X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fpppd.8;h=846b862fcd7fd619e124a523cdfd962b47027945;hb=431469a02ce74e5fe4b9943e86b9bfc272882fcb;hp=f8c6fb9186066c7a06f2fa1d3ccb95bd8fb1d06f;hpb=9463ee80e45bc2b75969826e1c616ca6a619b49b;p=ppp.git diff --git a/pppd/pppd.8 b/pppd/pppd.8 index f8c6fb9..846b862 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -260,6 +260,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP +.B ca \fIca-file +(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority +(CA) file (in PEM format), needed for setting up an EAP-TLS connection. +This option is used on the client-side in conjunction with the \fBcert\fR +and \fBkey\fR options. +.TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control the flow of data on the serial port. If neither the \fIcrtscts\fR, @@ -271,6 +277,12 @@ RTS output. Such serial ports use this mode to implement true bi-directional flow control. The sacrifice is that this flow control mode does not permit using DTR as a modem control line. .TP +.B cert \fIcertfile +(EAP-TLS) Use the file \fIcertfile\fR as the X.509 certificate (in PEM +format), needed for setting up an EAP-TLS connection. This option is +used on the client-side in conjunction with the \fBca\fR and +\fBkey\fR options. +.TP .B chap\-interval \fIn If this option is given, pppd will rechallenge the peer every \fIn\fR seconds. @@ -283,6 +295,9 @@ Set the maximum number of CHAP challenge transmissions to \fIn\fR Set the CHAP restart interval (retransmission timeout for challenges) to \fIn\fR seconds (default 3). .TP +.B chap-timeout \fIn +Set timeout for CHAP authentication by peer to \fIn\fR seconds (default 60). +.TP .B child\-timeout \fIn When exiting, wait for up to \fIn\fR seconds for any child processes (such as the command specified with the \fBpty\fR command) to exit @@ -299,6 +314,18 @@ negotiation by sending its first LCP packet. The default value is 1000 (1 second). This wait period only applies if the \fBconnect\fR or \fBpty\fR option is used. .TP +.B crl \fIfilename +(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List +to check for the validity of the peer's certificate. This option is not +mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR +option. +.TP +.B crl-dir \fIdirectory +(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in +has format ($hash.r0) to check for the validity of the peer's certificate. +This option is not mandatory for setting up an EAP-TLS connection. +Also see the \fBcrl\fR option. +.TP .B debug Enables connection debugging facilities. If this option is given, pppd will log the contents of all @@ -470,6 +497,11 @@ With this option, pppd will accept the peer's idea of our local IPv6 interface identifier, even if the local IPv6 interface identifier was specified in an option. .TP +.B ipv6cp\-accept\-remote +With this option, pppd will accept the peer's idea of its (remote) +IPv6 interface identifier, even if the remote IPv6 interface +identifier was specified in an option. +.TP .B ipv6cp\-max\-configure \fIn Set the maximum number of IPv6CP configure-request transmissions to \fIn\fR (default 10). @@ -563,6 +595,12 @@ transmitted packets be printed. On most systems, messages printed by the kernel are logged by syslog(1) to a file as directed in the /etc/syslog.conf configuration file. .TP +.B key \fIkeyfile +(EAP-TLS) Use the file \fIkeyfile\fR as the private key file (in PEM +format), needed for setting up an EAP-TLS connection. This option is +used on the client-side in conjunction with the \fBca\fR and +\fBcert\fR options. +.TP .B ktune Enables pppd to alter kernel settings as appropriate. Under Linux, pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward @@ -726,6 +764,9 @@ name to \fIname\fR.) Disable Address/Control compression in both directions (send and receive). .TP +.B need-peer-eap +(EAP-TLS) Require the peer to verify our authentication credentials. +.TP .B noauth Do not require the peer to authenticate itself. This option is privileged. @@ -1087,6 +1128,10 @@ When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym stored in ~/.ppp_pseudonym first as the identity, and save in this file any pseudonym offered by the peer during authentication. .TP +.B stop\-bits \fIn +Set the number of stop bits for the serial port. Valid values are 1 or 2. +The default value is 1. +.TP .B sync Use synchronous HDLC serial encoding instead of asynchronous. The device used by pppd with this option must have sync support.