+Once the ppp-2.x software is installed, you need to configure your
+system for the particular PPP connections you wish to allow. Typically,
+the elements you need to configure are:
+
+@itemize @bullet
+@item
+How the serial link is established and how pppd gets invoked.
+@item
+Setting up syslog to log messages from pppd to the console and/or
+system log files.
+@item
+Pppd options to be used.
+@item
+Authentication secrets to use in authenticating us to the peer
+and/or the peer to us.
+@item
+The IP addresses for each end of the link.
+@end itemize
+
+In most cases, the system you are configuring will either be a
+@dfn{client} system, actively initiating a PPP connection on user
+request, or it will be a @dfn{server} system, passively waiting for
+connections from client systems. Other arrangements are possible, but
+the instructions in this system assume that you are configuring either a
+client or a server.
+
+These instructions also assume that the serial link involves a serial
+communications port (that is, a tty device), since pppd requires a
+serial port.
+
+@menu
+* Client machines::
+* Server machines::
+* Setting up syslog::
+* Pppd options::
+* Authentication secrets files::
+* IP Addresses::
+@end menu
+
+@node Client machines, Server machines, Configuration, Configuration
+@section Client machines
+
+On a client machine, the way that the user requests that a connection be
+established is by running pppd, either directly or through a shell
+script. Pppd should be given the name of the serial port to use as an
+option. In this mode, pppd will fork and detach itself from its
+controlling terminal, so that the shell will return to its prompt. (If
+this behaviour is not desired, use the -detach option.)
+
+Usually, the connect option should also be used. The connect option
+takes an argument which is a command to run to establish the serial link
+and invoke PPP software on the remote machine. This command is run with
+its standard input and standard output connected to the serial port.
+Giving the connect option to pppd also has the side-effect of causing
+pppd to open the serial port without waiting for the modem carrier
+detect signal.
+
+The process of establishing the serial link often involves a dialog. If
+the serial port is connected to a modem, we first need to send some
+commands to the modem to configure it and dial the remote system. Often
+there is then a dialog with the remote system to supply a username and
+password. The @file{chat} program supplied with the ppp-2.x package is
+useful for automating such dialogs. Chat uses a @dfn{script} consisting
+of alternately strings to expect to receive on the serial port, and
+strings to send on the serial port. The script can also specify strings
+which indicate an error and abort the dialog.
+
+@node Server machines, , Client machines, Configuration
+@section Server machines
+
+There are generally three ways in which a server machine can be set up
+to allow client machines to establish a PPP link:
+
+@enumerate
+@item
+Client machines log in as regular users (often via a serial port
+connected to a modem, but possibly through a telnet or rlogin session)
+and then run pppd as a shell command.
+@item
+Client machines log in using a username whose login shell is pppd
+or a script which runs pppd.
+@item
+Client machines connect to a serial port which has a pppd running
+permanently on it (instead of a "getty" or other program providing a
+login service).
+@end enumerate
+
+Method 1 is very simple to set up, and is useful where existing users of
+a system have remote machines (for example at home) from which they want
+to establish a PPP connection from time to time. Methods 2 and 3
+possibly have a security advantage in that they do not allow PPP client
+systems access to a shell. Method 2 allows regular logins and PPP
+connections on the same port, while with method 3, would-be crackers may
+well be frustrated (unless they speak fluent PPP).
+
+With any of these methods, I strongly recommend that you configure PPP
+to require authentication from the client, by including the `auth'
+option in the /etc/ppp/options file.
+
+@node Setting up syslog, , Server machines, Configuration
+@section Setting up syslog
+
+Pppd uses the @file{syslog} facility to report information about the
+state of the connection, as does @file{chat}. It is useful to set up
+syslog to print some of these messages on the console, and to record
+most of them to a file. The messages from pppd are logged with facility
+@samp{daemon} and one of three levels:
+@itemize @bullet
+@item
+@samp{notice} for messages about important events such as the
+connection becoming available for IP traffic and the local and remote IP
+addresses in use.
+@item
+@samp{info} for messages about less important events, such as
+detecting a modem hangup.
+@item
+@samp{debug} for messages which are of use in working out why the
+connection is not working properly.
+@end itemize
+
+The messages from chat are logged with facility @samp{local2} and level
+@samp{debug}.
+
+Syslog is controlled by the syslog configuration file
+@file{/etc/syslog.conf}. Generally the standard configuration will log
+facility @samp{daemon} messages with level @samp{notice} and above to a
+system log file such as @file{/var/log/syslog} (the name may vary on
+different systems). I find it useful to have the notice level messages
+from pppd displayed on the console, and all messages from pppd and chat
+logged to a file such as @file{/etc/ppp/log}. To achieve this,
+find the line in /etc/syslog.conf which has /dev/console
+on the right-hand side, and add `daemon.notice' on the left. This
+line should end up something like this:
+
+@example
+*.err;kern.debug;auth.notice;mail.crit;daemon.notice /dev/console
+@end example
+
+And add a line like this:
+
+@example
+daemon,local2.debug /etc/ppp/log
+@end example
+
+The space between the left and right hand sides is one or more tabs, not
+spaces, and there are no tabs or spaces at the beginning of the line.
+
+You will need to create an empty @file{/etc/ppp/log} file; syslogd will
+not create it. Once you have modified @file{/etc/syslog.conf}, you need
+to either reboot or notify syslogd to re-read the file. On most
+systems, you notify syslogd by sending it a SIGHUP signal. Syslogd's
+process ID is usually stored in a file such as @file{/etc/syslogd.pid}
+or @file{/var/run/syslog.pid}. Thus you can notify syslogd to re-read
+the file by executing a command such as:
+
+@example
+kill -HUP `cat /etc/syslogd.pid`
+@end example
+
+@node Pppd options, , Setting up syslog, Configuration
+@section Pppd options
+
+@node Authentication secrets files, , Pppd options, Configuration
+@section Authentication secrets files
+
+@node IP Addresses, , Authentication secrets files, Configuration
+@section IP Addresses
+