LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement

Linux Content

All Articles

Interviews

Linux in the Enterprise

Security Alerts


Linux Topics

Administration

Browsers

Caching

Certification

Community

Database

Desktop

Device Drivers

Devices

Email

Firewalls

Game Development

Getting Started

Kernel

LDAP

Multimedia

Networking

PDA

Programming

Security

Tools

Utilities

Web Design and Development

X Window System


Testing and Automating PPP
Pages: 1, 2, 3, 4

The chat script here is less complex because you do not need to log on. (For an explanation of the various lines in this script, look at the above example where I set up a sample chat script for the case when the ISP expects you to log on first.)



chatscript


======================================================
              ABORT "NO CARRIER"
              ABORT "NO DIALTONE"
              ABORT "ERROR"
              ABORT "NO ANSWER"
              ABORT "BUSY"
              ""    AT
              OK-\d\d+++\d\d\c-OK   ATH0
              OK    'AT&F\\Q3\\V1&D3M1#CC1'
              OK     ATD8765432
              CONNECT '\d\c'
# The \d means wait a second, the \c means do not 
# send a carriage return (sending a carriage return 
# at this point almost always confuses the ISP)
------------------------------------------------------

When you have created the above scripts, perhaps with the debug option for pppd in pppon and adding a -v after the chat command so you can see what goes wrong, remember to remove both of these once you have finished testing and copy them to their final home.

mv pppon /usr/bin
chmod a+rx /usr/bin/pppon
chown <user> chatscript
su <user>
mv chatscript $HOME
chmod go-rwx $HOME/chatscript

Note that we have made the chat script readable only by the user. This is important since it may contain the user's password, in the logon case.

Extra security

When you are connected to the Internet via PPP, others are also connected to you, and this could open you to break-ins while you are connected. To help alleviate this, put the line

ALL: ALL

into the file /etc/hosts.deny and

ALL: 127.0.0.1 127.0.0.0

into /etc/hosts.allow. This will disallow all external hookups by anything to your machine. If you want more detailed control, read man 5 hosts_access.

For example, if you have an internal Ethernet network, you obviously want to allow members of the network, but not others, to log on to your system.

Stopping PPP

To stop the connection, use the command

killall pppd

This sends a signal to the pppd program telling it to shut down. Pppd shuts itself down by dropping the DTR line to the modem, and by running the commands in /etc/ppp/ip-down and /etc/ppp/ip-down.local. The biggest problem with the above is that the command may not work unless you are logged in as root. I have had this trouble, others have not. If the above does not work, for example your PPP connection stays up and your modem does not hang up after a minute or so, you will either have to log on as root and then run the above command, or you can use a "wrapper" so that any user can run the above command as root. This wrapper is a C program that makes running the command as set user ID root safe. The details are given on the PPP Kill SUID Wrapper web page.

Since pppd tries to hang up the modem by switching the DTR line to the modem, the modem must be set up to reset itself when this occurs. The modem will eventually hang up if pppd stops, but it takes a while (a minute or so at times). Thus it is useful (but not crucial) that you set up your modem to use the DTR line to reset the modem. You must look up the command in your documentation for your modem. For the three different modems I have, the command is &D3 (Reset modem setting ON to OFF transition of DTR). So you would add &D3 to the modem initialization string in the chat script files.

For example, the line

OK        'AT&D3'

should be added just before the line where you dial up your service provider.

One useful safety net against running up huge bills with your ISP and making your family angry at your hogging the phone is that pppd has an option to hang up the connection if no traffic has gone across the PPP network in a certain amount of time. Enter the line

idle 1800

into /etc/ppp/options file. This will hang up the phone if there has been no traffic for 1,800 seconds (30 min.). Change that number (1800) if you want this idle option to work more quickly (or slowly).

You might want your system to do "demand dialing" -- to have your system call your ISP on its own every time you or your computer wants to connect. This is especially handy if you have a number of computers connected to yours and your computer acts as the gateway via PPP to the outside world. To do so, use the program diald from http://www.loonie.net/~eschenk/diald.html.

See Richard Senior's diald configuration page for instructions)

An alternative to diald is masqdialer which some have found easier to set up than diald. It allows users on other machines in your network to bring the connection on your Linux server up and down.

Finally, the newer versions of pppd have the demand option that will also bring up the connection when something tries to send out a request to some machine on the net.

To have others connect to your machine or to have yourself act as an ISP, use mgetty. Also get the guide to setting up dial-in access.

Here are a number of links to documentation to help you get mgetty up and running, including configurations with multiple incoming telephone lines.

For a variety of scripts, which can be of help in a some situations, see C Kite's site. In particular, for dialing a number of ISPs in a row if they are busy. This is for ISPs who all use CHAP or PAP authentication.

Previously in this series

Initial PPP Setup

Troubleshooting ISP Connection Problems

For a patch to chat, although this is by now an old version of chat, to allow use of SecureID see SecurID.gz.

For another "SecurID" type one-time password patch see http://www.inetport .com/~kite/chatbypipe.tar.gz

For a discussion on RAS callback for Linux PPP, see http://www.inetport.com/~kite/RAScb.gz

I have not tested these scripts, so use them at your own risk.

Finally, if you really want to run kppp, see http://www.crosswinds.net/~beginnerslinux

I'd like to thank staehle@nevalue.net for help in whipping this article into shape. Thanks also to pacman@cqc.com for additional improvements to this piece. Last but not least, I would thank James Carlson and Clifford Kite. Their posting at comp.protocols.ppp has taught me a lot of what I know about PPP.

I would appreciate your feedback on this article, especially if your ISP has some other strange way of authenticating you. Also if anything in this document is ambiguous, hard to follow, or wrong, please let me know.

Good luck in your connection!

Bill Unruh works for the Advanced Research Department of the Canadian Institute for Physics and Astronomy.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Recommended for You

Tagged Articles

Be the first to post this article to del.icio.us

Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


    		•

    Sponsored by: