Technical data
81
#refuse-chap
#
# The following option disables the identification via "clear text"
# user name and password transmission and
# enable CHAP and derivates
#
refuse-pap
+chap
+chapms
+chapms-v2
#
# Allows to set idle link timeout
#
#idle 900
7. In case you plan to use the PAP authentication protocol, create the file /etc/ppp/pap-secrets:
# Secrets for authentication using PAP
# client server secret IP addresses
test1 * pwdtest1 *
test2 * pwdtest2 *
In case you plan to use the CHAP authentication protocol, create the file /etc/ppp/chap-secrets:
# Secrets for authentication using CHAP
# client server secret IP addresses
test1 * pwdtest1 *
test2 * pwdtest2 *
8. Create for every ttydsxx interface that you use for the dial-in server (i.e. where mgetty was started) one
/etc/ppp/options.ttydsxx file that contains the IP addresses for local and remote ends of the PPP link. In this
example, the configuration file /etc/ppp/options.ttyds01 contains:
#
# Options that differ for every TTY interface (i.e. IP address)
#
# LOCAL IP:REMOTE_IP 192.168.212.240:192.168.212.241
9. Optionally, you can use dynamic IP address assignment. Please refer to "pppd" documentation for details.
10. If you plan to allow access from the router to your network, it is necessary to allow IP forwarding: echo 1 >
/proc/sys/net/ipv4/ip_forward.
11. Execute "kill -HUP 1" to start mgetty processes (this command will inform "init" process about changes in
the /etc/inittab file).
Now, the dial-in server is running. You can use name/password pairs "test1/pwdtest1" and "test2/pwdtest2" and
CHAP/MS- CHAP protocol to gain access to the system.