diff --git a/documentation/content/en/books/handbook/ppp-and-slip/_index.adoc b/documentation/content/en/books/handbook/ppp-and-slip/_index.adoc index 36c33900d7..0d058a254b 100644 --- a/documentation/content/en/books/handbook/ppp-and-slip/_index.adoc +++ b/documentation/content/en/books/handbook/ppp-and-slip/_index.adoc @@ -1,827 +1,827 @@ --- title: Chapter 28. PPP part: IV. Network Communication prev: books/handbook/serialcomms next: books/handbook/mail --- [[ppp-and-slip]] = PPP :doctype: book :toc: macro :toclevels: 1 :icons: font :sectnums: :sectnumlevels: 6 :source-highlighter: rouge :experimental: :skip-front-matter: :xrefstyle: basic :relfileprefix: ../ :outfilesuffix: :sectnumoffset: 28 ifeval::["{backend}" == "html5"] :imagesdir: ../../../../images/books/handbook/ppp-and-slip/ endif::[] ifeval::["{backend}" == "pdf"] :imagesdir: ../../../../static/images/books/handbook/ppp-and-slip/ endif::[] ifeval::["{backend}" == "epub3"] :imagesdir: ../../../../static/images/books/handbook/ppp-and-slip/ endif::[] include::shared/authors.adoc[] include::shared/releases.adoc[] include::shared/en/mailing-lists.adoc[] include::shared/en/teams.adoc[] include::shared/en/urls.adoc[] toc::[] [[ppp-and-slip-synopsis]] == Synopsis FreeBSD supports the Point-to-Point (PPP) protocol which can be used to establish a network or Internet connection using a dial-up modem. This chapter describes how to configure modem-based communication services in FreeBSD. After reading this chapter, you will know: * How to configure, use, and troubleshoot a PPP connection. * How to set up PPP over Ethernet (PPPoE). * How to set up PPP over ATM (PPPoA). Before reading this chapter, you should: * Be familiar with basic network terminology. * Understand the basics and purpose of a dial-up connection and PPP. [[userppp]] == Configuring PPP FreeBSD provides built-in support for managing dial-up PPP connections using man:ppp[8]. The default FreeBSD kernel provides support for [.filename]#tun# which is used to interact with a modem hardware. Configuration is performed by editing at least one configuration file, and configuration files containing examples are provided. Finally, `ppp` is used to start and manage connections. In order to use a PPP connection, the following items are needed: * A dial-up account with an Internet Service Provider (ISP). * A dial-up modem. * The dial-up number for the ISP. * The login name and password assigned by the ISP. * The IP address of one or more DNS servers. Normally, the ISP provides these addresses. If it did not, FreeBSD can be configured to use DNS negotiation. If any of the required information is missing, contact the ISP. The following information may be supplied by the ISP, but is not necessary: * The IP address of the default gateway. If this information is unknown, the ISP will automatically provide the correct value during connection setup. When configuring PPP on FreeBSD, this address is referred to as `HISADDR`. * The subnet mask. If the ISP has not provided one, `255.255.255.255` will be used in the man:ppp[8] configuration file. * + If the ISP has assigned a static IP address and hostname, it should be input into the configuration file. Otherwise, this information will be automatically provided during connection setup. The rest of this section demonstrates how to configure FreeBSD for common PPP connection scenarios. The required configuration file is [.filename]#/etc/ppp/ppp.conf# and additional files and examples are available in [.filename]#/usr/shared/examples/ppp/#. [NOTE] ==== Throughout this section, many of the file examples display line numbers. These line numbers have been added to make it easier to follow the discussion and are not meant to be placed in the actual file. When editing a configuration file, proper indentation is important. Lines that end in a `:` start in the first column (beginning of the line) while all other lines should be indented as shown using spaces or tabs. ==== [[userppp-staticIP]] === Basic Configuration In order to configure a PPP connection, first edit [.filename]#/etc/ppp/ppp.conf# with the dial-in information for the ISP. This file is described as follows: [.programlisting] .... 1 default: 2 set log Phase Chat LCP IPCP CCP tun command 3 ident user-ppp VERSION 4 set device /dev/cuau0 5 set speed 115200 6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ 7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 8 set timeout 180 9 enable dns 10 11 provider: 12 set phone "(123) 456 7890" 13 set authname foo 14 set authkey bar 15 set timeout 300 16 set ifaddr x.x.x.x/0 y.y.y.y/0 255.255.255.255 0.0.0.0 17 add default HISADDR .... Line 1::: Identifies the `default` entry. Commands in this entry (lines 2 through 9) are executed automatically when `ppp` is run. Line 2::: Enables verbose logging parameters for testing the connection. Once the configuration is working satisfactorily, this line should be reduced to: + [.programlisting] .... set log phase tun .... Line 3::: Displays the version of man:ppp[8] to the PPP software running on the other side of the connection. Line 4::: Identifies the device to which the modem is connected, where [.filename]#COM1# is [.filename]#/dev/cuau0# and [.filename]#COM2# is [.filename]#/dev/cuau1#. Line 5::: Sets the connection speed. If `115200` does not work on an older modem, try `38400` instead. Lines 6 & 7::: The dial string written as an expect-send syntax. Refer to man:chat[8] for more information. + Note that this command continues onto the next line for readability. Any command in [.filename]#ppp.conf# may do this if the last character on the line is `\`. Line 8::: Sets the idle timeout for the link in seconds. Line 9::: Instructs the peer to confirm the DNS settings. If the local network is running its own DNS server, this line should be commented out, by adding a `#` at the beginning of the line, or removed. Line 10::: A blank line for readability. Blank lines are ignored by man:ppp[8]. Line 11::: Identifies an entry called `provider`. This could be changed to the name of the ISP so that `load _ISP_` can be used to start the connection. Line 12::: Use the phone number for the ISP. Multiple phone numbers may be specified using the colon (`:`) or pipe character (`|`) as a separator. To rotate through the numbers, use a colon. To always attempt to dial the first number first and only use the other numbers if the first number fails, use the pipe character. Always enclose the entire set of phone numbers between quotation marks (`"`) to prevent dialing failures. Lines 13 & 14::: Use the user name and password for the ISP. Line 15::: Sets the default idle timeout in seconds for the connection. In this example, the connection will be closed automatically after 300 seconds of inactivity. To prevent a timeout, set this value to zero. Line 16::: Sets the interface addresses. The values used depend upon whether a static IP address has been obtained from the ISP or if it instead negotiates a dynamic IP address during connection. + If the ISP has allocated a static IP address and default gateway, replace _x.x.x.x_ with the static IP address and replace _y.y.y.y_ with the IP address of the default gateway. If the ISP has only provided a static IP address without a gateway address, replace _y.y.y.y_ with `10.0.0.2/0`. + If the IP address changes whenever a connection is made, change this line to the following value. This tells man:ppp[8] to use the IP Configuration Protocol (IPCP) to negotiate a dynamic IP address: + [.programlisting] .... set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0 .... Line 17::: Keep this line as-is as it adds a default route to the gateway. The `HISADDR` will automatically be replaced with the gateway address specified on line 16. It is important that this line appears after line 16. -Depending upon whether man:ppp[8] is started manually or automatically, a [.filename]#/etc/ppp/ppp.linkup# may also need to be created which contains the following lines. This file is required when running `ppp` in `-auto` mode. This file is used after the connection has been established. At this point, the IP address will have been assigned and it is now be possible to add the routing table entries. When creating this file, make sure that _provider_ matches the value demonstrated in line 11 of [.filename]#ppp.conf#. +Depending upon whether man:ppp[8] is started manually or automatically, a [.filename]#/etc/ppp/ppp.linkup# may also need to be created which contains the following lines. This file is required when running `ppp` in `-auto` mode. This file is used after the connection has been established. At this point, the IP address will have been assigned and it is now possible to add the routing table entries. When creating this file, make sure that _provider_ matches the value demonstrated in line 11 of [.filename]#ppp.conf#. [.programlisting] .... provider: add default HISADDR .... This file is also needed when the default gateway address is "guessed" in a static IP address configuration. In this case, remove line 17 from [.filename]#ppp.conf# and create [.filename]#/etc/ppp/ppp.linkup# with the above two lines. More examples for this file can be found in [.filename]#/usr/shared/examples/ppp/#. By default, `ppp` must be run as `root`. To change this default, add the account of the user who should run `ppp` to the `network` group in [.filename]#/etc/group#. Then, give the user access to one or more entries in [.filename]#/etc/ppp/ppp.conf# with `allow`. For example, to give `fred` and `mary` permission to only the `provider:` entry, add this line to the `provider:` section: [.programlisting] .... allow users fred mary .... To give the specified users access to all entries, put that line in the `default` section instead. === Advanced Configuration It is possible to configure PPP to supply DNS and NetBIOS nameserver addresses on demand. To enable these extensions with PPP version 1.x, the following lines might be added to the relevant section of [.filename]#/etc/ppp/ppp.conf#. [.programlisting] .... enable msext set ns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 .... And for PPP version 2 and above: [.programlisting] .... accept dns set dns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 .... This will tell the clients the primary and secondary name server addresses, and a NetBIOS nameserver host. In version 2 and above, if the `set dns` line is omitted, PPP will use the values found in [.filename]#/etc/resolv.conf#. [[userppp-PAPnCHAP]] ==== PAP and CHAP Authentication Some ISPs set their system up so that the authentication part of the connection is done using either of the PAP or CHAP authentication mechanisms. If this is the case, the ISP will not give a `login:` prompt at connection, but will start talking PPP immediately. PAP is less secure than CHAP, but security is not normally an issue here as passwords, although being sent as plain text with PAP, are being transmitted down a serial line only. There is not much room for crackers to "eavesdrop". The following alterations must be made: [.programlisting] .... 13 set authname MyUserName 14 set authkey MyPassword 15 set login .... Line 13::: This line specifies the PAP/CHAP user name. Insert the correct value for _MyUserName_. Line 14::: This line specifies the PAP/CHAP password. Insert the correct value for _MyPassword_. You may want to add an additional line, such as: + [.programlisting] .... 16 accept PAP .... + or + [.programlisting] .... 16 accept CHAP .... + to make it obvious that this is the intention, but PAP and CHAP are both accepted by default. Line 15::: The ISP will not normally require a login to the server when using PAP or CHAP. Therefore, disable the "set login" string. [[userppp-nat]] ==== Using PPP Network Address Translation Capability PPP has ability to use internal NAT without kernel diverting capabilities. This functionality may be enabled by the following line in [.filename]#/etc/ppp/ppp.conf#: [.programlisting] .... nat enable yes .... Alternatively, NAT may be enabled by command-line option `-nat`. There is also [.filename]#/etc/rc.conf# knob named `ppp_nat`, which is enabled by default. When using this feature, it may be useful to include the following [.filename]#/etc/ppp/ppp.conf# options to enable incoming connections forwarding: [.programlisting] .... nat port tcp 10.0.0.2:ftp ftp nat port tcp 10.0.0.2:http http .... or do not trust the outside at all [.programlisting] .... nat deny_incoming yes .... [[userppp-final]] === Final System Configuration While `ppp` is now configured, some edits still need to be made to [.filename]#/etc/rc.conf#. Working from the top down in this file, make sure the `hostname=` line is set: [.programlisting] .... hostname="foo.example.com" .... If the ISP has supplied a static IP address and name, use this name as the host name. Look for the `network_interfaces` variable. To configure the system to dial the ISP on demand, make sure the [.filename]#tun0# device is added to the list, otherwise remove it. [.programlisting] .... network_interfaces="lo0 tun0" ifconfig_tun0= .... [NOTE] ==== The `ifconfig_tun0` variable should be empty, and a file called [.filename]#/etc/start_if.tun0# should be created. This file should contain the line: [.programlisting] .... ppp -auto mysystem .... This script is executed at network configuration time, starting the ppp daemon in automatic mode. If this machine acts as a gateway, consider including `-alias`. Refer to the manual page for further details. ==== Make sure that the router program is set to `NO` with the following line in [.filename]#/etc/rc.conf#: [.programlisting] .... router_enable="NO" .... It is important that the `routed` daemon is not started, as `routed` tends to delete the default routing table entries created by `ppp`. It is probably a good idea to ensure that the `sendmail_flags` line does not include the `-q` option, otherwise `sendmail` will attempt to do a network lookup every now and then, possibly causing your machine to dial out. You may try: [.programlisting] .... sendmail_flags="-bd" .... The downside is that `sendmail` is forced to re-examine the mail queue whenever the ppp link. To automate this, include `!bg` in [.filename]#ppp.linkup#: [.programlisting] .... 1 provider: 2 delete ALL 3 add 0 0 HISADDR 4 !bg sendmail -bd -q30m .... An alternative is to set up a "dfilter" to block SMTP traffic. Refer to the sample files for further details. === Using `ppp` All that is left is to reboot the machine. After rebooting, either type: [source,bash] .... # ppp .... and then `dial provider` to start the PPP session, or, to configure `ppp` to establish sessions automatically when there is outbound traffic and [.filename]#start_if.tun0# does not exist, type: [source,bash] .... # ppp -auto provider .... It is possible to talk to the `ppp` program while it is running in the background, but only if a suitable diagnostic port has been set up. To do this, add the following line to the configuration: [.programlisting] .... set server /var/run/ppp-tun%d DiagnosticPassword 0177 .... This will tell PPP to listen to the specified UNIX(R) domain socket, asking clients for the specified password before allowing access. The `%d` in the name is replaced with the [.filename]#tun# device number that is in use. Once a socket has been set up, the man:pppctl[8] program may be used in scripts that wish to manipulate the running program. [[userppp-mgetty]] === Configuring Dial-in Services crossref:serialcomms[dialup,“Dial-in Service”] provides a good description on enabling dial-up services using man:getty[8]. An alternative to `getty` is package:comms/mgetty+sendfax[] port), a smarter version of `getty` designed with dial-up lines in mind. The advantages of using `mgetty` is that it actively _talks_ to modems, meaning if port is turned off in [.filename]#/etc/ttys# then the modem will not answer the phone. Later versions of `mgetty` (from 0.99beta onwards) also support the automatic detection of PPP streams, allowing clients scriptless access to the server. Refer to http://mgetty.greenie.net/doc/mgetty_toc.html[http://mgetty.greenie.net/doc/mgetty_toc.html] for more information on `mgetty`. By default the package:comms/mgetty+sendfax[] port comes with the `AUTO_PPP` option enabled allowing `mgetty` to detect the LCP phase of PPP connections and automatically spawn off a ppp shell. However, since the default login/password sequence does not occur it is necessary to authenticate users using either PAP or CHAP. This section assumes the user has successfully compiled, and installed the package:comms/mgetty+sendfax[] port on his system. Ensure that [.filename]#/usr/local/etc/mgetty+sendfax/login.config# has the following: [.programlisting] .... /AutoPPP/ - - /etc/ppp/ppp-pap-dialup .... This tells `mgetty` to run [.filename]#ppp-pap-dialup# for detected PPP connections. Create an executable file called [.filename]#/etc/ppp/ppp-pap-dialup# containing the following: [.programlisting] .... #!/bin/sh exec /usr/sbin/ppp -direct pap$IDENT .... For each dial-up line enabled in [.filename]#/etc/ttys#, create a corresponding entry in [.filename]#/etc/ppp/ppp.conf#. This will happily co-exist with the definitions we created above. [.programlisting] .... pap: enable pap set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 enable proxy .... Each user logging in with this method will need to have a username/password in [.filename]#/etc/ppp/ppp.secret#, or alternatively add the following option to authenticate users via PAP from [.filename]#/etc/passwd#. [.programlisting] .... enable passwdauth .... To assign some users a static IP number, specify the number as the third argument in [.filename]#/etc/ppp/ppp.secret#. See [.filename]#/usr/shared/examples/ppp/ppp.secret.sample# for examples. [[ppp-troubleshoot]] == Troubleshooting PPP Connections This section covers a few issues which may arise when using PPP over a modem connection. Some ISPs present the `ssword` prompt while others present `password`. If the `ppp` script is not written accordingly, the login attempt will fail. The most common way to debug `ppp` connections is by connecting manually as described in this section. === Check the Device Nodes When using a custom kernel, make sure to include the following line in the kernel configuration file: [.programlisting] .... device uart .... The [.filename]#uart# device is already included in the `GENERIC` kernel, so no additional steps are necessary in this case. Just check the `dmesg` output for the modem device with: [source,bash] .... # dmesg | grep uart .... This should display some pertinent output about the [.filename]#uart# devices. These are the COM ports we need. If the modem acts like a standard serial port, it should be listed on [.filename]#uart1#, or [.filename]#COM2#. If so, a kernel rebuild is not required. When matching up, if the modem is on [.filename]#uart1#, the modem device would be [.filename]#/dev/cuau1#. === Connecting Manually Connecting to the Internet by manually controlling `ppp` is quick, easy, and a great way to debug a connection or just get information on how the ISP treats `ppp` client connections. Lets start PPP from the command line. Note that in all of our examples we will use _example_ as the hostname of the machine running PPP. To start `ppp`: [source,bash] .... # ppp .... [source,bash] .... ppp ON example> set device /dev/cuau1 .... This second command sets the modem device to [.filename]#cuau1#. [source,bash] .... ppp ON example> set speed 115200 .... This sets the connection speed to 115,200 kbps. [source,bash] .... ppp ON example> enable dns .... This tells `ppp` to configure the resolver and add the nameserver lines to [.filename]#/etc/resolv.conf#. If `ppp` cannot determine the hostname, it can manually be set later. [source,bash] .... ppp ON example> term .... This switches to "terminal" mode in order to manually control the modem. [.programlisting] .... deflink: Entering terminal mode on /dev/cuau1 type '~h' for help .... [source,bash] .... at OK atdt123456789 .... Use `at` to initialize the modem, then use `atdt` and the number for the ISP to begin the dial in process. [source,bash] .... CONNECT .... Confirmation of the connection, if we are going to have any connection problems, unrelated to hardware, here is where we will attempt to resolve them. [source,bash] .... ISP Login:myusername .... At this prompt, return the prompt with the username that was provided by the ISP. [source,bash] .... ISP Pass:mypassword .... At this prompt, reply with the password that was provided by the ISP. Just like logging into FreeBSD, the password will not echo. [source,bash] .... Shell or PPP:ppp .... Depending on the ISP, this prompt might not appear. If it does, it is asking whether to use a shell on the provider or to start `ppp`. In this example, `ppp` was selected in order to establish an Internet connection. [source,bash] .... Ppp ON example> .... Notice that in this example the first `p` has been capitalized. This shows that we have successfully connected to the ISP. [source,bash] .... Ppp ON example> .... We have successfully authenticated with our ISP and are waiting for the assigned IP address. [source,bash] .... PPP ON example> .... We have made an agreement on an IP address and successfully completed our connection. [source,bash] .... PPP ON example>add default HISADDR .... Here we add our default route, we need to do this before we can talk to the outside world as currently the only established connection is with the peer. If this fails due to existing routes, put a bang character `!` in front of the `add`. Alternatively, set this before making the actual connection and it will negotiate a new route accordingly. -If everything went good we should now have an active connection to the Internet, which could be thrown into the background using kbd:[CTRL+z] If `PPP` returns to `ppp` then the connection has bee lost. This is good to know because it shows the connection status. Capital P's represent a connection to the ISP and lowercase p's show that the connection has been lost. +If everything went good we should now have an active connection to the Internet, which could be thrown into the background using kbd:[CTRL+z]. If `PPP` returns to `ppp` the connection has been lost. This is good to know because it shows the connection status. Capital P's represent a connection to the ISP and lowercase p's show that the connection has been lost. === Debugging If a connection cannot be established, turn hardware flow CTS/RTS to off using `set ctsrts off`. This is mainly the case when connected to some PPP-capable terminal servers, where PPP hangs when it tries to write data to the communication link, and waits for a Clear To Send (CTS) signal which may never come. When using this option, include `set accmap` as it may be required to defeat hardware dependent on passing certain characters from end to end, most of the time XON/XOFF. Refer to man:ppp[8] for more information on this option and how it is used. An older modem may need `set parity even`. Parity is set at none be default, but is used for error checking with a large increase in traffic, on older modems. PPP may not return to the command mode, which is usually a negotiation error where the ISP is waiting for negotiating to begin. At this point, using `~p` will force ppp to start sending the configuration information. If a login prompt never appears, PAP or CHAP authentication is most likely required. To use PAP or CHAP, add the following options to PPP before going into terminal mode: [source,bash] .... ppp ON example> set authname myusername .... Where _myusername_ should be replaced with the username that was assigned by the ISP. [source,bash] .... ppp ON example> set authkey mypassword .... Where _mypassword_ should be replaced with the password that was assigned by the ISP. If a connection is established, but cannot seem to find any domain name, try to man:ping[8] an IP address. If there is 100 percent (100%) packet loss, it is likely that a default route was not assigned. Double check that `add default HISADDR` was set during the connection. If a connection can be made to a remote IP address, it is possible that a resolver address has not been added to [.filename]#/etc/resolv.conf#. This file should look like: [.programlisting] .... domain example.com nameserver x.x.x.x nameserver y.y.y.y .... Where _x.x.x.x_ and _y.y.y.y_ should be replaced with the IP address of the ISP's DNS servers. To configure man:syslog[3] to provide logging for the PPP connection, make sure this line exists in [.filename]#/etc/syslog.conf#: [.programlisting] .... !ppp *.* /var/log/ppp.log .... [[pppoe]] == Using PPP over Ethernet (PPPoE) This section describes how to set up PPP over Ethernet (PPPoE). Here is an example of a working [.filename]#ppp.conf#: [.programlisting] .... default: set log Phase tun command # you can add more detailed logging if you wish set ifaddr 10.0.0.1/0 10.0.0.2/0 name_of_service_provider: set device PPPoE:xl1 # replace xl1 with your Ethernet device set authname YOURLOGINNAME set authkey YOURPASSWORD set dial set login add default HISADDR .... As `root`, run: [source,bash] .... # ppp -ddial name_of_service_provider .... Add the following to [.filename]#/etc/rc.conf#: [.programlisting] .... ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO ppp_profile="name_of_service_provider" .... === Using a PPPoE Service Tag Sometimes it will be necessary to use a service tag to establish the connection. Service tags are used to distinguish between different PPPoE servers attached to a given network. Any required service tag information should be in the documentation provided by the ISP. As a last resort, one could try installing the package:net/rr-pppoe[] package or port. Bear in mind however, this may de-program your modem and render it useless, so think twice before doing it. Simply install the program shipped with the modem. Then, access the menu:System[] menu from the program. The name of the profile should be listed there. It is usually _ISP_. The profile name (service tag) will be used in the PPPoE configuration entry in [.filename]#ppp.conf# as the provider part for `set device`. Refer to man:ppp[8] for full details. It should look like this: [.programlisting] .... set device PPPoE:xl1:ISP .... Do not forget to change _xl1_ to the proper device for the Ethernet card. Do not forget to change _ISP_ to the profile. For additional information, refer to http://renaud.waldura.com/doc/freebsd/pppoe/[Cheaper Broadband with FreeBSD on DSL] by Renaud Waldura. [[ppp-3com]] === PPPoE with a 3Com(R) HomeConnect(TM) ADSL Modem Dual Link This modem does not follow the PPPoE specification defined in http://www.faqs.org/rfcs/rfc2516.html[RFC 2516]. In order to make FreeBSD capable of communicating with this device, a sysctl must be set. This can be done automatically at boot time by updating [.filename]#/etc/sysctl.conf#: [.programlisting] .... net.graph.nonstandard_pppoe=1 .... or can be done immediately with the command: [source,bash] .... # sysctl net.graph.nonstandard_pppoe=1 .... Unfortunately, because this is a system-wide setting, it is not possible to talk to a normal PPPoE client or server and a 3Com(R) HomeConnect(TM) ADSL Modem at the same time. [[pppoa]] == Using PPP over ATM (PPPoA) The following describes how to set up PPP over ATM (PPPoA). PPPoA is a popular choice among European DSL providers. === Using mpd The mpd application can be used to connect to a variety of services, in particular PPTP services. It can be installed using the package:net/mpd5[] package or port. Many ADSL modems require that a PPTP tunnel is created between the modem and computer. Once installed, configure mpd to suit the provider's settings. The port places a set of sample configuration files which are well documented in [.filename]#/usr/local/etc/mpd/#. A complete guide to configure mpd is available in HTML format in [.filename]#/usr/ports/shared/doc/mpd/#. Here is a sample configuration for connecting to an ADSL service with mpd. The configuration is spread over two files, first the [.filename]#mpd.conf#: [NOTE] ==== This example [.filename]#mpd.conf# only works with mpd 4.x. ==== [.programlisting] .... default: load adsl adsl: new -i ng0 adsl adsl set bundle authname username <.> set bundle password password <.> set bundle disable multilink set link no pap acfcomp protocomp set link disable chap set link accept chap set link keep-alive 30 10 set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface route default set iface disable on-demand set iface enable proxy-arp set iface idle 0 open .... <.> The username used to authenticate with your ISP. <.> The password used to authenticate with your ISP. Information about the link, or links, to establish is found in [.filename]#mpd.links#. An example [.filename]#mpd.links# to accompany the above example is given beneath: [.programlisting] .... adsl: set link type pptp set pptp mode active set pptp enable originate outcall set pptp self 10.0.0.1 <.> set pptp peer 10.0.0.138 <.> .... <.> The IP address of FreeBSD computer running mpd. <.> The IP address of the ADSL modem. The Alcatel SpeedTouch(TM) Home defaults to `10.0.0.138`. It is possible to initialize the connection easily by issuing the following command as `root`: [source,bash] .... # mpd -b adsl .... To view the status of the connection: [source,bash] .... % ifconfig ng0 ng0: flags=88d1 mtu 1500 inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff .... Using mpd is the recommended way to connect to an ADSL service with FreeBSD. === Using pptpclient It is also possible to use FreeBSD to connect to other PPPoA services using package:net/pptpclient[]. To use package:net/pptpclient[] to connect to a DSL service, install the port or package, then edit [.filename]#/etc/ppp/ppp.conf#. An example section of [.filename]#ppp.conf# is given below. For further information on [.filename]#ppp.conf# options consult man:ppp[8]. [.programlisting] .... adsl: set log phase chat lcp ipcp ccp tun command set timeout 0 enable dns set authname username <.> set authkey password <.> set ifaddr 0 0 add default HISADDR .... <.> The username for the DSL provider. <.> The password for your account. [WARNING] ==== Since the account's password is added to [.filename]#ppp.conf# in plain text form, make sure nobody can read the contents of this file: [source,bash] .... # chown root:wheel /etc/ppp/ppp.conf # chmod 600 /etc/ppp/ppp.conf .... ==== This will open a tunnel for a PPP session to the DSL router. Ethernet DSL modems have a preconfigured LAN IP address to connect to. In the case of the Alcatel SpeedTouch(TM) Home, this address is `10.0.0.138`. The router's documentation should list the address the device uses. To open the tunnel and start a PPP session: [source,bash] .... # pptp address adsl .... [TIP] ==== If an ampersand ("&") is added to the end of this command, pptp will return the prompt. ==== A [.filename]#tun# virtual tunnel device will be created for interaction between the pptp and ppp processes. Once the prompt is returned, or the pptp process has confirmed a connection, examine the tunnel: [source,bash] .... % ifconfig tun0 tun0: flags=8051 mtu 1500 inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00 Opened by PID 918 .... If the connection fails, check the configuration of the router, which is usually accessible using a web browser. Also, examine the output of `pptp` and the contents of the log file, [.filename]#/var/log/ppp.log# for clues. diff --git a/documentation/content/en/books/handbook/serialcomms/_index.adoc b/documentation/content/en/books/handbook/serialcomms/_index.adoc index 6e5ec52c47..4634572da2 100644 --- a/documentation/content/en/books/handbook/serialcomms/_index.adoc +++ b/documentation/content/en/books/handbook/serialcomms/_index.adoc @@ -1,1008 +1,1008 @@ --- title: Chapter 27. Serial Communications part: Part IV. Network Communication prev: books/handbook/partiv next: books/handbook/ppp-and-slip --- [[serialcomms]] = Serial Communications :doctype: book :toc: macro :toclevels: 1 :icons: font :sectnums: :sectnumlevels: 6 :source-highlighter: rouge :experimental: :skip-front-matter: :xrefstyle: basic :relfileprefix: ../ :outfilesuffix: :sectnumoffset: 27 ifeval::["{backend}" == "html5"] :imagesdir: ../../../../images/books/handbook/serialcomms/ endif::[] ifeval::["{backend}" == "pdf"] :imagesdir: ../../../../static/images/books/handbook/serialcomms/ endif::[] ifeval::["{backend}" == "epub3"] :imagesdir: ../../../../static/images/books/handbook/serialcomms/ endif::[] include::shared/authors.adoc[] include::shared/releases.adoc[] include::shared/en/mailing-lists.adoc[] include::shared/en/teams.adoc[] include::shared/en/urls.adoc[] toc::[] [[serial-synopsis]] == Synopsis UNIX(R) has always had support for serial communications as the very first UNIX(R) machines relied on serial lines for user input and output. Things have changed a lot from the days when the average terminal consisted of a 10-character-per-second serial printer and a keyboard. This chapter covers some of the ways serial communications can be used on FreeBSD. After reading this chapter, you will know: * How to connect terminals to a FreeBSD system. * How to use a modem to dial out to remote hosts. * How to allow remote users to login to a FreeBSD system with a modem. * How to boot a FreeBSD system from a serial console. Before reading this chapter, you should: * Know how to crossref:kernelconfig[kernelconfig, configure and install a custom kernel]. * Understand crossref:basics[basics, FreeBSD permissions and processes]. * Have access to the technical manual for the serial hardware to be used with FreeBSD. [[serial]] == Serial Terminology and Hardware The following terms are often used in serial communications: bps:: Bits per Second (bps) is the rate at which data is transmitted. DTE:: Data Terminal Equipment (DTE) is one of two endpoints in a serial communication. An example would be a computer. DCE:: Data Communications Equipment (DTE) is the other endpoint in a serial communication. Typically, it is a modem or serial terminal. RS-232:: The original standard which defined hardware serial communications. It has since been renamed to TIA-232. When referring to communication data rates, this section does not use the term _baud_. Baud refers to the number of electrical state transitions made in a period of time, while bps is the correct term to use. To connect a serial terminal to a FreeBSD system, a serial port on the computer and the proper cable to connect to the serial device are needed. Users who are already familiar with serial hardware and cabling can safely skip this section. [[term-cables-null]] === Serial Cables and Ports There are several different kinds of serial cables. The two most common types are null-modem cables and standard RS-232 cables. The documentation for the hardware should describe the type of cable required. These two types of cables differ in how the wires are connected to the connector. Each wire represents a signal, with the defined signals summarized in <>. A standard serial cable passes all of the RS-232C signals straight through. For example, the "Transmitted Data" pin on one end of the cable goes to the "Transmitted Data" pin on the other end. This is the type of cable used to connect a modem to the FreeBSD system, and is also appropriate for some terminals. A null-modem cable switches the "Transmitted Data" pin of the connector on one end with the "Received Data" pin on the other end. The connector can be either a DB-25 or a DB-9. A null-modem cable can be constructed using the pin connections summarized in <>, <>, and <>. While the standard calls for a straight-through pin 1 to pin 1 "Protective Ground" line, it is often omitted. Some terminals work using only pins 2, 3, and 7, while others require different configurations. When in doubt, refer to the documentation for the hardware. [[serialcomms-signal-names]] .RS-232C Signal Names [cols="1,1", frame="none", options="header"] |=== <| Acronyms <| Names |RD |Received Data |TD |Transmitted Data |DTR |Data Terminal Ready |DSR |Data Set Ready |DCD |Data Carrier Detect |SG |Signal Ground |RTS |Request to Send |CTS |Clear to Send |=== [[nullmodem-db25]] .DB-25 to DB-25 Null-Modem Cable [cols="1,1,1,1,1", frame="none", options="header"] |=== <| Signal <| Pin # | <| Pin # <| Signal |SG |7 |connects to |7 |SG |TD |2 |connects to |3 |RD |RD |3 |connects to |2 |TD |RTS |4 |connects to |5 |CTS |CTS |5 |connects to |4 |RTS |DTR |20 |connects to |6 |DSR |DTR |20 |connects to |8 |DCD |DSR |6 |connects to |20 |DTR |DCD |8 |connects to |20 |DTR |=== [[nullmodem-db9]] .DB-9 to DB-9 Null-Modem Cable [cols="1,1,1,1,1", frame="none", options="header"] |=== <| Signal <| Pin # | <| Pin # <| Signal |RD |2 |connects to |3 |TD |TD |3 |connects to |2 |RD |DTR |4 |connects to |6 |DSR |DTR |4 |connects to |1 |DCD |SG |5 |connects to |5 |SG |DSR |6 |connects to |4 |DTR |DCD |1 |connects to |4 |DTR |RTS |7 |connects to |8 |CTS |CTS |8 |connects to |7 |RTS |=== [[nullmodem-db9-25]] .DB-9 to DB-25 Null-Modem Cable [cols="1,1,1,1,1", frame="none", options="header"] |=== <| Signal <| Pin # | <| Pin # <| Signal |RD |2 |connects to |2 |TD |TD |3 |connects to |3 |RD |DTR |4 |connects to |6 |DSR |DTR |4 |connects to |8 |DCD |SG |5 |connects to |7 |SG |DSR |6 |connects to |20 |DTR |DCD |1 |connects to |20 |DTR |RTS |7 |connects to |5 |CTS |CTS |8 |connects to |4 |RTS |=== [NOTE] ==== When one pin at one end connects to a pair of pins at the other end, it is usually implemented with one short wire between the pair of pins in their connector and a long wire to the other single pin. ==== Serial ports are the devices through which data is transferred between the FreeBSD host computer and the terminal. Several kinds of serial ports exist. Before purchasing or constructing a cable, make sure it will fit the ports on the terminal and on the FreeBSD system. Most terminals have DB-25 ports. Personal computers may have DB-25 or DB-9 ports. A multiport serial card may have RJ-12 or RJ-45/ ports. See the documentation that accompanied the hardware for specifications on the kind of port or visually verify the type of port. In FreeBSD, each serial port is accessed through an entry in [.filename]#/dev#. There are two different kinds of entries: * Call-in ports are named [.filename]#/dev/ttyuN# where _N_ is the port number, starting from zero. If a terminal is connected to the first serial port ([.filename]#COM1#), use [.filename]#/dev/ttyu0# to refer to the terminal. If the terminal is on the second serial port ([.filename]#COM2#), use [.filename]#/dev/ttyu1#, and so forth. Generally, the call-in port is used for terminals. Call-in ports require that the serial line assert the "Data Carrier Detect" signal to work correctly. * Call-out ports are named [.filename]#/dev/cuauN# on FreeBSD versions 8.X and higher and [.filename]#/dev/cuadN# on FreeBSD versions 7.X and lower. Call-out ports are usually not used for terminals, but are used for modems. The call-out port can be used if the serial cable or the terminal does not support the "Data Carrier Detect" signal. FreeBSD also provides initialization devices ([.filename]#/dev/ttyuN.init# and [.filename]#/dev/cuauN.init# or [.filename]#/dev/cuadN.init#) and locking devices ([.filename]#/dev/ttyuN.lock# and [.filename]#/dev/cuauN.lock# or [.filename]#/dev/cuadN.lock#). The initialization devices are used to initialize communications port parameters each time a port is opened, such as `crtscts` for modems which use `RTS/CTS` signaling for flow control. The locking devices are used to lock flags on ports to prevent users or programs changing certain parameters. Refer to man:termios[4], man:sio[4], and man:stty[1] for information on terminal settings, locking and initializing devices, and setting terminal options, respectively. [[serial-hw-config]] === Serial Port Configuration By default, FreeBSD supports four serial ports which are commonly known as [.filename]#COM1#, [.filename]#COM2#, [.filename]#COM3#, and [.filename]#COM4#. FreeBSD also supports dumb multi-port serial interface cards, such as the BocaBoard 1008 and 2016, as well as more intelligent multi-port cards such as those made by Digiboard. However, the default kernel only looks for the standard [.filename]#COM# ports. To see if the system recognizes the serial ports, look for system boot messages that start with `uart`: [source,bash] .... # grep uart /var/run/dmesg.boot .... If the system does not recognize all of the needed serial ports, additional entries can be added to [.filename]#/boot/device.hints#. This file already contains `hint.uart.0.\*` entries for [.filename]#COM1# and `hint.uart.1.*` entries for [.filename]#COM2#. When adding a port entry for [.filename]#COM3# use `0x3E8`, and for [.filename]#COM4# use `0x2E8`. Common IRQ addresses are `5` for [.filename]#COM3# and `9` for [.filename]#COM4#. To determine the default set of terminal I/O settings used by the port, specify its device name. This example determines the settings for the call-in port on [.filename]#COM2#: [source,bash] .... # stty -a -f /dev/ttyu1 .... System-wide initialization of serial devices is controlled by [.filename]#/etc/rc.d/serial#. This file affects the default settings of serial devices. To change the settings for a device, use `stty`. By default, the changed settings are in effect until the device is closed and when the device is reopened, it goes back to the default set. To permanently change the default set, open and adjust the settings of the initialization device. For example, to turn on `CLOCAL` mode, 8 bit communication, and `XON/XOFF` flow control for [.filename]#ttyu5#, type: [source,bash] .... # stty -f /dev/ttyu5.init clocal cs8 ixon ixoff .... To prevent certain settings from being changed by an application, make adjustments to the locking device. For example, to lock the speed of [.filename]#ttyu5# to 57600 bps, type: [source,bash] .... # stty -f /dev/ttyu5.lock 57600 .... Now, any application that opens [.filename]#ttyu5# and tries to change the speed of the port will be stuck with 57600 bps. [[term]] == Terminals Terminals provide a convenient and low-cost way to access a FreeBSD system when not at the computer's console or on a connected network. This section describes how to use terminals with FreeBSD. The original UNIX(R) systems did not have consoles. Instead, users logged in and ran programs through terminals that were connected to the computer's serial ports. The ability to establish a login session on a serial port still exists in nearly every UNIX(R)-like operating system today, including FreeBSD. By using a terminal attached to an unused serial port, a user can log in and run any text program that can normally be run on the console or in an `xterm` window. Many terminals can be attached to a FreeBSD system. An older spare computer can be used as a terminal wired into a more powerful computer running FreeBSD. This can turn what might otherwise be a single-user computer into a powerful multiple-user system. FreeBSD supports three types of terminals: Dumb terminals:: Dumb terminals are specialized hardware that connect to computers over serial lines. They are called "dumb" because they have only enough computational power to display, send, and receive text. No programs can be run on these devices. Instead, dumb terminals connect to a computer that runs the needed programs. + There are hundreds of kinds of dumb terminals made by many manufacturers, and just about any kind will work with FreeBSD. Some high-end terminals can even display graphics, but only certain software packages can take advantage of these advanced features. + Dumb terminals are popular in work environments where workers do not need access to graphical applications. Computers Acting as Terminals:: Since a dumb terminal has just enough ability to display, send, and receive text, any spare computer can be a dumb terminal. All that is needed is the proper cable and some _terminal emulation_ software to run on the computer. + This configuration can be useful. For example, if one user is busy working at the FreeBSD system's console, another user can do some text-only work at the same time from a less powerful personal computer hooked up as a terminal to the FreeBSD system. + There are at least two utilities in the base-system of FreeBSD that can be used to work through a serial connection: man:cu[1] and man:tip[1]. + For example, to connect from a client system that runs FreeBSD to the serial connection of another system: + [source,bash] .... # cu -l /dev/cuauN .... + Ports are numbered starting from zero. This means that [.filename]#COM1# is [.filename]#/dev/cuau0#. + Additional programs are available through the Ports Collection, such as package:comms/minicom[]. X Terminals:: X terminals are the most sophisticated kind of terminal available. Instead of connecting to a serial port, they usually connect to a network like Ethernet. Instead of being relegated to text-only applications, they can display any Xorg application. + This chapter does not cover the setup, configuration, or use of X terminals. [[term-config]] === Terminal Configuration This section describes how to configure a FreeBSD system to enable a login session on a serial terminal. It assumes that the system recognizes the serial port to which the terminal is connected and that the terminal is connected with the correct cable. In FreeBSD, `init` reads [.filename]#/etc/ttys# and starts a `getty` process on the available terminals. The `getty` process is responsible for reading a login name and starting the `login` program. The ports on the FreeBSD system which allow logins are listed in [.filename]#/etc/ttys#. For example, the first virtual console, [.filename]#ttyv0#, has an entry in this file, allowing logins on the console. This file also contains entries for the other virtual consoles, serial ports, and pseudo-ttys. For a hardwired terminal, the serial port's [.filename]#/dev# entry is listed without the `/dev` part. For example, [.filename]#/dev/ttyv0# is listed as `ttyv0`. The default [.filename]#/etc/ttys# configures support for the first four serial ports, [.filename]#ttyu0# through [.filename]#ttyu3#: [.programlisting] .... ttyu0 "/usr/libexec/getty std.9600" dialup off secure ttyu1 "/usr/libexec/getty std.9600" dialup off secure ttyu2 "/usr/libexec/getty std.9600" dialup off secure ttyu3 "/usr/libexec/getty std.9600" dialup off secure .... When attaching a terminal to one of those ports, modify the default entry to set the required speed and terminal type, to turn the device `on` and, if needed, to change the port's `secure` setting. If the terminal is connected to another port, add an entry for the port. <> configures two terminals in [.filename]#/etc/ttys#. The first entry configures a Wyse-50 connected to [.filename]#COM2#. The second entry configures an old computer running Procomm terminal software emulating a VT-100 terminal. The computer is connected to the sixth serial port on a multi-port serial card. [example] [[ex-etc-ttys]] .Configuring Terminal Entries ==== [.programlisting] .... ttyu1 "/usr/libexec/getty std.38400" wy50 on insecure ttyu5 "/usr/libexec/getty std.19200" vt100 on insecure .... The first field specifies the device name of the serial terminal. The second field tells `getty` to initialize and open the line, set the line speed, prompt for a user name, and then execute the `login` program. The optional _getty type_ configures characteristics on the terminal line, like bps rate and parity. The available getty types are listed in [.filename]#/etc/gettytab#. In almost all cases, the getty types that start with `std` will work for hardwired terminals as these entries ignore parity. There is a `std` entry for each bps rate from 110 to 115200. Refer to man:gettytab[5] for more information.When setting the getty type, make sure to match the communications settings used by the terminal. For this example, the Wyse-50 uses no parity and connects at 38400 bps. The computer uses no parity and connects at 19200 bps. The third field is the type of terminal. For dial-up ports, `unknown` or `dialup` is typically used since users may dial up with practically any type of terminal or software. Since the terminal type does not change for hardwired terminals, a real terminal type from [.filename]#/etc/termcap# can be specified. For this example, the Wyse-50 uses the real terminal type while the computer running Procomm is set to emulate a VT-100. The fourth field specifies if the port should be enabled. To enable logins on this port, this field must be set to `on`. The final field is used to specify whether the port is secure. Marking a port as `secure` means that it is trusted enough to allow `root` to login from that port. Insecure ports do not allow `root` logins. On an insecure port, users must login from unprivileged accounts and then use `su` or a similar mechanism to gain superuser privileges, as described in crossref:basics[users-superuser,“The Superuser Account”]. For security reasons, it is recommended to change this setting to `insecure`. ==== After making any changes to [.filename]#/etc/ttys#, send a SIGHUP (hangup) signal to the `init` process to force it to re-read its configuration file: [source,bash] .... # kill -HUP 1 .... Since `init` is always the first process run on a system, it always has a process ID of `1`. If everything is set up correctly, all cables are in place, and the terminals are powered up, a `getty` process should now be running on each terminal and login prompts should be available on each terminal. [[term-debug]] === Troubleshooting the Connection Even with the most meticulous attention to detail, something could still go wrong while setting up a terminal. Here is a list of common symptoms and some suggested fixes. If no login prompt appears, make sure the terminal is plugged in and powered up. If it is a personal computer acting as a terminal, make sure it is running terminal emulation software on the correct serial port. Make sure the cable is connected firmly to both the terminal and the FreeBSD computer. Make sure it is the right kind of cable. Make sure the terminal and FreeBSD agree on the bps rate and parity settings. For a video display terminal, make sure the contrast and brightness controls are turned up. If it is a printing terminal, make sure paper and ink are in good supply. Use `ps` to make sure that a `getty` process is running and serving the terminal. For example, the following listing shows that a `getty` is running on the second serial port, [.filename]#ttyu1#, and is using the `std.38400` entry in [.filename]#/etc/gettytab#: [source,bash] .... # ps -axww|grep ttyu 22189 d1 Is+ 0:00.03 /usr/libexec/getty std.38400 ttyu1 .... If no `getty` process is running, make sure the port is enabled in [.filename]#/etc/ttys#. Remember to run `kill -HUP 1` after modifying [.filename]#/etc/ttys#. -If the `getty` process is running but the terminal still does not display a login prompt, or if it displays a prompt but will not accept typed input, the terminal or cable may not support hardware handshaking. Try changing the entry in [.filename]#/etc/ttys# from `std.38400` to `3wire.38400`, then run `kill -HUP 1` after modifying [.filename]#/etc/ttys#. The `3wire` entry is similar to `std`, but ignores hardware handshaking. The baud rate may need to be reduced or software flow control enabled when using `3wire` to prevent buffer overflows. +If the `getty` process is running but the terminal still does not display a login prompt, or if it displays a prompt but will not accept typed input, the terminal or cable may not support hardware handshaking. Try changing the entry in [.filename]#/etc/ttys# from `std.38400` to `3wire.38400`, then run `kill -HUP 1` after modifying [.filename]#/etc/ttys#. The `3wire` entry is similar to `std`, but ignores hardware handshaking. The bps may also need to be reduced or software flow control enabled when using `3wire` to prevent buffer overflows. If garbage appears instead of a login prompt, make sure the terminal and FreeBSD agree on the bps rate and parity settings. Check the `getty` processes to make sure the correct _getty_ type is in use. If not, edit [.filename]#/etc/ttys# and run `kill -HUP 1`. If characters appear doubled and the password appears when typed, switch the terminal, or the terminal emulation software, from "half duplex" or "local echo" to "full duplex." [[dialup]] == Dial-in Service Configuring a FreeBSD system for dial-in service is similar to configuring terminals, except that modems are used instead of terminal devices. FreeBSD supports both external and internal modems. External modems are more convenient because they often can be configured via parameters stored in non-volatile RAM and they usually provide lighted indicators that display the state of important RS-232 signals, indicating whether the modem is operating properly. Internal modems usually lack non-volatile RAM, so their configuration may be limited to setting DIP switches. If the internal modem has any signal indicator lights, they are difficult to view when the system's cover is in place. When using an external modem, a proper cable is needed. A standard RS-232C serial cable should suffice. FreeBSD needs the RTS and CTS signals for flow control at speeds above 2400 bps, the CD signal to detect when a call has been answered or the line has been hung up, and the DTR signal to reset the modem after a session is complete. Some cables are wired without all of the needed signals, so if a login session does not go away when the line hangs up, there may be a problem with the cable. Refer to <> for more information about these signals. Like other UNIX(R)-like operating systems, FreeBSD uses the hardware signals to find out when a call has been answered or a line has been hung up and to hangup and reset the modem after a call. FreeBSD avoids sending commands to the modem or watching for status reports from the modem. FreeBSD supports the NS8250, NS16450, NS16550, and NS16550A-based RS-232C (CCITT V.24) communications interfaces. The 8250 and 16450 devices have single-character buffers. The 16550 device provides a 16-character buffer, which allows for better system performance. Bugs in plain 16550 devices prevent the use of the 16-character buffer, so use 16550A devices if possible. As single-character-buffer devices require more work by the operating system than the 16-character-buffer devices, 16550A-based serial interface cards are preferred. If the system has many active serial ports or will have a heavy load, 16550A-based cards are better for low-error-rate communications. The rest of this section demonstrates how to configure a modem to receive incoming connections, how to communicate with the modem, and offers some troubleshooting tips. [[dialup-ttys]] === Modem Configuration As with terminals, `init` spawns a `getty` process for each configured serial port used for dial-in connections. When a user dials the modem's line and the modems connect, the "Carrier Detect" signal is reported by the modem. The kernel notices that the carrier has been detected and instructs `getty` to open the port and display a `login:` prompt at the specified initial line speed. In a typical configuration, if garbage characters are received, usually due to the modem's connection speed being different than the configured speed, `getty` tries adjusting the line speeds until it receives reasonable characters. After the user enters their login name, `getty` executes `login`, which completes the login process by asking for the user's password and then starting the user's shell. There are two schools of thought regarding dial-up modems. One configuration method is to set the modems and systems so that no matter at what speed a remote user dials in, the dial-in RS-232 interface runs at a locked speed. The benefit of this configuration is that the remote user always sees a system login prompt immediately. The downside is that the system does not know what a user's true data rate is, so full-screen programs like Emacs will not adjust their screen-painting methods to make their response better for slower connections. The second method is to configure the RS-232 interface to vary its speed based on the remote user's connection speed. As `getty` does not understand any particular modem's connection speed reporting, it gives a `login:` message at an initial speed and watches the characters that come back in response. If the user sees junk, they should press kbd:[Enter] until they see a recognizable prompt. If the data rates do not match, `getty` sees anything the user types as junk, tries the next speed, and gives the `login:` prompt again. This procedure normally only takes a keystroke or two before the user sees a good prompt. This login sequence does not look as clean as the locked-speed method, but a user on a low-speed connection should receive better interactive response from full-screen programs. When locking a modem's data communications rate at a particular speed, no changes to [.filename]#/etc/gettytab# should be needed. However, for a matching-speed configuration, additional entries may be required in order to define the speeds to use for the modem. This example configures a 14.4 Kbps modem with a top interface speed of 19.2 Kbps using 8-bit, no parity connections. It configures `getty` to start the communications rate for a V.32bis connection at 19.2 Kbps, then cycles through 9600 bps, 2400 bps, 1200 bps, 300 bps, and back to 19.2 Kbps. Communications rate cycling is implemented with the `nx=` (next table) capability. Each line uses a `tc=` (table continuation) entry to pick up the rest of the settings for a particular data rate. [.programlisting] .... # # Additions for a V.32bis Modem # um|V300|High Speed Modem at 300,8-bit:\ :nx=V19200:tc=std.300: un|V1200|High Speed Modem at 1200,8-bit:\ :nx=V300:tc=std.1200: uo|V2400|High Speed Modem at 2400,8-bit:\ :nx=V1200:tc=std.2400: up|V9600|High Speed Modem at 9600,8-bit:\ :nx=V2400:tc=std.9600: uq|V19200|High Speed Modem at 19200,8-bit:\ :nx=V9600:tc=std.19200: .... For a 28.8 Kbps modem, or to take advantage of compression on a 14.4 Kbps modem, use a higher communications rate, as seen in this example: [.programlisting] .... # # Additions for a V.32bis or V.34 Modem # Starting at 57.6 Kbps # vm|VH300|Very High Speed Modem at 300,8-bit:\ :nx=VH57600:tc=std.300: vn|VH1200|Very High Speed Modem at 1200,8-bit:\ :nx=VH300:tc=std.1200: vo|VH2400|Very High Speed Modem at 2400,8-bit:\ :nx=VH1200:tc=std.2400: vp|VH9600|Very High Speed Modem at 9600,8-bit:\ :nx=VH2400:tc=std.9600: vq|VH57600|Very High Speed Modem at 57600,8-bit:\ :nx=VH9600:tc=std.57600: .... For a slow CPU or a heavily loaded system without 16550A-based serial ports, this configuration may produce `sio` "silo" errors at 57.6 Kbps. The configuration of [.filename]#/etc/ttys# is similar to <>, but a different argument is passed to `getty` and `dialup` is used for the terminal type. Replace _xxx_ with the process `init` will run on the device: [.programlisting] .... ttyu0 "/usr/libexec/getty xxx" dialup on .... The `dialup` terminal type can be changed. For example, setting `vt102` as the default terminal type allows users to use VT102 emulation on their remote systems. For a locked-speed configuration, specify the speed with a valid type listed in [.filename]#/etc/gettytab#. This example is for a modem whose port speed is locked at 19.2 Kbps: [.programlisting] .... ttyu0 "/usr/libexec/getty std.19200" dialup on .... In a matching-speed configuration, the entry needs to reference the appropriate beginning "auto-baud" entry in [.filename]#/etc/gettytab#. To continue the example for a matching-speed modem that starts at 19.2 Kbps, use this entry: [.programlisting] .... ttyu0 "/usr/libexec/getty V19200" dialup on .... After editing [.filename]#/etc/ttys#, wait until the modem is properly configured and connected before signaling `init`: [source,bash] .... # kill -HUP 1 .... High-speed modems, like V.32, V.32bis, and V.34 modems, use hardware (`RTS/CTS`) flow control. Use `stty` to set the hardware flow control flag for the modem port. This example sets the `crtscts` flag on [.filename]#COM2#'s dial-in and dial-out initialization devices: [source,bash] .... # stty -f /dev/ttyu1.init crtscts # stty -f /dev/cuau1.init crtscts .... === Troubleshooting This section provides a few tips for troubleshooting a dial-up modem that will not connect to a FreeBSD system. Hook up the modem to the FreeBSD system and boot the system. If the modem has status indication lights, watch to see whether the modem's DTR indicator lights when the `login:` prompt appears on the system's console. If it lights up, that should mean that FreeBSD has started a `getty` process on the appropriate communications port and is waiting for the modem to accept a call. If the DTR indicator does not light, login to the FreeBSD system through the console and type `ps ax` to see if FreeBSD is running a `getty` process on the correct port: [source,bash] .... 114 ?? I 0:00.10 /usr/libexec/getty V19200 ttyu0 .... If the second column contains a `d0` instead of a `??` and the modem has not accepted a call yet, this means that `getty` has completed its open on the communications port. This could indicate a problem with the cabling or a misconfigured modem because `getty` should not be able to open the communications port until the carrier detect signal has been asserted by the modem. If no `getty` processes are waiting to open the port, double-check that the entry for the port is correct in [.filename]#/etc/ttys#. Also, check [.filename]#/var/log/messages# to see if there are any log messages from `init` or `getty`. Next, try dialing into the system. Be sure to use 8 bits, no parity, and 1 stop bit on the remote system. If a prompt does not appear right away, or the prompt shows garbage, try pressing kbd:[Enter] about once per second. If there is still no `login:` prompt, try sending a `BREAK`. When using a high-speed modem, try dialing again after locking the dialing modem's interface speed. If there is still no `login:` prompt, check [.filename]#/etc/gettytab# again and double-check that: * The initial capability name specified in the entry in [.filename]#/etc/ttys# matches the name of a capability in [.filename]#/etc/gettytab#. * Each `nx=` entry matches another [.filename]#gettytab# capability name. * Each `tc=` entry matches another [.filename]#gettytab# capability name. If the modem on the FreeBSD system will not answer, make sure that the modem is configured to answer the phone when DTR is asserted. If the modem seems to be configured correctly, verify that the DTR line is asserted by checking the modem's indicator lights. If it still does not work, try sending an email to the {freebsd-questions} describing the modem and the problem. [[dialout]] == Dial-out Service The following are tips for getting the host to connect over the modem to another computer. This is appropriate for establishing a terminal session with a remote host. This kind of connection can be helpful to get a file on the Internet if there are problems using PPP. If PPP is not working, use the terminal session to FTP the needed file. Then use zmodem to transfer it to the machine. [[hayes-unsupported]] === Using a Stock Hayes Modem A generic Hayes dialer is built into `tip`. Use `at=hayes` in [.filename]#/etc/remote#. The Hayes driver is not smart enough to recognize some of the advanced features of newer modems messages like `BUSY`, `NO DIALTONE`, or `CONNECT 115200`. Turn those messages off when using `tip` with `ATX0&W`. The dial timeout for `tip` is 60 seconds. The modem should use something less, or else `tip` will think there is a communication problem. Try `ATS7=45&W`. [[direct-at]] === Using `AT` Commands Create a "direct" entry in [.filename]#/etc/remote#. For example, if the modem is hooked up to the first serial port, [.filename]#/dev/cuau0#, use the following line: [.programlisting] .... cuau0:dv=/dev/cuau0:br#19200:pa=none .... Use the highest bps rate the modem supports in the `br` capability. Then, type `tip cuau0` to connect to the modem. Or, use `cu` as `root` with the following command: [source,bash] .... # cu -lline -sspeed .... _line_ is the serial port, such as [.filename]#/dev/cuau0#, and _speed_ is the speed, such as `57600`. When finished entering the AT commands, type `~.` to exit. [[gt-failure]] === The `@` Sign Does Not Work The `@` sign in the phone number capability tells `tip` to look in [.filename]#/etc/phones# for a phone number. But, the `@` sign is also a special character in capability files like [.filename]#/etc/remote#, so it needs to be escaped with a backslash: [.programlisting] .... pn=\@ .... [[dial-command-line]] === Dialing from the Command Line Put a "generic" entry in [.filename]#/etc/remote#. For example: [.programlisting] .... tip115200|Dial any phone number at 115200 bps:\ :dv=/dev/cuau0:br#115200:at=hayes:pa=none:du: tip57600|Dial any phone number at 57600 bps:\ :dv=/dev/cuau0:br#57600:at=hayes:pa=none:du: .... This should now work: [source,bash] .... # tip -115200 5551234 .... Users who prefer `cu` over `tip`, can use a generic `cu` entry: [.programlisting] .... cu115200|Use cu to dial any number at 115200bps:\ :dv=/dev/cuau1:br#57600:at=hayes:pa=none:du: .... and type: [source,bash] .... # cu 5551234 -s 115200 .... [[set-bps]] === Setting the bps Rate Put in an entry for `tip1200` or `cu1200`, but go ahead and use whatever bps rate is appropriate with the `br` capability. `tip` thinks a good default is 1200 bps which is why it looks for a `tip1200` entry. 1200 bps does not have to be used, though. [[terminal-server]] === Accessing a Number of Hosts Through a Terminal Server Rather than waiting until connected and typing `CONNECT _host_` each time, use ``tip``'s `cm` capability. For example, these entries in [.filename]#/etc/remote# will let you type `tip pain` or `tip muffin` to connect to the hosts `pain` or `muffin`, and `tip deep13` to connect to the terminal server. [.programlisting] .... pain|pain.deep13.com|Forrester's machine:\ :cm=CONNECT pain\n:tc=deep13: muffin|muffin.deep13.com|Frank's machine:\ :cm=CONNECT muffin\n:tc=deep13: deep13:Gizmonics Institute terminal server:\ :dv=/dev/cuau2:br#38400:at=hayes:du:pa=none:pn=5551234: .... [[tip-multiline]] === Using More Than One Line with `tip` This is often a problem where a university has several modem lines and several thousand students trying to use them. Make an entry in [.filename]#/etc/remote# and use `@` for the `pn` capability: [.programlisting] .... big-university:\ :pn=\@:tc=dialout dialout:\ :dv=/dev/cuau3:br#9600:at=courier:du:pa=none: .... Then, list the phone numbers in [.filename]#/etc/phones#: [.programlisting] .... big-university 5551111 big-university 5551112 big-university 5551113 big-university 5551114 .... `tip` will try each number in the listed order, then give up. To keep retrying, run `tip` in a `while` loop. [[multi-controlp]] === Using the Force Character kbd:[Ctrl+P] is the default "force" character, used to tell `tip` that the next character is literal data. The force character can be set to any other character with the `~s` escape, which means "set a variable." Type `~sforce=_single-char_` followed by a newline. _single-char_ is any single character. If _single-char_ is left out, then the force character is the null character, which is accessed by typing kbd:[Ctrl+2] or kbd:[Ctrl+Space]. A pretty good value for _single-char_ is kbd:[Shift+Ctrl+6], which is only used on some terminal servers. To change the force character, specify the following in [.filename]#~/.tiprc#: [.programlisting] .... force=single-char .... [[uppercase]] === Upper Case Characters This happens when kbd:[Ctrl+A] is pressed, which is ``tip``'s "raise character", specially designed for people with broken caps-lock keys. Use `~s` to set `raisechar` to something reasonable. It can be set to be the same as the force character, if neither feature is used. Here is a sample [.filename]#~/.tiprc# for Emacs users who need to type kbd:[Ctrl+2] and kbd:[Ctrl+A]: [.programlisting] .... force=^^ raisechar=^^ .... The `^^` is kbd:[Shift+Ctrl+6]. [[tip-filetransfer]] === File Transfers with `tip` When talking to another UNIX(R)-like operating system, files can be sent and received using `~p` (put) and `~t` (take). These commands run `cat` and `echo` on the remote system to accept and send files. The syntax is: `~p` local-file [ remote-file ] `~t` remote-file [ local-file ] There is no error checking, so another protocol, like zmodem, should probably be used. [[zmodem-tip]] === Using zmodem with `tip`? To receive files, start the sending program on the remote end. Then, type `~C rz` to begin receiving them locally. To send files, start the receiving program on the remote end. Then, type `~C sz _files_` to send them to the remote system. [[serialconsole-setup]] == Setting Up the Serial Console FreeBSD has the ability to boot a system with a dumb terminal on a serial port as a console. This configuration is useful for system administrators who wish to install FreeBSD on machines that have no keyboard or monitor attached, and developers who want to debug the kernel or device drivers. As described in crossref:boot[boot,The FreeBSD Booting Process], FreeBSD employs a three stage bootstrap. The first two stages are in the boot block code which is stored at the beginning of the FreeBSD slice on the boot disk. The boot block then loads and runs the boot loader as the third stage code. In order to set up booting from a serial console, the boot block code, the boot loader code, and the kernel need to be configured. [[serialconsole-howto-fast]] === Quick Serial Console Configuration This section provides a fast overview of setting up the serial console. This procedure can be used when the dumb terminal is connected to [.filename]#COM1#. [.procedure] .Procedure: Configuring a Serial Console on [.filename]#COM1# . Connect the serial cable to [.filename]#COM1# and the controlling terminal. . To configure boot messages to display on the serial console, issue the following command as the superuser: + [source,bash] .... # echo 'console="comconsole"' >> /boot/loader.conf .... . Edit [.filename]#/etc/ttys# and change `off` to `on` and `dialup` to `vt100` for the [.filename]#ttyu0# entry. Otherwise, a password will not be required to connect via the serial console, resulting in a potential security hole. . Reboot the system to see if the changes took effect. If a different configuration is required, see the next section for a more in-depth configuration explanation. [[serialconsole-howto]] === In-Depth Serial Console Configuration This section provides a more detailed explanation of the steps needed to setup a serial console in FreeBSD. [.procedure] .Procedure: Configuring a Serial Console . Prepare a serial cable. + Use either a null-modem cable or a standard serial cable and a null-modem adapter. See <> for a discussion on serial cables. . Unplug the keyboard. + Many systems probe for the keyboard during the Power-On Self-Test (POST) and will generate an error if the keyboard is not detected. Some machines will refuse to boot until the keyboard is plugged in. + If the computer complains about the error, but boots anyway, no further configuration is needed. + If the computer refuses to boot without a keyboard attached, configure the BIOS so that it ignores this error. Consult the motherboard's manual for details on how to do this. + [TIP] ==== Try setting the keyboard to "Not installed" in the BIOS. This setting tells the BIOS not to probe for a keyboard at power-on so it should not complain if the keyboard is absent. If that option is not present in the BIOS, look for an "Halt on Error" option instead. Setting this to "All but Keyboard" or to "No Errors" will have the same effect. ==== + If the system has a PS/2(R) mouse, unplug it as well. PS/2(R) mice share some hardware with the keyboard and leaving the mouse plugged in can fool the keyboard probe into thinking the keyboard is still there. + [NOTE] ==== While most systems will boot without a keyboard, quite a few will not boot without a graphics adapter. Some systems can be configured to boot with no graphics adapter by changing the "graphics adapter" setting in the BIOS configuration to "Not installed". Other systems do not support this option and will refuse to boot if there is no display hardware in the system. With these machines, leave some kind of graphics card plugged in, even if it is just a junky mono board. A monitor does not need to be attached. ==== . Plug a dumb terminal, an old computer with a modem program, or the serial port on another UNIX(R) box into the serial port. . Add the appropriate `hint.sio.*` entries to [.filename]#/boot/device.hints# for the serial port. Some multi-port cards also require kernel configuration options. Refer to man:sio[4] for the required options and device hints for each supported serial port. . Create [.filename]#boot.config# in the root directory of the `a` partition on the boot drive. + This file instructs the boot block code how to boot the system. In order to activate the serial console, one or more of the following options are needed. When using multiple options, include them all on the same line: + `-h`::: Toggles between the internal and serial consoles. Use this to switch console devices. For instance, to boot from the internal (video) console, use `-h` to direct the boot loader and the kernel to use the serial port as its console device. Alternatively, to boot from the serial port, use `-h` to tell the boot loader and the kernel to use the video display as the console instead. `-D`::: Toggles between the single and dual console configurations. In the single configuration, the console will be either the internal console (video display) or the serial port, depending on the state of `-h`. In the dual console configuration, both the video display and the serial port will become the console at the same time, regardless of the state of `-h`. However, the dual console configuration takes effect only while the boot block is running. Once the boot loader gets control, the console specified by `-h` becomes the only console. `-P`::: Makes the boot block probe the keyboard. If no keyboard is found, the `-D` and `-h` options are automatically set. + [NOTE] ==== Due to space constraints in the current version of the boot blocks, `-P` is capable of detecting extended keyboards only. Keyboards with less than 101 keys and without F11 and F12 keys may not be detected. Keyboards on some laptops may not be properly found because of this limitation. If this is the case, do not use `-P`. ==== + Use either `-P` to select the console automatically or `-h` to activate the serial console. Refer to man:boot[8] and man:boot.config[5] for more details. + The options, except for `-P`, are passed to the boot loader. The boot loader will determine whether the internal video or the serial port should become the console by examining the state of `-h`. This means that if `-D` is specified but `-h` is not specified in [.filename]#/boot.config#, the serial port can be used as the console only during the boot block as the boot loader will use the internal video display as the console. . Boot the machine. + When FreeBSD starts, the boot blocks echo the contents of [.filename]#/boot.config# to the console. For example: + [source,bash] .... /boot.config: -P Keyboard: no .... + The second line appears only if `-P` is in [.filename]#/boot.config# and indicates the presence or absence of the keyboard. These messages go to either the serial or internal console, or both, depending on the option in [.filename]#/boot.config#: + [.informaltable] [cols="1,1", frame="none", options="header"] |=== <| Options <| Message goes to |none |internal console |`-h` |serial console |`-D` |serial and internal consoles |`-Dh` |serial and internal consoles |`-P`, keyboard present |internal console |`-P`, keyboard absent |serial console |=== + After the message, there will be a small pause before the boot blocks continue loading the boot loader and before any further messages are printed to the console. Under normal circumstances, there is no need to interrupt the boot blocks, but one can do so in order to make sure things are set up correctly. + Press any key, other than kbd:[Enter], at the console to interrupt the boot process. The boot blocks will then prompt for further action: + [source,bash] .... >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/boot/loader boot: .... + Verify that the above message appears on either the serial or internal console, or both, according to the options in [.filename]#/boot.config#. If the message appears in the correct console, press kbd:[Enter] to continue the boot process. + If there is no prompt on the serial terminal, something is wrong with the settings. Enter `-h` then kbd:[Enter] or kbd:[Return] to tell the boot block (and then the boot loader and the kernel) to choose the serial port for the console. Once the system is up, go back and check what went wrong. During the third stage of the boot process, one can still switch between the internal console and the serial console by setting appropriate environment variables in the boot loader. See man:loader[8] for more information. [NOTE] ==== This line in [.filename]#/boot/loader.conf# or [.filename]#/boot/loader.conf.local# configures the boot loader and the kernel to send their boot messages to the serial console, regardless of the options in [.filename]#/boot.config#: [.programlisting] .... console="comconsole" .... That line should be the first line of [.filename]#/boot/loader.conf# so that boot messages are displayed on the serial console as early as possible. If that line does not exist, or if it is set to `console="vidconsole"`, the boot loader and the kernel will use whichever console is indicated by `-h` in the boot block. See man:loader.conf[5] for more information. At the moment, the boot loader has no option equivalent to `-P` in the boot block, and there is no provision to automatically select the internal console and the serial console based on the presence of the keyboard. ==== [TIP] ==== While it is not required, it is possible to provide a `login` prompt over the serial line. To configure this, edit the entry for the serial port in [.filename]#/etc/ttys# using the instructions in <>. If the speed of the serial port has been changed, change `std.9600` to match the new setting. ==== === Setting a Faster Serial Port Speed By default, the serial port settings are 9600 baud, 8 bits, no parity, and 1 stop bit. To change the default console speed, use one of the following options: * Edit [.filename]#/etc/make.conf# and set `BOOT_COMCONSOLE_SPEED` to the new console speed. Then, recompile and install the boot blocks and the boot loader: + [source,bash] .... # cd /sys/boot # make clean # make # make install .... + If the serial console is configured in some other way than by booting with `-h`, or if the serial console used by the kernel is different from the one used by the boot blocks, add the following option, with the desired speed, to a custom kernel configuration file and compile a new kernel: + [.programlisting] .... options CONSPEED=19200 .... * Add the `-S__19200__` boot option to [.filename]#/boot.config#, replacing `_19200_` with the speed to use. * Add the following options to [.filename]#/boot/loader.conf#. Replace `_115200_` with the speed to use. + [.programlisting] .... boot_multicons="YES" boot_serial="YES" comconsole_speed="115200" console="comconsole,vidconsole" .... [[serialconsole-ddb]] === Entering the DDB Debugger from the Serial Line To configure the ability to drop into the kernel debugger from the serial console, add the following options to a custom kernel configuration file and compile the kernel using the instructions in crossref:kernelconfig[kernelconfig,Configuring the FreeBSD Kernel]. Note that while this is useful for remote diagnostics, it is also dangerous if a spurious BREAK is generated on the serial port. Refer to man:ddb[4] and man:ddb[8] for more information about the kernel debugger. [.programlisting] .... options BREAK_TO_DEBUGGER options DDB ....