Print this page
14249 pseudo-terminal nomenclature should reflect POSIX
Change-Id: Ib4a3cef899ff4c71b09cb0dc6878863c5e8357bc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/pppd.1m
+++ new/usr/src/man/man1m/pppd.1m
1 1 '\" te
2 2 .\" Copyright (c) 1989 Carnegie Mellon University. All rights reserved.
3 3 .\" Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
4 4 .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
5 5 .\" Portions Copyright (c) 2008, Sun Microsystems, Inc. All Right Reserved.
6 -.TH PPPD 1M "November 22, 2021"
6 +.TH PPPD 1M "February 5, 2022"
7 7 .SH NAME
8 8 pppd \- point to point protocol daemon
9 9 .SH SYNOPSIS
10 10 .nf
11 11 \fBpppd\fR [\fItty_name\fR] [\fIspeed\fR] [\fIoptions\fR]
12 12 .fi
13 13
14 14 .SH DESCRIPTION
15 15 The point-to-point protocol (PPP) provides a method for transmitting datagrams
16 16 over serial point-to-point links. PPP is composed of three components: a
17 17 facility for encapsulating datagrams over serial links, an extensible link
18 18 control protocol (LCP), and a family of network control protocols (NCP) for
19 19 establishing and configuring different network-layer protocols.
20 20 .sp
21 21 .LP
22 22 The encapsulation scheme is provided by driver code in the kernel. \fBpppd\fR
23 23 provides the basic LCP authentication support and several NCPs for establishing
24 24 and configuring the Internet Protocol (referred to as the IP Control Protocol
25 25 or "IPCP") and IPv6 (IPV6CP).
26 26 .SH OPTIONS
27 27 The following sections discuss the \fBpppd\fR options:
28 28 .SS "Options Files"
29 29 Options are taken from files and the command line. \fBpppd\fR reads options
30 30 from the files \fB/etc/ppp/options\fR, \fB$HOME/.ppprc\fR and
31 31 \fB/etc/ppp/options.\fR\fIttyname\fR (in that order) before processing the
32 32 options on the command line. (Command-line options are scanned for the terminal
33 33 name before the \fBoptions\fR.\fIttyname\fR file is read.) To form the name of
34 34 the \fBoptions\fR.\fIttyname\fR file, the initial \fB/dev/\fR is removed from
35 35 the terminal name, and any remaining forward slash characters (/) are replaced
36 36 with dots. For example, with serial device \fB/dev/cua/a\fR, option file
37 37 \fB/etc/ppp/options.cua.a\fR is read.
38 38 .sp
39 39 .LP
40 40 An options file is parsed into a series of words that are delimited by
41 41 whitespace. Whitespace can be included in a word by enclosing the word in
42 42 double-quotes ("). A backslash (\e) quotes the succeeding character. A hash (#)
43 43 starts a comment, which continues until the end of the line. There is no
44 44 restriction on using the \fBfile\fR or \fBcall\fR options within an options
45 45 file.
46 46 .SS "Frequently Used Options"
47 47 .ne 2
48 48 .na
49 49 \fB\fB<tty_name>\fR \fR
50 50 .ad
51 51 .RS 23n
52 52 Communicate over the named device. The string \fB/dev/\fR is prepended if
53 53 necessary. If no device name is given, or if the name of the terminal connected
54 54 to the standard input is given, \fBpppd\fR uses that terminal and does not fork
55 55 to put itself in the background. A value for this option from a privileged
56 56 source cannot be overridden by a non-privileged user.
57 57 .RE
58 58
59 59 .sp
60 60 .ne 2
61 61 .na
62 62 \fB\fB<speed>\fR \fR
63 63 .ad
64 64 .RS 23n
65 65 Set the baud rate to <\fBspeed\fR> (a decimal number). The default is to leave
66 66 the baud rate unchanged. This option is normally needed for dial-out only.
67 67 .RE
68 68
69 69 .sp
70 70 .ne 2
71 71 .na
72 72 \fB\fBasyncmap\fR \fB\fI<map>\fR\fR \fR
73 73 .ad
74 74 .RS 23n
75 75 Set the \fBasync\fR character map to \fI<map>\fR\&. The map describes which
76 76 control characters cannot be successfully received over the serial line.
77 77 \fBpppd\fR asks the peer to send these characters as a 2-byte escape sequence.
78 78 The argument is a 32 bit hex number, with each bit representing a character to
79 79 escape. Bit 0 (00000001) represents the character 0x00; bit 31 (80000000)
80 80 represents the character 0x1f or ^_. If multiple \fBasyncmap\fR options are
81 81 given, the values are \fBORed\fR together. If no \fBasyncmap\fR option is
82 82 given, \fBpppd\fR attempts to negotiate a value of 0. If the peer agrees, this
83 83 disables escaping of the standard control characters. Use the
84 84 \fBdefault-asyncmap\fR option to disable negotiation and escape all control
85 85 characters.
86 86 .RE
87 87
88 88 .sp
89 89 .ne 2
90 90 .na
91 91 \fB\fBauth\fR \fR
92 92 .ad
93 93 .RS 23n
94 94 Require the peer to authenticate itself before allowing network packets to be
95 95 sent or received. This option is the default if the system has a default route.
96 96 If the \fBauth\fR or the \fBnoauth\fR option is not specified, \fBpppd\fR
97 97 allows the peer to use only those IP addresses to which the system does not
98 98 already have a route.
99 99 .RE
100 100
101 101 .sp
102 102 .ne 2
103 103 .na
104 104 \fB\fBcall\fR \fB\fIname\fR\fR \fR
105 105 .ad
106 106 .RS 23n
107 107 Read options from the file \fB/etc/ppp/peers/\fR\fIname\fR. This file may
108 108 contain privileged options, including \fBnoauth\fR, even if \fBpppd\fR is not
109 109 being run by root. The \fIname\fR string may not begin with a slash ("/") or
110 110 include consecutive periods \fB("..")\fR as a pathname component.
111 111 .RE
112 112
113 113 .sp
114 114 .ne 2
115 115 .na
116 116 \fB\fBcallback\fR \fB\fInumber\fR\fR \fR
117 117 .ad
118 118 .RS 23n
119 119 Request a callback to the given telephone number using Microsoft CBCP.
120 120 .RE
121 121
122 122 .sp
123 123 .ne 2
124 124 .na
125 125 \fB\fBconnect\fR \fB\fIscript\fR\fR \fR
126 126 .ad
127 127 .RS 23n
128 128 Use the executable or shell command specified by \fIscript\fR to set up the
129 129 serial line. This script would typically use the \fBchat\fR(1M) program to dial
130 130 the modem and start the remote \fBPPP\fR session. A value for this option
131 131 originating from a privileged source cannot be overridden by a non-privileged
132 132 user.
133 133 .RE
134 134
135 135 .sp
136 136 .ne 2
137 137 .na
138 138 \fB\fBcrtscts\fR \fR
139 139 .ad
140 140 .RS 23n
141 141 Use hardware flow control, that is, RTS/CTS, to control the flow of data on the
142 142 serial port. If the \fBcrtscts\fR, \fBnocrtscts\fR, \fBcdtrcts\fR or
143 143 \fBnocdtrcts\fR option is not provided, the hardware flow control setting for
144 144 the serial port is left unchanged. Some serial ports lack a true RTS output and
145 145 use this mode to implement unidirectional flow control. The serial port
146 146 suspends transmission when requested by the modem by means of CTS but cannot
147 147 request the modem to stop sending to the computer. This mode allows the use of
148 148 DTR as a modem control line.
149 149 .RE
150 150
151 151 .sp
152 152 .ne 2
153 153 .na
154 154 \fB\fBdefaultroute\fR \fR
155 155 .ad
156 156 .RS 23n
157 157 Add a default route to the system routing tables when IPCP negotiation
158 158 successfully completes, using the peer as the gateway. This entry is removed
159 159 when the \fBPPP\fR connection is broken. This option is privileged if the
160 160 \fBnodefaultroute\fR option is specified.
161 161 .RE
162 162
163 163 .sp
164 164 .ne 2
165 165 .na
166 166 \fB\fBdisconnect\fR \fB \fIscript\fR\fR \fR
167 167 .ad
168 168 .RS 23n
169 169 Run the executable or shell command specified by \fIscript\fR after \fBpppd\fR
170 170 terminates the link. Typically, this script is used to command the modem to
171 171 hang up if hardware modem control signals are not available. \fBdisconnect\fR
172 172 is not run if the modem has already hung up. A value for this option
173 173 originating from a privileged source cannot be overridden by a non-privileged
174 174 user.
175 175 .RE
176 176
177 177 .sp
178 178 .ne 2
179 179 .na
180 180 \fB\fBescape\fR \fB\fIxx,yy,...\fR\fR \fR
181 181 .ad
182 182 .RS 23n
183 183 Specifies that certain characters be escaped on transmission regardless of
184 184 whether the peer requests them to be escaped with its \fBasync\fR control
185 185 character map. The characters to be escaped are specified as a list of hex
186 186 numbers separated by commas. Note that almost any character can be specified
187 187 for the \fBescape\fR option, unlike the \fBasyncmap\fR option which allows only
188 188 control characters to be specified. Characters that cannot be escaped are those
189 189 containing hex values 0x20 through 0x3f and 0x5e.
190 190 .RE
191 191
192 192 .sp
193 193 .ne 2
194 194 .na
195 195 \fB\fBfile\fR \fB\fIname\fR\fR \fR
196 196 .ad
197 197 .RS 23n
198 198 Read options from file \fIname\fR. If this option is used on the command line
199 199 or in \fB$HOME/.ppprc\fR, the file must be readable by the user invoking
200 200 \fBpppd\fR. See for a list of files that \fBpppd\fR always reads, regardless
201 201 of the use of this option.
202 202 .RE
203 203
204 204 .sp
205 205 .ne 2
206 206 .na
207 207 \fB\fBinit\fR \fB \fIscript\fR \fR \fR
208 208 .ad
209 209 .RS 23n
210 210 Run the executable or shell command specified by \fIscript\fR to initialize the
211 211 serial line. This script would typically use the \fBchat\fR(1M) program to
212 212 configure the modem to enable auto-answer. A value for this option from a
213 213 privileged source cannot be overridden by a non-privileged user.
214 214 .RE
215 215
216 216 .sp
217 217 .ne 2
218 218 .na
219 219 \fB\fBlock\fR \fR
220 220 .ad
221 221 .RS 23n
222 222 Directs \fBpppd\fR to create a UUCP-style lock file for the serial device to
223 223 ensure exclusive access to the device.
224 224 .RE
225 225
226 226 .sp
227 227 .ne 2
228 228 .na
229 229 \fB\fBmru\fR \fB\fIn\fR\fR \fR
230 230 .ad
231 231 .RS 23n
232 232 Set the Maximum Receive Unit (MRU) value to \fIn\fR. \fBpppd\fR asks the peer
233 233 to send packets of no more than \fIn\fR bytes. Minimum MRU value is 128.
234 234 Default MRU value is 1500. A value of 296 is recommended for slow links (40
235 235 bytes for TCP/IP header + 256 bytes of data). For IPv6, MRU must be at least
236 236 1280.
237 237 .RE
238 238
239 239 .sp
240 240 .ne 2
241 241 .na
242 242 \fB\fBmtu\fR \fB\fIn\fR\fR \fR
243 243 .ad
244 244 .RS 23n
245 245 Set the Maximum Transmit Unit (MTU) value to \fIn\fR. Unless the peer requests
246 246 a smaller value via MRU negotiation, \fBpppd\fR requests the kernel networking
247 247 code to send data packets of no more than \fIn\fR bytes through the PPP network
248 248 interface. For IPv6, MTU must be at least 1280.
249 249 .RE
250 250
251 251 .sp
252 252 .ne 2
253 253 .na
254 254 \fB\fBpassive\fR \fR
255 255 .ad
256 256 .RS 23n
257 257 Enables the "passive" option in the LCP. With this option, \fBpppd\fR attempts
258 258 to initiate a connection; if no reply is received from the peer, \fBpppd\fR
259 259 waits passively for a valid LCP packet instead of exiting, as it would without
260 260 this option.
261 261 .RE
262 262
263 263 .SS "Options"
264 264 .ne 2
265 265 .na
266 266 \fB\fB<local_IP_address>:<remote_IP_address>\fR \fR
267 267 .ad
268 268 .sp .6
269 269 .RS 4n
270 270 Set the local and/or remote interface IP addresses. Either one may be omitted,
271 271 but the colon is required. The IP addresses are specified with a host name or
272 272 in decimal dot notation, for example: \fB:10.1.2.3\fR. The default local
273 273 address is the first IP address of the system unless the \fBnoipdefault\fR
274 274 option is provided. The remote address is obtained from the peer if not
275 275 specified in any option. Thus, in simple cases, this option is not required. If
276 276 a local and/or remote IP address is specified with this option, \fBpppd\fR will
277 277 not accept a different value from the peer in the IPCP negotiation unless the
278 278 \fBipcp-accept-local\fR and/or \fBipcp-accept-remote\fR options are given,
279 279 respectively.
280 280 .RE
281 281
282 282 .sp
283 283 .ne 2
284 284 .na
285 285 \fB\fBallow-fcs\fR \fB\fIfcs-type\fR\fR \fR
286 286 .ad
287 287 .sp .6
288 288 .RS 4n
289 289 Set allowable FCS type(s) for data sent to the peer. The \fIfcs-type\fR is a
290 290 comma-separated list of "crc16", "crc32", "null", or integers. By default, all
291 291 known types are allowed. If this option is specified and the peer requests a
292 292 type not listed, a LCP Configure-Nak is sent to request only the listed types.
293 293 .RE
294 294
295 295 .sp
296 296 .ne 2
297 297 .na
298 298 \fB\fBallow-ip\fR \fB\fIaddress(es)\fR\fR \fR
299 299 .ad
300 300 .sp .6
301 301 .RS 4n
302 302 Allow peers to use the given IP address or subnet without authenticating
303 303 themselves. The parameter is parsed in the same manner as each element of the
304 304 list of allowed IP addresses is parsed in the secrets files. See the section
305 305 more more details.
306 306 .RE
307 307
308 308 .sp
309 309 .ne 2
310 310 .na
311 311 \fB\fBbsdcomp\fR \fB\fInr,nt\fR\fR \fR
312 312 .ad
313 313 .sp .6
314 314 .RS 4n
315 315 Request that the peer compress packets that it sends using the BSD-Compress
316 316 scheme, with a maximum code size of \fInr\fR bits, and agree to compress
317 317 packets sent to the peer with a maximum code size of \fInt\fR bits. If \fInt\fR
318 318 is not specified, it defaults to the value given for \fInr\fR. Values in the
319 319 range 9 to 15 may be used for \fInr\fR and \fInt\fR; larger values provide
320 320 better compression but consume more kernel memory for compression dictionaries.
321 321 Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in
322 322 the corresponding direction. Use \fBnobsdcomp\fR or \fBbsdcomp 0\fR to disable
323 323 BSD-Compress compression entirely. If this option is read from a privileged
324 324 source, a nonprivileged user may not specify a code size larger than the value
325 325 from the privileged source.
326 326 .RE
327 327
328 328 .sp
329 329 .ne 2
330 330 .na
331 331 \fB\fBcdtrcts\fR \fR
332 332 .ad
333 333 .sp .6
334 334 .RS 4n
335 335 Use a non-standard hardware flow control such as DTR/CTS to control the flow of
336 336 data on the serial port. If the \fBcrtscts\fR, \fBnocrtscts\fR, \fBcdtrcts\fR
337 337 or \fBnocdtrcts\fR option is not specified, the hardware flow control setting
338 338 for the serial port is left unchanged. Some serial ports lack a true RTS
339 339 output. Such serial ports use this mode to implement true bi-directional flow
340 340 control. Note that this flow control mode does not permit using DTR as a modem
341 341 control line.
342 342 .RE
343 343
344 344 .sp
345 345 .ne 2
346 346 .na
347 347 \fB\fBchap-interval\fR \fB\fIn\fR\fR\fR
348 348 .ad
349 349 .sp .6
350 350 .RS 4n
351 351 If this option is given, \fBpppd\fR will rechallenge the peer every \fIn\fR
352 352 seconds.
353 353 .RE
354 354
355 355 .sp
356 356 .ne 2
357 357 .na
358 358 \fB\fBchap-max-challenge\fR \fB\fIn\fR\fR \fR
359 359 .ad
360 360 .sp .6
361 361 .RS 4n
362 362 Set the maximum number of CHAP challenge transmissions to \fIn\fR (default 10).
363 363 .RE
364 364
365 365 .sp
366 366 .ne 2
367 367 .na
368 368 \fB\fBchap-restart\fR \fB\fIn\fR\fR \fR
369 369 .ad
370 370 .sp .6
371 371 .RS 4n
372 372 Set the CHAP restart interval (retransmission timeout for challenges) to
373 373 \fIn\fR seconds. The default is 3.
374 374 .RE
375 375
376 376 .sp
377 377 .ne 2
378 378 .na
379 379 \fB\fBconnect-delay\fR \fB\fIn\fR\fR \fR
380 380 .ad
381 381 .sp .6
382 382 .RS 4n
383 383 Wait for up to \fIn\fR milliseconds after the connect script finishes for a
384 384 valid PPP packet from the peer. When the wait period elapses or when a valid
385 385 PPP packet is received from the peer, \fBpppd\fR begins negotiation by sending
386 386 its first LCP packet. The default value is 1000 (1 second). A wait period
387 387 applies only if the \fBconnect\fR or \fBpty\fR option is used.
388 388 .RE
389 389
390 390 .sp
391 391 .ne 2
392 392 .na
393 393 \fB\fBdatarate\fR \fB\fIn\fR\fR \fR
394 394 .ad
395 395 .sp .6
396 396 .RS 4n
397 397 Set maximum data rate to \fIn\fR (in bytes per second) when using the
398 398 \fBpty\fR, \fBnotty\fR, \fBrecord\fR, or \fBsocket\fR options.
399 399 .RE
400 400
401 401 .sp
402 402 .ne 2
403 403 .na
404 404 \fB\fBdebug\fR \fR
405 405 .ad
406 406 .sp .6
407 407 .RS 4n
408 408 Enables connection debugging facilities. If this option is given, \fBpppd\fR
409 409 logs the contents of all control packets sent or received in a readable form.
410 410 The packets are logged through syslog with facility \fBdaemon\fR and level
411 411 \fBdebug\fR. This information can be directed to a file by configuring
412 412 \fB/etc/syslog.conf\fR appropriately.
413 413 .RE
414 414
415 415 .sp
416 416 .ne 2
417 417 .na
418 418 \fB\fBdefault-asyncmap\fR \fR
419 419 .ad
420 420 .sp .6
421 421 .RS 4n
422 422 Disable \fBasyncmap\fR negotiation, forcing all control characters to be
423 423 escaped for both the transmit and the receive direction.
424 424 .RE
425 425
426 426 .sp
427 427 .ne 2
428 428 .na
429 429 \fB\fBdefault-fcs\fR \fR
430 430 .ad
431 431 .sp .6
432 432 .RS 4n
433 433 Disable FCS Alternatives negotiation entirely. By default, no FCS Alternatives
434 434 option is sent to the peer, but the option is accepted. If this option is
435 435 specified by the peer, then LCP Configure-Reject is sent.
436 436 .RE
437 437
438 438 .sp
439 439 .ne 2
440 440 .na
441 441 \fB\fBdefault-mru\fR \fR
442 442 .ad
443 443 .sp .6
444 444 .RS 4n
445 445 Disable MRU [Maximum Receive Unit] negotiation. With this option, \fBpppd\fR
446 446 uses the default MRU value of 1500 bytes for the transmit and receive
447 447 directions.
448 448 .RE
449 449
450 450 .sp
451 451 .ne 2
452 452 .na
453 453 \fB\fBdeflate\fR \fB\fInr,nt,e\fR\fR \fR
454 454 .ad
455 455 .sp .6
456 456 .RS 4n
457 457 Request that the peer compress packets that it sends, using the \fBdeflate\fR
458 458 scheme, with a maximum window size of \fI2**nr\fR bytes, and agree to compress
459 459 packets sent to the peer with a maximum window size of \fI2**nt\fR bytes and
460 460 effort level of \fIe\fR (1 to 9). If \fInt\fR is not specified, it defaults to
461 461 the value given for \fInr\fR. If \fIe\fR is not specified, it defaults to 6.
462 462 Values in the range 9 to 15 may be used for \fInr\fR and \fInt\fR; larger
463 463 values provide better compression but consume more kernel memory for
464 464 compression dictionaries. (Value 8 is not permitted due to a zlib bug.)
465 465 Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in
466 466 the corresponding direction. Use \fBnodeflate\fR or \fBdeflate 0\fR to disable
467 467 \fBdeflate\fR compression entirely. (Note: \fBpppd\fR requests deflate
468 468 compression in preference to BSD-Compress if the peer can do either.) If this
469 469 option is read from a privileged source, a nonprivileged user may not specify a
470 470 code size larger than the value from the privileged source.
471 471 .RE
472 472
473 473 .sp
474 474 .ne 2
475 475 .na
476 476 \fB\fBdemand\fR \fR
477 477 .ad
478 478 .sp .6
479 479 .RS 4n
480 480 Initiate the link only on demand, that is, when data traffic is present. With
481 481 this option, the remote IP address must be specified by the user on the command
482 482 line or in an options file. \fBpppd\fR initially configures and enables the
483 483 interface for IP traffic without connecting to the peer. When traffic is
484 484 available, \fBpppd\fR connects to the peer and performs negotiation,
485 485 authentication and other actions. When completed, \fBpppd\fR passes data
486 486 packets across the link. The \fBdemand\fR option implies the \fBpersist\fR
487 487 option. If this behavior is not desired, use the \fBnopersist\fR option after
488 488 the \fBdemand\fR option. The \fBidle\fR and \fBholdoff\fR options can be used
489 489 in conjunction with the \fBdemand\fR option.
490 490 .RE
491 491
492 492 .sp
493 493 .ne 2
494 494 .na
495 495 \fB\fBdomain\fR \fB\fId\fR\fR \fR
496 496 .ad
497 497 .sp .6
498 498 .RS 4n
499 499 Append the domain name \fId\fR to the local host name for authentication
500 500 purposes. For example, if \fBgethostname()\fR returns the name \fBporsche\fR,
501 501 but the fully qualified domain name is \fBporsche.Example.COM\fR, you could
502 502 specify \fBdomain Example.COM\fR. With this configuration, \fBpppd\fR uses the
503 503 name \fBporsche.Example.COM\fR for accessing secrets in the secrets file and as
504 504 the default name when authenticating to the peer. This option is privileged.
505 505 .RE
506 506
507 507 .sp
508 508 .ne 2
509 509 .na
510 510 \fB\fBendpoint\fR \fB\fIendpoint-value\fR\fR \fR
511 511 .ad
512 512 .sp .6
513 513 .RS 4n
514 514 Set the endpoint discriminator (normally used for RFC 1990 Multilink PPP
515 515 operation). The \fIendpoint-value\fR consists of a class identifier and a
516 516 class-dependent value. The class identifier is one of "null," "local," "IP,"
517 517 "MAC," "magic," "phone," or a decimal integer. If present, the class-dependent
518 518 value is separated from the identifier by a colon (":") or period (".") . This
519 519 value may be a standard dotted-decimal IP address for class "IP," an optionally
520 520 colon-or-dot separated hex Ethernet address for class "MAC" (must have 6
521 521 numbers), or an arbitrary string of bytes specified in hex with optional colon
522 522 or dot separators between bytes. Although this option is available, this
523 523 implementation does not support multilink.
524 524 .RE
525 525
526 526 .sp
527 527 .ne 2
528 528 .na
529 529 \fB\fBfcs\fR \fB\fIfcs-type\fR\fR \fR
530 530 .ad
531 531 .sp .6
532 532 .RS 4n
533 533 Set FCS type(s) desired for data sent by the peer. The \fIfcs-type\fR is a
534 534 comma-separated list of \fBcrc16\fR, \fBcrc32\fR, \fBnull\fR, or integers. By
535 535 default, an FCS Alternatives option is not specified, and the medium-dependent
536 536 FCS type is used. If this option is specified and the peer sends an LCP
537 537 Configure-Nak, only the listed types are used. If none are in common, the FCS
538 538 Alternatives option is omitted from the next LCP Configure-Request to drop back
539 539 to the default.
540 540 .RE
541 541
542 542 .sp
543 543 .ne 2
544 544 .na
545 545 \fB\fBhide-password\fR \fR
546 546 .ad
547 547 .sp .6
548 548 .RS 4n
549 549 When logging the contents of PAP packets, this option causes \fBpppd\fR to
550 550 exclude the password string from the log. This is the default.
551 551 .RE
552 552
553 553 .sp
554 554 .ne 2
555 555 .na
556 556 \fB\fBholdoff\fR \fB\fIn\fR\fR \fR
557 557 .ad
558 558 .sp .6
559 559 .RS 4n
560 560 Specifies how many seconds to wait before re-initiating the link after it
561 561 terminates. This option is effective only if the \fBpersist\fR or \fBdemand\fR
562 562 option is used. The holdoff period is not applied if the link is terminated
563 563 because it was idle.
564 564 .RE
565 565
566 566 .sp
567 567 .ne 2
568 568 .na
569 569 \fB\fBident\fR \fB\fIstring\fR\fR \fR
570 570 .ad
571 571 .sp .6
572 572 .RS 4n
573 573 Set the LCP Identification string. The default value is a version string
574 574 similar to that displayed by the \fB--version\fR option.
575 575 .RE
576 576
577 577 .sp
578 578 .ne 2
579 579 .na
580 580 \fB\fBidle\fR \fB\fIn\fR\fR \fR
581 581 .ad
582 582 .sp .6
583 583 .RS 4n
584 584 Specifies that \fBpppd\fR must disconnect if the link is idle for \fIn\fR
585 585 seconds. The link is idle when no data packets (i.e. IP packets) are being sent
586 586 or received. Do not use this option with the \fBpersist\fR option but without
587 587 the \fBdemand\fR option.
588 588 .RE
589 589
590 590 .sp
591 591 .ne 2
592 592 .na
593 593 \fB\fBipcp-accept-local\fR \fR
594 594 .ad
595 595 .sp .6
596 596 .RS 4n
597 597 With this option, \fBpppd\fR accepts the peer's idea of the local IP address,
598 598 even if the local IP address is specified in an option.
599 599 .RE
600 600
601 601 .sp
602 602 .ne 2
603 603 .na
604 604 \fB\fBipcp-accept-remote\fR \fR
605 605 .ad
606 606 .sp .6
607 607 .RS 4n
608 608 With this option, \fBpppd\fR accepts the peer's idea of its remote IP address,
609 609 even if the remote IP address is specified in an option.
610 610 .RE
611 611
612 612 .sp
613 613 .ne 2
614 614 .na
615 615 \fB\fBipcp-max-configure\fR \fB\fIn\fR\fR \fR
616 616 .ad
617 617 .sp .6
618 618 .RS 4n
619 619 Set the maximum number of IPCP Configure-Request transmissions to \fIn\fR
620 620 (default 10).
621 621 .RE
622 622
623 623 .sp
624 624 .ne 2
625 625 .na
626 626 \fB\fBipcp-max-failure\fR \fB\fIn\fR\fR \fR
627 627 .ad
628 628 .sp .6
629 629 .RS 4n
630 630 Set the maximum number of IPCP Configure-NAKs sent before sending
631 631 Configure-Rejects instead to \fIn\fR (default 10).
632 632 .RE
633 633
634 634 .sp
635 635 .ne 2
636 636 .na
637 637 \fB\fBipcp-max-terminate\fR \fB\fIn\fR\fR \fR
638 638 .ad
639 639 .sp .6
640 640 .RS 4n
641 641 Set the maximum number of IPCP terminate-request transmissions to \fIn\fR
642 642 (default 3).
643 643 .RE
644 644
645 645 .sp
646 646 .ne 2
647 647 .na
648 648 \fB\fBipcp-restart\fR \fB\fIn\fR\fR \fR
649 649 .ad
650 650 .sp .6
651 651 .RS 4n
652 652 Set the IPCP restart interval (retransmission timeout) to \fIn\fR seconds
653 653 (default 3).
654 654 .RE
655 655
656 656 .sp
657 657 .ne 2
658 658 .na
659 659 \fB\fBipparam\fR \fB\fIstring\fR\fR \fR
660 660 .ad
661 661 .sp .6
662 662 .RS 4n
663 663 Provides an extra parameter to the ip-up and ip-down scripts. When this option
664 664 is given, the \fIstring\fR supplied is given as the sixth parameter to those
665 665 scripts. See the section.
666 666 .RE
667 667
668 668 .sp
669 669 .ne 2
670 670 .na
671 671 \fB\fBipv6\fR
672 672 \fB\fI<local_interface_identifier>\fR,\fI<remote_interface_identifier>\fR\fR
673 673 \fR
674 674 .ad
675 675 .sp .6
676 676 .RS 4n
677 677 Set the local and/or remote 64-bit interface identifier. Either one may be
678 678 omitted. The identifier must be specified in standard ASCII notation of IPv6
679 679 addresses (for example: \fB::dead:beef\fR). If the \fBipv6cp-use-ipaddr\fR
680 680 option is given, the local and remote identifiers are derived from the
681 681 respective IPv4 addresses (see above). The \fBipv6cp-use-persistent\fR option
682 682 can be used instead of the \fBipv6 <local>,<remote>\fR option.
683 683 .RE
684 684
685 685 .sp
686 686 .ne 2
687 687 .na
688 688 \fB\fBipv6cp-accept-local\fR \fR
689 689 .ad
690 690 .sp .6
691 691 .RS 4n
692 692 Accept peer's interface identifier for the local link identifier.
693 693 .RE
694 694
695 695 .sp
696 696 .ne 2
697 697 .na
698 698 \fB\fBipv6cp-max-configure\fR \fB\fIn\fR\fR \fR
699 699 .ad
700 700 .sp .6
701 701 .RS 4n
702 702 Set the maximum number of IPv6CP Configure-Request transmissions to \fIn\fR
703 703 (default 10).
704 704 .RE
705 705
706 706 .sp
707 707 .ne 2
708 708 .na
709 709 \fB\fBipv6cp-max-failure\fR \fB\fIn\fR\fR \fR
710 710 .ad
711 711 .sp .6
712 712 .RS 4n
713 713 Set the maximum number of IPv6CP Configure-NAKs sent before sending
714 714 Configure-Rejects instead to \fIn\fR (default 10).
715 715 .RE
716 716
717 717 .sp
718 718 .ne 2
719 719 .na
720 720 \fB\fBipv6cp-max-terminate\fR \fB\fIn\fR\fR \fR
721 721 .ad
722 722 .sp .6
723 723 .RS 4n
724 724 Set the maximum number of IPv6CP terminate-request transmissions to \fIn\fR
725 725 (default 3).
726 726 .RE
727 727
728 728 .sp
729 729 .ne 2
730 730 .na
731 731 \fB\fBipv6cp-restart\fR \fB\fIn\fR\fR \fR
732 732 .ad
733 733 .sp .6
734 734 .RS 4n
735 735 Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR seconds
736 736 (default 3).
737 737 .RE
738 738
739 739 .sp
740 740 .ne 2
741 741 .na
742 742 \fB\fBipv6cp-use-ipaddr\fR \fR
743 743 .ad
744 744 .sp .6
745 745 .RS 4n
746 746 If either the local or remote IPv6 address is unspecified, use the
747 747 corresponding configured IPv4 address as a default interface identifier. (This
748 748 option uses the configured addresses, not the negotiated addresses. Do not use
749 749 it with \fBipcp-accept-local\fR if the local IPv6 identifier is unspecified or
750 750 with \fBipcp-accept-remote\fR if the remote IPv6 identifier is unspecified.)
751 751 .RE
752 752
753 753 .sp
754 754 .ne 2
755 755 .na
756 756 \fB\fBipv6cp-use-persistent\fR \fR
757 757 .ad
758 758 .sp .6
759 759 .RS 4n
760 760 Use uniquely-available persistent value for link local address.
761 761 .RE
762 762
763 763 .sp
764 764 .ne 2
765 765 .na
766 766 \fB\fBkdebug\fR \fB\fIn\fR\fR \fR
767 767 .ad
768 768 .sp .6
769 769 .RS 4n
770 770 Enable debugging code in the kernel-level PPP driver. Argument \fIn\fR is the
771 771 sum of the following values: \fB1\fR to enable general debug messages, \fB2\fR
772 772 to request that contents of received packets be printed, and \fB4\fR to request
773 773 contents of transmitted packets be printed. Messages printed by the kernel are
774 774 logged by \fBsyslogd\fR(1M) to a file directed in the \fB/etc/syslog.conf\fR
775 775 configuration file. Do not use the \fBkdebug\fR option to debug failed links.
776 776 Use the \fBdebug\fR option instead.
777 777 .RE
778 778
779 779 .sp
780 780 .ne 2
781 781 .na
782 782 \fB\fBlcp-echo-failure\fR \fB\fIn\fR\fR \fR
783 783 .ad
784 784 .sp .6
785 785 .RS 4n
786 786 If this option is given, \fBpppd\fR presumes the peer to be dead if \fIn\fR LCP
787 787 Echo-Requests are sent without receiving a valid LCP Echo-Reply. If this
788 788 happens, \fBpppd\fR terminates the connection. This option requires a non-zero
789 789 value for the \fBlcp-echo-interval\fR parameter. This option enables \fBpppd\fR
790 790 to terminate after the physical connection is broken (for example, if the modem
791 791 has hung up) in situations where no hardware modem control lines are available.
792 792 .RE
793 793
794 794 .sp
795 795 .ne 2
796 796 .na
797 797 \fB\fBlcp-echo-interval\fR \fB\fIn\fR\fR \fR
798 798 .ad
799 799 .sp .6
800 800 .RS 4n
801 801 If this option is given, \fBpppd\fR sends an LCP Echo-Request frame to the peer
802 802 every \fIn\fR seconds. Normally the peer responds to the Echo-Request by
803 803 sending an Echo-Reply. This option can be used with the \fBlcp-echo-failure\fR
804 804 option to detect that the peer is no longer connected.
805 805 .RE
806 806
807 807 .sp
808 808 .ne 2
809 809 .na
810 810 \fB\fBlcp-max-configure\fR \fB\fIn\fR\fR \fR
811 811 .ad
812 812 .sp .6
813 813 .RS 4n
814 814 Set the maximum number of LCP Configure-Request transmissions to \fIn\fR
815 815 (default 10).
816 816 .RE
817 817
818 818 .sp
819 819 .ne 2
820 820 .na
821 821 \fB\fBlcp-max-failure\fR \fB\fIn\fR\fR \fR
822 822 .ad
823 823 .sp .6
824 824 .RS 4n
825 825 Set the maximum number of LCP Configure-NAKs sent before starting to send
826 826 Configure-Rejects instead to \fIn\fR (default 10).
827 827 .RE
828 828
829 829 .sp
830 830 .ne 2
831 831 .na
832 832 \fB\fBlcp-max-terminate\fR \fB\fIn\fR\fR \fR
833 833 .ad
834 834 .sp .6
835 835 .RS 4n
836 836 Set the maximum number of LCP Terminate-Request transmissions to \fIn\fR
837 837 (default 3).
838 838 .RE
839 839
840 840 .sp
841 841 .ne 2
842 842 .na
843 843 \fB\fBlcp-restart\fR \fB\fIn\fR\fR \fR
844 844 .ad
845 845 .sp .6
846 846 .RS 4n
847 847 Set the LCP restart interval (retransmission timeout) to \fIn\fR seconds
848 848 (default 3).
849 849 .RE
850 850
851 851 .sp
852 852 .ne 2
853 853 .na
854 854 \fB\fBlinkname\fR \fB\fIname\fR\fR \fR
855 855 .ad
856 856 .sp .6
857 857 .RS 4n
858 858 Sets the logical name of the link to \fIname\fR. \fBpppd\fR creates a file
859 859 named \fBppp-\fR\fIname\fR\fB\&.pid\fR in \fB/var/run\fR containing its process
860 860 ID. This is useful in determining which instance of \fBpppd\fR is responsible
861 861 for the link to a given peer system. This is a privileged option.
862 862 .RE
863 863
864 864 .sp
865 865 .ne 2
866 866 .na
867 867 \fB\fBlocal\fR \fR
868 868 .ad
869 869 .sp .6
870 870 .RS 4n
871 871 Do not use modem control lines. With this option, \fBpppd\fR ignores the state
872 872 of the CD (Carrier Detect) signal from the modem and does not change the state
873 873 of the DTR (Data Terminal Ready) signal.
874 874 .RE
875 875
876 876 .sp
877 877 .ne 2
878 878 .na
879 879 \fB\fBlogfd\fR \fB\fIn\fR\fR \fR
880 880 .ad
881 881 .sp .6
882 882 .RS 4n
883 883 Send log messages to file descriptor \fIn\fR. \fBpppd\fR sends log messages to
884 884 (at most) one file or file descriptor (as well as sending the log messages to
885 885 syslog), so this option and the \fBlogfile\fR option are mutually exclusive. By
886 886 default \fBpppd\fR sends log messages to \fBstdout\fR (file descriptor 1)
887 887 unless the serial port is open on stdout.
888 888 .RE
889 889
890 890 .sp
891 891 .ne 2
892 892 .na
893 893 \fB\fBlogfile\fR \fB\fIfilename\fR\fR \fR
894 894 .ad
895 895 .sp .6
896 896 .RS 4n
897 897 Append log messages to the file \fIfilename\fR (and send the log messages to
898 898 syslog). The file is opened in append mode with the privileges of the user who
899 899 invoked \fBpppd\fR.
900 900 .RE
901 901
902 902 .sp
903 903 .ne 2
904 904 .na
905 905 \fB\fBlogin\fR \fR
906 906 .ad
907 907 .sp .6
908 908 .RS 4n
909 909 Use the system password database for authenticating the peer using PAP, and
910 910 record the user in the system \fBwtmp\fR file. Note that the peer must have an
911 911 entry in the \fB/etc/ppp/pap-secrets\fR file and the system password database
912 912 to be allowed access.
913 913 .RE
914 914
915 915 .sp
916 916 .ne 2
917 917 .na
918 918 \fB\fBmaxconnect\fR \fB\fIn\fR\fR \fR
919 919 .ad
920 920 .sp .6
921 921 .RS 4n
922 922 Terminate the connection after it has been available for network traffic for
923 923 \fIn\fR seconds (that is, \fIn\fR seconds after the first network control
924 924 protocol starts). An LCP Time-Remaining message is sent when the first NCP
925 925 starts, and again when 5, 2, and 0.5 minutes are remaining.
926 926 .RE
927 927
928 928 .sp
929 929 .ne 2
930 930 .na
931 931 \fB\fBmaxfail\fR \fB\fIn\fR\fR \fR
932 932 .ad
933 933 .sp .6
934 934 .RS 4n
935 935 Terminate after \fIn\fR consecutive failed connection attempts. A value of 0
936 936 means no limit. The default value is 10.
937 937 .RE
938 938
939 939 .sp
940 940 .ne 2
941 941 .na
942 942 \fB\fBmodem\fR \fR
943 943 .ad
944 944 .sp .6
945 945 .RS 4n
946 946 Use the modem control lines. This option is the default. With this option,
947 947 \fBpppd\fR waits for the CD (Carrier Detect) signal from the modem to be
948 948 asserted when opening the serial device (unless a connect script is specified),
949 949 and drops the DTR (Data Terminal Ready) signal briefly when the connection is
950 950 terminated and before executing the connect script.
951 951 .RE
952 952
953 953 .sp
954 954 .ne 2
955 955 .na
956 956 \fB\fBms-dns\fR \fB\fI<addr>\fR\fR \fR
957 957 .ad
958 958 .sp .6
959 959 .RS 4n
960 960 If \fBpppd\fR is acting as a server for Microsoft Windows clients, this option
961 961 allows \fBpppd\fR to supply one or two DNS (Domain Name Server) addresses to
962 962 the clients. The first instance of this option specifies the primary DNS
963 963 address; the second instance (if given) specifies the secondary DNS address. If
964 964 the first instance specifies a name that resolves to multiple IP addresses,
965 965 then the first two addresses are used. (This option is present in some older
966 966 versions of \fBpppd\fR under the name \fBdns-addr\fR.)
967 967 .RE
968 968
969 969 .sp
970 970 .ne 2
971 971 .na
972 972 \fB\fBms-lanman\fR \fR
973 973 .ad
974 974 .sp .6
975 975 .RS 4n
976 976 If \fBpppd\fR connects as a client to a Microsoft server and uses MS-CHAPv1 for
977 977 authentication, this option selects the LAN Manager password style instead of
978 978 Microsoft NT.
979 979 .RE
980 980
981 981 .sp
982 982 .ne 2
983 983 .na
984 984 \fB\fBms-wins\fR \fB\fI<addr>\fR\fR \fR
985 985 .ad
986 986 .sp .6
987 987 .RS 4n
988 988 If \fBpppd\fR acts as a server for Microsoft Windows or Samba clients, this
989 989 option allows \fBpppd\fR to supply one or two WINS (Windows Internet Name
990 990 Services) server addresses to the clients. The first instance of this option
991 991 specifies the primary WINS address; the second instance (if given) specifies
992 992 the secondary WINS address. As with \fBms-dns\fR, if the name specified
993 993 resolves to multiple IP addresses, then the first two will be taken as primary
994 994 and secondary.
995 995 .RE
996 996
997 997 .sp
998 998 .ne 2
999 999 .na
1000 1000 \fB\fBname\fR \fB\fIname\fR\fR \fR
1001 1001 .ad
1002 1002 .sp .6
1003 1003 .RS 4n
1004 1004 Set the name of the local system for authentication purposes to \fIname\fR.
1005 1005 This is a privileged option. With this option, \fBpppd\fR uses lines in the
1006 1006 secrets files that have \fIname\fR as the second field to look for a secret to
1007 1007 use in authenticating the peer. In addition, unless overridden with the
1008 1008 \fBuser\fR option, \fIname\fR is used as the name to send to the peer when
1009 1009 authenticating the local system. (Note that \fBpppd\fR does not append the
1010 1010 domain name to \fIname\fR.)
1011 1011 .RE
1012 1012
1013 1013 .sp
1014 1014 .ne 2
1015 1015 .na
1016 1016 \fB\fBno-accm-test\fR \fR
1017 1017 .ad
1018 1018 .sp .6
1019 1019 .RS 4n
1020 1020 Disable use of \fBasyncmap\fR (ACCM) checking using LCP Echo-Request messages.
1021 1021 If the \fBlcp-echo-failure\fR is used on an asynchronous line, \fBpppd\fR
1022 1022 includes all control characters in the first \fIn\fR LCP Echo-Request messages.
1023 1023 If the \fBasyncmap\fR is set incorrectly, the link drops rather than continue
1024 1024 operation with random failures. This option disables that feature.
1025 1025 .RE
1026 1026
1027 1027 .sp
1028 1028 .ne 2
1029 1029 .na
1030 1030 \fB\fBnoaccomp\fR \fR
1031 1031 .ad
1032 1032 .sp .6
1033 1033 .RS 4n
1034 1034 Disable HDLC Address/Control compression in both directions (send and receive).
1035 1035 .RE
1036 1036
1037 1037 .sp
1038 1038 .ne 2
1039 1039 .na
1040 1040 \fB\fBnoauth\fR \fR
1041 1041 .ad
1042 1042 .sp .6
1043 1043 .RS 4n
1044 1044 Do not require the peer to authenticate itself. This option is privileged.
1045 1045 .RE
1046 1046
1047 1047 .sp
1048 1048 .ne 2
1049 1049 .na
1050 1050 \fB\fBnobsdcomp\fR \fR
1051 1051 .ad
1052 1052 .sp .6
1053 1053 .RS 4n
1054 1054 Disables BSD-Compress compression; \fBpppd\fR will not request or agree to
1055 1055 compress packets using the BSD-Compress scheme. This option is not necessary if
1056 1056 \fBnoccp\fR is specified.
1057 1057 .RE
1058 1058
1059 1059 .sp
1060 1060 .ne 2
1061 1061 .na
1062 1062 \fB\fBnoccp\fR \fR
1063 1063 .ad
1064 1064 .sp .6
1065 1065 .RS 4n
1066 1066 Disable CCP (Compression Control Protocol) negotiation. This option should only
1067 1067 be required if the peer has bugs or becomes confused by requests from
1068 1068 \fBpppd\fR for CCP negotiation. If CCP is disabled, then BSD and deflate
1069 1069 compression do not need to be separately disabled.
1070 1070 .RE
1071 1071
1072 1072 .sp
1073 1073 .ne 2
1074 1074 .na
1075 1075 \fB\fBnocrtscts\fR \fR
1076 1076 .ad
1077 1077 .sp .6
1078 1078 .RS 4n
1079 1079 Disable hardware flow control (i.e. RTS/CTS) on the serial port. If the
1080 1080 \fBcrtscts\fR, \fBnocrtscts\fR, \fBcdtrcts\fR or \fBnocdtrcts\fR options are
1081 1081 not given, the hardware flow control setting for the serial port is left
1082 1082 unchanged.
1083 1083 .RE
1084 1084
1085 1085 .sp
1086 1086 .ne 2
1087 1087 .na
1088 1088 \fB\fBnocdtrcts\fR \fR
1089 1089 .ad
1090 1090 .sp .6
1091 1091 .RS 4n
1092 1092 This option is a synonym for \fBnocrtscts\fR. Either option will disable both
1093 1093 forms of hardware flow control.
1094 1094 .RE
1095 1095
1096 1096 .sp
1097 1097 .ne 2
1098 1098 .na
1099 1099 \fB\fBnodefaultroute\fR \fR
1100 1100 .ad
1101 1101 .sp .6
1102 1102 .RS 4n
1103 1103 Disable the \fBdefaultroute\fR option. You can prevent non-root users from
1104 1104 creating default routes with \fBpppd\fR by placing this option in the
1105 1105 \fB/etc/ppp/options\fR file.
1106 1106 .RE
1107 1107
1108 1108 .sp
1109 1109 .ne 2
1110 1110 .na
1111 1111 \fB\fBnodeflate\fR \fR
1112 1112 .ad
1113 1113 .sp .6
1114 1114 .RS 4n
1115 1115 Disables deflate compression; \fBpppd\fR will not request or agree to compress
1116 1116 packets using the deflate scheme. This option is not necessary if \fBnoccp\fR
1117 1117 is specified.
1118 1118 .RE
1119 1119
1120 1120 .sp
1121 1121 .ne 2
1122 1122 .na
1123 1123 \fB\fBnodeflatedraft\fR \fR
1124 1124 .ad
1125 1125 .sp .6
1126 1126 .RS 4n
1127 1127 Do not use Internet Draft (incorrectly assigned) algorithm number for deflate
1128 1128 compression. This option is not necessary if \fBnoccp\fR is specified.
1129 1129 .RE
1130 1130
1131 1131 .sp
1132 1132 .ne 2
1133 1133 .na
1134 1134 \fB\fBnodetach\fR \fR
1135 1135 .ad
1136 1136 .sp .6
1137 1137 .RS 4n
1138 1138 Do not detach from the controlling terminal. Without this option, \fBpppd\fR
1139 1139 forks to become a background process if a serial device other than the terminal
1140 1140 on the standard input is specified.
1141 1141 .RE
1142 1142
1143 1143 .sp
1144 1144 .ne 2
1145 1145 .na
1146 1146 \fB\fBnoendpoint\fR \fR
1147 1147 .ad
1148 1148 .sp .6
1149 1149 .RS 4n
1150 1150 Do not send or accept the Multilink Endpoint Discriminator option.
1151 1151 .RE
1152 1152
1153 1153 .sp
1154 1154 .ne 2
1155 1155 .na
1156 1156 \fB\fBnoident\fR \fR
1157 1157 .ad
1158 1158 .sp .6
1159 1159 .RS 4n
1160 1160 Disable use of LCP Identification. LCP Identification messages will not be sent
1161 1161 to the peer, but received messages will be logged. (Specify this option twice
1162 1162 to completely disable LCP Identification. In this case, \fBpppd\fR sends LCP
1163 1163 Code-Reject in response to received LCP Identification messages.)
1164 1164 .RE
1165 1165
1166 1166 .sp
1167 1167 .ne 2
1168 1168 .na
1169 1169 \fB\fBnoip\fR \fR
1170 1170 .ad
1171 1171 .sp .6
1172 1172 .RS 4n
1173 1173 Disable IPCP negotiation and IP communication. Use this option only if the peer
1174 1174 has bugs or becomes confused by requests from \fBpppd\fR for IPCP negotiation.
1175 1175 .RE
1176 1176
1177 1177 .sp
1178 1178 .ne 2
1179 1179 .na
1180 1180 \fB\fBnoipv6\fR \fR
1181 1181 .ad
1182 1182 .sp .6
1183 1183 .RS 4n
1184 1184 Disable IPv6CP negotiation and IPv6 communication. IPv6 is not enabled by
1185 1185 default.
1186 1186 .RE
1187 1187
1188 1188 .sp
1189 1189 .ne 2
1190 1190 .na
1191 1191 \fB\fBnoipdefault\fR \fR
1192 1192 .ad
1193 1193 .sp .6
1194 1194 .RS 4n
1195 1195 Disables the default behavior when no local IP address is specified, which is
1196 1196 to determine (if possible) the local IP address from the hostname. With this
1197 1197 option, the peer must supply the local IP address during IPCP negotiation
1198 1198 (unless it specified explicitly on the command line or in an options file).
1199 1199 .RE
1200 1200
1201 1201 .sp
1202 1202 .ne 2
1203 1203 .na
1204 1204 \fB\fBnolog\fR \fR
1205 1205 .ad
1206 1206 .sp .6
1207 1207 .RS 4n
1208 1208 Do not send log messages to a file or file descriptor. This option cancels the
1209 1209 \fBlogfd\fR and \fBlogfile\fR options. \fBnologfd\fR acts as an alias for this
1210 1210 option.
1211 1211 .RE
1212 1212
1213 1213 .sp
1214 1214 .ne 2
1215 1215 .na
1216 1216 \fB\fBnomagic\fR \fR
1217 1217 .ad
1218 1218 .sp .6
1219 1219 .RS 4n
1220 1220 Disable magic number negotiation. With this option, \fBpppd\fR cannot detect a
1221 1221 looped-back line. Use this option only if the peer has bugs. Do not use this
1222 1222 option to work around the "Serial line is looped back" error message.
1223 1223 .RE
1224 1224
1225 1225 .sp
1226 1226 .ne 2
1227 1227 .na
1228 1228 \fB\fBnopam\fR \fR
1229 1229 .ad
1230 1230 .sp .6
1231 1231 .RS 4n
1232 1232 This privileged option disables use of pluggable authentication modules. If
1233 1233 this option is specified, \fBpppd\fR reverts to standard authentication
1234 1234 mechanisms. The default is not to use PAM.
1235 1235 .RE
1236 1236
1237 1237 .sp
1238 1238 .ne 2
1239 1239 .na
1240 1240 \fB\fBnopcomp\fR \fR
1241 1241 .ad
1242 1242 .sp .6
1243 1243 .RS 4n
1244 1244 Disable protocol field compression negotiation in the receive and the transmit
1245 1245 direction.
1246 1246 .RE
1247 1247
1248 1248 .sp
1249 1249 .ne 2
1250 1250 .na
1251 1251 \fB\fBnopersist\fR \fR
1252 1252 .ad
1253 1253 .sp .6
1254 1254 .RS 4n
1255 1255 Exit once a connection has been made and terminated. This is the default unless
1256 1256 the \fBpersist\fR or \fBdemand\fR option is specified.
1257 1257 .RE
1258 1258
1259 1259 .sp
1260 1260 .ne 2
1261 1261 .na
1262 1262 \fB\fBnoplink\fR \fR
1263 1263 .ad
1264 1264 .sp .6
1265 1265 .RS 4n
1266 1266 Cause \fBpppd\fR to use I_LINK instead of I_PLINK. This is the default. When
1267 1267 I_LINK is used, the system cleans up terminated interfaces (even when SIGKILL
1268 1268 is used) but does not allow \fBifconfig\fR(1M) to unplumb PPP streams or insert
1269 1269 or remove modules dynamically. Use the \fBplink\fR option if \fBifconfig\fR(1M)
1270 1270 modinsert, modremove or unplumb support is needed.
1271 1271 .RE
1272 1272
1273 1273 .sp
1274 1274 .ne 2
1275 1275 .na
1276 1276 \fB\fBnopredictor1\fR \fR
1277 1277 .ad
1278 1278 .sp .6
1279 1279 .RS 4n
1280 1280 Do not accept or agree to Predictor-1 compression. (This option is accepted for
1281 1281 compatibility. The implementation does not support Predictor-1 compression.)
1282 1282 .RE
1283 1283
1284 1284 .sp
1285 1285 .ne 2
1286 1286 .na
1287 1287 \fB\fBnoproxyarp\fR \fR
1288 1288 .ad
1289 1289 .sp .6
1290 1290 .RS 4n
1291 1291 Disable the \fBproxyarp\fR option. If you want to prevent users from creating
1292 1292 proxy ARP entries with \fBpppd\fR, place this option in the
1293 1293 \fB/etc/ppp/options\fR file.
|
↓ open down ↓ |
1277 lines elided |
↑ open up ↑ |
1294 1294 .RE
1295 1295
1296 1296 .sp
1297 1297 .ne 2
1298 1298 .na
1299 1299 \fB\fBnotty\fR \fR
1300 1300 .ad
1301 1301 .sp .6
1302 1302 .RS 4n
1303 1303 Normally, \fBpppd\fR requires a terminal device. With this option, \fBpppd\fR
1304 -allocates itself a pseudo-tty master/slave pair and uses the slave as its
1304 +allocates itself a pseudo-terminal pair and uses the subsidiary as its
1305 1305 terminal device. \fBpppd\fR creates a child process to act as a character shunt
1306 -to transfer characters between the pseudo-tty master and its standard input and
1307 -output. Thus, \fBpppd\fR transmits characters on its standard output and
1308 -receives characters on its standard input even if they are not terminal
1306 +to transfer characters between the pseudo-terminal manager and its standard
1307 +input and output. Thus, \fBpppd\fR transmits characters on its standard output
1308 +and receives characters on its standard input even if they are not terminal
1309 1309 devices. This option increases the latency and CPU overhead of transferring
1310 1310 data over the ppp interface as all of the characters sent and received must
1311 1311 flow through the character shunt process. An explicit device name may not be
1312 1312 given if this option is used.
1313 1313 .RE
1314 1314
1315 1315 .sp
1316 1316 .ne 2
1317 1317 .na
1318 1318 \fB\fBnovj\fR \fR
1319 1319 .ad
1320 1320 .sp .6
1321 1321 .RS 4n
1322 1322 Disable Van Jacobson style TCP/IP header compression in both the transmit and
1323 1323 the receive direction.
1324 1324 .RE
1325 1325
1326 1326 .sp
1327 1327 .ne 2
1328 1328 .na
1329 1329 \fB\fBnovjccomp\fR \fR
1330 1330 .ad
1331 1331 .sp .6
1332 1332 .RS 4n
1333 1333 Disable the connection-ID compression option in Van Jacobson style TCP/IP
1334 1334 header compression. With this option, \fBpppd\fR does not omit the
1335 1335 connection-ID byte from Van Jacobson compressed TCP/IP headers, nor does it ask
1336 1336 the peer to do so. This option is unnecessary if \fBnovj\fR is specified.
1337 1337 .RE
1338 1338
1339 1339 .sp
1340 1340 .ne 2
1341 1341 .na
1342 1342 \fB\fBpam\fR \fR
1343 1343 .ad
1344 1344 .sp .6
1345 1345 .RS 4n
1346 1346 This privileged option enables use of PAM. If this is specified, \fBpppd\fR
1347 1347 uses the \fBpam\fR(3PAM) framework for user authentication with a service name
1348 1348 of "ppp" if the \fBlogin\fR option and PAP authentication are used. The default
1349 1349 is not to use PAM.
1350 1350 .RE
1351 1351
1352 1352 .sp
1353 1353 .ne 2
1354 1354 .na
1355 1355 \fB\fBpapcrypt\fR \fR
1356 1356 .ad
1357 1357 .sp .6
1358 1358 .RS 4n
1359 1359 Indicates that \fBpppd\fR should not accept a password which, before
1360 1360 encryption, is identical to the secret from the \fB/etc/ppp/pap-secrets\fR
1361 1361 file. Use this option if the secrets in the \fBpap-secrets\fR file are in
1362 1362 \fBcrypt\fR(3C) format.
1363 1363 .RE
1364 1364
1365 1365 .sp
1366 1366 .ne 2
1367 1367 .na
1368 1368 \fB\fBpap-max-authreq\fR \fB\fIn\fR\fR \fR
1369 1369 .ad
1370 1370 .sp .6
1371 1371 .RS 4n
1372 1372 Set the maximum number of PAP authenticate-request transmissions to \fIn\fR
1373 1373 (default 10).
1374 1374 .RE
1375 1375
1376 1376 .sp
1377 1377 .ne 2
1378 1378 .na
1379 1379 \fB\fBpap-restart\fR \fB\fIn\fR\fR \fR
1380 1380 .ad
1381 1381 .sp .6
1382 1382 .RS 4n
1383 1383 Set the PAP restart interval (retransmission timeout) to \fIn\fR seconds
1384 1384 (default 3).
1385 1385 .RE
1386 1386
1387 1387 .sp
1388 1388 .ne 2
1389 1389 .na
1390 1390 \fB\fBpap-timeout\fR \fB\fIn\fR\fR \fR
1391 1391 .ad
1392 1392 .sp .6
1393 1393 .RS 4n
1394 1394 Set the maximum time that \fBpppd\fR waits for the peer to authenticate itself
1395 1395 with PAP to \fIn\fR seconds (0= no limit). The default is 30 seconds.
1396 1396 .RE
1397 1397
1398 1398 .sp
1399 1399 .ne 2
1400 1400 .na
1401 1401 \fB\fBpassword\fR \fB\fIstring\fR\fR \fR
1402 1402 .ad
1403 1403 .sp .6
1404 1404 .RS 4n
1405 1405 Password string for authentication to the peer.
1406 1406 .RE
1407 1407
1408 1408 .sp
1409 1409 .ne 2
1410 1410 .na
1411 1411 \fB\fBpersist\fR \fR
1412 1412 .ad
1413 1413 .sp .6
1414 1414 .RS 4n
1415 1415 Do not exit after a connection is terminated; instead try to reopen the
1416 1416 connection.
1417 1417 .RE
1418 1418
1419 1419 .sp
1420 1420 .ne 2
1421 1421 .na
1422 1422 \fB\fBplink\fR \fR
1423 1423 .ad
1424 1424 .sp .6
1425 1425 .RS 4n
1426 1426 Cause \fBpppd\fR to use I_PLINK instead of I_LINK. The default is to use
1427 1427 I_LINK, which cleans up terminated interface (even if SIGKILL is used), but
1428 1428 does not allow \fBifconfig\fR(1M) to unplumb PPP streams or insert or remove
1429 1429 modules dynamically. Use this option if \fBifconfig\fR(1M)
1430 1430 modinsert/modremove/unplumb support is needed. See also the \fBplumbed\fR
1431 1431 option.
1432 1432 .RE
1433 1433
1434 1434 .sp
1435 1435 .ne 2
1436 1436 .na
1437 1437 \fB\fBplugin\fR \fB\fIfilename\fR\fR \fR
1438 1438 .ad
1439 1439 .sp .6
1440 1440 .RS 4n
1441 1441 Load the shared library object file \fIfilename\fR as a plugin. This is a
1442 1442 privileged option. Unless the filename specifies an explicit path,
1443 1443 \fB/etc/ppp/plugins\fR and \fB/usr/lib/inet/ppp\fR will be searched for the
1444 1444 object to load in that order.
1445 1445 .RE
1446 1446
1447 1447 .sp
1448 1448 .ne 2
1449 1449 .na
1450 1450 \fB\fBplumbed\fR \fR
1451 1451 .ad
1452 1452 .sp .6
1453 1453 .RS 4n
1454 1454 This option indicates that \fBpppd\fR should find a plumbed interface and use
1455 1455 that for the session. If IPv4 addresses or IPv6 interface IDs or link MTU are
1456 1456 otherwise unspecified, they are copied from the interface selected. This mode
1457 1457 mimics some of the functionality of the older \fBaspppd\fR implementation and
1458 1458 may be helpful when \fBpppd\fR is used with external applications that use
1459 1459 \fBifconfig\fR(1M).
1460 1460 .RE
1461 1461
1462 1462 .sp
1463 1463 .ne 2
1464 1464 .na
1465 1465 \fB\fBpppmux\fR \fB\fItimer\fR\fR \fR
1466 1466 .ad
1467 1467 .sp .6
1468 1468 .RS 4n
1469 1469 Enable PPP Multiplexing option negotiation and set transmit multiplexing
1470 1470 timeout to \fItimer\fR microseconds.
1471 1471 .RE
1472 1472
1473 1473 .sp
1474 1474 .ne 2
1475 1475 .na
1476 1476 \fB\fBprivgroup\fR \fB\fIgroup-name\fR\fR \fR
1477 1477 .ad
1478 1478 .sp .6
1479 1479 .RS 4n
1480 1480 Allows members of group \fIgroup-name\fR to use privileged options. This is a
1481 1481 privileged option. Because there is no guarantee that members of
1482 1482 \fIgroup-name\fR cannot use \fBpppd\fR to become root themselves, you should be
1483 1483 careful using this option. Consider it equivalent to putting the members of
1484 1484 \fIgroup-name\fR in the \fBroot\fR or \fBsys\fR group.
1485 1485 .RE
1486 1486
1487 1487 .sp
1488 1488 .ne 2
1489 1489 .na
1490 1490 \fB\fBproxyarp\fR \fR
1491 1491 .ad
1492 1492 .sp .6
1493 1493 .RS 4n
1494 1494 Add an entry to the system's Address Resolution Protocol (ARP) table with the
1495 1495 IP address of the peer and the Ethernet address of this system. When you use
1496 1496 this option, the peer appears to other systems to be on the local Ethernet. The
1497 1497 remote address on the PPP link must be in the same subnet as assigned to an
1498 1498 Ethernet interface.
|
↓ open down ↓ |
180 lines elided |
↑ open up ↑ |
1499 1499 .RE
1500 1500
1501 1501 .sp
1502 1502 .ne 2
1503 1503 .na
1504 1504 \fB\fBpty\fR \fB \fIscript\fR\fR \fR
1505 1505 .ad
1506 1506 .sp .6
1507 1507 .RS 4n
1508 1508 Specifies that the command \fIscript\fR, and not a specific terminal device is
1509 -used for serial communication. \fBpppd\fR allocates itself a pseudo-tty
1510 -master/slave pair and uses the slave as its terminal device. \fIscript\fR runs
1511 -in a child process with the pseudo-tty master as its standard input and output.
1512 -An explicit device name may not be given if this option is used. (Note: if the
1513 -\fBrecord\fR option is used in conjunction with the \fBpty\fR option, the child
1514 -process will have pipes on its standard input and output.)
1509 +used for serial communication. \fBpppd\fR allocates itself a pseudo-terminal
1510 +pair and uses the subsidiary as its terminal device. \fIscript\fR runs
1511 +in a child process with the pseudo-terminal manager as its standard input and
1512 +output. An explicit device name may not be given if this option is used.
1513 +(Note: if the \fBrecord\fR option is used in conjunction with the \fBpty\fR
1514 +option, the child process will have pipes on its standard input and output.)
1515 1515 .RE
1516 1516
1517 1517 .sp
1518 1518 .ne 2
1519 1519 .na
1520 1520 \fB\fBreceive-all\fR \fR
1521 1521 .ad
1522 1522 .sp .6
1523 1523 .RS 4n
1524 1524 With this option, \fBpppd\fR accepts all control characters from the peer,
1525 1525 including those marked in the receive \fBasyncmap\fR. Without this option,
1526 1526 \fBpppd\fR discards those characters as specified in \fIRFC 1662\fR. This
1527 1527 option should be used only if the peer has bugs, as is often found with
1528 1528 dial-back implementations.
1529 1529 .RE
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
1530 1530
1531 1531 .sp
1532 1532 .ne 2
1533 1533 .na
1534 1534 \fB\fBrecord\fR \fB\fIfilename\fR\fR \fR
1535 1535 .ad
1536 1536 .sp .6
1537 1537 .RS 4n
1538 1538 Directs \fBpppd\fR to record all characters sent and received to a file named
1539 1539 \fIfilename\fR. \fIfilename\fR is opened in append mode, using the user's
1540 -user-ID and permissions. Because this option uses a pseudo-tty and a process to
1541 -transfer characters between the pseudo-tty and the real serial device, it
1542 -increases the latency and CPU overhead of transferring data over the PPP
1543 -interface. Characters are stored in a tagged format with timestamps that can be
1544 -displayed in readable form using the \fBpppdump\fR(1M) program. This option is
1545 -generally used when debugging the kernel portion of \fBpppd\fR (especially CCP
1546 -compression algorithms) and not for debugging link configuration problems. See
1547 -the \fBdebug\fR option.
1540 +user-ID and permissions. Because this option uses a pseudo-terminal and a
1541 +process to transfer characters between the pseudo-terminal and the real serial
1542 +device, it increases the latency and CPU overhead of transferring data over the
1543 +PPP interface. Characters are stored in a tagged format with timestamps that
1544 +can be displayed in readable form using the \fBpppdump\fR(1M) program. This
1545 +option is generally used when debugging the kernel portion of \fBpppd\fR
1546 +(especially CCP compression algorithms) and not for debugging link
1547 +configuration problems. See the \fBdebug\fR option.
1548 1548 .RE
1549 1549
1550 1550 .sp
1551 1551 .ne 2
1552 1552 .na
1553 1553 \fB\fBremotename\fR \fB\fIname\fR\fR \fR
1554 1554 .ad
1555 1555 .sp .6
1556 1556 .RS 4n
1557 1557 Set the assumed name of the remote system for authentication purposes to
1558 1558 \fIname\fR. Microsoft WindowsNT does not provide a system name in its CHAP
1559 1559 Challenge messages, and this option is often used to work around this problem.
1560 1560 .RE
1561 1561
1562 1562 .sp
1563 1563 .ne 2
1564 1564 .na
1565 1565 \fB\fBrefuse-chap\fR \fR
1566 1566 .ad
1567 1567 .sp .6
1568 1568 .RS 4n
1569 1569 With this option, \fBpppd\fR will not agree to authenticate itself to the peer
1570 1570 using standard Challenge Handshake Authentication Protocol (CHAP). (MS-CHAP is
1571 1571 not affected.)
1572 1572 .RE
1573 1573
1574 1574 .sp
1575 1575 .ne 2
1576 1576 .na
1577 1577 \fB\fBrefuse-mschap\fR \fR
1578 1578 .ad
1579 1579 .sp .6
1580 1580 .RS 4n
1581 1581 Do not agree to authenticate to peer with MS-CHAPv1. If this option is
1582 1582 specified, requests for MS-CHAPv1 authentication from the peer are declined
1583 1583 with LCP Configure-Nak. That option does not disable any other form of CHAP.
1584 1584 .RE
1585 1585
1586 1586 .sp
1587 1587 .ne 2
1588 1588 .na
1589 1589 \fB\fBrefuse-mschapv2\fR \fR
1590 1590 .ad
1591 1591 .sp .6
1592 1592 .RS 4n
1593 1593 Do not agree to authenticate to peer with MS-CHAPv2. If specified, this option
1594 1594 requests that MS-CHAPv2 authentication from the peer be declined with LCP
1595 1595 Configure-Nak. That option does not disable any other form of CHAP.
1596 1596 .RE
1597 1597
1598 1598 .sp
1599 1599 .ne 2
1600 1600 .na
1601 1601 \fB\fBrefuse-pap\fR \fR
1602 1602 .ad
1603 1603 .sp .6
1604 1604 .RS 4n
1605 1605 With this option, \fBpppd\fR will not agree to authenticate itself to the peer
1606 1606 using Password Authentication Protocol (PAP).
1607 1607 .RE
1608 1608
1609 1609 .sp
1610 1610 .ne 2
1611 1611 .na
1612 1612 \fB\fBrequire-chap\fR \fR
1613 1613 .ad
1614 1614 .sp .6
1615 1615 .RS 4n
1616 1616 Require the peer to authenticate itself using standard CHAP authentication.
1617 1617 MS-CHAP is not affected.
1618 1618 .RE
1619 1619
1620 1620 .sp
1621 1621 .ne 2
1622 1622 .na
1623 1623 \fB\fBrequire-mschap\fR \fR
1624 1624 .ad
1625 1625 .sp .6
1626 1626 .RS 4n
1627 1627 Require the peer to authenticate itself using MS-CHAPv1 authentication.
1628 1628 .RE
1629 1629
1630 1630 .sp
1631 1631 .ne 2
1632 1632 .na
1633 1633 \fB\fBrequire-mschapv2\fR \fR
1634 1634 .ad
1635 1635 .sp .6
1636 1636 .RS 4n
1637 1637 Require the peer to authenticate itself using MS-CHAPv2 authentication.
1638 1638 .RE
1639 1639
1640 1640 .sp
1641 1641 .ne 2
1642 1642 .na
1643 1643 \fB\fBrequire-pap\fR \fR
1644 1644 .ad
1645 1645 .sp .6
1646 1646 .RS 4n
1647 1647 Require the peer to authenticate itself using PAP authentication.
1648 1648 .RE
1649 1649
1650 1650 .sp
1651 1651 .ne 2
1652 1652 .na
1653 1653 \fB\fBshow-password\fR \fR
1654 1654 .ad
1655 1655 .sp .6
1656 1656 .RS 4n
1657 1657 When logging contents of PAP packets, this option causes \fBpppd\fR to show the
1658 1658 password string in the log message.
1659 1659 .RE
1660 1660
1661 1661 .sp
1662 1662 .ne 2
1663 1663 .na
1664 1664 \fB\fBsilent\fR \fR
1665 1665 .ad
1666 1666 .sp .6
1667 1667 .RS 4n
1668 1668 With this option, \fBpppd\fR will not transmit LCP packets to initiate a
1669 1669 connection until a valid LCP packet is received from the peer. This is like the
1670 1670 "passive" option with older versions of \fBpppd\fR and is retained for
1671 1671 compatibility, but the current \fBpassive\fR option is preferred.
1672 1672 .RE
1673 1673
1674 1674 .sp
1675 1675 .ne 2
1676 1676 .na
1677 1677 \fB\fBsmall-accm-test\fR \fR
1678 1678 .ad
1679 1679 .sp .6
1680 1680 .RS 4n
1681 1681 When checking the \fBasyncmap\fR (ACCM) setting, \fBpppd\fR uses all 256
1682 1682 possible values by default. See \fBno-accm-test\fR. This option restricts the
1683 1683 test so that only the 32 values affected by standard ACCM negotiation are
1684 1684 tested. This option is useful on very slow links.
1685 1685 .RE
1686 1686
1687 1687 .sp
1688 1688 .ne 2
1689 1689 .na
1690 1690 \fB\fBsocket\fR \fB\fIhost\fR:\fIport\fR\fR \fR
1691 1691 .ad
1692 1692 .sp .6
1693 1693 .RS 4n
1694 1694 Connect to given host and port using TCP and run PPP over this connection.
1695 1695 .RE
1696 1696
1697 1697 .sp
1698 1698 .ne 2
1699 1699 .na
1700 1700 \fB\fBsync\fR \fR
1701 1701 .ad
1702 1702 .sp .6
1703 1703 .RS 4n
1704 1704 Use synchronous HDLC serial encoding instead of asynchronous. The device used
1705 1705 by \fBpppd\fR with this option must have sync support. Currently supports
1706 1706 \fBzs\fR, \fBse\fR, and \fBhsi\fR drivers.
1707 1707 .RE
1708 1708
1709 1709 .sp
1710 1710 .ne 2
1711 1711 .na
1712 1712 \fB\fBunit\fR \fB\fIn\fR\fR \fR
1713 1713 .ad
1714 1714 .sp .6
1715 1715 .RS 4n
1716 1716 Set PPP interface unit number to \fIn\fR, if possible.
1717 1717 .RE
1718 1718
1719 1719 .sp
1720 1720 .ne 2
1721 1721 .na
1722 1722 \fB\fBupdetach\fR \fR
1723 1723 .ad
1724 1724 .sp .6
1725 1725 .RS 4n
1726 1726 With this option, \fBpppd\fR detaches from its controlling terminal after
1727 1727 establishing the PPP connection. When this is specified, messages sent to
1728 1728 \fBstderr\fR by the connect script, usually \fBchat\fR(1M), and debugging
1729 1729 messages from the debug option are directed to \fBpppd\fR's standard output.
1730 1730 .RE
1731 1731
1732 1732 .sp
1733 1733 .ne 2
1734 1734 .na
1735 1735 \fB\fBusehostname\fR \fR
1736 1736 .ad
1737 1737 .sp .6
1738 1738 .RS 4n
1739 1739 Enforce the use of the hostname with domain name appended, if given, as the
1740 1740 name of the local system for authentication purposes. This overrides the
1741 1741 \fBname\fR option. Because the \fBname\fR option is privileged, this option is
1742 1742 normally not needed.
1743 1743 .RE
1744 1744
1745 1745 .sp
1746 1746 .ne 2
1747 1747 .na
1748 1748 \fB\fBusepeerdns\fR \fR
1749 1749 .ad
1750 1750 .sp .6
1751 1751 .RS 4n
1752 1752 Ask the peer for up to two DNS server addresses. Addresses supplied by the
1753 1753 peer, if any, are passed to the \fB/etc/ppp/ip-up\fR script in the environment
1754 1754 variables DNS1 and DNS2. In addition, \fBpppd\fR creates an
1755 1755 \fB/etc/ppp/resolv.conf\fR file containing one or two nameserver lines with the
1756 1756 address(es) supplied by the peer.
1757 1757 .RE
1758 1758
1759 1759 .sp
1760 1760 .ne 2
1761 1761 .na
1762 1762 \fB\fBuser\fR \fB\fIname\fR\fR \fR
1763 1763 .ad
1764 1764 .sp .6
1765 1765 .RS 4n
1766 1766 Sets the name used for authenticating the local system to the peer to
1767 1767 \fIname\fR.
1768 1768 .RE
1769 1769
1770 1770 .sp
1771 1771 .ne 2
1772 1772 .na
1773 1773 \fB\fBvj-max-slots\fR \fB\fIn\fR\fR \fR
1774 1774 .ad
1775 1775 .sp .6
1776 1776 .RS 4n
1777 1777 Sets the number of connection slots to be used by the Van Jacobson TCP/IP
1778 1778 header compression and decompression code to \fIn\fR, which must be between 2
1779 1779 and 16 (inclusive).
1780 1780 .RE
1781 1781
1782 1782 .sp
1783 1783 .ne 2
1784 1784 .na
1785 1785 \fB\fBwelcome\fR \fB\fIscript\fR\fR \fR
1786 1786 .ad
1787 1787 .sp .6
1788 1788 .RS 4n
1789 1789 Run the executable or shell command specified by \fIscript\fR before initiating
1790 1790 PPP negotiation, after the connect script, if any, has completed. A value for
1791 1791 this option from a privileged source cannot be overridden by a non-privileged
1792 1792 user.
1793 1793 .RE
1794 1794
1795 1795 .sp
1796 1796 .ne 2
1797 1797 .na
1798 1798 \fB\fBxonxoff\fR \fR
1799 1799 .ad
1800 1800 .sp .6
1801 1801 .RS 4n
1802 1802 Use software flow control, that is, XON/XOFF, to control the flow of data on
1803 1803 the serial port.
1804 1804 .RE
1805 1805
1806 1806 .SS "Obsolete Options"
1807 1807 The following options are obsolete:
1808 1808 .sp
1809 1809 .ne 2
1810 1810 .na
1811 1811 \fB\fB+ua\fR \fB\fIname\fR\fR\fR
1812 1812 .ad
1813 1813 .RS 14n
1814 1814 Read a PAP user name and password from the file \fIname\fR. This file must have
1815 1815 two lines for name and password. Name and password are sent to the peer when
1816 1816 the peer requests PAP authentication.
1817 1817 .RE
1818 1818
1819 1819 .sp
1820 1820 .ne 2
1821 1821 .na
1822 1822 \fB\fB+ipv6\fR \fR
1823 1823 .ad
1824 1824 .RS 14n
1825 1825 Enable IPv6 and IPv6CP without specifying interface identifiers.
1826 1826 .RE
1827 1827
1828 1828 .sp
1829 1829 .ne 2
1830 1830 .na
1831 1831 \fB\fB--version\fR \fR
1832 1832 .ad
1833 1833 .RS 14n
1834 1834 Show version number and exit.
1835 1835 .RE
1836 1836
1837 1837 .sp
1838 1838 .ne 2
1839 1839 .na
1840 1840 \fB\fB--help\fR \fR
1841 1841 .ad
1842 1842 .RS 14n
1843 1843 Show brief help message and exit.
1844 1844 .RE
1845 1845
1846 1846 .SH EXTENDED DESCRIPTION
1847 1847 The following sections discuss miscellaneous features of \fBpppd\fR:
1848 1848 .SS "Security"
1849 1849 \fBpppd\fR allows system administrators to provide legitimate users with PPP
1850 1850 access to a server machine without fear of compromising the security of the
1851 1851 server or the network it runs on. Access control is provided by restricting IP
1852 1852 addresses the peer may use based on its authenticated identity (if any), and
1853 1853 through restrictions on options a non-privileged user may use. Options that
1854 1854 permit potentially insecure configurations are privileged. Privileged options
1855 1855 are accepted only in files that are under the control of the system
1856 1856 administrator or when \fBpppd\fR is being run by root.
1857 1857 .sp
1858 1858 .LP
1859 1859 By default, \fBpppd\fR allows an unauthenticated peer to use a given IP address
1860 1860 only if the system does not already have a route to that IP address. For
1861 1861 example, a system with a permanent connection to the wider Internet will
1862 1862 normally have a default route, meaning all peers must authenticate themselves
1863 1863 to set up a connection. On such a system, the \fBauth\fR option is the default.
1864 1864 Conversely, a system with a PPP link that comprises the only connection to the
1865 1865 Internet probably does not possess a default route, so the peer can use
1866 1866 virtually any IP address without authenticating itself.
1867 1867 .sp
1868 1868 .LP
1869 1869 Security-sensitive options are privileged and cannot be accessed by a
1870 1870 non-privileged user running \fBpppd\fR, either on the command line, in the
1871 1871 user's \fB$HOME/.ppprc\fR file, or in an options file read using the \fBfile\fR
1872 1872 option. Privileged options may be used in \fB/etc/ppp/options\fR file or in an
1873 1873 options file read using the \fBcall\fR option. If \fBpppd\fR is run by the root
1874 1874 user, privileged options can be used without restriction. If the
1875 1875 \fB/etc/ppp/options\fR file does not exist, then only root may invoke
1876 1876 \fBpppd\fR. The \fB/etc/ppp/options\fR file must be created (but may be empty)
1877 1877 to allow ordinary non-root users to access \fBpppd\fR.
1878 1878 .sp
1879 1879 .LP
1880 1880 When opening the device, \fBpppd\fR uses the invoking user's user ID or the
1881 1881 root UID (that is, 0), depending if the device name was specified by the user
1882 1882 or the system administrator. If the device name comes from a privileged source,
1883 1883 that is, \fB/etc/ppp/options\fR or an options file read using the \fBcall\fR
1884 1884 option, \fBpppd\fR uses full root privileges when opening the device. Thus, by
1885 1885 creating an appropriate file under \fB/etc/ppp/peers\fR, the system
1886 1886 administrator can allow users to establish a PPP connection via a device that
1887 1887 they would not normally have access to. Otherwise \fBpppd\fR uses the invoking
1888 1888 user's real UID when opening the device.
1889 1889 .SS "Authentication"
1890 1890 During the authentication process, one peer convinces the other of its identity
1891 1891 by sending its name and some secret information to the other. During
1892 1892 authentication, the first peer becomes the "client" and the second becomes the
1893 1893 "server." Authentication names can (but are not required to) correspond to the
1894 1894 peer's Internet hostnames.
1895 1895 .sp
1896 1896 .LP
1897 1897 \fBpppd\fR supports four authentication protocols: the Password Authentication
1898 1898 Protocol (PAP) and three forms of the Challenge Handshake Authentication
1899 1899 Protocol (CHAP). With the PAP protocol, the client sends its name and a
1900 1900 cleartext password to the server to authenticate itself. With CHAP, the server
1901 1901 initiates the authentication exchange by sending a challenge to the client who
1902 1902 must respond with its name and a hash value derived from the shared secret and
1903 1903 the challenge.
1904 1904 .sp
1905 1905 .LP
1906 1906 The PPP protocol is symmetrical, meaning that each peer may be required to
1907 1907 authenticate itself to the other. Different authentication protocols and names
1908 1908 can be used for each exchange.
1909 1909 .sp
1910 1910 .LP
1911 1911 By default, \fBpppd\fR authenticates if requested and does not require
1912 1912 authentication from the peer. However, \fBpppd\fR does not authenticate itself
1913 1913 with a specific protocol if it has no secrets that can do so.
1914 1914 .sp
1915 1915 .LP
1916 1916 \fBpppd\fR stores authentication secrets in the \fB/etc/ppp/pap-secrets\fR (for
1917 1917 PAP), and \fB/etc/ppp/chap-secrets\fR (for CHAP) files. Both files use the same
1918 1918 format. \fBpppd\fR uses secrets files to authenticate itself to other systems
1919 1919 and to authenticate other systems to itself.
1920 1920 .sp
1921 1921 .LP
1922 1922 Secrets files contain one secret per line. Secrets are specific to a particular
1923 1923 combination of client and server and can only be used by that client to
1924 1924 authenticate itself to that server. Each line in a secrets file has a minimum
1925 1925 of three fields that contain the client and server names followed by the
1926 1926 secret. Often, these three fields are followed by IP addresses that are used by
1927 1927 clients to connect to a server.
1928 1928 .sp
1929 1929 .LP
1930 1930 A secrets file is parsed into words, with client name, server name and secrets
1931 1931 fields allocated one word each. Embedded spaces or other special characters
1932 1932 within a word must be quoted or escaped. Case is significant in all three
1933 1933 fields.
1934 1934 .sp
1935 1935 .LP
1936 1936 A secret beginning with an at sign ("@") is followed by the name of a file
1937 1937 containing the secret. An asterisk (*) as the client or server name matches any
1938 1938 name. When choosing a match, \fBpppd\fR selects the one with the fewest
1939 1939 wildcards. Succeeding words on a line are interpreted by \fBpppd\fR as
1940 1940 acceptable IP addresses for that client. IP Addresses are disallowed if they
1941 1941 appear in lines that contain only three words or lines whose first word begins
1942 1942 with a hyphen ("-"). To allow any address, use "*". An address starting with an
1943 1943 exclamation point ("!") indicates that the specified address is not acceptable.
1944 1944 An address may be followed by "/" and a number \fIn\fR to indicate a whole
1945 1945 subnet (all addresses that have the same value in the most significant \fIn\fR
1946 1946 bits). In this form, the address may be followed by a plus sign ("+") to
1947 1947 indicate that one address from the subnet is authorized, based on the ppp
1948 1948 network interface unit number in use. In this case, the host part of the
1949 1949 address is set to the unit number, plus one.
1950 1950 .sp
1951 1951 .LP
1952 1952 When authenticating the peer, \fBpppd\fR chooses a secret with the peer's name
1953 1953 in the first field of the secrets file and the name of the local system in the
1954 1954 second field. The local system name defaults to the hostname, with the domain
1955 1955 name appended if the \fBdomain\fR option is used. The default can be overridden
1956 1956 with the \fBname\fR option unless the \fBusehostname\fR option is used.
1957 1957 .sp
1958 1958 .LP
1959 1959 When authenticating to the peer, \fBpppd\fR first determines the name it will
1960 1960 use to identify itself to the peer. This name is specified with the \fBuser\fR
1961 1961 option. If the \fBuser\fR option is not used, the name defaults to the host
1962 1962 name of the local system. \fBpppd\fR then selects a secret from the secrets
1963 1963 file by searching for an entry with a local name in the first field and the
1964 1964 peer's name in the second field. \fBpppd\fR will know the name of the peer if
1965 1965 standard CHAP authentication is used because the peer will have sent it in the
1966 1966 Challenge packet. However, if MS-CHAP or PAP is being used, \fBpppd\fR must
1967 1967 determine the peer's name from the options specified by the user. The user can
1968 1968 specify the peer's name directly with the \fBremotename\fR option. Otherwise,
1969 1969 if the remote IP address was specified by a name, rather than in numeric form,
1970 1970 that name will be used as the peer's name. If that fails, \fBpppd\fR uses the
1971 1971 null string as the peer's name.
1972 1972 .sp
1973 1973 .LP
1974 1974 When authenticating the peer with PAP, the supplied password is compared with
1975 1975 data in the secrets file. If the password and secret do not match, the password
1976 1976 is encrypted using \fBcrypt()\fR and checked against the secret again. If the
1977 1977 \fBpapcrypt\fR option is given, the first unencrypted comparison is omitted for
1978 1978 better security, and entries must thus be in encrypted \fBcrypt\fR(3C) form.
1979 1979 .sp
1980 1980 .LP
1981 1981 If the \fBlogin\fR option is specified, the username and password are also
1982 1982 checked against the system password database. This allows you to set up the
1983 1983 \fBpap-secrets\fR file to enable PPP access only to certain users, and to
1984 1984 restrict the set of IP addresses available to users. Typically, when using the
1985 1985 \fBlogin\fR option, the secret in \fB/etc/ppp/pap-secrets\fR would be "", which
1986 1986 matches any password supplied by the peer. This makes having the same secret in
1987 1987 two places unnecessary. When \fBlogin\fR is used, the \fBpam\fR option enables
1988 1988 access control through \fBpam\fR(3PAM).
1989 1989 .sp
1990 1990 .LP
1991 1991 Authentication must be completed before IPCP (or other network protocol) can be
1992 1992 started. If the peer is required to authenticate itself and fails, \fBpppd\fR
1993 1993 closes LCP and terminates the link. If IPCP negotiates an unacceptable IP
1994 1994 address for the remote host, IPCP is closed. IP packets are sent or received
1995 1995 only when IPCP is open.
1996 1996 .sp
1997 1997 .LP
1998 1998 To allow hosts that cannot authenticate themselves to connect and use one of a
1999 1999 restricted set of IP addresses, add a line to the \fBpap-secrets\fR file
2000 2000 specifying the empty string for the client name and secret.
2001 2001 .sp
2002 2002 .LP
2003 2003 Additional \fBpppd\fR options for a given peer may be specified by placing them
2004 2004 at the end of the secrets entry, separated by two dashes (--). For example
2005 2005 .sp
2006 2006 .in +2
2007 2007 .nf
2008 2008 peername servername secret ip-address -- novj
2009 2009 .fi
2010 2010 .in -2
2011 2011
2012 2012 .SS "Routing"
2013 2013 When IPCP negotiation is complete, \fBpppd\fR informs the kernel of the local
2014 2014 and remote IP addresses for the PPP interface and creates a host route to the
2015 2015 remote end of the link that enables peers to exchange IP packets. Communication
2016 2016 with other machines generally requires further modification to routing tables
2017 2017 and/or Address Resolution Protocol (ARP) tables. In most cases the
2018 2018 \fBdefaultroute\fR and/or \fBproxyarp\fR options are sufficient for this, but
2019 2019 further intervention may be necessary. If further intervention is required, use
2020 2020 the \fB/etc/ppp/ip-up\fR script or a routing protocol daemon.
2021 2021 .sp
2022 2022 .LP
2023 2023 To add a default route through the remote host, use the \fBdefaultroute\fR
2024 2024 option. This option is typically used for "client" systems; that is, end-nodes
2025 2025 that use the PPP link for access to the general Internet.
2026 2026 .sp
2027 2027 .LP
2028 2028 In some cases it is desirable to use proxy ARP, for example on a server machine
2029 2029 connected to a LAN, to allow other hosts to communicate with the remote host.
2030 2030 \fBproxyarp\fR instructs \fBpppd\fR to look for a network interface on the same
2031 2031 subnet as the remote host. That is, an interface supporting broadcast and ARP
2032 2032 that is not a point-to-point or loopback interface and that is currently up. If
2033 2033 found, \fBpppd\fR creates a permanent, published ARP entry with the IP address
2034 2034 of the remote host and the hardware address of the network interface.
2035 2035 .sp
2036 2036 .LP
2037 2037 When the \fBdemand\fR option is used, the interface IP addresses are already
2038 2038 set at the time when IPCP comes up. If \fBpppd\fR cannot negotiate the same
2039 2039 addresses it used to configure the interface, it changes the interface IP
2040 2040 addresses to the negotiated addresses. This may disrupt existing connections.
2041 2041 Using demand dialing with peers that perform dynamic IP address assignment is
2042 2042 not recommended.
2043 2043 .SS "Scripts"
2044 2044 \fBpppd\fR invokes scripts at various stages during processing that are used to
2045 2045 perform site-specific ancillary processing. These scripts may be shell scripts
2046 2046 or executable programs. \fBpppd\fR does not wait for the scripts to finish. The
2047 2047 scripts are executed as \fBroot\fR (with the real and effective user-id set to
2048 2048 0), enabling them to update routing tables, run privileged daemons, or perform
2049 2049 other tasks. Be sure that the contents of these scripts do not compromise your
2050 2050 system's security. \fBpppd\fR runs the scripts with standard input, output and
2051 2051 error redirected to \fB/dev/null\fR, and with an environment that is empty
2052 2052 except for some environment variables that give information about the link. The
2053 2053 \fBpppd\fR environment variables are:
2054 2054 .sp
2055 2055 .ne 2
2056 2056 .na
2057 2057 \fB\fBDEVICE\fR \fR
2058 2058 .ad
2059 2059 .RS 15n
2060 2060 Name of the serial tty device.
2061 2061 .RE
2062 2062
2063 2063 .sp
2064 2064 .ne 2
2065 2065 .na
2066 2066 \fB\fBIFNAME\fR \fR
2067 2067 .ad
2068 2068 .RS 15n
2069 2069 Name of the network interface.
2070 2070 .RE
2071 2071
2072 2072 .sp
2073 2073 .ne 2
2074 2074 .na
2075 2075 \fB\fBIPLOCAL\fR \fR
2076 2076 .ad
2077 2077 .RS 15n
2078 2078 IP address for the link's local end. This is set only when IPCP has started.
2079 2079 .RE
2080 2080
2081 2081 .sp
2082 2082 .ne 2
2083 2083 .na
2084 2084 \fB\fBIPREMOTE\fR \fR
2085 2085 .ad
2086 2086 .RS 15n
2087 2087 IP address for the link's remote end. This is set only when IPCP has started.
2088 2088 .RE
2089 2089
2090 2090 .sp
2091 2091 .ne 2
2092 2092 .na
2093 2093 \fB\fBPEERNAME\fR \fR
2094 2094 .ad
2095 2095 .RS 15n
2096 2096 Authenticated name of the peer. This is set only if the peer authenticates
2097 2097 itself.
2098 2098 .RE
2099 2099
2100 2100 .sp
2101 2101 .ne 2
2102 2102 .na
2103 2103 \fB\fBSPEED\fR \fR
2104 2104 .ad
2105 2105 .RS 15n
2106 2106 Baud rate of the tty device.
2107 2107 .RE
2108 2108
2109 2109 .sp
2110 2110 .ne 2
2111 2111 .na
2112 2112 \fB\fBORIG_UID\fR \fR
2113 2113 .ad
2114 2114 .RS 15n
2115 2115 Real user-id of user who invoked \fBpppd\fR.
2116 2116 .RE
2117 2117
2118 2118 .sp
2119 2119 .ne 2
2120 2120 .na
2121 2121 \fB\fBPPPLOGNAME\fR \fR
2122 2122 .ad
2123 2123 .RS 15n
2124 2124 Username of the real user-id who invoked \fBpppd\fR. This is always set.
2125 2125 .RE
2126 2126
2127 2127 .sp
2128 2128 .LP
2129 2129 \fBpppd\fR also sets the following variables for the ip-down and auth-down
2130 2130 scripts:
2131 2131 .sp
2132 2132 .ne 2
2133 2133 .na
2134 2134 \fB\fBCONNECT_TIME\fR \fR
2135 2135 .ad
2136 2136 .RS 17n
2137 2137 Number of seconds between the start of PPP negotiation and connection
2138 2138 termination.
2139 2139 .RE
2140 2140
2141 2141 .sp
2142 2142 .ne 2
2143 2143 .na
2144 2144 \fB\fBBYTES_SENT\fR \fR
2145 2145 .ad
2146 2146 .RS 17n
2147 2147 Number of bytes sent at the level of the serial port during the connection.
2148 2148 .RE
2149 2149
2150 2150 .sp
2151 2151 .ne 2
2152 2152 .na
2153 2153 \fB\fBBYTES_RCVD\fR \fR
2154 2154 .ad
2155 2155 .RS 17n
2156 2156 Number of bytes received at the level of the serial port during the connection.
2157 2157 .RE
2158 2158
2159 2159 .sp
2160 2160 .ne 2
2161 2161 .na
2162 2162 \fB\fBLINKNAME\fR \fR
2163 2163 .ad
2164 2164 .RS 17n
2165 2165 Logical name of the link, set with the \fBlinkname\fR option.
2166 2166 .RE
2167 2167
2168 2168 .sp
2169 2169 .LP
2170 2170 If they exist, \fBpppd\fR invokes the following scripts. It is not an error if
2171 2171 they do not exist.
2172 2172 .sp
2173 2173 .ne 2
2174 2174 .na
2175 2175 \fB\fB/etc/ppp/auth-up\fR \fR
2176 2176 .ad
2177 2177 .RS 23n
2178 2178 Program or script executed after the remote system successfully authenticates
2179 2179 itself. It is executed with five command-line arguments: \fBinterface-name
2180 2180 peer-name user-name tty-device speed\fR. Note that this script is not executed
2181 2181 if the peer does not authenticate itself, for example, when the \fBnoauth\fR
2182 2182 option is used.
2183 2183 .RE
2184 2184
2185 2185 .sp
2186 2186 .ne 2
2187 2187 .na
2188 2188 \fB\fB/etc/ppp/auth-down\fR \fR
2189 2189 .ad
2190 2190 .RS 23n
2191 2191 Program or script executed when the link goes down if \fB/etc/ppp/auth-up\fR
2192 2192 was previously executed. It is executed in the same manner with the same
2193 2193 parameters as \fB/etc/ppp/auth-up\fR.
2194 2194 .RE
2195 2195
2196 2196 .sp
2197 2197 .ne 2
2198 2198 .na
2199 2199 \fB\fB/etc/ppp/ip-up\fR \fR
2200 2200 .ad
2201 2201 .RS 21n
2202 2202 A program or script that is executed when the link is available for sending and
2203 2203 receiving IP packets (that is, IPCP has come up). It is executed with six
2204 2204 command-line arguments: \fBinterface-name tty-device speed local-IP-address
2205 2205 remote-IP-address ipparam\fR.
2206 2206 .RE
2207 2207
2208 2208 .sp
2209 2209 .ne 2
2210 2210 .na
2211 2211 \fB\fB/etc/ppp/ip-down\fR \fR
2212 2212 .ad
2213 2213 .RS 21n
2214 2214 A program or script which is executed when the link is no longer available for
2215 2215 sending and receiving IP packets. This script can be used for undoing the
2216 2216 effects of the \fB/etc/ppp/ip-up\fR script. It is invoked in the same manner
2217 2217 and with the same parameters as the \fBip-up\fR script.
2218 2218 .RE
2219 2219
2220 2220 .sp
2221 2221 .ne 2
2222 2222 .na
2223 2223 \fB\fB/etc/ppp/ipv6-up\fR \fR
2224 2224 .ad
2225 2225 .RS 21n
2226 2226 Similar to \fB/etc/ppp/ip-up\fR, except that it is executed when the link is
2227 2227 available for sending and receiving IPv6 packets. Executed with six
2228 2228 command-line arguments: \fBinterface-name tty-device speed
2229 2229 local-link-local-address remote-link-local-address ipparam\fR.
2230 2230 .RE
2231 2231
2232 2232 .sp
2233 2233 .ne 2
2234 2234 .na
2235 2235 \fB\fB/etc/ppp/ipv6-down\fR \fR
2236 2236 .ad
2237 2237 .RS 23n
2238 2238 Similar to \fB/etc/ppp/ip-down\fR, but executed when IPv6 packets can no longer
2239 2239 be transmitted on the link. Executed with the same parameters as the ipv6-up
2240 2240 script.
2241 2241 .RE
2242 2242
2243 2243 .SH EXAMPLES
2244 2244 \fBExample 1 \fRUsing the \fBauth\fR Option
2245 2245 .sp
2246 2246 .LP
2247 2247 The following examples assume that the \fB/etc/ppp/options\fR file contains the
2248 2248 \fBauth\fR option.
2249 2249
2250 2250 .sp
2251 2251 .LP
2252 2252 \fBpppd\fR is commonly used to dial out to an ISP. You can do this using the
2253 2253 "\fBpppd call isp\fR" command where the \fB/etc/ppp/peers/isp\fR file is set up
2254 2254 to contain a line similar to the following:
2255 2255
2256 2256 .sp
2257 2257 .in +2
2258 2258 .nf
2259 2259 cua/a 19200 crtscts connect '/usr/bin/chat -f /etc/ppp/chat-isp' noauth
2260 2260 .fi
2261 2261 .in -2
2262 2262
2263 2263 .sp
2264 2264 .LP
2265 2265 For this example, \fBchat\fR(1M) is used to dial the ISP's modem and process
2266 2266 any login sequence required. The \fB/etc/ppp/chat-isp\fR file is used by
2267 2267 \fBchat\fR and could contain the following:
2268 2268
2269 2269 .sp
2270 2270 .in +2
2271 2271 .nf
2272 2272 ABORT "NO CARRIER"
2273 2273 ABORT "NO DIALTONE"
2274 2274 ABORT "ERROR"
2275 2275 ABORT "NO ANSWER"
2276 2276 ABORT "BUSY"
2277 2277 ABORT "Username/Password Incorrect"
2278 2278 "" "at"
2279 2279 OK "at&f&d2&c1"
2280 2280 OK "atdt2468135"
2281 2281 "name:" "^Umyuserid"
2282 2282 "word:" "\eqmypassword"
2283 2283 "ispts" "\eq^Uppp"
2284 2284 "~-^Uppp-~"
2285 2285 .fi
2286 2286 .in -2
2287 2287
2288 2288 .sp
2289 2289 .LP
2290 2290 See the \fBchat\fR(1M) man page for details of \fBchat\fR scripts.
2291 2291
2292 2292 .LP
2293 2293 \fBExample 2 \fRUsing \fBpppd\fR with \fBproxyarp\fR
2294 2294 .sp
2295 2295 .LP
2296 2296 \fBpppd\fR can also provide a dial-in ppp service for users. If the users
2297 2297 already have login accounts, the simplest way to set up the ppp service is to
2298 2298 let the users log in to their accounts and run \fBpppd\fR as shown in the
2299 2299 following example:
2300 2300
2301 2301 .sp
2302 2302 .in +2
2303 2303 .nf
2304 2304 example% \fBpppd proxyarp\fR
2305 2305 .fi
2306 2306 .in -2
2307 2307 .sp
2308 2308
2309 2309 .LP
2310 2310 \fBExample 3 \fRProviding a User with Access to PPP Facilities
2311 2311 .sp
2312 2312 .LP
2313 2313 To provide a user with access to the PPP facilities, allocate an IP address for
2314 2314 the user's machine, create an entry in \fB/etc/ppp/pap-secrets\fR or
2315 2315 \fB/etc/ppp/chap-secrets\fR. This enables the user's machine to authenticate
2316 2316 itself. For example, to enable user "Joe" using machine "joespc" to dial in to
2317 2317 machine "server" and use the IP address "joespc.example.net," add the following
2318 2318 entry to the \fB/etc/ppp/pap-secrets\fR or \fB/etc/ppp/chap-secrets\fR files:
2319 2319
2320 2320 .sp
2321 2321 .in +2
2322 2322 .nf
2323 2323 \fBjoespc server "joe's secret" joespc.example.net\fR
2324 2324 .fi
2325 2325 .in -2
2326 2326 .sp
2327 2327
2328 2328 .sp
2329 2329 .LP
2330 2330 Alternatively, you can create another username, for example "ppp," whose login
2331 2331 shell is \fB/usr/bin/pppd\fR and whose home directory is \fB/etc/ppp\fR. If you
2332 2332 run \fBpppd\fR this way, add the options to the \fB/etc/ppp/.ppprc\fR file.
2333 2333
2334 2334 .sp
2335 2335 .LP
2336 2336 If your serial connection is complex, it may be useful to escape such control
2337 2337 characters as XON (^Q) and XOFF (^S), using \fBasyncmap a0000\fR. If the path
2338 2338 includes a telnet, escape ^] (\fBasyncmap 200a0000\fR). If the path includes a
2339 2339 \fBrlogin\fR command, add \fBescape ff\fR option to the options, because
2340 2340 \fBrlogin\fR removes the window-size-change sequence [0xff, 0xff, 0x73, 0x73,
2341 2341 followed by any 8 bytes] from the stream.
2342 2342
2343 2343 .SH EXIT STATUS
2344 2344 The \fBpppd\fR exit status indicates errors or specifies why a link was
2345 2345 terminated. Exit status values are:
2346 2346 .sp
2347 2347 .ne 2
2348 2348 .na
2349 2349 \fB\fB0\fR \fR
2350 2350 .ad
2351 2351 .RS 7n
2352 2352 \fBpppd\fR has detached or the connection was successfully established and
2353 2353 terminated at the peer's request.
2354 2354 .RE
2355 2355
2356 2356 .sp
2357 2357 .ne 2
2358 2358 .na
2359 2359 \fB\fB1\fR \fR
2360 2360 .ad
2361 2361 .RS 7n
2362 2362 An immediately fatal error occurred. For example, an essential system call
2363 2363 failed.
2364 2364 .RE
2365 2365
2366 2366 .sp
2367 2367 .ne 2
2368 2368 .na
2369 2369 \fB\fB2\fR \fR
2370 2370 .ad
2371 2371 .RS 7n
2372 2372 An error was detected in the options given. For example, two mutually exclusive
2373 2373 options were used, or \fB/etc/ppp/options\fR is missing and the user is not
2374 2374 root.
2375 2375 .RE
2376 2376
2377 2377 .sp
2378 2378 .ne 2
2379 2379 .na
2380 2380 \fB\fB3\fR \fR
2381 2381 .ad
2382 2382 .RS 7n
2383 2383 \fBpppd\fR is not \fBsetuid-root\fR and the invoking user is not root.
2384 2384 .RE
2385 2385
2386 2386 .sp
2387 2387 .ne 2
2388 2388 .na
2389 2389 \fB\fB4\fR \fR
2390 2390 .ad
2391 2391 .RS 7n
2392 2392 The kernel does not support PPP. For example, the PPP kernel driver is not
2393 2393 included or cannot be loaded.
2394 2394 .RE
2395 2395
2396 2396 .sp
2397 2397 .ne 2
2398 2398 .na
2399 2399 \fB\fB5\fR \fR
2400 2400 .ad
2401 2401 .RS 7n
2402 2402 \fBpppd\fR terminated because it was sent a SIGINT, SIGTERM or SIGHUP signal.
2403 2403 .RE
2404 2404
2405 2405 .sp
2406 2406 .ne 2
2407 2407 .na
2408 2408 \fB\fB6\fR \fR
2409 2409 .ad
2410 2410 .RS 7n
2411 2411 The serial port could not be locked.
2412 2412 .RE
2413 2413
2414 2414 .sp
2415 2415 .ne 2
2416 2416 .na
2417 2417 \fB\fB7\fR \fR
2418 2418 .ad
2419 2419 .RS 7n
2420 2420 The serial port could not be opened.
2421 2421 .RE
2422 2422
2423 2423 .sp
2424 2424 .ne 2
2425 2425 .na
2426 2426 \fB\fB8\fR \fR
2427 2427 .ad
2428 2428 .RS 7n
2429 2429 The connect script failed and returned a non-zero exit status.
2430 2430 .RE
2431 2431
2432 2432 .sp
2433 2433 .ne 2
2434 2434 .na
2435 2435 \fB\fB9\fR \fR
2436 2436 .ad
2437 2437 .RS 7n
2438 2438 The command specified as the argument to the \fBpty\fR option could not be run.
2439 2439 .RE
2440 2440
2441 2441 .sp
2442 2442 .ne 2
2443 2443 .na
2444 2444 \fB\fB10\fR \fR
2445 2445 .ad
2446 2446 .RS 7n
2447 2447 The PPP negotiation failed because no network protocols were able to run.
2448 2448 .RE
2449 2449
2450 2450 .sp
2451 2451 .ne 2
2452 2452 .na
2453 2453 \fB\fB11\fR \fR
2454 2454 .ad
2455 2455 .RS 7n
2456 2456 The peer system failed or refused to authenticate itself.
2457 2457 .RE
2458 2458
2459 2459 .sp
2460 2460 .ne 2
2461 2461 .na
2462 2462 \fB\fB12\fR \fR
2463 2463 .ad
2464 2464 .RS 7n
2465 2465 The link was established successfully, but terminated because it was idle.
2466 2466 .RE
2467 2467
2468 2468 .sp
2469 2469 .ne 2
2470 2470 .na
2471 2471 \fB\fB13\fR \fR
2472 2472 .ad
2473 2473 .RS 7n
2474 2474 The link was established successfully, but terminated because the connect time
2475 2475 limit was reached.
2476 2476 .RE
2477 2477
2478 2478 .sp
2479 2479 .ne 2
2480 2480 .na
2481 2481 \fB\fB14\fR \fR
2482 2482 .ad
2483 2483 .RS 7n
2484 2484 Callback was negotiated and an incoming call should arrive shortly.
2485 2485 .RE
2486 2486
2487 2487 .sp
2488 2488 .ne 2
2489 2489 .na
2490 2490 \fB\fB15\fR \fR
2491 2491 .ad
2492 2492 .RS 7n
2493 2493 The link was terminated because the peer is not responding to echo requests.
2494 2494 .RE
2495 2495
2496 2496 .sp
2497 2497 .ne 2
2498 2498 .na
2499 2499 \fB\fB16\fR \fR
2500 2500 .ad
2501 2501 .RS 7n
2502 2502 The link was terminated by the modem hanging up.
2503 2503 .RE
2504 2504
2505 2505 .sp
2506 2506 .ne 2
2507 2507 .na
2508 2508 \fB\fB17\fR \fR
2509 2509 .ad
2510 2510 .RS 7n
2511 2511 The PPP negotiation failed because serial loopback was detected.
2512 2512 .RE
2513 2513
2514 2514 .sp
2515 2515 .ne 2
2516 2516 .na
2517 2517 \fB\fB18\fR \fR
2518 2518 .ad
2519 2519 .RS 7n
2520 2520 The init script failed because a non-zero exit status was returned.
2521 2521 .RE
2522 2522
2523 2523 .sp
2524 2524 .ne 2
2525 2525 .na
2526 2526 \fB\fB19\fR \fR
2527 2527 .ad
2528 2528 .RS 7n
2529 2529 Authentication to the peer failed.
2530 2530 .RE
2531 2531
2532 2532 .SH FILES
2533 2533 .ne 2
2534 2534 .na
2535 2535 \fB\fB/var/run/sppp\fIn\fR\fR\fB\&.pid\fR \fR
2536 2536 .ad
2537 2537 .RS 29n
2538 2538 Process-ID for \fBpppd\fR process on PPP interface unit \fIn\fR.
2539 2539 .RE
2540 2540
2541 2541 .sp
2542 2542 .ne 2
2543 2543 .na
2544 2544 \fB\fB/var/run/ppp-\fIname\fR\fR\fB\&.pid\fR \fR
2545 2545 .ad
2546 2546 .RS 29n
2547 2547 Process-ID for \fBpppd\fR process for logical link name (see the \fBlinkname\fR
2548 2548 option).
2549 2549 .RE
2550 2550
2551 2551 .sp
2552 2552 .ne 2
2553 2553 .na
2554 2554 \fB\fB/etc/ppp/pap-secrets\fR \fR
2555 2555 .ad
2556 2556 .RS 29n
2557 2557 Usernames, passwords and IP addresses for PAP authentication. This file should
2558 2558 be owned by root and not readable or writable by any other user, otherwise
2559 2559 \fBpppd\fR will log a warning.
2560 2560 .RE
2561 2561
2562 2562 .sp
2563 2563 .ne 2
2564 2564 .na
2565 2565 \fB\fB/etc/ppp/chap-secrets\fR \fR
2566 2566 .ad
2567 2567 .RS 29n
2568 2568 Names, secrets and IP addresses for all forms of CHAP authentication. The
2569 2569 \fB/etc/ppp/pap-secrets\fR file should be owned by \fBroot\fR should not
2570 2570 readable or writable by any other user, otherwise, \fBpppd\fR will log a
2571 2571 warning.
2572 2572 .RE
2573 2573
2574 2574 .sp
2575 2575 .ne 2
2576 2576 .na
2577 2577 \fB\fB/etc/ppp/options\fR \fR
2578 2578 .ad
2579 2579 .RS 29n
2580 2580 System default options for \fBpppd\fR, read before user default options or
2581 2581 command-line options.
2582 2582 .RE
2583 2583
2584 2584 .sp
2585 2585 .ne 2
2586 2586 .na
2587 2587 \fB\fB$HOME/.ppprc\fR \fR
2588 2588 .ad
2589 2589 .RS 29n
2590 2590 User default options, read before \fB/etc/ppp/options.\fIttyname\fR\fR.
2591 2591 .RE
2592 2592
2593 2593 .sp
2594 2594 .ne 2
2595 2595 .na
2596 2596 \fB\fB/etc/ppp/options.\fIttyname\fR\fR \fR
2597 2597 .ad
2598 2598 .RS 29n
2599 2599 System default options for the serial port in use; read after
2600 2600 \fB$HOME/.ppprc\fR. The \fIttyname\fR component of this filename is formed when
2601 2601 the initial \fB/dev/\fR is stripped from the port name (if present), and
2602 2602 slashes (if any) are converted to dots.
2603 2603 .RE
2604 2604
2605 2605 .sp
2606 2606 .ne 2
2607 2607 .na
2608 2608 \fB\fB/etc/ppp/peers\fR \fR
2609 2609 .ad
2610 2610 .RS 29n
2611 2611 Directory with options files that may contain privileged options, even if
2612 2612 \fBpppd\fR was invoked by a user other than \fBroot\fR. The system
2613 2613 administrator can create options files in this directory to permit
2614 2614 non-privileged users to dial out without requiring the peer to authenticate,
2615 2615 but only to certain trusted peers.
2616 2616 .RE
2617 2617
2618 2618 .SH ATTRIBUTES
2619 2619 See \fBattributes\fR(5) for descriptions of the following attributes:
2620 2620 .sp
2621 2621
2622 2622 .sp
2623 2623 .TS
2624 2624 box;
2625 2625 c | c
2626 2626 l | l .
2627 2627 ATTRIBUTE TYPE ATTRIBUTE VALUE
2628 2628 _
2629 2629 Interface Stability Evolving
2630 2630 .TE
2631 2631
2632 2632 .SH SEE ALSO
2633 2633 \fBchat\fR(1M), \fBifconfig\fR(1M), \fBcrypt\fR(3C), \fBpam\fR(3PAM),
2634 2634 \fBattributes\fR(5)
2635 2635 .sp
2636 2636 .LP
2637 2637 Haskin, D., Allen, E. \fIRFC 2472 - IP Version 6 Over PPP\fR. Network Working
2638 2638 Group. December 1998.
2639 2639 .sp
2640 2640 .LP
2641 2641 Jacobson, V. \fIRFC 1144, Compressing TCP/IP Headers for Low-Speed Serial
2642 2642 Links\fR. Network Working Group. February, 1990
2643 2643 .sp
2644 2644 .LP
2645 2645 Lloyd, B., Simpson, W. \fIRFC 1334, PPP Authentication Protocols\fR. Network
2646 2646 Working Group. October 1992.
2647 2647 .sp
2648 2648 .LP
2649 2649 McGregor, G. \fIRFC 1332, The PPP Internet Protocol Control Protocol (IPCP)\fR.
2650 2650 Network Working Group. May 1992.
2651 2651 .sp
2652 2652 .LP
2653 2653 Rivest, R. \fIRFC 1321, The MD5 Message-Digest Algorithm\fR. Network Working
2654 2654 Group. April 1992
2655 2655 .sp
2656 2656 .LP
2657 2657 Simpson, W. \fIRFC 1661, The Point-to-Point Protocol (PPP)\fR. Network Working
2658 2658 Group. July 1994.
2659 2659 .sp
2660 2660 .LP
2661 2661 Simpson, W. \fIRFC 1662, HDLC-like Framing \fR. Network Working Group. July
2662 2662 1994.
2663 2663 .SH NOTES
2664 2664 These signals affect \fBpppd\fR behavior:
2665 2665 .sp
2666 2666 .ne 2
2667 2667 .na
2668 2668 \fB\fBSIGINT, SIGTERM\fR \fR
2669 2669 .ad
2670 2670 .RS 20n
2671 2671 Terminate the link, restore the serial device settings and exit.
2672 2672 .RE
2673 2673
2674 2674 .sp
2675 2675 .ne 2
2676 2676 .na
2677 2677 \fB\fBSIGHUP\fR \fR
2678 2678 .ad
2679 2679 .RS 20n
2680 2680 Terminate the link, restore the serial device settings and close the serial
2681 2681 device. If the \fBpersist\fR or \fBdemand\fR option is specified, \fBpppd\fR
2682 2682 attempts to reopen the serial device and start another connection after the
2683 2683 holdoff period. Otherwise \fBpppd\fR exits. If received during the holdoff
2684 2684 period, \fBSIGHUP\fR causes \fBpppd\fR to end the holdoff period immediately.
2685 2685 .RE
2686 2686
2687 2687 .sp
2688 2688 .ne 2
2689 2689 .na
2690 2690 \fB\fBSIGUSR1\fR \fR
2691 2691 .ad
2692 2692 .RS 20n
2693 2693 Toggles the state of the \fBdebug\fR option and prints link status information
2694 2694 to the log.
2695 2695 .RE
2696 2696
2697 2697 .sp
2698 2698 .ne 2
2699 2699 .na
2700 2700 \fB\fBSIGUSR2\fR \fR
2701 2701 .ad
2702 2702 .RS 20n
2703 2703 Causes \fBpppd\fR to renegotiate compression. This is useful to re-enable
2704 2704 compression after it has been disabled as a result of a fatal decompression
2705 2705 error. (Fatal decompression errors generally indicate a bug in an
2706 2706 implementation.)
2707 2707 .RE
2708 2708
2709 2709 .SH DIAGNOSTICS
2710 2710 Messages are sent to the syslog daemon using facility \fBLOG_DAEMON\fR. To see
2711 2711 error and debug messages, edit the \fB/etc/syslog.conf\fR file to direct the
2712 2712 messages to the desired output device or file, or use the \fBupdetach\fR or
2713 2713 \fBlogfile\fR options.
2714 2714 .sp
2715 2715 .LP
2716 2716 The \fBdebug\fR option causes the contents of all LCP, PAP, CHAP or IPCP
2717 2717 control packets sent or received to be logged. This is useful if PPP
2718 2718 negotiation does not succeed or if authentication fails.
2719 2719 .sp
2720 2720 .LP
2721 2721 Debugging can also be enabled or disabled by sending a \fBSIGUSR1\fR signal,
2722 2722 which acts as a toggle to the \fBpppd\fR process.
|
↓ open down ↓ |
1165 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX