.\" manual page [] for pppd 2.3
-.\" $Id: pppd.8,v 1.21 1996/08/28 06:41:53 paulus Exp $
+.\" $Id: pppd.8,v 1.23 1996/09/26 06:23:07 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
Read options from the file /etc/ppp/peers/\fIname\fR. This file may
contain privileged options, such as \fInoauth\fR, even if pppd
is not being run by root. The \fIname\fR string may not begin with /
-or include .. as a pathname component.
+or include .. as a pathname component. The format of the options file
+is described below.
.TP
.B connect \fIscript
Use the executable or shell command specified by \fIscript\fR to set
\fInr\fR and \fInt\fR; larger values give better compression but
consume more kernel memory for compression dictionaries.
Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
-compression in the corresponding direction.
+compression in the corresponding direction. Use \fInobsdcomp\fR or
+\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
.TP
.B chap-interval \fIn
If this option is given, pppd will rechallenge the peer every \fIn\fR
for \fInr\fR and \fInt\fR; larger values give better compression but
consume more kernel memory for compression dictionaries.
Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
-compression in the corresponding direction. (Note: pppd requests
-Deflate compression in preference to BSD-Compress if the peer can do
-either.)
+compression in the corresponding direction. Use \fInodeflate\fR or
+\fIdeflate 0\fR to disable Deflate compression entirely. (Note: pppd
+requests Deflate compression in preference to BSD-Compress if the peer
+can do either.)
.TP
.B demand
Initiate the link only on demand, i.e. when data traffic is present.
\fIn\fR is a number which is the sum of the following values: 1 to
enable general debug messages, 2 to request that the contents of
received packets be printed, and 4 to request that the contents of
-transmitted packets be printed.
+transmitted packets be printed. On most systems, messages printed by
+the kernel are logged by syslog(1) to a file as directed in the
+/etc/syslog.conf configuration file.
.TP
.B lcp-echo-failure \fIn
If this option is given, pppd will presume the peer to be dead
option allows pppd to supply one or two DNS (Domain Name Server)
addresses to the clients. The first instance of this option specifies
the primary DNS address; the second instance (if given) specifies the
-secondary DNS address.
+secondary DNS address. (This option was present in some older
+versions of pppd under the name \fBdns-addr\fR.)
.TP
.B name \fIname
Set the name of the local system for authentication purposes to
field when looking for a secret to use in authenticating the peer. In
addition, unless overridden with the \fIuser\fR option, \fIname\fR
will be used as the name to send to the peer when authenticating the
-local system to the peer.
+local system to the peer. (Note that pppd does not append the domain
+name to \fIname\fR.)
.TP
.B netmask \fIn
Set the interface netmask to \fIn\fR, a 32 bit netmask in "decimal dot"
whitespace. Whitespace can be included in a word by enclosing the
word in quotes ("). A backslash (\\) quotes the following character.
A hash (#) starts a comment, which continues until the end of the
-line.
+line. There is no restriction on using the \fIfile\fR or \fIcall\fR
+options within an options file.
.SH PRIVILEGED OPTIONS
As indicated above, some security-sensitive options are privileged,
which means that they may not be used by an ordinary non-privileged
starting with "!" indicates that the specified address is \fInot\fR
acceptable. An address may be followed by "/" and a number \fIn\fR,
to indicate a whole subnet, i.e. all addresses which have the same
-value in the most significant \fIn\fR bits.
+value in the most significant \fIn\fR bits. Note that case is
+significant in the client and server names and in the secret.
.LP
If the secret starts with an `@', what follows is assumed to be the
name of a file from which to read the secret. A "*" as the client or
link, which will enable the peers to exchange IP packets.
Communication with other machines generally requires further
modification to routing tables and/or ARP (Address Resolution
-Protocol) tables. In some cases this will be done automatically
-through the actions of the \fIrouted\fR or \fIgated\fR daemons, but in
-most cases some further intervention is required.
+Protocol) tables. In most cases the \fIdefaultroute\fR and/or
+\fIproxyarp\fR options are sufficient for this, but in some cases
+further intervention is required. The /etc/ppp/ip-up script can be
+used for this.
.LP
Sometimes it is desirable to add a default route through the remote
host, as in the case of a machine whose only connection to the
.LP
The \fIdebug\fR option causes the contents of all control packets sent
or received to be logged, that is, all LCP, PAP, CHAP or IPCP packets.
-This can be useful if the PPP negotiation does not succeed.
+This can be useful if the PPP negotiation does not succeed or if
+authentication fails.
If debugging is enabled at compile time, the \fIdebug\fR option also
causes other debugging messages to be logged.
.LP
script, and the same security considerations apply.
.TP
.B /etc/ppp/pap-secrets
-Usernames, passwords and IP addresses for PAP authentication.
+Usernames, passwords and IP addresses for PAP authentication. This
+file should be owned by root and not readable or writable by any other
+user. Pppd will log a warning if this is not the case.
.TP
.B /etc/ppp/chap-secrets
-Names, secrets and IP addresses for CHAP authentication.
+Names, secrets and IP addresses for CHAP authentication. As for
+/etc/ppp/pap-secrets, this file should be owned by root and not
+readable or writable by any other user. Pppd will log a warning if
+this is not the case.
.TP
.B /etc/ppp/options
System default options for pppd, read before user default options or
Otherwise pppd will exit. If this signal is received during the
holdoff period, it causes pppd to end the holdoff period immediately.
.TP
+.B SIGUSR1
+This signal toggles the state of the \fIdebug\fR option.
+.TP
.B SIGUSR2
This signal causes pppd to renegotiate compression. This can be
useful to re-enable compression after it has been disabled as a result