[ Back to Kevin's Homepage ]

pppd Linux (RedHat 7.0) with WWC as provider

A few things changed when I upgraded from my original Ricochet to my new Ricochet GS modem, and changed from Ricochet to Wireless Web Connect (WWC) as my provider. I started with instructions from http://phobos.illtel.denver.co.us/~abelits/metricom/. These instructions created for RedHat 7.0, but will probably work with 6.2, and should work with most pppd servers. I have not tried setting up the USB interface; only serial. USB requires a kernel upgrade to at least 2.2.18, plus installation of whatever scripts and utilities are needed to run USB. Please see www.linux-usb.org for more details

$ cat /etc/ppp/peers/r2
ttyS0 115200 crtscts
## first line should point at the correct serial port
ipparam ricochet
connect    '/usr/sbin/chat -v -f /etc/sysconfig/network-scripts/chat-r2'
# The novj option was needed in the original Ricochet network, but not
# with R2 network / GS modem
# uncomment the following for dial on demand
# hangup if idle for 1800 seconds = 30 minutes
idle 1800
# it takes 30 seconds for the ricochet to hang up, so wait 30 seconds
# after a hangup before attempting to dial again
holdoff 30
# make ppp0 your default route to the outside world
# define the name of the ppp server you're dialing into
remotename wwc
## Configure the following two so that the user/password match your WWC
## POP username/password.  Without a user/passwd, you cannot logon.
## This behaviour is different, compared to the original Ricochet network
## NOTE: password is stored in /etc/ppp/pap-secrets
user kjw

$ cat /etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client        server  secret                  IP addresses
kjw             wwc     -YOUR-PASSWORD-HERE-

$ cat /etc/sysconfig/network-scripts/chat-r2
"" "at"
OK "atz"
OK "atdt3333"

To start the configuration, run as root 'pppd call r2' or whatever you've named the configuration file in /etc/ppp/peers. If you have dial on demand, you'll have to ping the ppp interface (ping to get the interface started.

/etc/resolv.conf can be created by pppd, but because of dial-on-demand, I like to hard code it:

$ cat /etc/resolv.conf

To start pppd at boot, add the following to /etc/rc.d/rc.local:

pppd call r2
ping -i 15 -c 10 >/dev/null 2>&1 &

Misc notes

To force ppp to hang up, you can either stop pppd completely with "killall pppd" or if just temporary (and you use dial-on-demand), you can issue "killall -HUP pppd".


I regularly see ~200ms for latency, and 10-12kbyte/sec downloads. Your performance WILL vary, especially by radio strength and number of redundant antennas your modem can see nearby.


As always, putting up a Linux server on the 'net is dangerous. If you're running any stock version of Linux (i.e. no security patches) you are guaranteed to be vulnerable. My recommendation is to turn everything that you can off, and those that you can't, you packet filter them with ipchains. If you must keep the server up all the time or for long periods of time, you must also review your security logs daily. If you don't do so, you'll never know when (not if!) you've been compromised. Yes, it's cynical, but yes it's realistic.

To figure out what services still need to be turned off, use "netstat -na" and look for "*" under Foreign Addresses. For example:

kjw@serval:~ $ netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0  *               LISTEN      
tcp        0      0   *               LISTEN      
tcp        0      0    *               LISTEN      
udp        0      0    *                           
This listing shows three tcp ports in the LISTEN state and one udp port waiting for input. Referring to /etc/services, we can start to get some idea of what these ports are used for: Since I can't do without these services, I have to packet filter them:
ipchains -vnL
IMPORTANT: This is not a complete security guide, just a quickie guide. If your configuration is any different (multiple interfaces, masquerading, more) please refer to the more complete firewall security howto's available on the Net.

created 2001.01.09 kjw