FreeBSD Release 8.0 Installer Guide
Home______________________________________________________________________
There are two common uses for the callback feature. When your FBSD system is answering inbound calls for remote access to the FBSD box, the callback feature provides an additional layer of security. From a security view point, callback is a way of verifying the remote user is really calling from their pre-authorized phone number, which typically is their home or alternate work location.
The second is when your FBSD box calls your ISP and they call you back. In this case the prime motive is who is going to pay for the phone call. The second motive is an additional level of security that only the official owner of the ISP account is requesting remote access. The originating remote user initiates the call, connects and logs in; the receiving system hangs up and then calls back the originator, thus acquiring the phone line charges for the whole time the originating user is on line.
The most popular use of callback in the USA is for a FBSD system answering inbound calls for remote access. This is used by sales people on the road calling from a different phone number each time or the system administrator or an employee calling work from the same home phone number all the time and their employer picks up the long distance phone charges.
The FBSD system calling the ISP and the ISP calling back is not used in the USA because of the cheap phone rates. Other countries around the world like in the old USSR have phone billing rates that are charged by the minute. The ISP has much better rates because they use a greater amount of phone company services. They pass this on to their Internet subscribers by calling the originating user back and picking up the phone bill for the connection.
The documentation for the callback function is in man ppp and some examples in /usr/share/examples/ppp/.
This is your system answering inbound calls for remote access and then calling back the originating user using the same modem the inbound call came in on. This configuration is specifically targeted at originating users using a MS/Windows operating system and calling in from the same phone number every time, like employees working from home. This provides an additional level of security by calling back using a pre-authorized phone number associated with the originating users location listed in the ppp.secret callback field. Placing an * in the ppp.secret callback field will allow the originating user to enter the callback phone number during the setup of the callback process, this is less secure, but much more flexible in where the originating user can call in from. This will also work for originating users using a FreeBSD operating system.
It’s absolutely necessary that you have the user ppp incoming call function working before adding the callback function. The callback function is enabled by adding the following statements to the end of the ppp.conf incoming section. Remember these statements have to start at position 2 on the statement line in ppp.conf.
ee /etc/ppp/ppp.conf
########### start of callback section #############
#
set callback cbcp
set cbcp
set log +cbcp
set redial 3 1
set device /dev/cuaa4 # same device as call came in on
set speed 115200
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ OK-ATZ-OK \
ATDT\\T TIMEOUT 60 CONNECT"
#
############ End of callback section #############
User ppp uses the /etc/ppp/ppp.secret file to authenticate dial in access. This is where you control the 3 different access modes. You have to edit the callback field of /etc/ppp/ppp.secret with the value representing the selected mode for each user. The fifth field is the callback field.
Mode 1, User calls in and no callback, callback field blank.
Mode 2, User calls in and FBSD calls back using pre-authorized phone number associated with the originating users location listed in the callback field.
Mode 3, User calls in and FBSD calls back using a phone number entered by the originating caller during the callback handshake. Callback field contains an *
Example: Mode 1 tom, Mode 2 bob, Mode 3 Joe,
# Authname Authkey Peer's IP address Label Callback
tom xxxxxxx
bob yyyyyyy * * 14447295555
Joe zzzzzzz * * *
When the Windows box calls the dial in modem phone number on the FBSD box, the modem answers the call. Getty senses the call makes the connection, tells the Windows box it wants PAP and asks for ID/PW. Whatever ID/PW is entered at the windows box is checked against the ppp.secret on the FBSD box. At a match ppp sees the callback phone number and talks to the Windows box about setting up callback services before it hangs up the phone. Now the modem that just answered the inbound call is free to dial out using the callback phone number from ppp.secret.
On the Windows box after the dial windows displays a message authenticating ID and password, the window will close after the login is achieved like normal. A new window will open for callback security with a unchangeable option high-lighted [Administrator specified waiting for callback]. This means the phone number in ppp.secret will be called. The Windows box user clicks on OK and the Windows box hangs up its modem and automatically reconfigures its modem for receiving inbound calls.
FBSD does its callback thing using the ppp.secert callback phone number associated with the ID/PW it just authorized from the inbound call. The modem on the Windows box picks up, some hand shaking goes on and you are connected.
It’s absolutely necessary that you have the user ppp incoming call function working before adding the ISP callback function. ISP callback is when your FBSD box calls your ISP and they call you back.
Starting with the ppp.conf statements for calling your ISP covered in the Configuring User PPP for modem dial out to ISP section, add to the end of those statements the callback configuration statements to activate the callback function, then you add the incoming section covered in the Inbound ppp.conf statements section.
There are 3 methods of callback your ISP can chose to honor; you specify which one to use by putting the set callback <option> statement at the end of the dialisp section in your ppp.conf file.
Method 1. set callback auth
This means the host you are calling must have your user ID and password in their ppp.secert file with your callback phone number in the 5th field, or an * in the 5th field which will prompt you for the callback phone number before hanging up the phone.
Method 2. set callback cbcp
set cbcp your_callback_phone_number
This is the Microsoft callback standard. The your_callback_phone_number field must contain the phone number you want to be called back on or an * which means to prompt you for the callback phone number before hanging up the phone.
Method 3. set callback e.164 your_callback_phone_number
This means use the old original e.164 standard to call you back at your_callback_phone_number.
If the host you are calling does not honor the callback method you coded, the connection will be terminated. If you wish callback to be optional you can add the keyword none to the set callback statement and ppp will continue without callback rather than terminating the connection. This is required (in addition to one or more other callback options) to make callback optional.
PPP also allows all the callback options to be coded together on one statement. This will give the called host the choice to select which of the 3 methods it wants to honor.
set callback auth cbcp e.164 your_callback_phone_number none
set cbcp your_callback_phone_number
When your FBSD system calls your ISP, the ISP answers, makes the connection, asks for your ID/PW, and whatever is entered in the ID and password statements of ppp.conf is checked. At a match the ISP's ppp sees the callback phone number and talks to your FBSD system about setting up callback services before it hangs up the phone. Now the modem that your FBSD system just used to make the out bound call hangs up and automatically reconfigures its modem for accepting inbound calls. The ISP does its callback thing. The modem on your FBSD system picks up, some hand shaking goes on and you are connected.
This FreeBSD Installer Guide is an public domain HOW-TO. This content may be reproduced, in any form or by any means, and used by all without permission in writing from the author.
Recent comments