Search:  
Gentoo Wiki

HOWTO_PPP_Dial_In_Server

Contents

Introduction

The point of this HOW-TO is to explain how to setup a dial-in PPP server with dial back support. The reason for this how-to is that at the time of writing, the linux pppd only supports the CBCP client protocol. This led to hours of frustraion for me to do something as simple as call back and I am sure that this will help someone else.

Goals

My goals for this project was to setup a PPP dial-in / dial-back server authing off a Microsoft Active Directory Server. The server would have to support MPPE (encryption) and optionally support MPPC. (compression) All access would be controlled from the Active Directory server.

Hardware Requirements

  1. You should have a modem or modems. I used the Eicon Diva Server PRI card which can support 30 simultaneous calls.

Software Requirements

  1. You should have a Linux system and you should be familiar with kernel installation.
  2. If you want to auth via Active Directory, you will need to install the Microsoft Internet Authentication Service.
  3. A patched kernel with the MPPE/MPPC module if this is a requirement.
  4. A patched pppd that support CBCP server.
  5. mgetty to answer incoming calls.

Configure your kernel

Get the latest source

Make sure you have recent kernel (version numbers are reflecting latest version at the time of this writing, and will likely differ as time goes by):

emerge gentoo-sources
cd /usr/src
unlink linux
ln -sf linux-2.6.14-gentoo-r5 linux (change according to your kernel version)

Patch the kernel

You have to get the patch and apply it to your kernel sources. Download it from here. Make sure you match the patch version with you kernel version. (Note that use of this software in the US may violate patent law. See here)

Note: The patch for kernel 2.6.13 applies to 2.6.14 without errors. Linux 2.6.15 by has MPPE included by default. MPPC is however not part of it. You can still get MPPC to work by removing the MPPE patch that was integrated into 2.6.15 and then applying the MPPC/MPPE patch. (Suggestion from here.)

2.6 gentoo-sources kernel:

cd /usr/src
wget -c http://mppe-mppc.alphacron.de/linux-2.6.13-mppe-mppc-1.3.patch.gz link
cd linux
zcat ../linux-2.6.13-mppe-mppc-1.3.patch.gz | patch -p1 

2.4 gentoo-sources kernel:

cd /usr/src
wget -c http://mppe-mppc.alphacron.de/linux-2.4.28-mppe-mppc-1.2.patch.gz link
zcat ../linux-2.4.28-mppe-mppc-1.2.patch.gz | patch -p1

Configure your kernel

I always compile these things as modules, don't know if they work otherwise. These are the recommendations from the pptpclient project, your connection will not need all of them, but for maximum flexibility/compatibility you should select all of these:

cd /usr/src/linux
make menuconfig

If a module has a --- instead of the selection box, another module required it, so it is already selected.

Kernel 2.6:

 Device Drivers --->
  Networking support --->
   <M> PPP (point-to-point protocol) support
   <M>   PPP support for async serial ports
   <M>     PPP support for sync tty ports
   <M>     PPP Deflate compression
   <M>     PPP BSD-Compress compression
   <M>   Microsoft PPP compression/encryption (MPPC/MPPE)
 Cryptographic options  --->
  [*] Cryptographic API
  [*]   HMAC support
  <M>   MD5 digest algorithm
  <M>   SHA1 digest algorithm #this one is required
  <M>   SHA256 digest algorithm
  <M>   SHA384 and SHA512 digest algorithms
  <M>   DES and Triple DES EDE cipher algorithms ###this one is commonplace too (recommended)
  <M>   ARC4 cipher algorithm #this one is required

Kernel 2.4:

Network device support  --->
  <M> PPP (point-to-point protocol) support
  <M>   PPP support for async serial ports
  <M>     PPP support for sync tty ports
  <M>     PPP Deflate compression
  <M>     PPP BSD-Compress compression
  <M>   Microsoft PPP compression/encryption (MPPC/MPPE)
 Cryptographic options  --->
  [*]   HMAC support
  <M>   MD5 digest algorithm
  <M>   SHA1 digest algorithm  #this one is required
  <M>   SHA256 digest algorithm
  <M>   SHA384 and SHA512 digest algorithms
  <M>   DES and Triple DES EDE cipher algorithms ###this one is commonplace too (recommended)
  <M>   AES cipher algorithms
  <M>   ARC4 cipher algorithm  #this one is required


Compile your kernel

Change arch and kernel name as appropriate:

Kernel 2.6:

make
make modules_install
mount /boot
cp arch/i386/boot/bzImage /boot/2.6.14-gentoo-r5

Kernel 2.4:

make dep
make
make modules
make modules_install
mount /boot
cp arch/i386/boot/bzImage /boot/2.4.28-gentoo-r8

Configure your bootloader as appropriate (in my case I use GRUB). For a quick GRUB reference look at Step 3 in HOWTO_Quick_GRUB, or look at Configuring the Bootloader on the Gentoo Handbook.

Don't forget to reboot into your new kernel.

Get the tools

Necessary packages

You will need the following packages:

net-dialup/mgetty
net-dialup/ppp

Unfortunately you will need to use a patched ppp which is not part of portage.

Configuring portage

You will have to install or recompile ppp with the mppe-mppc dhcp radius eap-tls USE flag. If you don't need any of the features mentioned, don't include them in your flags. Portage gives you several options for that:

You can edit /etc/make.conf and enable mppe-mppc dhcp radius eap-tls system-wide, by adding it to your USE variable:

File: /etc/make.conf
  USE="mppe-mppc dhcp radius eap-tls"
  

Alternatively, you can edit /etc/portage/package.use and enable the mppe-mppc USE flag to the ppp package only:

File: /etc/portage/package.use
  net-dialup/ppp mppe-mppc dhcp radius eap-tls
  

After you have configured the USE flag, emerge the packages:

emerge ppp
Retrieved from "http://www.gentoo-wiki.info/HOWTO_PPP_Dial_In_Server"

Last modified: Sun, 25 Feb 2007 10:26:00 +0000 Hits: 9,509