.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.70 2003/03/25 09:33:32 fcusack Exp $
+.\" $Id: pppd.8,v 1.86 2005/08/26 00:06:35 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.\" IP indented paragraph
.\" TP hanging label
+.\"
+.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@samba.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THIS SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
.TH PPPD 8
.SH NAME
-pppd \- Point to Point Protocol daemon
+pppd \- Point-to-Point Protocol Daemon
.SH SYNOPSIS
.B pppd
[
-.I tty_name
-] [
-.I speed
-] [
.I options
]
.SH DESCRIPTION
.LP
-The Point-to-Point Protocol (PPP) provides a method for transmitting
-datagrams over serial point-to-point links. PPP
-is composed of three parts: a method for encapsulating datagrams over
-serial links, an extensible Link Control Protocol (LCP), and
-a family of Network Control Protocols (NCP) for establishing
-and configuring different network-layer protocols.
-.LP
-The encapsulation scheme is provided by driver code in the kernel.
-Pppd provides the basic LCP, authentication support, and an NCP for
-establishing and configuring the Internet Protocol (IP) (called the IP
-Control Protocol, IPCP).
+PPP is the protocol used for establishing internet links over dial-up
+modems, DSL connections, and many other types of point-to-point
+links. The \fIpppd\fR daemon works together with the kernel PPP
+driver to establish and maintain a PPP link with another system
+(called the \fIpeer\fR) and to negotiate Internet Protocol (IP)
+addresses for each end of the link. Pppd can also authenticate the
+peer and/or supply authentication information to the peer. PPP can be
+used with other network protocols besides IP, but such use is becoming
+increasingly rare.
.SH FREQUENTLY USED OPTIONS
.TP
-.I <tty_name>
-Communicate over the named device. The string "/dev/" is prepended if
-necessary. If no device name is given, or if the name of the terminal
+.I ttyname
+Use the serial port called \fIttyname\fR to communicate with the
+peer. If \fIttyname\fR does not begin with a slash (/),
+the string "/dev/" is prepended to \fIttyname\fR to form the
+name of the device to open. If no device name is given, or if the
+name of the terminal
connected to the standard input is given, pppd will use that terminal,
and will not fork to put itself in the background. A value for this
option from a privileged source cannot be overridden by a
non-privileged user.
.TP
-.I <speed>
-Set the baud rate to <speed> (a decimal number). On systems such as
+.I speed
+An option that is a decimal number is taken as the desired baud rate
+for the serial device. On systems such as
4.4BSD and NetBSD, any speed can be specified. Other systems
-(e.g. SunOS) allow only a limited set of speeds.
-.TP
-.B asyncmap \fI<map>
-Set the async character map to <map>. This map describes which
-control characters cannot be successfully received over the serial
-line. Pppd will ask the peer to send these characters as a 2-byte
-escape sequence. The argument is a 32 bit hex number with each bit
-representing a character to escape. Bit 0 (00000001) represents the
-character 0x00; bit 31 (80000000) represents the character 0x1f or ^_.
+(e.g. Linux, SunOS) only support the commonly-used baud rates.
+.TP
+.B asyncmap \fImap
+This option sets the Async-Control-Character-Map (ACCM) for this end
+of the link. The ACCM is a set of 32 bits, one for each of the
+ASCII control characters with values from 0 to 31, where a 1 bit
+indicates that the corresponding control character should not be used
+in PPP packets sent to this system. The map is encoded as a
+hexadecimal number (without a leading 0x) where the least significant
+bit (00000001) represents character 0 and the most significant bit
+(80000000) represents character 31.
+Pppd will ask the peer to send these characters as a 2-byte
+escape sequence.
If multiple \fIasyncmap\fR options are given, the values are ORed
-together. If no \fIasyncmap\fR option is given, no async character
-map will be negotiated for the receive direction; the peer should then
-escape \fIall\fR control characters. To escape transmitted
-characters, use the \fIescape\fR option.
+together. If no \fIasyncmap\fR option is given, the default is zero,
+so pppd will ask the peer not to escape any control characters.
+To escape transmitted characters, use the \fIescape\fR option.
.TP
.B auth
Require the peer to authenticate itself before allowing network
IP addresses to which the system does not already have a route.
.TP
.B call \fIname
-Read options from the file /etc/ppp/peers/\fIname\fR. This file may
-contain privileged options, such as \fInoauth\fR, even if pppd
+Read additional options from the file /etc/ppp/peers/\fIname\fR. This
+file may contain privileged options, such as \fInoauth\fR, even if pppd
is not being run by root. The \fIname\fR string may not begin with /
or include .. as a pathname component. The format of the options file
is described below.
.TP
.B connect \fIscript
-Use the executable or shell command specified by \fIscript\fR to set
-up the serial line. This script would typically use the chat(8)
-program to dial the modem and start the remote ppp session. A value
+Usually there is something which needs to be done to prepare the link
+before the PPP protocol can be started; for instance, with a dial-up
+modem, commands need to be sent to the modem to dial the appropriate
+phone number. This option specifies an command for pppd to execute
+(by passing it to a shell) before attempting to start PPP negotiation.
+The chat (8) program is often useful here, as it provides a way to
+send arbitrary strings to a modem and respond to received characters.
+A value
for this option from a privileged source cannot be overridden by a
non-privileged user.
.TP
.B crtscts
-Use hardware flow control (i.e. RTS/CTS) to control the flow of
-data on the serial port. If neither the \fIcrtscts\fR, the
+Specifies that pppd should set the serial port to use hardware flow
+control using the RTS and CTS signals in the RS-232 interface.
+If neither the \fIcrtscts\fR, the
\fInocrtscts\fR, the \fIcdtrcts\fR nor the \fInocdtrcts\fR option
is given, the hardware flow control setting for the serial port is
left unchanged.
RTS output. Such serial ports use this mode to implement
unidirectional flow control. The serial port will
suspend transmission when requested by the modem (via CTS)
-but will be unable to request the modem stop sending to the
+but will be unable to request the modem to stop sending to the
computer. This mode retains the ability to use DTR as
a modem control line.
.TP
is privileged if the \fInodefaultroute\fR option has been specified.
.TP
.B disconnect \fIscript
-Run the executable or shell command specified by \fIscript\fR after
-pppd has terminated the link. This script could, for example, issue
+Execute the command specified by \fIscript\fR, by passing it to a
+shell, after
+pppd has terminated the link. This command could, for example, issue
commands to the modem to cause it to hang up if hardware modem control
signals were not available. The disconnect script is not run if the
modem has already hung up. A value for this option from a privileged
The file must be readable by the user who has invoked pppd.
.TP
.B init \fIscript
-Run the executable or shell command specified by \fIscript\fR to
+Execute the command specified by \fIscript\fR, by passing it to a shell, to
initialize the serial line. This script would typically use the
chat(8) program to configure the modem to enable auto answer. A value
for this option from a privileged source cannot be overridden by a
.TP
.B mru \fIn
Set the MRU [Maximum Receive Unit] value to \fIn\fR. Pppd
-will ask the peer to send packets of no more than \fIn\fR bytes. The
-minimum MRU value is 128. The default MRU value is 1500. A value of
-296 is recommended for slow links (40 bytes for TCP/IP header + 256
-bytes of data). (Note that for IPv6 MRU must be at least 1280)
+will ask the peer to send packets of no more than \fIn\fR bytes.
+The value of \fIn\fR must be between 128 and 16384; the default is 1500.
+A value of
+296 works well on very slow links (40 bytes for TCP/IP header + 256
+bytes of data).
+Note that for the IPv6 protocol, the MRU must be at least 1280.
.TP
.B mtu \fIn
Set the MTU [Maximum Transmit Unit] value to \fIn\fR. Unless the
peer requests a smaller value via MRU negotiation, pppd will
request that the kernel networking code send data packets of no more
-than \fIn\fR bytes through the PPP network interface. (Note that for
-IPv6 MTU must be at least 1280)
+than \fIn\fR bytes through the PPP network interface. Note that for
+the IPv6 protocol, the MTU must be at least 1280.
.TP
.B passive
Enables the "passive" option in the LCP. With this option, pppd will
not required. If a local and/or remote IP address is specified with
this option, pppd
will not accept a different value from the peer in the IPCP
-negotiation, unless the \fIipcp-accept-local\fR and/or
-\fIipcp-accept-remote\fR options are given, respectively.
+negotiation, unless the \fIipcp\-accept\-local\fR and/or
+\fIipcp\-accept\-remote\fR options are given, respectively.
.TP
.B ipv6 \fI<local_interface_identifier>\fR,\fI<remote_interface_identifier>
Set the local and/or remote 64-bit interface identifier. Either one may be
omitted. The identifier must be specified in standard ascii notation of
IPv6 addresses (e.g. ::dead:beef). If the
-\fIipv6cp-use-ipaddr\fR
+\fIipv6cp\-use\-ipaddr\fR
option is given, the local identifier is the local IPv4 address (see above).
-On systems which supports a unique persistent id, such as EUI-48 derived
-from the Ethernet MAC address, \fIipv6cp-use-persistent\fR option can be
+On systems which supports a unique persistent id, such as EUI\-48 derived
+from the Ethernet MAC address, \fIipv6cp\-use\-persistent\fR option can be
used to replace the \fIipv6 <local>,<remote>\fR option. Otherwise the
identifier is randomized.
.TP
-.B active-filter \fIfilter-expression
+.B active\-filter \fIfilter\-expression
Specifies a packet filter to be applied to data packets to determine
which packets are to be regarded as link activity, and therefore reset
the idle timer, or cause the link to be brought up in demand-dialling
\fBidle\fR option if there are packets being sent or received
regularly over the link (for example, routing information packets)
which would otherwise prevent the link from ever appearing to be idle.
-The \fIfilter-expression\fR syntax is as described for tcpdump(1),
+The \fIfilter\-expression\fR syntax is as described for tcpdump(1),
except that qualifiers which are inappropriate for a PPP link, such as
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
in the expression from being interpreted by the shell. This option
-is currently only available under NetBSD or Linux, and then only
-if both the kernel and pppd were compiled with PPP_FILTER defined.
+is currently only available under Linux, and requires that the kernel
+was configured to include PPP filtering support (CONFIG_PPP_FILTER).
+Note that it
+is possible to apply different constraints to incoming and outgoing
+packets using the \fBinbound\fR and \fBoutbound\fR qualifiers.
.TP
-.B allow-ip \fIaddress(es)
+.B allow\-ip \fIaddress(es)
Allow peers to use the given IP address or subnet without
authenticating themselves. The parameter is parsed as for each
element of the list of allowed IP addresses in the secrets files (see
the AUTHENTICATION section below).
.TP
-.B allow-number \fInumber
+.B allow\-number \fInumber
Allow peers to connect from the given telephone number. A trailing
`*' character will match all numbers beginning with the leading part.
.TP
bi-directional flow control. The sacrifice is that this flow
control mode does not permit using DTR as a modem control line.
.TP
-.B chap-interval \fIn
+.B chap\-interval \fIn
If this option is given, pppd will rechallenge the peer every \fIn\fR
seconds.
.TP
-.B chap-max-challenge \fIn
+.B chap\-max\-challenge \fIn
Set the maximum number of CHAP challenge transmissions to \fIn\fR
(default 10).
.TP
-.B chap-restart \fIn
+.B chap\-restart \fIn
Set the CHAP restart interval (retransmission timeout for challenges)
to \fIn\fR seconds (default 3).
.TP
-.B connect-delay \fIn
-Wait for up \fIn\fR milliseconds after the connect script finishes for
+.B child\-timeout \fIn
+When exiting, wait for up to \fIn\fR seconds for any child processes
+(such as the command specified with the \fBpty\fR command) to exit
+before exiting. At the end of the timeout, pppd will send a SIGTERM
+signal to any remaining child processes and exit. A value of 0 means
+no timeout, that is, pppd will wait until all child processes have
+exited.
+.TP
+.B connect\-delay \fIn
+Wait for up to \fIn\fR milliseconds after the connect script finishes for
a valid PPP packet from the peer. At the end of this time, or when a
valid PPP packet is received from the peer, pppd will commence
negotiation by sending its first LCP packet. The default value is
\fIdebug\fR. This information can be directed to a file by setting up
/etc/syslog.conf appropriately (see syslog.conf(5)).
.TP
-.B default-asyncmap
+.B default\-asyncmap
Disable asyncmap negotiation, forcing all control characters to be
escaped for both the transmit and the receive direction.
.TP
-.B default-mru
+.B default\-mru
Disable MRU [Maximum Receive Unit] negotiation. With this option,
pppd will use the default MRU value of 1500 bytes for both the
transmit and receive direction.
network interface. This option is currently only available under
Linux.
.TP
-.B eap-interval \fIn
+.B eap\-interval \fIn
If this option is given and pppd authenticates the peer with EAP
(i.e., is the server), pppd will restart EAP authentication every
-\fIn\fR seconds. For EAP SRP-SHA1, see also the \fBsrp-interval\fR
+\fIn\fR seconds. For EAP SRP\-SHA1, see also the \fBsrp\-interval\fR
option, which enables lightweight rechallenge.
.TP
-.B eap-max-rreq \fIn
+.B eap\-max\-rreq \fIn
Set the maximum number of EAP Requests to which pppd will respond (as
a client) without hearing EAP Success or Failure. (Default is 20.)
.TP
-.B eap-max-sreq \fIn
+.B eap\-max\-sreq \fIn
Set the maximum number of EAP Requests that pppd will issue (as a
server) while attempting authentication. (Default is 10.)
.TP
-.B eap-restart \fIn
+.B eap\-restart \fIn
Set the retransmit timeout for EAP Requests when acting as a server
(authenticator). (Default is 3 seconds.)
.TP
-.B eap-timeout \fIn
+.B eap\-timeout \fIn
Set the maximum time to wait for the peer to send an EAP Request when
acting as a client (authenticatee). (Default is 20 seconds.)
.TP
-.B hide-password
+.B hide\-password
When logging the contents of PAP packets, this option causes pppd to
exclude the password string from the log. This is the default.
.TP
seconds. The link is idle when no data packets (i.e. IP packets) are
being sent or received. Note: it is not advisable to use this option
with the \fIpersist\fR option without the \fIdemand\fR option.
-If the \fBactive-filter\fR
+If the \fBactive\-filter\fR
option is given, data packets which are rejected by the specified
activity filter also count as the link being idle.
.TP
-.B ipcp-accept-local
+.B ipcp\-accept\-local
With this option, pppd will accept the peer's idea of our local IP
address, even if the local IP address was specified in an option.
.TP
-.B ipcp-accept-remote
+.B ipcp\-accept\-remote
With this option, pppd will accept the peer's idea of its (remote) IP
address, even if the remote IP address was specified in an option.
.TP
-.B ipcp-max-configure \fIn
+.B ipcp\-max\-configure \fIn
Set the maximum number of IPCP configure-request transmissions to
\fIn\fR (default 10).
.TP
-.B ipcp-max-failure \fIn
+.B ipcp\-max\-failure \fIn
Set the maximum number of IPCP configure-NAKs returned before starting
to send configure-Rejects instead to \fIn\fR (default 10).
.TP
-.B ipcp-max-terminate \fIn
+.B ipcp\-max\-terminate \fIn
Set the maximum number of IPCP terminate-request transmissions to
\fIn\fR (default 3).
.TP
-.B ipcp-restart \fIn
+.B ipcp\-restart \fIn
Set the IPCP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
.B ipparam \fIstring
-Provides an extra parameter to the ip-up and ip-down scripts. If this
+Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+scripts. If this
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
.TP
-.B ipv6cp-max-configure \fIn
+.B ipv6cp\-max\-configure \fIn
Set the maximum number of IPv6CP configure-request transmissions to
\fIn\fR (default 10).
.TP
-.B ipv6cp-max-failure \fIn
+.B ipv6cp\-max\-failure \fIn
Set the maximum number of IPv6CP configure-NAKs returned before starting
to send configure-Rejects instead to \fIn\fR (default 10).
.TP
-.B ipv6cp-max-terminate \fIn
+.B ipv6cp\-max\-terminate \fIn
Set the maximum number of IPv6CP terminate-request transmissions to
\fIn\fR (default 3).
.TP
-.B ipv6cp-restart \fIn
+.B ipv6cp\-restart \fIn
Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
supported under Linux, and only if your kernel has been configured to
include IPX support.
.TP
-.B ipx-network \fIn
+.B ipx\-network \fIn
Set the IPX network number in the IPXCP configure request frame to
\fIn\fR, a hexadecimal number (without a leading 0x). There is no
valid default. If this option is not specified, the network number is
obtained from the peer. If the peer does not have the network number,
the IPX protocol will not be started.
.TP
-.B ipx-node \fIn\fB:\fIm
+.B ipx\-node \fIn\fB:\fIm
Set the IPX node numbers. The two node numbers are separated from each
other with a colon character. The first number \fIn\fR is the local
node number. The second number \fIm\fR is the peer's node number. Each
node number is a hexadecimal number, at most 10 digits long. The node
-numbers on the ipx-network must be unique. There is no valid
+numbers on the ipx\-network must be unique. There is no valid
default. If this option is not specified then the node numbers are
obtained from the peer.
.TP
-.B ipx-router-name \fI<string>
+.B ipx\-router\-name \fI<string>
Set the name of the router. This is a string and is sent to the peer
as information data.
.TP
-.B ipx-routing \fIn
+.B ipx\-routing \fIn
Set the routing protocol to be received by this option. More than one
-instance of \fIipx-routing\fR may be specified. The '\fInone\fR'
-option (0) may be specified as the only instance of ipx-routing. The
+instance of \fIipx\-routing\fR may be specified. The '\fInone\fR'
+option (0) may be specified as the only instance of ipx\-routing. The
values may be \fI0\fR for \fINONE\fR, \fI2\fR for \fIRIP/SAP\fR, and
\fI4\fR for \fINLSP\fR.
.TP
-.B ipxcp-accept-local
-Accept the peer's NAK for the node number specified in the ipx-node
+.B ipxcp\-accept\-local
+Accept the peer's NAK for the node number specified in the ipx\-node
option. If a node number was specified, and non-zero, the default is
to insist that the value be used. If you include this option then you
will permit the peer to override the entry of the node number.
.TP
-.B ipxcp-accept-network
+.B ipxcp\-accept\-network
Accept the peer's NAK for the network number specified in the
-ipx-network option. If a network number was specified, and non-zero, the
+ipx\-network option. If a network number was specified, and non-zero, the
default is to insist that the value be used. If you include this
option then you will permit the peer to override the entry of the node
number.
.TP
-.B ipxcp-accept-remote
+.B ipxcp\-accept\-remote
Use the peer's network number specified in the configure request
frame. If a node number was specified for the peer and this option was
not specified, the peer will be forced to use the value which you have
specified.
.TP
-.B ipxcp-max-configure \fIn
+.B ipxcp\-max\-configure \fIn
Set the maximum number of IPXCP configure request frames which the
system will send to \fIn\fR. The default is 10.
.TP
-.B ipxcp-max-failure \fIn
+.B ipxcp\-max\-failure \fIn
Set the maximum number of IPXCP NAK frames which the local system will
send before it rejects the options. The default value is 3.
.TP
-.B ipxcp-max-terminate \fIn
+.B ipxcp\-max\-terminate \fIn
Set the maximum nuber of IPXCP terminate request frames before the
local system considers that the peer is not listening to them. The
default value is 3.
dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to
1) in demand mode if the local address changes.
.TP
-.B lcp-echo-failure \fIn
+.B lcp\-echo\-failure \fIn
If this option is given, pppd will presume the peer to be dead
-if \fIn\fR LCP echo-requests are sent without receiving a valid LCP
-echo-reply. If this happens, pppd will terminate the
+if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP
+echo\-reply. If this happens, pppd will terminate the
connection. Use of this option requires a non-zero value for the
-\fIlcp-echo-interval\fR parameter. This option can be used to enable
+\fIlcp\-echo\-interval\fR parameter. This option can be used to enable
pppd to terminate after the physical connection has been broken
(e.g., the modem has hung up) in situations where no hardware modem
control lines are available.
.TP
-.B lcp-echo-interval \fIn
-If this option is given, pppd will send an LCP echo-request frame to
+.B lcp\-echo\-interval \fIn
+If this option is given, pppd will send an LCP echo\-request frame to
the peer every \fIn\fR seconds. Normally the peer should respond to
-the echo-request by sending an echo-reply. This option can be used
-with the \fIlcp-echo-failure\fR option to detect that the peer is no
+the echo\-request by sending an echo\-reply. This option can be used
+with the \fIlcp\-echo\-failure\fR option to detect that the peer is no
longer connected.
.TP
-.B lcp-max-configure \fIn
+.B lcp\-max\-configure \fIn
Set the maximum number of LCP configure-request transmissions to
\fIn\fR (default 10).
.TP
-.B lcp-max-failure \fIn
+.B lcp\-max\-failure \fIn
Set the maximum number of LCP configure-NAKs returned before starting
to send configure-Rejects instead to \fIn\fR (default 10).
.TP
-.B lcp-max-terminate \fIn
+.B lcp\-max\-terminate \fIn
Set the maximum number of LCP terminate-request transmissions to
\fIn\fR (default 3).
.TP
-.B lcp-restart \fIn
+.B lcp\-restart \fIn
Set the LCP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
.B linkname \fIname\fR
Sets the logical name of the link to \fIname\fR. Pppd will create a
-file named \fBppp-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some
+file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some
systems) containing its process ID. This can be useful in determining
which instance of pppd is responsible for the link to a given peer
system. This is a privileged option.
.B local
Don't use the modem control lines. With this option, pppd will ignore
the state of the CD (Carrier Detect) signal from the modem and will
-not change the state of the DTR (Data Terminal Ready) signal.
+not change the state of the DTR (Data Terminal Ready) signal. This is
+the opposite of the \fBmodem\fR option.
.TP
.B logfd \fIn
Send log messages to file descriptor \fIn\fR. Pppd will send log
.B login
Use the system password database for authenticating the peer using
PAP, and record the user in the system wtmp file. Note that the peer
-must have an entry in the /etc/ppp/pap-secrets file as well as the
+must have an entry in the /etc/ppp/pap\-secrets file as well as the
system password database to be allowed access.
.TP
.B maxconnect \fIn
script is specified), and it will drop the DTR (Data Terminal Ready)
signal briefly when the connection is terminated and before executing
the connect script. On Ultrix, this option implies hardware flow
-control, as for the \fIcrtscts\fR option.
+control, as for the \fIcrtscts\fR option. This is the opposite of the
+\fBlocal\fR option.
.TP
.B mp
Enables the use of PPP multilink; this is an alias for the `multilink'
option. This option is currently only available under Linux.
.TP
-.B mppe-stateful
+.B mppe\-stateful
Allow MPPE to use stateful mode. Stateless mode is still attempted first.
The default is to disallow stateful mode.
.TP
currently only available under Linux, and only has any effect if
multilink is enabled (see the multilink option).
.TP
-.B ms-dns \fI<addr>
If pppd is acting as a server for Microsoft Windows clients, this
option allows pppd to supply one or two DNS (Domain Name Server)
addresses to the clients. The first instance of this option specifies
the primary DNS address; the second instance (if given) specifies the
secondary DNS address. (This option was present in some older
-versions of pppd under the name \fBdns-addr\fR.)
+versions of pppd under the name \fBdns\-addr\fR.)
.TP
-.B ms-wins \fI<addr>
If pppd is acting as a server for Microsoft Windows or "Samba"
clients, this option allows pppd to supply one or two WINS (Windows
Internet Name Services) server addresses to the clients. The first
local system to the peer. (Note that pppd does not append the domain
name to \fIname\fR.)
.TP
-.B netmask \fIn
-Set the interface netmask to \fIn\fR, a 32 bit netmask in "decimal dot"
-notation (e.g. 255.255.255.0). If this option is given, the value
-specified is ORed with the default netmask. The default netmask is
-chosen based on the negotiated remote IP address; it is the
-appropriate network mask for the class of the remote IP address, ORed
-with the netmasks for any non point-to-point network interfaces in the
-system which are on the same network. (Note: on some platforms, pppd
-will always use 255.255.255.255 for the netmask, if that is the only
-appropriate value for a point-to-point interface.)
-.TP
.B noaccomp
Disable Address/Control compression in both directions (send and
receive).
.B nomppe
Disables MPPE (Microsoft Point to Point Encryption). This is the default.
.TP
-.B nomppe-40
-Disable 40\-bit encryption with MPPE.
+.B nomppe\-40
+Disable 40-bit encryption with MPPE.
.TP
-.B nomppe-128
-Disable 128\-bit encryption with MPPE.
+.B nomppe\-128
+Disable 128-bit encryption with MPPE.
.TP
-.B nomppe-stateful
+.B nomppe\-stateful
Disable MPPE stateful mode. This is the default.
.TP
.B nompshortseq
specified.
.TP
.B nopredictor1
-Do not accept or agree to Predictor-1 compression.
+Do not accept or agree to Predictor\-1 compression.
.TP
.B noproxyarp
Disable the \fIproxyarp\fR option. The system administrator who
ask the peer to do so.
.TP
.B papcrypt
-Indicates that all secrets in the /etc/ppp/pap-secrets file which are
+Indicates that all secrets in the /etc/ppp/pap\-secrets file which are
used for checking the identity of the peer are encrypted, and thus
pppd should not accept a password which, before encryption, is
-identical to the secret from the /etc/ppp/pap-secrets file.
+identical to the secret from the /etc/ppp/pap\-secrets file.
.TP
-.B pap-max-authreq \fIn
+.B pap\-max\-authreq \fIn
Set the maximum number of PAP authenticate-request transmissions to
\fIn\fR (default 10).
.TP
-.B pap-restart \fIn
+.B pap\-restart \fIn
Set the PAP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
-.B pap-timeout \fIn
+.B pap\-timeout \fIn
Set the maximum time that pppd will wait for the peer to authenticate
itself with PAP to \fIn\fR seconds (0 means no limit).
.TP
-.B pass-filter \fIfilter-expression
+.B pass\-filter \fIfilter\-expression
Specifies a packet filter to applied to data packets being sent or
received to determine which packets should be allowed to pass.
Packets which are rejected by the filter are silently discarded. This
option can be used to prevent specific network daemons (such as
-routed) using up link bandwidth, or to provide a basic firewall
+routed) using up link bandwidth, or to provide a very basic firewall
capability.
-The \fIfilter-expression\fR syntax is as described for tcpdump(1),
+The \fIfilter\-expression\fR syntax is as described for tcpdump(1),
except that qualifiers which are inappropriate for a PPP link, such as
\fBether\fR and \fBarp\fR, are not permitted. Generally the filter
expression should be enclosed in single-quotes to prevent whitespace
in the expression from being interpreted by the shell. Note that it
is possible to apply different constraints to incoming and outgoing
packets using the \fBinbound\fR and \fBoutbound\fR qualifiers. This
-option is currently only available under NetBSD or Linux, and then
-only if both the kernel and pppd were compiled with PPP_FILTER defined.
+option is currently only available under Linux, and requires that the
+kernel was configured to include PPP filtering support (CONFIG_PPP_FILTER).
+.TP
+.B password \fIpassword\-string
+Specifies the password to use for authenticating to the peer. Use
+of this option is discouraged, as the password is likely to be visible
+to other users on the system (for example, by using ps(1)).
.TP
.B persist
Do not exit after a connection is terminated; instead try to reopen
if requested. This option has no effect unless the kernel driver
supports Predictor-1 compression.
.TP
-.B privgroup \fIgroup-name
-Allows members of group \fIgroup-name\fR to use privileged options.
+.B privgroup \fIgroup\-name
+Allows members of group \fIgroup\-name\fR to use privileged options.
This is a privileged option. Use of this option requires care as
-there is no guarantee that members of \fIgroup-name\fR cannot use pppd
+there is no guarantee that members of \fIgroup\-name\fR cannot use pppd
to become root themselves. Consider it equivalent to putting the
-members of \fIgroup-name\fR in the kmem or disk group.
+members of \fIgroup\-name\fR in the kmem or disk group.
.TP
.B proxyarp
Add an entry to this system's ARP [Address Resolution Protocol] table
\fIrecord\fR option is used in conjuction with the \fIpty\fR option,
the child process will have pipes on its standard input and output.)
.TP
-.B receive-all
+.B receive\-all
With this option, pppd will accept all control characters from the
peer, including those marked in the receive asyncmap. Without this
option, pppd will discard those characters as specified in RFC1662.
Set the assumed telephone number of the remote system for authentication
purposes to \fInumber\fR.
.TP
-.B refuse-chap
+.B refuse\-chap
With this option, pppd will not agree to authenticate itself to the
peer using CHAP.
.TP
-.B refuse-mschap
+.B refuse\-mschap
With this option, pppd will not agree to authenticate itself to the
-peer using MS-CHAP.
+peer using MS\-CHAP.
.TP
-.B refuse-mschap-v2
+.B refuse\-mschap\-v2
With this option, pppd will not agree to authenticate itself to the
-peer using MS-CHAPv2.
+peer using MS\-CHAPv2.
.TP
-.B refuse-eap
+.B refuse\-eap
With this option, pppd will not agree to authenticate itself to the
peer using EAP.
.TP
-.B refuse-pap
+.B refuse\-pap
With this option, pppd will not agree to authenticate itself to the
peer using PAP.
.TP
-.B require-chap
+.B require\-chap
Require the peer to authenticate itself using CHAP [Challenge
Handshake Authentication Protocol] authentication.
.TP
-.B require-mppe
+.B require\-mppe
Require the use of MPPE (Microsoft Point to Point Encryption). This
option disables all other compression types. This option enables
-both 40\-bit and 128\-bit encryption. In order for MPPE to successfully
-come up, you must have authenticated with either MS-CHAP or MS-CHAPv2.
+both 40-bit and 128-bit encryption. In order for MPPE to successfully
+come up, you must have authenticated with either MS\-CHAP or MS\-CHAPv2.
This option is presently only supported under Linux, and only if your
kernel has been configured to include MPPE support.
.TP
-.B require-mppe-40
-Require the use of MPPE, with 40\-bit encryption.
+.B require\-mppe\-40
+Require the use of MPPE, with 40-bit encryption.
.TP
-.B require-mppe-128
-Require the use of MPPE, with 128\-bit encryption.
+.B require\-mppe\-128
+Require the use of MPPE, with 128-bit encryption.
.TP
-.B require-mschap
-Require the peer to authenticate itself using MS-CHAP [Microsft Challenge
+.B require\-mschap
+Require the peer to authenticate itself using MS\-CHAP [Microsoft Challenge
Handshake Authentication Protocol] authentication.
.TP
-.B require-mschap-v2
-Require the peer to authenticate itself using MS-CHAPv2 [Microsft Challenge
+.B require\-mschap\-v2
+Require the peer to authenticate itself using MS\-CHAPv2 [Microsoft Challenge
Handshake Authentication Protocol, Version 2] authentication.
.TP
-.B require-eap
+.B require\-eap
Require the peer to authenticate itself using EAP [Extensible
Authentication Protocol] authentication.
.TP
-.B require-pap
+.B require\-pap
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
.TP
-.B show-password
+.B show\-password
When logging the contents of PAP packets, this option causes pppd to
show the password string in the log message.
.TP
connection until a valid LCP packet is received from the peer (as for
the `passive' option with ancient versions of pppd).
.TP
-.B srp-interval \fIn
-If this parameter is given and pppd uses EAP SRP-SHA1 to authenticate
+.B srp\-interval \fIn
+If this parameter is given and pppd uses EAP SRP\-SHA1 to authenticate
the peer (i.e., is the server), then pppd will use the optional
lightweight SRP rechallenge mechanism at intervals of \fIn\fR
-seconds. This option is faster than \fBeap-interval\fR
-reauthentication because it uses a hash-based mechanism and does not
+seconds. This option is faster than \fBeap\-interval\fR
+reauthentication because it uses a hash\-based mechanism and does not
derive a new session key.
.TP
-.B srp-pn-secret \fIstring
+.B srp\-pn\-secret \fIstring
Set the long-term pseudonym-generating secret for the server. This
value is optional and if set, needs to be known at the server
(authenticator) side only, and should be different for each server (or
generate a key to encrypt and decrypt the client's identity contained
in the pseudonym.
.TP
-.B srp-use-pseudonym
-When operating as an EAP SRP-SHA1 client, attempt to use the pseudonym
+.B srp\-use\-pseudonym
+When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym
stored in ~/.ppp_psuedonym first as the identity, and save in this
file any pseudonym offered by the peer during authentication.
.TP
.TP
.B usepeerdns
Ask the peer for up to 2 DNS server addresses. The addresses supplied
-by the peer (if any) are passed to the /etc/ppp/ip-up script in the
-environment variables DNS1 and DNS2. In addition, pppd will create an
+by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
+environment variables DNS1 and DNS2, and the environment variable
+USEPEERDNS will be set to 1. In addition, pppd will create an
/etc/ppp/resolv.conf file containing one or two nameserver lines with
the address(es) supplied by the peer.
.TP
Sets the name used for authenticating the local system to the peer to
\fIname\fR.
.TP
-.B vj-max-slots \fIn
+.B vj\-max\-slots \fIn
Sets the number of connection slots to be used by the Van Jacobson
TCP/IP header compression and decompression code to \fIn\fR, which
must be between 2 and 16 (inclusive).
with a response which includes its name plus a hash value derived from
the shared secret and the challenge, in order to prove that it knows
the secret. EAP supports CHAP-style authentication, and also includes
-the SRP-SHA1 mechanism, which is resistant to dictionary-based attacks
+the SRP\-SHA1 mechanism, which is resistant to dictionary-based attacks
and does not require a cleartext password on the server side.
.LP
The PPP protocol, being symmetrical, allows both peers to require the
if it has no secrets which could be used to do so.
.LP
Pppd stores secrets for use in authentication in secrets
-files (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for CHAP,
-MS-CHAP, MS-CHAPv2, and EAP MD5-Challenge, and /etc/ppp/srp-secrets
-for EAP SRP-SHA1).
+files (/etc/ppp/pap\-secrets for PAP, /etc/ppp/chap\-secrets for CHAP,
+MS\-CHAP, MS\-CHAPv2, and EAP MD5-Challenge, and /etc/ppp/srp\-secrets
+for EAP SRP\-SHA1).
All secrets files have the same format. The secrets files can
contain secrets for pppd to use in authenticating itself to other
systems, as well as secrets for pppd to use when authenticating other
.LP
Any following words on the same line are taken to be a list of
acceptable IP addresses for that client. If there are only 3 words on
-the line, or if the first word is "-", then all IP addresses are
+the line, or if the first word is "\-", then all IP addresses are
disallowed. To allow any address, use "*". A word starting with "!"
indicates that the specified address is \fInot\fR acceptable. An
address may be followed by "/" and a number \fIn\fR, to indicate a
name of the local system defaults to the hostname, with the domain
name appended if the \fIdomain\fR option is used. This default can be
overridden with the \fIname\fR option, except when the
-\fIusehostname\fR option is used. (For EAP SRP-SHA1, see the
-srp-entry(8) utility for generating proper validator entries to be
+\fIusehostname\fR option is used. (For EAP SRP\-SHA1, see the
+srp\-entry(8) utility for generating proper validator entries to be
used in the "secret" field.)
.LP
When pppd is choosing a secret to use in authenticating itself to the
.LP
Furthermore, if the \fIlogin\fR option was specified, the username and
password are also checked against the system password database. Thus,
-the system administrator can set up the pap-secrets file to allow PPP
+the system administrator can set up the pap\-secrets file to allow PPP
access only to certain users, and to restrict the set of IP addresses
that each user can use. Typically, when using the \fIlogin\fR option,
-the secret in /etc/ppp/pap-secrets would be "", which will match any
+the secret in /etc/ppp/pap\-secrets would be "", which will match any
password supplied by the peer. This avoids the need to have the same
secret in two places.
.LP
authentication. If the peer refuses to authenticate itself when
requested, pppd takes that as equivalent to authenticating with PAP
using the empty string for the username and password. Thus, by adding
-a line to the pap-secrets file which specifies the empty string for
+a line to the pap\-secrets file which specifies the empty string for
the client and password, it is possible to allow restricted access to
hosts which refuse to authenticate themselves.
.SH ROUTING
modification to routing tables and/or ARP (Address Resolution
Protocol) tables. In most cases the \fIdefaultroute\fR and/or
\fIproxyarp\fR options are sufficient for this, but in some cases
-further intervention is required. The /etc/ppp/ip-up script can be
+further intervention is required. The /etc/ppp/ip\-up script can be
used for this.
.LP
Sometimes it is desirable to add a default route through the remote
endpoint discriminator is a block of data which is hopefully unique
for each peer. Several types of data can be used, including
locally-assigned strings of bytes, IP addresses, MAC addresses,
-randomly strings of bytes, or E-164 phone numbers. The endpoint
+randomly strings of bytes, or E\-164 phone numbers. The endpoint
discriminator sent to the peer by pppd can be set using the endpoint
option.
.LP
-In circumstances the peer may send no endpoint discriminator or a
-non-unique value. The optional bundle option adds an extra string
-which is added to the peer's endpoint discriminator and authenticated
-identity when matching up links to be joined together in a bundle.
-The bundle option can also be used to allow the establishment of
-multiple bundles between the local system and the peer. Pppd uses a
-TDB database in /var/run/pppd.tdb to match up links.
+In some circumstances the peer may send no endpoint discriminator or a
+non-unique value. The bundle option adds an extra string which is
+added to the peer's endpoint discriminator and authenticated identity
+when matching up links to be joined together in a bundle. The bundle
+option can also be used to allow the establishment of multiple bundles
+between the local system and the peer. Pppd uses a TDB database in
+/var/run/pppd2.tdb to match up links.
.LP
Assuming that multilink is enabled and the peer is willing to
negotiate multilink, then when pppd is invoked to bring up the first
the peer and create a new bundle, that is, another ppp network
interface unit. When another pppd is invoked to bring up another link
to the peer, it will detect the existing bundle and join its link to
-it. Currently, if the first pppd terminates (for example, because of
-a hangup or a received signal) the bundle is destroyed.
+it.
+.LP
+If the first link terminates (for example, because of a hangup or a
+received LCP terminate-request) the bundle is not destroyed unless
+there are no other links remaining in the bundle. Rather than
+exiting, the first pppd keeps running after its link terminates, until
+all the links in the bundle have terminated. If the first pppd
+receives a SIGTERM or SIGINT signal, it will destroy the bundle and
+send a SIGHUP to the pppd processes for each of the links in the
+bundle. If the first pppd receives a SIGHUP signal, it will terminate
+its link but not the bundle.
+.LP
+Note: demand mode is not currently supported with multilink.
.SH EXAMPLES
.LP
The following examples assume that the /etc/ppp/options file contains
.IP
ttyS0 19200 crtscts
.br
-connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp'
+connect '/usr/sbin/chat \-v \-f /etc/ppp/chat\-isp'
.br
noauth
.LP
In this example, we are using chat to dial the ISP's modem and go
-through any logon sequence required. The /etc/ppp/chat-isp file
+through any logon sequence required. The /etc/ppp/chat\-isp file
contains the script used by chat; it could for example contain
something like this:
.IP
.br
"ispts" "\\q^Uppp"
.br
-"~-^Uppp-~"
+"~\-^Uppp\-~"
.LP
See the chat(8) man page for details of chat scripts.
.LP
.LP
To allow a user to use the PPP facilities, you need to allocate an IP
address for that user's machine and create an entry in
-/etc/ppp/pap-secrets, /etc/ppp/chap-secrets, or /etc/ppp/srp-secrets
+/etc/ppp/pap\-secrets, /etc/ppp/chap\-secrets, or /etc/ppp/srp\-secrets
(depending on which authentication method the PPP implementation on
the user's machine supports), so that the user's machine can
authenticate itself. For example, if Joe has a machine called
"joespc" that is to be allowed to dial in to the machine called
"server" and use the IP address joespc.my.net, you would add an entry
-like this to /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
+like this to /etc/ppp/pap\-secrets or /etc/ppp/chap\-secrets:
.IP
joespc server "joe's secret" joespc.my.net
.LP
-(See srp-entry(8) for a means to generate the server's entry when
-SRP-SHA1 is in use.)
+(See srp\-entry(8) for a means to generate the server's entry when
+SRP\-SHA1 is in use.)
Alternatively, you can create a username called (for example) "ppp",
whose login shell is pppd and whose home directory is /etc/ppp.
Options to be used when pppd is run this way can be put in
.LP
Messages are sent to the syslog daemon using facility LOG_DAEMON.
(This can be overridden by recompiling pppd with the macro
-LOG_PPP defined as the desired facility.) In order to see the error
-and debug messages, you will need to edit your /etc/syslog.conf file
-to direct the messages to the desired output device or file.
+LOG_PPP defined as the desired facility.) See the syslog(8)
+documentation for details of where the syslog daemon will write the
+messages. On most systems, the syslog daemon uses the
+/etc/syslog.conf file to specify the destination(s) for syslog
+messages. You may need to edit that file to suit.
.LP
The \fIdebug\fR option causes the contents of all control packets sent
or received to be logged, that is, all LCP, PAP, CHAP, EAP, or IPCP packets.
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish. The scripts are
+Pppd does not wait for the scripts to finish (except for the ip-pre-up
+script). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
.TP
.B LINKNAME
The logical name of the link, set with the \fIlinkname\fR option.
+.TP
+.B DNS1
+If the peer supplies DNS server addresses, this variable is set to the
+first DNS server address supplied.
+.TP
+.B DNS2
+If the peer supplies DNS server addresses, this variable is set to the
+second DNS server address supplied.
.P
Pppd invokes the following scripts, if they exist. It is not an error
if they don't exist.
.TP
-.B /etc/ppp/auth-up
+.B /etc/ppp/auth\-up
A program or script which is executed after the remote system
successfully authenticates itself. It is executed with the parameters
.IP
-\fIinterface-name peer-name user-name tty-device speed\fR
+\fIinterface\-name peer\-name user\-name tty\-device speed\fR
.IP
Note that this script is not executed if the peer doesn't authenticate
itself, for example when the \fInoauth\fR option is used.
.TP
-.B /etc/ppp/auth-down
+.B /etc/ppp/auth\-down
A program or script which is executed when the link goes down, if
-/etc/ppp/auth-up was previously executed. It is executed in the same
-manner with the same parameters as /etc/ppp/auth-up.
-.TP
-.B /etc/ppp/ip-up
+/etc/ppp/auth\-up was previously executed. It is executed in the same
+manner with the same parameters as /etc/ppp/auth\-up.
+.TP
+.B /etc/ppp/ip\-pre\-up
+A program or script which is executed just before the ppp network
+interface is brought up. It is executed with the same parameters as
+the ip\-up script (below). At this point the interface exists and has
+IP addresses assigned but is still down. This can be used to
+add firewall rules before any IP traffic can pass through the
+interface. Pppd will wait for this script to finish before bringing
+the interface up, so this script should run quickly.
+.TP
+.B /etc/ppp/ip\-up
A program or script which is executed when the link is available for
sending and receiving IP packets (that is, IPCP has come up). It is
executed with the parameters
.IP
-\fIinterface-name tty-device speed local-IP-address
-remote-IP-address ipparam\fR
+\fIinterface\-name tty\-device speed local\-IP\-address
+remote\-IP\-address ipparam\fR
.TP
-.B /etc/ppp/ip-down
+.B /etc/ppp/ip\-down
A program or script which is executed when the link is no longer
available for sending and receiving IP packets. This script can be
-used for undoing the effects of the /etc/ppp/ip-up script. It is
-invoked in the same manner and with the same parameters as the ip-up
+used for undoing the effects of the /etc/ppp/ip\-up and
+/etc/ppp/ip\-pre\-up scripts. It is
+invoked in the same manner and with the same parameters as the ip\-up
script.
.TP
-.B /etc/ppp/ipv6-up
-Like /etc/ppp/ip-up, except that it is executed when the link is available
+.B /etc/ppp/ipv6\-up
+Like /etc/ppp/ip\-up, except that it is executed when the link is available
for sending and receiving IPv6 packets. It is executed with the parameters
.IP
-\fIinterface-name tty-device speed local-link-local-address
-remote-link-local-address ipparam\fR
+\fIinterface\-name tty\-device speed local\-link\-local\-address
+remote\-link\-local\-address ipparam\fR
.TP
-.B /etc/ppp/ipv6-down
-Similar to /etc/ppp/ip-down, but it is executed when IPv6 packets can no
+.B /etc/ppp/ipv6\-down
+Similar to /etc/ppp/ip\-down, but it is executed when IPv6 packets can no
longer be transmitted on the link. It is executed with the same parameters
-as the ipv6-up script.
+as the ipv6\-up script.
.TP
-.B /etc/ppp/ipx-up
+.B /etc/ppp/ipx\-up
A program or script which is executed when the link is available for
sending and receiving IPX packets (that is, IPXCP has come up). It is
executed with the parameters
.IP
-\fIinterface-name tty-device speed network-number local-IPX-node-address
-remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol
-local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR
+\fIinterface\-name tty\-device speed network\-number local\-IPX\-node\-address
+remote\-IPX\-node\-address local\-IPX\-routing\-protocol remote\-IPX\-routing\-protocol
+local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR
.IP
-The local-IPX-routing-protocol and remote-IPX-routing-protocol field
+The local\-IPX\-routing\-protocol and remote\-IPX\-routing\-protocol field
may be one of the following:
.IP
NONE to indicate that there is no routing protocol
.br
RIP NLSP to indicate that both RIP/SAP and NLSP should be used
.TP
-.B /etc/ppp/ipx-down
+.B /etc/ppp/ipx\-down
A program or script which is executed when the link is no longer
available for sending and receiving IPX packets. This script can be
-used for undoing the effects of the /etc/ppp/ipx-up script. It is
-invoked in the same manner and with the same parameters as the ipx-up
+used for undoing the effects of the /etc/ppp/ipx\-up script. It is
+invoked in the same manner and with the same parameters as the ipx\-up
script.
.SH FILES
.TP
.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for pppd process on ppp interface unit \fIn\fR.
.TP
-.B /var/run/ppp-\fIname\fB.pid \fR(BSD or Linux),
-\fB/etc/ppp/ppp-\fIname\fB.pid \fR(others)
+.B /var/run/ppp\-\fIname\fB.pid \fR(BSD or Linux),
+\fB/etc/ppp/ppp\-\fIname\fB.pid \fR(others)
Process-ID for pppd process for logical link \fIname\fR (see the
\fIlinkname\fR option).
.TP
-.B /etc/ppp/pap-secrets
+.B /var/run/pppd2.tdb
+Database containing information about pppd processes, interfaces and
+links, used for matching links to bundles in multilink operation. May
+be examined by external programs to obtain information about running
+pppd instances, the interfaces and devices they are using, IP address
+assignments, etc.
+.B /etc/ppp/pap\-secrets
Usernames, passwords and IP addresses for PAP authentication. This
file should be owned by root and not readable or writable by any other
user. Pppd will log a warning if this is not the case.
.TP
-.B /etc/ppp/chap-secrets
-Names, secrets and IP addresses for CHAP/MS-CHAP/MS-CHAPv2 authentication.
-As for /etc/ppp/pap-secrets, this file should be owned by root and not
+.B /etc/ppp/chap\-secrets
+Names, secrets and IP addresses for CHAP/MS\-CHAP/MS\-CHAPv2 authentication.
+As for /etc/ppp/pap\-secrets, this file should be owned by root and not
readable or writable by any other user. Pppd will log a warning if
this is not the case.
.TP
-.B /etc/ppp/srp-secrets
+.B /etc/ppp/srp\-secrets
Names, secrets, and IP addresses for EAP authentication. As for
-/etc/ppp/pap-secrets, this file should be owned by root and not
+/etc/ppp/pap\-secrets, this file should be owned by root and not
readable or writable by any other user. Pppd will log a warning if
this is not the case.
.TP
.B ~/.ppp_pseudonym
-Saved client-side SRP-SHA1 pseudonym. See the \fIsrp-use-pseudonym\fR
+Saved client-side SRP\-SHA1 pseudonym. See the \fIsrp\-use\-pseudonym\fR
option for details.
.TP
.B /etc/ppp/options
permit non-privileged users to dial out without requiring the peer to
authenticate, but only to certain trusted peers.
.SH SEE ALSO
+.BR chat (8),
+.BR pppstats (8)
.TP
.B RFC1144
Jacobson, V.
.TP
.B RFC1661
Simpson, W.A.
-.I The Point\-to\-Point Protocol (PPP).
+.I The Point-to-Point Protocol (PPP).
July 1994.
.TP
.B RFC1662
.I The SRP Authentication and Key Exchange System
September 2000.
.TP
-.B draft-ietf-pppext-eap-srp-03.txt
+.B draft\-ietf\-pppext\-eap\-srp\-03.txt
Carlson, J.; et al.,
-.I EAP SRP-SHA1 Authentication Protocol.
+.I EAP SRP\-SHA1 Authentication Protocol.
July 2001.
.SH NOTES
-The following signals have the specified effect when sent to pppd.
+Some limited degree of control can be exercised over a running pppd
+process by sending it a signal from the list below.
.TP
.B SIGINT, SIGTERM
These signals cause pppd to terminate the link (by closing LCP),
indicate a bug in one or other implementation.)
.SH AUTHORS
-Paul Mackerras (Paul.Mackerras@cs.anu.edu.au), based on earlier work by
+Paul Mackerras (paulus@samba.org), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
Greg Christy,
and
Brad Parker.
+
+.SH COPYRIGHT
+Pppd is copyrighted and made available under conditions which provide
+that it may be copied and used in source or binary forms provided that
+the conditions listed below are met. Portions of pppd are covered by
+the following copyright notices:
+.LP
+Copyright (c) 1984-2000 Carnegie Mellon University. All rights
+reserved.
+.br
+Copyright (c) 1993-2004 Paul Mackerras. All rights reserved.
+.br
+Copyright (c) 1995 Pedro Roque Marques. All rights reserved.
+.br
+Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+.br
+Copyright (c) 1999 Tommi Komulainen. All rights reserved.
+.br
+Copyright (C) Andrew Tridgell 1999
+.br
+Copyright (c) 2000 by Sun Microsystems, Inc. All rights reserved.
+.br
+Copyright (c) 2001 by Sun Microsystems, Inc. All rights reserved.
+.br
+Copyright (c) 2002 Google, Inc. All rights reserved.
+.LP
+The copyright notices contain the following statements.
+.LP
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+.LP
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+.LP
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+.LP
+3. The name "Carnegie Mellon University" must not be used to
+ endorse or promote products derived from this software without
+ prior written permission. For permission or any legal
+ details, please contact
+.br
+ Office of Technology Transfer
+.br
+ Carnegie Mellon University
+.br
+ 5000 Forbes Avenue
+.br
+ Pittsburgh, PA 15213-3890
+.br
+ (412) 268-4387, fax: (412) 268-7395
+.br
+ tech-transfer@andrew.cmu.edu
+.LP
+3b. The name(s) of the authors of this software must not be used to
+ endorse or promote products derived from this software without
+ prior written permission.
+.LP
+4. Redistributions of any form whatsoever must retain the following
+ acknowledgments:
+.br
+ "This product includes software developed by Computing Services
+ at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+.br
+ "This product includes software developed by Paul Mackerras
+ <paulus@samba.org>".
+.br
+ "This product includes software developed by Pedro Roque Marques
+ <pedro_m@yahoo.com>".
+.br
+ "This product includes software developed by Tommi Komulainen
+ <Tommi.Komulainen@iki.fi>".
+.LP
+CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.LP
+THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
projects / ppp.git / blobdiff