head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC5:1.1.1.2 netbsd-11-0-RC4:1.1.1.2 netbsd-11-0-RC3:1.1.1.2 netbsd-11-0-RC2:1.1.1.2 netbsd-11-0-RC1:1.1.1.2 perseant-exfatfs-base-20250801:1.1.1.2 netbsd-11:1.1.1.2.0.2 netbsd-11-base:1.1.1.2 ppp-2-5-2:1.1.1.2 netbsd-10-1-RELEASE:1.1.1.1 perseant-exfatfs-base-20240630:1.1.1.1 perseant-exfatfs:1.1.1.1.0.8 perseant-exfatfs-base:1.1.1.1 netbsd-10-0-RELEASE:1.1.1.1 netbsd-10-0-RC6:1.1.1.1 netbsd-10-0-RC5:1.1.1.1 netbsd-10-0-RC4:1.1.1.1 netbsd-10-0-RC3:1.1.1.1 netbsd-10-0-RC2:1.1.1.1 netbsd-10-0-RC1:1.1.1.1 netbsd-10:1.1.1.1.0.6 netbsd-10-base:1.1.1.1 cjep_sun2x-base1:1.1.1.1 cjep_sun2x:1.1.1.1.0.4 cjep_sun2x-base:1.1.1.1 cjep_staticlib_x-base1:1.1.1.1 cjep_staticlib_x:1.1.1.1.0.2 cjep_staticlib_x-base:1.1.1.1 ppp-2-4-9:1.1.1.1 MACKERRAS:1.1.1; locks; strict; comment @# @; 1.1 date 2021.01.09.16.37.36; author christos; state Exp; branches 1.1.1.1; next ; commitid E1YeMokojLpiu4DC; 1.1.1.1 date 2021.01.09.16.37.36; author christos; state Exp; branches 1.1.1.1.8.1; next 1.1.1.2; commitid E1YeMokojLpiu4DC; 1.1.1.2 date 2025.01.08.19.54.37; author christos; state Exp; branches; next ; commitid akeeBvxAosn3EIEF; 1.1.1.1.8.1 date 2025.08.02.05.23.19; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; desc @@ 1.1 log @Initial revision @ text @# /etc/ppp/options # The name of this server. Often, the FQDN is used here. #name # Enforce the use of the hostname as the name of the local system for # authentication purposes (overrides the name option). usehostname # If no local IP address is given, pppd will use the first IP address # that belongs to the local hostname. If "noipdefault" is given, this # is disabled and the peer will have to supply an IP address. noipdefault # With this option, pppd will accept the peer's idea of our local IP # address, even if the local IP address was specified in an option. #ipcp-accept-local # With this option, pppd will accept the peer's idea of its (remote) IP # address, even if the remote IP address was specified in an option. #ipcp-accept-remote # Specify which DNS Servers the incoming Win95 or WinNT Connection should use # Two Servers can be remotely configured #ms-dns 192.168.1.1 #ms-dns 192.168.1.2 # Specify which WINS Servers the incoming connection Win95 or WinNT should use #wins-addr 192.168.1.50 #wins-addr 192.168.1.51 # enable this on a server that already has a permanent default route #nodefaultroute # Run the executable or shell command specified after pppd has terminated # the link. This script could, for example, issue commands to the modem # to cause it to hang up if hardware modem control signals were not # available. # If mgetty is running, it will reset the modem anyway. So there is no need # to do it here. #disconnect "chat -- \d+++\d\c OK ath0 OK" # Increase debugging level (same as -d). The debug output is written # to syslog LOG_LOCAL2. debug # Enable debugging code in the kernel-level PPP driver. The argument n # is a number which is the sum of the following values: 1 to enable # general debug messages, 2 to request that the contents of received # packets be printed, and 4 to request that the contents of transmitted # packets be printed. #kdebug n # Require the peer to authenticate itself before allowing network # packets to be sent or received. # Please do not disable this setting. It is expected to be standard in # future releases of pppd. Use the call option (see manpage) to disable # authentication for specific peers. #auth # authentication can either be pap or chap. As most people only want to # use pap, you can also disable chap: #require-pap #refuse-chap # Use hardware flow control (i.e. RTS/CTS) to control the flow of data # on the serial port. crtscts # Specifies that pppd should use a UUCP-style lock on the serial device # to ensure exclusive access to the device. lock # Use the modem control lines. modem # async character map -- 32-bit hex; each bit is a character # that needs to be escaped for pppd to receive it. 0x00000001 # represents '\x01', and 0x80000000 represents '\x1f'. # To allow pppd to work over a rlogin/telnet connection, ou should escape # XON (^Q), XOFF (^S) and ^]: (The peer should use "escape ff".) #asyncmap 200a0000 asyncmap 0 # Specifies that certain characters should be escaped on transmission # (regardless of whether the peer requests them to be escaped with its # async control character map). The characters to be escaped are # specified as a list of hex numbers separated by commas. Note that # almost any character can be specified for the escape option, unlike # the asyncmap option which only allows control characters to be # specified. The characters which may not be escaped are those with hex # values 0x20 - 0x3f or 0x5e. #escape 11,13,ff # Set the MRU [Maximum Receive Unit] value to for negotiation. pppd # will ask the peer to send packets of no more than bytes. The # minimum MRU value is 128. The default MRU value is 1500. A value of # 296 is recommended for slow links (40 bytes for TCP/IP header + 256 # bytes of data). #mru 542 # Set the MTU [Maximum Transmit Unit] value to . Unless the peer # requests a smaller value via MRU negotiation, pppd will request that # the kernel networking code send data packets of no more than n bytes # through the PPP network interface. #mtu # Set the interface netmask to , a 32 bit netmask in "decimal dot" # notation (e.g. 255.255.255.0). #netmask 255.255.255.0 # Don't fork to become a background process (otherwise pppd will do so # if a serial device is specified). nodetach # Set the assumed name of the remote system for authentication purposes # to . #remotename # Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system. {proxyarp,noproxyarp} proxyarp # Use the system password database for authenticating the peer using # PAP. Note: mgetty already provides this option. If this is specified # then dialin from users using a script under Linux to fire up ppp wont work. #login # If this option is given, pppd will send an LCP echo-request frame to # the peer every n seconds. Under Linux, the echo-request is sent when # no packets have been received from the peer for n seconds. Normally # the peer should respond to the echo-request by sending an echo-reply. # This option can be used with the lcp-echo-failure option to detect # that the peer is no longer connected. lcp-echo-interval 30 # If this option is given, pppd will presume the peer to be dead if n # LCP echo-requests are sent without receiving a valid LCP echo-reply. # If this happens, pppd will terminate the connection. Use of this # option requires a non-zero value for the lcp-echo-interval parameter. # This option can be used to enable pppd to terminate after the physical # connection has been broken (e.g., the modem has hung up) in # situations where no hardware modem control lines are available. lcp-echo-failure 4 # Specifies that pppd should disconnect if the link is idle for n seconds. idle 600 # Disable the IPXCP and IPX protocols. noipx # ------ @ 1.1.1.1 log @What's new in ppp-2.4.9. ************************ * Support for new EAP (Extensible Authentication Protocol) methods: - Support for EAP-TLS, from Jan Just Keijser and others - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs Van Buggenhout and others * New pppd options: - chap-timeout - chapms-strip-domain - replacedefaultroute - noreplacedefaultroute - ipv6cp-accept-remote - lcp-echo-adaptive - ip-up-script - ip-down-script - ca - capath - cert - key - crl-dir - crl - max-tls-version - need-peer-eap * Fixes for CVE-2020-8597 and CVE-2015-3310. * libpcap is now required when compiling on Linux (previously, if libpcap was not present, pppd would be compiled without packet filtering support). * The rp-pppoe plugin has been renamed to pppoe, to distinguish it from the upstream rp-pppoe code. Its options have changed names, but the old names are kept as aliases. * The configure script now supports cross-compilation. * Many bug fixes and cleanups. What was new in ppp-2.4.8. ************************** * New pppd options have been added: - ifname, to set the name for the PPP interface device - defaultroute-metric, to set the metric for the default route - defaultroute6, to add an IPv6 default route (with nodefaultroute6 to prevent adding an IPv6 default route) - up_sdnotify, to have pppd notify systemd when the link is up. * The rp-pppoe plugin has new options: - host-uniq, to set the Host-Uniq value to send - pppoe-padi-timeout, to set the timeout for discovery packets - pppoe-padi-attempts, to set the number of discovery attempts. * Added the CLASS attribute in radius packets. * Sundry bug fixes. * Fixed warnings and issues found by static analysis. * Added Submitting-patches.md. What was new in ppp-2.4.7. ************************** * Fixed a potential security issue in parsing option files (CVE-2014-3158). * There is a new "stop-bits" option, which takes an argument of 1 or 2, indicating the number of stop bits to use for async serial ports. * Various bug fixes. What was new in ppp-2.4.6. ************************** * Man page updates. * Several bug fixes. * Options files can now set and unset environment variables for scripts. * The timeout for chat scripts can now be taken from an environment variable. * There is a new option, master_detach, which allows pppd to detach from the controlling terminal when it is the multilink bundle master but its own link has terminated, even if the nodetach option has been given. @ text @@ 1.1.1.1.8.1 log @Sync with HEAD @ text @a34 6 # Default IPv6 route is automatically configured by kernel based on # received ICMPv6 Router Advertisement packets. # pppd should not touch default IPv6 route to prevent breaking IPv6 setup. # Enabling defaultroute6 is needed only for broken IPv6 setup. nodefaultroute6 d150 3 @ 1.1.1.2 log @Import ppp-2.5.2, previous was 2.4.9 What's new in ppp-2.5.2 *********************** * Some old and probably unused code has been removed, notably the pppgetpass program and the passprompt plugin, and some of the files in the sample and scripts directories. * If a remote number has been set, it is available to scripts in the REMOTENUMBER environment variable. * The Solaris port has been updated, including updated installation instructions in README.sol2. * Various other bug fixes and minor enhancements. What was new in ppp-2.5.1 ************************* * The files copied to /etc/ppp (or /ppp) now have ".example" appended to their filenames, so as to indicate that they are just examples, and to avoid overwriting existing configuration files. * Pppd can now measure and log the round-trip time (RTT) of LCP echo-requests and record them in a binary file structured as a circular buffer. Other programs or scripts can examine the file and provide real-time statistics on link latency. This is enabled by a new "lcp-rtt-file" option. * New scripts net-init, net-pre-up and net-down are executed in the process of bringing the network interface up and down. They provide additional, more deterministic ways for pppd to interact with the rest of the networking configuration. * New options have been added to allow the system administrator to set the location of various scripts and secrets files. * A new "noresolvconf" option tells pppd not to write the /etc/ppp/resolv.conf file; DNS server addresses, if obtained from the peer, are still passed to scripts in the environment. * Pppd will now create the directory for the TDB connection database if it doesn't already exist. * Kernel module code for Solaris is no longer included. * Support for decompressing compressed packets has been removed from pppdump, because the zlib code used was old and potentially vulnerable. * Some old code has been removed. * Various other bug fixes and minor enhancements. What was new in ppp-2.5.0. ************************** The 2.5.0 release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. In Summary: * Support for PEAP authentication by Eivind Næss and Rustam Kovhaev * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment, by Eivind Næss and others. * Support for pkgconfig tool has been added by Eivind Næss. * Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár. * Major revision to PPPD's Plugin API by Eivind Næss. - Defines in which describes what features was included in pppd - Functions now prefixed with explicit ppp_* to indicate that pppd functions being called. - Header files were renamed to better align with their features, and now use proper include guards - A pppdconf.h file is supplied to allow third-party modules to use the same feature defines pppd was compiled with. - No extern declarations of internal variable names of pppd, continued use of these extern variables are considered unstable. * Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon * Dropped IPX support, as Linux has dropped support in version 5.15 for this protocol. * Many more fixes and cleanups. * Pppd is no longer installed setuid-root. * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. Note that if you have built and installed previous versions of this package and you want to continue having configuration and TDB files in /etc/ppp, you will need to use the --sysconfdir option to ./configure. For a list of the changes made during the 2.4 series releases of this package, see the Changes-2.4 file. @ text @a34 6 # Default IPv6 route is automatically configured by kernel based on # received ICMPv6 Router Advertisement packets. # pppd should not touch default IPv6 route to prevent breaking IPv6 setup. # Enabling defaultroute6 is needed only for broken IPv6 setup. nodefaultroute6 d150 3 @