download

Chapter 9The next step is to modify the PPP server configuration parameters, so the clientscan establish a PPP connection after they establish the serial line connection (usingmodem). This is done by adding an incoming tag to the PPP configuration filelocated at /etc/ppp/ppp.conf:incoming:enable papallow users *enable dnsset ifaddr 10.1.1.2 10.1.1.5 255.255.255.248This is the typical PPP configuration that authenticates users using the PasswordAuthentication Protocol (PAP) against the /etc/ppp/ppp.secret file. This alsoallows all authenticated users to log in (hence the allow users * statement). Theremay be cases where you want to authenticate only some specific users that you havedefined in the ppp.secret file, using this profile. In such cases you should changethis line to the following:allow user johnThis will allow only user john to login using PPP protocol.The enable dns statement tells PPP to return system's DNS server addresses to theclient, if requested.And the last line, which is the most important line, configures the IP address poolthat will be used to assign IP address to users. In our example, an IP address between10.1.1.2 and 10.1.1.5 with subnet mask 255.255.255.248 will be assigned tothe user.Do not forget to enable IP routing on your server, if you want to routetraffic between your PPP client interfaces and the LAN interface.There is one last note—when you want to change the default gateway of your client,you should also add the following line to the incoming tag:add default HISADDRThis will set the address of the client's default gateway to the IP address of thePPP link.Now that you finished tweaking the ppp.conf file, there is one more step that youshould take, to make things work, and that is setting up the users database.[ 151 ]