.\" manual page [] for pppd 2.3
-.\" $Id: pppd.8,v 1.46 1999/08/24 05:31:10 paulus Exp $
+.\" $Id: pppd.8,v 1.50 1999/11/20 05:11:47 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
IPv6 addresses (e.g. ::dead:beef). If the
\fIipv6cp-use-ipaddr\fR
option is given, the local identifier is the local IPv4 address (see above).
-Otherwise the identifier is randomized.
+On systems which supports a unique persistent id, such as EUI-48 derived
+from the Ethernet MAC address, \fIipv6cp-use-persistent\fR option can be
+used to replace the \fIipv6 <local>,<remote>\fR option. Otherwise the
+identifier is randomized.
.TP
.B active-filter \fIfilter-expression
Specifies a packet filter to be applied to data packets to determine
is currently only available under NetBSD, and then only
if both the kernel and pppd were compiled with PPP_FILTER defined.
.TP
+.B allow-ip \fIaddress(es)
+Allow peers to use the given IP address or subnet without
+authenticating themselves. The parameter is parsed as for each
+element of the list of allowed IP addresses in the secrets files (see
+the AUTHENTICATION section below).
+.TP
.B bsdcomp \fInr,nt
Request that the peer compress packets that it sends, using the
BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and
.TP
.B hide-password
When logging the contents of PAP packets, this option causes pppd to
-exclude the password string from the log.
+exclude the password string from the log. This is the default.
.TP
.B holdoff \fIn
Specifies how many seconds to wait before re-initiating the link after
the kernel are logged by syslog(1) to a file as directed in the
/etc/syslog.conf configuration file.
.TP
+.B ktune
+Enables pppd to alter kernel settings as appropriate. Under Linux,
+pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
+to 1) if the \fIproxyarp\fR option is used, and will enable the
+dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to
+1) in demand mode if the local address changes.
+.TP
.B lcp-echo-failure \fIn
If this option is given, pppd will presume the peer to be dead
if \fIn\fR LCP echo-requests are sent without receiving a valid LCP
required if the peer is buggy and gets confused by requests from pppd
for IPXCP negotiation.
.TP
+.B noktune
+Opposite of the \fIktune\fR option; disables pppd from changing system
+settings.
+.TP
.B nolog
Do not send log messages to a file or file descriptor. This option
cancels the \fBlogfd\fR and \fBlogfile\fR options.
Do not exit after a connection is terminated; instead try to reopen
the connection.
.TP
+.B plugin \fIfilename
+Load the shared library object file \fIfilename\fR as a plugin. This
+is a privileged option.
+.TP
.B predictor1
Request that the peer compress frames that it sends using Predictor-1
compression, and agree to compress transmitted frames with Predictor-1
pseudo-tty master/slave pair and use the slave as its terminal
device. The \fIscript\fR will be run in a child process with the
pseudo-tty master as its standard input and output. An explicit
-device name may not be given if this option is used.
+device name may not be given if this option is used. (Note: if the
+\fIrecord\fR option is used in conjuction with the \fIpty\fR option,
+the child process will have pipes on its standard input and output.)
.TP
.B receive-all
With this option, pppd will accept all control characters from the
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
.TP
+.B show-password
+When logging the contents of PAP packets, this option causes pppd to
+show the password string in the log message.
+.TP
.B silent
With this option, pppd will not transmit LCP packets to initiate a
connection until a valid LCP packet is received from the peer (as for
.B usepeerdns
Ask the peer for up to 2 DNS server addresses. The addresses supplied
by the peer (if any) are passed to the /etc/ppp/ip-up script in the
-environment variables DNS1 and DNS2.
+environment variables DNS1 and DNS2. In addition, pppd will create an
+/etc/ppp/resolv.conf file containing one or two nameserver lines with
+the address(es) supplied by the peer.
.TP
.B user \fIname
Sets the name used for authenticating the local system to the peer to
A secrets file is parsed into words as for a options file, so the
client name, server name and secrets fields must each be one word,
with any embedded spaces or other special characters quoted or
-escaped. Any following words on the same line are taken to be a list
-of acceptable IP addresses for that client. If there are only 3 words
-on the line, or if the first word is "-", then all IP addresses are
-disallowed. To allow any address, use "*".
-A word starting with "!" indicates that the
-specified address is \fInot\fR acceptable. An address may be followed
-by "/" and a number \fIn\fR, to indicate a whole subnet, i.e. all
-addresses which have the same value in the most significant \fIn\fR
-bits. Note that case is significant in the client and server names
+escaped. Note that case is significant in the client and server names
and in the secret.
.LP
If the secret starts with an `@', what follows is assumed to be the
server name matches any name. When selecting a secret, pppd takes the
best match, i.e. the match with the fewest wildcards.
.LP
+Any following words on the same line are taken to be a list of
+acceptable IP addresses for that client. If there are only 3 words on
+the line, or if the first word is "-", then all IP addresses are
+disallowed. To allow any address, use "*". A word starting with "!"
+indicates that the specified address is \fInot\fR acceptable. An
+address may be followed by "/" and a number \fIn\fR, to indicate a
+whole subnet, i.e. all addresses which have the same value in the most
+significant \fIn\fR bits. In this form, the address may be followed
+by a plus sign ("+") to indicate that one address from the subnet is
+authorized, based on the ppp network interface unit number in use.
+In this case, the host part of the address will be set to the unit
+number plus one.
+.LP
Thus a secrets file contains both secrets for use in authenticating
other hosts, plus secrets which we use for authenticating ourselves to
others. When pppd is authenticating the peer (checking the peer's