current-users: Re: dialup server (pppd)

Subject: Re: dialup server (pppd)
To: Chan Yiu Wah <c5666305@hkstar.com>
From: Miles Nordin <carton@Ivy.NET>
List: current-users
Date: 02/17/2000 22:49:51
On Fri, 18 Feb 2000, Chan Yiu Wah wrote:

> Feb 18 11:33:08 pc77 pppd[451]: Peer is not authorized to use remote address 192.168.200.159
> ------- /var/log/messages  -------
> 
> ------- /etc/ppp/options.tty00 ------
> 192.168.200.77:192.168.200.159
> nodefaultroute
> noauth
> ------- /etc/ppp/options.tty00 ------

According to the docs, noauth should take care of the problem I'm about to
solve in a more complicated way, but maybe the simple way is broken. I
know the default for this stuff changed recently. from pppd(8):

       The default behaviour of pppd is to allow  an  unauthenti-
       cated  peer  to  use a given IP address only if the system
       does not already have a route to  that  IP  address.   For
       example, a system with a permanent connection to the wider
       internet will normally have a default route, and thus  all
       peers will have to authenticate themselves in order to set
       up a connection.  On such a system, the auth option is the
       default.
[...]
       In some cases it is desirable to allow  some  hosts  which
       can't  authenticate themselves to connect and use one of a
       restricted set of IP addresses, even when the  local  host
       generally requires authentication.  If the peer refuses to
       authenticate itself when requested,  pppd  takes  that  as
       equivalent  to  authenticating  with  PAP  using the empty
       string for the username and password.  Thus, by  adding  a
       line  to  the  pap-secrets  file which specifies the empty
       string for the client and  password,  it  is  possible  to
       allow restricted access to hosts which refuse to authenti-
       cate themselves.

I therefore suggest creating (or editing) this file, on the server.  The
effect of this line should be approximately equivalent to noauth.

/etc/ppp/pap-secrets
#chap:
# client	server		secret		allowed IP's
#pap, applicant:
# user		remotename	secret
#pap, supplicant:
# user		our (host)name	secret		allowed IP's
#
""		*		""		*

-- 
Miles Nordin / v:+1 720 841-8308 fax:+1 530 579-8680
555 Bryant Street PMB 182 / Palo Alto, CA 94301-1700 / US