.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.87 2005/08/28 05:21:24 paulus Exp $
+.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
negotiation, unless the \fIipcp\-accept\-local\fR and/or
\fIipcp\-accept\-remote\fR options are given, respectively.
.TP
+.B +ipv6
+Enable the IPv6CP and IPv6 protocols.
+.TP
.B ipv6 \fI<local_interface_identifier>\fR,\fI<remote_interface_identifier>
Set the local and/or remote 64-bit interface identifier. Either one may be
-omitted. The identifier must be specified in standard ascii notation of
+omitted. The identifier must be specified in standard ASCII notation of
IPv6 addresses (e.g. ::dead:beef). If the
\fIipv6cp\-use\-ipaddr\fR
option is given, the local identifier is the local IPv4 address (see above).
.TP
.B demand
Initiate the link only on demand, i.e. when data traffic is present.
-With this option, the remote IP address must be specified by the user
-on the command line or in an options file. Pppd will initially
+With this option, the remote IP address may be specified by the user
+on the command line or in an options file, or if not, pppd will use
+an arbitrary address in the 10.x.x.x range. Pppd will initially
configure the interface and enable it for IP traffic without
connecting to the peer. When traffic is available, pppd will
connect to the peer and perform negotiation, authentication, etc.
The \fIdemand\fR option implies the \fIpersist\fR option. If this
behaviour is not desired, use the \fInopersist\fR option after the
\fIdemand\fR option. The \fIidle\fR and \fIholdoff\fR
-options are also useful in conjuction with the \fIdemand\fR option.
+options are also useful in conjunction with the \fIdemand\fR option.
.TP
.B domain \fId
Append the domain name \fId\fR to the local host name for authentication
which have been set. This option is like the \fBdryrun\fR option
except that pppd proceeds as normal rather than exiting.
.TP
+.B enable-session
+Enables session accounting via PAM or wtwp/wtmpx, as appropriate.
+When PAM is enabled, the PAM "account" and "session" module stacks
+determine behavior, and are enabled for all PPP authentication
+protocols. When PAM is disabled, wtmp/wtmpx entries are recorded
+regardless of whether the peer name identifies a valid user on the
+local system, making peers visible in the last(1) log. This feature
+is automatically enabled when the pppd \fBlogin\fR option is used.
+Session accounting is disabled by default.
+.TP
.B endpoint \fI<epdisc>
Sets the endpoint discriminator sent by the local machine to the peer
during multilink negotiation to \fI<epdisc>\fR. The default is to use
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
.TP
+.B ipv6cp\-accept\-local
+With this option, pppd will accept the peer's idea of our local IPv6
+interface identifier, even if the local IPv6 interface identifier
+was specified in an option.
+.TP
.B ipv6cp\-max\-configure \fIn
Set the maximum number of IPv6CP configure-request transmissions to
\fIn\fR (default 10).
send before it rejects the options. The default value is 3.
.TP
.B ipxcp\-max\-terminate \fIn
-Set the maximum nuber of IPXCP terminate request frames before the
+Set the maximum number of IPXCP terminate request frames before the
local system considers that the peer is not listening to them. The
default value is 3.
.TP
Use the system password database for authenticating the peer using
PAP, and record the user in the system wtmp file. Note that the peer
must have an entry in the /etc/ppp/pap\-secrets file as well as the
-system password database to be allowed access.
+system password database to be allowed access. See also the
+\fBenable\-session\fR option.
+.TP
+.B master_detach
+If multilink is enabled and this pppd process is the multilink bundle
+master, and the link controlled by this pppd process terminates, this
+pppd process continues to run in order to maintain the bundle. If the
+\fBmaster_detach\fR option has been given, pppd will detach from its
+controlling terminal in this situation, even if the \fBnodetach\fR
+option has been given.
.TP
.B maxconnect \fIn
Terminate the connection when it has been available for network
wishes to prevent users from creating proxy ARP entries with pppd can
do so by placing this option in the /etc/ppp/options file.
.TP
+.B noremoteip
+Allow pppd to operate without having an IP address for the peer. This
+option is only available under Linux. Normally, pppd will request the
+peer's IP address, and if the peer does not supply it, pppd will use
+an arbitrary address in the 10.x.x.x subnet.
+With this option, if the peer does
+not supply its IP address, pppd will not ask the peer for it, and will
+not set the destination address of the ppp interface. In this
+situation, the ppp interface can be used for routing by creating
+device routes, but the peer itself cannot be addressed directly for IP
+traffic.
+.TP
.B notty
Normally, pppd requires a terminal device. With this option, pppd
will allocate itself a pseudo-tty master/slave pair and use the slave
device. The \fIscript\fR will be run in a child process with the
pseudo-tty master as its standard input and output. An explicit
device name may not be given if this option is used. (Note: if the
-\fIrecord\fR option is used in conjuction with the \fIpty\fR option,
+\fIrecord\fR option is used in conjunction with the \fIpty\fR option,
the child process will have pipes on its standard input and output.)
.TP
.B receive\-all
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
.TP
+.B set \fIname\fR=\fIvalue
+Set an environment variable for scripts that are invoked by pppd.
+When set by a privileged source, the variable specified by \fIname\fR
+cannot be changed by options contained in an unprivileged source. See
+also the \fIunset\fR option and the environment described in
+\fISCRIPTS\fR.
+.TP
.B show\-password
When logging the contents of PAP packets, this option causes pppd to
show the password string in the log message.
.TP
.B srp\-use\-pseudonym
When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym
-stored in ~/.ppp_psuedonym first as the identity, and save in this
+stored in ~/.ppp_pseudonym first as the identity, and save in this
file any pseudonym offered by the peer during authentication.
.TP
.B sync
Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound
connections.
.TP
+.B unset \fIname
+Remove a variable from the environment variable for scripts that are
+invoked by pppd. When specified by a privileged source, the variable
+\fIname\fR cannot be set by options contained in an unprivileged
+source. See also the \fIset\fR option and the environment described
+in \fISCRIPTS\fR.
+.TP
.B updetach
With this option, pppd will detach from its controlling terminal once
it has successfully established the ppp connection (to the point where
.TP
.B DNS1
If the peer supplies DNS server addresses, this variable is set to the
-first DNS server address supplied.
+first DNS server address supplied (whether or not the usepeerdns
+option was given).
.TP
.B DNS2
If the peer supplies DNS server addresses, this variable is set to the
-second DNS server address supplied.
+second DNS server address supplied (whether or not the usepeerdns
+option was given).
.P
Pppd invokes the following scripts, if they exist. It is not an error
if they don't exist.
.TP
.B SIGINT, SIGTERM
These signals cause pppd to terminate the link (by closing LCP),
-restore the serial device settings, and exit.
+restore the serial device settings, and exit. If a connector or
+disconnector process is currently running, pppd will send the same
+signal to its process group, so as to terminate the connector or
+disconnector process.
.TP
.B SIGHUP
This signal causes pppd to terminate the link, restore the serial
serial device and start another connection (after the holdoff period).
Otherwise pppd will exit. If this signal is received during the
holdoff period, it causes pppd to end the holdoff period immediately.
+If a connector or disconnector process is running, pppd will send the
+same signal to its process group.
.TP
.B SIGUSR1
This signal toggles the state of the \fIdebug\fR option.
prior written permission.
.LP
4. Redistributions of any form whatsoever must retain the following
- acknowledgments:
+ acknowledgements:
.br
"This product includes software developed by Computing Services
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
projects / ppp.git / blobdiff