.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.84 2005/03/22 10:48:37 paulus Exp $
+.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.TP
.I ttyname
Use the serial port called \fIttyname\fR to communicate with the
-peer. The string "/dev/" is prepended to \fIttyname\fR to form the
+peer. If \fIttyname\fR does not begin with a slash (/),
+the string "/dev/" is prepended to \fIttyname\fR to form the
name of the device to open. If no device name is given, or if the
name of the terminal
connected to the standard input is given, pppd will use that terminal,
.TP
.B lock
Specifies that pppd should create a UUCP-style lock file for the
-serial device to ensure exclusive access to the device.
+serial device to ensure exclusive access to the device. By default,
+pppd will not create a lock file.
.TP
.B mru \fIn
Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd
negotiation, unless the \fIipcp\-accept\-local\fR and/or
\fIipcp\-accept\-remote\fR options are given, respectively.
.TP
+.B +ipv6
+Enable the IPv6CP and IPv6 protocols.
+.TP
.B ipv6 \fI<local_interface_identifier>\fR,\fI<remote_interface_identifier>
Set the local and/or remote 64-bit interface identifier. Either one may be
omitted. The identifier must be specified in standard ascii notation of
which have been set. This option is like the \fBdryrun\fR option
except that pppd proceeds as normal rather than exiting.
.TP
+.B enable-session
+Enables session accounting via PAM or wtwp/wtmpx, as appropriate.
+When PAM is enabled, the PAM "account" and "session" module stacks
+determine behavior, and are enabled for all PPP authentication
+protocols. When PAM is disabled, wtmp/wtmpx entries are recorded
+regardless of whether the peer name identifies a valid user on the
+local system, making peers visible in the last(1) log. This feature
+is automatically enabled when the pppd \fBlogin\fR option is used.
+Session accounting is disabled by default.
+.TP
.B endpoint \fI<epdisc>
Sets the endpoint discriminator sent by the local machine to the peer
during multilink negotiation to \fI<epdisc>\fR. The default is to use
seconds (default 3).
.TP
.B ipparam \fIstring
-Provides an extra parameter to the ip\-up and ip\-down scripts. If this
+Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+scripts. If this
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
.TP
+.B ipv6cp\-accept\-local
+With this option, pppd will accept the peer's idea of our local IPv6
+interface identifier, even if the local IPv6 interface identifier
+was specified in an option.
+.TP
.B ipv6cp\-max\-configure \fIn
Set the maximum number of IPv6CP configure-request transmissions to
\fIn\fR (default 10).
.B local
Don't use the modem control lines. With this option, pppd will ignore
the state of the CD (Carrier Detect) signal from the modem and will
-not change the state of the DTR (Data Terminal Ready) signal.
+not change the state of the DTR (Data Terminal Ready) signal. This is
+the opposite of the \fBmodem\fR option.
.TP
.B logfd \fIn
Send log messages to file descriptor \fIn\fR. Pppd will send log
Use the system password database for authenticating the peer using
PAP, and record the user in the system wtmp file. Note that the peer
must have an entry in the /etc/ppp/pap\-secrets file as well as the
-system password database to be allowed access.
+system password database to be allowed access. See also the
+\fBenable\-session\fR option.
.TP
.B maxconnect \fIn
Terminate the connection when it has been available for network
script is specified), and it will drop the DTR (Data Terminal Ready)
signal briefly when the connection is terminated and before executing
the connect script. On Ultrix, this option implies hardware flow
-control, as for the \fIcrtscts\fR option.
+control, as for the \fIcrtscts\fR option. This is the opposite of the
+\fBlocal\fR option.
.TP
.B mp
Enables the use of PPP multilink; this is an alias for the `multilink'
Opposite of the \fIktune\fR option; disables pppd from changing system
settings.
.TP
+.B nolock
+Opposite of the \fIlock\fR option; specifies that pppd should not
+create a UUCP-style lock file for the serial device. This option is
+privileged.
+.TP
.B nolog
Do not send log messages to a file or file descriptor. This option
cancels the \fBlogfd\fR and \fBlogfile\fR options.
wishes to prevent users from creating proxy ARP entries with pppd can
do so by placing this option in the /etc/ppp/options file.
.TP
+.B noremoteip
+Allow pppd to operate without having an IP address for the peer. This
+option is only available under Linux. Normally, pppd will request the
+peer's IP address, and if the peer does not supply it, pppd will not
+bring up the link for IP traffic. With this option, if the peer does
+not supply its IP address, pppd will not ask the peer for it, and will
+not set the destination address of the ppp interface. In this
+situation, the ppp interface can be used for routing by creating
+device routes, but the peer itself cannot be addressed directly for IP
+traffic.
+.TP
.B notty
Normally, pppd requires a terminal device. With this option, pppd
will allocate itself a pseudo-tty master/slave pair and use the slave
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish. The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up
+script). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
/etc/ppp/auth\-up was previously executed. It is executed in the same
manner with the same parameters as /etc/ppp/auth\-up.
.TP
+.B /etc/ppp/ip\-pre\-up
+A program or script which is executed just before the ppp network
+interface is brought up. It is executed with the same parameters as
+the ip\-up script (below). At this point the interface exists and has
+IP addresses assigned but is still down. This can be used to
+add firewall rules before any IP traffic can pass through the
+interface. Pppd will wait for this script to finish before bringing
+the interface up, so this script should run quickly.
+.TP
.B /etc/ppp/ip\-up
A program or script which is executed when the link is available for
sending and receiving IP packets (that is, IPCP has come up). It is
.B /etc/ppp/ip\-down
A program or script which is executed when the link is no longer
available for sending and receiving IP packets. This script can be
-used for undoing the effects of the /etc/ppp/ip\-up script. It is
+used for undoing the effects of the /etc/ppp/ip\-up and
+/etc/ppp/ip\-pre\-up scripts. It is
invoked in the same manner and with the same parameters as the ip\-up
script.
.TP
permit non-privileged users to dial out without requiring the peer to
authenticate, but only to certain trusted peers.
.SH SEE ALSO
+.BR chat (8),
+.BR pppstats (8)
.TP
.B RFC1144
Jacobson, V.
.TP
.B SIGINT, SIGTERM
These signals cause pppd to terminate the link (by closing LCP),
-restore the serial device settings, and exit.
+restore the serial device settings, and exit. If a connector or
+disconnector process is currently running, pppd will send the same
+signal to its process group, so as to terminate the connector or
+disconnector process.
.TP
.B SIGHUP
This signal causes pppd to terminate the link, restore the serial
serial device and start another connection (after the holdoff period).
Otherwise pppd will exit. If this signal is received during the
holdoff period, it causes pppd to end the holdoff period immediately.
+If a connector or disconnector process is running, pppd will send the
+same signal to its process group.
.TP
.B SIGUSR1
This signal toggles the state of the \fIdebug\fR option.