouped together as attributes of
this (current) path. The collection of attributes
comprising the current path are terminated by the
occurrence of a subsequent path or defaults keyword
or by the end of file.
peer_ip_address IP-address
(Required for point-to-multipoint paths) Associates
the IP-address with the current path. The value is
ignored if the path specifies a point-to-point inter-
face. The IP-address may be in "dotted decimal", hex-
adecimal, or symbolic (that is, hostname) format.
peer_system_name name
(Required) Associates the peer system name with the
current path. The name is used to look up modem and
peer specific information for outbound connections in
the UUCP /etc/uucp/Systems file. For incoming connec-
tions, the appropriate path is determined by matching
name with the login name that was used to obtain the
connection (that is, an entry in the /etc/passwd file
specifies name in the username field).
require_authentication ( off | pap [chap] | chap [pap] )
Indicates that the local host is the authenticator,
and that the peer is required to authenticate itself.
If either pap or chap is present, the peer must parti-
cipate in the authentication protocol or the connec-
tion will be terminated. If both pap and chap are
present, then the local host will try to negotiate
chap, and if that fails, the connection will be ter-
minated. The local host will not try to negotiate
pap. The default does not require authentication (
off).
If pap is required, then the pap_peer_id and
pap_peer_password keywords and values should be speci-
fied for the associated path. If they are not speci-
fied, the corresponding values are set to the null
string. If chap is required then the chap_peer_name
and chap_peer_secret keywords and values must be
specified for the associated path.
version n
Specifies that the contents of the configuration file
correspond to format version n. If this keyword is
present, it must be the first keyword in the file. If
absent, the version is assumed to be 1. This document
contains the definition of the version 1 format for
the configuration file.
will_do_authentication ( off | pap [chap] | chap [pap] )
Indicates that the local host is a potential authenti-
catee and is willing to participate in the specified
authentication protocol. If both pap and chap are
present then the local host is willing to participate
in either authentication protocol. The default does
not participate in authentication (off).
If pap is available, then the pap_id and
pap_password keywords and values should be specified
for the associated path. If they are not specified,
the corresponding values are set to the null string.
If chap is available then the chap_name and
chap_secret keywords and values must be specified for
the associated path.
EXAMPLES
Example 1: Remote Machine
In this example, the remote machine is most likely a nomadic
or home machine with a single modem.
#
# Dial in to two servers
#
ifconfig ipdptp0 plumb nomad1 dialin1 private up
path
interface ipdptp0
peer_system_name Pdialin1
will_do_authentication pap
pap_id nomad1
pap_password secret
ifconfig ipdptp1 plumb nomad1 dialin2 private up
path
interface ipdptp1
peer_system_name Pdialin2
lcp_mru 1006
Example 2: Dial In Server supporting a point-to-multipoint
interface
This example shows a dial in server supporting a point-to-
multipoint interface. There may be several modems attached
to this server. The network addressed by the ipd interface
will be advertised by the router, and all traffic destined
for that network will be routed through this host. For that
reason, it is not wise to support multiple dial in servers
with point-to-multipoint interfaces to the same network.
#
# A point-to-multipoint dial in server
#
ifconfig ipd0 plumb dialin1 netmask + up
defaults
interface ipd0
inactivity_timeout 900 # 15 minutes
require_authentication chap pap
chap_peer_name nomads
path
peer_system_name Pnomad1
chap_peer_secret abcd
pap_peer_id nomad1
pap_peer_password secret
peer_ip_address nomad1
path
peer_system_name Pnomad2
chap_peer_secret a\sspace
peer_ip_address nomad2
path
peer_system_name Pnomad3
inactivity_timeout 0 # No timeout for this host
chap_peer_secret \#123;.
peer_ip_address nomad3
path
peer_system_name Pnomad4
chap_peer_secret My\sSecret#Word
peer_ip_address nomad4
Example 3: Dynamic point to-point dial in server
This is another dial in server that supports dynamic point-
to-point interfaces. Usually the server has one modem for
each interface. One advantage of using dynamic interfaces
is that (host) routes will only be advertised when an inter-
face is up. Therefore, multiple dial in servers can be sup-
ported.
#
# A dynamic point-to-point dial in server
#
ifconfig ipdptp0 plumb dialin2 client1 down
ifconfig ipdptp1 plumb dialin2 client2 down
ifconfig ipdptp2 plumb dialin2 client3 down
defaults
interface ipdptp*
inactivity_timeout 900
debug_level 5
path
peer_system_name Pnomad1
path
peer_system_name Pnomad2
path
peer_system_name Pnomad3
path
peer_system_name Pnomad4
FILES
/etc/asppp.cf
configuration file
/etc/log/asppp.log
message log file
/etc/uucp/Devices
/etc/uucp/Dialers
/etc/uucp/Sysfiles
/etc/uucp/Systems
/tmp/.asppp.fifo
communication path between aspppd and aspppls
/usr/sbin/aspppd
link manager
/usr/sbin/aspppls
login service
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWapppu |
|_____________________________|_____________________________|
SEE ALSO
kill(1), ifconfig(1M), in.routed(1M), attributes(5), ppp(7M)
TCP/IP and Data Communications Administration Guide
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |