-out which operating system you are using and creates symbolic links to
-the appropriate makefiles. You then run `make' to compile the
-user-level code, and (as root) `make install' to install the
-user-level programs pppd, chat and pppstats.
-
-The procedures for installing the kernel code vary from system to
-system. On some systems, the kernel code can be loaded into a running
-kernel using a `modload' facility. On others, the kernel image has to
-be recompiled and the system rebooted. See the README.* files for
-details.
-
-
-What's new in ppp-2.3.
-**********************
-
-* Demand-dialling. Pppd now has a mode where it will establish the
-network interface immediately when it starts, but not actually bring
-the link up until it sees some data to be sent. Look for the demand
-option description in the pppd man page. Demand-dialling is not
-supported under Ultrix or NeXTStep.
-
-* Idle timeout. Pppd will optionally terminate the link if no data
-packets are sent or received within a certain time interval.
-
-* Pppd now runs the /etc/ppp/auth-up script, if it exists, when the
-peer successfully authenticates itself, and /etc/ppp/auth-down when
-the connection is subsequently terminated. This can be useful for
-accounting purposes.
-
-* A new packet compression scheme, Deflate, has been implemented.
-This uses the same compression method as `gzip'. This method is free
-of patent or copyright restrictions, and it achieves better
-compression than BSD-Compress. It does consume more CPU cycles for
-compression than BSD-Compress, but this shouldn't be a problem for
-links running at 100kbit/s or less.
-
-* There is no code in this distribution which is covered by Brad
-Clements' restrictive copyright notice. The STREAMS modules for SunOS
-and OSF/1 have been rewritten, based on the Solaris 2 modules, which
-were written from scratch without any Clements code.
-
-* Pppstats has been reworked to clean up the output format somewhat.
-It also has a new -d option which displays data rate in kbyte/s for
-those columns which would normally display bytes.
-
-* Pppd options beginning with - or + have been renamed, e.g. -ip
-became noip, +chap became require-chap, etc. The old options are
-still accepted for compatibility but may be removed in future.
-
-* Pppd now has some options (such as the new `noauth' option) which
-can only be specified if it is being run by root, or in an
-"privileged" options file: /etc/ppp/options or an options file in the
-/etc/ppp/peers directory. There is a new "call" option to read
-options from a file in /etc/ppp/peers, making it possible for non-root
-users to make unauthenticated connections, but only to certain trusted
-peers. My intention is to make the `auth' option the default in a
-future release.
-
-* Several minor new features have been added to pppd, including the
-maxconnect and welcome options. Pppd will now terminate the
-connection when there are no network control protocols running. The
-allowed IP address(es) field in the secrets files can now specify
-subnets (with a notation like 123.45.67.89/24) and addresses which are
-not acceptable (put a ! on the front).
-
-* Numerous bugs have been fixed (no doubt some have been introduced :-)
-Thanks to those who reported bugs in ppp-2.2.
+out which operating system you are using and creates the appropriate
+makefiles. You then run `make' to compile the user-level code, and
+(as root) `make install' to install the user-level programs pppd, chat
+and pppstats.
+
+N.B. Since 2.3.0, leaving the permitted IP addresses column of the
+pap-secrets or chap-secrets file empty means that no addresses are
+permitted. You need to put a "*" in that column to allow the peer to
+use any IP address. (This only applies where the peer is
+authenticating itself to you, of course.)
+
+
+What's new in ppp-2.4.4.
+************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
+ V1 and V2 authentication, both as server and client. The new CHAP
+ code is cleaner than the old code and avoids some copyright problems
+ that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+ although the current implementation shouldn't be considered
+ completely secure. (There is no assurance that the current code
+ won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+ Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+ - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+ - A plug-in for supplying the PAP password over a pipe from another
+ process
+ - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated. There
+ are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+ the link once the number of bytes passed on the link exceeds a given
+ value.
+
+* There are now options to control whether pppd can use the IPCP
+ IP-Address and IP-Addresses options: `ipcp-no-address' and
+ `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect. The
+ new `dump' option causes pppd to print out the option values after
+ option parsing is complete. The `dryrun' option causes pppd to
+ print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+ per-tty options file are parsed correctly, and don't override values
+ from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+ example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+ there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+ which the plugin was compiled, and refuse to load it if it is
+ different to pppd's version string. To enable this, the plugin
+ source needs to #include "pppd.h" and have a line saying:
+ char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+ kernel memory corruption if Deflate is used with the lowest setting,
+ 8. As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+ links into one logical link or `bundle', for increased bandwidth and
+ reduced latency. This is currently only supported under the
+ 2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+ into a common database. I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
+
+
+Compression methods.
+********************
+
+This package supports two packet compression methods: Deflate and
+BSD-Compress. Other compression methods which are in common use
+include Predictor, LZS, and MPPC. These methods are not supported for
+two reasons - they are patent-encumbered, and they cause some packets
+to expand slightly, which pppd doesn't currently allow for.
+BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
+ever expand packets.