As already mentioned, there are many ways to do this. What I present here is the way I do it (using a Cyclades multi-port serial card) and a rotary dial in set of telephone lines.
If you don't like the method I present here, please feel free to go your own way. I would however, be pleased to include additional methods in future versions of the HOWTO. So, please send me your comments and methods!
Please note, this section only concerns setting up Linux as a PPP server. I do not (ever) intend to include information on setting up special terminal servers and such.
Also, I have yet to experiment with shadow passwords (but will be doing so sometime). Information currently presented does NOT therefore include any bells and whistles that are required by the shadow suite.
All the earlier comments regarding kernel compilation and kernel versions versus pppd versions apply. This section assumes that you have read the earlier sections of this document!
For a PPP server, you MUST include IP forwarding in your kernel. You may also wish to include other capabilities (such as IP firewalls, accounting etc etc).
If you are using a multi-port serial card, then you must obviously include the necessary drivers in your kernel too!
We offer dial up PPP (and SLIP) accounts and shell accounts using the same username/password pair. This has the advantages (for us) that a user requires only one account and can use it for all types of connectivity.
As we are an educational organisation, we do not charge our staff and students for access, and so do not have to worry about accounting and charging issues.
We operate a firewall between our site and the Internet, and this restricts some user access as the dial up lines are inside our (Internet) firewall (for fairly obvious reasons, details of our other internal firewalls are not presented here and are irrelevant in any case).
The process a user goes through to establish a PPP link to our site (once they have a valid account of course) is :-
ppp
to start PPP on
the server.The server uses individual /etc/ppp/options.ttyXX
files for each
dial in port that set the remote IP number for dynamic IP allocation.
The server users proxyarp routing for the remote clients (set via the
appropriate option to pppd). This obviates the need for routed or gated.
When the user hangs up at their end, pppd detects this and tells the modem to hang up, bringing down the PPP link at the same time.
You will need the following software:-
Before you can set up your PPP server, your Linux box must be capable of handling standard dial up access.
This howto does NOT cover setting this up. Please see the documentation of the getty of your choice and serial HOWTO for information on this.
You will need to set up the overall /etc/ppp/options
with the
common options for all dial up ports. The options we use are:-
asyncmap 0 netmask 255.255.254.0 proxyarp lock crtscts modem
Note - we do NOT use any (obvious) routing - and in particular there is no defaultroute option. The reason for this is that all you (as a PPP server) are required to do is to route packets from the ppp client out across your LAN/Internet and route packets to the client from your LAN and beyond.
All that is necessary for this is a host route to the client machine and the use of the 'proxyarp' option to pppd.
The 'proxyarp' option sets up (surprise) a proxy arp entry in the PPP server's arp table that basically says 'send all packets destined for the PPP client to me'. This is the easiest way to set up routing to a single PPP client - but you cannot use this if you are routing between two LANs - you must add proper network routes which can't use proxy arp.
You will almost certainly wish to provide dynamic IP number allocation
to your dial up users. You can accomplish this by allocating an IP
number to each dial up port. Now, create a /etc/ppp/options.ttyXX
for each dial up port.
In this, simply put the local (server) IP number and the IP number that is to be used for that port. For example
kepler:slip01
In particular, note that you can use valid host names in this file (I find that I only remember the IP numbers of critical machines and devices on my networks - names are more meaningful)!
As starting a ppp link implies configuring a kernel device (a network interface) and manipulating the kernel routing tables, special privileges are required - in fact full root privileges.
Fortunately, pppd has been designed to be 'safe' to run set uid to root. So you will need to
chmod u+s /usr/sbin/pppd
When you list the file, it should then appear as
-rwsr-xr-x 1 root root 74224 Apr 28 07:17 /usr/sbin/pppd
If you do not do this, users will be unable to set up their ppp link.
In order to simplify things for our dial up PPP users, we create a global alias (in /etc/bashrc) so that one simple command will start ppp on the server once they are logged in.
This looks like
alias ppp="exec /usr/sbin/pppd -detach"
What this does is
When a user logs in like this, they will appear in the output of 'w' as
6:24pm up 3 days, 7:00, 4 users, load average: 0.05, 0.03, 0.00 User tty login@ idle JCPU PCPU what hartr ttyC0 3:05am 9:14 -
And that is it...I told you this was a simple, basic PPP server system!