OK, so for today’s relaxing session, I though I should setup a PPP/PAP Dial-up server using a Raspberry Pi 3 box.
So here’s the hardware:
- Cisco SPA112 ATA connected to a Yeastar Asterisk Based PBX
- AudioCodes MP114 ATA Connected to a Yeastar Asterisk Based PBX
- US Robotics Courrier 56K V.Everything + ATEN USB to COM Adapter connected to the AudioCodes MP114 ATA
- US Robotics USB Modem USR5637 connected to Cisco SPA112 ATA
- Raspberry PI3 model B connected wired to a Mikrotik CRS326-24G-2S+ and from there to the Internet
So, installed Ubuntu 20.04 LTS (Focal) on a MicroSD card and installed it in the Raspberry PI3. Note that the default user/pass are: ubuntu/ubuntu and you are required to change the password after the 1st login.
- Configured a static IP on the Pi box
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
ubuntu@ubuntu:/etc/netplan$ ls 50-cloud-init.yaml ubuntu@ubuntu:/etc/netplan$ cat 50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: eth0: addresses: [172.17.77.152/24] gateway4: 172.17.77.100 nameservers: addresses: [172.17.77.100,192.168.100.100] version: 2 ubuntu@ubuntu:/etc/netplan$ |
- after inserting the USR5637 USB Modem in the Pi box, run a dmesg command ad you’ll find the port used by your modem (in my case TTYACM0)
|
1 |
[ 11.280537] cdc_acm 1-1.2:2.0: ttyACM0: USB ACM device |
- Install Minicom: apt install minicom
- run minicom -s and select “Serial Port Setup”
- In Minicom change the setting: A – Serial Device from the default to your device – in my case /dev/ttyACM0 (0 is Zero)
- Save setup as dfl in Minicom
To test, start Minicom and start issuing ATI Commands to the modem (e.g. ATI 3)
- Exit Minicom – ALT-A + X
Now we know that the modem connected to the Raspberry Pi 3 is working.
On with the PPP Server configuration
- Install mgetty: sudo apt-get install ppp mgetty
- Create a systemd service for mgetty – you need to create the file – nano /lib/systemd/system/mgetty.service and put the following inside:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[Unit] Description=External Modem Documentation=man:mgetty(8) Requires=systemd-udev-settle.service After=systemd-udev-settle.service [Service] Type=simple ExecStart=/sbin/mgetty /dev/ttyACM0 Restart=always PIDFile=/var/run/mgetty.pid.ttyACM0 [Install] WantedBy=multi-user.target |
- configure mgetty using /etc/mgetty/mgetty.config. You can comment everything and append the following for the serial device:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
debug 9 port ttyUSB0 port-owner root port-group dialout port-mode 0660 data-only yes ignore-carrier no toggle-dtr yes toggle-dtr-waittime 500 rings 2 #autobauding yes speed 9600 |
- enable mgetty service to start at system boot: sudo systemctl enable mgetty.service
- start mgetty: sudo systemctl start mgetty.service
- let’s now configure PPP by editing /etc/ppp/options then comment everything except the settings elow:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# Define the DNS server for the client to use ms-dns 8.8.4.4 # async character map should be 0 asyncmap 0 # Require authentication auth # Use hardware flow control crtscts # We want exclusive access to the modem device lock # Show pap passwords in log files to help with debugging show-password # Require the client to authenticate with pap +pap # If you are having trouble with auth enable debugging debug # Heartbeat for control messages, used to determine if the client connection has dropped lcp-echo-interval 30 lcp-echo-failure 4 # Cache the client mac address in the arp system table proxyarp # Disable the IPXCP and IPX protocols. noipx |
- create a device option file by editing /etc/ppp/options.ttyACM0 – here you can define the IP class that your dial-in users will receive
|
1 2 3 4 5 6 7 8 |
local lock nocrtscts 192.168.32.1:192.168.32.105 netmask 255.255.255.0 noauth proxyarp lcp-echo-failure 60 |
- Now let’s create the user we will use for PAP authentication:
|
1 |
sudo useradd -G dialout,dip,users -m -g users -s /usr/sbin/pppd dial |
- set the password for the dial user: sudo passwd dial
- edit the /etc/ppp/pap-secrets and append the following line:
|
1 |
dial * "dial" * |
The password for the dial user will be taken from the OS.
- enable packet forwarding for IPv4 addresses by editing /etc/sysctl.conf
|
1 |
net.ipv4.ip_forward=1 |
- configure the firewall to allow traffic forwarding from the PPP interface to the LAN (the Internet): so create t a file called rc.local under /etc/ and put the following inside:
|
1 |
iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -o eth0 -j MASQUERADE |
Now let’s configure a dial-up connection in Windows and be sure to check the “show terminal window” in the security settings:
- Put the Dial-up client to dial the number of the USB Modem USR5637 connected to the PI and after a successful carrier connect, you should get something similar to the prompt below, where you will enter the user/pass for the dial user and after getting the PPP frames (weird characters at the bottom of the screenshot), click OK to start authenticating with PAP
Then you can check the dial-up connection properties and see that the assigned IP is in the range that we defined above in the /etc/ppp/options.ttyACM0 file.
And yes, you have Internet access (damn slow, but you have it 🙂 )
Hope you enjoyed this as much as I did!