.\" manual page [] for pppd 2.3
-.\" $Id: pppd.8,v 1.46 1999/08/24 05:31:10 paulus Exp $
+.\" $Id: pppd.8,v 1.51 1999/12/23 01:29:11 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
computer. This mode retains the ability to use DTR as
a modem control line.
.TP
-.B cdtrcts
-Use a non-standard hardware flow control (i.e. DTR/CTS) to control
-the flow of data on the serial port. If neither the \fIcrtscts\fR,
-the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR
-option is given, the hardware flow control setting for the serial
-port is left unchanged.
-Some serial ports (such as Macintosh serial ports) lack a true
-RTS output. Such serial ports use this mode to implement true
-bi-directional flow control. The sacrifice is that this flow
-control mode does not permit using DTR as a modem control line.
-.TP
.B defaultroute
Add a default route to the system routing tables, using the peer as
the gateway, when IPCP negotiation is successfully completed.
IPv6 addresses (e.g. ::dead:beef). If the
\fIipv6cp-use-ipaddr\fR
option is given, the local identifier is the local IPv4 address (see above).
-Otherwise the identifier is randomized.
+On systems which supports a unique persistent id, such as EUI-48 derived
+from the Ethernet MAC address, \fIipv6cp-use-persistent\fR option can be
+used to replace the \fIipv6 <local>,<remote>\fR option. Otherwise the
+identifier is randomized.
.TP
.B active-filter \fIfilter-expression
Specifies a packet filter to be applied to data packets to determine
is currently only available under NetBSD, and then only
if both the kernel and pppd were compiled with PPP_FILTER defined.
.TP
+.B allow-ip \fIaddress(es)
+Allow peers to use the given IP address or subnet without
+authenticating themselves. The parameter is parsed as for each
+element of the list of allowed IP addresses in the secrets files (see
+the AUTHENTICATION section below).
+.TP
.B bsdcomp \fInr,nt
Request that the peer compress packets that it sends, using the
BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and
compression in the corresponding direction. Use \fInobsdcomp\fR or
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
.TP
+.B cdtrcts
+Use a non-standard hardware flow control (i.e. DTR/CTS) to control
+the flow of data on the serial port. If neither the \fIcrtscts\fR,
+the \fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR
+option is given, the hardware flow control setting for the serial
+port is left unchanged.
+Some serial ports (such as Macintosh serial ports) lack a true
+RTS output. Such serial ports use this mode to implement true
+bi-directional flow control. The sacrifice is that this flow
+control mode does not permit using DTR as a modem control line.
+.TP
.B chap-interval \fIn
If this option is given, pppd will rechallenge the peer every \fIn\fR
seconds.
Set the CHAP restart interval (retransmission timeout for challenges)
to \fIn\fR seconds (default 3).
.TP
+.B connect-delay \fIn
+Wait for up \fIn\fR milliseconds after the connect script finishes for
+a valid PPP packet from the peer. At the end of this time, or when a
+valid PPP packet is received from the peer, pppd will commence
+negotiation by sending its first LCP packet. The default value is
+1000 (1 second). This wait period only applies if the \fBconnect\fR
+or \fBpty\fR option is used.
+.TP
.B debug
Enables connection debugging facilities.
If this option is given, pppd will log the contents of all
.TP
.B hide-password
When logging the contents of PAP packets, this option causes pppd to
-exclude the password string from the log.
+exclude the password string from the log. This is the default.
.TP
.B holdoff \fIn
Specifies how many seconds to wait before re-initiating the link after
the kernel are logged by syslog(1) to a file as directed in the
/etc/syslog.conf configuration file.
.TP
+.B ktune
+Enables pppd to alter kernel settings as appropriate. Under Linux,
+pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
+to 1) if the \fIproxyarp\fR option is used, and will enable the
+dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to
+1) in demand mode if the local address changes.
+.TP
.B lcp-echo-failure \fIn
If this option is given, pppd will presume the peer to be dead
if \fIn\fR LCP echo-requests are sent without receiving a valid LCP
required if the peer is buggy and gets confused by requests from pppd
for IPXCP negotiation.
.TP
+.B noktune
+Opposite of the \fIktune\fR option; disables pppd from changing system
+settings.
+.TP
.B nolog
Do not send log messages to a file or file descriptor. This option
cancels the \fBlogfd\fR and \fBlogfile\fR options.
Do not exit after a connection is terminated; instead try to reopen
the connection.
.TP
+.B plugin \fIfilename
+Load the shared library object file \fIfilename\fR as a plugin. This
+is a privileged option.
+.TP
.B predictor1
Request that the peer compress frames that it sends using Predictor-1
compression, and agree to compress transmitted frames with Predictor-1
pseudo-tty master/slave pair and use the slave as its terminal
device. The \fIscript\fR will be run in a child process with the
pseudo-tty master as its standard input and output. An explicit
-device name may not be given if this option is used.
+device name may not be given if this option is used. (Note: if the
+\fIrecord\fR option is used in conjuction with the \fIpty\fR option,
+the child process will have pipes on its standard input and output.)
.TP
.B receive-all
With this option, pppd will accept all control characters from the
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
.TP
+.B show-password
+When logging the contents of PAP packets, this option causes pppd to
+show the password string in the log message.
+.TP
.B silent
With this option, pppd will not transmit LCP packets to initiate a
connection until a valid LCP packet is received from the peer (as for
.B usepeerdns
Ask the peer for up to 2 DNS server addresses. The addresses supplied
by the peer (if any) are passed to the /etc/ppp/ip-up script in the
-environment variables DNS1 and DNS2.
+environment variables DNS1 and DNS2. In addition, pppd will create an
+/etc/ppp/resolv.conf file containing one or two nameserver lines with
+the address(es) supplied by the peer.
.TP
.B user \fIname
Sets the name used for authenticating the local system to the peer to
A secrets file is parsed into words as for a options file, so the
client name, server name and secrets fields must each be one word,
with any embedded spaces or other special characters quoted or
-escaped. Any following words on the same line are taken to be a list
-of acceptable IP addresses for that client. If there are only 3 words
-on the line, or if the first word is "-", then all IP addresses are
-disallowed. To allow any address, use "*".
-A word starting with "!" indicates that the
-specified address is \fInot\fR acceptable. An address may be followed
-by "/" and a number \fIn\fR, to indicate a whole subnet, i.e. all
-addresses which have the same value in the most significant \fIn\fR
-bits. Note that case is significant in the client and server names
+escaped. Note that case is significant in the client and server names
and in the secret.
.LP
If the secret starts with an `@', what follows is assumed to be the
server name matches any name. When selecting a secret, pppd takes the
best match, i.e. the match with the fewest wildcards.
.LP
+Any following words on the same line are taken to be a list of
+acceptable IP addresses for that client. If there are only 3 words on
+the line, or if the first word is "-", then all IP addresses are
+disallowed. To allow any address, use "*". A word starting with "!"
+indicates that the specified address is \fInot\fR acceptable. An
+address may be followed by "/" and a number \fIn\fR, to indicate a
+whole subnet, i.e. all addresses which have the same value in the most
+significant \fIn\fR bits. In this form, the address may be followed
+by a plus sign ("+") to indicate that one address from the subnet is
+authorized, based on the ppp network interface unit number in use.
+In this case, the host part of the address will be set to the unit
+number plus one.
+.LP
Thus a secrets file contains both secrets for use in authenticating
other hosts, plus secrets which we use for authenticating ourselves to
others. When pppd is authenticating the peer (checking the peer's