.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.58 2001/05/23 02:28:42 paulus Exp $
+.\" $Id: pppd.8,v 1.66 2002/10/10 05:47:34 fcusack Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
in the expression from being interpreted by the shell. This option
-is currently only available under NetBSD, and then only
+is currently only available under NetBSD or Linux, and then only
if both the kernel and pppd were compiled with PPP_FILTER defined.
.TP
.B allow-ip \fIaddress(es)
element of the list of allowed IP addresses in the secrets files (see
the AUTHENTICATION section below).
.TP
+.B allow-number \fInumber
+Allow peers to connect from the given telephone number. A trailing
+`*' character will match all numbers beginning with the leading part.
+.TP
.B bsdcomp \fInr,nt
Request that the peer compress packets that it sends, using the
BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and
Enables the use of PPP multilink; this is an alias for the `multilink'
option. This option is currently only available under Linux.
.TP
+.B mppe-stateful
+Allow MPPE to use stateful mode. Stateless mode is still attempted first.
+The default is to disallow stateful mode.
+.TP
.B mpshortseq
Enables the use of short (12-bit) sequence numbers in multilink
headers, as opposed to 24-bit sequence numbers. This option is only
Disables the use of PPP multilink. This option is currently only
available under Linux.
.TP
+.B nomppe
+Disables MPPE (Microsoft Point to Point Encryption). This is the default.
+.TP
+.B nomppe-40
+Disable 40\-bit encryption with MPPE.
+.TP
+.B nomppe-128
+Disable 128\-bit encryption with MPPE.
+.TP
+.B nomppe-stateful
+Disable MPPE stateful mode. This is the default.
+.TP
.B nompshortseq
Disables the use of short (12-bit) sequence numbers in the PPP
multilink protocol, forcing the use of 24-bit sequence numbers. This
.TP
.B persist
Do not exit after a connection is terminated; instead try to reopen
-the connection.
+the connection. The \fBmaxfail\fR option still has an effect on
+persistent connections.
.TP
.B plugin \fIfilename
Load the shared library object file \fIfilename\fR as a plugin. This
Set the assumed name of the remote system for authentication purposes
to \fIname\fR.
.TP
+.B remotenumber \fInumber
+Set the assumed telephone number of the remote system for authentication
+purposes to \fInumber\fR.
+.TP
.B refuse-chap
With this option, pppd will not agree to authenticate itself to the
peer using CHAP.
.TP
+.B refuse-mschap
+With this option, pppd will not agree to authenticate itself to the
+peer using MS-CHAP.
+.TP
+.B refuse-mschap-v2
+With this option, pppd will not agree to authenticate itself to the
+peer using MS-CHAPv2.
+.TP
.B refuse-pap
With this option, pppd will not agree to authenticate itself to the
peer using PAP.
Require the peer to authenticate itself using CHAP [Challenge
Handshake Authentication Protocol] authentication.
.TP
+.B require-mppe
+Require the use of MPPE (Microsoft Point to Point Encryption). This
+option disables all other compression types. This option enables
+both 40\-bit and 128\-bit encryption. In order for MPPE to successfully
+come up, you must have authenticated with either MS-CHAP or MS-CHAPv2.
+This option is presently only supported under Linux, and only if your
+kernel has been configured to include MPPE support.
+.TP
+.B require-mppe-40
+Require the use of MPPE, with 40\-bit encryption.
+.TP
+.B require-mppe-128
+Require the use of MPPE, with 128\-bit encryption.
+.TP
+.B require-mschap
+Require the peer to authenticate itself using MS-CHAP [Microsft Challenge
+Handshake Authentication Protocol] authentication.
+.TP
+.B require-mschap-v2
+Require the peer to authenticate itself using MS-CHAPv2 [Microsft Challenge
+Handshake Authentication Protocol, Version 2] authentication.
+.TP
.B require-pap
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
if it has no secrets which could be used to do so.
.LP
Pppd stores secrets for use in authentication in secrets
-files (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for CHAP).
+files (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for
+CHAP/MS-CHAP/MS-CHAPv2).
Both secrets files have the same format. The secrets files can
contain secrets for pppd to use in authenticating itself to other
systems, as well as secrets for pppd to use when authenticating other
.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for pppd process on ppp interface unit \fIn\fR.
.TP
-.B /var/run/ppp-\fIname\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp-\fIname\fB.pid \fR(others)
+.B /var/run/ppp-\fIname\fB.pid \fR(BSD or Linux),
+\fB/etc/ppp/ppp-\fIname\fB.pid \fR(others)
Process-ID for pppd process for logical link \fIname\fR (see the
\fIlinkname\fR option).
.TP
user. Pppd will log a warning if this is not the case.
.TP
.B /etc/ppp/chap-secrets
-Names, secrets and IP addresses for CHAP authentication. As for
-/etc/ppp/pap-secrets, this file should be owned by root and not
+Names, secrets and IP addresses for CHAP/MS-CHAP/MS-CHAPv2 authentication.
+As for /etc/ppp/pap-secrets, this file should be owned by root and not
readable or writable by any other user. Pppd will log a warning if
this is not the case.
.TP