Building a Linux Dial-up Server, Part 2 - Page 2

 By Carla Schroder
Page 2 of 2   |  Back to Page 1
Print Article


You can use either PAP or CHAP for authentication, but CHAP is more secure. Username/passwords are stored in /etc/ppp/chap-secrets or /etc/ppp/pap-secrets. On the server, you'll need to enter all the username/password pairs that are allowed access. The clients need only their own username/password. For the simplest PAP authentication, add the 'noauth' option to /etc/ppp/options on all the clients that are authorized to connect to your dial-in server (see the PPPD Auth Gotcha from part 1 for more on this).

The format is the same for both, and supplying the username and password is sufficient:

user server secret address
username * password *

Of course, server names and IP addresses can be added for increased security and control.

/etc/passwd Authentication

Alternatively, you can do away with PAP/CHAP entirely by adding the following to /etc/ppp/options:


This will tell PPP to authenticate against Linux system passwords, rather than hassling with secrets files.

Good to Go

At this point, we have a functioning dial-in server that you can use for connecting to a fileserver, as a gateway to other PCs inside the network, or as a quick and easy WAN link. (See the Linux Network Administrator's Guide for how to set up routing using ip-up and ip-down).

Dial-on-Demand and Persistent Dialing are two useful methods of keeping a client connected:


This is the frugal way to manage a dialup connection. To activate dial-on-demand – when sending email, for example – add these lines to /etc/ppp/options:

holdoff 60
idle 360

'demand' means simply run on demand. PPP starts partway, and then waits for the 'connect' command.

'holdoff' sets, in seconds, how to long to wait between redials.

'idle' will disconnect ppp after the configured number of seconds of no activity on the line.

Persistent Dialing

To keep the line alive constantly, add these lines to /etc/ppp/options:

holdoff 60

This tells ppp to stay connected, and to redial after 60 seconds if the connection is broken.

That wraps up our two-part look at building dial-up and dial-in servers for Linux. I hope you've enjoyed it!

Linux Network Administrator's Guide, 2nd Edition
Modem HOW-TO
Linux Dial-in Server Setup Guide

» See All Articles by Columnist Carla Schroder

This article was originally published on Jul 22, 2003
Get the Latest Scoop with Networking Update Newsletter