Then one day the Computer Department 'upgraded' their software; and from then on nothing ever worked, even though the Back End Support guys toiled and slaved over their Tools from Redmond, and saluted them repeatedly with the special Redmond salute. And there was much tearing of hair and gnashing of teeth in the Computer Department; and woe was upon the land.

And so the need for installing a pppd server on our own Linux machine to bypass the broken Computer system was born. And lo, it was a pain to set up but verily, in the end it did work.

1. Obtain ppp-2.3.4.tar.gz, mgetty+sendfax-0.22.tar.gz, and a kernel source .tar.gz (if not already present). Untar the kernel in /usr/src and the other two in your home directory on the server.
2. cd ppp-2.3.4
3. configure
4. make kernel (installs ppp files in kernel source tree)
5. cd /usr/src/linux
6. Rebuild kernel, making sure to enable ppp support. Enable Sysctl support and /proc filesystem support at the same time. Install new kernel.
7. /sbin/lilo
8. reboot
9. useradd ppp
10. passwd ppp
11. Repeat first 8 steps on client, recompiling client's kernel if necessary to ensure it also supports ppp.

1. Edit /etc/passwd to set ppp's shell to ppplogin

   ppp:x:1001:100::/home/ppp:/etc/ppp/ppplogin

2. Add /etc/ppp/ppplogin to /etc/shells.
3. Edit /etc/ppp/ppplogin

   #!/bin/sh # ppplogin - script to fire up pppd on login mesg n stty -echo exec /usr/sbin/pppd -detach silent modem crtscts

   Make sure it is executable. Change last line to exact path of your pppd.
4. Edit /etc/ppp/pap-secrets

   # Secrets for authentication using PAP # client server secret IP addresses * * "" *

5. Edit /etc/ppp-off

   kill -INT `cat /var/run/ppp0.pid`

6. Find out where is modem:

   dalek:/home/tjnelson$ ls -l /dev/modem lrwxrwxrwx 1 root root 10 Jan 30 2000 /dev/modem -> /dev/ttyS0

7. Make sure modem is working (use minicom to ensure that it responds with OK to an ATZ command).
8. Add a line to /etc/inittab using the tty number of your modem

   S0:2345:respawn:/usr/sbin/mgetty ttyS0 -D /dev/ttyS0

   (-D = data only, no fax. Make sure it says S0 and not SO.)
9. init q
10. Edit /etc/default/getty (this step is not really necessary)

    HANGUP=yes TIMEOUT=20

11. Edit /etc/mgetty+sendfax/login.config

    # login.config timeout 20 /AutoPPP/ - ppp /usr/sbin/pppd auth -chap +pap login ppp - a_ppp /usr/sbin/pppd auth -chap +pap login * - - /bin/login @

    Make it -rw-r--r-- . Changing the 3rd entry in Autoppp from 'ppp' to '-' will cause the users' login names to appear in the logs instead of "ppp".

    The AutoPPP entry is for mgetty. Mgetty must be compiled with the -DAUTO_PPP option for this to work. If you have trouble, it is recommended to obtain a mgetty+sendfax and recompile and install it to make sure it is the correct one.

    The last entry is for normal logins using a communications program such as minicom.

    Note, when you are logged in remotely, 'ps -aux' doesn't show mgetty. However, 'tty' will show you are on ttyS0 if you logged in by minicom, otherwise it will show /dev/ttyp0 or whatever.

12. Edit /etc/ppp/options

    -detach <---- A '-' turns off the option> asyncmap 0 netmask 255.255.254.0 <---- Change to your netmask> proxyarp lock crtscts noauth <----change this to auth once it is working > usehostname modem disconnect /etc/ppp-off nodefaultroute <---- This might be necessary in some situations> debug

13. Edit /etc/ppp/options.ttyS0

    128.231.54.227:192.168.100.4 <---- Should be host IP : client IP modem crtscts silent proxyarp

    Naturally, your IP numbers and netmask will be different from the above.

    The client IP should be a non-routable IP number (e.g., one starting with 192.168). The host IP should be the same as the static IP number of the server (hopefully it has one.)

14. Check to make sure /etc/ppp/ip-up and /etc/ppp-ip-down are present. SuSE provides elaborate shell scripts for this. See man pppd for details.
15. Edit /etc/mgetty+sendfax/mgetty.config

    debug 4 speed 57600 <--- Must be a valid speed (28800 doesn't work)> login-time 30 <--- login timeout (in seconds)> answer-chat-timeout 30 <--- answer timeout (in seconds)> toggle-dtr yes

    The dtr is essential to make modem hang up if someone dials the modem number by mistake, or if (for example) a telemarketer calls your modem. Otherwise, if you are on a PBX and your timeouts are too long, the modem will automatically be connected to some recording telling it that you left the phone off the hook and that you should hang up. In most cases, this prevents the modem from disconnecting, and you will hear a continuous high pitched sound coming from the modem, followed by ringing, then the prerecorded message, possibly followed by the loud "HANG UP THE DAMN PHONE" beeping from the phone company.

    If timeout is too short, you will get

    LCP: timeout sending Config-Requests

    before the ppp connection can be established. The correct timeouts must be determined empirically for your situation.
    

16. Make a link in /usr/local/etc/ for mgetty+sendfax, unless you compiled mgetty yourself. Mgetty looks in /usr/local/etc/mgetty+sendfax/ for its configuration files by default unless another path is compiled in.

    ln -s /etc/mgetty+sendfax/ /usr/local/etc/mgetty+sendfax

1. Edit /etc/ppp-off

   kill -INT `cat /var/run/ppp0.pid`

2. Edit ~/ppp (Make it executable)

   cd /usr/sbin/pppd connect '/usr/sbin/chat -f ppp.script' /dev/modem 57600 -detach crtscts modem defaultroute idle 1800 >/dev/null & #slow one for debugging #/usr/sbin/pppd connect '/usr/sbin/chat -v -f ppp.script2' /dev/modem 19200 -detach crtscts modem defaultroute idle 1800 >/dev/null & cd -

   Substitute -V for -v to print the messages to the terminal instead of the console. (This is useful so that you don't have to keep checking to see if the line is up). The ppp scripts should all be on a single line, not split as shown here.
3. Edit ~/ppp.script
   PPP script for ISP (note the extra '' ppp, which sends "ppp" to the server after sending the password). This extra command may or may not be necessary, depending on your ISP.

   '' ATZ OK ATM0 OK ATDT301-555-1212 57600 '' Username: tjnel son Password: potatoe '' ppp

   PPP script for a Linux server running SuSE 6.0:

   '' ATZ OK ATM0 OK ATDT301-555-1212 'CONNECT 57600' '' 'me to SuSE Li nux 6.0 (i386) - Kernel' '\d' ogin: ppp Password: actinium \r

   (Don't bother trying these passwords on my system - they are not valid passwords.)

   The script should be on a single line (not split as shown here). Note the '\r' after the password, which sends a carriage return. This may or may not be necessary. It may be necessary to experiment a little with different ppp scripts. NOTE: There should only be a single line in the script. Any additional commands will interfere with the LCP and prevent a ppp link.

At this point, you should be able to dial up, establish a ppp connection, and communicate with the server. However, it would be nice to be able to reach other sites besides the server once in a while. To communicate with the rest of the Internet, you need to set up routing on the ppp server. The kernel compilation notes explain this concisely:

Note that your box can only act as a router if you enable IP forwarding in your kernel; you can do that by saying Y to "/proc filesystem support" and "Sysctl support" below and executing the line echo "1" > /proc/sys/net/ipv4/ip_forward If you turn on IP forwarding, you will also get the rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a server take a different path than packets from that server to you) or if you operate a non-routing server which has several IP addresses on different interfaces. To turn rp_filter off use: echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter or echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

Check /usr/src/linux/.config to make sure that sysctl and /proc support are compiled into the kernel.

Sysctl support (CONFIG_SYSCTL) [Y/n/?] y PPP (point-to-point) support (CONFIG_PPP) [Y/n/?] y /proc filesystem support (CONFIG_PROC_FS) [Y/n/?] y

If so, activate ip_forwarding as described above and it should magically start working. This command should be put in /sbin/init.d/network.

If you have a /etc/sysconfig/network file, add the line

FORWARD_IPV4=yes

5. Troubleshooting

1. If you get

   las1!login: ppp Password: Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/modem Serial line is looped back. Connection terminated.

   this usually means there was a problem authenticating. Make sure your password and username are correct and that there are no extraneous characters in your ppp script.
2. If you get

   las1!login: ppp Password: Last login: Wed Feb 16 17:59:14 on ttyS0. No mail. ~^?}#@!}!}!} }8}"} &} } } } }#}$@#}%}&"H6^Z}'}"}(}"gz~~^?}#@ !}!}!} }8}"}&} } } } }#}$@#}%}&"H6^Z}'}"}(}"gz~~^?}#@!}!}!} }8}"}&} } } } }#}$@#}%}&"H6^Z}'}"}(}"gz~ NO CARRIER

   This means something is wrong with your chat script on the calling side. The remote is sending ppp data, but locally it is just being printed instead of going to pppd. In this case, there is also a problem on the server, because it is executing the Unix login instead of ppplogin (you should not get the "Last login / No mail" message).
3. If you get

   Sep 30 11:53:22 dalek pppd[715]: Serial connection established. Sep 30 11:53:22 dalek pppd[715]: Using interface ppp0 Sep 30 11:53:22 dalek pppd[715]: Connect: ppp0 <--> /dev/modem Sep 30 11:53:53 dalek pppd[715]: LCP: timeout sending Config-Requests Sep 30 11:53:53 dalek pppd[715]: Connection terminated. Sep 30 11:53:53 dalek pppd[715]: Receive serial link is not 8-bit clean: Sep 30 11:53:53 dalek pppd[715]: Problem: all had bit 7 set to 0 Sep 30 11:53:54 dalek pppd[715]: Exit.

   This means pppd is not being started on remote end. Something is probably wrong with your ppp script. Some systems require

   '' ppp

   after the password. Another possibility is your password is incorrect or followed by extraneous characters. This causes "Bad password" messages on the server system (which of course you do not see) and this message on the caller side.
4. If you get

   mgetty respawning too fast: Disabled for 5 minutes

   on the server, check the logs (e.g., var/log/mgetty.ttyS0) to find out what is misconfigured.
5. If you get

   las1!login: ppp Password:Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/modem LCP terminated by peer (peer refused to authenticate) Modem hangup Connection terminated.

   this most likely means there are too many "pap"s, "chap"s or "auth"s in one of the scripts on the server.
6. If you can ping the server, but not any other host, your routing/ IP forwarding is not configured properly (see above).
7. After a successful connection, you should get the following:
   In syslog:

   Sep 30 11:56:55 dalek pppd[721]: pppd 2.3.10 started by tjnelson, uid 1000 Sep 30 11:57:20 dalek pppd[721]: Serial connection established. Sep 30 11:57:20 dalek pppd[721]: Using interface ppp0 Sep 30 11:57:20 dalek pppd[721]: Connect: ppp0 <--> /dev/modem Sep 30 11:57:25 dalek pppd[721]: local IP address 192.168.100.4 Sep 30 11:57:25 dalek pppd[721]: remote IP address 128.231.54.227

   
   'ifconfig' should say

   ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.100.4 P-t-P:128.231.54.227 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10

   
   route -n on the client should say

   Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.4 0.0.0.0 255.255.255.255 UH 1 0 0 dummy 128.231.54.227 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 128.231.54.227 0.0.0.0 UG 0 0 0 ppp0

   
   Note that 128.231.54.227 should be the IP number of your Linux ppp server. the 0.0.0.0 in the first column denotes a default route (on some systems, the word "default" is printed).

   route -n on the server should say

   Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.4 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 128.231.54.227 0.0.0.0 255.255.255.255 UH 0 0 0 dummy 128.231.54.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 128.231.54.0 0.0.0.0 255.255.254.0 U 0 0 0 dummy 128.231.54.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 128.111.222.33 0.0.0.0 UG 0 0 0 eth0

   where 128.111.222.33 is the router on the network somewhere, upstream of your server. Naturally, your IP numbers will be different from the above. The duplicate entry for eth0 should not be there, but in this case it didn't seem to cause any harm.

8. Once it is working, test the security by trying a bad password in ppp.script.

   '' ATZ OK ATM0 OK ATDT301-555-1212 'CONNECT 57600' '' 'me to SuSE Lin ux 6.0 (i386) - Kernel' '\d' ogin: ppp Password: nixon \r

   It should say:

   CONNECT 57600 Welcome to SuSE Linux 6.0 (i386) - Kernel (l). las1!login: ppp Password: Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/modem Serial line is looped back. Connection terminated.

   However, it would be nice to have it send a more informative message. This can be done by changing the authentication files.
9. If you get

   Sep 30 20:22:27 dalek pppd[1655]: Terminating connection due to lack of activity. Sep 30 20:22:27 dalek pppd[1655]: Connection terminated.

   Change

   idle 600

   in /etc/ppp/options on the client to a higher value.
10. If it hangs on the login prompt:

    las1!login: Welcome to SuSE Linux 6.0 (i386) - Kernel (l). las1!login: ppp Connect script failed

    this may mean there are permission problems reading /etc/mgetty+sendfax/login.config or some other configuration file.

Two good references for setting up ppp and ppp servers are Linux Network Administrator's Guide, 2nd ed. by Olaf Kirch and Terry Dawson, O'Reilly Press 2000, and Integrate Linux Solutions Into Your Windows Network by Dustin Puryear. However, both books omitted the crucial detail about IP forwarding mentioned above.

Back