Initial PPP Setup

The key problem in hooking up a PPP link to an ISP is that the ISPs seem to compete with each other as to who can find another obscure way of authenticating users. Thus we have login, PAP, CHAP 05, CHAP80, CHAP80-lanman, CHAP81, and combinations of these. The chief difficulty of connecting to an ISP is discovering which technique is actually being used by the ISP in an orderly way. Since few of them know anything about Linux, and since few of them even understand what technique they actually use, this procedure should allow you to set up without their help, and to understand what the ISP's help means if it is given.

The following has a number of steps to connecting to your ISP. The temptation is to skip steps. This is a bad idea, as it will almost certainly lead to grief. Do each step and you will succeed, and you will also learn something about your system in the process.

These instructions were developed with the 2.0.x versions of the Linux kernels, and also work with the 2.2.x series of kernels. Similarly, they work with versions of pppd at least from version 2.3.3 on (up to 2.4.1 by now). In fact, some of the features below only work with later versions of pppd. I would urge you to upgrade to the latest version. You can get the latest pppd from ftp://ftp.samba.org/pub/ppp. You may be able to get older versions from ftp://linuxcare.com.au/pub/ppp or ftp://cs.anu.edu.au/pub/softw are/ppp/ but these sites are not being updated.

These steps are essentially independent of your ISP. Many ISPs do not know their own systems, and their advice must often be taken with a grain of salt. Thus, the document below shows you how to find out what your ISP wants, independent of what your ISP says he wants. However, you cannot do the first step without your ISP. You must get a user name and a password from your ISP -- which usually means that you must open an account with them and pay money. It is worth asking them to make sure that they tell you exactly what form that user name must take when you sign on. For example, some of them demand that you use your full email address with them as your user name, rather than simply the name itself. Others demand additions to the bare user name. Try to get them to be as specific as possible about exactly what you need to use.

You also need to get the ISP's Domain Name Server (DNS-IP) address. (This is an address in Internet Protocol [IP] format, which is four numbers each less than 256 separated by dots [for example, 137.82.43.58].) Often they will give you more than one. Occasionally an ISP will refuse. In that case, they may supply the DNS dynamically instead. Using PPP version greater than 2.3.7 will allow you still to sign on with them as described below.

Having that information, log on as root, or, after you have logged on as a user, run su and enter your root password at the prompt.

Modem

Make sure that you know which port your modem is on. The two programs at modem-chk.html can help you to determine which port your modem is on. COM1 (serial port 1) is /dev/ttyS0. COM2 is /dev/ttyS1, etc. In the following, I will assume /dev/ttyS1. Change for your situation. It is preferable to use the ttyS ports rather than the cua ports or the modem port. The cua ports will disappear in future releases of Linux, and the /dev/modem port hides what you are actually doing and can lead to conflicts with other programs which use the serial ports.

[Note that if your modem is a winmodem, it will not work as-is under Linux. Some winmodems now have drivers for Linux. See www.linmodems.org--- It is probably a winmodem if it is a PCI modem, less so if it is an ISA and improbable if it is an external modem, and also improbably if it is not a 56-Kbps modem.

If you have the latest kernels with USB support (Kernels 2.2.17 with the USB patches or 2.4.x) you may also be able to use USB modems. (They must comply with the ACM standard.) See the file Documentation/usb/acm.txt included with the Linux source (/usr/src/linux* if included on your system, or here is a copy from kernel 2.2.17). Note that for USB modems, the correct port to use is not the serial port ttyS? series but probably the /dev/usb/acm/? series of ports, where ? is a USB number. I have never used a USB modem, so can provide no guidance on setting them up correctly.

See http://www.o2.net/~gromitkc/winmodem.html for a listing of known winmodems. For some advice on buying modems for Linux, see http://www.math.sunysb.edu/~comech/tools/CheapBox.html#modem]

Message Logging

To figure out what is happening while you are trying to log on to your ISP, you must turn on debugging and log the debug messages to a file. The key programs are pppd, and a program it uses, called chat. We will store those debugging messages in a file called /var/log/ppp. (You can use any file you wish, including /var/log/messages. Some distributions are now installing a directory called /var/log/ppp (for example, the Corel distribution does this). If yours does, you must use a different name, such as /var/log/ppplog. Use that name instead everywhere this document talks about /var/log/ppp.)

To make your system record the debugging information from both these programs, do the following

cp /etc/syslog.conf /etc/syslog.conf.orig

to make sure you have a copy of a good version in case you mess up the next command. If you have trouble, copy back the original version.

Edit /etc/syslog.conf and add the lines

local2.*                                /var/log/ppp
daemon.*                                /var/log/ppp

(Some versions of syslogd (especially SunOS) demand that those be tabs -- not spaces -- between the two parts on each line. Some editors refuse to insert tabs and convert them to spaces. The syslogd shipped with most recent distributions of Linux do not seem to care, but be warned.)

Then, to tell syslogd to actually log the information, do

killall -1 syslogd

The computers on the Internet are referenced by numbers called IP numbers. However, as people are often bad at remembering numbers, names are used instead (such as axion.physics.ubc.ca instead of 142.103.234.16). The name resolver is a program that asks another computer, the nameserver, to translate Internet names to IP numbers which your computer can actually use. Once you are connected, you are able to actually resolve host names, edit /etc/resolv.conf and add a line (or lines) like

nameserver 111.222.333.444

Instead of 111.222.333.444 use the Domain Name Server IP address (DNS-IPaddress) which your ISP gave you. If they gave you two numbers enter another nameserver line with the second address.

It can also be useful to include a line like domain ISP.domain.name where ISP.domain.name is the domain name of your ISP. For example, my /etc/resolv.conf file looks like

domain  physics.ubc.ca
nameserver 137.82.43.9
nameserver 137.82.1.1

[Note: Do NOT put leading zeros on any of those numbers. They will not work. 137.082.43.9 is a different number from 137.82.43.9]

Edit /etc/host.conf and make sure the line

order hosts, bind

is in there. Also check /etc/nsswitch.conf and make sure a line like

hosts:  files dns

is there. (that line may also contain other options like nis, which will do no harm)

Also make sure that all of these files are readable by everyone.

chmod a+r /etc/resolv.conf /etc/host.conf /etc/nsswitch.conf

Your computer passes messages for addresses it does not know to the default route. ppp assumes that there can only be one default route on any system. This is almost always the route to ISP's computer. However, if pppd finds that a default route already exists, it will not set up one to your ISP, causing problems (nothing gets through). In order that you not have any conflicts between the routing across ppp and onto some network you have, run

/sbin/route -n

(or you can also run

/bin/netstat -nr

which does the same thing) while not connected via ppp, and look for a default entry. (First entry in line is 0.0.0.0). This almost certainly should not be there. (Unless you already have a hookup to the internet via an ethernet connection, you do not want such a default route.) Unless you know that your computer has an ethernet connection to other computers already, the only thing there should be a route to 127.0.0.1 or 127.0.0.0 If there is such a default route (line starting with 0.0.0.0), and you want the ppp interface to be your default route, (the usual situation), run

/sbin/route del default

Also find out what was setting that wrong default route, and stop it from doing so. (If you cannot figure out what is doing so, put that line

/sbin/route del default

at the end of whichever of /etc/rc.local or /etc/rc.d/rc.local exists on your system.)

PPPD module support

Now check to see if the module support for ppp is set up properly. Run

/usr/sbin/pppd

You should get a line of garbage which repeats about 10 times and then the command exits. This is good. Skip to the PPPD Options section.

If you get nothing and the command return to the prompt after a few seconds, this is probably OK as well, but try

/usr/sbin/pppd `tty`

Setting up module support

If you did not get that line of garbage, but instead get "permission denied", you are not running as root. Log on as root and try again.

If you get a message saying that your kernel does not support ppp, do not recompile the kernel. This error message is a grab bag error message which the pppd program produces almost anytime something goes wrong. What it almost certainly means in the 2.0.x series of kernels is that you are not running kerneld.

To test if kerneld is running, run the command

ps aux|grep kerneld|grep -v grep

It will produce output if kerneld is running. If kerneld is running (or you have the 2.2.x kernels which use kmod instead) and you get this error message, try doing

insmod slhc
insmod ppp

and try again. ( these load the modules permanently and you may have to put those lines into the file rc.local (/etc/rc.d/rc.local on RedHat and in various places under /etc on other distributions)

(If none of this works, then there are more severe problems that this note cannot solve.)

Assuming that you find that kerneld is not running, then on a Redhat system, run

/etc/rc.d/init.d/kerneld start

or even just

/sbin/kerneld

(which should work on any Linux system).

[ If kerneld was not running, you will need to make sure that it is set to run each time you switch on your system. Unfortunately every distribution has a slightly different way of starting up daemons at bootup. In Redhat, also make sure that there are lines like S01kerneld as links to /etc/rc.d/init.d/kerneld in each of the directories /etc/rc.d/rc1.d to /etc/rc.d/rc5.d in RedHat. On other systems, you may need to put a line like

/sbin/kerneld

into /etc/rc.local, or /etc/rc.d/rc.local, or ....]

One final item, especially for Redhat systems, make sure that your give your machine a name (any single word name you want). You can set it with

hostname <yourhostname>

But you also want to change it permanently. In Redhat/Mandrake, put the line

HOSTNAME=<yourhostname>

into /etc/sysconfig/network. On other systems I am not sure, but you could always put the hostname command at the end of your rc.local file. This is not essential to running ppp, but if you do not do it, you will find yourself unable to run any X application while running ppp.

The 2.4.x series of kernels.

The kernel and module support has changed significantly for the 2.4.x series of Linux kernels, and require a number of additional actions on your part.

First, you must make sure that you are use at least pppd 2.4.0b2.(Do not be confused with the fact that both the kernel numbering and the ppp version numbering are now almost the same. This is just an accident.) The older 2.3.x series of ppp will not work with the new kernel.

Now you must make sure that you have the device /dev/ppp on your system. Do

ls -lga /dev/ppp

which should show that this file is owned by root, and has only read and write permissions for root. If it does not exist, do

mknod /dev/ppp c 108 0
chmod 600 /dev/ppp 

Now, you must also make sure that you have the correct entries in the /etc/modules.conf file. (Note that this file has changed name from conf.modules on the older kernels to modules.conf on the 2.4.x series of kernels.) Enter the lines

alias /dev/ppp          ppp_generic
alias char-major-108    ppp_generic
alias tty-ldisc-3       ppp_async
alias tty-ldisc-14      ppp_synctty

into /etc/modules.conf if they are not already there. At this point the the test above (just running /usr/sbin/pppd) should work and produce garbage.

You have now set up the critical files on your system and you know that you have a an operational pppd. You now need to set up the ppp options so that you can get debugging information when you try to connect, and so that it is minimally usable.

Edit /etc/ppp/options so it contains

lock
crtscts
defaultroute
noauth

[note that if you are in the unlikely situation that you already have a working default route to an Ethernet, omit the defaultroute option. If you are not sure, put that option in.]

[Also other options can be used. In general do not do so unless advised to do so. More harm is done by putting in too many un-understood options than by putting in too few. If you have a local Ethernet, and if your ISP demands that they assign your IP address for the PPP connection, then also use

noipdefault

Bill Unruh works for the Advanced Research Department of the Canadian Institute for Physics and Astronomy.

Return to ONLamp.com.

Copyright © 2009 O'Reilly Media, Inc.