FreeBSD  Release  12.0  Install  Guide



Internet access protocols

In the early 1990's there were 2 protocol standards for accessing the Internet (PPP & SLIP). The SLIP protocol never became accepted by the ISP community and has pretty much fallen by the way side. For all practical purposes it is dead and is only mentioned here as background information. Release 8.0 dropped support for the SLIP protocol. 

The PPP protocol is currently the standard access protocol in use at all ISP's in the USA and most other countries. FBSD has two different built in PPP software solutions. They are ‘kernel PPP’ and ‘user PPP’. Kernel PPP (PPPD) was the original software solution and has been part of FBSD for a very long time. Kernel PPP is well known by its long time users as being very hard to configure and debug during the process to get it to dial and login to your ISP. Back in the 3.x versions ‘kernel PPP’ got a complete rewrite to correct those problems and is now called ‘user PPP’. Release 8.0 dropped support for Kernel PPP. User PPP has become the standard.


User PPP

User PPP is easy to configure using a single configuration file. It is versatile in that it supports modem dial up, ISDN, leased lines, DSL, and certain cable connection methods to the servicing ISP. It has a log that receives a complete record of the connection attempt for easy debugging. It can be configured for calling out to your ISP or for accepting inbound calls to your FBSD box. It also has a callback feature. User PPP is under maintenance and the only PPP service covered here.

In FBSD, user PPP comes as part of the base system. This means you do not have to do anything to activate it besides building its configuration file. When started, user PPP runs as a daemon task. The 'man ppp' manual contains all the details on starting the daemon and ppp.conf configuration statements. It is very, very large. 'man pppctl' contain documentation on the command line control program of the PPP daemon. For other sources of background information see:


User PPP NAT function

NAT stands for network address translation. This function is also sometimes referred to as "IP Aliasing", "Address Masquerading" or "Transparent Proxy". They all mean the same thing. This is necessary when your FBSD system is going to be a gateway for a LAN and all the workstations on the LAN are going to share the public Internet address. In a gateway/LAN environment each workstation must have an IP address to communicate across the LAN to the gateway box. This is accomplished by using private IP addresses that are reserved for that purpose. See the /etc/hosts file for a list of reserved IP address ranges. User PPP NAT translates the private IP address of packets from the LAN workstation to the public IP address to communicate across the public Internet, and when the reply packet returns it get translated from the public IP address to the private IP address of the LAN workstation that originated the packet. Another situation where NAT would be necessary would be when one or more modems are added to the FBSD box to answer incoming calls to share the connection to the Internet through the FBSD gateway system. If the FBSD box is a standalone system with no incoming remote users, or LAN, then user PPP NAT is not necessary at all.


Configuring User PPP for modem dial out to ISP

User PPP has a single configuration file where all the standard functions it is capable of performing must be defined. To be technically correct, user PPP does have some other config files that can be used for very special purposes. They are so seldom used that the fact they even exist is only mentioned here as background information.

The only user PPP config file you need to work with is ppp.conf which lives in the /etc/ppp/ directory. The following ppp.conf statements listed below can be used just as is. It has been tested and works. You can copy and paste them right from this html file.

cd /etc/ppp/               # Move into directory where conf file lives

cp ppp.conf   # Save copy of original

rm ppp.conf                # delete original ppp.conf file

ee ppp.conf                #edit file so it looks just like the following

Add the following statements

Read the embedded comments and do what they say.

######### start of the ppp.conf file ##################
# Note:
# Section header names start in position 1 like default:
# All embedded commands start in position 2.
# The default section is processed every time
# user PPP is started. Everything set here applies
# to all of the following sections.
 set log Phase Chat LCP IPCP CCP tun  # for testing
#set log Phase tun           # use to avoid excessive log sizes
 set speed 115200            # serial port speed for 56K modems
 set timeout 0               # no idle time, will not disconnect
 disable pred1 deflate lqr   # compression features
 deny pred1 deflate lqr      # line quality reporting
 disable ipv6                # turn off ipv6 challenge

# This label is the start of the commands
# for auto logon to ISP provider.

# Ensure that set device statement references
# the correct serial port for your modem.
# (External com1 = cuau0, com2 = cuau1)
# PCI modem com5 = cuau4
# Only needed for dial out device.

 set device /dev/cuau4

# This dial string is needed for ISP's which
# use standard Unix style login.
# Which is most all ISP's.

# Edit the next three lines and replace the values with
# the values which have been assigned by your ISP.

 set phone 7777777     # phone number to call ISP
 set authname XXXXXXX  # your ISP account ID
 set authkey 555555    # your password

 set redial 10 4
# if busy redial 4 times with 10 second pause
# If your ISP assigns you a (dynamic) different IP
# address each time you log in, then use the following
# statement. If your ISP issued you a (static never changes)
# IP address to use every time you log in, then comment
# out the next statement and uncomment the statements
# following it.

# Get dynamic IP address from ISP if that's how they do it.
 set ifaddr

# Use static IP address from ISP if that's how they do it.
# Set static IP address your ISP assigned to you.
# s.s.s.s = your static IP address

# set ifaddr s.s.s.s

 add default HISADDR    # Add Mandatory sticky default route
                        # Gets the ISP's DNS IP address
                        # places them in resolv.conf for
                        # reference by FBSD.

 disable iface-alias    # Stop adding old IP address as alias
                        # when ppp redials because line was
                        # lost. These old IPs showed using
                        # ifconfig -a on tun0.

iface clear             # Remove all previous IP addresses

########## END OF PPP.CONF ##########################


Test User PPP dialisp

You should have already made your changes to the above ppp.conf file for the phone number to dial to call your ISP and your account and password. You are now ready to do a manual test of your user PPP dialisp configuration.

Enter on the command line the following command to call your ISP and login.

ppp -background dialisp

ppp –background means start user PPP immediately, processing the default section of ppp.conf

dialisp means ppp should process the statements in the dialisp section of ppp.conf.

You should hear the normal sounds from your modem as it dials out.


If the connection does not complete successfully you will not get any messages on your screen, you have to look in the ppp.log for the errors.

ee /var/log/ppp.log


No error messages means you connected and logged in successfully. You can still edit the ppp.log file and go to the bottom of the file to see what happened. Each new session appends its log messages to the end of the log file. So to see the current session you have to jump to the bottom of the ppp.log file.

To check out your connection to the Internet, do the following.

Enter ps ax on the command line to see the list of running tasks. You should see an entry that looks just like the command you entered to start user PPP. This means user PPP is running.

On the command line enter a ping command to some known Internet site.

ping -c2

This tests if you can reach the internet. This is a site I know is there, but like everything else it may go away in time.

ping -c2

This test will check out that the DNS servers are functioning correctly.


Check that resolv.conf name server statements have automatically been filled in with the IP addresses of your ISP's DNS servers.

cat /etc/resolv.conf

It should look something like this, but contain your ISP specific info

search   your.isp_domain.ttl

You stop user PPP by killing the task; there is no hang up command.

killall ppp

Issue the following command to see what the connection speed is;

cat /var/log/ppp.log | grep CONNECT

Every time you dial in to your ISP, the log of that session is appended to the end of the ppp.log. The above command will display all the connected speeds in that log, the last one being the current session or the last session.


Enable DialISP at boot time

To setup user PPP to dial your ISP automatically at FBSD boot time, you have to add the following statements to the /etc/rc.conf file. The ddial option means to redial every time the connection to the ISP gets dropped.

ee /etc/rc.conf

# Activate user ppp auto start at boot time
ppp_enable="YES"      # Start User ppp task
ppp_mode="ddial"      # ddial, auto redial, run in background
ppp_profile="dialisp" # section in ppp.conf to exec

To stop a user PPP task started at boot time use this console command
/etc/rc.d/ppp stop

User PPP Filters

User PPP has a packet filtering command set. They can be used to deny or accept selected packets from entering your environment. It also has a divert rule to the NAT function. You add your filter commands at the end of the dialisp section. See man ppp for details and /usr/share/examples/ppp/ for examples. User PPP filter rules are very seldom used, as a firewall is the appropriate and more convenient place to perform that function. The user PPP packet filtering command set is not covered in this Guide for that reason.


Previous Page                                        Next Page         

This FreeBSD Install Guide is an public domain HOW-TO. This content may be reproduced, in any form or by any means, and used by all without permission in writing from the author.