Point to Point Dial in Server

The Point-to-Point Protocol (PPP) provides a method for transmitting datagrams over serial point-to-point links. PPP is composed of three parts: a method for encapsulating datagrams over serial links, an extensible Link Control Protocol (LCP), and a family of Network Control Protocols (NCP) for establishing and configuring different network-layer protocols. This document describes how to setup a PPP dial in server on a Linux System. The PPP server will act as a gateway for the client dialing in to access the local network.

Install PPP and Kermit

If you did not select the ppp package during OS installation, use yum to grab the latest package from your preferred repository

 yum install ppp

Kermit is a useful communication software that can be used to test a dial in connection. Download C-kermit on ARC, or get the latest version from the Columbia Site

Modem Setup

mgetty is a program which can handle all aspects of modem communication. If your server has only one serial port the modem will be located on /dev/ttyS0. To enable data connection to the server the following line must be added to the /etc/inittab file

 S0:2345:respawn:/sbin/mgetty -D ttyS0

The -D means data only, no fax machines will be allowed to connect. For a fax setup you would have to use faxgetty (mo:35:respawn:/usr/sbin/faxgetty ttyS0)
Run Kill -HUP 1 to reinitiate /etc/innitab (or init q)

PPPD Setup

By default mgetty will not invoke ppp, to enable this feature you need to edit the mgetty login.config file:

 vim /etc/mgetty+sendfax/login.config

Look for the following line:

 #/AutoPPP/ -    a_ppp   /usr/sbin/pppd auth -chap +pap debug

Enable this line by removeing the #.

 /AutoPPP/ -    a_ppp   /usr/sbin/pppd auth +chap -pap debug

We will be using Challenged Handshake Authenication Procotol (CHAP) which is encrypts the login process. Change chap to be the preferred authentication method by adding a '+' sign next to chap and change pap to '-'. Debug will give extra loggin details in: /var/log/mgetty.ttyS0

When ppp starts up, it reads options from the command line from /etc/mgetty+sendfax/login.config, it then reads more options from the /etc/ppp directory.

PPP Server Options

Use /etc/ppp/options file on the server to add generic settings for the ppp connection.

 vim /etc/ppp/options

-detach
asyncmap 0
modem
crtscts
lock
proxyarp
ms-dns 192.168.2.4
ms-dns 192.168.2.5

To specify settings for a particular connection use another file to add these details. /etc/ppp/options.ttyS0

 vim /etc/ppp/options.ttyS0

# ipaddress localserver:remoteclient
192.168.2.112:192.168.2.200
# netmask for network
netmask 255.255.255.0

As we mentioned before we will be using CHAP for authentication. Ensure a local user account is present on the system with a password (this password will be used for CHAP as well)

 useradd acorpdialin; passwd acorpdialin

Modify the chap-secrets file in /etc/ppp to add this user and the IP address they will be connecting from. Note: spaces in the file are single spaces not tabs

 # Secrets for authentication using CHAP
# client	server	secret			IP addresses
acorpdialin * L3tM31n  192.168.2.200

Server Security Settings

Any communication that goes from client to server will be through sshd. Open system-config-securitylevel from command line on the server. Ensure security level is set to enabled and SELinux is set to permissive
Tab down to customise and press return.
Ensure that the only service ticked in SSH.
Tab to OK then OK again for changes to take effect

PPP Client Options

On the client machine open the /etc/ppp/options file and add the following settings

 vim /etc/ppp/options

/dev/ttyS0 9600
crtscts
modem
# localcient:remoteserver
192.168.2.200:192.168.2.112
defaultroute
lock
passive
name acorpdialler

The ppp package comes with a chat utility to call a remote host, in this case our server. There are a couple of files that we need to create within the /etc/ppp directory to make use of this utility. ppp-chat link script: /etc/ppp/peers/acorpchat

 
connect 'chat -v -f /etc/ppp/acorpchatter'
debug

chat connect script: /etc/ppp/acorpchatter

 ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDTphonenumberofpppdserver CONNECT ""

As with the server will be using CHAP for authentication. Ensure the same user with the same password exists on this system.

 useradd acorpdialin; passwd acorpdialin

 
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
acorpdialin * L3tM31n

To make the call use the following command To make a connect from client to server we use the pppd command line utilty to make a call.

 pppd call acorpchat (location of the file in /etc/ppp/peers/)

run tail -f /var/log/messages to see if connection is made successfully.

Back to Resources