X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=6a11fcb17b6de7f0ac75bd76e7f790edc9ae7f2e;hp=53b1c12e419882a5fed175ae48a2f631c5467e9a;hb=b2c36e6c0e1655aea9b1b0a03a8160f42a26c884;hpb=2a7981f8ca0fc6660146885b75f7a663fe221119 diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 53b1c12..6a11fcb 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -260,6 +260,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP +.B ca \fIca-file +(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority +(CA) file (in PEM format), needed for setting up an EAP-TLS connection. +This option is used on the client-side in conjunction with the \fBcert\fR +and \fBkey\fR options. +.TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control the flow of data on the serial port. If neither the \fIcrtscts\fR, @@ -271,6 +277,12 @@ RTS output. Such serial ports use this mode to implement true bi-directional flow control. The sacrifice is that this flow control mode does not permit using DTR as a modem control line. .TP +.B cert \fIcertfile +(EAP-TLS) Use the file \fIcertfile\fR as the X.509 certificate (in PEM +format), needed for setting up an EAP-TLS connection. This option is +used on the client-side in conjunction with the \fBca\fR and +\fBkey\fR options. +.TP .B chap\-interval \fIn If this option is given, pppd will rechallenge the peer every \fIn\fR seconds. @@ -283,6 +295,9 @@ Set the maximum number of CHAP challenge transmissions to \fIn\fR Set the CHAP restart interval (retransmission timeout for challenges) to \fIn\fR seconds (default 3). .TP +.B chap-timeout \fIn +Set timeout for CHAP authentication by peer to \fIn\fR seconds (default 60). +.TP .B child\-timeout \fIn When exiting, wait for up to \fIn\fR seconds for any child processes (such as the command specified with the \fBpty\fR command) to exit @@ -299,6 +314,18 @@ negotiation by sending its first LCP packet. The default value is 1000 (1 second). This wait period only applies if the \fBconnect\fR or \fBpty\fR option is used. .TP +.B crl \fIfilename +(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List +to check for the validity of the peer's certificate. This option is not +mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR +option. +.TP +.B crl-dir \fIdirectory +(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in +has format ($hash.r0) to check for the validity of the peer's certificate. +This option is not mandatory for setting up an EAP-TLS connection. +Also see the \fBcrl\fR option. +.TP .B debug Enables connection debugging facilities. If this option is given, pppd will log the contents of all @@ -568,6 +595,12 @@ transmitted packets be printed. On most systems, messages printed by the kernel are logged by syslog(1) to a file as directed in the /etc/syslog.conf configuration file. .TP +.B key \fIkeyfile +(EAP-TLS) Use the file \fIkeyfile\fR as the private key file (in PEM +format), needed for setting up an EAP-TLS connection. This option is +used on the client-side in conjunction with the \fBca\fR and +\fBcert\fR options. +.TP .B ktune Enables pppd to alter kernel settings as appropriate. Under Linux, pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward @@ -731,6 +764,9 @@ name to \fIname\fR.) Disable Address/Control compression in both directions (send and receive). .TP +.B need-peer-eap +(EAP-TLS) Require the peer to verify our authentication credentials. +.TP .B noauth Do not require the peer to authenticate itself. This option is privileged. @@ -1092,6 +1128,10 @@ When operating as an EAP SRP\-SHA1 client, attempt to use the pseudonym stored in ~/.ppp_pseudonym first as the identity, and save in this file any pseudonym offered by the peer during authentication. .TP +.B stop\-bits \fIn +Set the number of stop bits for the serial port. Valid values are 1 or 2. +The default value is 1. +.TP .B sync Use synchronous HDLC serial encoding instead of asynchronous. The device used by pppd with this option must have sync support. @@ -1162,6 +1202,43 @@ overridden by a non-privileged user. .B xonxoff Use software flow control (i.e. XON/XOFF) to control the flow of data on the serial port. +.SH PPPOE OPTIONS +To establish PPP link over Ethernet (PPPoE) it is needed to load pppd's +\fBplugin pppoe.so\fR and then specify option \fBnic-\fIinterface\fR +instead of modem options \fIttyname\fR and \fIspeed\fR. +Recognized pppd's PPPoE options are: +.TP +.B nic-\fIinterface +Use the ethernet device \fIinterface\fR to communicate with the peer. +For example, establishing PPPoE link on \fIeth0\fR interface is done +by specifying ppp'd option \fBnic-eth0\fR. Prefix \fBnic-\fR for this +option may be avoided if interface name is unambiguous and does not +look like any other pppd's option. +.TP +.B rp_pppoe_service \fIname +Connect to specified PPPoE service name. +.TP +.B rp_pppoe_ac \fIname +Connect to specified PPPoE access concentrator name. +.TP +.B rp_pppoe_sess \fIsessid\fP:\fImacaddr +Attach to existing PPPoE session. +.TP +.B rp_pppoe_verbose \fIn +Be verbose about discovered access concentrators. +.TP +.B pppoe-mac \fImacaddr +Connect to specified MAC address. +.TP +.B host-uniq \fIstring +Set the PPPoE Host-Uniq tag to the supplied hex string. +By default PPPoE Host-Uniq tag is set to the pppd's process PID. +.TP +.B pppoe-padi-timeout \fIn +Initial timeout for discovery packets in seconds (default 5). +.TP +.B pppoe-padi-attempts \fIn +Number of discovery attempts (default 3). .SH OPTIONS FILES Options can be taken from files as well as the command line. Pppd reads options from the files /etc/ppp/options, ~/.ppprc and @@ -1683,6 +1760,9 @@ the connection. .B LINKNAME The logical name of the link, set with the \fIlinkname\fR option. .TP +.B CALL_FILE +The value of the \fIcall\fR option. +.TP .B DNS1 If the peer supplies DNS server addresses, this variable is set to the first DNS server address supplied (whether or not the usepeerdns