The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection over a serial link. At present, this package
-supports IP and the protocols layered above IP, such as TCP and UDP.
-The Linux and Solaris ports of this package have optional support for
-IPV6; the Linux port of this package also has support for IPX.
+supports IP and IPV6 and the protocols layered above them, such as TCP
+and UDP. The Linux port of this package also has support for IPX.
-This software consists of two parts:
+This PPP implementation consists of two parts:
- Kernel code, which establishes a network interface and passes
packets between the serial port, the kernel networking code and the
for authentication, so you can control which other systems may make a
PPP connection and what IP addresses they may use.
-The primary platforms supported by this package are Linux and Solaris.
-Code for SunOS 4.x is included here but is largely untested. I have
-code for NeXTStep, FreeBSD, SVR4, Tru64 (Digital Unix), AIX and Ultrix
-but no active maintainers for these platforms. Code for all of these
-except AIX is included in the ppp-2.3.11 release.
+The platforms supported by this package are Linux and Solaris. I have
+code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX
+and Ultrix but no active maintainers for these platforms. Code for
+all of these except AIX is included in the ppp-2.3.11 release.
+
+The kernel code for Linux is no longer distributed with this package,
+since the relevant kernel code is in the official Linux kernel source
+(and has been for many years) and is included in all reasonably modern
+Linux distributions. The Linux kernel code supports using PPP over
+things other than serial ports, such as PPP over Ethernet and PPP over
+ATM.
Installation.
Solaris README.sol2
In each case you start by running the ./configure script. This works
-out which operating system you are using and creates symbolic links to
-the appropriate makefiles. You then run `make' to compile the
-user-level code, and (as root) `make install' to install the
-user-level programs pppd, chat and pppstats.
+out which operating system you are using and creates the appropriate
+makefiles. You then run `make' to compile the user-level code, and
+(as root) `make install' to install the user-level programs pppd, chat
+and pppstats.
N.B. Since 2.3.0, leaving the permitted IP addresses column of the
pap-secrets or chap-secrets file empty means that no addresses are
authenticating itself to you, of course.)
-What's new in ppp-2.4.2.
+What's new in ppp-2.4.9.
************************
+* Support for new EAP (Extensible Authentication Protocol) methods:
+ - Support for EAP-TLS, from Jan Just Keijser and others
+ - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
+ Van Buggenhout and others
+
+* New pppd options:
+ - chap-timeout
+ - chapms-strip-domain
+ - replacedefaultroute
+ - noreplacedefaultroute
+ - ipv6cp-accept-remote
+ - lcp-echo-adaptive
+ - ip-up-script
+ - ip-down-script
+ - ca
+ - capath
+ - cert
+ - key
+ - crl-dir
+ - crl
+ - max-tls-version
+ - need-peer-eap
+
+* Fixes for CVE-2020-8597 and CVE-2015-3310.
+
+* libpcap is now required when compiling on Linux (previously, if
+ libpcap was not present, pppd would be compiled without packet
+ filtering support).
+
+* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
+ from the upstream rp-pppoe code. Its options have changed names,
+ but the old names are kept as aliases.
+
+* The configure script now supports cross-compilation.
+
+* Many bug fixes and cleanups.
+
+
+What was new in ppp-2.4.8.
+**************************
+
+* New pppd options have been added:
+ - ifname, to set the name for the PPP interface device
+ - defaultroute-metric, to set the metric for the default route
+ - defaultroute6, to add an IPv6 default route (with nodefaultroute6
+ to prevent adding an IPv6 default route)
+ - up_sdnotify, to have pppd notify systemd when the link is up.
+
+* The rp-pppoe plugin has new options:
+ - host-uniq, to set the Host-Uniq value to send
+ - pppoe-padi-timeout, to set the timeout for discovery packets
+ - pppoe-padi-attempts, to set the number of discovery attempts.
+
+* Added the CLASS attribute in radius packets.
+
+* Sundry bug fixes.
+
+* Fixed warnings and issues found by static analysis.
+
+* Added Submitting-patches.md.
+
+
+What was new in ppp-2.4.7.
+**************************
+
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+ the peer's IP address, as some peers refuse to supply an IP address.
+ Since Linux supports device routes as well as gateway routes, it's
+ possible to have no remote IP address assigned to the ppp interface
+ and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+ sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+ PPP channel code in the Linux kernel. This allows pppd to be used
+ to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+ accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
+ page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+ existing pppd option name) without putting "nic-" on the front of
+ it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
V1 and V2 authentication, both as server and client. The new CHAP
code is cleaner than the old code and avoids some copyright problems
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
-BSD-Compress is also patent-encumbered (its inclusion in this package
-can be considered a historical anomaly :-) but it doesn't ever expand
-packets. Neither does Deflate, which uses the same algorithm as gzip.
-
-
-Patents.
-********
-
-The BSD-Compress algorithm used for packet compression is the same as
-that used in the Unix "compress" command. It is apparently covered by
-U.S. patents 4,814,746 (owned by IBM) and 4,558,302 (owned by Unisys),
-and corresponding patents in various other countries (but not
-Australia). If this is of concern, you can build the package without
-including BSD-Compress. To do this, edit net/ppp-comp.h to change the
-definition of DO_BSD_COMPRESS to 0. The bsd-comp.c files are then no
-longer needed, so the references to bsd-comp.o may optionally be
-removed from the Makefiles.
+BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
+ever expand packets.
Contacts.
***********
All of the code can be freely used and redistributed. The individual
-source files each have their own copyright and permission notice; some
-have a BSD-style notice and some are under the GPL.
+source files each have their own copyright and permission notice.
+Pppd, pppstats and pppdump are under BSD-style notices. Some of the
+pppd plugins are GPL'd. Chat is public domain.
Distribution:
ftp://ftp.samba.org/pub/ppp/
-($Id: README,v 1.30 2003/11/27 21:32:03 paulus Exp $)
projects / ppp.git / blobdiff