X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=7417a36ed2632ae4172a2776b1c4d574c62f8d2e;hp=95051bf028c0885e8e3b3842c9f0dc355f89a40d;hb=92c5612fdb77e83e49c524ae46110c129e13429e;hpb=c3120199a30977a4da12fd031c1df4a95dec417a diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 95051bf..7417a36 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -55,8 +55,8 @@ non-privileged user. .I speed An option that is a decimal number is taken as the desired baud rate for the serial device. On systems such as -4.4BSD and NetBSD, any speed can be specified. Other systems -(e.g. Linux, SunOS) only support the commonly-used baud rates. +Linux, 4.4BSD and NetBSD, any speed can be specified. Other systems +(e.g. SunOS) only support the commonly-used baud rates. .TP .B asyncmap \fImap This option sets the Async-Control-Character-Map (ACCM) for this end @@ -260,10 +260,16 @@ compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP .B ca \fIca-file -(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority +(EAP-TLS, or PEAP) Use the file \fIca-file\fR as the X.509 Certificate Authority (CA) file (in PEM format), needed for setting up an EAP-TLS connection. This option is used on the client-side in conjunction with the \fBcert\fR -and \fBkey\fR options. +and \fBkey\fR options. Either \fIca\fR, or \fIcapath\fR options are required +for PEAP. EAP-TLS may also use the entry in eaptls-client or eaptls-server +for a CA certificate associated with a particular peer. +.TP +.B capath \fIpath +(EAP-TLS, or PEAP) Specify a location that contains public CA certificates. +Either \fIca\fR, or \fIcapath\fR options are required for PEAP. .TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control @@ -320,15 +326,15 @@ negotiation by sending its first LCP packet. The default value is or \fBpty\fR option is used. .TP .B crl \fIfilename -(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List +(EAP-TLS, or PEAP) Use the file \fIfilename\fR as the Certificate Revocation List to check for the validity of the peer's certificate. This option is not -mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR +mandatory for setting up a TLS connection. Also see the \fBcrl-dir\fR option. .TP .B crl-dir \fIdirectory -(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in +(EAP-TLS, or PEAP) Use the directory \fIdirectory\fR to scan for CRL files in has format ($hash.r0) to check for the validity of the peer's certificate. -This option is not mandatory for setting up an EAP-TLS connection. +This option is not mandatory for setting up a TLS connection. Also see the \fBcrl\fR option. .TP .B debug @@ -724,6 +730,11 @@ network control protocol comes up). Terminate after \fIn\fR consecutive failed connection attempts. A value of 0 means no limit. The default value is 10. .TP +.B max-tls-version \fIstring +(EAP-TLS, or PEAP) Configures the max allowed TLS version used during +negotiation with a peer. The default value for this is \fI1.2\fR. Values +allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR. +.TP .B modem Use the modem control lines. This option is the default. With this option, pppd will wait for the CD (Carrier Detect) signal from the @@ -1173,6 +1184,16 @@ The device used by pppd with this option must have sync support. Currently supports Microgate SyncLink adapters under Linux and FreeBSD 2.2.8 and later. .TP +.B tls-verify-method \fIstring +(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that +of the X509 certificates subject name, common name, or suffix of the common +name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR, +\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR. +.TP +.B tls-verify-key-usage +(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and +extended key usage attributes. +.TP .B unit \fInum Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound connections. If the unit is already in use a dynamically allocated number will @@ -1219,6 +1240,16 @@ USEPEERDNS will be set to 1. In addition, pppd will create an /etc/ppp/resolv.conf file containing one or two nameserver lines with the address(es) supplied by the peer. .TP +.B usepeerwins +Ask the peer for up to 2 WINS server addresses. The addresses supplied +by the peer (if any) are passed to the /etc/ppp/ip\-up script in the +environment variables WINS1 and WINS2, and the environment variable +USEPEERWINS will be set to 1. +.LP +Please note that some modems (like the Huawei E220) requires this option in +order to avoid a race condition that results in the incorrect DNS servers +being assigned. +.TP .B user \fIname Sets the name used for authenticating the local system to the peer to \fIname\fR. @@ -1821,6 +1852,15 @@ option was given). If the peer supplies DNS server addresses, this variable is set to the second DNS server address supplied (whether or not the usepeerdns option was given). +.TP +.B WINS1 +If the peer supplies WINS server addresses, this variable is set to the +first WINS server address supplied. +.TP +.B WINS2 +If the peer supplies WINS server addresses, this variable is set to the +second WINS server address supplied. +.P .P Pppd invokes the following scripts, if they exist. It is not an error if they don't exist.