The communication will be through a serial port. On the server we will connect through the "/dev/ttyS1" (COM2 in DOS/Windows) device. On your computer this may be different and you should modify the examples below accordingly. I force authentication because I use the configuration to provide a way to access files on a file server for a group of people. After logon they can use the Samba file shares to copy files to and from a laptop. If you are not concerned with security you can comment out the relevant options.
PPP (Point-to-Point Protocol) communication provides TCP/IP across a serial link. In other words: when you want to do internet-based browsing through a modem, you are likely to be using it. In Linux PPP is implemented by the PPP daemon "pppd". Its configuration is done through files in the "/etc/ppp/" directory. We will be using the following files:
/etc/ppp/options contains all general options for PPP connections
contains PPP options specific to connections through "/dev/ttyS1"
contains authentication information
starts initial system services
The "/etc/ppp/options" file should look more or less like this:
#/etc/ppp/options lock #auth forces authorization from peer #login makes authentication use the system password file #NOTE: my pap-secrets allows anyone access, so if this is not specified # anyone could connect! If this is a machine on which you dial out # as well, then comment auth and login out and move them to # /etc/options.ttySn auth login |
The lines starting with a "#" are comments. The "lock" parameter indicates that a lock file will be created to ensure exclusive access to the serial device, the "auth" parameter indicates that the client will need to authenticate itself, and "login" tells pppd to use the system user names and passwords for authentication.
Note that pppd will still check the "/etc/ppp/pap-secrets" file for user name and password information. A special, single line entry makes that pppd will only use the system's user information. The "/etc/ppp/pap-secrets" file looks as follows:
#/etc/ppp/pap-secrets # Secrets for authentication using PAP # client server secret IP addresses * * "" ppp_laplink_client |
This allows any machine with the IP address "ppp_laplink_client" to connect to the server, without using a password (you can see why it is handy to have the ppp_laplink entries in your /etc/hosts file). The "login" parameter in the "/etc/ppp/options" file, however, makes that the user name and password supplied by the client for authorization have to match the "/etc/ppp/pap-secrets" file as well as the system user name and password, so the connection will only succeed after a valid user name and password are provided.
Options specific to the serial line you are connecting with are placed in "/etc/ppp/options.ttySn", where n is the number of the serial device. My server uses "/dev/ttyS1", so the options go into... "/etc/ppp/options.ttyS1".
#/etc/ppp/options.ttyS1 asyncmap 0 crtscts #local indicates that modem lines are not used local #silent causes pppd to wait until a connection is made from the other side silent #these are entries that exist in the /etc/hosts file #the link does not work if this is at the end of this file - order matters! ppp_laplink_server:ppp_laplink_client #auth forces authorization from peer #login makes authentication use the system password file #NOTE: my pap-secrets allows anyone access, so if this is not specified # anyone could connect! If this is a server that will never use ppp # for dialing out, you should move auth and login to /etc/ppp/options #auth #login #use PAP, not CHAP for authentication require-pap 115200 |
All these options are well described in the pppd man page; a few of the key ones are explained with comments in the file. The "crtscts" parameter tells pppd to use hardware flow control. This is recommended because it is the fastest. Alternatively you could specify "xonxoff" to use software-based flow control - you would specify this if your null modem cable doesn't connect the RTS/CTS lines (unlikely if you bought your cable in the store). "115200" specifies the data transmission rate - if you have trouble connecting you might want to try with a lower speed. You can find valid speed settings in the termios manual page, although your hardware will limit the baud rate. Choosing an invalid speed setting will elicit an error message from the pppd daemon and apparently it then reverts to some default value.
Note that "auth" and "login" options are commented out here, because they were specified in the general options file. If you also use your computer to dial into an ISP, you will want to specify them here rather than in "/etc/ppp/options", or you will be asking your ISP to authorize itself when you dial in and that probably won't succeed. The reason why they are not specified in this file by default is because if you have other incoming PPP connections now or in the future, you want to make sure they are always authenticated. Remember that the "pap-secrets" as presented here gives zero protection.
Finally, the "ppp_laplink_server:ppp_laplink_client" entry specifies the local and remote IP address after the link is up. You can use actual IP numbers here (e.g. 192.168.0.1:192.168.1.1), or entries from the "/etc/hosts" file, like I have done. The nice thing of doing the latter is that you can use the names to refer to these links later. I also recommend you use IP numbers like the ones I used (192.168.0.1:192.168.1.1). These addresses are set aside for local networks and don't exist on the internet, so you are avoiding possible conflicts. After the link is up, the client can refer to the server with the IP address of ppp_laplink_server (192.168.0.1) and the server refers to the client with ppp_laplink_client (192.168.1.1).
You could use different entries in "/etc/ppp/pap-secrets" to only allow select users access. I am using the PAP protocol for authentication; you could use CHAP if you'd like - the setup is much the same, using the "chap-secrets" file. For these and other options you can consult the man pages and the documentation mentioned at the bottom.
You can have the PPP daemon (pppd) start when you boot the system and have it monitor the serial line of your choice. An elegant way of achieving this is to edit the "/etc/inittab" file. This file contains information for initializing the system. Add the following to this file:
# Start pppd for the serial laplink. pd:2345:respawn:/usr/sbin/pppd /dev/ttyS1 nodetach |
This reads as follows: for runlevels 2, 3, 4 and 5 start "/usr/sbin/pppd /dev/ttyS1 nodetach" and if it dies (at the end of a connection) respawn (start a new one). The "nodetach" option makes that pppd stays connected to the terminal that started it, rather than forking and exiting. This option is necessary because the "init" process would respawn a new one immediately otherwise. Other entries in the inittab file specify getty processes to run on serial terminals (tty's); their initialization looks a lot like this one.
To activate this new configuration type:
[root@griis /root]# /sbin/init q |
If it is only occasionally that you want to connect to your server, you might prefer to start the connection manually. All the settings remain the same; you can start the server by simply typing:
/usr/sbin/pppd /dev/ttyS1 nodetach |
at the command line. The "nodetach" option is not really necessary, but it makes it easy to kill the connection by pressing "ctrl-c".
Unfortunately the MS Windows implementation is not quite standard. Before initiating the PPP connection it requires the exchange of the text strings "CLIENT" (from the client) and "CLIENTSERVER" (from the server). To accommodate a Windows client the following line has to be added to the "/etc/ppp/options.ttyS1" file:
connect 'chat -v -f /etc/ppp/scripts/winclient.chat' |
Then create the scripts directory and the chat file "/etc/ppp/scripts/winclient.chat":
TIMEOUT 3600 CLIENT CLIENTSERVER\c |
The connect option allows you to specify a program to deal with the string exchange before the connection. Usually the "chat" program is used for this; check the manual for more details. The given script deals with the Windows connection issue. You don't need it when connecting a Linux box.