pppd(8)


NAME

   pppd - Point-to-Point Protocol Daemon

SYNOPSIS

   pppd [ options ]

DESCRIPTION

   PPP  is  the protocol used for establishing internet links over dial-up
   modems, DSL connections, and many other types of point-to-point  links.
   The  pppd daemon works together with the kernel PPP driver to establish
   and maintain a PPP link with another system (called the  peer)  and  to
   negotiate  Internet  Protocol  (IP) addresses for each end of the link.
   Pppd can  also  authenticate  the  peer  and/or  supply  authentication
   information  to the peer.  PPP can be used with other network protocols
   besides IP, but such use is becoming increasingly rare.

FREQUENTLY USED OPTIONS

   ttyname
          Use the serial port called ttyname to communicate with the peer.
          If  ttyname  does not begin with a slash (/), the string "/dev/"
          is prepended to ttyname to form the name of the device to  open.
          If  no  device  name  is  given,  or if the name of the terminal
          connected to the standard input is given,  pppd  will  use  that
          terminal,  and will not fork to put itself in the background.  A
          value for  this  option  from  a  privileged  source  cannot  be
          overridden by a non-privileged user.

   speed  An  option that is a decimal number is taken as the desired baud
          rate for the serial device.   On  systems  such  as  4.4BSD  and
          NetBSD,  any speed can be specified.  Other systems (e.g. Linux,
          SunOS) only support the commonly-used baud rates.

   asyncmap map
          This option sets the Async-Control-Character-Map (ACCM) for this
          end  of the link.  The ACCM is a set of 32 bits, one for each of
          the ASCII control characters with values from 0 to 31, where a 1
          bit  indicates  that  the corresponding control character should
          not be used in PPP packets sent to  this  system.   The  map  is
          encoded as a hexadecimal number (without a leading 0x) where the
          least significant bit (00000001) represents character 0 and  the
          most  significant  bit (80000000) represents character 31.  Pppd
          will ask the peer to send these characters as  a  2-byte  escape
          sequence.   If  multiple  asyncmap options are given, the values
          are ORed together.  If no asyncmap option is given, the  default
          is  zero,  so  pppd  will ask the peer not to escape any control
          characters.  To escape transmitted characters,  use  the  escape
          option.

   auth   Require  the peer to authenticate itself before allowing network
          packets to be sent or received.  This option is the  default  if
          the  system has a default route.  If neither this option nor the
          noauth option is specified, pppd will only allow the peer to use
          IP addresses to which the system does not already have a route.

   call name
          Read additional options from the file /etc/ppp/peers/name.  This
          file may contain privileged options, such  as  noauth,  even  if
          pppd  is  not  being run by root.  The name string may not begin
          with / or include .. as a pathname component.  The format of the
          options file is described below.

   connect script
          Usually there is something which needs to be done to prepare the
          link before the PPP protocol can be started; for instance,  with
          a  dial-up  modem, commands need to be sent to the modem to dial
          the appropriate phone number.  This option specifies an  command
          for pppd to execute (by passing it to a shell) before attempting
          to start PPP negotiation.  The chat (8) program is often  useful
          here,  as it provides a way to send arbitrary strings to a modem
          and respond to received characters.  A  value  for  this  option
          from  a  privileged  source  cannot  be  overridden  by  a  non-
          privileged user.

   crtscts
          Specifies that pppd should set the serial port to  use  hardware
          flow  control  using  the  RTS  and  CTS  signals  in the RS-232
          interface.  If neither the crtscts, the nocrtscts,  the  cdtrcts
          nor  the  nocdtrcts  option  is given, the hardware flow control
          setting for the serial port  is  left  unchanged.   Some  serial
          ports  (such  as Macintosh serial ports) lack a true RTS output.
          Such serial ports use this mode to implement unidirectional flow
          control.   The   serial  port  will  suspend  transmission  when
          requested by the modem (via CTS) but will be unable  to  request
          the modem to stop sending to the computer. This mode retains the
          ability to use DTR as a modem control line.

   defaultroute
          Add a default route to the system routing tables, using the peer
          as the gateway, when IPCP negotiation is successfully completed.
          This entry is removed when the PPP connection is  broken.   This
          option  is  privileged  if  the  nodefaultroute  option has been
          specified.

   replacedefaultroute
          This  option  is  a  flag  to  the   defaultroute   option.   If
          defaultroute  is set and this flag is also set, pppd replaces an
          existing default route with the new default route.

   disconnect script
          Execute the command specified by script,  by  passing  it  to  a
          shell,  after pppd has terminated the link.  This command could,
          for example, issue commands to the modem to cause it to hang  up
          if  hardware  modem  control  signals  were  not available.  The
          disconnect script is not run if the modem has already  hung  up.
          A  value  for  this  option  from  a privileged source cannot be
          overridden by a non-privileged user.

   escape xx,yy,...
          Specifies  that  certain  characters  should   be   escaped   on
          transmission (regardless of whether the peer requests them to be
          escaped with its async control character map).   The  characters
          to  be  escaped are specified as a list of hex numbers separated
          by commas.  Note that almost any character can be specified  for
          the  escape option, unlike the asyncmap option which only allows
          control characters to be specified.  The  characters  which  may
          not be escaped are those with hex values 0x20 - 0x3f or 0x5e.

   file name
          Read  options  from  file  name (the format is described below).
          The file must be readable by the user who has invoked pppd.

   init script
          Execute the command specified by script,  by  passing  it  to  a
          shell,  to  initialize  the  serial  line.   This  script  would
          typically use the chat(8) program  to  configure  the  modem  to
          enable  auto  answer.  A value for this option from a privileged
          source cannot be overridden by a non-privileged user.

   lock   Specifies that pppd should create a UUCP-style lock file for the
          serial  device  to  ensure  exclusive  access to the device.  By
          default, pppd will not create a lock file.

   mru n  Set the MRU [Maximum Receive Unit] value to n. Pppd will ask the
          peer  to  send  packets of no more than n bytes.  The value of n
          must be between 128 and 16384; the default is 1500.  A value  of
          296  works well on very slow links (40 bytes for TCP/IP header +
          256 bytes of data).  Note that for the IPv6  protocol,  the  MRU
          must be at least 1280.

   mtu n  Set the MTU [Maximum Transmit Unit] value to n.  Unless the peer
          requests a smaller value via MRU negotiation, pppd will  request
          that  the  kernel  networking  code send data packets of no more
          than n bytes through the PPP network interface.  Note  that  for
          the IPv6 protocol, the MTU must be at least 1280.

   passive
          Enables the "passive" option in the LCP.  With this option, pppd
          will attempt to initiate a connection; if no reply  is  received
          from  the  peer,  pppd will then just wait passively for a valid
          LCP packet from the  peer,  instead  of  exiting,  as  it  would
          without this option.

OPTIONS

   <local_IP_address>:<remote_IP_address>
          Set  the local and/or remote interface IP addresses.  Either one
          may be omitted.  The IP addresses can be specified with  a  host
          name  or  in  decimal  dot  notation  (e.g. 150.234.56.78).  The
          default local address is the (first) IP address  of  the  system
          (unless  the  noipdefault  option is given).  The remote address
          will be obtained from the peer if not specified in  any  option.
          Thus,  in simple cases, this option is not required.  If a local
          and/or remote IP address is specified  with  this  option,  pppd
          will  not  accept  a  different  value from the peer in the IPCP
          negotiation,     unless     the     ipcp-accept-local     and/or
          ipcp-accept-remote options are given, respectively.

   +ipv6  Enable the IPv6CP and IPv6 protocols.

   ipv6 <local_interface_identifier>,<remote_interface_identifier>
          Set  the local and/or remote 64-bit interface identifier. Either
          one may be omitted. The identifier must be specified in standard
          ASCII  notation  of  IPv6  addresses  (e.g. ::dead:beef). If the
          ipv6cp-use-ipaddr option is given, the local identifier  is  the
          local  IPv4  address  (see  above).  On systems which supports a
          unique persistent id, such as EUI-48 derived from  the  Ethernet
          MAC address, ipv6cp-use-persistent option can be used to replace
          the ipv6 <local>,<remote> option. Otherwise  the  identifier  is
          randomized.

   active-filter filter-expression
          Specifies  a  packet  filter  to  be  applied to data packets to
          determine which packets are to be regarded as link activity, and
          therefore  reset the idle timer, or cause the link to be brought
          up  in  demand-dialling  mode.   This  option   is   useful   in
          conjunction with the idle option if there are packets being sent
          or received  regularly  over  the  link  (for  example,  routing
          information packets) which would otherwise prevent the link from
          ever appearing to be idle.  The filter-expression syntax  is  as
          described  for  tcpdump(1),  except  that  qualifiers  which are
          inappropriate for a PPP link, such as ether  and  arp,  are  not
          permitted.   Generally  the filter expression should be enclosed
          in single-quotes to prevent whitespace in  the  expression  from
          being  interpreted  by  the shell. This option is currently only
          available  under  Linux,  and  requires  that  the  kernel   was
          configured to include PPP filtering support (CONFIG_PPP_FILTER).
          Note that it is  possible  to  apply  different  constraints  to
          incoming  and  outgoing  packets  using the inbound and outbound
          qualifiers.

   allow-ip address(es)
          Allow peers to use  the  given  IP  address  or  subnet  without
          authenticating  themselves.  The parameter is parsed as for each
          element of the list of allowed IP addresses in the secrets files
          (see the AUTHENTICATION section below).

   allow-number number
          Allow  peers  to  connect  from  the  given telephone number.  A
          trailing `*' character will match all numbers beginning with the
          leading part.

   bsdcomp nr,nt
          Request  that the peer compress packets that it sends, using the
          BSD-Compress scheme, with a maximum code size of  nr  bits,  and
          agree  to  compress packets sent to the peer with a maximum code
          size of nt bits.  If nt is not specified,  it  defaults  to  the
          value given for nr.  Values in the range 9 to 15 may be used for
          nr and nt; larger values give  better  compression  but  consume
          more kernel memory for compression dictionaries.  Alternatively,
          a  value  of  0  for  nr  or  nt  disables  compression  in  the
          corresponding  direction.  Use nobsdcomp or bsdcomp 0 to disable
          BSD-Compress compression entirely.

   ca ca-file
          (EAP-TLS)  Use  the  file  ca-file  as  the  X.509   Certificate
          Authority  (CA)  file  (in PEM format), needed for setting up an
          EAP-TLS connection.  This option is used on the  client-side  in
          conjunction with the cert and key options.

   cdtrcts
          Use  a  non-standard  hardware  flow  control  (i.e. DTR/CTS) to
          control the flow of data on the serial  port.   If  neither  the
          crtscts,  the nocrtscts, the cdtrcts nor the nocdtrcts option is
          given, the hardware flow control setting for the serial port  is
          left  unchanged.   Some  serial  ports (such as Macintosh serial
          ports) lack a true RTS output. Such serial ports use  this  mode
          to  implement true bi-directional flow control. The sacrifice is
          that this flow control mode does not permit using DTR as a modem
          control line.

   cert certfile
          (EAP-TLS) Use the file certfile as the X.509 certificate (in PEM
          format), needed for  setting  up  an  EAP-TLS  connection.  This
          option is used on the client-side in conjunction with the ca and
          key options.

   chap-interval n
          If this option is given, pppd will rechallenge the peer every  n
          seconds.

   chap-max-challenge n
          Set  the  maximum  number  of  CHAP challenge transmissions to n
          (default 10).

   chap-restart n
          Set  the  CHAP  restart  interval  (retransmission  timeout  for
          challenges) to n seconds (default 3).

   child-timeout n
          When  exiting,  wait for up to n seconds for any child processes
          (such as the command specified with the  pty  command)  to  exit
          before  exiting.   At  the  end of the timeout, pppd will send a
          SIGTERM signal to any remaining child  processes  and  exit.   A
          value  of  0 means no timeout, that is, pppd will wait until all
          child processes have exited.

   connect-delay n
          Wait for up to n milliseconds after the connect script  finishes
          for  a valid PPP packet from the peer.  At the end of this time,
          or when a valid PPP packet is received from the peer, pppd  will
          commence  negotiation  by  sending  its  first  LCP packet.  The
          default value is 1000 (1 second).  This wait period only applies
          if the connect or pty option is used.

   crl filename
          (EAP-TLS)  Use  the  file filename as the Certificate Revocation
          List to check for the validity of the peer's  certificate.  This
          option  is  not  mandatory for setting up an EAP-TLS connection.
          Also see the crl-dir option.

   crl-dir directory
          (EAP-TLS) Use the directory directory to scan for CRL  files  in
          has  format  ($hash.r0)  to check for the validity of the peer's
          certificate.  This option is not mandatory  for  setting  up  an
          EAP-TLS connection.  Also see the crl option.

   debug  Enables  connection  debugging  facilities.   If  this option is
          given, pppd will log the contents of all control packets sent or
          received  in  a  readable  form.  The packets are logged through
          syslog with facility daemon and level debug.   This  information
          can  be  directed  to  a  file  by  setting  up /etc/syslog.conf
          appropriately (see syslog.conf(5)).

   default-asyncmap
          Disable asyncmap negotiation, forcing all control characters  to
          be escaped for both the transmit and the receive direction.

   default-mru
          Disable  MRU  [Maximum  Receive  Unit]  negotiation.   With this
          option, pppd will use the default MRU value of  1500  bytes  for
          both the transmit and receive direction.

   deflate nr,nt
          Request  that the peer compress packets that it sends, using the
          Deflate scheme, with a maximum window size of 2**nr  bytes,  and
          agree to compress packets sent to the peer with a maximum window
          size of 2**nt bytes.  If nt is not specified, it defaults to the
          value given for nr.  Values in the range 9 to 15 may be used for
          nr and nt; larger values give  better  compression  but  consume
          more kernel memory for compression dictionaries.  Alternatively,
          a  value  of  0  for  nr  or  nt  disables  compression  in  the
          corresponding  direction.  Use nodeflate or deflate 0 to disable
          Deflate compression  entirely.   (Note:  pppd  requests  Deflate
          compression  in  preference  to  BSD-Compress if the peer can do
          either.)

   demand Initiate the link only on demand,  i.e.  when  data  traffic  is
          present.   With  this  option,  the  remote  IP  address  may be
          specified by the user on the command line or in an options file,
          or  if  not,  pppd will use an arbitrary address in the 10.x.x.x
          range.  Pppd will initially configure the interface  and  enable
          it  for IP traffic without connecting to the peer.  When traffic
          is  available,  pppd  will  connect  to  the  peer  and  perform
          negotiation,  authentication, etc.  When this is completed, pppd
          will commence passing data packets (i.e., IP packets) across the
          link.

          The demand option implies the persist option.  If this behaviour
          is not desired,  use  the  nopersist  option  after  the  demand
          option.   The  idle  and  holdoff  options  are  also  useful in
          conjunction with the demand option.

   domain d
          Append  the  domain  name  d  to  the  local   host   name   for
          authentication  purposes.  For example, if gethostname() returns
          the name  porsche,  but  the  fully  qualified  domain  name  is
          porsche.Quotron.COM, you could specify domain Quotron.COM.  Pppd
          would then use  the  name  porsche.Quotron.COM  for  looking  up
          secrets  in the secrets file, and as the default name to send to
          the peer when authenticating itself to the peer.  This option is
          privileged.

   dryrun With  the  dryrun  option,  pppd  will  print out all the option
          values which have been set and  then  exit,  after  parsing  the
          command  line  and options files and checking the option values,
          but before initiating the link.  The option values are logged at
          level  info,  and  also  printed  to  standard output unless the
          device on standard output is the device that pppd would be using
          to communicate with the peer.

   dump   With  the dump option, pppd will print out all the option values
          which have been set.  This option  is  like  the  dryrun  option
          except that pppd proceeds as normal rather than exiting.

   enable-session
          Enables   session   accounting   via   PAM   or  wtwp/wtmpx,  as
          appropriate.   When  PAM  is  enabled,  the  PAM  "account"  and
          "session"  module stacks determine behavior, and are enabled for
          all  PPP  authentication  protocols.   When  PAM  is   disabled,
          wtmp/wtmpx  entries  are recorded regardless of whether the peer
          name identifies a valid user on the local system,  making  peers
          visible  in  the  last(1)  log.   This  feature is automatically
          enabled when the pppd login option is used.  Session  accounting
          is disabled by default.

   endpoint <epdisc>
          Sets the endpoint discriminator sent by the local machine to the
          peer during multilink negotiation to <epdisc>.  The  default  is
          to  use  the  MAC address of the first ethernet interface on the
          system, if any, otherwise the IPv4 address corresponding to  the
          hostname,  if  any,  provided  it  is  not  in  the multicast or
          locally-assigned IP address ranges, or  the  localhost  address.
          The endpoint discriminator can be the string null or of the form
          type:value, where type is a decimal number or one of the strings
          local,  IP, MAC, magic, or phone.  The value is an IP address in
          dotted-decimal notation for the IP type, or a string of bytes in
          hexadecimal, separated by periods or colons for the other types.
          For the MAC type, the value may also be the name of an  ethernet
          or  similar  network  interface.   This option is currently only
          available under Linux.

   eap-interval n
          If this option is given and pppd authenticates the peer with EAP
          (i.e.,  is  the  server),  pppd  will restart EAP authentication
          every n seconds.  For EAP SRP-SHA1, see  also  the  srp-interval
          option, which enables lightweight rechallenge.

   eap-max-rreq n
          Set  the  maximum  number  of  EAP  Requests  to which pppd will
          respond (as a client) without hearing EAP  Success  or  Failure.
          (Default is 20.)

   eap-max-sreq n
          Set  the maximum number of EAP Requests that pppd will issue (as
          a server) while attempting authentication.  (Default is 10.)

   eap-restart n
          Set the retransmit timeout for EAP Requests  when  acting  as  a
          server (authenticator).  (Default is 3 seconds.)

   eap-timeout n
          Set the maximum time to wait for the peer to send an EAP Request
          when  acting  as  a  client  (authenticatee).   (Default  is  20
          seconds.)

   hide-password
          When  logging  the  contents  of PAP packets, this option causes
          pppd to exclude the password string from the log.  This  is  the
          default.

   holdoff n
          Specifies how many seconds to wait before re-initiating the link
          after it terminates.  This option only has  any  effect  if  the
          persist  or  demand  option  is used.  The holdoff period is not
          applied if the link was terminated because it was idle.

   idle n Specifies that pppd should disconnect if the link is idle for  n
          seconds.   The  link  is  idle  when  no  data  packets (i.e. IP
          packets) are being sent or received.  Note: it is not  advisable
          to  use  this  option with the persist option without the demand
          option.  If the active-filter  option  is  given,  data  packets
          which  are  rejected by the specified activity filter also count
          as the link being idle.

   ipcp-accept-local
          With this option, pppd will accept the peer's idea of our  local
          IP  address,  even  if  the local IP address was specified in an
          option.

   ipcp-accept-remote
          With this option, pppd  will  accept  the  peer's  idea  of  its
          (remote) IP address, even if the remote IP address was specified
          in an option.

   ipcp-max-configure n
          Set the maximum number of IPCP  configure-request  transmissions
          to n (default 10).

   ipcp-max-failure n
          Set  the  maximum  number of IPCP configure-NAKs returned before
          starting to send configure-Rejects instead to n (default 10).

   ipcp-max-terminate n
          Set the maximum number of IPCP  terminate-request  transmissions
          to n (default 3).

   ipcp-restart n
          Set  the  IPCP  restart  interval  (retransmission timeout) to n
          seconds (default 3).

   ipparam string
          Provides an extra parameter to the ip-up, ip-pre-up and  ip-down
          scripts.   If this option is given, the string supplied is given
          as the 6th parameter to those scripts.

   ipv6cp-accept-local
          With this option, pppd will accept the peer's idea of our  local
          IPv6  interface  identifier,  even  if  the local IPv6 interface
          identifier was specified in an option.

   ipv6cp-accept-remote
          With this option, pppd  will  accept  the  peer's  idea  of  its
          (remote)  IPv6  interface  identifier,  even  if the remote IPv6
          interface identifier was specified in an option.

   ipv6cp-max-configure n
          Set the maximum number of IPv6CP configure-request transmissions
          to n (default 10).

   ipv6cp-max-failure n
          Set  the maximum number of IPv6CP configure-NAKs returned before
          starting to send configure-Rejects instead to n (default 10).

   ipv6cp-max-terminate n
          Set the maximum number of IPv6CP terminate-request transmissions
          to n (default 3).

   ipv6cp-restart n
          Set  the  IPv6CP  restart interval (retransmission timeout) to n
          seconds (default 3).

   ipx    Enable the IPXCP and IPX protocols.  This  option  is  presently
          only  supported  under  Linux,  and only if your kernel has been
          configured to include IPX support.

   ipx-network n
          Set the IPX network number in the IPXCP configure request  frame
          to  n, a hexadecimal number (without a leading 0x).  There is no
          valid default.  If this option is  not  specified,  the  network
          number is obtained from the peer.  If the peer does not have the
          network number, the IPX protocol will not be started.

   ipx-node n:m
          Set the IPX node numbers. The two  node  numbers  are  separated
          from  each  other  with a colon character. The first number n is
          the local node number. The second number m is  the  peer's  node
          number.  Each  node  number  is a hexadecimal number, at most 10
          digits long. The node numbers on the ipx-network must be unique.
          There  is no valid default. If this option is not specified then
          the node numbers are obtained from the peer.

   ipx-router-name <string>
          Set the name of the router. This is a string and is sent to  the
          peer as information data.

   ipx-routing n
          Set  the  routing  protocol  to be received by this option. More
          than one instance of ipx-routing may be  specified.  The  'none'
          option (0) may be specified as the only instance of ipx-routing.
          The values may be 0 for NONE, 2 for RIP/SAP, and 4 for NLSP.

   ipxcp-accept-local
          Accept the peer's NAK for  the  node  number  specified  in  the
          ipx-node  option.  If a node number was specified, and non-zero,
          the default is to insist that the value be used. If you  include
          this  option then you will permit the peer to override the entry
          of the node number.

   ipxcp-accept-network
          Accept the peer's NAK for the network number  specified  in  the
          ipx-network  option. If a network number was specified, and non-
          zero, the default is to insist that the value be  used.  If  you
          include  this  option  then you will permit the peer to override
          the entry of the node number.

   ipxcp-accept-remote
          Use the peer's network number specified in the configure request
          frame.  If  a  node  number  was specified for the peer and this
          option was not specified, the peer will be  forced  to  use  the
          value which you have specified.

   ipxcp-max-configure n
          Set  the  maximum number of IPXCP configure request frames which
          the system will send to n. The default is 10.

   ipxcp-max-failure n
          Set the maximum number of  IPXCP  NAK  frames  which  the  local
          system  will  send  before  it  rejects the options. The default
          value is 3.

   ipxcp-max-terminate n
          Set the maximum number of IPXCP terminate request frames  before
          the  local  system  considers  that the peer is not listening to
          them. The default value is 3.

   kdebug n
          Enable debugging code  in  the  kernel-level  PPP  driver.   The
          argument  values  depend  on  the specific kernel driver, but in
          general a value of 1 will enable general kernel debug  messages.
          (Note  that these messages are usually only useful for debugging
          the kernel driver itself.)  For the Linux 2.2.x  kernel  driver,
          the  value is a sum of bits: 1 to enable general debug messages,
          2 to request that the contents of received packets  be  printed,
          and  4  to  request  that the contents of transmitted packets be
          printed.  On most systems, messages printed by  the  kernel  are
          logged   by   syslog(1)   to   a   file   as   directed  in  the
          /etc/syslog.conf configuration file.

   key keyfile
          (EAP-TLS) Use the file keyfile as the private key file  (in  PEM
          format),  needed  for  setting  up  an  EAP-TLS connection. This
          option is used on the client-side in conjunction with the ca and
          cert options.

   ktune  Enables  pppd  to  alter  kernel settings as appropriate.  Under
          Linux,   pppd   will   enable   IP    forwarding    (i.e.    set
          /proc/sys/net/ipv4/ip_forward  to  1)  if the proxyarp option is
          used, and will enable the dynamic IP address  option  (i.e.  set
          /proc/sys/net/ipv4/ip_dynaddr  to 1) in demand mode if the local
          address changes.

   lcp-echo-adaptive
          If this option is used with  the  lcp-echo-failure  option  then
          pppd  will  send  LCP echo-request frames only if no traffic was
          received from the peer since the last echo-request was sent.

   lcp-echo-failure n
          If this option is given, pppd will presume the peer to  be  dead
          if  n  LCP  echo-requests are sent without receiving a valid LCP
          echo-reply.   If  this  happens,   pppd   will   terminate   the
          connection.   Use  of  this option requires a non-zero value for
          the lcp-echo-interval parameter.  This option  can  be  used  to
          enable  pppd to terminate after the physical connection has been
          broken (e.g., the modem has hung  up)  in  situations  where  no
          hardware modem control lines are available.

   lcp-echo-interval n
          If  this  option  is  given,  pppd will send an LCP echo-request
          frame to the peer every n seconds.   Normally  the  peer  should
          respond  to  the  echo-request  by  sending an echo-reply.  This
          option can be used with the lcp-echo-failure  option  to  detect
          that the peer is no longer connected.

   lcp-max-configure n
          Set the maximum number of LCP configure-request transmissions to
          n (default 10).

   lcp-max-failure n
          Set the maximum number of  LCP  configure-NAKs  returned  before
          starting to send configure-Rejects instead to n (default 10).

   lcp-max-terminate n
          Set the maximum number of LCP terminate-request transmissions to
          n (default 3).

   lcp-restart n
          Set the LCP  restart  interval  (retransmission  timeout)  to  n
          seconds (default 3).

   linkname name
          Sets  the  logical name of the link to name.  Pppd will create a
          file  named  ppp-name.pid  in  /var/run  (or  /etc/ppp  on  some
          systems)  containing  its  process  ID.   This  can be useful in
          determining which instance of pppd is responsible for  the  link
          to a given peer system.  This is a privileged option.

   local  Don't  use the modem control lines.  With this option, pppd will
          ignore the state of the CD  (Carrier  Detect)  signal  from  the
          modem  and  will  not change the state of the DTR (Data Terminal
          Ready) signal.  This is the opposite of the modem option.

   logfd n
          Send log messages to file descriptor  n.   Pppd  will  send  log
          messages  to  at  most  one  file or file descriptor (as well as
          sending the log messages to syslog),  so  this  option  and  the
          logfile  option are mutually exclusive.  The default is for pppd
          to send log messages to stdout (file descriptor 1),  unless  the
          serial port is already open on stdout.

   logfile filename
          Append log messages to the file filename (as well as sending the
          log messages to syslog).  The file is opened with the privileges
          of the user who invoked pppd, in append mode.

   login  Use  the  system  password  database for authenticating the peer
          using PAP, and record the user in the system  wtmp  file.   Note
          that  the  peer  must  have an entry in the /etc/ppp/pap-secrets
          file as well as the  system  password  database  to  be  allowed
          access.  See also the enable-session option.

   master_detach
          If  multilink  is enabled and this pppd process is the multilink
          bundle master, and the link  controlled  by  this  pppd  process
          terminates,  this  pppd  process  continues  to  run in order to
          maintain the bundle.   If  the  master_detach  option  has  been
          given,  pppd  will  detach from its controlling terminal in this
          situation, even if the nodetach option has been given.

   maxconnect n
          Terminate the connection when it has been available for  network
          traffic  for  n  seconds (i.e. n seconds after the first network
          control protocol comes up).

   maxfail n
          Terminate after n consecutive  failed  connection  attempts.   A
          value of 0 means no limit.  The default value is 10.

   modem  Use  the modem control lines.  This option is the default.  With
          this option, pppd will wait for the CD (Carrier  Detect)  signal
          from  the  modem  to  be asserted when opening the serial device
          (unless a connect script is specified), and it will drop the DTR
          (Data  Terminal  Ready)  signal  briefly  when the connection is
          terminated and before executing the connect script.  On  Ultrix,
          this  option  implies  hardware flow control, as for the crtscts
          option.  This is the opposite of the local option.

   mp     Enables the use of PPP multilink;  this  is  an  alias  for  the
          `multilink'  option.   This  option  is currently only available
          under Linux.

   mppe-stateful
          Allow MPPE to  use  stateful  mode.   Stateless  mode  is  still
          attempted first.  The default is to disallow stateful mode.

   mpshortseq
          Enables  the use of short (12-bit) sequence numbers in multilink
          headers, as opposed to 24-bit sequence numbers.  This option  is
          only available under Linux, and only has any effect if multilink
          is enabled (see the multilink option).

   mrru n Sets the Maximum Reconstructed Receive Unit to n.  The  MRRU  is
          the  maximum  size  for a received packet on a multilink bundle,
          and is analogous to the MRU  for  the  individual  links.   This
          option is currently only available under Linux, and only has any
          effect if multilink is enabled (see the multilink option).

   ms-dns <addr>
          If pppd is acting as a server  for  Microsoft  Windows  clients,
          this  option  allows  pppd to supply one or two DNS (Domain Name
          Server) addresses to the clients.  The first  instance  of  this
          option  specifies  the  primary DNS address; the second instance
          (if given) specifies the secondary DNS  address.   (This  option
          was  present  in  some  older  versions  of  pppd under the name
          dns-addr.)

   ms-wins <addr>
          If pppd is acting as a server for Microsoft Windows  or  "Samba"
          clients,  this  option  allows  pppd  to  supply one or two WINS
          (Windows  Internet  Name  Services)  server  addresses  to   the
          clients.   The  first  instance  of  this  option  specifies the
          primary WINS address; the second instance (if  given)  specifies
          the secondary WINS address.

   multilink
          Enables the use of the PPP multilink protocol.  If the peer also
          supports multilink, then this link can become part of  a  bundle
          between  the local system and the peer.  If there is an existing
          bundle to the peer, pppd will join this  link  to  that  bundle,
          otherwise  pppd  will  create  a  new bundle.  See the MULTILINK
          section below.  This option is currently  only  available  under
          Linux.

   name name
          Set  the name of the local system for authentication purposes to
          name.  This is a privileged option.  With this option, pppd will
          use  lines  in  the  secrets files which have name as the second
          field when looking for a secret to  use  in  authenticating  the
          peer.  In addition, unless overridden with the user option, name
          will be used as the name to send to the peer when authenticating
          the  local  system to the peer.  (Note that pppd does not append
          the domain name to name.)

   noaccomp
          Disable Address/Control compression in both directions (send and
          receive).

   need-peer-eap
          (EAP-TLS)   Require   the  peer  to  verify  our  authentication
          credentials.

   noauth Do not require the peer to authenticate itself.  This option  is
          privileged.

   nobsdcomp
          Disables  BSD-Compress  compression;  pppd  will  not request or
          agree to compress packets using the BSD-Compress scheme.

   noccp  Disable CCP (Compression Control  Protocol)  negotiation.   This
          option  should  only  be  required if the peer is buggy and gets
          confused by requests from pppd for CCP negotiation.

   nocrtscts
          Disable hardware flow control (i.e. RTS/CTS) on the serial port.
          If neither the crtscts nor the nocrtscts nor the cdtrcts nor the
          nocdtrcts option is given, the hardware flow control setting for
          the serial port is left unchanged.

   nocdtrcts
          This  option is a synonym for nocrtscts. Either of these options
          will disable both forms of hardware flow control.

   nodefaultroute
          Disable the defaultroute option.  The system  administrator  who
          wishes  to  prevent  users from adding a default route with pppd
          can do so by placing this option in the /etc/ppp/options file.

   noreplacedefaultroute
          Disable the replacedefaultroute option. The system administrator
          who  wishes to prevent users from replacing a default route with
          pppd can do so by placing this option  in  the  /etc/ppp/options
          file.

   nodeflate
          Disables  Deflate compression; pppd will not request or agree to
          compress packets using the Deflate scheme.

   nodetach
          Don't  detach  from  the  controlling  terminal.   Without  this
          option,  if  a  serial  device  other  than  the terminal on the
          standard  input  is  specified,  pppd  will  fork  to  become  a
          background process.

   noendpoint
          Disables pppd from sending an endpoint discriminator to the peer
          or accepting one  from  the  peer  (see  the  MULTILINK  section
          below).   This  option  should  only  be required if the peer is
          buggy.

   noip   Disable IPCP negotiation  and  IP  communication.   This  option
          should  only  be required if the peer is buggy and gets confused
          by requests from pppd for IPCP negotiation.

   noipv6 Disable IPv6CP negotiation and IPv6 communication.  This  option
          should  only  be required if the peer is buggy and gets confused
          by requests from pppd for IPv6CP negotiation.

   noipdefault
          Disables the default behaviour  when  no  local  IP  address  is
          specified,  which  is  to  determine  (if possible) the local IP
          address from the hostname.  With this option, the peer will have
          to  supply  the local IP address during IPCP negotiation (unless
          it specified explicitly on the command line  or  in  an  options
          file).

   noipx  Disable the IPXCP and IPX protocols.  This option should only be
          required if the peer is buggy and gets confused by requests from
          pppd for IPXCP negotiation.

   noktune
          Opposite of the ktune option; disables pppd from changing system
          settings.

   nolock Opposite of the lock option;  specifies  that  pppd  should  not
          create  a  UUCP-style  lock  file  for  the serial device.  This
          option is privileged.

   nolog  Do not send log messages to a file  or  file  descriptor.   This
          option cancels the logfd and logfile options.

   nomagic
          Disable magic number negotiation.  With this option, pppd cannot
          detect a looped-back line.  This option should only be needed if
          the peer is buggy.

   nomp   Disables  the  use  of  PPP multilink.  This option is currently
          only available under Linux.

   nomppe Disables MPPE (Microsoft Point to Point  Encryption).   This  is
          the default.

   nomppe-40
          Disable 40-bit encryption with MPPE.

   nomppe-128
          Disable 128-bit encryption with MPPE.

   nomppe-stateful
          Disable MPPE stateful mode.  This is the default.

   nompshortseq
          Disables  the  use of short (12-bit) sequence numbers in the PPP
          multilink protocol, forcing the use of 24-bit sequence  numbers.
          This  option  is  currently only available under Linux, and only
          has any effect if multilink is enabled.

   nomultilink
          Disables the use of PPP multilink.   This  option  is  currently
          only available under Linux.

   nopcomp
          Disable  protocol  field  compression  negotiation  in  both the
          receive and the transmit direction.

   nopersist
          Exit once a connection has been made and  terminated.   This  is
          the  default  unless  the  persist  or  demand  option  has been
          specified.

   nopredictor1
          Do not accept or agree to Predictor-1 compression.

   noproxyarp
          Disable the  proxyarp  option.   The  system  administrator  who
          wishes  to  prevent  users  from creating proxy ARP entries with
          pppd can do so by placing this option  in  the  /etc/ppp/options
          file.

   noremoteip
          Allow pppd to operate without having an IP address for the peer.
          This option is only available under Linux.  Normally, pppd  will
          request  the  peer's IP address, and if the peer does not supply
          it, pppd will use an arbitrary address in the  10.x.x.x  subnet.
          With  this  option,  if the peer does not supply its IP address,
          pppd will not ask  the  peer  for  it,  and  will  not  set  the
          destination  address  of  the ppp interface.  In this situation,
          the ppp interface can be used for  routing  by  creating  device
          routes,  but the peer itself cannot be addressed directly for IP
          traffic.

   notty  Normally, pppd requires a terminal device.   With  this  option,
          pppd will allocate itself a pseudo-tty master/slave pair and use
          the slave as its terminal device.   Pppd  will  create  a  child
          process  to  act  as  a `character shunt' to transfer characters
          between the pseudo-tty master and its standard input and output.
          Thus  pppd  will  transmit characters on its standard output and
          receive characters on its standard input even if  they  are  not
          terminal  devices.   This  option  increases the latency and CPU
          overhead of transferring data over the ppp interface as  all  of
          the characters sent and received must flow through the character
          shunt process.  An explicit device name may not be given if this
          option is used.

   novj   Disable Van Jacobson style TCP/IP header compression in both the
          transmit and the receive direction.

   novjccomp
          Disable the connection-ID compression  option  in  Van  Jacobson
          style  TCP/IP  header  compression.  With this option, pppd will
          not omit the connection-ID byte  from  Van  Jacobson  compressed
          TCP/IP headers, nor ask the peer to do so.

   papcrypt
          Indicates  that  all  secrets  in  the /etc/ppp/pap-secrets file
          which are used  for  checking  the  identity  of  the  peer  are
          encrypted,  and  thus  pppd  should not accept a password which,
          before  encryption,  is  identical  to  the  secret   from   the
          /etc/ppp/pap-secrets file.

   pap-max-authreq n
          Set the maximum number of PAP authenticate-request transmissions
          to n (default 10).

   pap-restart n
          Set the PAP  restart  interval  (retransmission  timeout)  to  n
          seconds (default 3).

   pap-timeout n
          Set  the  maximum  time  that  pppd  will  wait  for the peer to
          authenticate itself with PAP to n seconds (0 means no limit).

   pass-filter filter-expression
          Specifies a packet filter to applied to data packets being  sent
          or  received  to  determine  which  packets should be allowed to
          pass.  Packets which are rejected by  the  filter  are  silently
          discarded.   This option can be used to prevent specific network
          daemons (such as routed) using up link bandwidth, or to  provide
          a  very basic firewall capability.  The filter-expression syntax
          is as described for tcpdump(1), except that qualifiers which are
          inappropriate  for  a  PPP  link, such as ether and arp, are not
          permitted.  Generally the filter expression should  be  enclosed
          in  single-quotes  to  prevent whitespace in the expression from
          being interpreted by the shell.  Note that  it  is  possible  to
          apply  different  constraints  to  incoming and outgoing packets
          using the  inbound  and  outbound  qualifiers.  This  option  is
          currently  only  available  under  Linux,  and requires that the
          kernel  was  configured  to  include   PPP   filtering   support
          (CONFIG_PPP_FILTER).

   password password-string
          Specifies  the  password  to use for authenticating to the peer.
          Use of this option is discouraged, as the password is likely  to
          be  visible  to other users on the system (for example, by using
          ps(1)).

   persist
          Do not exit after a connection is  terminated;  instead  try  to
          reopen the connection. The maxfail option still has an effect on
          persistent connections.

   plugin filename
          Load the shared library object file filename as a plugin.   This
          is  a  privileged  option.  If filename does not contain a slash
          (/), pppd will look in the /usr/lib/pppd/version  directory  for
          the  plugin,  where  version  is the version number of pppd (for
          example, 2.4.2).

   predictor1
          Request that the  peer  compress  frames  that  it  sends  using
          Predictor-1  compression,  and  agree  to  compress  transmitted
          frames with Predictor-1 if requested.  This option has no effect
          unless the kernel driver supports Predictor-1 compression.

   privgroup group-name
          Allows  members  of  group group-name to use privileged options.
          This is a privileged option.  Use of this option  requires  care
          as  there  is no guarantee that members of group-name cannot use
          pppd to become  root  themselves.   Consider  it  equivalent  to
          putting the members of group-name in the kmem or disk group.

   proxyarp
          Add  an entry to this system's ARP [Address Resolution Protocol]
          table with the IP address of the peer and the  Ethernet  address
          of  this  system.   This will have the effect of making the peer
          appear to other systems to be on the local ethernet.

   pty script
          Specifies that the command script is to be used  to  communicate
          rather  than  a  specific  terminal  device.  Pppd will allocate
          itself a pseudo-tty master/slave pair and use the slave  as  its
          terminal device.  The script will be run in a child process with
          the pseudo-tty master as its  standard  input  and  output.   An
          explicit  device  name  may not be given if this option is used.
          (Note: if the record option is used in conjunction with the  pty
          option,  the child process will have pipes on its standard input
          and output.)

   receive-all
          With this option, pppd will accept all control  characters  from
          the  peer,  including  those  marked  in  the  receive asyncmap.
          Without this option,  pppd  will  discard  those  characters  as
          specified  in RFC1662.  This option should only be needed if the
          peer is buggy.

   record filename
          Specifies that  pppd  should  record  all  characters  sent  and
          received  to  a  file  named  filename.   This file is opened in
          append mode, using the user's  user-ID  and  permissions.   This
          option  is  implemented  using  a  pseudo-tty  and  a process to
          transfer characters between the pseudo-tty and the  real  serial
          device,  so  it  will  increase  the latency and CPU overhead of
          transferring data over the ppp interface.   The  characters  are
          stored  in  a  tagged  format  with  timestamps,  which  can  be
          displayed in readable form using the pppdump(8) program.

   remotename name
          Set the assumed name of the  remote  system  for  authentication
          purposes to name.

   remotenumber number
          Set  the  assumed  telephone  number  of  the  remote system for
          authentication purposes to number.

   refuse-chap
          With this option, pppd will not agree to authenticate itself  to
          the peer using CHAP.

   refuse-mschap
          With  this option, pppd will not agree to authenticate itself to
          the peer using MS-CHAP.

   refuse-mschap-v2
          With this option, pppd will not agree to authenticate itself  to
          the peer using MS-CHAPv2.

   refuse-eap
          With  this option, pppd will not agree to authenticate itself to
          the peer using EAP.

   refuse-pap
          With this option, pppd will not agree to authenticate itself  to
          the peer using PAP.

   require-chap
          Require  the  peer  to authenticate itself using CHAP [Challenge
          Handshake Authentication Protocol] authentication.

   require-mppe
          Require the use of MPPE (Microsoft Point to  Point  Encryption).
          This  option  disables all other compression types.  This option
          enables both 40-bit and 128-bit encryption.  In order  for  MPPE
          to successfully come up, you must have authenticated with either
          MS-CHAP or MS-CHAPv2.  This option is presently  only  supported
          under  Linux,  and  only  if  your kernel has been configured to
          include MPPE support.

   require-mppe-40
          Require the use of MPPE, with 40-bit encryption.

   require-mppe-128
          Require the use of MPPE, with 128-bit encryption.

   require-mschap
          Require the peer to authenticate itself using MS-CHAP [Microsoft
          Challenge Handshake Authentication Protocol] authentication.

   require-mschap-v2
          Require   the   peer  to  authenticate  itself  using  MS-CHAPv2
          [Microsoft Challenge Handshake Authentication Protocol,  Version
          2] authentication.

   require-eap
          Require  the  peer  to authenticate itself using EAP [Extensible
          Authentication Protocol] authentication.

   require-pap
          Require the peer to  authenticate  itself  using  PAP  [Password
          Authentication Protocol] authentication.

   set name=value
          Set  an  environment  variable  for  scripts that are invoked by
          pppd.  When set by a privileged source, the  variable  specified
          by   name   cannot   be  changed  by  options  contained  in  an
          unprivileged  source.   See  also  the  unset  option  and   the
          environment described in SCRIPTS.

   show-password
          When  logging  the  contents  of PAP packets, this option causes
          pppd to show the password string in the log message.

   silent With this option, pppd will not transmit LCP packets to initiate
          a  connection until a valid LCP packet is received from the peer
          (as for the `passive' option with ancient versions of pppd).

   srp-interval n
          If this parameter  is  given  and  pppd  uses  EAP  SRP-SHA1  to
          authenticate  the peer (i.e., is the server), then pppd will use
          the optional lightweight SRP rechallenge mechanism at  intervals
          of   n   seconds.   This  option  is  faster  than  eap-interval
          reauthentication because it uses a hash-based mechanism and does
          not derive a new session key.

   srp-pn-secret string
          Set  the  long-term  pseudonym-generating secret for the server.
          This value is optional and if set, needs  to  be  known  at  the
          server  (authenticator)  side  only, and should be different for
          each server (or poll of identical servers).  It  is  used  along
          with  the  current date to generate a key to encrypt and decrypt
          the client's identity contained in the pseudonym.

   srp-use-pseudonym
          When operating as an EAP SRP-SHA1 client,  attempt  to  use  the
          pseudonym  stored in ~/.ppp_pseudonym first as the identity, and
          save in this file any  pseudonym  offered  by  the  peer  during
          authentication.

   sync   Use  synchronous  HDLC  serial encoding instead of asynchronous.
          The device used by pppd with this option must have sync support.
          Currently  supports  Microgate SyncLink adapters under Linux and
          FreeBSD 2.2.8 and later.

   unit num
          Sets the ppp unit number (for a ppp0 or ppp1 etc interface name)
          for  outbound  connections.   If  the  unit  is already in use a
          dynamically allocated number will be used.

   ifname string
          Set the ppp interface name for  outbound  connections.   If  the
          interface  name is already in use, or if the name cannot be used
          for any other reason, pppd will terminate.

   unset name
          Remove a variable from the environment variable for scripts that
          are invoked by pppd.  When specified by a privileged source, the
          variable  name  cannot  be  set  by  options  contained  in   an
          unprivileged   source.    See   also  the  set  option  and  the
          environment described in SCRIPTS.

   updetach
          With this option, pppd will detach from its controlling terminal
          once  it has successfully established the ppp connection (to the
          point where the first network control protocol, usually  the  IP
          control protocol, has come up).

   usehostname
          Enforce  the  use of the hostname (with domain name appended, if
          given) as the  name  of  the  local  system  for  authentication
          purposes  (overrides  the  name  option).   This  option  is not
          normally needed since the name option is privileged.

   usepeerdns
          Ask the peer for up to 2 DNS server  addresses.   The  addresses
          supplied  by  the peer (if any) are passed to the /etc/ppp/ip-up
          script in the environment  variables  DNS1  and  DNS2,  and  the
          environment  variable USEPEERDNS will be set to 1.  In addition,
          pppd will create an /etc/ppp/resolv.conf file containing one  or
          two nameserver lines with the address(es) supplied by the peer.

   user name
          Sets  the  name  used for authenticating the local system to the
          peer to name.

   vj-max-slots n
          Sets the number of connection  slots  to  be  used  by  the  Van
          Jacobson  TCP/IP header compression and decompression code to n,
          which must be between 2 and 16 (inclusive).

   welcome script
          Run the executable or shell command specified by  script  before
          initiating  PPP  negotiation,  after the connect script (if any)
          has completed.  A value for this option from a privileged source
          cannot be overridden by a non-privileged user.

   xonxoff
          Use software flow control (i.e. XON/XOFF) to control the flow of
          data on the serial port.

OPTIONS FILES

   Options can be taken from files as well  as  the  command  line.   Pppd
   reads   options   from   the   files   /etc/ppp/options,  ~/.ppprc  and
   /etc/ppp/options.ttyname (in that order) before processing the  options
   on the command line.  (In fact, the command-line options are scanned to
   find the terminal name before the options.ttyname file  is  read.)   In
   forming  the  name  of  the  options.ttyname file, the initial /dev/ is
   removed from the terminal name, and  any  remaining  /  characters  are
   replaced with dots.

   An  options  file  is  parsed  into  a  series  of  words, delimited by
   whitespace.  Whitespace can be included in a word by enclosing the word
   in  double-quotes (").  A backslash (\) quotes the following character.
   A hash (#) starts a comment, which continues until the end of the line.
   There  is  no  restriction  on using the file or call options within an
   options file.

SECURITY

   pppd provides system administrators with sufficient access control that
   PPP  access  to  a  server  machine can be provided to legitimate users
   without fear of compromising the security of the server or the  network
   it's  on.   This  control  is provided through restrictions on which IP
   addresses the peer may use, based on  its  authenticated  identity  (if
   any),  and  through restrictions on which options a non-privileged user
   may use.  Several of pppd's options are privileged, in particular those
   which  permit  potentially  insecure  configurations; these options are
   only accepted in files which  are  under  the  control  of  the  system
   administrator, or if pppd is being run by root.

   The  default  behaviour  of pppd is to allow an unauthenticated peer to
   use a given IP address only if the system does not already have a route
   to  that IP address.  For example, a system with a permanent connection
   to the wider internet will normally have a default route, and thus  all
   peers  will  have  to  authenticate  themselves  in  order  to set up a
   connection.  On such a system, the auth option is the default.  On  the
   other  hand,  a system where the PPP link is the only connection to the
   internet will not normally have a default route, so the  peer  will  be
   able to use almost any IP address without authenticating itself.

   As  indicated  above,  some  security-sensitive options are privileged,
   which means that they may not be used  by  an  ordinary  non-privileged
   user  running  a  setuid-root  pppd, either on the command line, in the
   user's ~/.ppprc file, or in an options file read using the file option.
   Privileged  options  may  be  used  in  /etc/ppp/options  file or in an
   options file read using the call option.  If pppd is being run  by  the
   root user, privileged options can be used without restriction.

   When  opening  the device, pppd uses either the invoking user's user ID
   or the root UID (that is, 0), depending on whether the device name  was
   specified  by the user or the system administrator.  If the device name
   comes from a privileged source, that is, /etc/ppp/options or an options
   file  read  using  the call option, pppd uses full root privileges when
   opening the device.   Thus,  by  creating  an  appropriate  file  under
   /etc/ppp/peers, the system administrator can allow users to establish a
   ppp connection  via  a  device  which  they  would  not  normally  have
   permission to access.  Otherwise pppd uses the invoking user's real UID
   when opening the device.

AUTHENTICATION

   Authentication is the process whereby one peer convinces the  other  of
   its  identity.   This  involves  the first peer sending its name to the
   other, together with some kind of secret information which  could  only
   come  from  the  genuine  authorized  user  of  that  name.  In such an
   exchange, we will call the first peer the "client" and  the  other  the
   "server".   The  client has a name by which it identifies itself to the
   server, and the server also has a name by which it identifies itself to
   the  client.   Generally  the  genuine  client  shares  some secret (or
   password) with the server, and authenticates itself by proving that  it
   knows  that  secret.   Very  often,  the  names used for authentication
   correspond to the internet hostnames of the  peers,  but  this  is  not
   essential.

   At  present, pppd supports three authentication protocols: the Password
   Authentication  Protocol  (PAP),  Challenge  Handshake   Authentication
   Protocol  (CHAP),  and  Extensible  Authentication Protocol (EAP).  PAP
   involves the client sending its name and a cleartext  password  to  the
   server  to  authenticate itself.  In contrast, the server initiates the
   CHAP authentication exchange by sending a challenge to the client  (the
   challenge  packet includes the server's name).  The client must respond
   with a response which includes its name plus a hash value derived  from
   the  shared  secret  and the challenge, in order to prove that it knows
   the secret.  EAP supports CHAP-style authentication, and also  includes
   the  SRP-SHA1 mechanism, which is resistant to dictionary-based attacks
   and does not require a cleartext password on the server side.

   The PPP protocol, being symmetrical, allows both peers to  require  the
   other   to  authenticate  itself.   In  that  case,  two  separate  and
   independent authentication exchanges will  occur.   The  two  exchanges
   could   use  different  authentication  protocols,  and  in  principle,
   different names could be used in the two exchanges.

   The default behaviour of pppd is to agree to authenticate if requested,
   and  to  not  require authentication from the peer.  However, pppd will
   not agree to authenticate itself with a particular protocol if  it  has
   no secrets which could be used to do so.

   Pppd  stores  secrets  for  use  in  authentication  in  secrets  files
   (/etc/ppp/pap-secrets for PAP, /etc/ppp/chap-secrets for CHAP, MS-CHAP,
   MS-CHAPv2,  and  EAP  MD5-Challenge,  and  /etc/ppp/srp-secrets for EAP
   SRP-SHA1).  All secrets files have the same format.  The secrets  files
   can  contain  secrets for pppd to use in authenticating itself to other
   systems, as well as secrets for pppd to use when  authenticating  other
   systems to itself.

   Each  line  in  a  secrets file contains one secret.  A given secret is
   specific to a particular combination of client and server - it can only
   be  used  by  that  client to authenticate itself to that server.  Thus
   each line in a secrets file has at least 3  fields:  the  name  of  the
   client,  the  name  of the server, and the secret.  These fields may be
   followed by a list of the IP addresses that the  specified  client  may
   use when connecting to the specified server.

   A  secrets  file  is  parsed  into  words as for a options file, so the
   client name, server name and secrets fields must each be one word, with
   any  embedded  spaces  or  other  special characters quoted or escaped.
   Note that case is significant in the client and server names and in the
   secret.

   If  the  secret  starts  with an `@', what follows is assumed to be the
   name of a file from which to read the secret.  A "*" as the  client  or
   server  name matches any name.  When selecting a secret, pppd takes the
   best match, i.e.  the match with the fewest wildcards.

   Any following words on the  same  line  are  taken  to  be  a  list  of
   acceptable  IP addresses for that client.  If there are only 3 words on
   the line, or if the first word  is  "-",  then  all  IP  addresses  are
   disallowed.   To  allow any address, use "*".  A word starting with "!"
   indicates that the specified address is not acceptable.  An address may
   be followed by "/" and a number n, to indicate a whole subnet, i.e. all
   addresses which have the same value in the most significant n bits.  In
   this form, the address may be followed by a plus sign ("+") to indicate
   that one address from the  subnet  is  authorized,  based  on  the  ppp
   network  interface  unit number in use.  In this case, the host part of
   the address will be set to the unit number plus one.

   Thus a secrets file contains both secrets  for  use  in  authenticating
   other  hosts, plus secrets which we use for authenticating ourselves to
   others.  When pppd is authenticating  the  peer  (checking  the  peer's
   identity),  it chooses a secret with the peer's name in the first field
   and the name of the local system in the second field.  The name of  the
   local system defaults to the hostname, with the domain name appended if
   the domain option is used.  This default can  be  overridden  with  the
   name  option,  except  when  the  usehostname option is used.  (For EAP
   SRP-SHA1, see the srp-entry(8) utility for generating proper  validator
   entries to be used in the "secret" field.)

   When  pppd  is choosing a secret to use in authenticating itself to the
   peer, it first determines what name it is  going  to  use  to  identify
   itself  to  the  peer.  This name can be specified by the user with the
   user option.  If this option is not used, the name defaults to the name
   of the local system, determined as described in the previous paragraph.
   Then pppd looks for a secret with this name in the first field and  the
   peer's  name  in the second field.  Pppd will know the name of the peer
   if CHAP or EAP authentication is being used, because the peer will have
   sent  it  in the challenge packet.  However, if PAP is being used, pppd
   will have to determine the peer's name from the  options  specified  by
   the  user.   The  user  can  specify  the peer's name directly with the
   remotename option.  Otherwise, if the remote IP address  was  specified
   by  a name (rather than in numeric form), that name will be used as the
   peer's name.  Failing that, pppd will use the null string as the peer's
   name.

   When  authenticating  the peer with PAP, the supplied password is first
   compared with the secret  from  the  secrets  file.   If  the  password
   doesn't  match  the secret, the password is encrypted using crypt() and
   checked against the secret again.  Thus secrets for authenticating  the
   peer  can  be  stored  in  encrypted  form if desired.  If the papcrypt
   option is given, the first (unencrypted)  comparison  is  omitted,  for
   better security.

   Furthermore,  if  the  login  option  was  specified,  the username and
   password are also checked against the system password database.   Thus,
   the  system  administrator can set up the pap-secrets file to allow PPP
   access only to certain users, and to restrict the set of  IP  addresses
   that  each  user  can use.  Typically, when using the login option, the
   secret in /etc/ppp/pap-secrets  would  be  "",  which  will  match  any
   password  supplied  by the peer.  This avoids the need to have the same
   secret in two places.

   Authentication must be satisfactorily completed  before  IPCP  (or  any
   other  Network  Control  Protocol)  can  be  started.   If  the peer is
   required to  authenticate  itself,  and  fails  to  do  so,  pppd  will
   terminated   the   link  (by  closing  LCP).   If  IPCP  negotiates  an
   unacceptable IP address for the remote host, IPCP will be  closed.   IP
   packets can only be sent or received when IPCP is open.

   In  some  cases  it  is  desirable  to  allow  some  hosts  which can't
   authenticate themselves to connect and use one of a restricted  set  of
   IP   addresses,   even   when   the   local   host  generally  requires
   authentication.  If  the  peer  refuses  to  authenticate  itself  when
   requested,  pppd  takes  that  as equivalent to authenticating with PAP
   using the empty string for the username and password.  Thus, by  adding
   a line to the pap-secrets file which specifies the empty string for the
   client and password, it is possible to allow restricted access to hosts
   which refuse to authenticate themselves.

ROUTING

   When  IPCP  negotiation is completed successfully, pppd will inform the
   kernel of the local and remote IP  addresses  for  the  ppp  interface.
   This  is  sufficient  to  create  a host route to the remote end of the
   link,  which  will  enable  the   peers   to   exchange   IP   packets.
   Communication   with   other   machines   generally   requires  further
   modification to routing tables and/or ARP (Address Resolution Protocol)
   tables.   In  most  cases  the defaultroute and/or proxyarp options are
   sufficient  for  this,  but  in  some  cases  further  intervention  is
   required.  The /etc/ppp/ip-up script can be used for this.

   Sometimes  it  is  desirable  to add a default route through the remote
   host, as in the case of a machine whose only connection to the Internet
   is  through  the ppp interface.  The defaultroute option causes pppd to
   create such a default route when IPCP comes up, and delete it when  the
   link is terminated.

   In some cases it is desirable to use proxy ARP, for example on a server
   machine  connected  to  a  LAN,  in  order  to  allow  other  hosts  to
   communicate  with  the remote host.  The proxyarp option causes pppd to
   look for a network interface on the same subnet as the remote host  (an
   interface supporting broadcast and ARP, which is up and not a point-to-
   point or loopback interface).  If  found,  pppd  creates  a  permanent,
   published  ARP  entry  with  the  IP address of the remote host and the
   hardware address of the network interface found.

   When the demand option is used, the interface IP addresses have already
   been set at the point when IPCP comes up.  If pppd has not been able to
   negotiate the same addresses that it used to  configure  the  interface
   (for  example  when  the  peer  is  an ISP that uses dynamic IP address
   assignment), pppd has to change  the  interface  IP  addresses  to  the
   negotiated  addresses.   This may disrupt existing connections, and the
   use of demand dialling with peers that do dynamic IP address assignment
   is not recommended.

MULTILINK

   Multilink  PPP provides the capability to combine two or more PPP links
   between a pair of machines into a single `bundle', which appears  as  a
   single  virtual  PPP  link  which  has  the  combined  bandwidth of the
   individual links.  Currently, multilink PPP  is  only  supported  under
   Linux.

   Pppd  detects  that the link it is controlling is connected to the same
   peer as another link using the peer's endpoint  discriminator  and  the
   authenticated  identity  of the peer (if it authenticates itself).  The
   endpoint discriminator is a block of data which is hopefully unique for
   each  peer.   Several  types  of  data  can be used, including locally-
   assigned strings  of  bytes,  IP  addresses,  MAC  addresses,  randomly
   strings  of  bytes, or E-164 phone numbers.  The endpoint discriminator
   sent to the peer by pppd can be set using the endpoint option.

   In some circumstances the peer may send no endpoint discriminator or  a
   non-unique  value.   The  bundle  option  adds an extra string which is
   added to the peer's endpoint discriminator and  authenticated  identity
   when  matching  up links to be joined together in a bundle.  The bundle
   option can also be used to allow the establishment of multiple  bundles
   between  the  local  system  and the peer.  Pppd uses a TDB database in
   /var/run/pppd2.tdb to match up links.

   Assuming that multilink is enabled and the peer is willing to negotiate
   multilink,  then when pppd is invoked to bring up the first link to the
   peer, it will detect that no other link is connected to  the  peer  and
   create a new bundle, that is, another ppp network interface unit.  When
   another pppd is invoked to bring up another link to the peer,  it  will
   detect the existing bundle and join its link to it.

   If  the  first  link  terminates (for example, because of a hangup or a
   received LCP terminate-request) the  bundle  is  not  destroyed  unless
   there are no other links remaining in the bundle.  Rather than exiting,
   the first pppd keeps running after its link terminates, until  all  the
   links  in  the  bundle  have  terminated.  If the first pppd receives a
   SIGTERM or SIGINT signal, it will destroy the bundle and send a  SIGHUP
   to  the  pppd  processes  for  each of the links in the bundle.  If the
   first pppd receives a SIGHUP signal, it will terminate its link but not
   the bundle.

   Note: demand mode is not currently supported with multilink.

EXAMPLES

   The  following  examples assume that the /etc/ppp/options file contains
   the auth option (as in the default /etc/ppp/options  file  in  the  ppp
   distribution).

   Probably  the  most  common use of pppd is to dial out to an ISP.  This
   can be done with a command such as

          pppd call isp

   where the /etc/ppp/peers/isp file is set up by the system administrator
   to contain something like this:

          ttyS0 19200 crtscts
          connect '/usr/sbin/chat -v -f /etc/ppp/chat-isp'
          noauth

   In  this  example,  we  are  using  chat to dial the ISP's modem and go
   through  any  logon  sequence  required.   The  /etc/ppp/chat-isp  file
   contains  the  script  used  by  chat;  it  could  for  example contain
   something like this:

          ABORT "NO CARRIER"
          ABORT "NO DIALTONE"
          ABORT "ERROR"
          ABORT "NO ANSWER"
          ABORT "BUSY"
          ABORT "Username/Password Incorrect"
          "" "at"
          OK "at&d0&c1"
          OK "atdt2468135"
          "name:" "^Umyuserid"
          "word:" "\qmypassword"
          "ispts" "\q^Uppp"
          "~-^Uppp-~"

   See the chat(8) man page for details of chat scripts.

   Pppd can also be used to provide a dial-in ppp service for  users.   If
   the  users  already have login accounts, the simplest way to set up the
   ppp service is to let the users log in to their accounts and  run  pppd
   (installed setuid-root) with a command such as

          pppd proxyarp

   To  allow  a user to use the PPP facilities, you need to allocate an IP
   address  for   that   user's   machine   and   create   an   entry   in
   /etc/ppp/pap-secrets,  /etc/ppp/chap-secrets,  or  /etc/ppp/srp-secrets
   (depending on which authentication method the PPP implementation on the
   user's  machine  supports), so that the user's machine can authenticate
   itself.  For example, if Joe has a machine called "joespc" that  is  to
   be  allowed  to  dial  in to the machine called "server" and use the IP
   address  joespc.my.net,  you  would  add  an   entry   like   this   to
   /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:

          joespc    server    "joe's secret" joespc.my.net

   (See  srp-entry(8)  for  a  means  to  generate the server's entry when
   SRP-SHA1 is in use.)  Alternatively, you can create a  username  called
   (for example) "ppp", whose login shell is pppd and whose home directory
   is /etc/ppp.  Options to be used when pppd is run this way can  be  put
   in /etc/ppp/.ppprc.

   If your serial connection is any more complicated than a piece of wire,
   you may need to arrange for some control characters to be escaped.   In
   particular,  it is often useful to escape XON (^Q) and XOFF (^S), using
   asyncmap a0000.  If the path includes a  telnet,  you  probably  should
   escape ^] as well (asyncmap 200a0000).  If the path includes an rlogin,
   you will need to use the escape ff option on the end which  is  running
   the   rlogin   client,   since  many  rlogin  implementations  are  not
   transparent; they will remove the sequence  [0xff,  0xff,  0x73,  0x73,
   followed by any 8 bytes] from the stream.

DIAGNOSTICS

   Messages  are  sent  to  the  syslog  daemon using facility LOG_DAEMON.
   (This can be overridden by recompiling  pppd  with  the  macro  LOG_PPP
   defined  as the desired facility.)  See the syslog(8) documentation for
   details of where the syslog daemon will write the  messages.   On  most
   systems,  the  syslog  daemon uses the /etc/syslog.conf file to specify
   the destination(s) for syslog messages.  You may need to edit that file
   to suit.

   The  debug  option  causes  the contents of all control packets sent or
   received to be logged, that is,  all  LCP,  PAP,  CHAP,  EAP,  or  IPCP
   packets.  This can be useful if the PPP negotiation does not succeed or
   if authentication fails.  If debugging is enabled at compile time,  the
   debug option also causes other debugging messages to be logged.

   Debugging  can  also be enabled or disabled by sending a SIGUSR1 signal
   to the pppd process.  This signal acts as a toggle.

EXIT STATUS

   The exit status of pppd is  set  to  indicate  whether  any  error  was
   detected, or the reason for the link being terminated.  The values used
   are:

   0      Pppd has detached, or otherwise the connection was  successfully
          established and terminated at the peer's request.

   1      An  immediately  fatal  error  of some kind occurred, such as an
          essential system call failing, or running out of virtual memory.

   2      An error was detected in processing the options given,  such  as
          two mutually exclusive options being used.

   3      Pppd is not setuid-root and the invoking user is not root.

   4      The  kernel  does  not  support PPP, for example, the PPP kernel
          driver is not included or cannot be loaded.

   5      Pppd terminated because it was sent a SIGINT, SIGTERM or  SIGHUP
          signal.

   6      The serial port could not be locked.

   7      The serial port could not be opened.

   8      The connect script failed (returned a non-zero exit status).

   9      The  command  specified  as the argument to the pty option could
          not be run.

   10     The PPP negotiation failed, that is, it didn't reach  the  point
          where at least one network protocol (e.g. IP) was running.

   11     The peer system failed (or refused) to authenticate itself.

   12     The  link was established successfully and terminated because it
          was idle.

   13     The link was established successfully and terminated because the
          connect time limit was reached.

   14     Callback  was  negotiated  and  an  incoming  call should arrive
          shortly.

   15     The link was terminated because the peer is  not  responding  to
          echo requests.

   16     The link was terminated by the modem hanging up.

   17     The PPP negotiation failed because serial loopback was detected.

   18     The init script failed (returned a non-zero exit status).

   19     We failed to authenticate ourselves to the peer.

SCRIPTS

   Pppd  invokes  scripts at various stages in its processing which can be
   used to perform site-specific ancillary processing.  These scripts  are
   usually  shell  scripts,  but  could  be executable code files instead.
   Pppd does not wait for the scripts to finish (except for the  ip-pre-up
   script).  The scripts are executed as root (with the real and effective
   user-id set to 0), so that they can do things such  as  update  routing
   tables  or  run  privileged  daemons.   Be careful that the contents of
   these scripts do not compromise your system's security.  Pppd runs  the
   scripts  with standard input, output and error redirected to /dev/null,
   and with an environment that  is  empty  except  for  some  environment
   variables  that  give  information  about  the  link.   The environment
   variables that pppd sets are:

   DEVICE The name of the serial tty device being used.

   IFNAME The name of the network interface being used.

   IPLOCAL
          The IP address for the local end of the link.  This is only  set
          when IPCP has come up.

   IPREMOTE
          The IP address for the remote end of the link.  This is only set
          when IPCP has come up.

   PEERNAME
          The authenticated name of the peer.  This is  only  set  if  the
          peer authenticates itself.

   SPEED  The baud rate of the tty device.

   ORIG_UID
          The real user-id of the user who invoked pppd.

   PPPLOGNAME
          The  username  of  the  real  user-id that invoked pppd. This is
          always set.

   For the ip-down and auth-down scripts, pppd  also  sets  the  following
   variables giving statistics for the connection:

   CONNECT_TIME
          The  number  of  seconds  from  when the PPP negotiation started
          until the connection was terminated.

   BYTES_SENT
          The number of bytes sent (at  the  level  of  the  serial  port)
          during the connection.

   BYTES_RCVD
          The  number  of bytes received (at the level of the serial port)
          during the connection.

   LINKNAME
          The logical name of the link, set with the linkname option.

   CALL_FILE
          The value of the call option.

   DNS1   If the peer supplies DNS server addresses, this variable is  set
          to  the  first  DNS  server address supplied (whether or not the
          usepeerdns option was given).

   DNS2   If the peer supplies DNS server addresses, this variable is  set
          to  the  second  DNS server address supplied (whether or not the
          usepeerdns option was given).

   Pppd invokes the following scripts, if they exist.  It is not an  error
   if they don't exist.

   /etc/ppp/auth-up
          A  program  or  script which is executed after the remote system
          successfully authenticates itself.   It  is  executed  with  the
          parameters

          interface-name peer-name user-name tty-device speed

          Note  that  this  script  is  not  executed  if the peer doesn't
          authenticate itself, for example when the noauth option is used.

   /etc/ppp/auth-down
          A program or script which is executed when the link  goes  down,
          if  /etc/ppp/auth-up was previously executed.  It is executed in
          the same manner with the same parameters as /etc/ppp/auth-up.

   /etc/ppp/ip-pre-up
          A program or script  which  is  executed  just  before  the  ppp
          network  interface  is brought up.  It is executed with the same
          parameters as the ip-up  script  (below).   At  this  point  the
          interface  exists  and  has  IP  addresses assigned but is still
          down.  This can be used to add  firewall  rules  before  any  IP
          traffic can pass through the interface.  Pppd will wait for this
          script to finish before  bringing  the  interface  up,  so  this
          script should run quickly.

   /etc/ppp/ip-up
          A program or script which is executed when the link is available
          for sending and receiving IP packets (that  is,  IPCP  has  come
          up).  It is executed with the parameters

          interface-name       tty-device      speed      local-IP-address
          remote-IP-address ipparam

   /etc/ppp/ip-down
          A program or script which is executed when the link is no longer
          available for sending and receiving IP packets.  This script can
          be used for  undoing  the  effects  of  the  /etc/ppp/ip-up  and
          /etc/ppp/ip-pre-up  scripts.   It  is invoked in the same manner
          and with the same parameters as the ip-up script.

   /etc/ppp/ipv6-up
          Like /etc/ppp/ip-up, except that it is executed when the link is
          available for sending and receiving IPv6 packets. It is executed
          with the parameters

          interface-name   tty-device    speed    local-link-local-address
          remote-link-local-address ipparam

   /etc/ppp/ipv6-down
          Similar  to  /etc/ppp/ip-down,  but  it  is  executed  when IPv6
          packets can no longer be transmitted on the link. It is executed
          with the same parameters as the ipv6-up script.

   /etc/ppp/ipx-up
          A program or script which is executed when the link is available
          for sending and receiving IPX packets (that is, IPXCP  has  come
          up).  It is executed with the parameters

          interface-name       tty-device       speed       network-number
          local-IPX-node-address                   remote-IPX-node-address
          local-IPX-routing-protocol           remote-IPX-routing-protocol
          local-IPX-router-name remote-IPX-router-name ipparam pppd-pid

          The local-IPX-routing-protocol  and  remote-IPX-routing-protocol
          field may be one of the following:

          NONE      to indicate that there is no routing protocol
          RIP       to indicate that RIP/SAP should be used
          NLSP      to indicate that Novell NLSP should be used
          RIP NLSP  to indicate that both RIP/SAP and NLSP should be used

   /etc/ppp/ipx-down
          A program or script which is executed when the link is no longer
          available for sending and receiving IPX  packets.   This  script
          can  be  used  for  undoing  the  effects of the /etc/ppp/ipx-up
          script.  It is invoked in the same  manner  and  with  the  same
          parameters as the ipx-up script.

FILES

   /var/run/pppn.pid (BSD or Linux), /etc/ppp/pppn.pid (others)
          Process-ID for pppd process on ppp interface unit n.

   /var/run/ppp-name.pid (BSD or Linux),
          /etc/ppp/ppp-name.pid  (others)  Process-ID for pppd process for
          logical link name (see the linkname option).

   /var/run/pppd2.tdb
          Database containing information about pppd processes, interfaces
          and  links,  used  for  matching  links  to bundles in multilink
          operation.  May be  examined  by  external  programs  to  obtain
          information  about  running  pppd  instances, the interfaces and
          devices  they  are   using,   IP   address   assignments,   etc.
          /etc/ppp/pap-secrets  Usernames,  passwords and IP addresses for
          PAP authentication.  This file should be owned by root  and  not
          readable or writable by any other user.  Pppd will log a warning
          if this is not the case.

   /etc/ppp/chap-secrets
          Names,  secrets  and  IP  addresses  for  CHAP/MS-CHAP/MS-CHAPv2
          authentication.   As  for /etc/ppp/pap-secrets, this file should
          be owned by root and not readable or writable by any other user.
          Pppd will log a warning if this is not the case.

   /etc/ppp/srp-secrets
          Names, secrets, and IP addresses for EAP authentication.  As for
          /etc/ppp/pap-secrets, this file should be owned by root and  not
          readable or writable by any other user.  Pppd will log a warning
          if this is not the case.

   ~/.ppp_pseudonym
          Saved client-side SRP-SHA1 pseudonym.  See the srp-use-pseudonym
          option for details.

   /etc/ppp/options
          System  default  options  for  pppd,  read  before  user default
          options or command-line options.

   ~/.ppprc
          User default options, read before /etc/ppp/options.ttyname.

   /etc/ppp/options.ttyname
          System default options for the  serial  port  being  used,  read
          after  ~/.ppprc.   In forming the ttyname part of this filename,
          an initial /dev/ is stripped from the port  name  (if  present),
          and any slashes in the remaining part are converted to dots.

   /etc/ppp/peers
          A   directory   containing   options  files  which  may  contain
          privileged options, even if pppd was invoked  by  a  user  other
          than root.  The system administrator can create options files in
          this directory  to  permit  non-privileged  users  to  dial  out
          without  requiring the peer to authenticate, but only to certain
          trusted peers.

SEE ALSO

   chat(8), pppstats(8)

   RFC1144
          Jacobson, V.  Compressing TCP/IP headers  for  low-speed  serial
          links.  February 1990.

   RFC1321
          Rivest, R.  The MD5 Message-Digest Algorithm.  April 1992.

   RFC1332
          McGregor,  G.   PPP  Internet  Protocol Control Protocol (IPCP).
          May 1992.

   RFC1334
          Lloyd, B.; Simpson, W.A.  PPP authentication protocols.  October
          1992.

   RFC1661
          Simpson, W.A.  The Point-to-Point Protocol (PPP).  July 1994.

   RFC1662
          Simpson, W.A.  PPP in HDLC-like Framing.  July 1994.

   RFC2284
          Blunk,   L.;   Vollbrecht,  J.,  PPP  Extensible  Authentication
          Protocol (EAP).  March 1998.

   RFC2472
          Haskin, D.  IP Version 6 over PPP December 1998.

   RFC2945
          Wu, T., The SRP Authentication and Key Exchange System September
          2000.

   draft-ietf-pppext-eap-srp-03.txt
          Carlson, J.; et al., EAP SRP-SHA1 Authentication Protocol.  July
          2001.

NOTES

   Some limited degree of control can be exercised  over  a  running  pppd
   process by sending it a signal from the list below.

   SIGINT, SIGTERM
          These signals cause pppd to terminate the link (by closing LCP),
          restore the serial device settings, and exit.  If a connector or
          disconnector  process  is  currently running, pppd will send the
          same signal to  its  process  group,  so  as  to  terminate  the
          connector or disconnector process.

   SIGHUP This  signal  causes  pppd  to  terminate  the link, restore the
          serial device settings, and close the  serial  device.   If  the
          persist  or  demand  option has been specified, pppd will try to
          reopen the serial device and start another connection (after the
          holdoff  period).   Otherwise pppd will exit.  If this signal is
          received during the holdoff period, it causes pppd  to  end  the
          holdoff  period  immediately.   If  a  connector or disconnector
          process is running, pppd  will  send  the  same  signal  to  its
          process group.

   SIGUSR1
          This signal toggles the state of the debug option.

   SIGUSR2
          This signal causes pppd to renegotiate compression.  This can be
          useful to re-enable compression after it has been disabled as  a
          result  of  a  fatal  decompression error.  (Fatal decompression
          errors generally indicate a bug in one or other implementation.)

AUTHORS

   Paul Mackerras  (paulus@samba.org),  based  on  earlier  work  by  Drew
   Perkins, Brad Clements, Karl Fox, Greg Christy, and Brad Parker.

COPYRIGHT

   Pppd  is  copyrighted and made available under conditions which provide
   that it may be copied and used in source or binary forms provided  that
   the  conditions  listed below are met.  Portions of pppd are covered by
   the following copyright notices:

   Copyright  (c)  1984-2000  Carnegie  Mellon  University.   All   rights
   reserved.
   Copyright (c) 1993-2004 Paul Mackerras. All rights reserved.
   Copyright (c) 1995 Pedro Roque Marques.  All rights reserved.
   Copyright (c) 1995 Eric Rosenquist.  All rights reserved.
   Copyright (c) 1999 Tommi Komulainen.  All rights reserved.
   Copyright (C) Andrew Tridgell 1999
   Copyright (c) 2000 by Sun Microsystems, Inc.  All rights reserved.
   Copyright (c) 2001 by Sun Microsystems, Inc.  All rights reserved.
   Copyright (c) 2002 Google, Inc.  All rights reserved.

   The copyright notices contain the following statements.

   Redistribution  and  use  in  source  and binary forms, with or without
   modification, are permitted provided that the following conditions  are
   met:

   1. Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.

   2. Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in
      the documentation and/or other materials provided with the
      distribution.

   3. The name "Carnegie Mellon University" must not be used to
      endorse or promote products derived from this software without
      prior written permission. For permission or any legal
      details, please contact
        Office of Technology Transfer
        Carnegie Mellon University
        5000 Forbes Avenue
        Pittsburgh, PA  15213-3890
        (412) 268-4387, fax: (412) 268-7395
        tech-transfer@andrew.cmu.edu

   3b. The name(s) of the authors of this software must not be used to
      endorse or promote products derived from this software without
      prior written permission.

   4. Redistributions of any form whatsoever must retain the following
      acknowledgements:
      "This product includes software developed by Computing Services
       at Carnegie Mellon University (http://www.cmu.edu/computing/)."
      "This product includes software developed by Paul Mackerras
       <paulus@samba.org>".
      "This product includes software developed by Pedro Roque Marques
       <pedro_m@yahoo.com>".
      "This product includes software developed by Tommi Komulainen
       <Tommi.Komulainen@iki.fi>".

   CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
   SOFTWARE, INCLUDING  ALL  IMPLIED  WARRANTIES  OF  MERCHANTABILITY  AND
   FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY
   SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR  ANY  DAMAGES  WHATSOEVER
   RESULTING  FROM  LOSS  OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
   CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING  OUT  OF  OR  IN
   CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

   THE  AUTHORS  OF  THIS  SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
   THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY  AND
   FITNESS,  IN  NO  EVENT  SHALL  THE  AUTHORS BE LIABLE FOR ANY SPECIAL,
   INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES  WHATSOEVER  RESULTING
   FROM  LOSS  OF  USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
   NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  OR  IN  CONNECTION
   WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

                                                                   PPPD(8)





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.