This page is to document the journey encountered recently in setting up a pppd server (not a client) using Linux ( RedHat to be specific). Again this information was gathered for documentation purposes only. This document is NOT a HOWTO. This document is NOT a "standard" for pppd server setups. However reading this documentation may in fact help others utilize Linux for yet another networking solution.
At this point I want to look at a couple of things that I encountered while setting up the Linux as a pppd server.
1.) It appears that most want AutoPPP to be used with mgetty to automate the ppp startup process. I however preferred the method offered by Dan Hollis, for the simple reason of the user owning the ttySx process or ttyBx in his examples. He provides scripts that will allow for dynamic ip allocation and several other features that I like. I will list some exerts from his HOWTO doc and put in some comments by using ***** for my thoughts *******, but I will first list the copyright he has requested:
***************************************************************2.) After selecting the above method I found a treasure in section 4 in http://hfserv.cs.uit.no/lg/issue38/gentry.html0 on ensuring all users can use the pppd by using the command and the /etc/inittab setting to make:
* Copyright form http://www.anime.net/linuxisp/Linux-ISP-HOWTO.html
***************************************************************
1.1. CopyrightThe Linux Public Access HOWTO is copyright (C) 1994 by Dan Hollis. Linux
HOWTO documents may be reproduced and distributed in whole or in part,
in any medium physical or electronic, as long as this copyright notice
is retained on all copies. Commercial redistribution is allowed and
encouraged; however, the author would like to be notified of any such
distributions.All translations, derivative works, or aggregate works incorporating
any Linux HOWTO documents must be covered under this copyright notice.
That is, you may not produce a derivative work from a HOWTO and impose
additional restrictions on its distribution. Exceptions to these rules
may be granted under certain conditions; please contact the Linux
HOWTO coordinator at the address given below.In short, we wish to promote dissemination of this information through
as many channels as possible. However, we do wish to retain copyright
on the HOWTO documents, and would like to be notified of any plans to
redistribute the HOWTOs.If you have questions, please contact Matt Welsh, the Linux HOWTO
coordinator, at mdw@sunsite.unc.edu. You may finger this address for phone
number and additional contact information.***************************
**** Exert from section 6.
***************************6. Setting up a PPP server
By far, the easiest way to set up a PPP is to call pppd using the
'proxyarp' option. The NET-2 HOWTO docs say this is a bad idea, why? This
is currently the only way for this to work.*************************************************
* Yes I liked the below idea for pppUser homes and shell script!
*************************************************
* I think it is worth mentioning at this time that since the
* pppUsers home is /tmp that pppd expects to see a ~/.ppprc
* file. So I created one that was read only by all.
*************************************************Here's example scripts for zero care and feeding for a dynamically
assigned PPP server:/etc/passwd:
------------
user:password:uid:gid:Real Name:/home/user:/bin/zsh
Puser:password:uid:gid:Real Name (PPP):/tmp:/etc/ppp/dynamic_ppp
*******************************************************
* I found in no documentation the fact that if you set the /tmp as the
* users home folder that you also needed to create a .ppprc
* for the user. I discovered this because until I did the following
* command I could not connect.
*******************************************************touch /tmp/.ppprc
*************************************************************
* This .ppprc file can be empty and only needs to allow users read access.
*************************************************************/etc/ppp/options:
-----------------
-detach modem crtscts proxyarp**********************************************
* My information differed a bit here on my /etc/ppp/options
* Begin my /etc/ppp/options
**********************************************
-detach
asyncmap 0
modem
crtscts
lock
proxyarp
ms-dns aa.bb.cc.dd
**********************************************
* End my /etc/ppp/options
********************************************************************************************
* You need to run routed and arpwatch may help with problems.
* Also make sure your have /proc/sys/net/ipv4/conf/all/forwarding
* set to 1. If not try something like:
* echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
* You may want to just drop this in your rc.local to ensure it
* happens at boot.
********************************************************************************************
* Since we setup our pppUsers the way we did in the
* /etc/passwd this really works nice here since it is the
* pppUsers shell setting:)! The /etc/ppp/pap-secrets can
* be used for further password settings. One default line
* similar to:
* * * "" *
* should pass all the athentication to the /etc/passwd with
* the login option specified in the /etc/options file.
*********************************************/etc/ppp/dynamic_ppp:
-----------------
#
# Dynamic PPP allocation script
# Assigns PPP based on tty
#
choice=`tty | cut -b6-10`
case $choice in
ttyB0) exec /usr/lib/ppp/pppd :xxx.xxx.xxx.200;;
ttyB1) exec /usr/lib/ppp/pppd :xxx.xxx.xxx.201;;
ttyB2) exec /usr/lib/ppp/pppd :xxx.xxx.xxx.202;;
esac***************************
**** Exert from section 11.
************************************************************************
* I like the multiple user catch.
*********************************************11. How do I prevent users from logging onto multiple serial ports at
the same time?I had problems with people logging in on multiple lines and hogging the
dial-ins. Here's what I stuck into my /etc/profile. It prevents multiple
logins on /dev/ttyB* lines but allows any other kind of logins through
(e.g. telnet, etc.)#
# Don't allow multiple logins on dial-in user lines.
# Log multiple login attempts.
#
logtty="`tty | grep ttyB | cut -b6-10`"
logptty="`tty | grep ttyp | cut -b6-9`"
logwho="`whoami | cut -b1-8`"
logmore="`who | grep ttyB | grep -w $logwho | cut -b10-14`"
if [ "$logtty" != "$logmore" ]; then
if [ "$logptty" != "ttyp" ]; then
cat /etc/not_allowed
date >> /var/adm/multiple_login
echo "Multiple login attempt: [$logwho] on [$logtty]" >> /var/adm/multiple_login
echo "Currently on these lines:" >> /var/adm/multiple_login
echo "$logmore" >> /var/adm/multiple_login
echo "-------------------------" >> /var/adm/multiple_login
exit
fi
fi
*****************************3.) After all was setup and running our beta testers complained about having the terminal come up and requiring the user to logon. To correct this we used the following script to eliminate the problem:
* The etc/inittab setting.
* Remember to add one for each modem
* Here are the com relations on my
* setup:
* ttyS0 -- com1
* ttyS1 -- com2
* ttyS2 -- com3
* ttyS3 -- com4
*****************************
S2:2345:respawn:/sbin/mgetty ttyS2 -D /dev/ttyS2
***************************
* This will allow users to run pppd
***************************
chmod u+s /usr/sbin/pppd
; Beta 1.1 Implemented 10-8-99At this point I think I have documented enough information for persons wanting to setup a pppd server to get a good start.proc main
; This waits for the login prompt the L has been since
; this script sniffs for case I believe.
; $USERID is collected form the DUN dialog box.
; ^M sends a carriage returnwaitfor "ogin:"
transmit $USERID
transmit "^M"; Here is where we send the password.
; Again this is the password from DUNwaitfor "assword:"
transmit $PASSWORD
transmit "^M"; End the script!
endproc