Building a Linux Dial-up Server, Part 2 - Page 2

By Carla Schroder | Posted Jul 22, 2003
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

PAP/CHAP

You can use either PAP or CHAP for authentication, but CHAP is more secure. Username/passwords are stored in /etc/ppp/chap-secrets or /etc/ppp/pap-secrets. On the server, you'll need to enter all the username/password pairs that are allowed access. The clients need only their own username/password. For the simplest PAP authentication, add the 'noauth' option to /etc/ppp/options on all the clients that are authorized to connect to your dial-in server (see the PPPD Auth Gotcha from part 1 for more on this).

The format is the same for both, and supplying the username and password is sufficient:

user server secret address
username * password *

Of course, server names and IP addresses can be added for increased security and control.

/etc/passwd Authentication

Alternatively, you can do away with PAP/CHAP entirely by adding the following to /etc/ppp/options:

login
refuse-pap
refuse-chap

This will tell PPP to authenticate against Linux system passwords, rather than hassling with secrets files.

Good to Go

At this point, we have a functioning dial-in server that you can use for connecting to a fileserver, as a gateway to other PCs inside the network, or as a quick and easy WAN link. (See the Linux Network Administrator's Guide for how to set up routing using ip-up and ip-down).

Dial-on-Demand and Persistent Dialing are two useful methods of keeping a client connected:

Dial-on-Demand

This is the frugal way to manage a dialup connection. To activate dial-on-demand – when sending email, for example – add these lines to /etc/ppp/options:

demand
holdoff 60
idle 360

'demand' means simply run on demand. PPP starts partway, and then waits for the 'connect' command.

'holdoff' sets, in seconds, how to long to wait between redials.

'idle' will disconnect ppp after the configured number of seconds of no activity on the line.

Persistent Dialing

To keep the line alive constantly, add these lines to /etc/ppp/options:

persistent
holdoff 60

This tells ppp to stay connected, and to redial after 60 seconds if the connection is broken.

That wraps up our two-part look at building dial-up and dial-in servers for Linux. I hope you've enjoyed it!

Resources
Linux Network Administrator's Guide, 2nd Edition
Modem HOW-TO
Linux Dial-in Server Setup Guide
Linux PPP HOWTO


» See All Articles by Columnist Carla Schroder

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter