|
 |
73737d |
<sect1 id="connectivity-ppp-server">
|
|
|
1c6890 |
|
|
|
1c6890 |
<title>The Server Computer</title>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
When you are configuring the server computer, you need to
|
|
|
1c6890 |
install and configure both <application>mgetty</application>
|
|
|
1c6890 |
and <application>pppd</application> programs. The
|
|
|
1c6890 |
<application>mgetty</application> program lets you attend
|
|
|
1c6890 |
incoming calls and must be configured to run through
|
|
|
1c6890 |
<systemitem class="daemon">init</systemitem> daemon in order
|
|
|
1c6890 |
to take control over the Modem device. By default, inside
|
|
|
1c6890 |
&TC;; (release 5.5), <application>mgetty</application> isn't
|
|
|
1c6890 |
configured to start with
|
|
|
1c6890 |
class="daemon">init</systemitem> daemon so you need to do it
|
|
|
1c6890 |
yourself (see
|
|
|
73737d |
linkend="connectivity-ppp-server-mgetty-inittab" />).
|
|
|
1c6890 |
Later, for attending connection requests, you need to
|
|
|
1c6890 |
configure <application>mgetty</application> to use the
|
|
|
1c6890 |
<application>pppd</application> program, so the Point-to-Point
|
|
|
9846e2 |
Protocol (PPP) can be talked and IP packages can be exchange
|
|
|
9846e2 |
between the client computer and the server computer. Later,
|
|
|
9846e2 |
you need to configure <application>pppd</application> to
|
|
|
9846e2 |
adjust it to your needs (see
|
|
|
73737d |
linkend="connectivity-ppp-server-pppd-options" />). Once
|
|
|
9846e2 |
you've configured both <application>mgetty</application> and
|
|
|
1c6890 |
<application>pppd</application> programs, the server computer
|
|
|
1c6890 |
should be ready to attend incoming calls.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
73737d |
<sect2 id="connectivity-ppp-server-mgetty">
|
|
|
1c6890 |
<title><package>mgetty</package></title>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Taken from <command>mgetty</command> man page: — Mgetty
|
|
|
1c6890 |
is a <quote>smart</quote> getty replacement, designed to be
|
|
|
1c6890 |
used with hayes compatible data and data/fax modems. Mgetty
|
|
|
1c6890 |
knows about modem initialization, manual modem answering (so
|
|
|
1c6890 |
your modem doesn’t answer if the machine isn’t ready), UUCP
|
|
|
1c6890 |
locking (so you can use the same device for dial-in and
|
|
|
1c6890 |
dial-out). Mgetty provides very extensive logging facilities
|
|
|
1c6890 |
—.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Before using the configuration provided here, it would be
|
|
|
2746a1 |
useful for you to read the documentation provided in the
|
|
|
1c6890 |
<package>mgetty</package> and <package>SysVinit</package>
|
|
|
1c6890 |
packages. This will let you to understand what you are
|
|
|
1c6890 |
configuring.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-mgetty-inittab">
|
|
|
1c6890 |
<title><filename>/etc/inittab</filename></title>
|
|
|
1c6890 |
<screen>
|
|
|
1c6890 |
# Run mgetty to control a Multi-Tech (MT5634ZBA-USB) modem attached to
|
|
|
1c6890 |
# `/dev/ttyAMC0' device. Incoming calls will be attended without fax
|
|
|
1c6890 |
# initalization.
|
|
|
1c6890 |
ACM0:2345:respawn:/sbin/mgetty -D ttyACM0
|
|
|
1c6890 |
</screen>
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-mgetty-login">
|
|
|
1c6890 |
<title><filename>/etc/mgetty+sendfax/login.config</filename></title>
|
|
|
1c6890 |
<screen>
|
|
|
1c6890 |
# Automatic PPP startup on receipt of LCP configure request (AutoPPP).
|
|
|
1c6890 |
# mgetty has to be compiled with "-DAUTO_PPP" for this to work.
|
|
|
1c6890 |
# Warning: Case is significant, AUTOPPP or autoppp won't work!
|
|
|
1c6890 |
# Consult the "pppd" man page to find pppd options that work for you.
|
|
|
1c6890 |
#
|
|
|
1c6890 |
# NOTE: for *some* users, the "-detach" option has been necessary,
|
|
|
1c6890 |
# for others, not at all. If your pppd doesn't die after hangup, try
|
|
|
1c6890 |
# it.
|
|
|
1c6890 |
#
|
|
|
1c6890 |
# NOTE2: "debug" creates lots of debugging info. LOOK AT IT if
|
|
|
1c6890 |
# things do not work out of the box, most likely it's a ppp problem!
|
|
|
1c6890 |
#
|
|
|
1c6890 |
# NOTE3: "man pppd" is your friend!
|
|
|
1c6890 |
#
|
|
|
1c6890 |
# NOTE4: max. 9 arguments allowed.
|
|
|
1c6890 |
#
|
|
|
1c6890 |
#/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug
|
|
|
cc1234 |
/AutoPPP/ - a_ppp /usr/sbin/pppd 192.168.1.1:192.168.1.2
|
|
|
1c6890 |
</screen>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
9846e2 |
In this configuration, we set both local and remote IP
|
|
|
9846e2 |
addresses to fix the IP information used by computers once the
|
|
|
9846e2 |
PPP connection has been established. All other options are
|
|
|
9846e2 |
taken from the <filename>options</filename> file (see
|
|
|
73737d |
linkend="connectivity-ppp-server-pppd-options" />). If we
|
|
|
1c6890 |
don't specify both local and remote IP addresses when pppd is
|
|
|
1c6890 |
initialized, pppd will try to take such information from the
|
|
|
1c6890 |
first Modem device you configured (e.g., ppp0) and will expect
|
|
|
1c6890 |
the remote peer to provide its IP address. This situation can
|
|
|
1c6890 |
introduce some contraditions (e.g., the local and remote
|
|
|
1c6890 |
address may be on a different network.) that would make the
|
|
|
1c6890 |
connection to fail.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Another issue we might face out would be the netmask
|
|
|
1c6890 |
specification of the poin-to-point network established between
|
|
|
1c6890 |
the two computers. Inside the pppd-2.4.4 man page there is no
|
|
|
1c6890 |
reference to the <option>netmask</option> option, however,
|
|
|
1c6890 |
there is a mention to it on the sample files installed with it
|
|
|
1c6890 |
which is quiet confussing. It seems to be required that one of
|
|
|
1c6890 |
the two computers establishing connection defines the netmask
|
|
|
1c6890 |
information of the network they are creating. So, to do it on
|
|
|
1c6890 |
the server computer (the one receiving calls), it is needed to
|
|
|
1c6890 |
set the netmask definition in the Modem device configuration
|
|
|
73737d |
file of it (
|
|
|
1c6890 |
/>) along with the local IP address. Otherwise, even local and
|
|
|
1c6890 |
remote IP addresses be specified through the pppd, the
|
|
|
1c6890 |
connection will end up having the 255.255.255.255 netmask
|
|
|
1c6890 |
which would let you ping the computer on the other end but
|
|
|
1c6890 |
that will not last too long before it fails and iptables seems
|
|
|
1c6890 |
to get very confused about it.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Since we are already using
|
|
|
1c6890 |
class="daemon">pppd</systemitem> to attend login requests,
|
|
|
1c6890 |
there is no need to invoke the
|
|
|
1c6890 |
<application>login</application> program. So, comment the
|
|
|
1c6890 |
related line as described below.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
1c6890 |
<screen>
|
|
|
1c6890 |
#* - - /bin/login @
|
|
|
1c6890 |
</screen>
|
|
|
1c6890 |
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-mgetty-dialin">
|
|
|
1c6890 |
<title><filename>/etc/mgetty+sendfax/dialin.config</filename></title>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
I didn't touch this file, but you might need to.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-mgetty-config">
|
|
|
1c6890 |
<title><filename>/etc/mgetty+sendfax/mgetty.config</filename></title>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
I didn't touch this file, but you might need to.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
1c6890 |
</sect2>
|
|
|
1c6890 |
|
|
|
73737d |
<sect2 id="connectivity-ppp-server-pppd">
|
|
|
1c6890 |
<title><package>pppd</package></title>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Taken from pppd man page: — PPP is the protocol used for
|
|
|
1c6890 |
establishing internet links over dial-up modems, DSL
|
|
|
1c6890 |
connections, and many other types of point-to-point links.
|
|
|
1c6890 |
The pppd daemon works together with the kernel PPP driver to
|
|
|
1c6890 |
establish and maintain a PPP link with another system (called
|
|
|
1c6890 |
the peer) and to negotiate Internet Protocol (IP) addresses
|
|
|
1c6890 |
for each end of the link. Pppd can also authenticate the peer
|
|
|
1c6890 |
and/or supply authentication information to the peer. PPP can
|
|
|
1c6890 |
be used with other network protocols besides IP, but such use
|
|
|
1c6890 |
is becoming increasingly rare —.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Before using the configuration provided here, it would be
|
|
|
2746a1 |
useful for you to read the documentation provided in the
|
|
|
1c6890 |
<package>ppp</package> package. This will let you to
|
|
|
1c6890 |
understand what you are configuring.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-pppd-options">
|
|
|
1c6890 |
<title><filename>/etc/pppd/options</filename></title>
|
|
|
1c6890 |
<screen>
|
|
|
1c6890 |
# Enables connection debugging facilities. If this option is given,
|
|
|
1c6890 |
# pppd will log the contents of all control packets sent or received
|
|
|
1c6890 |
# in a readable form. The packets are logged through syslog with
|
|
|
1c6890 |
# facility daemon and level debug. This information can be directed
|
|
|
1c6890 |
# to a file by setting up /etc/syslog.conf appropriately (see
|
|
|
1c6890 |
# syslog.conf(5)).
|
|
|
1c6890 |
debug
|
|
|
1c6890 |
|
|
|
1c6890 |
# Require the peer to authenticate itself before allowing network
|
|
|
1c6890 |
# packets to be sent or received. This option is the default if the
|
|
|
1c6890 |
# system has a default route. If neither this option nor the noauth
|
|
|
1c6890 |
# option is specified, pppd will only allow the peer to use IP
|
|
|
1c6890 |
# addresses to which the system does not already have a route.
|
|
|
1c6890 |
auth
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specifies that pppd should create a UUCP-style lock file for the
|
|
|
1c6890 |
# serial device to ensure exclusive access to the device. By default,
|
|
|
1c6890 |
# pppd will not create a lock file.
|
|
|
1c6890 |
lock
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specify which DNS Servers the incoming Win95 or WinNT Connection
|
|
|
9846e2 |
# should use Two Servers can be remotely configured.
|
|
|
cc1234 |
ms-dns 192.168.1.1
|
|
|
1c6890 |
|
|
|
1c6890 |
# If this option is given, pppd will send an LCP echo-request frame to
|
|
|
1c6890 |
# the peer every n seconds. Under Linux, the echo-request is sent when
|
|
|
1c6890 |
# no packets have been received from the peer for n seconds. Normally
|
|
|
1c6890 |
# the peer should respond to the echo-request by sending an
|
|
|
1c6890 |
# echo-reply. This option can be used with the lcp-echo-failure
|
|
|
1c6890 |
# option to detect that the peer is no longer connected.
|
|
|
1c6890 |
lcp-echo-interval 30
|
|
|
1c6890 |
|
|
|
1c6890 |
# If this option is given, pppd will presume the peer to be dead if n
|
|
|
1c6890 |
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
|
|
|
1c6890 |
# If this happens, pppd will terminate the connection. Use of this
|
|
|
1c6890 |
# option requires a non-zero value for the lcp-echo-interval
|
|
|
1c6890 |
# parameter. This option can be used to enable pppd to terminate
|
|
|
1c6890 |
# after the physical connection has been broken (e.g., the modem has
|
|
|
1c6890 |
# hung up) in situations where no hardware modem control lines are
|
|
|
1c6890 |
# available.
|
|
|
1c6890 |
lcp-echo-failure 4
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specifies that pppd should disconnect if the link is idle for n
|
|
|
1c6890 |
# seconds.
|
|
|
1c6890 |
idle 60
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specifies that pppd should disconnect if the link have been active
|
|
|
1c6890 |
# for n seconds.
|
|
|
1c6890 |
maxconnect 900
|
|
|
1c6890 |
|
|
|
1c6890 |
# Disable the IPXCP and IPX protocols.
|
|
|
1c6890 |
noipx
|
|
|
1c6890 |
</screen>
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-pppd-cha">
|
|
|
1c6890 |
<title><filename>/etc/pppd/cha-secrets</filename></title>
|
|
|
1c6890 |
<screen>
|
|
|
1c6890 |
# Secrets for authentication using CHAP
|
|
|
1c6890 |
# client server secret IP addresses
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specify the client configuration. This is when this manchine calls
|
|
|
1c6890 |
# someone's else machine and tries to establish a point-to-point
|
|
|
1c6890 |
# connection. Most of this configuration is handled by the
|
|
|
1c6890 |
# `system-config-network' utility.
|
|
|
1c6890 |
#
|
|
|
1c6890 |
####### redhat-config-network will overwrite this part!!! (begin) ##########
|
|
|
1c6890 |
####### redhat-config-network will overwrite this part!!! (end) ############
|
|
|
1c6890 |
|
|
|
1c6890 |
# Specify the server configuration. This is when someone's else
|
|
|
1c6890 |
# machine calls this machine trying to establish a point-to-point
|
|
|
1c6890 |
# connection. This part of the configuration isn't handled by
|
|
|
1c6890 |
# `system-config-network' utility. By default, there is one line to
|
|
|
1c6890 |
# verify client's identity with authenticating it and one line to let
|
|
|
1c6890 |
# the server computer to authenticate itself with the client computer
|
|
|
1c6890 |
# in case the client computer requires so. All client computers will
|
|
|
1c6890 |
# be authenticated through the `faith' user. However, it is possible
|
|
|
1c6890 |
# to provide anonymous authentication to client computers by using an
|
|
|
1c6890 |
# empty client identity (as explained in pppd's man page) in order to
|
|
|
1c6890 |
# restrict the IP address they can use.
|
|
|
1c6890 |
#
|
|
|
cc1234 |
"faith" "projects" "mail4u.2k10" "192.168.1.2"
|
|
|
cc1234 |
#"" "projects" "" "192.168.1.2"
|
|
|
1c6890 |
"projects" * "mail4u.2k10"
|
|
|
1c6890 |
</screen>
|
|
|
1c6890 |
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
Assuming the hostname of the server computer is
|
|
|
1c6890 |
<quote>projects</quote>, when a client computer uses the faith
|
|
|
1c6890 |
username to login on it, the
|
|
|
cc1234 |
class="ipaddress">192.168.1.2</systemitem> IP address will be
|
|
|
1c6890 |
assigned to that client computer after a successful
|
|
|
1c6890 |
authentication. This configuration is just for one Modem
|
|
|
1c6890 |
device attached to the server computer. In case you have more
|
|
|
1c6890 |
than one Modem device attached to the server computer, it
|
|
|
1c6890 |
would be necessary to add one username for each Modem device
|
|
|
1c6890 |
you have, in order to permit the client computers to connect
|
|
|
1c6890 |
simultaneously. It is not possible to have two or more
|
|
|
1c6890 |
computers with the same IP address in the same network.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
73737d |
<sect3 id="connectivity-ppp-server-pppd-pap">
|
|
|
1c6890 |
<title><filename>/etc/pppd/pap-secrets</filename></title>
|
|
|
1c6890 |
<para>
|
|
|
1c6890 |
This file contains the same information of
|
|
|
9846e2 |
<filename>cha-secrets</filename> file does. See
|
|
|
73737d |
linkend="connectivity-ppp-server-pppd-cha" />.
|
|
|
1c6890 |
</para>
|
|
|
1c6890 |
</sect3>
|
|
|
1c6890 |
|
|
|
1c6890 |
</sect2>
|
|
|
1c6890 |
|
|
|
1c6890 |
</sect1>
|