Red Hat Knowledgebase

While dialup modems have become largely obsolete due to broadband Internet connections, there are still situations where dialup access can prove useful. A PPP server in the office can provide employees with an alternative method to access email and the Internet while traveling. Dialup modems can also provide emergency connectivity for system administrators in the event of server or network problems. A PPP server configured using these steps will allow system administrators to grant remote access to users of Red Hat Enterprise Linux, Microsoft Windows, OS X or any other operating system that supports a PPP dialer. Simply enter the phone number of the modem, the username and the password of the user into the dialer software on the remote client. No further configuration is required on the client side for Red Hat Enterprise Linux or other operating systems.

Follow these steps to configure your PPP server:

1. Uncomment the 'AutoPPP' line in the /etc/mgetty+sendfax/login.config file:
   
   /AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug
   
   
2. Adjust the port speed in the /etc/mgetty+sendfax/mgetty.config file to match that of the modem(s) attached to the system.
   
   speed 57600
   
   
3. Add the following line at the end of the /etc/inittab file:
   
   ppp0:345:respawn:/sbin/mgetty -x 3 ttyS0
   
   Change ttyS0 to the port used by the modem (ttyS0 is COM1). One line is required per modem. If more than one modem will be used, change the terminal name (ppp0 is the name here) to something unique for each modem and also change ttyS0 to the proper serial port for each modem. If unsure of which port the modem is attached to, query the ports by using this command:
   
   wvdialconf /tmp/wvdialtest.conf
   
   The output of that command will display which port the modem is connected to. The display should look something like this:
   
   "Found a modem on /dev/ttyS0, using link /dev/modem in config"
   
   
4. Put the following into the /etc/ppp/options file. Do not forget to remove any existing options that might be in that file and to put real DNS servers on on the ms-dns lines:
   
   

   # Don't fork to become a background process (otherwise pppd will do so # if a serial device is specified). -detach # async character map -- 32-bit hex; each bit is a character # that needs to be escaped for pppd to receive it. 0x00000001 # represents '\x01', and 0x80000000 represents '\x1f'. asyncmap 0 # Set the interface netmask to , a 32 bit netmask in "decimal dot" # notation (e.g. 255.255.255.0). netmask 255.255.255.0 # Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system. proxyarp # Specifies that pppd should use a UUCP-style lock on the serial device # to ensure exclusive access to the device. lock # Use hardware flow control (i.e. RTS/CTS) to control the flow of data # on the serial port. crtscts # Use the modem control lines. On Ultrix, this option implies hardware # flow control, as for the crtscts option. (This option is not fully # implemented.) modem # This machine does not authenticate callers noauth # Set DNS servers. Replace aa.bb.cc.dd and ee.ff.gg.hh with the actual # DNS servers for your environment. ms-dns aa.bb.cc.dd ms-dns ee.ff.gg.hh

   
   
   
5. Create an /etc/ppp/options.ttySX file, where ttySX is the serial port the modem is connected to (something like ttyS0 or ttyS1). To this file, add the IP address of the machine being configured as the PPP server followed by a colon and the IP address that will be assigned to the modem. The file will look like this:
   
   

   #Server_IP_address:Client_IP_address 192.168.1.68:192.168.1.107

   
   This sets the gateway (PPP server's IP) and IP address for the remote system. Create one file for each modem if using more than one. The server IP address will be the same in all these files but each modem needs its own unique IP address.
6. Grant suid root access to the pppd program with this command:
   
   chmod u+s /usr/sbin/pppd
   
   This will allow pppd to run with root permissions.
7. Force a reread of the /etc/inittab file with the command init q
8. Activate IP fowarding so that the server can route client requests outside the server by using this command:
   
   echo 1 > /proc/sys/net/ipv4/ip_forward
   
   If this setting needs to be persistent across reboots, edit the /etc/sysctl.conf file and add this line:
   
   net.ipv4.ip_forward = 1
   
   
9. User accounts need to be changed to run the /usr/sbin/pppd program automatically on login. If this is not set up, users will need to manually execute pppd in a terminal window after logging in. While a generic 'pppuser' account could be created for everyone to use, we strongly recommend the creation of individual accounts for security reasons. To set up accounts for ppp usage, create accounts as usual with the useradd command. After assigning a password to the account with passwd, modify the /etc/passwd file to change the user's login shell to /usr/sbin/pppd. The line in /etc/passwd will look similar to this:
   
   bob:x:500:500:bob:/home/bob:/usr/sbin/pppd
   
   
10. Both PAP and CHAP authentication are supported by Red Hat Enterprise Linux, but as CHAP requires custom scripts on the client and server we will use the simpler PAP authentication method here. PAP is specified by the -chap +pap arguments on the AutoPPP line in the /etc/mgetty+sendfax/login.config file. To allow users to authenticate, edit the /etc/ppp/pap-secrets file to include their usernames and passwords. These are the same usernames and passwords that users would enter if they logged into the system from the local console. For example, if we only wanted to grant PPP access to a user called "bob" who has a password of "mypassword", the file would look like this:
    
    

    #User Server Secret IP Address bob * mypassword *

    
    
    The asterisks under the Server and IP address fields let this user log into this server from any IP address.

Troubleshooting
If the modem does not automatically answer when users dial in, make sure the DIP switches on the modem are not configured to force auto answer. No reconfiguration of the modem from default settings should be necessary to make PPP access work.

If the modem answers but users are having difficulty logging in, use the tail -f command to monitor /var/log/messages and /var/log/mgetty.log.ttySX (where X is the number of your serial port) for errors.

Make sure the user's login password is the same as the password entered in /etc/ppp/pap-secrets and also matches the password they are using in their PPP dialer software.

If errors like init chat failed, exiting...:Invalid argument appear in the /var/log/mgetty.log.ttySX file, the modem initialization string may not be correct. To correct this, add this line to the /etc/ppp/mgetty.config file:

init-chat "" ATZ OK AT&F1 OK

Replace AT&F1 with the proper init string for your modem(s). AT&F1 should work for US Robotics modems as it will load the factory default configuration.

NOTE: The 'user' field in /var/log/mgetty.log.ttySX will display the actual username of the user attempting login when using a Linux system as the remote client. If Windows is the remote client's operating system, the 'user' field will always display '/AutoPPP/'. This is normal.