Solved

Linux as PPP server

Posted on 2000-03-29
7
331 Views
Last Modified: 2010-03-18
I know it's been asked a hundred times before, but I've already spent about 50 points looking up PAQ's and still cannot find the correct answer.

Here's the deal... setting up our RedHat 6.1 as a ppp dialin server.

I installed mgetty. I can dial in and get a shell account access.

How do I turn that to ppp?

I read PPP-HOWTO and that seems hacky... log in, type ppp, then negotiate PPP on the client end? That's bad form.

I read some stuff on comp.os.linux.networking, which helped a little, but not completely.

What I need to know:
Once mgetty is set up (I did compile with -DAUTO_PPP) what next?

How do you set up the pap-secrets file? On the newsgroup I saw that you only need:
* * "" *

How does the client receive it's IP? Do I need DHCP server set up on the dialin server?

Basically: Once mgetty is installed, what files need to be edited, and how?

Thanks... I know this is a huge repeat question, but like I said, I read 6 or 7 PAQ's and didnt get my full answer.
0
Comment
Question by:edskee
  • 4
  • 3
7 Comments
 
LVL 2

Author Comment

by:edskee
ID: 2666707
This is the best I get... I get a login shell, regardless of the auto-ppp I turned on... and when I manually run pppd:

pppd: The remote system is required to authenticate itself but I
pppd: couldn't find any secret (password) which would let it use an IP address.

Here's my pap-secrets:
* * "" *

Thats it... what pppd options should I use?

This is driving me nuts.
0
 
LVL 4

Accepted Solution

by:
kiffney earned 50 total points
ID: 2671673
You have to edit the /etc/mgetty/login.conf file and set up a line like this:

/AutoPPP/  -  a_ppp   /usr/sbin/pppd

And (this may be the part missing) you have to make sure mgetty answers the phone (and not mingetty, uugetty, agetty, or bibbity-bobbity-getty) by editing /etc/inittab (as root) like this:

SO:2345:respawn:/sbin/mgetty -s 115200 -x 3 ttyS0
if you want it to answer with the modem on ttyS0 (COM1 in DOS world).

Replace /sbin/mgetty with the actual location of your mgetty, and the S0 and ttyS0 with S1 and ttyS1 if you're on that port, etc.

Then tell init to reread the inittab with 'kill -HUP 1'

Be careful editing inittab - you can make your system hard to use with a mistake here (been there myself).

Once you do this mgetty should answer and cough up a PPP connection - then your new troubles (authorization, IP addresses) will begin!

In short, you want /etc/ppp/options.ttyS0 (if you're using serial line 0/com1) to have something like this in  it:

:192.68.1.11  
(or whatever IP address makes sense for the network you're dialing into)
proxyarp  
(so that your dialing-in machine appears to be on the net)
ms-dns 192.68.1.2  
(or whatever address you want windows dialin guys to use for a domain name server, if you have one - don't need to)

Finally, fix pap-secrets like this:

a_name    *     a_password   *

and when you dial in, use that name and password.

That might be enough to get things going.  Let us know what happens.  And be patient, it's a pain to set up, but once set up works perfectly forever.
0
 
LVL 2

Author Comment

by:edskee
ID: 2673559
How do you get it to use the existing username/password combos in /etc/passwd instead of the pap-secrets file?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Author Comment

by:edskee
ID: 2673582
It works! All except the username and password part... for each person who needs to dialin, I really dont want to have to edit the pap-secrets file... how do I do it otherwise?
0
 
LVL 4

Expert Comment

by:kiffney
ID: 2673610
Use the 'login' option on the server's pppd setup.  You still need an entry in the pap-secrets file, but you can put "" in the secrets column.  The dialer-in has the username in the name column, * in the server column, "" in the secrets column, and either * or a set of ip addresses allowed in the address columnt.
0
 
LVL 4

Expert Comment

by:kiffney
ID: 2673629
I meant to say, the dialed-into machine has "" in the secrets column and 'login' in the options file - this makes the server check the user's password against /etc/passwd.  You still need a username entry in the server's pap-secrets, but it can just be

*  *  ""  *

and the dialing-in person sets "remotename" to be his login name and his password to be his login password.
0
 
LVL 2

Author Comment

by:edskee
ID: 2673684
Thanks man, fixed all my problems!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Embeded Linux on Router 9 105
ovirt web management page 1 77
Setup static routes for IP address in CentOS 2 65
Monitor Aliased network interface bandwitch CentOS 4 91
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now