PPP Server Configuration

Configuring a server to run PPP over the dialin connection is a simple task once the initial mgetty application is setup properly. With the PPP setup, the user can either invoke the ppp connection or have it ran by default with a script, for example "/etc/ppp/ppplogin":

	#!/bin/sh
	exec /usr/sbin/pppd -detach 192.168.1.1:192.168.1.2

The script above can be either initiated by the user calling in the system or automatically called by mgetty when a ppp dialin is automatically detected. To have mgetty automatically detect a ppp connection being initiated, add the following line to "/etc/mgetty+sendfax/login.config":

	/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login detach kdebug 7 debug

The address 192.168.1.1 is the address of the server and the address 192.168.1.2 is the address which is assigned to the client. This script should be made executable by the user who calls into the machine. The pppd daemon must be setuid root to setup the routing table that is necessary for the dialin account to function correctly.

The options file for the modem answering the dialin should be setup next. It is desirable to set the options for this modem into it's own options file "options.ttyS1" although you can edit the default options file if dialout ppp on other modems on the server will not be implemented:

	#/etc/ppp/options.ttyS1
	netmask 255.255.255.0 
	proxyarp 
	lock 
	crtscts 
	modem

Proxyarp is the most important from the above options, because you can go to Internet by the modem in the server. The remaining options are used to control the modem. The user can work only in the local network if you remove proxyarp option.

Next you have to enable IP forwarding by adding this line for the file "/etc/rd.d/rc.local":

	echo "1" > /proc/sys/net/ipv4/ip_forward

In RedHat you can change the /etc/sysconfig/network file from:

	FORWARD_IPV4=false
	to
	FORWARD_IPV4=true.

To allow a user to use the PPP facilities, you need to allocate an IP address for that user's machine and create an entry in /etc/ppp/pap-secrets or /etc/ppp/chap-secrets (depending on which authentication method the PPP implementation on the user's machine supports), so that the user's machine can authenticate itself. For example, if Joe has a machine called "joespc" which is to be allowed to dial in to the machine called "server" and use the IP address joespc.my.net, you would add an entry like this to /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:


	joespc server "joe's secret" joespc.my.net

Alternatively, you can create a username called (for example) "ppp", whose login shell is pppd and whose home directory is /etc/ppp. Options to be used when pppd is run this way can be put in /etc/ppp/.ppprc.

If your serial connection is any more complicated than a piece of wire, you may need to arrange for some control characters to be escaped. In particular, it is often useful to escape XON (^Q) and XOFF (^S), using asyncmap a0000. If the path includes a telnet, you probably should escape ^] as well (asyncmap 200a0000). If the path includes an rlogin, you will need to use the escape ff option on the end which is running the rlogin client, since many rlogin implementations are not transparent; they will remove the sequence [0xff, 0xff, 0x73, 0x73, followed by any 8 bytes] from the stream.