X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fpppd.8;h=f70e05389c29ff89ae0635d8d8d80c66bdbfb997;hb=1e79371ec6feb288d4f72b1380332009cfa3dc0f;hp=f5597f6a6593db0ee00aeed7150ed725a0fc5e8e;hpb=e8cd41673651e35447020bf9d98c5d6d4acd9212;p=ppp.git diff --git a/pppd/pppd.8 b/pppd/pppd.8 index f5597f6..f70e053 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -55,8 +55,8 @@ non-privileged user. .I speed An option that is a decimal number is taken as the desired baud rate for the serial device. On systems such as -4.4BSD and NetBSD, any speed can be specified. Other systems -(e.g. Linux, SunOS) only support the commonly-used baud rates. +Linux, 4.4BSD and NetBSD, any speed can be specified. Other systems +(e.g. SunOS) only support the commonly-used baud rates. .TP .B asyncmap \fImap This option sets the Async-Control-Character-Map (ACCM) for this end @@ -127,12 +127,6 @@ is no other default route with the same metric. With the default value of -1, the route is only added if there is no default route at all. .TP -.B defaultroute6 -Add a default IPv6 route to the system routing tables, using the peer as -the gateway, when IPv6CP negotiation is successfully completed. -This entry is removed when the PPP connection is broken. This option -is privileged if the \fInodefaultroute6\fR option has been specified. -.TP .B replacedefaultroute This option is a flag to the defaultroute option. If defaultroute is set and this flag is also set, pppd replaces an existing default route @@ -266,10 +260,16 @@ compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP .B ca \fIca-file -(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority +(EAP-TLS, or PEAP) Use the file \fIca-file\fR as the X.509 Certificate Authority (CA) file (in PEM format), needed for setting up an EAP-TLS connection. This option is used on the client-side in conjunction with the \fBcert\fR -and \fBkey\fR options. +and \fBkey\fR options. Either \fIca\fR, or \fIcapath\fR options are required +for PEAP. EAP-TLS may also use the entry in eaptls-client or eaptls-server +for a CA certificate associated with a particular peer. +.TP +.B capath \fIpath +(EAP-TLS, or PEAP) Specify a location that contains public CA certificates. +Either \fIca\fR, or \fIcapath\fR options are required for PEAP. .TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control @@ -326,15 +326,15 @@ negotiation by sending its first LCP packet. The default value is or \fBpty\fR option is used. .TP .B crl \fIfilename -(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List +(EAP-TLS, or PEAP) Use the file \fIfilename\fR as the Certificate Revocation List to check for the validity of the peer's certificate. This option is not -mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR +mandatory for setting up a TLS connection. Also see the \fBcrl-dir\fR option. .TP .B crl-dir \fIdirectory -(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in +(EAP-TLS, or PEAP) Use the directory \fIdirectory\fR to scan for CRL files in has format ($hash.r0) to check for the validity of the peer's certificate. -This option is not mandatory for setting up an EAP-TLS connection. +This option is not mandatory for setting up a TLS connection. Also see the \fBcrl\fR option. .TP .B debug @@ -354,6 +354,17 @@ Disable MRU [Maximum Receive Unit] negotiation. With this option, pppd will use the default MRU value of 1500 bytes for both the transmit and receive direction. .TP +.B defaultroute6 +Add a default IPv6 route to the system routing tables, using the peer as +the gateway, when IPv6CP negotiation is successfully completed. +This entry is removed when the PPP connection is broken. This option +is privileged if the \fInodefaultroute6\fR option has been specified. +\fBWARNING: Do not enable this option by default\fR. IPv6 routing tables +are managed by kernel (as apposite to IPv4) and IPv6 default route is +configured by kernel automatically too based on ICMPv6 Router Advertisement +packets. This option may conflict with kernel IPv6 route setup and should +be used only for broken IPv6 networks. +.TP .B deflate \fInr,nt Request that the peer compress packets that it sends, using the Deflate scheme, with a maximum window size of \fI2**nr\fR bytes, and @@ -525,6 +536,19 @@ With this option, pppd will accept the peer's idea of its (remote) IPv6 interface identifier, even if the remote IPv6 interface identifier was specified in an option. .TP +.B ipv6cp\-noremote +Allow pppd to operate without having an IPv6 link local address for the peer. +This option is only available under Linux. Normally, pppd will request the +peer's IPv6 interface identifier (used for composing IPv6 link local address), +and if the peer does not supply it, pppd will generate one for the peer. +With this option, if the peer does not supply its IPv6 interface identifier, +pppd will not ask the peer for it, and will not set the destination IPv6 +link local address of the ppp interface. In this situation, the ppp interface +can be used for routing by creating device routes, but the peer itself cannot +be addressed directly for IPv6 traffic until the peer starts announcing ICMPv6 +Router Advertisement or ICMPv6 Neighbor Advertisement packets. Note that IPv6 +router must announce ICMPv6 Router Advertisement packets. +.TP .B ipv6cp\-max\-configure \fIn Set the maximum number of IPv6CP configure-request transmissions to \fIn\fR (default 10). @@ -719,6 +743,11 @@ network control protocol comes up). Terminate after \fIn\fR consecutive failed connection attempts. A value of 0 means no limit. The default value is 10. .TP +.B max-tls-version \fIstring +(EAP-TLS, or PEAP) Configures the max allowed TLS version used during +negotiation with a peer. The default value for this is \fI1.2\fR. Values +allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR. +.TP .B modem Use the modem control lines. This option is the default. With this option, pppd will wait for the CD (Carrier Detect) signal from the @@ -1168,6 +1197,16 @@ The device used by pppd with this option must have sync support. Currently supports Microgate SyncLink adapters under Linux and FreeBSD 2.2.8 and later. .TP +.B tls-verify-method \fIstring +(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that +of the X509 certificates subject name, common name, or suffix of the common +name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR, +\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR. +.TP +.B tls-verify-key-usage +(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and +extended key usage attributes. +.TP .B unit \fInum Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound connections. If the unit is already in use a dynamically allocated number will @@ -1214,6 +1253,16 @@ USEPEERDNS will be set to 1. In addition, pppd will create an /etc/ppp/resolv.conf file containing one or two nameserver lines with the address(es) supplied by the peer. .TP +.B usepeerwins +Ask the peer for up to 2 WINS server addresses. The addresses supplied +by the peer (if any) are passed to the /etc/ppp/ip\-up script in the +environment variables WINS1 and WINS2, and the environment variable +USEPEERWINS will be set to 1. +.LP +Please note that some modems (like the Huawei E220) requires this option in +order to avoid a race condition that results in the incorrect DNS servers +being assigned. +.TP .B user \fIname Sets the name used for authenticating the local system to the peer to \fIname\fR. @@ -1258,8 +1307,9 @@ Attach to existing PPPoE session. For backward compatibility also \fBrp_pppoe_sess\fP option name is supported. .TP .B pppoe-verbose \fIn -Be verbose about discovered access concentrators. For backward -compatibility also \fBrp_pppoe_verbose\fP option name is supported. +Be verbose about discovered access concentrators. When set to 2 or bigger +value then dump also discovery packets. For backward compatibility also +\fBrp_pppoe_verbose\fP option name is supported. .TP .B pppoe-mac \fImacaddr Connect to specified MAC address. @@ -1765,6 +1815,14 @@ IPCP has come up. The IP address for the remote end of the link. This is only set when IPCP has come up. .TP +.B LLLOCAL +The Link-Local IPv6 address for the local end of the link. This is only +set when IPV6CP has come up. +.TP +.B LLREMOTE +The Link-Local IPv6 address for the remote end of the link. This is only +set when IPV6CP has come up. +.TP .B PEERNAME The authenticated name of the peer. This is only set if the peer authenticates itself. @@ -1808,6 +1866,15 @@ option was given). If the peer supplies DNS server addresses, this variable is set to the second DNS server address supplied (whether or not the usepeerdns option was given). +.TP +.B WINS1 +If the peer supplies WINS server addresses, this variable is set to the +first WINS server address supplied. +.TP +.B WINS2 +If the peer supplies WINS server addresses, this variable is set to the +second WINS server address supplied. +.P .P Pppd invokes the following scripts, if they exist. It is not an error if they don't exist.