Subject: Re: dialup server (pppd)
To: Miles Nordin <carton@Ivy.NET>
From: Chan Yiu Wah <c5666305@hkstar.com>
List: current-users
Date: 02/18/2000 11:57:05
On Thu, 17 Feb 2000, Miles Nordin wrote:
> On Thu, 17 Feb 2000, Chan Yiu Wah wrote:
>
> > ======= options.tty00 (Server) =======
> > 202.66.33.77:202.66.50.159
> > nodefaultroute
> > ======= options.tty00 (Server) =======
>
> > Peer is not authorized to use remote address 202.66.50.159
>
> Try adding 'noauth' to the server's config file. The authentication is
> fairly complex, and can optionally be based on IP address.
>
> If:
> noauth on the server solves your problem
> you want to use ppp-level (as opposed to login-level) authentication on
> the server
> then:
> read the pppd(8) manual page carefully about all that authentication
> knobs. It's explained there, but it's hard to understand and even
> harder to remember. I doubt I could explain it better than they do.
>
> BTW I completely agree with Frederick that you should assign the ppp link
> addresses on a seperate subnet, _not_ addresses from Lan A or Lan B. At
> this point, this advice shouldn't be taken any more lightly than the other
> suggestions we've made. It's a bigger change than some of the other
> suggestions, but Frederick provided command line and config file examples,
> while I provided a network diagram, so between the two of us you should be
> off to a good start on implementing this. From your options file and error
> message it looks like you haven't taken us up on this suggestion yet.
Yes, I agree with it.
>
> The whole story behind this advice is as follows. While PPP has special
> features to work without a separate subnet for the PPP link, it's a
> special case, and you do not need to be exploring its subtle implications
> unless you are an ISP with hundreds of customers. I'm certainly not up to
> the challenge. Especially when you haven't gotten it working the easy way
> (with a separate subnet for the ppp link) first.
>
> If this suggestion plus noauth on the server doesn't solve your problem, i
> guess we'll have to keep thinking.
noauth didn't solve probelm. I had tried to stick to Frederick's
suggestion. Forget me if I interpret wronlgly. Here is the output of the
test. I had tried to route ... before the pppd call test. Thanks in
advance for your help.
Clarence
======================= <<< Client >>> ================
------- netstat -rn -------
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
127.0.0.1 127.0.0.1 UH 0 110 32976 lo0
202.66.33 192.168.200.77 UGS 0 0 1500 ne1
202.66.50 link#1 UC 0 0 1500 ne1
202.66.50.159 00:c0:df:ac:54:8b UHL 0 0 1500 lo0
------- netstat -rn -------
------- /etc/ppp/peers/test -------
/dev/modem 115200 # modem port and speed
connect '/etc/ppp/chat-script "12345678"' # connect script
crtscts # use hardware flow control
lock # lock the modem port on connect
modem # use full modem control
ipcp-accept-local # allow remote to specify our IP address
ipcp-accept-remote # allow remote to specify his IP address
noipdefault # no local defaults for IP addresses
noauth
netmask 255.255.255.0 # netmask for our assigned IP address
user ppp # account name to use to log onto remote
mtu 1500 # maximum transmission size for link
------- /etc/ppp/peers/test -------
------- /var/log/messages -------
Feb 18 19:44:11 lts159 pppd[1061]: pppd 2.3.9 started by root, uid 0
Feb 18 19:44:35 lts159 pppd[1061]: Serial connection established.
Feb 18 19:44:35 lts159 pppd[1061]: Using interface ppp0
Feb 18 19:44:35 lts159 pppd[1061]: Connect: ppp0 <--> /dev/modem
Feb 18 19:44:40 lts159 pppd[1061]: Remote message: Login ok
Feb 18 19:44:40 lts159 pppd[1061]: Deflate (15) compression enabled
Feb 18 19:44:40 lts159 pppd[1061]: local IP address 192.168.200.159
Feb 18 19:44:40 lts159 pppd[1061]: remote IP address 192.168.200.77
Feb 18 19:44:40 lts159 pppd[1061]: IPCP terminated by peer (Unauthorized remote IP address)
Feb 18 19:44:40 lts159 pppd[1061]: LCP terminated by peer (No network protocols running)
Feb 18 19:44:43 lts159 pppd[1061]: Connection terminated.
Feb 18 19:44:43 lts159 pppd[1061]: Connect time 0.1 minutes.
Feb 18 19:44:43 lts159 pppd[1061]: Sent 272 bytes, received 280 bytes.
Feb 18 19:44:45 lts159 pppd[1061]: Exit.
------- /var/log/messages -------
======================= <<< Client >>> ================
======================== ((( Server ))) ==========================
------- netstat -rn -------
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
127.0.0.1 127.0.0.1 UH 0 200 32976 lo0
202.66.33 link#1 UC 0 0 1500 ep0
202.66.33.77 00:60:08:3c:01:c3 UHL 1 69 1500 lo0
202.66.33.255 link#1 UHL 2 63 1500 ep0
202.66.50 192.168.200.159 UGS 0 0 1500 ep0
------- netstat -rn -------
------- /var/log/messages -------
Feb 18 11:33:05 pc77 pppd[451]: pppd 2.3.9 started by root, uid 0
Feb 18 11:33:05 pc77 pppd[451]: Using interface ppp0
Feb 18 11:33:05 pc77 pppd[451]: Connect: ppp0 <--> /dev/tty00
Feb 18 11:33:08 pc77 pppd[451]: Deflate (15) compression enabled
Feb 18 11:33:08 pc77 pppd[451]: Peer is not authorized to use remote address 192.168.200.159
Feb 18 11:33:08 pc77 pppd[451]: Connection terminated.
Feb 18 11:33:08 pc77 pppd[451]: Connect time 0.1 minutes.
Feb 18 11:33:08 pc77 pppd[451]: Sent 217 bytes, received 227 bytes.
Feb 18 11:33:08 pc77 pppd[451]: Exit.
------- /var/log/messages -------
------- /etc/ppp/options.tty00 ------
192.168.200.77:192.168.200.159
nodefaultroute
noauth
------- /etc/ppp/options.tty00 ------
======================== ((( Server ))) ==========================
>
> --
> Miles Nordin / v:+1 720 841-8308 fax:+1 530 579-8680
> 555 Bryant Street PMB 182 / Palo Alto, CA 94301-1700 / US
>
>
>