Improve company productivity with a Business Account.Sign Up


Linux as PPP server

Posted on 2000-03-29
Medium Priority
Last Modified: 2010-03-18
I know it's been asked a hundred times before, but I've already spent about 50 points looking up PAQ's and still cannot find the correct answer.

Here's the deal... setting up our RedHat 6.1 as a ppp dialin server.

I installed mgetty. I can dial in and get a shell account access.

How do I turn that to ppp?

I read PPP-HOWTO and that seems hacky... log in, type ppp, then negotiate PPP on the client end? That's bad form.

I read some stuff on comp.os.linux.networking, which helped a little, but not completely.

What I need to know:
Once mgetty is set up (I did compile with -DAUTO_PPP) what next?

How do you set up the pap-secrets file? On the newsgroup I saw that you only need:
* * "" *

How does the client receive it's IP? Do I need DHCP server set up on the dialin server?

Basically: Once mgetty is installed, what files need to be edited, and how?

Thanks... I know this is a huge repeat question, but like I said, I read 6 or 7 PAQ's and didnt get my full answer.
Question by:edskee
  • 4
  • 3

Author Comment

ID: 2666707
This is the best I get... I get a login shell, regardless of the auto-ppp I turned on... and when I manually run pppd:

pppd: The remote system is required to authenticate itself but I
pppd: couldn't find any secret (password) which would let it use an IP address.

Here's my pap-secrets:
* * "" *

Thats it... what pppd options should I use?

This is driving me nuts.

Accepted Solution

kiffney earned 200 total points
ID: 2671673
You have to edit the /etc/mgetty/login.conf file and set up a line like this:

/AutoPPP/  -  a_ppp   /usr/sbin/pppd

And (this may be the part missing) you have to make sure mgetty answers the phone (and not mingetty, uugetty, agetty, or bibbity-bobbity-getty) by editing /etc/inittab (as root) like this:

SO:2345:respawn:/sbin/mgetty -s 115200 -x 3 ttyS0
if you want it to answer with the modem on ttyS0 (COM1 in DOS world).

Replace /sbin/mgetty with the actual location of your mgetty, and the S0 and ttyS0 with S1 and ttyS1 if you're on that port, etc.

Then tell init to reread the inittab with 'kill -HUP 1'

Be careful editing inittab - you can make your system hard to use with a mistake here (been there myself).

Once you do this mgetty should answer and cough up a PPP connection - then your new troubles (authorization, IP addresses) will begin!

In short, you want /etc/ppp/options.ttyS0 (if you're using serial line 0/com1) to have something like this in  it:

(or whatever IP address makes sense for the network you're dialing into)
(so that your dialing-in machine appears to be on the net)
(or whatever address you want windows dialin guys to use for a domain name server, if you have one - don't need to)

Finally, fix pap-secrets like this:

a_name    *     a_password   *

and when you dial in, use that name and password.

That might be enough to get things going.  Let us know what happens.  And be patient, it's a pain to set up, but once set up works perfectly forever.

Author Comment

ID: 2673559
How do you get it to use the existing username/password combos in /etc/passwd instead of the pap-secrets file?
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 2673582
It works! All except the username and password part... for each person who needs to dialin, I really dont want to have to edit the pap-secrets file... how do I do it otherwise?

Expert Comment

ID: 2673610
Use the 'login' option on the server's pppd setup.  You still need an entry in the pap-secrets file, but you can put "" in the secrets column.  The dialer-in has the username in the name column, * in the server column, "" in the secrets column, and either * or a set of ip addresses allowed in the address columnt.

Expert Comment

ID: 2673629
I meant to say, the dialed-into machine has "" in the secrets column and 'login' in the options file - this makes the server check the user's password against /etc/passwd.  You still need a username entry in the server's pap-secrets, but it can just be

*  *  ""  *

and the dialing-in person sets "remotename" to be his login name and his password to be his login password.

Author Comment

ID: 2673684
Thanks man, fixed all my problems!

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question