Next Previous Contents

26. Setting up a PPP server

As already mentioned, there are many ways to do this. What I present here is the way I do it (using a Cyclades multi-port serial card) and a rotary dial in set of telephone lines.

If you don't like the method I present here, please feel free to go your own way. I would however, be pleased to include additional methods in future versions of the HOWTO. So, please send me your comments and methods!

Please note, this section only concerns setting up Linux as a PPP server. I do not (ever) intend to include information on setting up special terminal servers and such.

Also, I have yet to experiment with shadow passwords (but will be doing so sometime). Information currently presented does NOT therefore include any bells and whistles that are required by the shadow suite.

26.1 Kernel compilation

All the earlier comments regarding kernel compilation and kernel versions versus pppd versions apply. This section assumes that you have read the earlier sections of this document!

For a PPP server, you MUST include IP forwarding in your kernel. You may also wish to include other capabilities (such as IP fire walls, accounting etc etc).

If you are using a multi-port serial card, then you must obviously include the necessary drivers in your kernel too!

26.2 Overview of the server system

We offer dial up PPP (and SLIP) accounts and shell accounts using the same user name/password pair. This has the advantages (for us) that a user requires only one account and can use it for all types of connectivity.

As we are an educational organisation, we do not charge our staff and students for access, and so do not have to worry about accounting and charging issues.

We operate a firewall between our site and the Internet, and this restricts some user access as the dial up lines are inside our (Internet) firewall (for fairly obvious reasons, details of our other internal fire walls are not presented here and are irrelevant in any case).

The process a user goes through to establish a PPP link to our site (once they have a valid account of course) is :-

The server uses individual /etc/ppp/options.ttyXX files for each dial in port that set the remote IP number for dynamic IP allocation. The server users proxyarp routing for the remote clients (set via the appropriate option to pppd). This obviates the need for routed or gated.

When the user hangs up at their end, pppd detects this and tells the modem to hang up, bringing down the PPP link at the same time.

26.3 Getting the software together

You will need the following software:-

26.4 Setting up standard (shell access) dialup.

Before you can set up your PPP server, your Linux box must be capable of handling standard dial up access.

This howto does NOT cover setting this up. Please see the documentation of the getty of your choice and serial HOWTO for information on this.

26.5 Setting up the PPP options files

You will need to set up the overall /etc/ppp/options with the common options for all dial up ports. The options we use are:-


asyncmap 0
netmask 255.255.254.0
proxyarp
lock
crtscts
modem

Note - we do NOT use any (obvious) routing - and in particular there is no defaultroute option. The reason for this is that all you (as a PPP server) are required to do is to route packets from the ppp client out across your LAN/Internet and route packets to the client from your LAN and beyond.

All that is necessary for this is a host route to the client machine and the use of the 'proxyarp' option to pppd.

The 'proxyarp' option sets up (surprise) a proxy ARP entry in the PPP server's ARP table that basically says 'send all packets destined for the PPP client to me'. This is the easiest way to set up routing to a single PPP client - but you cannot use this if you are routing between two LANs - you must add proper network routes which can't use proxy ARP.

You will almost certainly wish to provide dynamic IP number allocation to your dial up users. You can accomplish this by allocating an IP number to each dial up port. Now, create a /etc/ppp/options.ttyXX for each dial up port.

In this, simply put the local (server) IP number and the IP number that is to be used for that port. For example


kepler:slip01

In particular, note that you can use valid host names in this file (I find that I only remember the IP numbers of critical machines and devices on my networks - names are more meaningful)!

26.6 Setting pppd up to allow users to (successfully) run it

As starting a ppp link implies configuring a kernel device (a network interface) and manipulating the kernel routing tables, special privileges are required - in fact full root privileges.

Fortunately, pppd has been designed to be 'safe' to run set uid to root. So you will need to


chmod u+s /usr/sbin/pppd

When you list the file, it should then appear as


-rwsr-xr-x   1 root     root        74224 Apr 28 07:17 /usr/sbin/pppd

If you do not do this, users will be unable to set up their ppp link.

26.7 Setting up the global alias for pppd

In order to simplify things for our dial up PPP users, we create a global alias (in /etc/bashrc) so that one simple command will start ppp on the server once they are logged in.

This looks like


alias ppp="exec /usr/sbin/pppd -detach"

What this does is

When a user logs in like this, they will appear in the output of 'w' as


  6:24pm  up 3 days,  7:00,  4 users,  load average: 0.05, 0.03, 0.00
User     tty       login@  idle   JCPU   PCPU  what
hartr    ttyC0     3:05am  9:14                -

And that is it...I told you this was a simple, basic PPP server system!


Next Previous Contents