PPP disaster - PPP

This is a discussion on PPP disaster - PPP ; I am having major problems with getting my ppp set up and working. I have read through the numerous outdated tutorials online and feel like I have just dug a deeper pit to sit in. I am trying to set ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: PPP disaster

  1. PPP disaster

    I am having major problems with getting my ppp set up and working. I
    have read through the numerous outdated tutorials online and feel like
    I have just dug a deeper pit to sit in. I am trying to set up ppp as
    both server and client. The basic idea is that I am going to have
    linux based sensor nodes all over the place and would like to be able
    to control them and get the data from them via ppp over a cellular
    link. They also need to be able to call me back and let me know if
    something goes wrong. So I got mgetty installed and working. I can
    callin and get a shell login. Then I added the ppp module to my linux
    kernel and tried to adjust the configuration files so that I can call
    in and get an IP connection. After I make a call to the sensor, I
    checked the mgetty log and found that it looked through login.config
    for a match and then defaulted to /bin/login. The user is in my
    login.config file as the only one that can use ppp. Is there a better
    place to find help on how to use all these different config files.
    The tutorials only show a couple of files, but I have a options,
    options.dial, options.serv, pap-secrets, chap-secrets and on and on
    and on. There also is no ppp-off script which seems odd.


    ..........login.config.........
    /AutoPPP/ - myUser /usr/sbin/pppd file /etc/ppp/options.serv
    * - - /bin/login @

    ..........options........
    debug
    crtscts
    netmask 255.255.255.0
    asyncmap 0
    modem
    proxyarp
    lock


    ........options.serv.....
    /dev/ttyS1
    115200
    default-asycnmap
    modem
    crtscts
    netmask 255.255.255.0
    ipcp-accept-local
    ipcp-accept-remote
    10.0.0.174:
    +chap

    ........options.dial....
    /dev/ttyS1
    115200
    noproxyarp
    modem
    crtscts
    connect "/usr/sbin/chat -t 45 -v -f /etc/ppp/chat.ttyS1


    .......chap-secrets and pap-secrets
    * * "" 10.0.0.172

    I believe that this is everything on my machine for this, but I don't
    know why nothing works for me. Thank you in advance for any help in
    getting this working.

  2. Re: PPP disaster

    dirtytoyota@hotmail.com (PullnOutHair) writes:

    ]I am having major problems with getting my ppp set up and working. I
    ]have read through the numerous outdated tutorials online and feel like

    Which ones. I will suggest another--
    www.theory.physics.ubc.ca/ppp-linux.html
    Not that much about server options, but it does refer you to mgetty,
    which is what you use to set up modem answering for ppp.

    ]I have just dug a deeper pit to sit in. I am trying to set up ppp as
    ]both server and client. The basic idea is that I am going to have

    The only basic difference is that you use mgetty to answer the modem in
    one case and use chat to dial the phone in the other.

    ]linux based sensor nodes all over the place and would like to be able
    ]to control them and get the data from them via ppp over a cellular
    ]link. They also need to be able to call me back and let me know if

    Cell phone based versions of ppp tend to be attocious. Some poor slob
    who had never heard of ppp befor was suddently told to write a version
    of ppp in 2 days, and that is what the cell phone people sell.
    Of course this may not be a problem if you have a separate modem at each
    end and the cell phones are just used as phones.

    ]something goes wrong. So I got mgetty installed and working. I can

    Good. Now you need to get AutoPPP working. ( edit
    /etc/mgetty*/login.conf, the AutoPPP line, and when you phone in make
    sure your chat script does not send anything NOt even a carriage return,
    after the CONNECT message from the modem.
    )
    ]callin and get a shell login. Then I added the ppp module to my linux
    ]kernel and tried to adjust the configuration files so that I can call
    ]in and get an IP connection. After I make a call to the sensor, I
    ]checked the mgetty log and found that it looked through login.config

    Yes, that is why you want it to find that AutoPPP is the match.

    ]for a match and then defaulted to /bin/login. The user is in my
    ]login.config file as the only one that can use ppp. Is there a better
    ]place to find help on how to use all these different config files.
    ]The tutorials only show a couple of files, but I have a options,
    ]options.dial, options.serv, pap-secrets, chap-secrets and on and on
    ]and on. There also is no ppp-off script which seems odd.

    What is a ppp-off switch? If you mean, how do you stop pppd, the answer
    is
    killall pppd




    ].........login.config.........
    ]/AutoPPP/ - myUser /usr/sbin/pppd file /etc/ppp/options.serv
    ]* - - /bin/login @

    Good. Except of course we have no idea what is in /etc/ppp/options.serv

    Remember the far side must send NOTHING after the CONNECT except
    starting up ppp. Nothing.


    ].........options........
    ]debug
    ]crtscts
    ]netmask 255.255.255.0
    Get rid of this netmask-- it makes no sense for a ppp connection.

    ]asyncmap 0
    ]modem
    ]proxyarp

    Why proxyarp? You just want connections between the two machines. get
    rid of this.

    ]lock


    ].......options.serv.....
    ]/dev/ttyS1
    ]115200
    ]default-asycnmap
    ]modem
    ]crtscts
    ]netmask 255.255.255.0

    ]ipcp-accept-local
    ]ipcp-accept-remote
    ]10.0.0.174:
    ]+chap

    so make sure that a chap secrets file exists, and the other side must
    use the
    user username
    option ( where username is the name in the chap-secrets file, which must
    be on both sides, and the line must have 4 entries, the last of which is
    *)


    ].......options.dial....
    ]/dev/ttyS1
    ]115200
    ]noproxyarp

    GEt rid of this.\

    ]modem
    ]crtscts
    ]connect "/usr/sbin/chat -t 45 -v -f /etc/ppp/chat.ttyS1


    And your chat.ttyS1 file contains what?


    ]......chap-secrets and pap-secrets
    ]* * "" 10.0.0.172

    Bad idea. I have never gotten the * in the user column to work. Put in
    the one username. YOu MUST have the username in there for the caller
    anyway. And if you have no password, why in the world are you using
    chap anyway?

    Lke going out and buying a padlock for your door, and leaving the key in
    it always.




    ]I believe that this is everything on my machine for this, but I don't
    ]know why nothing works for me. Thank you in advance for any help in
    ]getting this working.

    We have no idea what does not work. More information is needed.
    (eg the output of the log file. --place debug into /etc/ppp/options, and
    place
    daemon.*;local2.* /var/log/daemonlog
    into /etc/syslog.conf and then do killall -1 syslogd



  3. Re: PPP disaster

    Bill Unruh wrote:
    > dirtytoyota@hotmail.com (PullnOutHair) writes:


    > ]and on. There also is no ppp-off script which seems odd.


    > What is a ppp-off switch? If you mean, how do you stop pppd, the answer
    > is
    > killall pppd


    There has been a ppp-off script in the pppd source directory "scripts"
    since pppd 2.2.0f++ . Some distributions may not provide it; it doesn't
    add much to the termination process and is somewhat stale.

    I use "kill -HUP pppd" for non-demand pppd connections, and -TERM for
    demand (the same as the killall default), but that's just a minimalist's
    preference. The "killall pppd" will work nicely most of the time.

    -- Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* "PPPoE has many advantages for DSL service providers, and
    practically none for DSL consumers."
    - David F. Skoll */

  4. Re: PPP disaster

    Clifford Kite writes:

    ]Bill Unruh wrote:
    ]> dirtytoyota@hotmail.com (PullnOutHair) writes:

    ]> ]and on. There also is no ppp-off script which seems odd.

    ]> What is a ppp-off switch? If you mean, how do you stop pppd, the answer
    ]> is
    ]> killall pppd

    ]There has been a ppp-off script in the pppd source directory "scripts"
    ]since pppd 2.2.0f++ . Some distributions may not provide it; it doesn't
    ]add much to the termination process and is somewhat stale.

    And the problem is that it does not work as I recall,
    because the /var/run/$DEVICE.pid file, which
    the script reads to determine the pid of the pppd process is read only
    by root, and thus you have to be root to use it. Now, given that many
    distributions do ( or used to) deliver pppd without the suid bit set,
    this meant tha only root could run pppd anyway, so I guess it used not
    to be a problem. Unfortunately most people run pppd as user (with the
    suid bit set) and thus the ppp-off script does not work.
    Iwrote a shell wrapper (still on my ppp web page) to suid run that
    script as root, but it is a bit silly now.

    Note that if you want to send a different signal to pppd, then killall
    also does that. killall -HUP pppd will send pppd the HUP signal. What
    killall does is basically combine the pidof program with the kill
    program.

  5. Re: PPP disaster

    Bill,
    Thank you very much for the info. and pointing me towards a much
    better tutorial.

    So I worked through the tutorial and found many cases in my setup that
    were just plain bad judgement. Ok maybe ignorance. Like the poor sap
    that designed the ppp of cellphones, untill Friday of last week I had
    only heard of ppp and the advantages that it could offer to my
    project. I am however not a linux guru or networking guru by any
    streach of the imagination. I am an embedded hardware/software
    developer who got saddled with this part of the project because I have
    some linux experience and the other developer is a diehard M$oft dork.
    I have been able to get a look into what is happening on my linking
    and I now believe that the problem is in my server setup.
    In the tutorial, I am directed to pipe my connection through to a
    terminal so that I can read it. The connection works great, but I
    never get asked for any kind of auth. I get a ton of LCP ConfReq adn
    LCP ConfNak, but nowhere is there any indication of auth. I will post
    some of my logs once I figure out how to regain my internet connection
    on the machine that I am testing on. But maybe some more project
    details so that people will better understand exactly what I am trying
    to do and can let me know if I am crazy or not.

    The project will consist of hundreds of embedded boards located
    throughout the country that are all linked back via cellular modems
    and direct ethernet lines to our server. We are using SOAP and WSDL
    to get and set the data on the embedded boards so I would like to set
    up a PPP server that will allow any of the cellular based nodes to
    call in and get ethernet access so that they can then use the existing
    SOAP/WSDL connection to make notifications and download data. I would
    also like the server to be able to automatically create the ppp link
    to any of the cellular nodes anytime they have traffic via a SOAP
    request from our service. I have several static IPs available for my
    server and can dedicate an entire subnet to the embedded nodes. Seems
    like linux ppp is perfect for this with ip masquerade.

    Any ideas or links to anything that could help is greatly appriciated
    since I am completely new to ppp. I will try and get the files pulled
    off the linux box so that I can post them here. Thanks again for all
    the help in pointing me in the right direction.

  6. Re: PPP disaster

    dirtytoyota@hotmail.com (PullnOutHair) writes:
    > terminal so that I can read it. The connection works great, but I
    > never get asked for any kind of auth. I get a ton of LCP ConfReq adn
    > LCP ConfNak, but nowhere is there any indication of auth. I will post


    That sounds like a classic case of misconfigured authentication
    information. You need to have this on the 'client' (authenticatee)
    side configuration:

    user

    and in the /etc/ppp/pap-secrets or /etc/ppp/chap-secrets file:

    * "user passphrase here"

    And on the server (authenticator) side:

    name
    auth
    require-pap (or require-pap)

    and in the /etc/ppp/pap-secrets or /etc/ppp/chap-secrets file:

    * "user's password" [optional IP addr]
    * "user's password" [optional IP addr]
    * "user's password" [optional IP addr]
    ...

    where at least one of those 'authorized-user-N' entries matches
    user-name-here from above.

    (The <> marks are just for sake of documentation; they're not to be
    typed literally.)

    > The project will consist of hundreds of embedded boards located
    > throughout the country that are all linked back via cellular modems
    > and direct ethernet lines to our server. We are using SOAP and WSDL
    > to get and set the data on the embedded boards so I would like to set
    > up a PPP server that will allow any of the cellular based nodes to
    > call in and get ethernet access so that they can then use the existing
    > SOAP/WSDL connection to make notifications and download data.


    That sounds fine.

    > I would
    > also like the server to be able to automatically create the ppp link
    > to any of the cellular nodes anytime they have traffic via a SOAP
    > request from our service.


    The easiest way to do that would be to have the 'server' configured to
    do demand-dial ("demand") for each of those links, and then have the
    'server' set up as the authenticatee (not authenticator) and the
    'client' set up as the authenticator. Just reverse the configuration
    above.

    The harder way, instead of demand-dial, would be to manually launch a
    'pppd call ' each time you want to talk with a remote site,
    and then 'killall pppd' when you're done. If you do this, place the
    configuration for each site into /etc/ppp/peers/ files.

    > I have several static IPs available for my
    > server and can dedicate an entire subnet to the embedded nodes. Seems
    > like linux ppp is perfect for this with ip masquerade.


    Not sure why you need masquerading here ...

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  7. Re: PPP disaster

    James Carlson writes:

    ]dirtytoyota@hotmail.com (PullnOutHair) writes:
    ]> terminal so that I can read it. The connection works great, but I
    ]> never get asked for any kind of auth. I get a ton of LCP ConfReq adn
    ]> LCP ConfNak, but nowhere is there any indication of auth. I will post

    ]That sounds like a classic case of misconfigured authentication
    ]information. You need to have this on the 'client' (authenticatee)
    ]side configuration:

    ] user


    ]and in the /etc/ppp/pap-secrets or /etc/ppp/chap-secrets file:

    ] * "user passphrase here"

    ]And on the server (authenticator) side:

    ] name

    This is not really needed. What is done with it is that in the chap
    request, the server sends this servername to the other side so that it
    can use it to find the password in teh chap secrets file if it has more
    than one for a given username. Of course if you have the * in the second
    place in the chap secrets file then this name does no good.


    ] auth

    require-chap implies auth so auth is not needed but does no harm.

    ] require-pap (or require-pap)

    I think you meant require-chap in the first instance.


    ]and in the /etc/ppp/pap-secrets or /etc/ppp/chap-secrets file:

    ] * "user's password" [optional IP addr]
    ] * "user's password" [optional IP addr]
    ] * "user's password" [optional IP addr]

    ACtually, you MUST either have specific IP addresses in teh fourth
    position or have a * there. If you have nothing, then you cannot
    connect.

    Thus the typical server chap-secrets is

    able * donaldduck *
    where able is the username and donaldduck is the password.

    An empty password "" means that any password will be accepted.


    ]> I would
    ]> also like the server to be able to automatically create the ppp link
    ]> to any of the cellular nodes anytime they have traffic via a SOAP
    ]> request from our service.

    ]The easiest way to do that would be to have the 'server' configured to
    ]do demand-dial ("demand") for each of those links, and then have the
    ]'server' set up as the authenticatee (not authenticator) and the
    ]'client' set up as the authenticator. Just reverse the configuration
    ]above.

    To do that you would give each of the nodes have a specific IP address,
    and anytime traffic came through for that address, the ppp on the server
    would open the link.

    ]The harder way, instead of demand-dial, would be to manually launch a
    ]'pppd call ' each time you want to talk with a remote site,
    ]and then 'killall pppd' when you're done. If you do this, place the
    ]configuration for each site into /etc/ppp/peers/ files.

    How many of the nodes would you expect to be talking to at the same
    time?



    ]> I have several static IPs available for my
    ]> server and can dedicate an entire subnet to the embedded nodes. Seems
    ]> like linux ppp is perfect for this with ip masquerade.

    ]Not sure why you need masquerading here ...

    Agreed. No masquarading needed.

  8. Re: PPP disaster

    unruh@string.physics.ubc.ca (Bill Unruh) writes:
    > ]And on the server (authenticator) side:
    >
    > ] name
    >
    > This is not really needed.


    True, but if you don't do it, then 'hostname' is used instead, which
    can sometimes be confusing.

    > ] auth
    >
    > require-chap implies auth so auth is not needed but does no harm.
    >
    > ] require-pap (or require-pap)
    >
    > I think you meant require-chap in the first instance.


    At least one instance; thanks.

    > An empty password "" means that any password will be accepted.


    or, as long as we're being really pedantic here, it means any password
    that otherwise matches all constraints configured is accepted, so if
    you add "login" to the configuration options and you use PAP, this
    will match against the system password database.

    > ]The easiest way to do that would be to have the 'server' configured to
    > ]do demand-dial ("demand") for each of those links, and then have the
    > ]'server' set up as the authenticatee (not authenticator) and the
    > ]'client' set up as the authenticator. Just reverse the configuration
    > ]above.
    >
    > To do that you would give each of the nodes have a specific IP address,
    > and anytime traffic came through for that address, the ppp on the server
    > would open the link.


    Sure. RFC 1918 addresses are plentiful.

    He really hasn't given us enough details to say that this should be
    ruled in or out.

    > ]The harder way, instead of demand-dial, would be to manually launch a
    > ]'pppd call ' each time you want to talk with a remote site,
    > ]and then 'killall pppd' when you're done. If you do this, place the
    > ]configuration for each site into /etc/ppp/peers/ files.
    >
    > How many of the nodes would you expect to be talking to at the same
    > time?


    If it's more than 1, you're going to have to deal with the sorts of
    issues involved in doing one-to-many dialout -- selecting an available
    outbound port+modem, dealing with failures, and so on. Linux doesn't
    have good facilities for this, that I know of. (Actually, _all_
    UNIX-like systems lack this sort of thing, as far as I can tell.)

    > ]Not sure why you need masquerading here ...
    >
    > Agreed. No masquarading needed.


    Still not sure from the information given.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  9. Re: PPP disaster

    > If it's more than 1, you're going to have to deal with the sorts of
    > issues involved in doing one-to-many dialout -- selecting an available
    > outbound port+modem, dealing with failures, and so on. Linux doesn't
    > have good facilities for this, that I know of. (Actually, _all_
    > UNIX-like systems lack this sort of thing, as far as I can tell.)
    >
    > > ]Not sure why you need masquerading here ...
    > >
    > > Agreed. No masquarading needed.

    >
    > Still not sure from the information given.




    For now I am planning on a single modem to dial out and a single modem
    to accept calls on another serial port. My current use is that only
    one person would be calling my remote sensors to connect them to the
    internet so that our websevices will work and they can monitor the
    sensor node. The dial-in modem is so that if anything goes wrong at
    any of the sensors they have a dedicated number to call. I don't want
    the operator to hold up a sensor node notifing of a problem.

+ Reply to Thread