Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

SOLVED
Go to solution
ForrestL
Occasional Visitor

How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

Dear:

I am going to connect my DS10L with OVMS8.3 to Internet via an ADSL. According to the information from the ISP (Internet Services Provider), PPPoE should be issued from the server end - my OpenVMS side.

TCPIP Documentation did not include the PPPoE function.

Might I get help ? How to configure PPPoE on my OVMS 8.3 on DS10L ?

Thanks
9 REPLIES
Steven Schweda
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

My DSL doesn't use PPPoE, so I know nothing,
but I'd go out and buy a cheap IP router
which does PPPoE, and let the router worry
about it. (I've installed a few of these for
friends, and they always seem to mention
PPPoE, but I've never needed to check that
box.)
Jon Pinkley
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

I agree that letting a dedicated router handle the PPPoE is the easy way to do this.

The only possible downside is if you have a static IP and you don't want NAT to be done by the router. Most of the low-end "home routers" have NAT built in, and normally the only way to turn it of is to turn of the router functionality and run the unit in bridge mode.

What type of equipment did you get with your ADSL line? At home I have a Siemens 4100 B "modem", but it has NATing router built in. I have a real router behind it, so I have the 4100 configured in Bridge mode.

Most ADSL circuits are sold without static ip addresses, and in that case, having the modem/router provide NAT is normally a good thing. Most of the routers also have rudimentary firewalls built in as well, and another benefit is that you can then share the ADSL connection with several hosts. The routers usually also have a DHCP server built in that you can use if you want.

Good luck,

Jon
it depends
Steven Schweda
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

> Most ADSL circuits are sold without static
> ip addresses, and in that case, having the
> modem/router provide NAT is normally a good
> thing. [...]

Most DSL customers have a _single_ IP
address, which is what makes NAT useful,
whether that's a static or dynamic address.

I still use an old (but good) Cisco 678 DSL
modem/router, which is capable of dealing
with multiple IP addresses as well as NAT.
I know of no intrinsic conflict between using
NAT and having multiple IP addresses, but
most NAT users use NAT to allow multiple
systems to share a single (external) IP
address. Mine's static (good ISP), but I
have only one, so I use NAT. A friend (also
using a Cisco 678) has a block of eight. I
don't know if he uses NAT, but I assume that
he could.
Jon Pinkley
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

If you have a device that is using IPsec without NAT traversal, NAT can be problematic. Other than that, most NAT implementations know how to "do the right thing" with respect to protocols with multiple tcp ports, for example FTP. NAT also provides a bit of protection from unwanted inbound connections, but don't rely upon it as a firewall.

And current VPN clients (e.g. Cisco and Nortel) can encapsulate IPSec in UCP or TCP and traverse NAT routers.

Bottom line: Unless you are doing something special, NAT is a good thing. If you are doing something special, then hopefully you already know the potential problems NAT can introduce.

Now, perhaps someone can answer your question about PPPoE on VMS, and whether or not it is supported. I don't know.

Jon
it depends
Hoff
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

AFAIK, no PPPoE support and no PPP with RAS authentication with OpenVMS. When I last answered this question "from the other side", it wasn't supproted.

Using a firewall, router and NAT box is very likely the way to go here. This approach also often makes it easier to deal with the ISP, as most of those folks tend to have some grasp of these boxes and of Windows, but tend to have more problems if you mention the use of or sometimes the mere presence of other operating systems.

Plus you can configure the firewall to dissuade (most of?) the net's riff-raff from visiting your system(s). Here's a generic write-up that touches on using OpenVMS with firewalls: http://64.223.189.234/node/275

Stephen Hoffman
HoffmanLabs LLC
ForrestL
Occasional Visitor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

Dear All:

Thank you very much for your information.

Yes, I have an ADSL of ZXDSL831 (Made by a Chinese manufacturing - ZTE). My DS10L can browse the Internet with the ADSL setting NAT.

Because I want my DS10L can be accessed by others on Internet using name (I did not apply for a static IP address). So I turn NAT off and turn PPP IP Extension on for the ADSL, and set DHCP client enable using TCPIP service on my Ovms, my OVMS can get a dynamic Internet IP address from the ISP. Now I want to access my DS10L using name instead of IP.

But it is error when I run @Sys$manager:tcpip$config to configure the Domain, the errors are below and jump to $:

Communication domain updated in configuration database
Bind resolver domain name updated in configuration database
%TCPIP-E-INETERROR, internet interface error
-TCPIP-E-INVQUAL, invalid qualifier value for /LOCAL_HOST
-RMS-E-RNF, record not found
$

I also remove the TCPIP Services using the OS CD and reinsall the TCPIP 5.6-9, the problem can not be solved.

Thanks in advance for your help !
John Travell
Valued Contributor
Solution

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

Your best bet still seems to be to use the router with NAT, set the router forwarding options to route incoming traffic through specific ports to the DS10L, and to block ports that you do not want incoming traffic on.

For access by name instead of number, choose one of the many dynamic DNS services around. I use ZoneEdit, which offers a free service if the volume of name translations they do for you is less than a fairly high threshold.
Search the net for 'dynamic dns', you get over 3million hits...
You WILL need to acquire or write a tool that monitors your router's external IP address and updates your chosen DNS supplier when your address changes.
JT:
Hoff
Honored Contributor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

John T is correct.

If you're asking these questions -- and this isn't intended to be rude or offensive; what I'm suggesting here is (still) how I tend to configure network security with OpenVMS -- you're probably not ready to nor really wanting to have to lock down an OpenVMS server against attack, and probably not yet ready to maintain and verify a continued lock-down over the lifetime of the configuration. This configuration and maintenance is not an easy task. (I know how to lock down an OpenVMS box, and how to break into an OpenVMS box. And I choose and do use firewalls.)

Recognize that you will get attacked; the last tests I ran had somebody attempting to fingerprint and then attacking my host within four hours of simply connecting it to the net. No announcements. No nothing. Connect it. Get attacked. And the first attack will generate buckets of OPCOMs and audits and otherwise, including the unsuccessful attacks; a password attack that has hit some of the firewalls I deal with would easily fill the typical OpenVMS system disk. They literally throw the entire dictionary and more -- numeric substitutions and l33t haxor abbreviations -- at the target box. (Had I been paying attention, I should have saved off the last such dictionary that got tossed my way.)

Use a firewall with a DMZ or port mapping or virtual server capabilities, and allow specific protocols through the firewall and to the OpenVMS server. And make sure your web server or whatever you might choose to expose current on its ECOs, and carefully locked down.

OpenVMS is comparatively rare and not particularly well known in the hacker community, but cleaning up the mess after even a failed attack is still work. And an ssh or telnet or ftp attack can derail your day, even if the gremlins don't gain access. There have been specific cases where OpenVMS has been more directly vulnerable, including the infamous Ping Of Death.

Most any firewall around of any sort of value -- whether it is a dedicated Linux box set up as a firewall and loaded with one of the available firewalls or firewall distros, or a commodity commercial firewall widget from any of the major vendors -- can be acquired with DMZ or virtual server or port-mapping capabilities.
ForrestL
Occasional Visitor

Re: How to apply PPPoE connection from OVMS 8.3 AlphaDS10L

Thanks to All !

Your input are very usful for me !!!

The Web-Sites are very useful.

Best Regards,
Forrest Ling