.\" manual page [] for pppd 2.0
-.\" $Id: pppd.8,v 1.6 1994/05/30 06:13:46 paulus Exp $
+.\" $Id: pppd.8,v 1.20 1996/07/03 06:48:29 paulus Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.SH SYNOPSIS
.B pppd
[
-.I options
-] [
.I tty_name
] [
.I speed
+] [
+.I options
]
.SH DESCRIPTION
.LP
.SH FREQUENTLY USED OPTIONS
.TP
.I <tty_name>
-Communicate over the named device. The string "/dev/"
-is prepended if necessary. If no device name is given,
+Communicate over the named device. The string "/dev/" is prepended if
+necessary. If no device name is given, or if the name of the terminal
+connected to the standard input is given,
.I pppd
-will use the controlling terminal, and will not fork to put itself in
-the background.
+will use that terminal, and will not fork to put itself in the
+background.
.TP
.I <speed>
-Set the baud rate to <speed>. On systems such as 4.4BSD and NetBSD,
-any speed can be specified. Other systems (e.g. SunOS) allow only a
-limited set of speeds.
+Set the baud rate to <speed> (a decimal number). On systems such as
+4.4BSD and NetBSD, any speed can be specified. Other systems
+(e.g. SunOS) allow only a limited set of speeds.
.TP
.B asyncmap \fI<map>
Set the async character map to <map>.
If multiple \fBasyncmap\fR options are
given, the values are ORed together.
If no \fBasyncmap\fR option is given, no async character map will be
-negotiated for the receive direction; the peer will then escape
+negotiated for the receive direction; the peer should then escape
\fIall\fR control characters.
.TP
.B auth
.TP
.B connect \fI<p>
Use the executable or shell command specified by \fI<p>\fR to set up the
-serial line. This script would typically use the "chat" program to
+serial line. This script would typically use the chat(8) program to
dial the modem and start the remote ppp session.
.TP
.B crtscts
-Use hardware flow control (i.e. RTS/CTS) to control the flow of data on
-the serial port.
-.TP
-.B xonxoff
-Use software flow control (i.e. XON/XOFF) to control the flow of data on
-the serial port. This option is not implemented on BSD or Ultrix systems
-at present.
-.TP
-.B -crtscts
-A synonym for \fBxonxoff\fR.
+Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+on the serial port. If neither the \fBcrtscts\fR nor the
+\fB\-crtscts\fR option is given, the hardware flow control setting for
+the serial port is left unchanged.
.TP
.B defaultroute
Add a default route to the system routing tables, using the peer as
Read options from file <f> (the format is described below).
.TP
.B lock
-Specifies that \fIpppd\fR should use a UUCP-style lock on the serial
-device to ensure exclusive access to the device.
+Specifies that \fIpppd\fR should create a UUCP-style lock file for the
+serial device to ensure exclusive access to the device.
.TP
.B mru \fI<n>
Set the MRU [Maximum Receive Unit] value to <n> for negotiation.
.I pppd
-will ask the peer to send packets of no more than <n> bytes.
-The minimum MRU value is 128.
-The default MRU value is 1500. A value of 296 is recommended for slow
-links (40 bytes for TCP/IP header + 256 bytes of data).
+will ask the peer to send packets of no more than <n> bytes. The
+minimum MRU value is 128. The default MRU value is 1500. A value of
+296 is recommended for slow links (40 bytes for TCP/IP header + 256
+bytes of data).
.TP
-.B netmask \fI<n>
-Set the interface netmask to <n>, a 32 bit netmask in "decimal dot" notation
-(e.g. 255.255.255.0).
+.B mtu \fI<n>
+Set the MTU [Maximum Transmit Unit] value to \fI<n>\fR. Unless the
+peer requests a smaller value via MRU negotiation, \fIpppd\fR will
+request that the kernel networking code send data packets of no more
+than \fIn\fR bytes through the PPP network interface.
.TP
.B passive
Enables the "passive" option in the LCP. With this option,
will attempt to initiate a connection; if no reply is received from
the peer,
.I pppd
-will then just wait passively for a valid LCP packet from the peer
-(instead of exiting, as it does without this option).
-.TP
-.B silent
-With this option,
-.I pppd
-will not transmit LCP packets to initiate a connection until a valid
-LCP packet is received from the peer (as for the "passive" option with
-old versions of \fIpppd\fR).
+will then just wait passively for a valid LCP packet from the peer,
+instead of exiting, as it would without this option.
.SH OPTIONS
.TP
.I <local_IP_address>\fB:\fI<remote_IP_address>
.B noipdefault
option is given). The remote address will be obtained from the peer
if not specified in any option. Thus, in simple cases, this option is
-not required.
-If a local and/or remote IP address is specified with this option,
+not required. If a local and/or remote IP address is specified with
+this option,
.I pppd
will not accept a different value from the peer in the IPCP
negotiation, unless the
.B ipcp-accept-remote
options are given, respectively.
.TP
-.B -all
-Don't request or allow negotiation of any options for LCP and IPCP (use
-default values).
-.TP
-.B -ac
-Disable Address/Control compression negotiation (use default, i.e.
-address/control field disabled).
-.TP
-.B -am
-Disable asyncmap negotiation (use the default asyncmap, i.e. escape
-all control characters).
-.TP
-.B -as \fI<n>
-Same as
-.B asyncmap \fI<n>
-.TP
-.B -d
-Increase debugging level (same as the \fBdebug\fR option).
-.TP
-.B -detach
-Don't fork to become a background process (otherwise
-.I pppd
-will do so if a serial device is specified).
-.TP
-.B -ip
-Disable IP address negotiation (with this option, the remote IP
-address must be specified with an option on the command line or in an
-options file).
+.B bsdcomp \fInr,nt
+Request that the peer compress packets that it sends, using the
+BSD-Compress scheme, with a maximum code size of \fInr\fR bits, and
+agree to compress packets sent to the peer with a maximum code size of
+\fInt\fR bits. If \fInt\fR is not specified, it defaults to the value
+given for \fInr\fR. Values in the range 9 to 15 may be used for
+\fInr\fR and \fInt\fR; larger values give better compression but
+consume more kernel memory for compression dictionaries.
+Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
+compression in the corresponding direction.
.TP
-.B -mn
-Disable magic number negotiation. With this option,
+.B chap-interval \fI<n>
+If this option is given,
.I pppd
-cannot detect a looped-back line.
-.TP
-.B -mru
-Disable MRU [Maximum Receive Unit] negotiation (use default, i.e. 1500).
-.TP
-.B -p
-Same as the
-.B passive
-option.
-.TP
-.B -pc
-Disable protocol field compression negotiation (use default, i.e.
-protocol field compression disabled).
-.TP
-.B +ua \fI<p>
-Agree to authenticate using PAP [Password Authentication Protocol] if
-requested by the peer, and
-use the data in file <p> for the user and password to send to the
-peer. The file contains the remote user name, followed by a newline,
-followed by the remote password, followed by a newline. This option
-is obsolescent.
-.TP
-.B +pap
-Require the peer to authenticate itself using PAP.
-.TP
-.B -pap
-Don't agree to authenticate using PAP.
-.TP
-.B +chap
-Require the peer to authenticate itself using CHAP [Cryptographic
-Handshake Authentication Protocol] authentication.
+will rechallenge the peer every <n> seconds.
.TP
-.B -chap
-Don't agree to authenticate using CHAP.
+.B chap-max-challenge \fI<n>
+Set the maximum number of CHAP challenge transmissions to <n> (default
+10).
.TP
-.B -vj
-Disable negotiation of Van Jacobson style IP header compression (use
-default, i.e. no compression).
+.B chap-restart \fI<n>
+Set the CHAP restart interval (retransmission timeout for challenges)
+to <n> seconds (default 3).
.TP
.B debug
-Increase debugging level (same as \fB\-d\fR).
-If this
-option is given, \fIpppd\fR will log the contents of all control
-packets sent or received in a readable form. The packets are logged
-through syslog with facility \fIdaemon\fR and level \fIdebug\fR. This
-information can be directed to a file by setting up /etc/syslog.conf
-appropriately (see syslog.conf(5)).
+Increase debugging level.
+If this option is given, \fIpppd\fR will log the contents of all
+control packets sent or received in a readable form. The packets are
+logged through syslog with facility \fIdaemon\fR and level
+\fIdebug\fR. This information can be directed to a file by setting up
+/etc/syslog.conf appropriately (see syslog.conf(5)).
+.TP
+.B default-asyncmap
+Disable asyncmap negotiation, forcing all control characters to be
+escaped for both the transmit and the receive direction.
+.TP
+.B default-mru
+Disable MRU [Maximum Receive Unit] negotiation. With this option,
+\fIpppd\fR will use the default MRU value of 1500 bytes for both the
+transmit and receive direction.
+.TP
+.B deflate \fInr,nt
+Request that the peer compress packets that it sends, using the
+Deflate scheme, with a maximum window size of \fI2**nr\fR bytes, and
+agree to compress packets sent to the peer with a maximum window size of
+\fI2**nt\fR bytes. If \fInt\fR is not specified, it defaults to the value
+given for \fInr\fR. Values in the range 8 to 15 may be used for
+\fInr\fR and \fInt\fR; larger values give better compression but
+consume more kernel memory for compression dictionaries.
+Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
+compression in the corresponding direction. (Note: \fBpppd\fR
+requests Deflate compression in preference to BSD-Compress
+if the peer can do either.)
+.TP
+.B demand
+Initiate the link only on demand, i.e. when data traffic is present.
+With this option, the remote IP address must be specific by the user
+on the command line or in an options file. \fBpppd\fR will initially
+configure the interface and enable it for IP traffic without
+connecting to the peer. When traffic is available, \fBpppd\fR will
+connect to the peer and perform negotiation, authentication, etc.
+When this is completed, \fBpppd\fR will commence passing data packets
+(i.e., IP packets) across the link. The persist, idle and holdoff
+options are often useful in conjuction with this option. (Note that
+this option does \fInot\fR imply the persist option.)
.TP
.B domain \fI<d>
Append the domain name <d> to the local host name for authentication
fully qualified domain name is porsche.Quotron.COM, you would use the
domain option to set the domain name to Quotron.COM.
.TP
-.B modem
-Use the modem control lines. On Ultrix, this option implies hardware
-flow control, as for the \fBcrtscts\fR option. (This option is not fully
-implemented.)
-.TP
-.B kdebug \fIn
-Enable debugging code in the kernel-level PPP driver. The argument
-\fIn\fR is a number which is the sum of the following values: 1 to
-enable general debug messages, 2 to request that the contents of
-received packets be printed, and 4 to request that the contents of
-transmitted packets be printed.
+.B holdoff \fI<n>
+Specifies how many seconds to wait before re-initiating the link after
+it terminates. This option only has effect if the persist option is
+used.
.TP
-.B local
-Don't use the modem control lines.
+.B idle \fI<n>
+Specifies that \fBpppd\fR should disconnect if it is idle for
+\fI<n>\fR seconds. The link is idle when no data packets (i.e. IP
+packets) are being sent or received. If the \fBactive-filter\fR
+option is given, data packets which are rejected by the specified
+activity filter also count as the link being idle.
.TP
-.B mtu \fI<n>
-Set the MTU [Maximum Transmit Unit] value to \fI<n>\fR. Unless the
-peer requests a smaller value via MRU negotiation, \fIpppd\fR will
-request that the kernel networking code send data packets of no more
-than \fIn\fR bytes through the PPP network interface.
+.B ipx
+Enable the IPXCP and IPX protocols. Under Linux, this is the default
+condition if your kernel supports IPX. This option is presently only
+supported under Linux.
.TP
-.B name \fI<n>
-Set the name of the local system for authentication purposes to <n>.
+.B ipcp-accept-local
+With this option,
+.I pppd
+will accept the peer's idea of our local IP address, even if the
+local IP address was specified in an option.
.TP
-.B user \fI<u>
-Set the user name to use for authenticating this machine with the peer
-using PAP to <u>.
+.B ipcp-accept-remote
+With this option,
+.I pppd
+will accept the peer's idea of its (remote) IP address, even if the
+remote IP address was specified in an option.
.TP
-.B usehostname
-Enforce the use of the hostname as the name of the local system for
-authentication purposes (overrides the
-.B name
-option).
+.B ipcp-max-configure \fI<n>
+Set the maximum number of IPCP configure-request transmissions to <n>
+(default 10).
.TP
-.B remotename \fI<n>
-Set the assumed name of the remote system for authentication purposes
-to <n>.
+.B ipcp-max-failure \fI<n>
+Set the maximum number of IPCP configure-NAKs returned before starting
+to send configure-Rejects instead to <n> (default 10).
.TP
-.B proxyarp
-Add an entry to this system's ARP [Address Resolution Protocol] table
-with the IP address of the peer and the Ethernet address of this
-system.
+.B ipcp-max-terminate \fI<n>
+Set the maximum number of IPCP terminate-request transmissions to <n>
+(default 3).
.TP
-.B login
-Use the system password database for authenticating the peer using
-PAP.
+.B ipcp-restart \fI<n>
+Set the IPCP restart interval (retransmission timeout) to <n> seconds
+(default 3).
.TP
-.B noipdefault
-Disables the default behaviour when no local IP address is specified,
-which is to determine (if possible) the local IP address from the
-hostname. With this option, the peer will have to supply the local IP
-address during IPCP negotiation (unless it specified explicitly on the
-command line or in an options file).
+.B ipparam \fIstring
+Provides an extra parameter to the ip-up and ip-down scripts. If this
+option is given, the \fIstring\fR supplied is given as the 6th
+parameter to those scripts.
+.TP
+.B ipx-network \fI<n>
+Set the IPX network number in the IPXCP configure request frame to
+<n>. There is no valid default. If this option is not specified then
+the network number is obtained from the peer. If the peer does not
+have the network number, the IPX protocol will not be started. This is
+a hexadecimal number and is entered without any leading sequence such
+as 0x. It is related to the \fIipxcp-accept-network\fR option.
+.TP
+.B ipx-node \fI<n>:<m>
+Set the IPX node numbers. The two node numbers are separated from each
+other with a colon character. The first number <n> is the local node
+number. The second number <m> is the peer's node number. Each node number
+is a hexadecimal number, to the maximum of ten significant digits. The
+node numbers on the ipx-network must be unique. There is no valid
+default. If this option is not specified then the node number is
+obtained from the peer. This option is a related to the
+\fIipxcp-accept-local\fR and \fIipxcp-accept-remote\fR options.
+.TP
+.B ipx-router-name \fI<string>
+Set the name of the router. This is a string and is sent to the peer
+as information data.
+.TP
+.B ipx-routing \fI<n>
+Set the routing protocol to be received by this option. More than one
+instance of \fIipx-routing\fR may be specified. The '\fInone\fR'
+option (0) may be specified as the only instance of ipx-routing. The
+values may be \fI0\fR for \fINONE\fR, \fI2\fR for \fIRIP/SAP\fR, and
+\fI4\fR for \fINLSP\fR.
+.TP
+.B ipxcp-accept-local
+Accept the peer's NAK for the node number specified in the ipx-node
+option. If a node number was specified, and non-zero, the default is
+to insist that the value be used. If you include this option then you
+will permit the peer to override the entry of the node number.
+.TP
+.B ipxcp-accept-network
+Accept the peer's NAK for the network number specified in the
+ipx-network option. If a network number was specified, and non-zero, the
+default is to insist that the value be used. If you include this
+option then you will permit the peer to override the entry of the node
+number.
+.TP
+.B ipxcp-accept-remote
+Use the peer's network number specified in the configure request
+frame. If a node number was specified for the peer and this option was
+not specified, the peer will be forced to use the value which you have
+specified.
+.TP
+.B ipxcp-max-configure \fI<n>
+Set the maximum number of IPXCP configure request frames which the
+system will send to <n>. The default is 10.
+.TP
+.B ipxcp-max-failure \fI<n>
+Set the maximum number of IPXCP NAK frames which the local system will
+send before it rejects the options. The default value is 3.
+.TP
+.B ipxcp-max-terminate \fI<n>
+Set the maximum nuber of IPXCP terminate request frames before the
+local system considers that the peer is not listening to them. The
+default value is 3.
.TP
-.B lcp-echo-interval \fI<n>
-If this option is given, \fIpppd\fR will send an LCP echo-request
-frame to the peer every \fIn\fR seconds. Under Linux, the
-echo-request is sent when no packets have been received from the peer
-for \fIn\fR seconds. Normally the peer should respond to the
-echo-request by sending an echo-reply. This option can be used with
-the \fIlcp-echo-failure\fR option to detect that the peer is no longer
-connected.
+.B kdebug \fIn
+Enable debugging code in the kernel-level PPP driver. The argument
+\fIn\fR is a number which is the sum of the following values: 1 to
+enable general debug messages, 2 to request that the contents of
+received packets be printed, and 4 to request that the contents of
+transmitted packets be printed.
.TP
.B lcp-echo-failure \fI<n>
If this option is given, \fIpppd\fR will presume the peer to be dead
(e.g., the modem has hung up) in situations where no hardware modem
control lines are available.
.TP
-.B lcp-restart \fI<n>
-Set the LCP restart interval (retransmission timeout) to <n> seconds
-(default 3).
-.TP
-.B lcp-max-terminate \fI<n>
-Set the maximum number of LCP terminate-request transmissions to <n>
-(default 3).
+.B lcp-echo-interval \fI<n>
+If this option is given, \fIpppd\fR will send an LCP echo-request
+frame to the peer every \fIn\fR seconds. Under Linux, the
+echo-request is sent when no packets have been received from the peer
+for \fIn\fR seconds. Normally the peer should respond to the
+echo-request by sending an echo-reply. This option can be used with
+the \fIlcp-echo-failure\fR option to detect that the peer is no longer
+connected.
.TP
.B lcp-max-configure \fI<n>
Set the maximum number of LCP configure-request transmissions to <n>
Set the maximum number of LCP configure-NAKs returned before starting
to send configure-Rejects instead to <n> (default 10).
.TP
-.B ipcp-restart \fI<n>
-Set the IPCP restart interval (retransmission timeout) to <n> seconds
+.B lcp-max-terminate \fI<n>
+Set the maximum number of LCP terminate-request transmissions to <n>
(default 3).
.TP
-.B ipcp-max-terminate \fI<n>
-Set the maximum number of IPCP terminate-request transmissions to <n>
+.B lcp-restart \fI<n>
+Set the LCP restart interval (retransmission timeout) to <n> seconds
(default 3).
.TP
-.B ipcp-max-configure \fI<n>
-Set the maximum number of IPCP configure-request transmissions to <n>
-(default 10).
+.B local
+Don't use the modem control lines. With this option,
+.B pppd
+will ignore the state of the CD (Carrier Detect) signal from the modem and
+will not change the state of the DTR (Data Terminal Ready) signal.
.TP
-.B ipcp-max-failure \fI<n>
-Set the maximum number of IPCP configure-NAKs returned before starting
-to send configure-Rejects instead to <n> (default 10).
+.B login
+Use the system password database for authenticating the peer using
+PAP, and record the user in the system wtmp file. Note that if the
+/etc/ppp/pap-secrets file exists, the peer must have an entry in that
+file as well as the system password database to be allowed access.
.TP
-.B pap-restart \fI<n>
-Set the PAP restart interval (retransmission timeout) to <n> seconds
-(default 3).
+.B maxconnect \fIn
+Terminate the connection after \fIn\fR seconds.
+.TP
+.B modem
+Use the modem control lines. This option is the default. With this
+option,
+.B pppd
+will wait for the CD (Carrier Detect) signal from the modem to be asserted
+when opening the serial device
+(unless a connect script is specified), and it will drop the DTR (Data
+Terminal Ready) signal briefly when the connection is terminated and before
+executing the connect script.
+On Ultrix, this option implies hardware
+flow control, as for the \fBcrtscts\fR option.
+.TP
+.B ms-dns \fI<addr>
+If
+.I pppd
+is acting as a server for Microsoft Windows clients, this option
+allows
+.I pppd
+to supply one or two DNS (Domain Name Server) addresses to the
+clients. The first instance of this option specifies the primary DNS
+address; the second instance (if given) specifies the secondary DNS
+address.
+.TP
+.B name \fI<n>
+Set the name of the local system for authentication purposes to <n>.
+.TP
+.B netmask \fI<n>
+Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+notation (e.g. 255.255.255.0). If this option is given, the value
+specified is ORed with the default netmask. The default netmask is
+chosen based on the negotiated remote IP address; it is the
+appropriate network mask for the class of the remote IP address, ORed
+with the netmasks for any non point-to-point network interfaces in the
+system which are on the same network.
+.TP
+.B noaccomp
+Disable Address/Control compression in both directions (send and
+receive).
+.TP
+.B nobsdcomp
+Disables BSD-Compress compression; \fBpppd\fR will not request or
+agree to compress packets using the BSD-Compress scheme.
+.TP
+.B noccp
+Disable CCP (Compression Control Protocol) negotiation. This option
+should only be required if the peer is buggy and gets confused by
+requests from
+.I pppd
+for CCP negotiation.
+.TP
+.B nocrtscts
+Disable hardware flow control (i.e. RTS/CTS) on the serial port. If
+neither the \fBcrtscts\fR nor the \fB\-crtscts\fR option is given,
+the hardware flow control setting for the serial port is left
+unchanged.
+.TP
+.B nodefaultroute
+Disable the \fBdefaultroute\fR option. The system administrator who
+wishes to prevent users from creating default routes with \fIpppd\fR
+can do so by placing this option in the /etc/ppp/options file.
+.TP
+.B nodeflate
+Disables Deflate compression; \fBpppd\fR will not request or agree to
+compress packets using the Deflate scheme.
+.TP
+.B nodetach
+Don't detach from the controlling terminal. Without this option, if a
+serial device other than the terminal on the standard input is
+specified,
+.I pppd
+will fork to become a background process.
+.TP
+.B noip
+Disable IPCP negotiation and IP communication. This option should
+only be required if the peer is buggy and gets confused by requests
+from
+.I pppd
+for IPCP negotiation.
+.TP
+.B noipdefault
+Disables the default behaviour when no local IP address is specified,
+which is to determine (if possible) the local IP address from the
+hostname. With this option, the peer will have to supply the local IP
+address during IPCP negotiation (unless it specified explicitly on the
+command line or in an options file).
+.TP
+.B noipx
+Disable the IPXCP and IPX protocols. This option should only be
+required if the peer is buggy and gets confused by requests from
+.I pppd
+for IPXCP negotiation.
+.TP
+.B nomagic
+Disable magic number negotiation. With this option,
+.I pppd
+cannot detect a looped-back line. This option should only be needed
+if the peer is buggy.
+.TP
+.B nopcomp
+Disable protocol field compression negotiation in both the receive and
+the transmit direction.
+.TP
+.B nopredictor1
+Do not accept or agree to Predictor-1 comprssion.
+.TP
+.B noproxyarp
+Disable the \fBproxyarp\fR option. The system administrator who
+wishes to prevent users from creating proxy ARP entries with
+\fIpppd\fR can do so by placing this option in the /etc/ppp/options
+file.
+.TP
+.B novj
+Disable Van Jacobson style TCP/IP header compression in both the
+transmit and the receive direction.
+.TP
+.B novjccomp
+Disable the connection-ID compression option in Van Jacobson style
+TCP/IP header compression. With this option, \fIpppd\fR will not omit
+the connection-ID byte from Van Jacobson compressed TCP/IP headers,
+nor ask the peer to do so.
+.TP
+.B papcrypt
+Indicates that all secrets in the /etc/ppp/pap-secrets file which
+are used for checking the identity of the peer are encrypted, and thus
+pppd should not accept a password which (before encryption) is
+identical to the secret from the /etc/ppp/pap-secrets file.
.TP
.B pap-max-authreq \fI<n>
Set the maximum number of PAP authenticate-request transmissions to
<n> (default 10).
.TP
-.B chap-restart \fI<n>
-Set the CHAP restart interval (retransmission timeout for challenges)
-to <n> seconds (default 3).
-.TP
-.B chap-max-challenge \fI<n>
-Set the maximum number of CHAP challenge transmissions to <n> (default
-10).
+.B pap-restart \fI<n>
+Set the PAP restart interval (retransmission timeout) to <n> seconds
+(default 3).
.TP
-.B chap-interval \fI<n>
-If this option is given,
+.B pap-timeout \fI<n>
+Set the maximum time that
.I pppd
-will rechallenge the peer every <n> seconds.
+will wait for the peer to authenticate itself with PAP to
+<n> seconds (0 means no limit).
.TP
-.B ipcp-accept-local
-With this option,
-.I pppd
-will accept the peer's idea of our local IP address, even if the
-local IP address was specified in an option.
+.B persist
+Do not exit after a connection is terminated; instead try to reopen
+the connection.
.TP
-.B ipcp-accept-remote
+.B predictor1
+Attempt to request that the peer send frames which
+have been compressed using Predictor-1 compression. This option will
+be ignored unless Predictor-1 code has been loaded into the kernel.
+.TP
+.B proxyarp
+Add an entry to this system's ARP [Address Resolution Protocol] table
+with the IP address of the peer and the Ethernet address of this
+system.
+.TP
+.B remotename \fI<n>
+Set the assumed name of the remote system for authentication purposes
+to <n>.
+.TP
+.B refuse-chap
+With this option, \fIpppd\fR will not agree to authenticate itself
+to the peer using CHAP.
+.TP
+.B refuse-pap
+With this option, \fIpppd\fR will not agree to authenticate itself
+to the peer using PAP.
+.TP
+.B require-chap
+Require the peer to authenticate itself using CHAP [Cryptographic
+Handshake Authentication Protocol] authentication.
+.TP
+.B require-pap
+Require the peer to authenticate itself using PAP [Password
+Authentication Protocol] authentication.
+.TP
+.B silent
With this option,
.I pppd
-will accept the peer's idea of its (remote) IP address, even if the
-remote IP address was specified in an option.
+will not transmit LCP packets to initiate a connection until a valid
+LCP packet is received from the peer (as for the `passive' option with
+ancient versions of \fIpppd\fR).
+.TP
+.B usehostname
+Enforce the use of the hostname as the name of the local system for
+authentication purposes (overrides the
+.B name
+option). This option can be useful in the /etc/ppp/options file.
+.TP
+.B user \fI<u>
+Set the user name to use for authenticating this machine with the peer
+using PAP to <u>.
+.TP
+.B vj-max-slots \fIn
+Sets the number of connection slots to be used by the Van Jacobson
+TCP/IP header compression and decompression code to \fIn\fR, which
+must be between 2 and 16 (inclusive).
+.TP
+.B welcome \fIscript
+Run the executable or shell command specified by \fIscript\fR before
+initiating PPP negotiation, after the connect script (if any) has
+completed.
+.TP
+.B xonxoff
+Use software flow control (i.e. XON/XOFF) to control the flow of data on
+the serial port. This option is only implemented on Linux systems
+at present.
.SH OPTIONS FILES
Options can be taken from files as well as the command line.
.I pppd
-reads options from the files /etc/ppp/options and ~/.ppprc before
-looking at the command line. An options file is parsed into a series
-of words, delimited by whitespace. Whitespace can be included in a
-word by enclosing the word in quotes ("). A backslash (\\) quotes the
-following character. A hash (#) starts a comment, which continues
-until the end of the line.
+reads options from the files /etc/ppp/options, ~/.ppprc and
+/etc/ppp/options.\fIttyname\fR before processing the options on the
+command line. (In fact, the command-line options are scanned to find
+the terminal name before the options.\fIttyname\fR file is read.) In
+forming the name of the options.\fIttyname\fR file, the initial /dev/
+is removed from the terminal name, and any remaining / characters are
+replaced with dots.
+.PP
+An options file is parsed into a series of words, delimited by
+whitespace. Whitespace can be included in a word by enclosing the
+word in quotes ("). A backslash (\\) quotes the following character.
+A hash (#) starts a comment, which continues until the end of the
+line.
.SH AUTHENTICATION
.I pppd
provides system administrators with sufficient access control that PPP
.LP
The default behaviour of
.I pppd
-is to agree to authenticate if requested, and to not
-require authentication from the peer. However,
+is to agree to authenticate if requested, and to not require
+authentication from the peer. However,
.I pppd
-will not agree to
-authenticate itself with a particular protocol if it has no secrets
-which could be used to do so.
+will not agree to authenticate itself with a particular protocol if it
+has no secrets which could be used to do so.
.LP
Authentication is based on secrets, which are selected from secrets
files (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for CHAP).
for several combinations of server (authenticating peer) and client
(peer being authenticated). Note that
.I pppd
-can be both a server
-and client, and that different protocols can be used in the two
-directions if desired.
+can be both a server and client, and that different protocols can be
+used in the two directions if desired.
.LP
A secrets file is parsed into words as for a options file. A secret
is specified by a line containing at least 3 words, in the order
-client, server, secret. Any following words on the same line are
-taken to be a list of acceptable IP addresses for that client. If
-there are only 3 words on the line, it is assumed that any IP address
-is OK; to disallow all IP addresses, use "-". If the secret starts
-with an `@', what follows is assumed to be the name of a file from
-which to read the secret. A "*" as the client or server name matches
-any name. When selecting a secret, \fIpppd\fR takes the best match, i.e.
-the match with the fewest wildcards.
+client name, server name, secret. Any following words on the same
+line are taken to be a list of acceptable IP addresses for that
+client. If there are only 3 words on the line, it is assumed that any
+IP address is OK; to disallow all IP addresses, use "-". A word
+starting with "!" indicates that the specified address is \fInot\fR
+acceptable. An address may be followed by "/" and a number \fIn\fR,
+to indicate a whole subnet, i.e. all addresses which have the same
+value in the most significant \fIn\fR bits.
+.LP
+If the
+secret starts with an `@', what follows is assumed to be the name of a
+file from which to read the secret. A "*" as the client or server
+name matches any name. When selecting a secret, \fIpppd\fR takes the
+best match, i.e. the match with the fewest wildcards.
.LP
Thus a secrets file contains both secrets for use in authenticating
other hosts, plus secrets which we use for authenticating ourselves to
.LP
When authenticating ourselves using PAP, there is also a `username'
which is the local name by default, but can be set with the \fBuser\fR
-option or the \fB+ua\fR option.
+option.
.LP
The remote name is set as follows:
.TP 3
password supplied by the peer. If the password doesn't match the
secret, the password is encrypted using crypt() and checked against
the secret again; thus secrets for authenticating the peer can be
-stored in encrypted form. If the \fBlogin\fR option was specified, the
+stored in encrypted form. If the \fBpapcrypt\fR option is given, the
+first (unencrypted) comparison is omitted, for better security.
+.LP
+If the \fBlogin\fR option was specified, the
username and password are also checked against the system password
database. Thus, the system administrator can set up the pap-secrets
file to allow PPP access only to certain users, and to restrict the
-set of IP addresses that each user can use.
+set of IP addresses that each user can use. Typically, when using the
+\fBlogin\fR option, the secret in /etc/ppp/pap-secrets would be "", to
+avoid the need to have the same secret in two places.
.LP
Secrets are selected from the CHAP secrets file as follows:
.TP 2
If debugging is enabled at compile time, the \fBdebug\fR option also
causes other debugging messages to be logged.
.LP
-Debugging can also be enabled by sending a
+Debugging can also be enabled or disabled by sending a
SIGUSR1 to the
.I pppd
-process.
-Debugging may be disabled by sending a SIGUSR2 to the
-.I pppd
-process.
+process. This signal acts as a toggle.
.SH FILES
.TP
-.B /var/run/ppp\fIn\fB.pid \fR(BSD), \fB/etc/ppp/ppp\fIn\fB.pid \fR(SunOS)
+.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for \fIpppd\fR process on ppp interface unit \fIn\fR.
.TP
+.B /etc/ppp/auth-up
+A program or script which is executed after the remote system
+successfully authenticates itself. It is executed with the parameters
+.IP
+\fIinterface-name peer-name user-name tty-device speed\fR
+.IP and with its standard input, output and error redirected to
+\fB/dev/null\fR. This program or script is executed with the real and
+effective user-IDs set to \fBroot\fR, and with an empty environment.
+.TP
+.B /etc/ppp/auth-down
+A program or script which is executed when the link goes down, if
+/etc/ppp/auth-up was previously executed. It is executed in the same
+manner with the same parameters as /etc/ppp/auth-up.
+.TP
.B /etc/ppp/ip-up
A program or script which is executed when the link is available for
sending and receiving IP packets (that is, IPCP has come up). It is
-executed with the parameters \fIinterface-name tty-device speed
-local-IP-address remote-IP-address\fR.
+executed with the parameters
.IP
-This program or script is executed with the same real and effective
-user-ID as \fIpppd\fR, that is, at least the effective user-ID and
-possibly the real user-ID will be \fBroot\fR. This is so that it can
+\fIinterface-name tty-device speed local-IP-address
+remote-IP-address ipparam\fR
+.IP
+and with its standard input,
+output and error streams redirected to \fB/dev/null\fR.
+.IP
+This program or script is executed with the real and effective
+user-IDs set to \fBroot\fR. This is so that it can
be used to manipulate routes, run privileged daemons (e.g.
\fBsendmail\fR), etc. Be careful that the contents of the
/etc/ppp/ip-up and /etc/ppp/ip-down scripts do not compromise your
system's security.
+.IP
+This program or script is executed with an empty environment, so you
+must either specify a PATH or use full pathnames (e.g. \fI/sbin/route\fR,
+as opposed to \fIroute\fR).
.TP
.B /etc/ppp/ip-down
A program or script which is executed when the link is no longer
available for sending and receiving IP packets. This script can be
used for undoing the effects of the /etc/ppp/ip-up script. It is
-invoked with the same parameters as the ip-up script, and the same
-security considerations apply, since it is executed with the same
-effective and real user-IDs as \fIpppd\fR.
+invoked in the same manner and with the same parameters as the ip-up
+script, and the same security considerations apply.
+.TP
+.B /etc/ppp/ipx-up
+A program or script which is executed when the link is available for
+sending and receiving IPX packets (that is, IPXCP has come up). It is
+executed with the parameters
+.IP
+\fIinterface-name tty-device speed network-number local-IPX-node-address
+remote-IPX-node-address local-IPX-routing-protocol remote-IPX-routing-protocol
+local-IPX-router-name remote-IPX-router-name ipparam pppd-pid\fR
+.IP
+and with its standard input,
+output and error streams redirected to \fB/dev/null\fR.
+.br
+.IP
+The local-IPX-routing-protocol and remote-IPX-routing-protocol field
+may be one of the following:
+.IP
+NONE to indicate that there is no routing protocol
+.br
+RIP to indicate that RIP/SAP should be used
+.br
+NLSP to indicate that Novell NLSP should be used
+.br
+RIP NLSP to indicate that both RIP/SAP and NLSP should be used
+.br
+.IP
+This program or script is executed with the real and effective
+user-IDs set to \fBroot\fR, and with an empty environment. This is so
+that it can be used to manipulate routes, run privileged daemons (e.g.
+\fBripd\fR), etc. Be careful that the contents of the /etc/ppp/ipx-up
+and /etc/ppp/ipx-down scripts do not compromise your system's
+security.
+.TP
+.B /etc/ppp/ipx-down
+A program or script which is executed when the link is no longer
+available for sending and receiving IPX packets. This script can be
+used for undoing the effects of the /etc/ppp/ipx-up script. It is
+invoked in the same manner and with the same parameters as the ipx-up
+script, and the same security considerations apply.
.TP
.B /etc/ppp/pap-secrets
Usernames, passwords and IP addresses for PAP authentication.
.TP
.B /etc/ppp/options.\fIttyname
System default options for the serial port being used, read after
-command-line options.
+~/.ppprc. In forming the \fIttyname\fR part of this
+filename, an initial /dev/ is stripped from the port name (if
+present), and any slashes in the remaining part are converted to
+dots.
.SH SEE ALSO
.TP
.B RFC1144
Jacobson, V.
.I Compressing TCP/IP headers for low-speed serial links.
-1990 February.
+February 1990.
.TP
.B RFC1321
Rivest, R.
.I The MD5 Message-Digest Algorithm.
-1992 April.
+April 1992.
.TP
.B RFC1332
McGregor, G.
.I PPP Internet Protocol Control Protocol (IPCP).
-1992 May.
+May 1992.
.TP
.B RFC1334
Lloyd, B.; Simpson, W.A.
.I PPP authentication protocols.
-1992 October.
+October 1992.
.TP
-.B RFC1548
+.B RFC1661
Simpson, W.A.
.I The Point\-to\-Point Protocol (PPP).
-1993 December.
+July 1994.
.TP
-.B RFC1549
+.B RFC1662
Simpson, W.A.
-.I PPP in HDLC Framing.
-1993 December
+.I PPP in HDLC-like Framing.
+July 1994.
.SH NOTES
The following signals have the specified effect when sent to the
.I pppd
process.
.TP
.B SIGINT, SIGTERM
-These signals cause \fIpppd\fR to terminate the link (by closing LCP),
+These signals cause \fBpppd\fR to terminate the link (by closing LCP),
restore the serial device settings, and exit.
.TP
.B SIGHUP
-Indicates that the physical layer has been disconnected. \fIpppd\fR
-will attempt to restore the serial device settings (this may produce
-error messages on Suns), and then exit.
-.SH BUGS
-The use of the modem control lines and the effects of the \fBmodem\fR
-and \fBlocal\fR options are not well defined.
+This signal causes \fBpppd\fR to terminate the link, restore the
+serial device settings, and close the serial device. If the
+\fBpersist\fR option has been specified, \fBpppd\fR will try to reopen
+the serial device and start another connection (after the holdoff
+period). Otherwise \fBpppd\fR will exit. If this signal is received
+during the holdoff period, it causes \fBpppd\fR to end the holdoff
+period immediately.
+.TP
+.B SIGUSR2
+This signal causes
+.B pppd
+to renegotiate compression. This can be useful to re-enable
+compression after it has been disabled as a result of a fatal
+decompression error. With the BSD Compress scheme, fatal
+decompression errors generally indicate a bug in one or other
+implementation.
+
.SH AUTHORS
+Paul Mackerras (paulus@cs.anu.edu.au), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
Greg Christy,
-Brad Parker (brad@fcr.com),
-Paul Mackerras (paulus@cs.anu.edu.au)
+and
+Brad Parker.
projects / ppp.git / blobdiff