撥入伺服器： ISDN－藍色情懷

撥入伺服器： ISDN

本文會解釋在 Linux 上撥入伺服器的設定，讓您可以透過 ISDN 專線的 b-channel 撥入存取 Linux 電腦。

內容：

1. 簡介

我們不會透過終端機登入，只有 (本地) 網頁伺服器的存取權。

所用的協定是 PPP (點對點協定Point-to-Point-Protocol)，認證方法為 PAP (密碼認證協定 Password Authentication Protocol) 或 CHAP (密碼握手認證協定 Cryptographic Handshake Authentification Protocol)。

基於保安理由，撥接者無需在電腦上有個人帳戶，但在示範的設定中，不論撥接者在 Linux 電腦上是否有使用者帳戶也不是問題。
以下所述的設定基於 SuSE 6.3 發行本，在其他系統上的設定也應該相類似，可能只需要更改幾個路徑而已。

2. 所需硬件和軟件

您必須有支援 Linux 的 ISDN port 和 ISDN 卡 /ISDN 數據機。

假設 Linux 電腦對 PPP 的支援已編譯至核心或編譯為模組，如果還沒有 PPP，就要切換至 shell，打man pppd 指令看看 PPP-HOWTO。

我們亦假設 ISDN 硬件已正確安裝，即是您可以透過 isdnctrl dial ippp0 與 ISP 建立連線。否則就要看一看ISDN-HOWTO。
看完了嗎？好﹐我們這就開始。

3. 設定
建立net-Device

首先要在 /etc/rc.config 建立 NETDEV，並分配一個IP 位址，已建立的裝置在該行結尾會被標示出來。由於我們使用 "ippp0" 和 "ippp1"連結至互聯網供應商，因此就將 "ippp2" 設定為新的 NETDEV，如果"ippp0" 和"ippp1"還沒使用，您是可以使用的。

SuSE 的 YAST 亦支援建立 NETDEV，但如果您手動建立，就要清楚知道自己在做甚麼。

設定檔可如下所示：

Part of the /etc/rc.config

 # Comments are started with a # and are ignored 
 # Blank space is ignored
 # Network configuration:
 # Number of network devices; here the devices 0 to 3 are defined
 #
 NETCONFIG="_0 _1 _2 _3"
 #  
 # IP addresses of the corresponding devices
 # 
 IPADDR_0="192.168.0.1"     # this is our network card
 IPADDR_1="192.168.0.99"    # IP for NETDEV 1
 IPADDR_2="192.168.0.98"    # IP for NETDEV 2
 IPADDR_3="192.168.0.97" # The new NETDEV IP
 # 
 # Names of the NETDEVs:
 # 
 NETDEV_0="eth0"	   # eth0 = network card

 NETDEV_1="ippp0"	   # not interesting, call to our ISP
 NETDEV_2="ippp1"	   # not interesting, call to our ISP
 NETDEV_3="ippp2"	   # The new NETDEV has to be named ippp2
 #  
 # Parameters for ifconfig (more information with "man ifconfig")
 # 
 IFCONFIG_0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0 up"# not interesting
 IFCONFIG_1="192.168.0.99 dynamic  pointopoint 192.168.0.1 up"            # not interesting
 IFCONFIG_2="192.168.0.98 dynamic  pointopoint 192.168.0.1 up"		 # not interesting
 IFCONFIG_3="192.168.0.97 pointopoint 192.168.0.1 metric 1"		 # the new NETDEV

更改這檔案後，需要執行 "SuSEconfig" 讓改變生效。

現在我們在 i4l 引入新的設定，ISDN4Linux 的設定檔在 (SuSE)：
/etc/rc.config.d/i4l_default.rc.config
/etc/rc.config.d/i4l_option.rc.config

其他發行本也將這檔案放在 /etc/rc.config，在「預設」的檔案中，所有一般的東西已設定好，而"option" 檔案為每個裝置作詳細的設定。

/etc/rc.config.d/i4l_default.rc.config檔案應如下所示：

Part of the /etc/rc.config.d/i4l_default.rc.config

 # Comments start with a #
 # start ISDN4LINUX? (yes/no) 
 I4L_START="yes"
 # In Germany 1TR6 is still in use somewhere but Euro-ISDN is
 # used in general.
 # D-channel protocol 1=1TR6, 2=EDSS1(Euro-ISDN) for HiSax
 I4L_PROTOCOL="2"
 # 
 # Options are: "auto", "off" or "manual". 
 # off: does not make any connections neither in nor out
 # manual: User establishes connection, e.g. via "isdnctrl dial ippp0"
 # auto: connects automatically if required
 # More information in the documentation of i4l ;-)
 I4L_DIALMODE_0="auto"		# for other devices
 I4L_DIALMODE_1="auto"		# for other devices
 I4L_DIALMODE_2="auto"		# for other devices
 I4L_DIALMODE_3="auto"	# THE NEW NETDEV

現在i4l_option.rc.config 檔案應如下：

Part of the /etc/rc.config.d/i4l_default.rc.config

 # IDLE-time before it hang up, in seconds:
 # 
 I4L_IDLETIME_0="60"
 I4L_IDLETIME_1="120"
 I4L_IDLETIME_2="120"
 I4L_IDLETIME_3="60"
 # 
 # Max number of dials before give up. Not important for NETDEV 3!
 I4L_DIALMAX_0="5"
 I4L_DIALMAX_1="5"
 I4L_DIALMAX_2="5"
 I4L_DIALMAX_3="5"
 # 
 # The MSN or EAZ. For i4l these are the same (in principle).
 # It would be important if you owned a "telephone center" or not.
 # I have on. It assigns to an external calling number an internal 
 # number. If you do not have on: just enter the number the NETDEV
 # has to react on.
 # You have to change this!
 I4L_LOCALMSN_0=""
 I4L_LOCALMSN_1="123456"
 I4L_LOCALMSN_2="123456"
 I4L_LOCALMSN_3="18"
 # 
 # Which number has to be called by dial-out connections?
 # Out NETDEV has to be a dial-in device, so do not enter anything.
 I4L_REMOTE_OUT_0=""
 I4L_REMOTE_OUT_1="myProvider 1"
 I4L_REMOTE_OUT_2="myProvider 2"
 I4L_REMOTE_OUT_3=""
 # 
 # Which numbers are allowed to dial-in?
 # Due checking the access with PAP/CHAP we leave this free. There will
 # be enough security problems at other places. ;-)))
 I4L_REMOTE_IN_0=""
 I4L_REMOTE_IN_1=""
 I4L_REMOTE_IN_2=""
 I4L_REMOTE_IN_3=""
 # 
 # Protocol ? Synchronous PPP or ... ? -> i4l Documentation ! 
 I4L_ENCAP_0="syncppp"
 I4L_ENCAP_1="syncppp"
 I4L_ENCAP_2="syncppp"
 I4L_ENCAP_3="syncppp"
 # 
 # Options:
 # "on" : just the specified numbers are allowed to call in
 # "off" : all numbers can call in
 I4L_SECURE_0="off"
 I4L_SECURE_1="off"
 I4L_SECURE_2="off"
 I4L_SECURE_3="off"

現在我們要為NETDEV ippp2 寫一個設定檔。由 Klaus Franken (kfr@suse.de) 編寫的檔案已包含在 SuSE 發行本內，是以下設定的基礎：
這些檔案在 YAST 的 i4l 安裝中，因此請不要向他發放垃圾電郵。在本地支援資料庫中有詳細解釋設定，這些都是 YAST有的﹗

ISDN 裝置的檔案在 /etc/ppp/，您可找到：
/etc/ppp/options - PPPD 的整體設定 (man ppp)
/etc/ppp/ioptions - PPPD 的整體設定 (man pppd)
/etc/ppp/options.ippp2 - 所選 NETDEV 的設定

在認證上我們需要 PAP 和 CHAP 檔案：
/etc/ppp/pap-secrets - 我們只會使用 PAP 認證
/etc/ppp/chap-secrets - 可以同時使用或單獨使用
在 PPPD和 IPPPD的 manpage 有詳細說明認證的資料，建議您先看一看。

視乎 ISDN 和類比裝置的數目，還有更多檔案需作設定。就讓我們逐步看看這些檔案：

Part of /etc/ppp/ioptions

 # for more information look at tail -f /var/log/messages 
 # Perfect to find errors
 debug 
 # If you wanted to log the password in this file, too, you 
 # could de-comment the following line - I hope that I do not have to 
 # mention that this option does not improve the security !
 # +pwlog

不需要更多了。

現在可以按 NETDEV 設定 ippp 裝置。

Part of /etc/ppp/ioptions

 # /etc/ppp/options.ippp2
 # based on the original script by
 # Klaus Franken, kfr@suse.de 
 # 

 # The used device:
 # OK, its the last time that I will mention this.
 /dev/ippp2 
 # 
 # debug ? 
 debug 
 # Info about proxyarp you find in man ipppd
 # Short: do you want to grant access to other computers via LAN?
 # Not in my LAN!
 # proxyarp
 #
 # IP Addresses:
 # "0.0.0.0:" for dynamic IP addresses
 # In the /etc/rc.config we assigned the IP 192.168.0.97 to this device
 # This should stay.
 # The computer which dials in gets the IP 192.168.0.240.
 # Of course you can use other IPs but this fits into my personal LAN
 # configuration. You could change this after it worked.
 192.168.0.97:192.168.0.240
 # 
 # Set default route? Read man ipppd !
 # defaultroute
 # 
 # user name of the one who dials in?
 user me
 # 
 # Force an authentification via PAP
 +pap
 # 
 # If you need this? Read man ipppd. I do not.
 # ipcp-accept-local
 # ipcp-accept-remote
 # noipdefault
 # useifip
 # 
 # disable header-compression
 #-vj
 #-vjccomp
 #-ac
 #-pc
 #-bsdcomp
 # 
 # max receive unit
 mru 1524
 # max transmit unit
 mtu 1500

認證透過 PAP 完成，因此您只需要
/etc/ppp/pap-secrets :

testuser * test End of /etc/ppp/pap-secrets.

結構是：使用者名稱，遠端電腦限制，純文字密碼，全都由 tab 隔開。

現在以一台 M$Win98 電腦，就可以無需額外的 scripts 就可以撥入來了。

您需要重新啟動 i4l，一般來說，設定不會全無錯誤的，因此在 /usr/bin/ 下放入以下的 script 也是聰明的做法：

restart-isdn

/sbin/init.d/i4l stop 
/sbin/init.d/i4l_hardware stop
/sbin/init.d/i4l_hardware start
/sbin/init.d/i4l start

(下載)

存取及執行權限需要正確設定，Root 以及可能是dial-out群組的成員都可以存取，當然您亦可手動將這些指令放在 shell。

現在可以測試撥入了，利用tail -f /var/log/messages 指令以可以查看一切運作良好。

如果一切正常，輸出結果會像這樣：
(注意：我們在內部作測試，因此會出現 **18 (MSN) 的數字﹗但如果內部測試正常的話，撥出也應該無礙的。)

Output of tail -f /var/log/messages

isdnlog: Dec 30 18:03:08 * Call to tei 127 from TN **11 on +49 1234/18, myHomeRING (Data)
isdnlog: Dec 30 18:03:08   Call to tei 67 from TN **11 on +49 1234/18, myHome  CONNECT (Data)
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ?  COLP TN **18
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ?  CONNECT
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ?  CHARGE: free of charge -  
   internal call
kernel: isdn_net: ippp2 connected
kernel: isdn_net: chargetime of ippp2 now 2805504
ipppd[188]: Local number: 18, Remote number: , Type: incoming
ipppd[188]: PHASE_WAIT -> PHASE_ESTABLISHED, ifunit: 2, linkunit: 0, fd: 7
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <magic 
       0xb45a62> <pcomp> <accomp>]
ipppd[188]: rcvd [0][LCP ConfReq id=0x1 <magic 0x58468> <pcomp> 
       <accomp> <callback 6>]
ipppd[188]: sent [0][LCP ConfRej id=0x1 <callback 6>]
ipppd[188]: rcvd [0][LCP ConfAck id=0x1 <mru 1524> <auth pap> 
       <magic 0xb45a62> <pcomp> <accomp>]
ipppd[188]: rcvd [0][LCP ConfReq id=0x2 <magic 0x58468> <pcomp> <accomp>]
ipppd[188]: sent [0][LCP ConfAck id=0x2 <magic 0x58468> <pcomp> <accomp>]
ipppd[188]: lcp layer is UP
ipppd[188]: rcvd [0][PAP AuthReq id=0x1 user="testuser" password not logged for security 
       reasons!     Use '+pwlog' option to enable full logging.]
ipppd[188]: Check_passwd called with user=testuser
ipppd[188]: sent [0][PAP AuthAck id=0x1msg="Login ok"]
ipppd[188]: MPPP negotiation, He: No We: No
ipppd[188]: sent [0][IPCP ConfReq id=0x1 <addr 192.168.0.97> <compress VJ 0f 01>]
ipppd[188]: CCP enabled! Trying CCP.
ipppd[188]: CCP: got ccp-unit 0 for link 0 (protocol: 0x80fd)
ipppd[188]: ccp_resetci!
ipppd[188]: rcvd [0][IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 
       192.168.0.240>  <ms-dns1 0.0.0.0> <ms-wins1 0.0.0.0> <ms-dns2 0.0.0.0> 
       <ms-wins2 0.0.0.0>]
ipppd[188]: sent [0][IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-wins1 0.0.0.0>
       <ms-dns2 0.0.0.0> <ms-wins2 0.0.0.0>]
ipppd[188]: rcvd [0][IPCP ConfAck id=0x1 <addr 192.168.0.97> <compress VJ 0f 01>]
ipppd[188]: rcvd [0][IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 192.168.0.240>]
ipppd[188]: sent [0][IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 192.168.0.240>]
ipppd[188]: local  IP address 192.168.0.97
ipppd[188]: remote IP address 192.168.0.240

如果連線由 (M$Win-) 遠端電腦關閉，就會像以下一樣：

Output of tail -f /var/log/messages

ipppd[188]: rcvd [0][LCP TermReq id=0x3]
ipppd[188]: LCP terminated by peer
ipppd[188]: sent [0][LCP TermAck id=0x3]
isdnlog: Dec 30 18:03:43   Call to tei 67 from TN **11 on +49 1234/18, myHome
   Normal call clearing (User)
kernel: isdn_net: local hangup ippp2
kernel: ippp2: Chargesum is 0
ipppd[188]: Modem hangup
ipppd[188]: Connection terminated.
ipppd[188]: taking down PHASE_DEAD link 0, linkunit: 0
ipppd[188]: LCP is down
ipppd[188]: closing fd 7 from unit 0
ipppd[188]: link 0 closed , linkunit: 0
ipppd[188]: reinit_unit: 0
kernel: ippp, open, slot: 2, minor: 2, state: 0000
kernel: ippp_ccp: allocating reset data structure
ipppd[188]: Connect[0]: /dev/ippp2, fd: 7
isdnlog: Dec 30 18:03:45   Call to tei 67 from TN **11 on +49 1234/18, myHome
    HANGUP ( 0:00:35 I=250.0 b O=144.0 b)
isdnlog: Dec 30 18:03:45 tei 65 calling TN **18 with ?  Normal call clearing (User)
isdnlog: Dec 30 18:03:45 tei 65 calling TN **18 with ?  HANGUP ( 0:00:37)

一些技巧

問題：
如果連線在幾秒後自動關閉，又如果您使用的是 Hybrid 數據機(ELSA Microlink ISDN/TL V.34) ，
tail -f /var/log/messages 會如下：

Output of tail -f /var/log/messages

ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
isdnlog: Dec 30 18:11:52   Call to tei 67 from TN **11 on +49 1234/18, myHome      
    Normal call clearing (User)
isdnlog: Dec 30 18:11:52 tei 65 calling TN **18 with ?  HANGUP ( 0:00:10)
kernel: ippp2: remote hangup
kernel: ippp2: Chargesum is 0
ipppd[188]: Modem hangup
ipppd[188]: Connection terminated.
ipppd[188]: taking down PHASE_DEAD link 0, linkunit: 0
ipppd[188]: sent [0][LCP TermReq id=0x2 6c 69 6e 6b 20 63 6c 6f 73 65 64]
ipppd[188]: LCP is down
ipppd[188]: closing fd 7 from unit 0
ipppd[188]: link 0 closed , linkunit: 0
ipppd[188]: reinit_unit: 0
ipppd[188]: Connect[0]: /dev/ippp2, fd: 7
kernel: ippp, open, slot: 2, minor: 2, state: 0000
kernel: ippp_ccp: allocating reset data structure
isdnlog: Dec 30 18:11:52   Call to tei 67 from TN **11 on +49 1234/18, myHome 
   HANGUP ( 0:00:11 I=108.0 b O=104.0 b)

源程式碼：
Hybrid 數據機使用錯誤的 init scripts，因此在傳送時就使用了一個「錯誤」的協定。
將 init 字串改變為 Hybrid 數據機被迫建立 ISDN 連線的方式 (AT \N10 does it)，否則您不能傳送任何 /Nxx 參數。

如果您發現別的問題 (或解決方法)，請讓我們知道﹗

如果它不能運作怎麼辦？那就檢查所有記錄和/或查看 tail 的輸出結果，再看看文件，您應該已看了，是嗎？

如果它不想運作怎麼辦？假如有空，我們會幫助您。此外，您可以在新聞組如 alt.de.comm.isdn4linux (德國) 或comp.dcom.isdn (還有其他) 中發問，別忘了附上訊息日誌和設定檔案的有關部分 (即是要先修改檔案)。

4. 文件：

man pppd

man ipppd

SuSE Support Database

新聞組： alt.de.comm.isdn4linux

Bluelove1968

藍色情懷

Bluelove1968 發表在痞客邦留言(0) 人氣()

E-mail轉寄

藍色情懷

歡迎光臨藍色情懷在痞客邦的小天地