Chapter 9: Internet Connections | Absolute OpenBSD: Unix for the Practical Paranoid

You have a cable.
If you can connect through it,
victory is yours.

In this chapter, we'll discuss the basics of hooking up to the Internet through two very common methods: dial-up and Ethernet. OpenBSD supports other methods of network connections, such as PPP over Ethernet, but these two are by far the most common and the other connection methods use concepts and ideas common to dial-up and Ethernet. If you understand these tools, other connection methods will not be hard.

Dial-up Internet Connections

Many people, and quite a few small businesses, access the Internet via dial-up connections. This is still an easy and inexpensive way to get Internet access. OpenBSD's dial-up network support can handle a wide variety of situations, including dial-on-command, dial-on-demand, and dedicated lines, over a wide variety of protocols.

OpenBSD supports the dial-up methods Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol. PPP is the standard used to connect to the Internet via dial-up almost everywhere, so we'll cover that. It's a fairly simple protocol; the connection has two ends, and anything you push into one end of the connection is sent to the other end. If you need SLIP support, take a look at sliplogin(8). Before you even start trying to configure PPP, be certain that you have all of the necessary information at hand. Your ISP can provide you with each of the following.

Dial-up username
Password
ISP's modem bank phone number

I always recommend checking the phone line before trying to configure PPP. Pick up the phone and, if you don't have a dial tone, get one. If you have a dial tone, dial your ISP's modem pool. You should hear the modem bank answer with a high-pitched squeal. Just confirming that the phone number actually reaches the modem bank can save you some headaches later if your connection doesn't work. More than once I've learned that I needed to add the area code to a dial-up phone number to actually connect, or put a 1 in front of the number, or something.

If you're in an office setting, you should also confirm that you have an analog phone line. Some offices have digital phone systems that are simply not compatible with modems, under any operating system.

Modems

You also need a modem. Many internal modems are actually software modems, also known as Winmodems. These modems do much of the work required for dial-up in proprietary software that is only widely available for the Windows platform. Most internal modems are software modems. Winmodems generally show up in dmesg somewhat like this.

 "Intel 82801CA/CAM Modem" rev 0x01 at pci0 dev 31 function 6 not configured

Note the "not configured" statement. If it's a Winmodem, it will not work with OpenBSD.

OpenBSD only supports hardware modems, which have actual communications chips to handle communications instead of relying on software. All external modems are hardware modems. If your internal modem is a hardware modem, you'll see an entry in /var/run/dmesg.boot identifying it as a modem but without the "not configured" statement. If it's a hardware modem, OpenBSD will almost certainly recognize and configure it automatically at boot. If you have a burning desire for an internal hardware modem, many online vendors sell them, and you can pick them up used at various auction sites.

Configuring PPP

OpenBSD supports two different sorts of Point-to-Point Protocol: user PPP and kernel PPP. Kernel PPP has very low overhead, but not many features. User PPP is much easier to work with, and it has more features but more overhead in the system. We will discuss user PPP.

The user PPP program is extremely configurable. You can set your system up to allow multiple users to dial particular service providers, or to allow incoming calls to access your system, or to provide address translation services. If you're interested in any of that, you want to check ppp(8) for the full details. Most people who are using OpenBSD over a dial-up line either are using it as a workstation or as an Internet access device for a corporate network, so that is where we're going to concentrate our attention. The configuration is identical in both cases.

The /etc/ppp/ppp.conf file is the heart of PPP configuration. While it is possible to explicitly include other files, by default everything is in here. OpenBSD does not include ppp.conf by default, but it does include an /etc/ppp/ppp.conf.sample. This file makes a good place to start. You can create your own ppp.conf from scratch, but it's much easier to use the sample and trim out everything you don't want. Copy it to /etc/ppp/ppp.conf and open it in your favorite text editor.

ppp.conf is divided into sections, by labels. A label is a single word followed by a colon, and it marks the beginning of a section. Sections continue until the next label. As you might guess, any line beginning with a pound sign is a comment.

Default Entry

The "default" entry is a special label that is used to set up basic characteristics of your modem. Every other connection uses the default entry, unless told specifically not to. This allows you to configure your modem's base characteristics once, and use the same configuration to set up dial-up connections from multiple ISPs.

 default:  set log Phase Chat LCP IPCP CCP tun command 1  set device /dev/cua01 2  set speed 115200 3  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\ dATDT\\T TIMEOUT 40 CONNECT" 4

At the beginning, 1 we tell PPP to log events in the listed categories. You can read ppp(8) if you're interested in what all of these mean. For the most part these are generally sensible things to log and will provide most of the debugging information you might need.

Then we tell PPP 2 which serial port is attached to the modem. This is the only line you might realistically have to change to dial up to a modern ISP. Modems always run on a serial port. In this example, the modem is attached to serial port number 2. If your modem is attached to serial 1, you will want to change this line to read:

 set device /dev/cua00

As you should be able to guess, COM3 is /dev/cua02, and so on.

Then we tell PPP what 3 speed the serial port is running at. 115,200 bits per second, or 144 Kbps, is the maximum speed a standard serial port will run at. Your modem might run at only 56 Kbps, but you don't want to slow down your internal system for the modem. Let the modem and phone line throttle your bandwidth, if it's going to. This setting gives you enough speed in PPP to support an external ISDN terminal adapter, if you have one.

The last bit 4 is the connect string. This tells PPP how to handle the modem, what characters to expect when it connects, and various modem commands to connect your modem to a standard Internet dial-up account. Because the default will cover almost any circumstance where you're connecting to the Internet, we're not going to cut it to pieces. Again, you can find pretty full documentation of connect strings in ppp(8).

Connection Configuration

/etc/ppp/ppp.conf.sample includes several sample connections that cover almost any sort of connection, such as UNIX-style logins over PPP (much like a serial terminal), PPP connections with a static IP addresses, and so on. We care about the boring, dynamic IP dial-up shown in the "PAPorCHAPpmdemand" label, which is a good model for an average Internet dial-up.

 PAPorCHAPpmdemand:  set phone 1234567 1  set login 2  set authname MyName 3  set authkey MyKey 4  set timeout 120 5  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 6  add default HISADDR 7  enable dns 8

This configuration uses the settings from the default configuration, such as the modem port, the logging settings, and the connect string. All we have to set here is some basic information specific to this particular connection.

First, we 1 set the phone number you want to call with the "set phone" option. Do not use parenthesis, dashes, or other separators. You can use commas, but they will cause a delay between dialing numbers. (This may be what you want, of course.)

The 2 "set login" statement tells PPP to log in to the system on the other end.

Next, tell the system your 3 dial-up username. In place of the string "MyName," put your username.

Your dial-up password goes in the 4 "set authkey" line. This entry is why /etc/ppp/ppp.conf is readable only by root.

The 5 timeout line tells PPP how many seconds the line should remain idle before disconnecting the connection. If you don't ever want the connection to go down, set the timeout to 0 or invoke PPP as a dedicated line (see "Using PPP").

The long, complicated-looking 6 "set ifaddr" line tells PPP which range of IP addresses you will accept for your connection. (You could use this to specify a static IP address, which we'll look at later). The example given will work with almost any situation where you have a dynamic IP address.

The 7 "add default" entry tells PPP to add a default route pointing to the host on the other end of the PPP connection. You don't need to edit this; it doesn't really matter what IP address lies on the other end of that tunnel, you just want to send your packets there.

Finally, the 8 "enable dns" line tells PPP to update /etc/resolv.conf with the nameservers provided by your ISP's dial-up servers. If you have preferred nameservers listed in /etc/resolv.conf, you don't want to set this!

Example ISP Configuration

So, I'm going to use the example above as a basis for my own dial-up configuration. My ISP is AbsoluteOpenBSD. The modem number is 555-831-9944. My username is "mwlucas" and my password is "5k$l*!trB." My configuration will look like this:

 AbsoluteOpenBSD: 1  set phone 5558319944 2  set login  set authname mwlucas 3  set authkey 5k$l*!trB 4  set timeout 120  set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0  add default HISADDR  enable dns

This looks almost exactly like the example PAPorCHAPpmdemand entry we dissected! Only the 1 label, the 2 phone number, the 3 username, and the 4 password have been changed.

Note

PPP has many more functions, including Network Address Translation, packet filtering, alternate phone numbers, and so on. You can find many examples in /etc/ppp/ppp.conf.sample and ppp(8). We use PF for packet filtering functionality, as discussed in Chapters 17-19.

Running PPP

You need root privileges to use ppp(8). (Regular users can be set up to allow them to use ppp(8), as we'll see later.) Just give the "ppp" command and the name of the connection you want to use.

 # ppp AbsoluteOpenBSD Working in interactive mode Using interface: tun0 ppp ON openbsdtest>

At this point, you're speaking directly to the PPP daemon. You can issue commands, set instructions, and generally boss it around. To tell it to connect to the ISP, enter "dial."

 ppp ON openbsdtest> dial ppp ON openbsdtest>

Although you shouldn't see anything back from the PPP daemon, you should be able to go to another console or terminal window and ping the outside world. You can also use ifconfig(8) to examine your Internet connection interface. tun0 is the first user PPP network interface. If the link is down, it will look like this.

 # ifconfig tun0 tun0: flags=8011<POINTOPOINT,MULTICAST> mtu 1500 #

Once the link comes up, the tun0 interface will show the new IP address of your system, the IP address of the remote side of the connection, and a status of "UP".

 # ifconfig tun0 tun0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1500          inet  1 192.168.1.108 --> 2 192.168.1.250 netmask 0xffffff00 #

The 1 first IP given is your local IP address, and the 2 second is the remote side. You should be able to ping the other side of the network connection: in this case (192.168.1.250).

To disconnect the PPP session, just give the "quit" command.

 PPP ON openbsdtest> quit #

This interactive mode supports many different commands, and allows you to perform all sort of connection customization and debugging, as documented in ppp(8).

Connection Types

While interactive mode provides all sorts of detailed functionality, most people never need any of it. It's nice to have the ability in case something goes wrong, but most people just want to configure a dial-up connection to their ISP and have it Just Work. You can do this by specifying the connection type. We'll discuss the most common types of connection and how they work. (You can find more in ppp(8), but these are overwhelmingly the most commonly used.)

Background Connections

A background connection dials up the Net when you run the "ppp" command, but becomes a background process as soon as the connection is established. This may take a moment; you won't get a command prompt back until your modem has finished dialing the ISP, all protocol details have been negotiated, and your interface and routing are configured. Choose a background connection with the "-background" flag.

 # ppp -background AbsoluteOpenBSD Working in background mode Using interface: tun0 PPP enabled #

This connection will remain open until the other side disconnects or you tell the PPP daemon to disconnect. Unfortunately, there is no simple command to terminate a backgrounded PPP(8) daemon cleanly. You have to send it a HUP (hang up) signal.

 # ps -ax | grep ppp 10137 ??  Is      0:00.01 ppp -background AbsoluteOpenBSD # kill 10137 #

While the "kill" command will return immediately, PPP will need to take a few seconds to actually bid farewell to your ISP and hang up. In a moment or two, however, you should notice the PPP process disappearing.

 # ps -ax | grep ppp #

On-Demand Connections

An on-demand connection waits until you requires network access, then dials your ISP and hooks you up to the Internet. It remains connected until the line has been idle for a certain length of time. You tell ppp(8) to run in on-demand mode with the "-auto" flag.

 # ppp -auto AbsoluteOpenBSD Working in auto mode Using interface: tun0 #

The PPP daemon will wait in the background, idle, until you try to access the Internet. You will notice a delay in accessing the Net while your modem connects and PPP(8) negotiates with the ISP, but it will work. The connection will terminate once no data has been transmitted for a number of seconds equal to the timeout value in the connection description.

When you want to terminate the connection, you need to kill the ppp process as for background connections.

Note

Any outbound packets will cause an on-demand connection to dial out! If you pay for Internet access by the minute, or if you have a per-dial charge, you want to be careful what programs you run. Some will try to connect to the Internet regularly. The /etc/ppp/ppp.conf.sample file contains examples of some filters you can use to prevent dialing out on common "garbage" connection requests.

Permanent Connections

A permanent connection is always on. Because we're talking about connecting over phone lines, we'll assume you want to reconnect if something disconnects the line. This is commonly used for small company Internet access via ISDN, or even via standard dial-up (as is still common in some parts of the world). You can tell ppp to keep the connection up if at all possible with the "-ddial" flag.

 # ppp -ddial AbsoluteOpenBSD Working in ddial mode Using interface: tun0 #

Again, to shut down dedicated-dial PPP you must kill the process.