Blame Documentation/Manuals/Tcpi-ug/Connectivity/Ppp/server.docbook

73737d
<sect1 id="connectivity-ppp-server">
1c6890
1c6890
    <title>The Server Computer</title>
1c6890
1c6890
    <para>
1c6890
        When you are configuring the server computer, you need to
1c6890
        install and configure both <application>mgetty</application>
1c6890
        and <application>pppd</application> programs.  The
1c6890
        <application>mgetty</application> program lets you attend
1c6890
        incoming calls and must be configured to run through
1c6890
        <systemitem class="daemon">init</systemitem> daemon in order
1c6890
        to take control over the Modem device. By default, inside
1c6890
        &TC;; (release 5.5), <application>mgetty</application> isn't
1c6890
        configured to start with 
1c6890
        class="daemon">init</systemitem> daemon so you need to do it
1c6890
        yourself (see 
73737d
        linkend="connectivity-ppp-server-mgetty-inittab" />).
1c6890
        Later, for attending connection requests, you need to
1c6890
        configure <application>mgetty</application> to use the
1c6890
        <application>pppd</application> program, so the Point-to-Point
9846e2
        Protocol (PPP) can be talked and IP packages can be exchange
9846e2
        between the client computer and the server computer. Later,
9846e2
        you need to configure <application>pppd</application> to
9846e2
        adjust it to your needs (see 
73737d
        linkend="connectivity-ppp-server-pppd-options" />). Once
9846e2
        you've configured both <application>mgetty</application> and
1c6890
        <application>pppd</application> programs, the server computer
1c6890
        should be ready to attend incoming calls.
1c6890
    </para>
1c6890
73737d
    <sect2 id="connectivity-ppp-server-mgetty">
1c6890
    <title><package>mgetty</package></title>
1c6890
    <para>
1c6890
        Taken from <command>mgetty</command> man page: — Mgetty
1c6890
        is a <quote>smart</quote> getty replacement, designed to be
1c6890
        used with hayes compatible data and data/fax modems. Mgetty
1c6890
        knows about modem initialization, manual modem answering (so
1c6890
        your modem doesn’t answer if the machine isn’t ready), UUCP
1c6890
        locking (so you can use the same device for dial-in and
1c6890
        dial-out).  Mgetty provides very extensive logging facilities
1c6890
        —.
1c6890
    </para>
1c6890
    <para>
1c6890
        Before using the configuration provided here, it would be
2746a1
        useful for you to read the documentation provided in the
1c6890
        <package>mgetty</package> and <package>SysVinit</package>
1c6890
        packages.  This will let you to understand what you are
1c6890
        configuring.
1c6890
    </para>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-mgetty-inittab">
1c6890
    <title><filename>/etc/inittab</filename></title>
1c6890
<screen>
1c6890
# Run mgetty to control a Multi-Tech (MT5634ZBA-USB) modem attached to
1c6890
# `/dev/ttyAMC0' device. Incoming calls will be attended without fax
1c6890
# initalization.
1c6890
ACM0:2345:respawn:/sbin/mgetty -D ttyACM0
1c6890
</screen>
1c6890
    </sect3>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-mgetty-login">
1c6890
    <title><filename>/etc/mgetty+sendfax/login.config</filename></title>
1c6890
<screen>
1c6890
# Automatic PPP startup on receipt of LCP configure request (AutoPPP).
1c6890
# mgetty has to be compiled with "-DAUTO_PPP" for this to work.
1c6890
# Warning: Case is significant, AUTOPPP or autoppp won't work!
1c6890
# Consult the "pppd" man page to find pppd options that work for you.
1c6890
#
1c6890
#  NOTE: for *some* users, the "-detach" option has been necessary,
1c6890
#  for others, not at all. If your pppd doesn't die after hangup, try
1c6890
#  it.
1c6890
#
1c6890
#  NOTE2: "debug" creates lots of debugging info.  LOOK AT IT if
1c6890
#  things do not work out of the box, most likely it's a ppp problem!
1c6890
#
1c6890
#  NOTE3: "man pppd" is your friend!
1c6890
#
1c6890
#  NOTE4: max. 9 arguments allowed.
1c6890
#
1c6890
#/AutoPPP/ -    a_ppp   /usr/sbin/pppd auth -chap +pap login debug
cc1234
/AutoPPP/ -     a_ppp   /usr/sbin/pppd 192.168.1.1:192.168.1.2
1c6890
</screen>
1c6890
1c6890
    <para>
9846e2
        In this configuration, we set both local and remote IP
9846e2
        addresses to fix the IP information used by computers once the
9846e2
        PPP connection has been established.  All other options are
9846e2
        taken from the <filename>options</filename> file (see 
73737d
        linkend="connectivity-ppp-server-pppd-options" />). If we
1c6890
        don't specify both local and remote IP addresses when pppd is
1c6890
        initialized, pppd will try to take such information from the
1c6890
        first Modem device you configured (e.g., ppp0) and will expect
1c6890
        the remote peer to provide its IP address. This situation can
1c6890
        introduce some contraditions (e.g., the local and remote
1c6890
        address may be on a different network.) that would make the
1c6890
        connection to fail.
1c6890
    </para>
1c6890
1c6890
    <para>
1c6890
        Another issue we might face out would be the netmask
1c6890
        specification of the poin-to-point network established between
1c6890
        the two computers. Inside the pppd-2.4.4 man page there is no
1c6890
        reference to the <option>netmask</option> option, however,
1c6890
        there is a mention to it on the sample files installed with it
1c6890
        which is quiet confussing. It seems to be required that one of
1c6890
        the two computers establishing connection defines the netmask
1c6890
        information of the network they are creating. So, to do it on
1c6890
        the server computer (the one receiving calls), it is needed to
1c6890
        set the netmask definition in the Modem device configuration
73737d
        file of it (
1c6890
        />) along with the local IP address. Otherwise, even local and
1c6890
        remote IP addresses be specified through the pppd, the
1c6890
        connection will end up having the 255.255.255.255 netmask
1c6890
        which would let you ping the computer on the other end but
1c6890
        that will not last too long before it fails and iptables seems
1c6890
        to get very confused about it.
1c6890
    </para>
1c6890
1c6890
    <para>
1c6890
        Since we are already using 
1c6890
        class="daemon">pppd</systemitem> to attend login requests,
1c6890
        there is no need to invoke the
1c6890
        <application>login</application> program. So, comment the
1c6890
        related line as described below.
1c6890
    </para>
1c6890
1c6890
<screen>
1c6890
#*      -       -       /bin/login @
1c6890
</screen>
1c6890
1c6890
    </sect3>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-mgetty-dialin">
1c6890
    <title><filename>/etc/mgetty+sendfax/dialin.config</filename></title>
1c6890
    <para>
1c6890
        I didn't touch this file, but you might need to.
1c6890
    </para>
1c6890
    </sect3>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-mgetty-config">
1c6890
    <title><filename>/etc/mgetty+sendfax/mgetty.config</filename></title>
1c6890
    <para>
1c6890
        I didn't touch this file, but you might need to.
1c6890
    </para>
1c6890
    </sect3>
1c6890
1c6890
    </sect2>
1c6890
73737d
    <sect2 id="connectivity-ppp-server-pppd">
1c6890
    <title><package>pppd</package></title>
1c6890
    <para>
1c6890
        Taken from pppd man page: — PPP is the protocol used for
1c6890
        establishing internet links over dial-up modems, DSL
1c6890
        connections, and many other types of point-to-point links.
1c6890
        The pppd daemon works together with the kernel PPP driver to
1c6890
        establish and maintain a PPP link with another system (called
1c6890
        the peer) and to negotiate Internet Protocol (IP) addresses
1c6890
        for each end of the link. Pppd can also authenticate the peer
1c6890
        and/or supply authentication information to the peer.  PPP can
1c6890
        be used with other network protocols besides IP, but such use
1c6890
        is becoming increasingly rare —.
1c6890
    </para>
1c6890
1c6890
    <para>
1c6890
        Before using the configuration provided here, it would be
2746a1
        useful for you to read the documentation provided in the
1c6890
        <package>ppp</package> package.  This will let you to
1c6890
        understand what you are configuring.
1c6890
    </para>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-pppd-options">
1c6890
    <title><filename>/etc/pppd/options</filename></title>
1c6890
<screen>
1c6890
# Enables connection debugging facilities.  If this option is given,
1c6890
# pppd will log the contents of all control packets sent or received
1c6890
# in a readable form.  The packets are logged through syslog with
1c6890
# facility daemon and level debug.  This information can be directed
1c6890
# to a file by setting up /etc/syslog.conf appropriately (see
1c6890
# syslog.conf(5)).
1c6890
debug
1c6890
1c6890
# Require the peer to authenticate itself before allowing network
1c6890
# packets to be sent or received. This option is the default if the
1c6890
# system has a default route.  If neither this option nor the noauth
1c6890
# option is specified, pppd will only allow the peer to use IP
1c6890
# addresses to which the system does not already have a route.
1c6890
auth
1c6890
1c6890
# Specifies that pppd should create a UUCP-style lock file for the
1c6890
# serial device to ensure exclusive access to the device.  By default,
1c6890
# pppd will not create a lock file.
1c6890
lock
1c6890
1c6890
# Specify which DNS Servers the incoming Win95 or WinNT Connection
9846e2
# should use Two Servers can be remotely configured.
cc1234
ms-dns 192.168.1.1
1c6890
1c6890
# If this option is given, pppd will send an LCP echo-request frame to
1c6890
# the peer every n seconds. Under Linux, the echo-request is sent when
1c6890
# no packets have been received from the peer for n seconds. Normally
1c6890
# the peer should respond to the echo-request by sending an
1c6890
# echo-reply.  This option can be used with the lcp-echo-failure
1c6890
# option to detect that the peer is no longer connected.
1c6890
lcp-echo-interval 30
1c6890
1c6890
# If this option is given, pppd will presume the peer to be dead if n
1c6890
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
1c6890
# If this happens, pppd will terminate the connection.  Use of this
1c6890
# option requires a non-zero value for the lcp-echo-interval
1c6890
# parameter.  This option can be used to enable pppd to terminate
1c6890
# after the physical connection has been broken (e.g., the modem has
1c6890
# hung up) in situations where no hardware modem control lines are
1c6890
# available.
1c6890
lcp-echo-failure 4
1c6890
1c6890
# Specifies that pppd should disconnect if the link is idle for n
1c6890
# seconds.
1c6890
idle 60
1c6890
1c6890
# Specifies that pppd should disconnect if the link have been active
1c6890
# for n seconds.
1c6890
maxconnect 900
1c6890
1c6890
# Disable the IPXCP and IPX protocols.
1c6890
noipx
1c6890
</screen>
1c6890
    </sect3>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-pppd-cha">
1c6890
    <title><filename>/etc/pppd/cha-secrets</filename></title>
1c6890
<screen>
1c6890
# Secrets for authentication using CHAP
1c6890
# client        server  secret                  IP addresses
1c6890
1c6890
# Specify the client configuration. This is when this manchine calls
1c6890
# someone's else machine and tries to establish a point-to-point
1c6890
# connection. Most of this configuration is handled by the
1c6890
# `system-config-network' utility.
1c6890
#
1c6890
####### redhat-config-network will overwrite this part!!! (begin) ##########
1c6890
####### redhat-config-network will overwrite this part!!! (end) ############
1c6890
1c6890
# Specify the server configuration. This is when someone's else
1c6890
# machine calls this machine trying to establish a point-to-point
1c6890
# connection.  This part of the configuration isn't handled by
1c6890
# `system-config-network' utility. By default, there is one line to
1c6890
# verify client's identity with authenticating it and one line to let
1c6890
# the server computer to authenticate itself with the client computer
1c6890
# in case the client computer requires so. All client computers will
1c6890
# be authenticated through the `faith' user.  However, it is possible
1c6890
# to provide anonymous authentication to client computers by using an
1c6890
# empty client identity (as explained in pppd's man page) in order to
1c6890
# restrict the IP address they can use.
1c6890
#
cc1234
"faith"         "projects"      "mail4u.2k10"   "192.168.1.2"
cc1234
#""             "projects"      ""              "192.168.1.2"
1c6890
"projects"      *               "mail4u.2k10"
1c6890
</screen>
1c6890
1c6890
    <para>
1c6890
        Assuming the hostname of the server computer is
1c6890
        <quote>projects</quote>, when a client computer uses the faith
1c6890
        username to login on it, the 
cc1234
        class="ipaddress">192.168.1.2</systemitem> IP address will be
1c6890
        assigned to that client computer after a successful
1c6890
        authentication.  This configuration is just for one Modem
1c6890
        device attached to the server computer.  In case you have more
1c6890
        than one Modem device attached to the server computer, it
1c6890
        would be necessary to add one username for each Modem device
1c6890
        you have, in order to permit the client computers to connect
1c6890
        simultaneously. It is not possible to have two or more
1c6890
        computers with the same IP address in the same network.
1c6890
    </para>
1c6890
1c6890
    </sect3>
1c6890
73737d
    <sect3 id="connectivity-ppp-server-pppd-pap">
1c6890
    <title><filename>/etc/pppd/pap-secrets</filename></title>
1c6890
    <para>
1c6890
        This file contains the same information of
9846e2
        <filename>cha-secrets</filename> file does. See 
73737d
        linkend="connectivity-ppp-server-pppd-cha" />. 
1c6890
    </para>
1c6890
    </sect3>
1c6890
1c6890
    </sect2>
1c6890
1c6890
</sect1>