Issue #4, November 2005
Slack Notes: Setting up mgetty+ppp to build a simple Slackware dialin server
Author: Mikhail Zotov
The procedure consists of two main parts, which can be done in any order: installing and configuring pppd, and installing and configuring (m)getty. Let's begin with pppd.
I. PPPD
1. Install slackware/n/ppp-2.4.?-i486-1.tgz package.
2. Feel free to
# rm -rf /etc/radiusclient
3. Configure pppd. Basically, there are two main ways to start pppd on a dialin server:
- a user logs in and starts pppd. In its turn, this can also be accomplished in different ways: this user shell can be defined as /sbin/pppd, or this can be a user with an "ordinary" shell who issues the corresponding command upon login (if needed; in this case pppd must be set suid root). Anyway, a user must exist in the system.
- no additional user is defined in the system, and it is impossible to login via ppp (only via telnet or ssh).
I prefer the second way and it will be covered in what follows.
3.1 PPP options. First, let's obtain a copy of /etc/ppp/options convenient to work with:
# cd /etc/ppp # cp options options.orig # egrep -v "^#|^$" options.orig > options # cat options asyncmap 0 crtscts lock modem proxyarp lcp-echo-interval 30 lcp-echo-failure 4
Now, edit /etc/ppp/options to look this way (man pppd):
-detach # default settings: asyncmap 0 crtscts modem lcp-echo-interval 30 lcp-echo-failure 4 # lock the port lock # require a client to authenticate itself: auth # define a DNS server for windoops clients if needed: ms-dns 1.2.3.4 # local_IP_address:remote_IP_address 10.0.0.1:10.0.0.2 # additional logging for the case anything goes wrong: debug
3.2 Define the authentication way by editing either /etc/ppp/pap-secrets or /etc/ppp/chap-secrets (or both). A pap-secrets file may look this way:
# Secrets for authentication using PAP # client server secret IP addresses client_name * "A very secret p4$$m0Rd" *
Here, client_name is whatever you like as a name used by a client. No need to useradd client_name!
Asterisks are not mandatory but they work.
Make sure pap-secrets are not readable/writable by anybody but root.
Voila! PPP is ready.
Remark. CHAP is considered to be more secure than PAP (see, e.g., Sect. 8.8.1 of the Linux Network Administrators Guide). A chap-secrets file for two-sided authentication may look this way:
client_name server_name "We believe in having fun" * server_name client_name "and Slacking all the time" *
This file must be present both on the server and the client sides. Also, it may be necessary to add another line to the /etc/ppp/options file on the server:
# The name declared by the server: name server_name
and a similar line on the client machine.
II. Mgetty
Mgetty is not the only getty program available in the Net but the one that is often recommended for the purpose. Unfortunately, it doesn't come with Slackware thus we have to build it by ourselves.
1. Download mgetty from here or from here. The tarball has clear build instructions but one may want to save some time and use an mgetty.SlackBuild script available at SlackPack. Also, grab their policy.h. (Well, I couldn't stand and have modified their script slightly. It can be found here.)
2. Edit policy.h before building mgetty or running mgetty.SlackBuild. It is commented intensively thus no problems should appear. In case of doubts, leave it as is because (almost all) settings can be changed later. (As for me, I redefined MODEM_INIT_STRING and DEFAULT_PORTSPEED because I had to use a slow modem.)
Now, build mgetty. And don't forget to install it. :-)
3. Time to configure mgetty:
# cd /etc/mgetty
or, cd /etc/mgetty+sendfax if you have followed the talon way of installation.
Two files should be filled:
-
mgetty.config (optional). It may look this way:
# port speed (not needed if coincides with the one defined # in policy.h or defined in /etc/inittab) speed 115200 # roughly, a level of verbosity in logging debug 3 # don't expect faxes: data-only y
-
login.config (chmod 600)
# See login.cfg.in for extensive comments /AutoPPP/ - - /usr/sbin/pppd * nobody @ /bin/false
4. Mgetty will log its activities in /var/log/mgetty.ttyS0 (replace ttyS0 with your device). Thus we need to think about rotating the log. The following lines added to /etc/logrotate.conf will do the job:
# mgetty logs: /var/log/mgetty.ttyS0 { create 0640 root root }
Once again, feel free to edit them up to your taste and needs.
III. Putting it all together
Add the following line to /etc/inittab:
s1:2345:respawn:/usr/sbin/mgetty -D ttyS0
Here, "-D" disables faxes, if needed. (Actually, we have already disabled them in mgetty.config but this doesn't hurt.) Next, "ttyS0" defines the port our modem is attached to. (There may be many different modems attached to the machine. Each modem parameters can be defined in mgetty.config.)
The final thing to do:
# telinit q
Frankly speaking, there is one more thing to do. We do want to use our phone during working hours, do we? In order to prevent mgetty from replying to incoming calls when we are at work, let's add the following lines to /var/spool/cron/crontabs/root (assuming we are at work from 9 a.m. till 6 p.m. five days a week):
0 9 * * mon-fri /bin/touch /etc/nologin.ttyS0 0 18 * * mon-fri /bin/rm -f /etc/nologin.ttyS0
Congratulations!!! The work is done. High time to go home and test our brand new dialin server. :-)
Remark. Don't forget to enable port forwarding on the server:
# echo 1 > /proc/sys/net/ipv4/ip_forward
References (besides those coming with ppp and mgetty)
- Linux Network Administrators Guide, Chapter 8. The Point-to-Point Protocol
- Linux PPP HOWTO by Corwin Light-Williams and Joshua Drake
- How to Hook up PPP in Linux and MGETTY Setup for Dialin by Bill Unruh
Copyright © 2005 by The Slack World, check here for the details.
The individual articles and posts are copyrighted by their authors.