[afnog] PPP dial in on FreeBSD

Brian Candler B.Candler at pobox.com
Thu Oct 28 10:07:44 EAT 2004


On Thu, Oct 28, 2004 at 10:32:27AM +0200, antonio at nambu.uem.mz wrote:
> It is very useful the info, I have read it but I am still confused about the 
> getty and mgetty. After reading about it in the net it seems that mgetty 
> is the better choice but it seems it needs to be installed. I am possibly 
> going to try it but I am still confused about the connection between 
> PPP and mgetty.

getty/mgetty is the program which produces the login: prompt, collects the
username, and spawns the login program which in turn prompts for the
password.

You will see that you already have a number of getty processes already
running on your system, for the virtual consoles (Alt-F1 to Alt-F8):

$ ps auxwww | grep getty

You can use the same program to produce a login prompt down a serial port.
However it's a fairly dumb program; you will have to configure your modem
into auto-answer mode. When the modem answers a call, it raises DCD, and
this should be enough to trigger a login prompt from getty. However there
are a number of potential pitfalls; in particular you should be careful that
your modem has its serial port *fixed* to a particular bit rate, say
38400bps, to match what getty is using. How you do this depends very much on
the modem type.

mgetty works a bit differently if I remember rightly: it uses a chat script.
It looks for the message "RING" from the modem, sends "ATA" to tell it to
answer, then waits for "CONNECT". This works very well because sending the
"ATA" command ensures that the modem's serial port sets itself to the same
speed as mgetty is using. Also, if you should decide to disable mgetty for
any reason (e.g. system is down for maintenance), then the phone will not be
answered.

mgetty is available in ports. Use the usual approach to install:

# cd /usr/ports/comms/mgetty+sendfax
# make all install clean

Or perhaps there is a binary package on your install CD or set of CDs. Then
use pkg_info -L mgetty\* to see what files were installed, including
documentation.

Now, that gets you as far as allowing someone to dial in with a terminal
program and login with a system username/password. You can then set up an
account whose login shell starts a ppp session. However, the client would
have to use a login script to be able to connect and start ppp on the
server.

Fortunately, mgetty has a second useful feature: ppp autosense. Using that,
if the client program starts sending ppp LCP packets, mgetty will
automatically start pppd without the user having to login. In that case,
pppd becomes responsible for authenticating the connection via PAP or CHAP.
Typically you put your ppp usernames and passwords in pap-secrets or
chap-secrets, or you can probably point pppd at a RADIUS server.

This works well, and means you don't need to create any system accounts for
your dialin PPP users.

Hope this makes sense... a bit of googling should fill in the details for
you.

Regards,

Brian.


More information about the afnog mailing list