[afnog] PPP dial in on FreeBSD
antonio at nambu.uem.mz
antonio at nambu.uem.mz
Fri Oct 29 10:58:32 EAT 2004
Hi,
Thanks for the useful info. I have now installed mgetty and done the
ppp config. I will now test and see if it works. I have made a
ppp.secrets file as outlined in a web site with the users and passwords
for pap and chap.
Cheers,
On 28 Oct 2004 at 10:07, Brian Candler wrote:
> On Thu, Oct 28, 2004 at 10:32:27AM +0200, antonio at nambu.uem.mz wrote:
> > It is very useful the info, I have read it but I am still confused
> about the > getty and mgetty. After reading about it in the net it
> seems that mgetty > is the better choice but it seems it needs to be
> installed. I am possibly > going to try it but I am still confused
> about the connection between > PPP and mgetty.
>
> getty/mgetty is the program which produces the login: prompt, collects
> the username, and spawns the login program which in turn prompts for
> the password.
>
> You will see that you already have a number of getty processes already
> running on your system, for the virtual consoles (Alt-F1 to Alt-F8):
>
> $ ps auxwww | grep getty
>
> You can use the same program to produce a login prompt down a serial
> port. However it's a fairly dumb program; you will have to configure
> your modem into auto-answer mode. When the modem answers a call, it
> raises DCD, and this should be enough to trigger a login prompt from
> getty. However there are a number of potential pitfalls; in particular
> you should be careful that your modem has its serial port *fixed* to a
> particular bit rate, say 38400bps, to match what getty is using. How
> you do this depends very much on the modem type.
>
> mgetty works a bit differently if I remember rightly: it uses a chat
> script. It looks for the message "RING" from the modem, sends "ATA" to
> tell it to answer, then waits for "CONNECT". This works very well
> because sending the "ATA" command ensures that the modem's serial port
> sets itself to the same speed as mgetty is using. Also, if you should
> decide to disable mgetty for any reason (e.g. system is down for
> maintenance), then the phone will not be answered.
>
> mgetty is available in ports. Use the usual approach to install:
>
> # cd /usr/ports/comms/mgetty+sendfax
> # make all install clean
>
> Or perhaps there is a binary package on your install CD or set of CDs.
> Then use pkg_info -L mgetty\* to see what files were installed,
> including documentation.
>
> Now, that gets you as far as allowing someone to dial in with a
> terminal program and login with a system username/password. You can
> then set up an account whose login shell starts a ppp session.
> However, the client would have to use a login script to be able to
> connect and start ppp on the server.
>
> Fortunately, mgetty has a second useful feature: ppp autosense. Using
> that, if the client program starts sending ppp LCP packets, mgetty
> will automatically start pppd without the user having to login. In
> that case, pppd becomes responsible for authenticating the connection
> via PAP or CHAP. Typically you put your ppp usernames and passwords in
> pap-secrets or chap-secrets, or you can probably point pppd at a
> RADIUS server.
>
> This works well, and means you don't need to create any system
> accounts for your dialin PPP users.
>
> Hope this makes sense... a bit of googling should fill in the details
> for you.
>
> Regards,
>
> Brian.
More information about the afnog
mailing list