ToC Home Issues Hearts Links

Issue #4, November 2005

Slack Notes: Setting up mgetty+ppp to build a simple Slackware dialin server

Author: Mikhail Zotov

The procedure consists of two main parts, which can be done in any order: installing and configuring pppd, and installing and configuring (m)getty. Let's begin with pppd.

I. PPPD

1. Install slackware/n/ppp-2.4.?-i486-1.tgz package.

2. Feel free to

   # rm -rf /etc/radiusclient

3. Configure pppd. Basically, there are two main ways to start pppd on a dialin server:

1. a user logs in and starts pppd. In its turn, this can also be accomplished in different ways: this user shell can be defined as /sbin/pppd, or this can be a user with an "ordinary" shell who issues the corresponding command upon login (if needed; in this case pppd must be set suid root). Anyway, a user must exist in the system.
2. no additional user is defined in the system, and it is impossible to login via ppp (only via telnet or ssh).

I prefer the second way and it will be covered in what follows.

3.1 PPP options. First, let's obtain a copy of /etc/ppp/options convenient to work with:

   # cd /etc/ppp
   # cp options options.orig
   # egrep -v "^#|^$" options.orig > options
   # cat options

   asyncmap 0
   crtscts
   lock
   modem
   proxyarp
   lcp-echo-interval 30
   lcp-echo-failure 4

Now, edit /etc/ppp/options to look this way (man pppd):

-detach
# default settings:
asyncmap 0
crtscts
modem
lcp-echo-interval 30
lcp-echo-failure 4

# lock the port
lock

# require a client to authenticate itself:
auth

# define a DNS server for windoops clients if needed:
ms-dns 1.2.3.4

# local_IP_address:remote_IP_address
10.0.0.1:10.0.0.2

# additional logging for the case anything goes wrong:
debug

3.2 Define the authentication way by editing either /etc/ppp/pap-secrets or /etc/ppp/chap-secrets (or both). A pap-secrets file may look this way:

# Secrets for authentication using PAP
# client      server   secret                     IP addresses
client_name   *        "A very secret p4$$m0Rd"   *

Here, client_name is whatever you like as a name used by a client. No need to useradd client_name!

Asterisks are not mandatory but they work.

Make sure pap-secrets are not readable/writable by anybody but root.

Voila! PPP is ready.

Remark. CHAP is considered to be more secure than PAP (see, e.g., Sect. 8.8.1 of the Linux Network Administrators Guide). A chap-secrets file for two-sided authentication may look this way:

client_name   server_name    "We believe in having fun"    *
server_name   client_name    "and Slacking all the time"   *

This file must be present both on the server and the client sides. Also, it may be necessary to add another line to the /etc/ppp/options file on the server:

# The name declared by the server:
name server_name

and a similar line on the client machine.

II. Mgetty

Mgetty is not the only getty program available in the Net but the one that is often recommended for the purpose. Unfortunately, it doesn't come with Slackware thus we have to build it by ourselves.

1. Download mgetty from here or from here. The tarball has clear build instructions but one may want to save some time and use an mgetty.SlackBuild script available at SlackPack. Also, grab their policy.h. (Well, I couldn't stand and have modified their script slightly. It can be found here.)

2. Edit policy.h before building mgetty or running mgetty.SlackBuild. It is commented intensively thus no problems should appear. In case of doubts, leave it as is because (almost all) settings can be changed later. (As for me, I redefined MODEM_INIT_STRING and DEFAULT_PORTSPEED because I had to use a slow modem.)

Now, build mgetty. And don't forget to install it. :-)

3. Time to configure mgetty:

   # cd /etc/mgetty

or, cd /etc/mgetty+sendfax if you have followed the talon way of installation.

Two files should be filled:

• mgetty.config (optional). It may look this way:

  # port speed (not needed if coincides with the one defined
  # in policy.h or defined in /etc/inittab)
  speed 115200
  
  # roughly, a level of verbosity in logging
  debug 3
  
  # don't expect faxes:
  data-only y

• login.config (chmod 600)

  # See login.cfg.in for extensive comments
  /AutoPPP/ -	-	/usr/sbin/pppd
  * nobody @ /bin/false

4. Mgetty will log its activities in /var/log/mgetty.ttyS0 (replace ttyS0 with your device). Thus we need to think about rotating the log. The following lines added to /etc/logrotate.conf will do the job:

# mgetty logs:
/var/log/mgetty.ttyS0 {
   create 0640 root root
}

Once again, feel free to edit them up to your taste and needs.

III. Putting it all together

Add the following line to /etc/inittab:

s1:2345:respawn:/usr/sbin/mgetty -D ttyS0

Here, "-D" disables faxes, if needed. (Actually, we have already disabled them in mgetty.config but this doesn't hurt.) Next, "ttyS0" defines the port our modem is attached to. (There may be many different modems attached to the machine. Each modem parameters can be defined in mgetty.config.)

The final thing to do:

   # telinit q

Frankly speaking, there is one more thing to do. We do want to use our phone during working hours, do we? In order to prevent mgetty from replying to incoming calls when we are at work, let's add the following lines to /var/spool/cron/crontabs/root (assuming we are at work from 9 a.m. till 6 p.m. five days a week):

0 9 * * mon-fri /bin/touch /etc/nologin.ttyS0
0 18 * * mon-fri /bin/rm -f /etc/nologin.ttyS0

Congratulations!!! The work is done. High time to go home and test our brand new dialin server. :-)

Remark. Don't forget to enable port forwarding on the server:

   # echo 1 > /proc/sys/net/ipv4/ip_forward

References (besides those coming with ppp and mgetty)

• Linux Network Administrators Guide, Chapter 8. The Point-to-Point Protocol
• Linux PPP HOWTO by Corwin Light-Williams and Joshua Drake
• How to Hook up PPP in Linux and MGETTY Setup for Dialin by Bill Unruh

---

Copyright © 2005 by The Slack World, check here for the details.
The individual articles and posts are copyrighted by their authors.