Connecting a Palm to Linux using PPP Connecting a Palm to Linux using PPPWhile I was more than happy to discover that it synchronized quite well with Microsoft Outlook, my company's e-mail client of choice, I quickly wanted to do more with it. AvantGo's offline browser was the first 'killer app' for network connectivity I discovered. AvantGo lets you download web pages for viewing on the palm in offline mode. As typically configured, AvantGo synchronizes using a conduit on your PC whenever you do a HotSync. While this works well, it does mean that your AvantGo content is only as current as your last sync.
The promise of Internet e-mail, web browsing and real-time access proved to be too much to resist. I had to get my Palm connected directly to a network! After reading through David Pogue's PalmPilot: The Ultimate Guide (an excellent book, although slightly dated even in the 2nd edition), I knew that such things were possible.
After fussing about with Linux a bit, I was able to get it all working quite well. Here are some notes on the steps I took...
I've gone with a very straightforward configuration here for the first example. It doesn't do authentication or other measures typically related with end-user access to PPP. Although this could be considered a 'bad thing', I'm comfortable with it because:
1. The Palm cradle will be the only thing connected to the serial port.
2. Anyone with access to the cradle is within two feet of the console keyboard anyhow.
3. Anyone within two feet of the console keyboard is already in my house, and presumably will be getting chewed on by my bulldog at that point.
4. It sure makes life a lot simpler.
If you are considering setting up your Linux server to allow dial-up access via PPP, please be sure to become familiar with the authentication options available with pppd! As shown in our step-by-step, pppd makes no effort whatsoever to verify who's really using the device at the other end. Please review the additional security notes that follow!
This one's pretty simple in terms of requirements:
1. Your Palm and sync cradle or travel cable.
2. Your PC running Linux with an available serial port.
3. Any adapters required to connect your cradle/sync cable to the serial port.
In the interest of having everything ready-to-go at all times, I decided to launch pppd from /etc/inittab. If you're not familiar with this file, I'd strongly suggest spending some time with the man page (man inittab) and related files. For our purposes, suffice to say that inittab is typically configure programs to be launched on system startup, typically to make sure necessary programs are always running to log users in. I'm going to add one of these for my nefarious purposes, namely launching pppd and making sure it's always alive and listening on my COM1: serial port.
First, we need to add a new entry to our existing /etc/inittab file. Note that this should appear as a single unbroken line in /etc/inittab:
palm:2345:respawn:/usr/sbin/pppd /dev/ttyS0 115200 192.168.25.21:192.168.25.22 proxyarp persist local noauth silent nodetach ms-dns 192.168.25.2
(line shown wrapped for clarity)
Here's a superficial breakdown of each parameter:
| Item | Usage |
| palm | Identifies the init process to be used. Any name up to four characters is fine. |
| 2345 | Tells init to launch this program in runlevels 2-5. |
| respawn | Tells init to make sure that one of these processes is always running. A new pppd will be launched if this one dies. |
| /usr/sbin/pppd | The ppp daemon. Since we're running this from init, it will have the required root privileges, making our lives much simpler. |
| /dev/ttyS0 | The serial port corresponding to COM1: |
| 115200 | The port speed to use. |
| 192.168.25.21:192.168.25.22 | The IP addresses to be used by the server and client (Palm) sides of the connection, respectively. These should be valid, unique addresses for your environment. |
| proxyarp | Tells pppd to handle ARP requests on behalf of the connected device (our Palm). |
| persist | Tells pppd to re-open the connection when a connection is terminated, rather than exiting. By launching pppd via inittab, this isn't really necessary, but I prefer it this way. |
| local | Tells pppd not to use modem control features. |
| noauth | Bypasses all authentication. NOT a good idea if you're connecting via dial-up! |
| silent | Tells pppd to wait for the connecting device to send LCP packets rather than trying (and failing) when no device is connected. Replaces the 'passive' option in older versions. |
| nodetach | Tells pppd to stay attached to the controlling terminal rather than forking off as a background process. We want ONE pppd in charge of this vty! |
| ms-dns 192.168.25.2 | Tells pppd to send our DNS server (192.168.25.2 in my case) parameters to the attached device. This avoids having to hard-code values on the Palm, in case things change. |
Refer to the pppd man page for more details (man pppd).
Now that we've edited /etc/inittab, we need to notify the system of the change. This is done using the telinit command as root:
telinit q
This simply tells init to re-examine the /etc/inittab file. Monitor your console screen for any errors. If you have problems, refer to the pppd manpage for details. You can launch pppd from the command line to test until you get the parameters right. For more details, check out the init and telinit manpages (man init, man telinit).
Make sure pppd is running with the appropriate parameters:
ps ax | grep pppd
If a pppd process is already running in control of your serial port, simply kill it off and a new one should start using our reconfigured /etc/inittab parameters. (man ps, man kill for more details)
Configuring the Palm is straightforward. First, launch the Preferences application and open the Connection screen:
I chose to create a new connection (Serial to PC) rather than edit one of the existing configurations. Simply tap the New... button to open the Edit screen. Name your connection...
and select a Connection method...
Tap on the Details... button and set Speed and Flow control options. I used a speed of 115,200 bps and Automatic flow control settings. These have worked quite well on my Linux box (500MHz dual-Celeron running RedHat 6.2).
Return to the Preferences screen and open the Network settings screen. I chose to create a new network connection by duplicating an existing entry. For this configuration, we will not be using authentication, so the User Name and Password fields can be left blank:
Tap on the Details... button and set the Connection type to PPP. Check the options for Query DNS and IP Address Automatic assignment. The PPP server (Linux) will provide the DNS and IP addresses, so we can set those to be assigned automatically:
No login script is required, so tap the Script... button and verify that it's empty:
Now we're ready to go! Return to the Network preferences screen and tap the Connect button. With any luck, you'll see the PPP negotiation progress, and briefly see the Established screen shown here:
Once connected, notice that the button at the bottom has changed to Disconnect, indicating that you're 'live'. At this point, you can switch to any network enabled application and use it.
You do not have to establish a connection manually. Networked applications will automatically launch the network connection you've currently selected via the Preferences applet as needed.
At this point, your Palm should be a stylin', surfing machine. Just fire up the networked app of your choice, and it should connect automatically.
Here are a few live-action shots of a session doing a modem (network) sync using AvantGo. Notice that no PC-based conduit is required. Just open the menu and select Modem Sync. The Mobile Link screen will pop up...
and automatically begin the sync process after a few seconds. Once that starts, you should see your PPP connection being made...
AvantGo reaching out and finding its server...
and sync'ing up without the help of a PC...
That's it! A network-connected and aware Palm device.
Although the solution shown above is suitable for a home or secured office environment, there are times where using some sort of authentication for your Palm connections (and any others for that matter!) are a good thing. The Linux PPP daemon (pppd) provides several authentication mechanisms. While an in-depth review of these is beyond the scope of this page, please review the pppd documentation (man pppd) for clarification of these steps.
The most secure option is to use CHAP, which provides for encrypted authentication exchanges. This makes is less susceptible to sniffing and other passive attacks. To use CHAP with individual accounts specific to each device, you need to set up a chap-secrets file. Here's a simplified /etc/pppd/chap-secrets file:
# Secrets for authentication using CHAP # client server secret IP addresses user * "secret" 192.168.25.22
where user and "secret" correspond to the User Name and Password fields used on the Network Preferences screen on your Palm:
Test your connection with:
/usr/sbin/pppd /dev/ttyS0 115200 192.168.25.21:192.168.25.22 proxyarp \ local require-chap silent nodetach ms-dns 192.168.25.2
(line shown wrapped for clarity) replacing the tty port IP and DNS addresses with locally suitable values.
This will force logins to use CHAP with an account configuration you set up in /etc/ppp/chap-secrets. Note that while this works very well, it can be cumbersome to create chap-secrets entries for many users.
To simplify things, you might be able to use PAP, which only does unencrypted authentication exchanges. On the plus side, CHAP will let you re-use existing logins on the Linux PPP server box. This is a compromise, and if there's a chance someone could monitor the communications link between your Palm and the Linux server, they could conceivably scoop up your passwords. Since I can live with that risk, I used PAP with:
/usr/sbin/pppd /dev/ttyS0 115200 192.168.25.21:192.168.25.22 proxyarp \ local require-pap login silent nodetach ms-dns 192.168.25.2
(line shown wrapped for clarity)
(Notice the new require-pap and login options) PAP uses a different file to hold our secrets, although the format is identical. Here's a working /etc/ppp/pap-secrets:
# Secrets for authentication using CHAP # client server secret IP addresses * * "" 192.168.25.22
Notice the use of wildcards for the client, server and secret fields. The login option tells pppd to authenticate against their Linux login accounts AFTER passing our (weak) PPP authentication. Using this approach, you should be able to attach using User Name and Password fields used on the Network Preferences screen on your Palm that match existing Linux logins.
Test it all manually before putting it in /etc/inittab!
Now that it's all working, you can add everything to /etc/inittab. I have encountered a problem where my inittab entries are too long. You'll notice a series of "spawning too fast" messages in your syslog output and pppd won't launch if this happens.
To remedy this, we can shorten the number of parameters listed in inittab if we create an /etc/ppp/options.ttyS0 (make sure to use the right tty!) file containing most of our pppd options:
$ cat /etc/ppp/options.ttyS0
lock proxyarp local require-pap login silent nodetach ms-dns "192.168.25.2"
Finally, we can update our palm entry in /etc/inittab. I've gone with the PAP approach to re-use existing Linux logins. Replacing the require-pap and login entries with require-chap should allow CHAP to work similarly.
palm:2345:respawn:/usr/sbin/pppd /dev/ttyS0 115200 192.168.25.21:192.168.25.22
Don't forget to re-read /etc/inittab:
telinit q
And make sure pppd is answering appropriately:
ps ax | grep pppd
Now try a PPP connection from the Palm.
And there you go! A moderately secure, fully connected Palm!
- Bob
