UNIX System Administration Handbook - Evi Nemeth [178]
Software to implement both of these connection schemes is included with most versions of PPP.
Finding a host to talk to
If you’re setting up a link between two sites within your own company or, perhaps, between home and work, you can simply install the PPP software on both ends. However, if your intent is to use PPP to obtain an Internet connection, you’ll probably need to deal with a commercial ISP. Most ISPs offer dial-up PPP service to the public at a reasonable cost.
Assigning an address
Just as you must assign an IP address to a new host on your Ethernet, you need to assign an IP address to each PPP interface. There are a number of ways to assign addresses to these links (including assigning no addresses at all). We discuss only the simplest method here.
See page 298 for more information about assigning IP addresses.
Think of a PPP link as a network of its own. That is, a network of exactly two hosts, often called a “point-to-point” network. You need to assign a network number to the link just as you would assign a network number to a new Ethernet segment, using whatever rules are in effect at your site. You can pick any two host addresses on that network and assign one to each end of the link. Follow other local customs, such as subnetting standards, as well. Each host then becomes a “gateway” to the point-to-point network as far as the rest of the world is concerned.
DHCP can also be used to assign the IP address at the end of a PPP link. ISPs typically offer home service that uses DHCP and business service that costs more but includes static addresses.
Routing
Since PPP requires the remote server to act as an IP router, you need to be concerned with IP routing just as you would on a “real” gateway, such as a machine that connects two Ethernets. The purpose of routing is to direct packets through gateways so that they can reach their ultimate destinations. Routing can be configured in several different ways.
See Chapter 14 for more information about routing.
A run-of-the-mill PPP client host should have a default route that forwards packets to the PPP server. Likewise, the server needs to be known to the other hosts on its network as the gateway to the leaf machine.
Most PPP packages handle these routing chores automatically.
Ensuring security
Security issues arise whenever you add a host to a network. Since a host connected via PPP is a bona fide member of the network, you need to treat it as such: verify that the system has no accounts without passwords or with insecure passwords, that all appropriate vendor security fixes have been installed, and so on. See the Security issues section on the next page for some specifics on network security.
See Chapter 21 for more information about security.
Using terminal servers
You may find that once you begin offering PPP connections to home users, you have more requests than you have serial ports. A number of terminal servers offer PPP capability, and recent ones also have integrated modems. Our favorite is the Lucent Portmaster 3. The Cisco Access Server AS5x00 series is also popular. These products provide a convenient and easily maintainable source of serial ports complete with PPP software already installed. They allow you to establish a dial-in “pool” of modems that offer PPP service to off-site users.
Using chat scripts
Many PPP implementations use a “chat script” to talk to the modem and also to log in to the remote machine and start up a PPP server. The idea of a chat script originated with the UUCP store-and-forward system of days gone by. It consists of a sequence of strings to send and strings to expect in return, with a limited form of conditional statement that can express concepts such as “expect the string ‘Login’, but if you don’t get it, send a carriage return and wait for it again.”
Most PPP implementations come with sample chat scripts that you can adapt to your own environment. You’ll need to edit the scripts to set parameters such as the telephone number to call and the command