how to hook up ppp in linux.htm

How to Hook up PPP in Linux

# if A does not arrive, send B and then expect C.
# So this line means-- expect OK, if it does not arrive, wait two
# seconds,(each \d is a one second wait) send +++
# wait for two more seconds and then do not send a carriage return.
# Finally again wait for OK again. If it arrives, send ATH0
# The +++ is in case your modem has not hung up. You may want to know if your 
# modem is not hanging up, if so, remove this whole line.
              OK    'AT&F\\Q3\\V1&D3M1#CC1'
# These are various controls sent to my particular modem. CHANGE FOR YOURS!
#The &F,  &D3,  and M1 seem to be quite generic for setting the modem
# with factory defaults,  allowing the DTR line to reset the modem
#(Used when pppd shuts itself down), and  M1 allows the speaker on while the
#call is being established, but off after the remote system has answered.
#USR/3COM Sportster modems require &F1 instead of &F.
# \Q3, \V1, and #CC1 are almost certainly peculiar to my particular
# modem.
# Note that a backslash must be doubled to get through. This sequence 
# should also always be enclosed in single  quotes
# because of the special characters like &.\,#.
              OK     ATD8765432
              CONNECT ""
              ogin:--ogin:    unruh
# Again the A-B-C, except the middle B to be sent if ogin: is not
# received is nothing except a  carriage return
              assword:      "dontyouwish"

---------------------------------------------------------------\
</PRE>If in your determination of what your ISP wanted, you found you had to 
expect other text (eg 'PPP? y/n') and send a response, insert those onto the end 
of this file. Also, since your username, password and phone numbers are highly 
unlikely to be as in this script, change those. 
<P>The other possibility is that the ISP uses PAP/CHAP authorization. In this 
case the pppon script needs the "user" option. You can put it into the file 
permanently (eg, if you will ever only use a single ISP) or, as in the 
following, you can allow it to be given as an option to pppd. <BR><I>pppon</I> <PRE>==============================================================
#!/bin/sh
if [ "$1" = "" ] ;then
&nbsp;&nbsp; echo "Usage: pppon username"
&nbsp;&nbsp; exit 1
fi
/usr/sbin/pppd /dev/ttyS1 57600 user $1 connect "/usr/sbin/chat -f $HOME/chatscript"
----------------------------------------------------------------</PRE>This 
script asks for your username on the remote system as part of the options to the 
pppon. You could replace the lines between the <I>if</I> and <I>fi</I> and just 
put the username in instead of the $1 in the pppd command line if you wished. 
<BR>It is important to note that I have removed the <I>debug</I> option to pppd. 
Under especially PAP, using debug will store your PAP password in the 
/var/log/ppp file, which is not what you want. Additionally, erase your 
/var/log/ppp file at this point to remove the possibility of anyone reading the 
password in that file. <BR>The chatscript here is simpler, since you do not need 
to log on (for an explanation of the various lines in this script, look at the 
above example where I set up a sample chatscript for the case the ISP expects 
you to log on first). <BR><I>chatscript</I> <PRE>===============================================================
              ABORT "NO CARRIER"
              ABORT "NO DIALTONE"
              ABORT "ERROR"
              ABORT "NO ANSWER"
              ABORT "BUSY"
              ""    AT
              OK-\d\d+++\d\d\c-OK   ATH0
              OK    'AT&amp;F\\Q3\\V1&amp;D3M1#CC1'
              OK     ATD8765432
              CONNECT '\d\c'
# The \d means wait a second, the \c means do not send a carriage
# return (sending a carriage return at this point almost always confuses
# the ISP)
--------------------------------------------------------------------</PRE>
<P>When you have created the above scripts, (perhaps with the debug option for 
pppd in pppon and adding a -v after the chat command so you can see what goes 
wrong if something is wrong with the script--- just remember to remove both of 
these once you have finished testing), copy them to their final home. 
<P><B>mv pppon /usr/bin</B> <BR><B>chmod a+rx /usr/bin/pppon</B> <BR><B>chown 
&lt;user&gt; chatscript</B> <BR><B>su &lt;user&gt;</B> <BR><B>mv chatscript 
$HOME</B> <BR><B>chmod go-rwx $HOME/chatscript</B> 
<P>Note that we have made the chatscript readable only by the user. This is 
important since it may contain the user's password (in the logon case). <A 
name=Security></A>
<H3>Extra Security</H3>When you are connected to the internet via ppp, others 
are also connected to you, and this could open you to break-ins while you are 
connected. To help alleviate this, put the line <BR><I>ALL: ALL</I> <BR>into the 
file /etc/hosts.deny and <BR><I>ALL: 127.0.0.1 127.0.0.0</I> <BR>into 
/etc/hosts.allow. This will disallow all external hookups by anything to your 
machine. If you want more detailed control, read <BR><I>man 5 hosts_access</I> 
<BR>For example, if you have an internal Ethernet network you obviously want to 
allow them, but not others to log on to your system. <A name=Stopping></A>
<CENTER>
<H2>Stopping PPP</H2></CENTER>To stop the connection, use the command 
<BR><B>killall pppd</B> <BR>This sends a signal to the pppd program telling it 
to shut down. pppd shuts itself down by dropping the DTR line to the modem, and 
by running the commands in /etc/ppp/ip-down and /etc/ppp/ip-down.local. The 
biggest problem with the above is that the command may not work unless you are 
logged in as root. (I have had this trouble for a while, others, including me 
now, have not.) If the above does not work (ie your ppp connection stays up and 
your modem does not hang up after a minute or so) you will either have to log on 
as root and then run the above command, or you can use a "wrapper" so that any 
user can run the above command as root. This wrapper is a C program which makes 
running the command as suid root safe. The details are given on the web page 
<BR><A 
href="http://www.theory.physics.ubc.ca/ppp-kill-wrapper.html">http://www.theory.physics.ubc.ca/ppp-kill-wrapper.html</A> 

<P>Since pppd tries to hang up the modem by switching the DTR line to the modem, 
the modem must be set up to reset the modem when this occurs. The modem will 
eventually hang itself up if pppd stops, but it takes a while (a minute or so at 
times). thus it is useful (but not crucial) that you set up your modem to use 
the DTR line to reset the modem. You must look up the command in your 
documentation for your modem. For the three different modems I have, the command 
is &amp;D3 (Reset modem on ON to OFF transition of DTR). So you would add 
&amp;D3 to the modem initialisation string in the chat script files. Ie, the 
line <BR>OK 'AT&amp;D3' <BR>should be added just before the line where you dial 
up your service provider. 
<P>One useful safety net (against running up huge bills with your ISP and making 
your family angry at your hogging the phone) is that pppd has an option to hang 
up the connection if no traffic has gone across the ppp network in a certain 
amount of time. Enter the line <BR>idle 1800 into /etc/ppp/options file. This 
will hang up the phone if there has been no traffic for 1800 seconds (30 min). 
Change that number (1800) if you want this idle option to work more quickly (or 
slowly). <BR>Note that pppd will interpret anything on the link as resetting the 
idle timer. Thus, and LcpEcho request (sent out by some ISPs to see if you are 
still alive) will reset the timer and stop the idle timeout from ever operating. 
However as of the 2.4.x series of kernels, the ppp kernel has the option of 
active filtering which will disregard certain items coming down the ppp line for 
purposes of the idle timer. The kernel must have been compiled with the 
<BR>PPP_FILTER <BR>option. Whether yours has been depends on the distribution. 
<HR>
You might want your system to do demand dialing-- ie, to have your system phone 
your ISP on its own every time you (or your computer) wants to connect. (This is 
especially handy if you have a number of computers connected to yours and yours 
acts as the gateway via PPP to the outside world). To do so use the program 
<B>diald</B> from <A 
href="http://diald.sourceforge.net/">http://diald.sourceforge.net/</A> <BR>An 
alternative to diald is <A href="http://w3.cpwright.com/mserver/">masqdialer</A> 
which some have found easier to set up than diald. It allows users on other 
machines in your network to bring up and down the connection on your linux 
server. <BR>Finally, the newer versions of pppd and the kernel (2.4.x series) 
have the <I>demand</I> option, which will also bring up the connection when 
something tries to send out a request to some machine on the net. diald has 
better filtering abilities to filter out things which you do not want to bring 
up the interface (eg some of the Windows internet noise). 
<HR>
To have others connect to your machine, (ie, to have yourself act as an ISP), 
use <A href="http://mgetty.greenie.net/"><B>mgetty</B> from 
http://mgetty.greenie.net/</A>. Also get the guide <A 
href="http://www.swcp.com/~jgentry/pers.html">http://www.swcp.com/~jgentry/pers.html</A> 
to setting up dial in access or see <A 
href="http://axion.physics.ubc.ca/mgetty.html">./mgetty.html</A>. <BR>Here, <A 
href="http://www.theory.physics.ubc.ca/mgetty-point.html">http://www.theory.physics.ubc.ca/mgetty-point.html</A> 
are also a number of links to documentation to getting mgetty up and running 
(including with multiple incoming telephone lines). 
<HR>

<P>For a variety of scripts, which can be of help in a some situations, see C 
Kite's site <A 
href="http://users3.ev1.net/~ckite/public_html/download/index.html">http://users3.ev1.net/~ckite/public_html/download/index.html</A> 
<BR>In particular <BR>For dialing a number of ISPs in a row if they are busy who 
all use chap or pap authentication: <A 
href="http://users3.ev1.net/~ckite/public_html/download/chap-many2one.gz">http://users3.ev1.net/~ckite/public_html/download/chap-many2one.gz</A> 
<BR>For a patch to chat (although this is by now an old version of chat) to 
allow use of SecureID see: <A 
href="http://users3.ev1.net/~ckite/public_html/download/SecurID.gz">http://users3.ev1.net/~ckite/public_html/download/SecurID.gz</A> 
<BR>For another "SecurID" type one time password patch see <A 
href="http://users3.ev1.net/~ckite/public_html/download/chatbypipe.tar.gz">http://users3.ev1.net/~ckite/public_html/download/chatbypipe.tar.gz</A> 
<BR>For a discussion on RAS callback for Linux ppp, see <A 
href="http://users3.ev1.net/~ckite/public_html/download/RAScb.gz">http://users3.ev1.net/~ckite/public_html/download/RAScb.gz</A> 
<BR>These scripts have not been tested by me, so use at your own risk. 
<HR>

<P>Finally, if it is really kppp which you want to run, see <A 
href="http://www.preggers.easynet.be/internete.html">http://www.preggers.easynet.be/internete.html</A> 

<HR>

<P>A really big helping of thanks to staehle@nevalue.net for a lot of help in 
whipping this page into shape. Thanks also to pacman@cqc.com for helpful 
improvements to this document. Finally, but not least, I would thank James 
Carlson and Clifford Kite from whose posting on comp.protocols.ppp and elsewhere 
I have learned a lot of what I know about ppp. 
<HR>
This document was written by W. G. Unruh, <IMG alt="" 
src="How to Hook up PPP in Linux.files/unruh.png">. I would appreciate any 
feedback you can give, especially if your ISP has some other strange way of 
authenticating you. Also if anything in this document is ambiguous, hard to 
follow, or wrong, please let me know. 
<P>Good Luck in your connection. 
<P>Last modified Mar 23, 2002 </P></BODY></HTML>