pppd: Use a run-time test to detect libutil availability on Linux

[ppp.git] / pppd / pppd.8

diff --git a/pppd/pppd.8 b/pppd/pppd.8
index f8c6fb9186066c7a06f2fa1d3ccb95bd8fb1d06f..3b7c28835cd9b87c5a3051029e7b28fbc8d296fc 100644 (file)
--- a/pppd/pppd.8
+++ b/pppd/pppd.8
@@ -260,6 +260,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
 compression in the corresponding direction.  Use \fInobsdcomp\fR or
 \fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
 .TP
 compression in the corresponding direction.  Use \fInobsdcomp\fR or
 \fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
 .TP

+.B ca \fIca-file
+(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority
+(CA) file (in PEM format), needed for setting up an EAP-TLS connection.
+This option is used on the client-side in conjunction with the \fBcert\fR
+and \fBkey\fR options.
+.TP

 .B cdtrcts
 Use a non-standard hardware flow control (i.e. DTR/CTS) to control
 the flow of data on the serial port.  If neither the \fIcrtscts\fR,
 .B cdtrcts
 Use a non-standard hardware flow control (i.e. DTR/CTS) to control
 the flow of data on the serial port.  If neither the \fIcrtscts\fR,


@@ -271,6 +277,12 @@ RTS output. Such serial ports use this mode to implement true
 bi-directional flow control. The sacrifice is that this flow
 control mode does not permit using DTR as a modem control line.
 .TP
 bi-directional flow control. The sacrifice is that this flow
 control mode does not permit using DTR as a modem control line.
 .TP

+.B cert \fIcertfile
+(EAP-TLS) Use the file \fIcertfile\fR as the X.509 certificate (in PEM
+format), needed for setting up an EAP-TLS connection. This option is
+used on the client-side in conjunction with the \fBca\fR and 
+\fBkey\fR options.
+.TP

 .B chap\-interval \fIn
 If this option is given, pppd will rechallenge the peer every \fIn\fR
 seconds.
 .B chap\-interval \fIn
 If this option is given, pppd will rechallenge the peer every \fIn\fR
 seconds.


@@ -283,6 +295,9 @@ Set the maximum number of CHAP challenge transmissions to \fIn\fR
 Set the CHAP restart interval (retransmission timeout for challenges)
 to \fIn\fR seconds (default 3).
 .TP
 Set the CHAP restart interval (retransmission timeout for challenges)
 to \fIn\fR seconds (default 3).
 .TP

+.B chap-timeout \fIn
+Set timeout for CHAP authentication by peer to \fIn\fR seconds (default 60).
+.TP

 .B child\-timeout \fIn
 When exiting, wait for up to \fIn\fR seconds for any child processes
 (such as the command specified with the \fBpty\fR command) to exit
 .B child\-timeout \fIn
 When exiting, wait for up to \fIn\fR seconds for any child processes
 (such as the command specified with the \fBpty\fR command) to exit


@@ -299,6 +314,18 @@ negotiation by sending its first LCP packet.  The default value is
 1000 (1 second).  This wait period only applies if the \fBconnect\fR
 or \fBpty\fR option is used.
 .TP
 1000 (1 second).  This wait period only applies if the \fBconnect\fR
 or \fBpty\fR option is used.
 .TP

+.B crl \fIfilename
+(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List
+to check for the validity of the peer's certificate. This option is not
+mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR
+option.
+.TP
+.B crl-dir \fIdirectory
+(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in
+has format ($hash.r0) to check for the validity of the peer's certificate.
+This option is not mandatory for setting up an EAP-TLS connection.
+Also see the \fBcrl\fR option.
+.TP

 .B debug
 Enables connection debugging facilities.
 If this option is given, pppd will log the contents of all
 .B debug
 Enables connection debugging facilities.
 If this option is given, pppd will log the contents of all


@@ -470,6 +497,11 @@ With this option, pppd will accept the peer's idea of our local IPv6
 interface identifier, even if the local IPv6 interface identifier
 was specified in an option.
 .TP
 interface identifier, even if the local IPv6 interface identifier
 was specified in an option.
 .TP

+.B ipv6cp\-accept\-remote
+With this option, pppd will accept the peer's idea of its (remote)
+IPv6 interface identifier, even if the remote IPv6 interface
+identifier was specified in an option.
+.TP

 .B ipv6cp\-max\-configure \fIn
 Set the maximum number of IPv6CP configure-request transmissions to
 \fIn\fR (default 10).
 .B ipv6cp\-max\-configure \fIn
 Set the maximum number of IPv6CP configure-request transmissions to
 \fIn\fR (default 10).


@@ -563,6 +595,12 @@ transmitted packets be printed.  On most systems, messages printed by
 the kernel are logged by syslog(1) to a file as directed in the
 /etc/syslog.conf configuration file.
 .TP
 the kernel are logged by syslog(1) to a file as directed in the
 /etc/syslog.conf configuration file.
 .TP

+.B key \fIkeyfile
+(EAP-TLS) Use the file \fIkeyfile\fR as the private key file (in PEM
+format), needed for setting up an EAP-TLS connection. This option is
+used on the client-side in conjunction with the \fBca\fR and 
+\fBcert\fR options.
+.TP

 .B ktune
 Enables pppd to alter kernel settings as appropriate.  Under Linux,
 pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
 .B ktune
 Enables pppd to alter kernel settings as appropriate.  Under Linux,
 pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward


@@ -726,6 +764,9 @@ name to \fIname\fR.)
 Disable Address/Control compression in both directions (send and
 receive).
 .TP
 Disable Address/Control compression in both directions (send and
 receive).
 .TP

+.B need-peer-eap
+(EAP-TLS) Require the peer to verify our authentication credentials.
+.TP

 .B noauth
 Do not require the peer to authenticate itself.  This option is
 privileged.
 .B noauth
 Do not require the peer to authenticate itself.  This option is
 privileged.


@@ -1087,6 +1128,10 @@ When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym
 stored in ~/.ppp_pseudonym first as the identity, and save in this
 file any pseudonym offered by the peer during authentication.
 .TP
 stored in ~/.ppp_pseudonym first as the identity, and save in this
 file any pseudonym offered by the peer during authentication.
 .TP

+.B stop\-bits \fIn
+Set the number of stop bits for the serial port. Valid values are 1 or 2.
+The default value is 1.
+.TP

 .B sync
 Use synchronous HDLC serial encoding instead of asynchronous.
 The device used by pppd with this option must have sync support.
 .B sync
 Use synchronous HDLC serial encoding instead of asynchronous.
 The device used by pppd with this option must have sync support.


@@ -1159,7 +1204,7 @@ Use software flow control (i.e. XON/XOFF) to control the flow of data on
 the serial port.
 .SH PPPOE OPTIONS
 To establish PPP link over Ethernet (PPPoE) it is needed to load pppd's
 the serial port.
 .SH PPPOE OPTIONS
 To establish PPP link over Ethernet (PPPoE) it is needed to load pppd's

-\fBplugin rp-pppoe.so\fR and then specify option \fBnic-\fIinterface\fR
+\fBplugin pppoe.so\fR and then specify option \fBnic-\fIinterface\fR

 instead of modem options \fIttyname\fR and \fIspeed\fR.
 Recognized pppd's PPPoE options are:
 .TP
 instead of modem options \fIttyname\fR and \fIspeed\fR.
 Recognized pppd's PPPoE options are:
 .TP


@@ -1170,24 +1215,30 @@ by specifying ppp'd option \fBnic-eth0\fR. Prefix \fBnic-\fR for this
 option may be avoided if interface name is unambiguous and does not
 look like any other pppd's option.
 .TP
 option may be avoided if interface name is unambiguous and does not
 look like any other pppd's option.
 .TP

-.B rp_pppoe_service \fIname
-Connect to specified PPPoE service name.
+.B pppoe-service \fIname
+Connect to specified PPPoE service name. For backward compatibility also
+\fBrp_pppoe_service\fP option name is supported.

 .TP
 .TP

-.B rp_pppoe_ac \fIname
-Connect to specified PPPoE access concentrator name.
+.B pppoe-ac \fIname
+Connect to specified PPPoE access concentrator name. For backward
+compatibility also \fBrp_pppoe_ac\fP option name is supported.

 .TP
 .TP

-.B rp_pppoe_sess \fIsessid\fP:\fImacaddr
-Attach to existing PPPoE session.
+.B pppoe-sess \fIsessid\fP:\fImacaddr
+Attach to existing PPPoE session. For backward compatibility also
+\fBrp_pppoe_sess\fP option name is supported.

 .TP
 .TP

-.B rp_pppoe_verbose \fIn
-Be verbose about discovered access concentrators.
+.B pppoe-verbose \fIn
+Be verbose about discovered access concentrators. For backward
+compatibility also \fBrp_pppoe_verbose\fP option name is supported.

 .TP
 .B pppoe-mac \fImacaddr
 Connect to specified MAC address.
 .TP
 .TP
 .B pppoe-mac \fImacaddr
 Connect to specified MAC address.
 .TP

-.B host-uniq \fIstring
+.B pppoe-host-uniq \fIstring

 Set the PPPoE Host-Uniq tag to the supplied hex string.
 By default PPPoE Host-Uniq tag is set to the pppd's process PID.
 Set the PPPoE Host-Uniq tag to the supplied hex string.
 By default PPPoE Host-Uniq tag is set to the pppd's process PID.

+For backward compatibility this option may be specified without
+\fBpppoe-\fP prefix.

 .TP
 .B pppoe-padi-timeout \fIn
 Initial timeout for discovery packets in seconds (default 5).
 .TP
 .B pppoe-padi-timeout \fIn
 Initial timeout for discovery packets in seconds (default 5).


@@ -1715,6 +1766,9 @@ the connection.
 .B LINKNAME
 The logical name of the link, set with the \fIlinkname\fR option.
 .TP
 .B LINKNAME
 The logical name of the link, set with the \fIlinkname\fR option.
 .TP

+.B CALL_FILE
+The value of the \fIcall\fR option.
+.TP

 .B DNS1
 If the peer supplies DNS server addresses, this variable is set to the
 first DNS server address supplied (whether or not the usepeerdns
 .B DNS1
 If the peer supplies DNS server addresses, this variable is set to the
 first DNS server address supplied (whether or not the usepeerdns