1 This is the README file for ppp-2.4, a package which implements the
2 Point-to-Point Protocol (PPP) to provide Internet connections over
9 The Point-to-Point Protocol (PPP) provides a standard way to establish
10 a network connection over a serial link. At present, this package
11 supports IP and IPV6 and the protocols layered above them, such as TCP
12 and UDP. The Linux port of this package also has support for IPX.
14 This PPP implementation consists of two parts:
16 - Kernel code, which establishes a network interface and passes
17 packets between the serial port, the kernel networking code and the
18 PPP daemon (pppd). This code is implemented using STREAMS modules on
19 Solaris, and as a line discipline under Linux.
21 - The PPP daemon (pppd), which negotiates with the peer to establish
22 the link and sets up the ppp network interface. Pppd includes support
23 for authentication, so you can control which other systems may make a
24 PPP connection and what IP addresses they may use.
26 The platforms supported by this package are Linux and Solaris. I have
27 code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX
28 and Ultrix but no active maintainers for these platforms. Code for
29 all of these except AIX is included in the ppp-2.3.11 release.
31 The kernel code for Linux is no longer distributed with this package,
32 since the relevant kernel code is in the official Linux kernel source
33 (and has been for many years) and is included in all reasonably modern
34 Linux distributions. The Linux kernel code supports using PPP over
35 things other than serial ports, such as PPP over Ethernet and PPP over
42 The file SETUP contains general information about setting up your
43 system for using PPP. There is also a README file for each supported
44 system, which contains more specific details for installing PPP on
45 that system. The supported systems, and the corresponding README
51 In each case you start by running the ./configure script. This works
52 out which operating system you are using and creates the appropriate
53 makefiles. You then run `make' to compile the user-level code, and
54 (as root) `make install' to install the user-level programs pppd, chat
57 N.B. Since 2.3.0, leaving the permitted IP addresses column of the
58 pap-secrets or chap-secrets file empty means that no addresses are
59 permitted. You need to put a "*" in that column to allow the peer to
60 use any IP address. (This only applies where the peer is
61 authenticating itself to you, of course.)
64 What's new in ppp-2.4.9.
65 ************************
67 * Support for new EAP (Extensible Authentication Protocol) methods:
68 - Support for EAP-TLS, from Jan Just Keijser and others
69 - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
70 Van Buggenhout and others
76 - noreplacedefaultroute
77 - ipv6cp-accept-remote
90 * Fixes for CVE-2020-8597 and CVE-2015-3310.
92 * libpcap is now required when compiling on Linux (previously, if
93 libpcap was not present, pppd would be compiled without packet
96 * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
97 from the upstream rp-pppoe code. Its options have changed names,
98 but the old names are kept as aliases.
100 * The configure script now supports cross-compilation.
102 * Many bug fixes and cleanups.
105 What was new in ppp-2.4.8.
106 **************************
108 * New pppd options have been added:
109 - ifname, to set the name for the PPP interface device
110 - defaultroute-metric, to set the metric for the default route
111 - defaultroute6, to add an IPv6 default route (with nodefaultroute6
112 to prevent adding an IPv6 default route)
113 - up_sdnotify, to have pppd notify systemd when the link is up.
115 * The rp-pppoe plugin has new options:
116 - host-uniq, to set the Host-Uniq value to send
117 - pppoe-padi-timeout, to set the timeout for discovery packets
118 - pppoe-padi-attempts, to set the number of discovery attempts.
120 * Added the CLASS attribute in radius packets.
124 * Fixed warnings and issues found by static analysis.
126 * Added Submitting-patches.md.
129 What was new in ppp-2.4.7.
130 **************************
132 * Fixed a potential security issue in parsing option files (CVE-2014-3158).
134 * There is a new "stop-bits" option, which takes an argument of 1 or 2,
135 indicating the number of stop bits to use for async serial ports.
140 What was new in ppp-2.4.6.
141 **************************
147 * Options files can now set and unset environment variables for
150 * The timeout for chat scripts can now be taken from an environment
153 * There is a new option, master_detach, which allows pppd to detach
154 from the controlling terminal when it is the multilink bundle master
155 but its own link has terminated, even if the nodetach option has
159 What was new in ppp-2.4.5.
160 **************************
162 * Under Linux, pppd can now operate in a mode where it doesn't request
163 the peer's IP address, as some peers refuse to supply an IP address.
164 Since Linux supports device routes as well as gateway routes, it's
165 possible to have no remote IP address assigned to the ppp interface
166 and still route traffic over it.
168 * Pppd now works better with 3G modems that do strange things such as
169 sending IPCP Configure-Naks with the same values over and over again.
171 * The PPP over L2TP plugin is included, which works with the pppol2tp
172 PPP channel code in the Linux kernel. This allows pppd to be used
173 to set up tunnels using the Layer 2 Tunneling Protocol.
175 * A new 'enable-session' option has been added, which enables session
176 accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
179 * Several bugs have been fixed.
182 What was new in ppp-2.4.4.
183 **************************
185 * Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
186 the ppp interface and configuring its IP addresses but before
187 bringing it up. This can be used, for example, for adding firewall
188 rules for the interface.
190 * Lots of bugs fixed, particularly in the area of demand-dialled and
191 persistent connections.
193 * The rp-pppoe plugin now accepts any interface name (that isn't an
194 existing pppd option name) without putting "nic-" on the front of
195 it, not just eth*, nas*, tap* and br*.
198 What was new in ppp-2.4.3.
199 **************************
201 * The configure script now accepts --prefix and --sysconfdir options.
202 These default to /usr/local and /etc. If you want pppd put in
203 /usr/sbin as before, use ./configure --prefix=/usr.
205 * Doing `make install' no longer puts example configuration files in
206 /etc/ppp. Use `make install-etcppp' if you want that.
208 * The code has been updated to work with version 0.8.3 of libpcap.
209 Unfortunately the libpcap maintainers removed support for the
210 "inbound" and "outbound" keywords on PPP links, meaning that if you
211 link pppd with libpcap-0.8.3, you can't use those keywords in the
212 active-filter and pass-filter expressions. The support has been
213 reinstated in the CVS version and should be in future libpcap
214 releases. If you need the in/outbound keywords, use a later release
215 than 0.8.3, or get the CVS version from http://www.tcpdump.org.
217 * There is a new option, child-timeout, which sets the length of time
218 that pppd will wait for child processes (such as the command
219 specified with the pty option) to exit before exiting itself. It
220 defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
221 to any remaining child processes and exit. A value of 0 means no
224 * Various bugs have been fixed, including some CBCP packet parsing
225 bugs that could lead to the peer being able to crash pppd if CBCP
228 * Various fixes and enhancements to the radius and rp-pppoe plugins
231 * There is a new winbind plugin, from Andrew Bartlet of the Samba
232 team, which provides the ability to authenticate the peer against an
233 NT domain controller using MS-CHAP or MS-CHAPV2.
235 * There is a new pppoatm plugin, by various authors, sent in by David
238 * The multilink code has been substantially reworked. The first pppd
239 for a bundle still controls the ppp interface, but it doesn't exit
240 until all the links in the bundle have terminated. If the first
241 pppd is signalled to exit, it signals all the other pppds
242 controlling links in the bundle.
244 * The TDB code has been updated to the latest version. This should
245 eliminate the problem that some people have seen where the database
246 file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
247 the new code uses an incompatible database format. For this reason,
248 pppd now uses /var/run/pppd2.tdb as the database filename.
251 What was new in ppp-2.4.2.
252 **************************
254 * The CHAP code has been rewritten. Pppd now has support for MS-CHAP
255 V1 and V2 authentication, both as server and client. The new CHAP
256 code is cleaner than the old code and avoids some copyright problems
257 that existed in the old code.
259 * MPPE (Microsoft Point-to-Point Encryption) support has been added,
260 although the current implementation shouldn't be considered
261 completely secure. (There is no assurance that the current code
262 won't ever transmit an unencrypted packet.)
264 * James Carlson's implementation of the Extensible Authentication
265 Protocol (EAP) has been added.
267 * Support for the Encryption Control Protocol (ECP) has been added.
269 * Some new plug-ins have been included:
270 - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
271 - A plug-in for supplying the PAP password over a pipe from another
273 - A plug-in for authenticating using a Radius server.
275 * Updates and bug-fixes for the Solaris port.
277 * The CBCP (Call Back Control Protocol) code has been updated. There
278 are new options `remotenumber' and `allow-number'.
280 * Extra hooks for plugins to use have been added.
282 * There is now a `maxoctets' option, which causes pppd to terminate
283 the link once the number of bytes passed on the link exceeds a given
286 * There are now options to control whether pppd can use the IPCP
287 IP-Address and IP-Addresses options: `ipcp-no-address' and
290 * Fixed several bugs, including potential buffer overflows in chat.
293 What was new in ppp-2.4.1.
294 **************************
296 * Pppd can now print out the set of options that are in effect. The
297 new `dump' option causes pppd to print out the option values after
298 option parsing is complete. The `dryrun' option causes pppd to
299 print the options and then exit.
301 * The option parsing code has been fixed so that options in the
302 per-tty options file are parsed correctly, and don't override values
303 from the command line in most cases.
305 * The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
306 example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
307 there is no slash in the plugin name.
309 * When loading a plugin, pppd will now check the version of pppd for
310 which the plugin was compiled, and refuse to load it if it is
311 different to pppd's version string. To enable this, the plugin
312 source needs to #include "pppd.h" and have a line saying:
313 char pppd_version[] = VERSION;
315 * There is a bug in zlib, discovered by James Carlson, which can cause
316 kernel memory corruption if Deflate is used with the lowest setting,
317 8. As a workaround pppd will now insist on using at least 9.
319 * Pppd should compile on Solaris and SunOS again.
321 * Pppd should now set the MTU correctly on demand-dialled interfaces.
324 What was new in ppp-2.4.0.
325 **************************
327 * Multilink: this package now allows you to combine multiple serial
328 links into one logical link or `bundle', for increased bandwidth and
329 reduced latency. This is currently only supported under the
330 2.4.x and later Linux kernels.
332 * All the pppd processes running on a system now write information
333 into a common database. I used the `tdb' code from samba for this.
335 * New hooks have been added.
337 For a list of the changes made during the 2.3 series releases of this
338 package, see the Changes-2.3 file.
344 This package supports two packet compression methods: Deflate and
345 BSD-Compress. Other compression methods which are in common use
346 include Predictor, LZS, and MPPC. These methods are not supported for
347 two reasons - they are patent-encumbered, and they cause some packets
348 to expand slightly, which pppd doesn't currently allow for.
349 BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
356 The comp.protocols.ppp newsgroup is a useful place to get help if you
357 have trouble getting your ppp connections to work. Please do not send
358 me questions of the form "please help me get connected to my ISP" -
359 I'm sorry, but I simply do not have the time to answer all the
360 questions like this that I get.
362 If you find bugs in this package, please report them to the maintainer
363 for the port for the operating system you are using:
365 Linux Paul Mackerras <paulus@samba.org>
366 Solaris James Carlson <carlson@workingcode.com>
372 All of the code can be freely used and redistributed. The individual
373 source files each have their own copyright and permission notice.
374 Pppd, pppstats and pppdump are under BSD-style notices. Some of the
375 pppd plugins are GPL'd. Chat is public domain.
381 The primary site for releases of this software is:
383 ftp://ftp.samba.org/pub/ppp/