.\" IP indented paragraph
.\" TP hanging label
.\"
-.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@samba.org>
+.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@ozlabs.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
seconds (default 3).
.TP
.B ipparam \fIstring
-Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+Provides an extra parameter most of the notification scripts, most notably
+ip\-up, ip\-pre\-up, ip\-down, ipv6\-up, ipv6\-down, auth\-up and auth\-down
scripts. If this
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
Set the LCP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
+.B lcp\-rtt\-file \fIfilename
+Sets the file where the round-trip time (RTT) of LCP echo-request frames
+will be logged.
+.TP
.B linkname \fIname\fR
Sets the logical name of the link to \fIname\fR. Pppd will create a
file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some
Terminate after \fIn\fR consecutive failed connection attempts. A
value of 0 means no limit. The default value is 10.
.TP
-.B max-tls-version \fIstring
+.B max\-tls-\version \fIstring
(EAP-TLS, or PEAP) Configures the max allowed TLS version used during
negotiation with a peer. The default value for this is \fI1.2\fR. Values
allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR.
Disable Address/Control compression in both directions (send and
receive).
.TP
-.B need-peer-eap
+.B need\-peer\-eap
(EAP-TLS) Require the peer to verify our authentication credentials.
.TP
.B noauth
Currently supports Microgate SyncLink adapters
under Linux and FreeBSD 2.2.8 and later.
.TP
-.B tls-verify-method \fIstring
+.B tls\-verify\-method \fIstring
(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that
of the X509 certificates subject name, common name, or suffix of the common
name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR,
\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR.
.TP
-.B tls-verify-key-usage
+.B tls\-verify\-key\-usage
(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and
extended key usage attributes.
.TP
option may be avoided if interface name is unambiguous and does not
look like any other pppd's option.
.TP
-.B pppoe-service \fIname
+.B pppoe\-service \fIname
Connect to specified PPPoE service name. For backward compatibility also
\fBrp_pppoe_service\fP option name is supported.
.TP
-.B pppoe-ac \fIname
+.B pppoe\-ac \fIname
Connect to specified PPPoE access concentrator name. For backward
compatibility also \fBrp_pppoe_ac\fP option name is supported.
.TP
-.B pppoe-sess \fIsessid\fP:\fImacaddr
+.B pppoe\-sess \fIsessid\fP:\fImacaddr
Attach to existing PPPoE session. For backward compatibility also
\fBrp_pppoe_sess\fP option name is supported.
.TP
-.B pppoe-verbose \fIn
+.B pppoe\-verbose \fIn
Be verbose about discovered access concentrators. When set to 2 or bigger
value then dump also discovery packets. For backward compatibility also
\fBrp_pppoe_verbose\fP option name is supported.
.TP
-.B pppoe-mac \fImacaddr
+.B pppoe\-mac \fImacaddr
Connect to specified MAC address.
.TP
-.B pppoe-host-uniq \fIstring
+.B pppoe\-host\-uniq \fIstring
Set the PPPoE Host-Uniq tag to the supplied hex string.
By default PPPoE Host-Uniq tag is set to the pppd's process PID.
For backward compatibility this option may be specified without
\fBpppoe-\fP prefix.
.TP
-.B pppoe-padi-timeout \fIn
+.B pppoe\-padi\-timeout \fIn
Initial timeout for discovery packets in seconds (default 5).
.TP
-.B pppoe-padi-attempts \fIn
+.B pppoe\-padi\-attempts \fIn
Number of discovery attempts (default 3).
.SH OPTIONS FILES
Options can be taken from files as well as the command line. Pppd
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script). The scripts are
+Pppd does not wait for the scripts to finish (except for the net\-init,
+net\-pre\-up and ip\-pre\-up scripts). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
A program or script which is executed after the remote system
successfully authenticates itself. It is executed with the parameters
.IP
-\fIinterface\-name peer\-name user\-name tty\-device speed\fR
+\fIinterface\-name peer\-name user\-name tty\-device speed ipparam\fR
.IP
Note that this script is not executed if the peer doesn't authenticate
itself, for example when the \fInoauth\fR option is used.
add firewall rules before any IP traffic can pass through the
interface. Pppd will wait for this script to finish before bringing
the interface up, so this script should run quickly.
+.PP
+WARNING: Please note that on systems where a single interface carries multiple
+protocols (Linux) ip-pre-up is NOT actually guaranteed to execute prior to the
+interface moving into an up state, although IP information won't be known you
+should consider using net-pre-up instead, alternatively, disable other NCPs
+such that IPv4 is the only negotiated protocol - which will also result in a
+guarantee that ip-pre-up is called prior to the interface going into an UP
+state.
.TP
.B /etc/ppp/ip\-up
A program or script which is executed when the link is available for
longer be transmitted on the link. It is executed with the same parameters
as the ipv6\-up script.
.TP
+.B /etc/ppp/net\-init
+This script will be executed the moment the ppp unit number is known. This
+script will be waited for and should not cause significant delays. This can be
+used to update book-keeping type systems external to ppp and provides the only
+guaranteed point where a script can be executed knowing the ppp unit number
+prior to LCP being initiated. It is executed with the parameters
+.IP
+\fIinterface\-name tty\-device speed ipparam
+.TP
+.B /etc/ppp/net\-pre\-up
+This script will be executed just prior to NCP negotiations initiating, and is
+guaranteed to be executed whilst the interface (Linux) and/or sub-interfaces
+(Solaris) as the case may be is/are still down. ppp will block waiting for
+this script to complete, and the interface may be safely renamed in this script
+(using for example "ip li set dev $1 name ppp-foobar". The parameters are the
+same as for net\-init.
+.TP
+.B /etc/ppp/net\-down
+This script will be executed just prior to ppp terminating and will not be
+waited for. The parameters are the same as for net\-init.
+.TP
.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for pppd process on ppp interface unit \fIn\fR.
.TP
indicate a bug in one or other implementation.)
.SH AUTHORS
-Paul Mackerras (paulus@samba.org), based on earlier work by
+Paul Mackerras (paulus@ozlabs.org), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
.br
(412) 268-4387, fax: (412) 268-7395
.br
- tech-transfer@andrew.cmu.edu
+ tech\-transfer@andrew.cmu.edu
.LP
3b. The name(s) of the authors of this software must not be used to
endorse or promote products derived from this software without
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.br
"This product includes software developed by Paul Mackerras
- <paulus@samba.org>".
+ <paulus@ozlabs.org>".
.br
"This product includes software developed by Pedro Roque Marques
<pedro_m@yahoo.com>".