Point to Point Dial in Server

The Point-to-Point Protocol (PPP) provides a method of creating an IP network over a serial link (modem, ISDN line). PPP is a peer-to-peer system, it is composed of three parts: a method for encapsulating datagrams over serial links, an extensible Link Control Protocol (LCP), and a family of Network Control Protocols (NCP) for establishing and configuring different network-layer protocols. This document describes how to setup a PPP dial in server on a Linux System. The PPP server will act as a gateway for the client dialing in to access the local network.

Install PPP and Kermit

If you did not select the ppp package during OS installation, use yum to grab the latest package from your preferred repository
 yum install ppp 
Kermit is a useful communication software that can be used to test a dial in connection. Download C-kermit on ARC, or get the latest version from the Columbia Site

Modem Setup

mgetty is a program which can handle all aspects of modem communication. If your server has only one serial port the modem will be located on /dev/ttyS0. To enable data connection to the server the following line must be added to the /etc/inittab file
 S0:2345:respawn:/sbin/mgetty -D ttyS0
The -D means data only, no fax machines will be allowed to connect. For a fax setup you would have to use faxgetty (mo:35:respawn:/usr/sbin/faxgetty ttyS0)
Run Kill -HUP 1 to reinitiate /etc/innitab (or init q) Allow Traffic to pass through on the server in /etc/sysctl.conf
 net.ipv4.ip_forward = 1

sysctl -p

PPPD Setup

By default mgetty will not invoke ppp, to enable this feature you need to edit the mgetty login.config file:
 vim /etc/mgetty+sendfax/login.config
Look for the following line:
 #/AutoPPP/ -    a_ppp   /usr/sbin/pppd auth -chap +pap debug
Enable this line by removeing the #.
 /AutoPPP/ -    a_ppp   /usr/sbin/pppd auth +chap -pap debug
We will be using Challenged Handshake Authenication Procotol (CHAP) which is encrypts the login process. Change chap to be the preferred authentication method by adding a '+' sign next to chap and change pap to '-'. Debug will give extra loggin details in: /var/log/mgetty.ttyS0

When ppp starts up, it reads options from the command line from /etc/mgetty+sendfax/login.config, it then reads more options from the /etc/ppp directory.

PPP Server Options

Use /etc/ppp/options file on the server to add generic settings for the ppp connection.
 vim /etc/ppp/options

-detach
asyncmap 0
modem
crtscts
lock
proxyarp
ms-dns 192.168.2.4
ms-dns 192.168.2.5
To specify settings for a particular connection use another file to add these details. /etc/ppp/options.ttyS0
 vim /etc/ppp/options.ttyS0

# ipaddress localserver:remoteclient
192.168.2.112:192.168.2.200
# netmask for network
netmask 255.255.255.0
Note that the Server address is not the same as the eth0 server address on the localhost. This is the IP for the PPP IP link. As we mentioned before we will be using CHAP for authentication. Ensure a local user account is present on the system with a password (this password will be used for CHAP as well)
 useradd acorpdialin; passwd acorpdialin
Modify the chap-secrets file in /etc/ppp to add this user and the IP address they will be connecting from. Note: spaces in the file are single spaces not tabs
 # Secrets for authentication using CHAP
# client	server	secret			IP addresses
acorpdialin * L3tM31n  192.168.2.200

Server Security Settings

Any communication that goes from client to server will be through sshd. Open system-config-securitylevel from command line on the server. Ensure security level is set to enabled and SELinux is set to permissive
Tab down to customise and press return.
Ensure that the only service ticked in SSH.
Tab to OK then OK again for changes to take effect

PPP Client Options

On the client machine open the /etc/ppp/options file and add the following settings
 vim /etc/ppp/options

/dev/ttyS0 9600
crtscts
modem
# localcient:remoteserver
192.168.2.200:192.168.2.112
defaultroute
lock
passive
name acorpdialler
The ppp package comes with a chat utility to call a remote host, in this case our server. There are a couple of files that we need to create within the /etc/ppp directory to make use of this utility. ppp-chat link script: /etc/ppp/peers/acorpchat
 
connect 'chat -v -f /etc/ppp/acorpchatter'
debug
chat connect script: /etc/ppp/acorpchatter
 ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDTphonenumberofpppdserver CONNECT ""
As with the server will be using CHAP for authentication. Ensure the same user with the same password exists on this system.
 useradd acorpdialin; passwd acorpdialin
 
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
acorpdialin * L3tM31n
To make the call use the following command To make a connect from client to server we use the pppd command line utilty to make a call.
 pppd call acorpchat (location of the file in /etc/ppp/peers/)
run tail -f /var/log/messages to see if connection is made successfully.

Back to Resources