X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fpppd.8;h=b31594ac3be8b97b5b67cacd02ae55328a37ccbf;hp=f5597f6a6593db0ee00aeed7150ed725a0fc5e8e;hb=032020241d270c53dff479a7b0eb7fe487c56a78;hpb=e8cd41673651e35447020bf9d98c5d6d4acd9212 diff --git a/pppd/pppd.8 b/pppd/pppd.8 index f5597f6..b31594a 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -55,8 +55,8 @@ non-privileged user. .I speed An option that is a decimal number is taken as the desired baud rate for the serial device. On systems such as -4.4BSD and NetBSD, any speed can be specified. Other systems -(e.g. Linux, SunOS) only support the commonly-used baud rates. +Linux, 4.4BSD and NetBSD, any speed can be specified. Other systems +(e.g. SunOS) only support the commonly-used baud rates. .TP .B asyncmap \fImap This option sets the Async-Control-Character-Map (ACCM) for this end @@ -127,12 +127,6 @@ is no other default route with the same metric. With the default value of -1, the route is only added if there is no default route at all. .TP -.B defaultroute6 -Add a default IPv6 route to the system routing tables, using the peer as -the gateway, when IPv6CP negotiation is successfully completed. -This entry is removed when the PPP connection is broken. This option -is privileged if the \fInodefaultroute6\fR option has been specified. -.TP .B replacedefaultroute This option is a flag to the defaultroute option. If defaultroute is set and this flag is also set, pppd replaces an existing default route @@ -266,10 +260,16 @@ compression in the corresponding direction. Use \fInobsdcomp\fR or \fIbsdcomp 0\fR to disable BSD-Compress compression entirely. .TP .B ca \fIca-file -(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority +(EAP-TLS, or PEAP) Use the file \fIca-file\fR as the X.509 Certificate Authority (CA) file (in PEM format), needed for setting up an EAP-TLS connection. This option is used on the client-side in conjunction with the \fBcert\fR -and \fBkey\fR options. +and \fBkey\fR options. Either \fIca\fR, or \fIcapath\fR options are required +for PEAP. EAP-TLS may also use the entry in eaptls-client or eaptls-server +for a CA certificate associated with a particular peer. +.TP +.B capath \fIpath +(EAP-TLS, or PEAP) Specify a location that contains public CA certificates. +Either \fIca\fR, or \fIcapath\fR options are required for PEAP. .TP .B cdtrcts Use a non-standard hardware flow control (i.e. DTR/CTS) to control @@ -326,15 +326,15 @@ negotiation by sending its first LCP packet. The default value is or \fBpty\fR option is used. .TP .B crl \fIfilename -(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List +(EAP-TLS, or PEAP) Use the file \fIfilename\fR as the Certificate Revocation List to check for the validity of the peer's certificate. This option is not -mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR +mandatory for setting up a TLS connection. Also see the \fBcrl-dir\fR option. .TP .B crl-dir \fIdirectory -(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in +(EAP-TLS, or PEAP) Use the directory \fIdirectory\fR to scan for CRL files in has format ($hash.r0) to check for the validity of the peer's certificate. -This option is not mandatory for setting up an EAP-TLS connection. +This option is not mandatory for setting up a TLS connection. Also see the \fBcrl\fR option. .TP .B debug @@ -354,6 +354,17 @@ Disable MRU [Maximum Receive Unit] negotiation. With this option, pppd will use the default MRU value of 1500 bytes for both the transmit and receive direction. .TP +.B defaultroute6 +Add a default IPv6 route to the system routing tables, using the peer as +the gateway, when IPv6CP negotiation is successfully completed. +This entry is removed when the PPP connection is broken. This option +is privileged if the \fInodefaultroute6\fR option has been specified. +\fBWARNING: Do not enable this option by default\fR. IPv6 routing tables +are managed by kernel (as apposite to IPv4) and IPv6 default route is +configured by kernel automatically too based on ICMPv6 Router Advertisement +packets. This option may conflict with kernel IPv6 route setup and should +be used only for broken IPv6 networks. +.TP .B deflate \fInr,nt Request that the peer compress packets that it sends, using the Deflate scheme, with a maximum window size of \fI2**nr\fR bytes, and @@ -719,6 +730,11 @@ network control protocol comes up). Terminate after \fIn\fR consecutive failed connection attempts. A value of 0 means no limit. The default value is 10. .TP +.B max-tls-version \fIstring +(EAP-TLS, or PEAP) Configures the max allowed TLS version used during +negotiation with a peer. The default value for this is \fI1.2\fR. Values +allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR. +.TP .B modem Use the modem control lines. This option is the default. With this option, pppd will wait for the CD (Carrier Detect) signal from the @@ -1168,6 +1184,16 @@ The device used by pppd with this option must have sync support. Currently supports Microgate SyncLink adapters under Linux and FreeBSD 2.2.8 and later. .TP +.B tls-verify-method \fIstring +(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that +of the X509 certificates subject name, common name, or suffix of the common +name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR, +\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR. +.TP +.B tls-verify-key-usage +(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and +extended key usage attributes. +.TP .B unit \fInum Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound connections. If the unit is already in use a dynamically allocated number will @@ -1214,6 +1240,16 @@ USEPEERDNS will be set to 1. In addition, pppd will create an /etc/ppp/resolv.conf file containing one or two nameserver lines with the address(es) supplied by the peer. .TP +.B usepeerwins +Ask the peer for up to 2 WINS server addresses. The addresses supplied +by the peer (if any) are passed to the /etc/ppp/ip\-up script in the +environment variables WINS1 and WINS2, and the environment variable +USEPEERWINS will be set to 1. +.LP +Please note that some modems (like the Huawei E220) requires this option in +order to avoid a race condition that results in the incorrect DNS servers +being assigned. +.TP .B user \fIname Sets the name used for authenticating the local system to the peer to \fIname\fR. @@ -1258,8 +1294,9 @@ Attach to existing PPPoE session. For backward compatibility also \fBrp_pppoe_sess\fP option name is supported. .TP .B pppoe-verbose \fIn -Be verbose about discovered access concentrators. For backward -compatibility also \fBrp_pppoe_verbose\fP option name is supported. +Be verbose about discovered access concentrators. When set to 2 or bigger +value then dump also discovery packets. For backward compatibility also +\fBrp_pppoe_verbose\fP option name is supported. .TP .B pppoe-mac \fImacaddr Connect to specified MAC address. @@ -1765,6 +1802,14 @@ IPCP has come up. The IP address for the remote end of the link. This is only set when IPCP has come up. .TP +.B LLLOCAL +The Link-Local IPv6 address for the local end of the link. This is only +set when IPV6CP has come up. +.TP +.B LLREMOTE +The Link-Local IPv6 address for the remote end of the link. This is only +set when IPV6CP has come up. +.TP .B PEERNAME The authenticated name of the peer. This is only set if the peer authenticates itself. @@ -1808,6 +1853,15 @@ option was given). If the peer supplies DNS server addresses, this variable is set to the second DNS server address supplied (whether or not the usepeerdns option was given). +.TP +.B WINS1 +If the peer supplies WINS server addresses, this variable is set to the +first WINS server address supplied. +.TP +.B WINS2 +If the peer supplies WINS server addresses, this variable is set to the +second WINS server address supplied. +.P .P Pppd invokes the following scripts, if they exist. It is not an error if they don't exist.