Very Computer

Hello. I want to make a PPP connection between two sites using call-back
for better security, so that I can only access the remote site from a
set of specified telephone numbers.

Has anybody used any of the FreeBSD packages to do that?

Quote:> Hello. I want to make a PPP connection between two sites using call-back
> for better security, so that I can only access the remote site from a
> set of specified telephone numbers.

> Has anybody used any of the FreeBSD packages to do that?

--

      <http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !

Hi. It's me again :-)

I worked a little bit on this issue (establishing a PPP callback
connection) and this is what I've got. Of course, this is a very simple
and straightforward solution that is enough for me. It should be made
more general, better protected against unexpected errors, etc, but I'm
sending it here so that anyone who is interested can try it right
now. When I get more time, I'll try to make it more generic and document
it in the FAQ or Handbook (if anybody else has done it before :-) ).
By the way, I'm using ijppp. It works this way:

I want to make a PPP callback connection between these two machines, so
that machine A calls machine B, authenticates, and then machine B
returns the call to machine A:

machine A: IP address of PPP interface: 10.0.25.1. Phone: 555-1111.
machine B: IP address of PPP interface: 10.0.26.1. Phone: 555-2222.

In machine A, this is my configuration:

File /etc/ppp/ppp.conf:

====
default:
 set device /dev/modem
 set speed 115200
 disable lqr
 deny lqr

pppcb:
 set ifaddr 10.0.25.1 10.0.26.1
 set timeout 450
 set afilter 0 permit 0/0 0/0
 set ifilter 0 permit 0/0 0/0
 set ofilter 0 permit 0/0 0/0
 set dfilter 1 permit 0/0 0/0
====

PPP account:

_ACCOUNT_NAME_:*:65000:68::/home/ppp:/home/ppp/retrollamada
(Important: I make the PPP user to be in group dialer, as my modem can
only be accessed from that group.)

callback program (/home/ppp/retrollamada):
Comments are in Spanish, but I think it's easy to follow. My modem is
on COM2 (/dev/modem is a soft link to /dev/cuaa1).

/*
 * Programa para hacer retrollamada en un acceso a travs del mdem.
 *
 * Escrito por Javier Martn Rueda, mayo de 1997.
 */

/* Dispositivo del mdem. */
#define DISP_MODEM "/dev/modem"
#define DISP_TTYMODEM "/dev/ttyd1"

/* Nmero de telfono al que hay que devolver la llamada. */
#define TELEFONO "5552222"

/* Comando que hay que ejecutar tras devolver la llamada. */
#define COMANDO execl("/usr/sbin/ppp", "ppp", "-direct", "pppcb", NULL)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#include <libutil.h>
#include <sys/errno.h>

void main(void)
{
  struct termios term_cb, term_orig;
  FILE *modem;
  int fd;

  /*
   * Hacer que el proceso ignore la deteccin de portadora, para evitar
   * que el sistema lo termine automticamente al colgar para devolver
   * la llamada.
   */
  if (tcgetattr(0, &term_orig) == -1) {
        perror("tcgetattr");
        exit(1);
  }
  term_cb = term_orig;
  term_cb.c_cflag |= CLOCAL;
  if (tcsetattr(0, TCSANOW, &term_cb) == -1) {
        perror("tcsetattr");
        exit(1);
  }

  /*
   * Cuelga el mdem, espera unos segundos y devuelve la llamada.
   * Si no logra conectar de nuevo antes de 120 segundos, sale sin ms.
   */
  cfsetospeed(&term_cb, B0);
  if (tcsetattr(0, TCSANOW, &term_cb) == -1) {
        perror("tcsetattr");
        exit(1);
  }
  close(0);
  close(1);
  close(2);
  sleep(5);
  if ((modem = fopen(DISP_MODEM, "r+")) == NULL)
        exit(1);
  fprintf(modem, "AT\r");
  fflush(modem);
  sleep(2);
  fprintf(modem, "AT\r");
  fflush(modem);
  sleep(2);
  fprintf(modem, "ATDT%s\r", TELEFONO);
  fflush(modem);
  fclose(modem);
  signal(SIGALRM, exit);
  alarm(120);
  fd = open(DISP_TTYMODEM, O_RDWR, 0);
  if (fd == -1)
        exit(1);
  if (login_tty(fd) == -1)
        exit(1);
  COMANDO;

Quote:}

-:ALL EXCEPT _ACCOUNT_NAME_:ttyd1

In machine B, this is my configuration:

File /etc/ppp/ppp.conf:

====
default:
 set device /dev/modem
 set speed 115200
 disable lqr
 deny lqr

pppcb:
 set phone 5551111
 set dial "ABORT BUSY ABORT NO\\sDIAL ABORT ERROR TIMEOUT 5 \"\" ATZ0 OK-AT-OK \\dATM0E0Q0DT\\T TIMEOUT 40 CONNECT"
 set login "TIMEOUT 5 login:-\\r-login: _ACCOUNT_NAME_ word: _PASSWORD_ TIMEOUT 60 NO\\sCARRIER \"\" RING ATA"
 set ifaddr 10.0.26.1 10.0.25.1
 set timeout 450
 set afilter 0 permit 0/0 0/0
 set ifilter 0 permit 0/0 0/0
 set ofilter 0 permit 0/0 0/0
 set dfilter 1 permit 0/0 0/0
====

I execute the ppp daemon like this: "ppp -auto pppcb".

As you can see, when ppp attempts to establish a connection, it will
dial machine A, login in the remote ppp account, expect that the call be
dropped, wait for an incoming call, and answer.

On the other hand, when machine A receives a call, it answers and asks
for a login with getty as always. If it is the ppp account, the callback
program is executed, which drops the call, calls back (waiting no more
that 120 seconds for an answer), and when both modems have connected,
executes the ppp daemon in direct mode.

I hope this is more or less clear enough, and that I haven't forgotten
anything.

Hi. It's me again :-)

I worked a little bit on this issue (establishing a PPP callback
connection) and this is what I've got. Of course, this is a very simple
and straightforward solution that is enough for me. It should be made
more general, better protected against unexpected errors, etc, but I'm
sending it here so that anyone who is interested can try it right
now. When I get more time, I'll try to make it more generic and document
it in the FAQ or Handbook (if anybody else has done it before :-) ).
By the way, I'm using ijppp. It works this way:

I want to make a PPP callback connection between these two machines, so
that machine A calls machine B, authenticates, and then machine B
returns the call to machine A:

machine A: IP address of PPP interface: 10.0.25.1. Phone: 555-1111.
machine B: IP address of PPP interface: 10.0.26.1. Phone: 555-2222.

In machine A, this is my configuration:

File /etc/ppp/ppp.conf:

====
default:
 set device /dev/modem
 set speed 115200
 disable lqr
 deny lqr

pppcb:
 set ifaddr 10.0.25.1 10.0.26.1
 set timeout 450
 set afilter 0 permit 0/0 0/0
 set ifilter 0 permit 0/0 0/0
 set ofilter 0 permit 0/0 0/0
 set dfilter 1 permit 0/0 0/0
====

PPP account:

_ACCOUNT_NAME_:*:65000:68::/home/ppp:/home/ppp/retrollamada
(Important: I make the PPP user to be in group dialer, as my modem can
only be accessed from that group.)

callback program (/home/ppp/retrollamada):
Comments are in Spanish, but I think it's easy to follow. My modem is
on COM2 (/dev/modem is a soft link to /dev/cuaa1).

/*
 * Programa para hacer retrollamada en un acceso a travs del mdem.
 *
 * Escrito por Javier Martn Rueda, mayo de 1997.
 */

/* Dispositivo del mdem. */
#define DISP_MODEM "/dev/modem"
#define DISP_TTYMODEM "/dev/ttyd1"

/* Nmero de telfono al que hay que devolver la llamada. */
#define TELEFONO "5552222"

/* Comando que hay que ejecutar tras devolver la llamada. */
#define COMANDO execl("/usr/sbin/ppp", "ppp", "-direct", "pppcb", NULL)

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#include <libutil.h>
#include <sys/errno.h>

void main(void)
{
  struct termios term_cb, term_orig;
  FILE *modem;
  int fd;

  /*
   * Hacer que el proceso ignore la deteccin de portadora, para evitar
   * que el sistema lo termine automticamente al colgar para devolver
   * la llamada.
   */
  if (tcgetattr(0, &term_orig) == -1) {
        perror("tcgetattr");
        exit(1);
  }
  term_cb = term_orig;
  term_cb.c_cflag |= CLOCAL;
  if (tcsetattr(0, TCSANOW, &term_cb) == -1) {
        perror("tcsetattr");
        exit(1);
  }

  /*
   * Cuelga el mdem, espera unos segundos y devuelve la llamada.
   * Si no logra conectar de nuevo antes de 120 segundos, sale sin ms.
   */
  cfsetospeed(&term_cb, B0);
  if (tcsetattr(0, TCSANOW, &term_cb) == -1) {
        perror("tcsetattr");
        exit(1);
  }
  close(0);
  close(1);
  close(2);
  sleep(5);
  if ((modem = fopen(DISP_MODEM, "r+")) == NULL)
        exit(1);
  fprintf(modem, "AT\r");
  fflush(modem);
  sleep(2);
  fprintf(modem, "AT\r");
  fflush(modem);
  sleep(2);
  fprintf(modem, "ATDT%s\r", TELEFONO);
  fflush(modem);
  fclose(modem);
  signal(SIGALRM, exit);
  alarm(120);
  fd = open(DISP_TTYMODEM, O_RDWR, 0);
  if (fd == -1)
        exit(1);
  if (login_tty(fd) == -1)
        exit(1);
  COMANDO;

Quote:}

-:ALL EXCEPT _ACCOUNT_NAME_:ttyd1

In machine B, this is my configuration:

File /etc/ppp/ppp.conf:

====
default:
 set device /dev/modem
 set speed 115200
 disable lqr
 deny lqr

pppcb:
 set phone 5551111
 set dial "ABORT BUSY ABORT NO\\sDIAL ABORT ERROR TIMEOUT 5 \"\" ATZ0 OK-AT-OK \\dATM0E0Q0DT\\T TIMEOUT 40 CONNECT"
 set login "TIMEOUT 5 login:-\\r-login: _ACCOUNT_NAME_ word: _PASSWORD_ TIMEOUT 60 NO\\sCARRIER \"\" RING ATA"
 set ifaddr 10.0.26.1 10.0.25.1
 set timeout 450
 set afilter 0 permit 0/0 0/0
 set ifilter 0 permit 0/0 0/0
 set ofilter 0 permit 0/0 0/0
 set dfilter 1 permit 0/0 0/0
====

I execute the ppp daemon like this: "ppp -auto pppcb".

As you can see, when ppp attempts to establish a connection, it will
dial machine A, login in the remote ppp account, expect that the call be
dropped, wait for an incoming call, and answer.

On the other hand, when machine A receives a call, it answers and asks
for a login with getty as always. If it is the ppp account, the callback
program is executed, which drops the call, calls back (waiting no more
that 120 seconds for an answer), and when both modems have connected,
executes the ppp daemon in direct mode.

I hope this is more or less clear enough, and that I haven't forgotten
anything.