Dial-in Server HOWTO

2003-06-15

Revision History
Revision 1.02003-06-15la
first official release
Revision History
Revision 1.12003-06-19la
minor format corrections
Revision History
Revision 1.22003-06-23la
minor format corrections

Abstract

This how to is designed to help you setup a dial-in server over a phone line for use with a LEAF router.


Table of Contents

Introduction
Preface
Needed Modules and Packages
Setting up the system's dial-in user
Modem Configuration
PPP Configuration
FINAL NOTES
References

Introduction

This document details the setup of a dial-in server for those wishing to access an existing network from a remote location via a telephone modem connection. This document can also be modified to add shell access or network resource sharing via the connection, but at this point in time only details internet access such as that you would receive via a dial-up ISP.

Copyright and License

This document, Sample XML HOWTO, is copyrighted (c) 2003 by Lynn Avants. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html.

Linux is a registered trademark of Linus Torvalds.

Disclaimer

No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies, that could be damaging to your system. Proceed with caution, and although this is highly unlikely, the author(s) do not take any responsibility.

All copyrights are held by their by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.

Credits / Contributors

In this document, I have the pleasure of acknowledging:

  • Jon French -who wrote the original LRP/LEAF document that I originally worked from.

  • Ray Olszewski -who has provided much of the correctness and clarity to this document.... thanks!!!

Feedback

Feedback is most certainly welcome for this document. Send your additions, comments and criticisms to the following email address : .

Preface

This document details the setup of a dial-in server for those wishing to access an existing network from a remote location via a telephone modem connection. This document can also be modified to add shell access or network resource sharing via the connection, but at this point in time only details internet access such as that you would receive via a dial-up ISP.

This mini-HowTo discusses only the use of the Point-to-Point Protocol (PPP) in a "server" configuration (that is, to listen for incoming connections). It does not discuss using PPP in a "client" configuration (that is, initiating a connection). PPP is technically a peer-to-peer protocol, where the 'server' is the end that is listening (answers the phone) and the 'client' is the end that initiates the call and (usually) requests an IP address and related info.

While some of the information here applies to any PPP-server setup, much of it is specific to LEAF, in that it assumes the usual set of LEAF applications is present on the system.

You may also need to modify your firewall ruleset for proper operation. If this is the case, please check with the documentation of your firewall/configuration program to make any necessary changes (that are beyond the scope of this document due to the large variety of firewall programs that exist)".

This document is based from my own experience, the HowTo Jon French wrote for the Linux Router Project (LRP), the PPP HowTo from the Linux Documentation Project, and other various resources on the internet.

Needed Modules and Packages

In addition to the standard set of LEAF (*.lrp) packages, a PPP server needs these two packages: pppd.lrp and mgetty.lrp. At the present time (June 2003), both can found at: http://leaf.sourceforge.net/devel/thc/files/kwarchive/

A PPP server also needs these three kernel modules: serial.o, slhc.o, and ppp.o . If they are not already present on your LEAF system, you will need to get them from the location appropriate to your LEAF variant and kernel version. For example, the Dachstein floppy modules are found at http://lrp.steinkuehler.net/files/kernels/2.2.19-3-small/modules/ and the Bering-1.2 modules are located at http://sourceforge.net/project/showfiles.php?group_id=13751. Follow usual LEAF procedures for installing them in /lib/modules and adding their names to /etc/modules.

Note

Several LEAF kernels such as Bering and the Dachstein-normal/large have serial.o compiled in. If the module isn't available, then it is likely compiled into the kernel and will not need to be added or loaded.

Setting up the system's dial-in user

None of the LEAF variants has a userid pre-defined for use with PPP. I prefer to add such a dedicated userid, because doing so makes it unnecessary to give dial-in PPP users shell access to the router itself. Instead, you can provide dial-in users with access to the LAN and/or the Internet, but keep the router itself invisible to the dial-up PPP user, hence more secure.

Creating the user is tricky due to the inherent lack of the 'useradd' command in the LEAF variants. Lack of this utility mandates that you create the user by hand. I am using the example user 'ppp' in this configuration, however this will need to be modified for the username that is desired to be logged in with over the dial-in connection. The process of creating the user by hand is as follows:

Add this line to the '/etc/passwd' file:

ppp:x:101:101:ppp:/home/ppp:/usr/sbin/pppd

Add this line to the '/etc/shadow' file:

ppp:*:10091:0:99999:7:::

If you would like to set the password for this user, use the command:

passwd ppp

The method of using 'pppd' for the login shell directly starts the connection automatically and does not give shell access to the user.

Modem Configuration

To act as a PPP server, the LEAF router must listen for incoming connections on one or more modem (serial port) lines. This process is similar to listening for a shell login from the console, though the details differ.

To listen for an incoming connection, you use the program "mgetty" to watch a serial device. You set this up in the '/etc/inittab' file. Some versions of LEAF have inactive (commented out) lines in inittab for this purpose, but newer versions do not. So you need either to add or to activate (uncomment) a line like this one:

T0:23:respawn:/sbin/mgetty ttyS0 -D ttyS0 -s 115200

Note

The numeral '0' is used in 'T0' and 'ttyS0', not the upper-case letter 'O'.

This sample line assumes the model uses the first serial port (Windows' COM1 normally corresponds to Linux's ttyS0) and a line speed of 115200 bps (sometimes called "baud", though this usage is technically inaccurate).

This line tells the init process to have mgetty listen on ttyS0 and process a connection when one arrives. Next, you need to tell mgetty *how* to process that connection You do so by editing (or creating) the files "/etc/mgetty/mgetty.config" and "/etc/mgetty/login.config'" as follows (suitably modified if you use a different port or line speed):

# The '/etc/mgetty/mgetty.config' file:
# mgetty configuration file
 port ttyS0
 init-chat "" AT&F1&C1&D2
 speed 115200
 debug 3
 data-only y

Modify the '/etc/mgetty/login.config' file:

/AutoPPP/	ppp	ttyS0 	/usr/sbin/pppd

PPP Configuration

This section details how to set up the server configuration of the pppd program with an included example of both the /etc/ppp/ppp.options and /etc/ppp/pap-secrets files.

PPP user authentication

The use of 'PAP' authentication instead of 'CHAP' makes life much easier (though less-secure) for Win 95/98 machines. You may be hard pressed to find a 'pppd' package for LEAF that supports MSCHAP, which is a special compile-time option with PPPd. The '/etc/ppp/pap-secrets' file also needs to be set to allow authentication against the system password file (that has already been configured), which is more secure than PAP-authentication used by itself. This example shows how to setup PAP-authentication using the system password utility:

Modify the '/etc/ppp/pap-secrets' file:

	# Secrets for authentication using PAP
	# client	server	secret	IP addresses
	*       	*	"login"	*

PPP connection settings

You'll need to manually enter your dns-server(s), netmask, ip address of the external interface on the router, and the ip address of the remote computer (the machine dialing-in to the router). This information will be entered in the '/etc/ppp/ppp.options' file as shown in the example in section 6.4 below.

Router settings

The use of the 'proxy-arp' option in the '/etc/ppp/ppp.options' file builds a direct connection to the external interface and bypasses the need to change the routing table on the router. You can proxy-arp to the internal LAN interface instead of the external interface and provide access to you private LAN if desired.

You will also need to make sure that your firewall ruleset is set to accept traffic from the 'ppp0' interface and forward where desired (ie.. internet, LAN segment, etc...).

Sample '/etc/ppp/ppp.options' file

You can use this sample as a template and substitute the information you have gathered in earlier sections in the appropriate lines.

# /etc/ppp/options
dns-addr 192.168.1.254
asyncmap 0
crtscts
lock
modem
netmask 255.255.255.0
-detach
+pap
-chap
debug
proxyarp
login
<external-ip-router>:<ip-to-use-on-remote-machine>

Note

For users that are also using 'ppp' (dial-up) for their outgoing internet connection, you will want to move any and all conflicting options from the '/etc/ppp/ppp.options' file to the respective '/etc/ppp/options.ttyS[n]' file so that both the client and server configuration work properly together.

FINAL NOTES

When all the previous configuration has been finished, the 'etc', 'mgetty', and 'pppd' packages will need to be backed-up via the 'lrcfg' menu and added to the 'syslinux.cfg' file on your floppy. You will also need to reboot the router for all the changes to take effect.

If luck is with you, everything should work first attempt. However if it doesn't you'll need to consult with troubleshooting that is beyond the scope of this document and readily available on the internet or on the leaf-user mailing-list at: http://lists.sourceforge.net/lists/listinfo/leaf-user.

Good luck and enjoy the use of your new dial-in server!

References

Reference links that were used with writing this document.