diff options
Diffstat (limited to 'usr.sbin/ppp/ppp.8')
| -rw-r--r-- | usr.sbin/ppp/ppp.8 | 441 |
1 files changed, 79 insertions, 362 deletions
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index 31d12095a8eae..4ed85beb200ad 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -1,6 +1,5 @@ -.\" $Id: ppp.8,v 1.141 1999/01/19 22:15:41 brian Exp $ +.\" $Id: ppp.8,v 1.125 1998/09/17 00:45:12 brian Exp $ .Dd 20 September 1995 -.nr XX \w'\fC00' .Os FreeBSD .Dt PPP 8 .Sh NAME @@ -16,7 +15,7 @@ .Fl dedicated .Oc .Op Fl alias -.Op Ar system ... +.Op Ar system .Sh DESCRIPTION This is a user process .Em PPP @@ -95,7 +94,7 @@ scripts that wish to execute certain commands only if the connection is successfully established. .It Supports server-side PPP connections. In direct mode, -.Nm +.nm acts as server which accepts incoming .Em PPP connections on stdin/stdout. @@ -187,122 +186,6 @@ Refer to the logging facility if you're interested in what exactly is done as user id zero. .Sh GETTING STARTED -The following command line switches are understood by -.Nm ppp : -.Bl -tag -width XXX -offset XXX -.It Fl auto -.Nm Ppp -opens the tun interface, configures it then goes into the background. -The link isn't brought up until outgoing data is detected on the tun -interface at which point -.Nm -attempts to bring up the link. Packets received (including the first one) -while -.Nm -is trying to bring the link up will remain queued for a default of -2 minutes. See the -.Dq set choked -command below. -.Pp -At least one -.Dq system -must be given on the command line (see below) and a -.Dq set ifaddr -must be done in the system profile that specifies a peer IP address to -use when configuring the interface. Something like -.Dq 10.0.0.1/0 -is usually appropriate. See the -.Dq pmdemand -system in -.Pa /etc/ppp/ppp.conf.sample -for an example. -.It Fl background -Here, -.Nm -attempts to establish a connection with the peer immediately. If it -succeeds, -.Nm -goes into the background and the parent process returns an exit code -of 0. If it fails, -.Nm -exits with a non-zero result. -.It Fl direct -This is used for receiving incoming connections. -.Nm Ppp -ignores the ``set device'' line and uses descriptor 0 as the link. -.Pp -If callback is configured, -.Nm -will use the -.Dq set device -information when dialing back. -.It Fl dedicated -This option is designed for machines connected with a dedicated -wire. -.Nm Ppp -will always keep the device open and will never use any configured -chat scripts. -.It Fl ddial -This mode is equivalent to -.Fl auto -mode except that -.Nm -will bring the link back up any time it's dropped for any reason. -.It Fl interactive -This is a no-op, and gives the same behaviour as if none of the above -flags have been specified. -.Nm Ppp -loads any systems specified on the command line then provides an -interactive prompt. -.It Fl alias -This flag doesn't control -.Nm ppp Ns No 's -mode. It does the equivalent of an -.Dq enable alias yes . -Additionally, if the -.Fl auto -flag is also specified, an implicit -.Dq enable iface-alias -is done. -See below for details. -.Pp -Enabling IP aliasing allows -.Nm ppp -to act as a NAT or masquerading engine for all machines on an internal -LAN. Refer to -.Xr libalias 3 -for details. -.El -.Pp -Additionally, one or more systems may be specified on the command line. -A -.Sq system -is a configuration entry in -.Pa /etc/ppp/ppp.conf . -.Nm Ppp -will read the -.Dq default -system from -.Pa /etc/ppp/ppp.conf -at startup, followed by each of the systems specifed on the command line. -.Pp -Only one of the -.Fl auto , -.Fl background , -.Fl ddial , -.Fl direct , -.Fl dedicated -and -.Fl interactive -switches may be specified. -.Nm Ppp Ns No 's -.Sq mode -may subsequently be changed with the -.Dq set mode -command (see below). -.Pp -For now, we'll stick to using interactive mode. -.Pp When you first run .Nm you may need to deal with some initial configuration details. @@ -340,7 +223,7 @@ file and that that group contains the names of all users expected to use .Nm ppp . Refer to the .Xr group 5 -manual page for details. Each of these users must also be given access +manual page for details. Each of these uses must also be given access using the .Dq allow users command in @@ -467,22 +350,16 @@ When the peer starts to talk in .Nm detects this automatically and returns to command mode. .Bd -literal -offset indent -ppp ON awfulhak> # No link has been established -Ppp ON awfulhak> # We've connected & finished LCP -PPp ON awfulhak> # We've authenticated -PPP ON awfulhak> # We've agreed IP numbers +ppp ON awfulhak> +Ppp ON awfulhak> +PPp ON awfulhak> +PPP ON awfulhak> .Ed .Pp If it does not, it's possible that the peer is waiting for your end to -start negotiating or that -.Nm ppp -can't identify the incoming packets as being -.Em PPP -packets, perhaps due to your parity settings. To force +start negotiating. To force .Nm -to start sending -.Em PPP -configuration packets to the peer, use the +to start sending PPP configuration packets to the peer, use the .Dq ~p command to enter packet mode. .Pp @@ -531,10 +408,13 @@ PPP ON awfulhak> add default HISADDR .Pp The string .Sq HISADDR -represents the IP address of the connected peer. -If the -.Dq add -command fails due to an existing route, you can overwrite the existing +represents the IP address of the connected peer. It is possible to +use the keyword +.Sq INTERFACE +in place of +.Sq HISADDR . +This will create a direct route on the tun interface. +If it fails due to an existing route, you can overwrite the existing route using .Bd -literal -offset indent PPP ON awfulhak> add! default HISADDR @@ -609,7 +489,7 @@ portion of the prompt will change to .Sq PPP : .Bd -literal -offset indent # ppp MyISP -\&... +... ppp ON awfulhak> dial Ppp ON awfulhak> PPp ON awfulhak> @@ -634,15 +514,18 @@ connection is established. See the provided .Dq pmdemand example in .Pa /etc/ppp/ppp.conf.sample -which runs a script in the background after the connection is established -(refer to the -.Dq shell +which runs a script in the background after the connection is established. +The literal strings +.Dv HISADDR , +.Dv MYADDR and -.Dq bg -commands below for a description of possible substition strings). Similarly, -when a connection is closed, the contents of the +.Dv INTERFACE +may be used, and will be replaced with the relevant IP addresses and interface +name. Similarly, when a connection is closed, the +contents of the .Pa /etc/ppp/ppp.linkdown -file are executed. Both of these files have the same format as +file are executed. +Both of these files have the same format as .Pa /etc/ppp/ppp.conf . .Pp In previous versions of @@ -1286,7 +1169,7 @@ and represent the TH_ACK, TH_SYN and TH_FIN or TH_RST TCP flags respectively. .El .Pp .It -Each filter can hold up to 40 rules, starting from rule 0. +Each filter can hold up to 20 rules, starting from rule 0. The entire rule set is not effective until rule 0 is defined, ie. the default is to allow everything through. .It @@ -1299,7 +1182,7 @@ to flush all rules. .El .Pp See -.Pa /etc/ppp/ppp.conf.sample . +.Pa /etc/ppp/ppp.conf.example . .Sh SETTING THE IDLE TIMER To check/set the idle timer, use the .Dq show bundle @@ -1321,7 +1204,7 @@ ppp ON awfulhak> set timeout 0 In .Fl ddial and -.Fl dedicated +.Fl direct modes, the idle timeout is ignored. In .Fl auto mode, when the idle timeout causes the @@ -1668,7 +1551,7 @@ required a similar entry in the .Pa /etc/ppp/ppp.linkup file. Since the advent of .Sq sticky routes , -this is no longer required. +his is no longer required. .It If your provider requests that you use PAP/CHAP authentication methods, add the next lines to your @@ -1709,57 +1592,28 @@ ISPs. is able to generate the following log info either via .Xr syslog 3 or directly to the screen: -.Pp -.Bl -tag -width XXXXXXXXX -offset XXX -compact -.It Li Async -Dump async level packet in hex. -.It Li CBCP -Generate CBCP (CallBack Control Protocol) logs. -.It Li CCP -Generate a CCP packet trace. -.It Li Chat -Generate -.Sq dial , -.Sq login -and -.Sq hangup -chat script trace logs. -.It Li Command -Log commands executed either from the command line or any of the configuration -files. -.It Li Connect -Log Chat lines containing the string "CONNECT". -.It Li Debug -Log debug information. -.It Li HDLC -Dump HDLC packet in hex. -.It Li ID0 -Log all function calls specifically made as user id 0. -.It Li IPCP -Generate an IPCP packet trace. -.It Li LCP -Generate an LCP packet trace. -.It Li LQM -Generate LQR reports. -.It Li Phase -Phase transition log output. -.It Li TCP/IP -Dump all TCP/IP packets. -.It Li Timer -Log timer manipulation. -.It Li TUN -Include the tun device on each log line. -.It Li Warning -Output to the terminal device. If there is currently no terminal, -output is sent to the log file using syslogs -.Dv LOG_WARNING . -.It Li Error -Output to both the terminal device -and the log file using syslogs -.Dv LOG_ERROR . -.It Li Alert -Output to the log file using -.Dv LOG_ALERT . +.Bl -column SMMMMMM -offset indent +.It Li Async Dump async level packet in hex +.It Li CBCP Generate CBCP (CallBack Control Protocol) logs +.It Li CCP Generate a CCP packet trace +.It Li Chat Generate Chat script trace log +.It Li Command Log commands executed +.It Li Connect Generate complete Chat log +.It Li Debug Log debug information +.It Li HDLC Dump HDLC packet in hex +.It Li ID0 Log all function calls specifically made as user id 0. +.It Li IPCP Generate an IPCP packet trace +.It Li LCP Generate an LCP packet trace +.It Li LQM Generate LQR report +.It Li Phase Phase transition log output +.It Li TCP/IP Dump all TCP/IP packets +.It Li Timer Log timer manipulation +.It Li TUN Include the tun device on each log line +.It Li Warning Output to the terminal device. If there is currently no +terminal, output is sent to the log file using LOG_WARNING. +.It Li Error Output to both the terminal device and the log file using +LOG_ERROR. +.It Li Alert Output to the log file using LOG_ALERT .El .Pp The @@ -2236,11 +2090,6 @@ as the client password in Default: Disabled. Enabling this option will tell .Nm to proxy ARP for the peer. -.It proxyall -Default: Disabled. Enabling this will tell -.Nm -to add proxy arp entries for every IP address in all class C or -smaller subnets routed via the tun interface. .It sroutes Default: Enabled. When the .Dq add @@ -2285,28 +2134,6 @@ this option will tell .Nm not to make any utmp or wtmp entries. This is usually only necessary if you require the user to both login and authenticate themselves. -.It iface-alias -Default: Enabled if -.Fl alias -is specified. This option simply tells -.Nm -to add new interface addresses to the interface rather than replacing them. -The option can only be enabled if IP aliasing is enabled -.Pq Dq alias enable yes . -.Pp -With this option enabled, -.Nm -will pass traffic for old interface addresses through the IP alias engine -.Pq see Xr libalias 5 , -resulting in the ability (in -.Fl auto -mode) to properly connect the process that caused the PPP link to -come up in the first place. -.Pp -Disabling IP aliasing with -.Dq alias enable off -will also disable -.Sq iface-alias . .El .Pp .It add[!] Ar dest[/nn] [mask] gateway @@ -2335,14 +2162,24 @@ It is possible to use the symbolic names .Sq MYADDR or .Sq HISADDR -as the destination, and +as the destination, and either .Sq HISADDR +or +.Sq INTERFACE as the .Ar gateway . .Sq MYADDR -is replaced with the interface address and +is replaced with the interface address, .Sq HISADDR -is replaced with the interface destination (peer) address. +is replaced with the interface destination address and +.Sq INTERFACE +is replaced with the current interface name. If the interfaces destination +address has not yet been assigned +.Pq via Dq set ifaddr , +the current +.Sq INTERFACE +is used instead of +.Sq HISADDR . .Pp If the .Ar add! @@ -2533,18 +2370,12 @@ file. This is replaced with the IP number assigned to the local interface. .It Li PEER_ENDDISC This is replaced with the value of the peers endpoint discriminator. -.It Li PROCESSID -This is replaced with the current process id. .It Li USER This is replaced with the username that has been authenticated with PAP or CHAP. Normally, this variable is assigned only in -direct mode. This value is available irrespective of whether utmp logging is enabled. .El .Pp -These substitutions are also done by the -.Dq set proctitle -command. -.Pp If you wish to pause .Nm while the command executes, use the @@ -2623,7 +2454,7 @@ will not complain if the route does not already exist. .It dial|call Op Ar label When used with no argument, this command is the same as the .Dq open -command. When one or more +command. When .Ar label is specified, a .Dq load @@ -2645,70 +2476,6 @@ is specified, only the relevant compression layer(s) are terminated. Show a list of available commands. If .Ar command is specified, show the usage string for that command. -.It iface Ar command Op args -This command is used to control the interface used by -.Nm ppp . -.Ar Command -may be one of the following: -.Bl -tag -width XX -.It iface add[!] Ar addr[[/bits| mask] peer] -Add the given -.Ar addr mask peer -combination to the interface. Instead of specifying -.Ar mask , -.Ar /bits -can be used -.Pq with no space between \&it and Ar addr . -If the given address already exists, the command fails unless the -.Dq \&! -is used - in which case the previous interface address entry is overwritten -with the new one, allowing a change of netmask or peer address. -.Pp -If only -.Ar addr -is specified, -.Ar bits -defaults to -.Dq 32 -and -.Ar peer -defaults to -.Dq 255.255.255.255 . -This address (the broadcast address) is the only duplicate peer address that -.Nm -allows. -.It iface clear -If this command is used while -.Nm -is in the OPENED state or while in -.Fl auto -mode, all addresses except for the IPCP negotiated address are deleted -from the interface. If -.Nm -is not in the OPENED state and is not in -.Fl auto -mode, all interface addresses are deleted. -.Pp -.It iface delete[!]|rm[!] Ar addr -This command deletes the given -.Ar addr -from the interface. If the -.Dq \&! -is used, no error is given if the address isn't currently assigned to -the interface (and no deletion takes place). -.It iface show -Shows the current state and current addresses for the interface. It is -much the same as running -.Dq ifconfig INTERFACE . -.It iface help Op Ar sub-command -This command, when invoked without -.Ar sub-command , -will show a list of possbile -.Dq iface -sub-commands and a brief synopsis for each. When invoked with -.Ar sub-command , -only the synopsis for the given sub-command is shown. -.El .It [data]link Ar name[,name...] command Op Ar args This command may prefix any other command if the user wishes to specify which link the command should affect. This is only @@ -2728,9 +2495,9 @@ is .Dq * , .Ar command is executed on all links. -.It load Op Ar label ... +.It load Op Ar label Load the given -.Ar label(s) +.Ar label from the .Pa ppp.conf file. If @@ -2799,8 +2566,8 @@ ppp will exit after closing all connections. Otherwise, if the user is connected to a diagnostic socket, the connection is simply dropped. .Pp If the -.Ar all -argument is given, +.Ar +all argument is given, .Nm will exit despite the source of the command after closing all existing connections. @@ -2892,20 +2659,12 @@ links will stay active until the bundle idle timer expires. If no arguments are given, callback is disabled, otherwise, .Nm will request (or in -.Fl direct -mode, will accept) one of the given protocols. In client mode, if a -request is NAK'd +.Ar direct +mode, will accept) one of the given protocols. If a request is NAK'd .Nm will request another, until no options remain at which point .Nm -will terminate negotiations. In server mode, -.Nm -will accept any of the given protocols - but the client -.Em must -request one of them. If you wish callback to be optional, you must include -.Ar none -as an option. -.Pp +will terminate negotiations. The options are as follows (in this order of preference): .Pp .Bl -tag @@ -2943,7 +2702,7 @@ themselves. If the peer does not wish to do callback at all, .Nm will accept the fact and continue without callback rather than terminating -the connection. This is required if you wish callback to be optional. +the connection. .El .Pp .It set cbcp Op *|number[,number]... Op delay Op retry @@ -3263,7 +3022,7 @@ Filtering is done prior to any IP alterations that might be done by the alias engine. By default all filter sets allow all packets to pass. Rules are processed in order according to .Ar rule-no . -Up to 40 rules may be given for each set. If a packet doesn't match +Up to 20 rules may be given for each set. If a packet doesn't match any of the rules in a given set, it is discarded. In the case of .Em in and @@ -3401,16 +3160,6 @@ It is not possible to change a link that is .Sq direct or .Sq dedicated . -.Pp -Note: If you issue the command -.Dq set mode auto , -and have IP aliasing enabled, it may be useful to -.Dq enable iface-alias -afterwards. This will allow -.Nm -to do the necessary address translations to enable the process that -triggers the connection to connect once the link is up despite the -peer assigning us a new (dynamic) IP address. .It set mrru Op Ar value Setting this option enables Multi-link PPP negotiations, also known as Multi-link Protocol or MP. There is no default MRRU (Maximum @@ -3479,25 +3228,6 @@ the maximum number of times specified by below. In .Fl background mode, each number is attempted at most once. -.It set [proc]title Op Ar value -The current process title as displayed by -.Xr ps 1 -is changed according to -.Ar value . -If -.Ar value -is not specified, the original process title is restored. All the -word replacements done by the shell commands (see the -.Dq bg -command above) are done here too. -.Pp -Note, if USER is required in the process title, the -.Dq set proctitle -command must appear in -.Pa ppp.linkup , -as it is not known when the commands in -.Pa ppp.conf -are executed. .It set reconnect Ar timeout ntries Should the line drop unexpectedly (due to loss of CD or LQR failure), a connection will be re-established after the given @@ -3511,11 +3241,6 @@ defaults to zero. A value of for .Ar timeout will result in a variable pause, somewhere between 0 and 30 seconds. -.It set recvpipe Op Ar value -This sets the routing table RECVPIPE value. The optimum value is -just over twice the MTU value. If -.Ar value -is unspecified or zero, the default kernel controlled value is used. .It set redial Ar seconds[.nseconds] [attempts] .Nm Ppp can be instructed to attempt to redial @@ -3544,11 +3269,6 @@ should immediately follow the keyword. See the .Dq open description above for further details. -.It set sendpipe Op Ar value -This sets the routing table SENDPIPE value. The optimum value is -just over twice the MTU value. If -.Ar value -is unspecified or zero, the default kernel controlled value is used. .It set server|socket Ar TcpPort|LocalName|none password Op Ar mask This command tells .Nm @@ -3689,9 +3409,6 @@ is not specified, all filters are shown. Show the current HDLC statistics. .It show help|? Give a summary of available show commands. -.It show iface -Show the current interface information -.Pq the same \&as Dq iface show . .It show ipcp Show the current IPCP statistics. .It show lcp @@ -3736,11 +3453,11 @@ Read the example configuration files. They are a good source of information. .It Use .Dq help , +.Dq show ? , .Dq alias ? , -.Dq enable ? , .Dq set ? and -.Dq show ? +.Dq set ? <var> to get online information about what's available. .It The following urls contain useful information: |