ppp(1M)ppp(1M)NAME
ppp, if_ppp, ppp_fram - Point-to-Point Protocol
SYNOPSISppp [-d] [-r remote] [-f cfile]
DESCRIPTION
PPP is a standard protocol for transmitting network data over point-to-
point links using synchronous modems, asynchronous modems, or ISDN links.
It can be used to transfer data between applications which are using
TCP/IP or UDP/IP.
The ppp program is used to connect to a remote machine. It does
everything necessary to permit network data to reach the modem or ISDN
line, and to connect the TTY port to the rest the network system. It
does things that are done by ifconfig(1M) for other network interfaces.
The result is a "point-to-point" link that can be part of an existing IP
interwork.
The -d flag requests additional debugging information. Additional
instances of -d produce more information. The debugging information is
sent to the system log (usually /var/adm/SYSLOG) if its standard error
file descriptor is not a tty. The signals SIGUSR1 and SIGUSR2 increase
and decrease the amount of debugging information.
Avoid increasing the debugging level to more than 1, because entire
packets will be logged, including those containing PPP PAP and CHAP names
and passwords, which can let anyone who can read the system log discover
the passwords.
Another reason to avoid increasing the debugging level to more than 1 is
that turns on messages from the IRIX kernel. While the kernel is
displaying the message, it has all interrupts turned off, which can cause
input to be lost, which often causes more messages from the kernel, and
so on.
The -f flag specifies an alternative control file instead of
/etc/ppp.conf.
The -r flag specifies the label of an entry in the control file. If -r
is absent, the value of the environment variable $USER specifies the
label of the control file entry.
The operation of the ppp program is controlled by a control file. The
control file must be owned by and readable only by UID=0, because it can
contain PAP or CHAP authentication secrets. Comment lines in the control
file start with a '#' character and are ignored, as are blank lines. A
'#' character after a keyword and value also signals a comment to the end
of the line. Each entry starts with a label that is often the name of a
remote system. Non-blank, non-comment lines that start with blanks or
tabs are continuations of the previous non-comment line. Each label is
followed by zero or more keywords or keywords followed by an "="
Page 1
ppp(1M)ppp(1M)
character and a value. Blanks separate keywords. Upper and lower case
letters have the same significance in keywords. Values for keywords can
be quoted to contain blanks or '#' characters. Standard backslash escape
sequences are supported, except that NUL is never permitted.
There are a large number of parameters that can be modified. The default
values of the parameters are appropriate for most situations.
Unnecessary changes to these parameters is the most common cause of
problems. A machine that only answers calls need not have a control file
at all. Consider using a control file based on the sample below.
PPP authentication is not strictly necessary when using asynchronous
modems, because ordinary UNIX usernames and passwords are checked.
Because the ISDN calling-number information is not always available, it
is important to use authentication incoming ISDN connections, often with
reconfigure. It is also important to use authentication on switched
synchronous wide area network connections.`
When the default value for -r is used (for example when ppp is the shell
for an account), some parameters such as the in, out, and quiet modes are
ignored. This allows a single control line to serve for both input and
output.
The machine that originates the PPP connection (or both machines for
symmetric demand dialing) can usually start the ppp program with
ppp-r remote. The machine that answers a modem call (both machines for
symmetric demand dialing using modems) should have an account with a
"shell" that is the ppp program. The resulting $USER environment
variable is then used to select an entry in the control file. An
incoming ISDN call causes the ISDN daemon (see isdnd(1M)) to start the
ppp program with $USER set to _ISDN_INCOMING. An incoming synchronous
wide area call causes the WSYNC deamon (see wsyncd(1M)) to start the ppp
program with $USER set to _WSYNC_INCOMING.
The following list of control file parameters is somewhat ordered into
groups of related functions, with groups least unlikely to be changed
first.
debug[=num]
increases the debugging information sent to the system log. See
also the -d flag described above, including the warning about high
levels of debugging.
continue=name
effectively concatenates the named control file entry to the current
line. This can be used with a line naming a fictitious system but
containing common settings.
To avoid security and other problems, name should not be a valid
hostname. Including a character invalid in a hostname, as in
+common, is a good idea.
Page 2
ppp(1M)ppp(1M)
reconfigure
indicates that this control file entry is a generic (probably
incoming) entry, and that the remote machine must provide a name
using one of the PPP authentication protocols. The name is used to
select a new control file entry, and that entry is used to set
almost all PPP parameters. This mechanism is useful for ISDN and
WSYNC connections which do not use the familiar getty and login
mechanisms.
When the CHAP protocol is used, the remote system must receive a
"challenge" so that it can respond with its name. send_name must be
used in the reconfigure entry if the name used in the challenge is
not the local hostname. The "secrets" used with CHAP authentication
should be specified in the entry parsed after the reconfigure entry.
The reconfiguration entry should only pick the authentication
protocol(s) and (if necessary) specify the CHAP name to send.
The only parameters that are not reset according to the new entry
are those that cannot be changed, having already been used to
configure the link. Other parameters are either set to the values
specified in the new control file entry or to their defaults. Some
parameters such as ACCM that have already been negotiated but that
can be renegotiated with the other system can be changed between the
reconfigure entry and the new entry. If possible, it is best
specify as little as possible, using the default parameters in the
reconfigure entry.
If an explicit recv_name is not specified, then any valid username
on the local system can be sent by the PPP peer. A list of explicit
names can be used to restrict the permitted names.
recv_name=name
requires the remote machine to authenticate itself using name and
the corresponding IRIX (PAP) password or specified CHAP secret. A
null name allows the remote machine to authenticate itself using PAP
with any IRIX username valid on the local machine.
Several recv_name specifications can be used to accept any of
several names. This is useful in a reconfigure entry. The parameter
is redundant and ignored in the control file entry parsed after the
reconfigure entry, because a name has already been received from the
peer and used to choose the new control file entry. However, that
entry might be parsed for an out-going connection and so might need
the parameter then.
Whether the name is used in the PAP or the CHAP protocols depends on
which of the two protocols are negotiated. Which of the protocols
are acceptable and so might be negotiated depends on whether
send_pap, send_chap, and so on are specified. In the absence of any
specification and when passwords, names, or reconfigure are
specified, PAP is the default. When both are specified, then CHAP
is offered to the peer first.
Page 3
ppp(1M)ppp(1M)
The PAP name and password received from the peer must be in the
familiar IRIX password and username database. The UID, GUID,
"shell" and other parameters associated with the username are
ignored. The PAP name and password sent to the peer and the CHAP
names and passwords need not be in the IRIX password database.
If neither recv_name nor any other authentication parameter is
specified and reconfigure is not used, then no PAP requests will be
sent, the remote machine need not authenticate itself, and any
authentication it offers will be accepted. Such a lack of
authentication is often considered a bad idea.
send_name=name
specifies the name to be sent to the remote machine as part of PAP
or CHAP authentication.
The remote machine might or might not treat the name it receives as
an IRIX username.
If PAP and not CHAP is used, the name to be sent can be omitted from
a control file entry with reconfigure, in which case the local
system will delay authenticating itself with PAP to the other system
until the peer has authenticated itself. That allows the PAP name
to be in the second control file entry chosen according to the name
supplied by the peer when it authenticated itself. If the name is
specified in the reconfigure entry, it cannot be changed in the
second control file entry, although the same name can be specified
again.
If the name is not specified, but CHAP is specified with send_chap
or recv_chap, then the hostname is the default. This name is used
in both CHAP challenges and responses to name this machine. This
name must be the same in both the reconfigure and second control
file entries, even when it is defaulted and not explicitly
specified.
send_passwd=string
specifies the password to be sent to the remote machine as PAP
authentication or the secret used to generate CHAP responses.
The CHAP recv_passwd and send_passwd secrets should be distint to
avoid a security problem.
The control file must be readable only for UID=0 to keep such
passwords secret.
The password to be sent to the peer can be omitted from the
reconfigure entry, in which case the local system will delay
authenticating itself until the peer has begun authenticated itself.
That allows the password to be in the second control file entry
chosen according to the name supplied by the peer when it
authenticated itself. If the password is specified in the
Page 4
ppp(1M)ppp(1M)
reconfigure entry, it cannot be changed in the second control file
entry.
recv_passwd=string
specifies the "secret" used to generate responses to CHAP challenges
from the other system. If CHAP is turned on with recv_chap, then a
secret must be specified.
The CHAP recv_passwd and send_passwd secrets should be distint to
avoid a security problem.
The control file must be readable only for UID=0 to keep such
passwords secret.
send_pap
says that this system can authenticate itself to the other system by
sending PAP requests.
-send_pap
says that this system will not authenticate itself to the other
system by sending PAP requests.
send_chap
says that this system can authenticate itself to the other system by
sending CHAP responses in answer to CHAP challenges received from
the other system. CHAP is preferred to PAP if both are available
when send_pap is also specified.
-send_chap
prevents this system from authenticating itself by sending CHAP
responses CHAP.
recv_pap
says this system would like to authenticate the remote system by
receiving PAP requests from the remote system.
-recv_pap
says the other system cannot authenticate itself to this system with
PAP.
recv_chap
says the other system can authenticate itself to this system with
CHAP responses answering CHAP challenges sent by this system. CHAP
is preferred if both PAP and CHAP are available when recv_pap is
also specified.
-recv_chap
says the other system cannot authenticate itself to this system with
CHAP.
Page 5
ppp(1M)ppp(1M)
max_auth_secs=secs
changes the time the deadline for the other machine to respond to an
authorization request from the default of 30 seconds.
auth_secs=secs
changes delay between retransmissions of authentication requests
from the default of 5 seconds.
chap_reauth_secs=secs
causes CHAP challenges to be sent periodically. The interval must
be at least 10 seconds and at most 2 hours or 7200 seconds
-utmp
turns off the "utmp" entries (see utmp(4)) otherwise added for
incoming ISDN or T1 and all outgoing connections.
netmask=mask
overrides the default netmask for the link. Because a PPP link is a
point-to-point link, the netmask is not used directly. However, the
new RIP routing daemon uses it to infer whether subnetting is used
by the remote system. Thus, if the remote system is treating the
link as "unnumbered" and using its primary host address for its end
of the link, then the local PPP interface should have the netmask
that the remote system is using for its primary network interface.
metric=num
overrides the default routing metric associated with the link.
mtu=num
overrides the default, 1500 byte "maximum transmission unit" or MTU
associated with a PPP link. The normal PPP negotiating mechanism
can be used by the computer on the other end of the link to reduce
the size of packets transmitted by the local machine when the link
is first made. The MTU cannot be reduced after kernel has committed
to is, as with demand dialing.
add_route="rt-cmd"
executes the command `/usr/etc/route rt-cmd`, presumably to add an
IP route to the kernel routing tables. The environment variable
$REMOTEADDR contains the IP address of the remote machine, the
address at the other end of the PPP link. See route(1M).
If the rt-cmd starts with "add" and if the -del_route is not used,
then the route will be deleted when the ppp program ends and
interface is removed.
Note that this route is a "static route." Routing daemons such as
gated and routed should usually be turned off when this keyword is
used, except when the new version of routed initially available in a
patch for IRIX 6.2 is used. See gated(1M), routed(1M), and
chkconfig(1M).
Page 6
ppp(1M)ppp(1M)
add_route
has the same effect as add_route="add default #".
-del_route
turns off the default removal of the route added by add_route.
del_route="rt-cmd"
executes the command `/usr/etc/route rt-cmd` when the PPP link is
shut down, presumably to delete a route added with add_route. This
is useful in case the route added did not start with "add" and so
when the default removal of the route is disabled.
add_route6="rt-cmd"
executes the command `/usr/etc/route rt-cmd`, presumably to add an
IPv6 route to the kernel routing tables.
If the rt-cmd starts with "add" and if the -del_route6 is not used,
then the route will be deleted when the ppp program exits.
add_route6
Adds a default IPv6 route using the remote system as the gateway.
-del_route6
turns off the default removal of the route added by add_route6.
del_route6="rt-cmd"
executes the command `/usr/etc/route rt-cmd` when the PPP link is
shut down, presumably to delete an IPv6 route added with add_route6.
This is useful in case the route added did not start with "add" so
default removal of the route is disabled.
proxy_arp=ifname
specifies that an ARP table entry for the IP address of the remote
system should be added using the MAC address of the specified
interface.
-proxy_arp
turns off the default addition of an ARP table entry for the remote
system. Otherwise, if the IP address of the remote system has a
network number equal to one of the non-point-to-point interfaces of
the local system, then a suitable proxy-ARP table entry will be
added.
uucp_name=uname
specifies a name in the /etc/uucp/Systems file for dialing. Its
default value is the remote machine name. UUCP hostnames can be at
most 7 or sometimes 8 characters long. It is useful to use one name
for dialing and another for TCP/IP when the more public, harder to
change TCP/IP name is longer than 7 characters.
Page 7
ppp(1M)ppp(1M)
localhost=ipname[,mask]
specifies one of the set of IP addresses for the local end of the
PPP link. Additional instances of the keyword add to the set of
acceptable local addresses.
During the IP part of negotiations during the PPP connection
initiation, the local machine insists that the negotiated address be
a member of the set. The ipname can be a hostname or a numeric IP
address. If absent, the mask is assumed to be "255.255.255.255".
The pair (ipname,mask) specifies all IP addresses such that
ipname&~mask=0, or in other words, all addresses that match modulo
the mask. (Note that this mask has nothing to do with a "netmask.")
If there is more than one localhost keyword in a single line in the
control file, the set used during negotiations is the union of the
sets specified by all of the keywords. Use localhost=0,0 to let the
remote machine pick any IP address for this machine. If the set
consists of a single IP address (e.g. a single localhost keyword
with a default mask or a mask of 255.255.255.255), the local machine
will not only reject requests to use any other address, but will
also propose the address with IPCP configuration request packets.
If there are no localhost keywords, the set of local addresses
defaults to the address of the local machine. The default is
usually appropriate, whether connecting two ethernets or extending
an ethernet to a distant, isolated workstation. When connecting
isolated workstations, it is best to use a single network number and
allocate host numbers on that network for remote workstations.
remotehost=ipname[,mask]
specifies one of the set of IP addresses of the remote end of the
PPP link. It behaves just like the localhost keyword, except that
the remote end of link is being named and the default is the label
of the control file entry or the UUCP name, if either is a valid
hostname. If neither is a valid hostname, it defaults to
remotehost=0,0 to let the remote machine negotiate any IP address it
wants.
In quiet mode, the IP addresses of the PPP link are configured
before the other machine is contacted, since the rest of the system
must know the addresses in order to send traffic over the link to
cause the link to be dialed. That means that in quiet mode, the IP
addresses cannot be defaulted or negotiated.
localif=ifname
specifies a 64-bit interface identifier for the local end of the PPP
link.
ifname must be in the "colon-hexadecimal" notation used for IPv6
addresses, e.g., "ffff:0123:4567:89ab" or "::abcd". (A complete ipv6
address, e.g., fe80::ffff:0123:4567:89ab, may be specified; however,
the upper 64 bits will be ignored.)
Page 8
ppp(1M)ppp(1M)
If the localif keyword is not used, the interface identifier will be
derived from a local ethernet address, if an ethernet interface
exists on the local system; if no ethernet interface exists, a
random 48-bit number will be used to generate an "ethernet-like"
address, from which the 64-bit interface identifier will be
constructed.
If the remote system rejects ifname, another interface identifier
will be assigned to the local end of the PPP link.
remoteif=ifname
specifies a 64-bit interface identifier to be offered for use by the
remote system.
ifname must be in the "colon-hexadecimal" notation used for IPv6
addresses, e.g., "ffff:0123:4567:89ab" or "::abcd". (A complete ipv6
address, e.g., fe80::ffff:0123:4567:89ab, may be specified; however,
the upper 64 bits will be ignored.)
The remote system always has the opportunity to specify the
interface identifier for the remote end of the PPP link. Only if the
remote system fails to specify an interface identifier, or we reject
the specified identifier, is ifname used.
If the remoteif keyword is not used and the remote host fails to
offer an acceptable interface identifier then we generate an
interface identifier derived from a local ethernet address, if an
ethernet interface exists on the local system; if no ethernet
interface exists, a random 48-bit number will be used to generate an
"ethernet-like" address, from which the 64-bit interface identifier
will be constructed.
rem_sysname=name
specifies a name for the remote system. This name may differs from
the remote hostname of the system. By default, this name is the
same as the label of the control file entry, specified with -r or
the environment variable $USER. This control is necessary only when
MP Endpoint Discriminators are turned off or not supported by the
peer.
-addr_negotiate
disables IPCP address negotiation. This is useful only when the
peer does not implement the ADDR Configure-Request option, the
default values for remotehost and localhost are correct, and it is
worthwhile to save the cost of an extra round of Configure-Reject
and Configure-Request. Use of this facility should be avoided,
because it disables the detection of one of the most common
configuration errors.
active_timeout=secs
sets the number of seconds of idleness while at least one TCP
connection seems to be open before the PPP link is broken. The
Page 9
ppp(1M)ppp(1M)
lower layers snoop on packets to infer the number of open TCP
connections that go over the link. This snooping cannot be made
entirely reliable, because the end of the connection may be a
distant machine that forwards only some of its packets through this
machine, and because only TCP/IP packets transmitted by this machine
are observed.
The active timeout must be no smaller than the inactive_timeout.
See the quiet mode. In quiet mode, the active_timeout defaults to
the inactive_timeout, and if neither is specified, the
active_timeout defaults to 300 and the inactive_timeout to 30
seconds. Such values limit many telephone calls for quick,
automatic transactions like email to less than a minute, without
making interactive sessions painful. As long as you type at least
once every 5 minutes in an interactive session, the link will remain
active.
inactive_timeout=secs
sets the number of seconds of idleness while no TCP connections seem
to be open before the PPP link is broken. This timeout must no
larger than the active_timeout. See the quiet mode. In quiet mode,
the inactive_timeout defaults to the active_timeout, and if neither
is specified, the active timeout defaults to 300 and the inactive
timeout to 30 seconds.
When non-TCP applications are being used, or when applications such
as Mosaic, involving many short-lived TCP connections are used, it
can be useful to open a TCP connection (e.g. telnet or login) to a
remote system to invoke the longer, active_timeout.
Specifying a timeout with active_timeout or inactive_timeout turns
on "demand dialing". See quiet.
toll_boundary=billing_secs
overrides active_timeout and inactive_timeout until the link as been
active approximately multiple of billing_secs seconds. For example,
if the telephone company bills for complete minutes, an idle link
may as well remain connected until near the end of the current
minute.
busy_delay=secs
sets the delay before complete saturation of the current links
causes the addition of an additional line, provided there are fewer
lines currently active than specified with outdevs. The default
delay is 10 seconds, and it is always rounded up to a multiple of 5
seconds.
idle_delay=secs
sets the period of at least partial idleness with no moments of
complete saturation of the links before one of the active lines in
excess of the number specified with mindevs is turned off. Only
links started by the local machine are turned off when they are
Page 10
ppp(1M)ppp(1M)
idle. If all links are completely idle, the active_timeout and
inactive_timeout will turn off all lines, including incoming lines.
The default delay is 30 seconds, and it is always rounded up to a
multiple of 5 seconds.
bps=num
overrides the automatic measurements of the speed of the device.
maxdevs=num
changes the maximum number of multilink serial lines. Connections
in excess of this number are refused.
outdevs=num
sets the maximum number of multilink serial lines that will be used
when originating a call. If the maxdevs value is greater than the
outdevs value, additional incoming connections in excess of the
outdevs limit are permitted.
mindevs=num
changes the minimum number of multilink serial lines (e.g. modems)
from the default of 1. An additional connection is attempted
whenever there are fewer, provided this system originated the call.
unsafe_mp
allows the system answering the phone to add a link to the multilink
bundle. This is usually undesirable, unless the other system is too
dumb to add links to the bundle when the bundle is saturated.
-mp disables the PPP multilink protocol, MP. The BF&I multilink
protocol will be used instead.
mp_send_ssn
try to send short MP sequence numbers;
mp_recv_ssn
accept short MP sequence numbers;
mp_headers
requires MP headers even when the bundle consists of a single link.
-endpoint_discriminator
turn off endpoint-descriptors when talking to a broken system.
Endpoint-descriptors extremely useful.
-mp_frag
avoids MP fragmentation as much as possible.
map_char_num=num
adds a character to the list of those that must be escaped when
transmitted over the PPP link. Not just control characters, but any
character other than the PPP 0x5e can be marked to be escaped.
However, only control characters can be negotiated to be escaped
Page 11
ppp(1M)ppp(1M)
when received. See map_char.
accm=num
sets the list (Async-Control-Character-Map or ACCM) of characters
that must be escaped when transmitted over the PPP link. See
map_char.
map_char=chars
adds the control characters corresponding to the letters in the
string chars to the list of those that must be escaped when
transmitted over the PPP link. By default, the list is empty, but
other commonly used lists are all (accm=0xffffffff) and NUL, XOFF,
and XON (map_char=@QS).
accm_parity
causes control characters to be escaped regardless of their "parity"
bit.
-rx_accm
Control characters that are received from the peer and in the ACCM
negotiated with the peer must be discarded according to the PPP
standard. This is because there are two reasons for escaping
control characters. They might be gratuitously removed by modems or
other equipment in the line, or they might by gratuitously added.
This switch overrides the default behavior of discarding bytes that
should have been escaped but were not.
The transmit ACCM is separate from the receive ACCM. There is
nothing the receiver can do except suggest during the negotiations
when the link is made that transmitter escape more bytes and discard
bytes that were not escaped but should have been.
in specifies "input mode" for the ppp program. In this mode, the local
machine is expected to accept connections (e.g. telephone calls) for
the remote machine. See quiet.
out specifies "output mode" for the ppp program. In this mode, the
local machine is expected to initiate the connection to the remote
machine (e.g. place the telephone call).
Specifying a timeout with active_timeout or inactive_timeout turns
on "demand dialing" that differs from "quiet mode" only in
immediately making the connection without waiting for traffic. See
quiet.
quiet
specifies "quiet mode" for the ppp program. When there is traffic,
it creates the connection. When the link seems to be idle, it
breaks the connection, and later restores it when there is more
traffic. This is sometimes called "demand dialing."
A quiet connection must know both IP addresses before the connection
Page 12
ppp(1M)ppp(1M)
is established, because the connection is not made until traffic is
waiting, traffic cannot exist until the remote and local IP
addresses are known, and so the normal IP address negotiation
mechanism is not available, and so remotehost and localhost must be
explicitly specified.
While a quiet mode connection can be started at the receiving end of
a connection, it may not have the desired effect. The daemon does
not expect to use the serial connection to its standard input in
quiet mode. If started in quiet mode as the result of the remote
system dialing in, the daemon will ignore the incoming serial
connection. It expects to wait quietly until it sees locally
generated traffic and the need to dial its own new link. One might
conceivably start a quiet mode daemon remotely for a simple kind of
traffic driven or "demand dial-back."
camp turns on "camping," a mode in which the ppp program continually
tries to reestablish the link whenever it is broken. Camping can
only be used in out mode. When practical, "demand dialing" with
quiet mode is more convenient.
modwait=secs
sets the number of seconds the modem is allowed to cool before
attempting a call. The default is 5 seconds. Too short a delay
between attempts to use the modem can cause various messages,
including the ever popular "DEVICE LOCKED".
modtries=num
sets the number of consecutive tries to dial the remote machine
before temporarily giving up, putting the message "giving up for
now" into the system log, and flushing the output queue. When
demand dialing is used, a new series of attempts will be made soon
after a new packet is put into the output queue (see modwait).
modpause=num
changes the delay after failed series of attempts to dial the remote
machine from the default of 0 to num seconds.
restart_ms=milliseconds
changes the initial delay before retransmitting PPP control packets
from the default of 1 seconds.
restart_ms_lim=milliseconds
changes the limit on the binary exponential increase of restart_ms
from the default of 8 seconds.
ccp_restart_ms=milliseconds
changes the delay before retransmitting CCP (PPP compression control
protocol) packets from the default of 6 seconds. This timer has no
backoff and starts out longer, because CCP is often done while the
link is otherwise very busy. A 3 second timeout is too short on a
busy 9600 bit/sec link with a 1500-byte MTU.
Page 13
ppp(1M)ppp(1M)
max_FSM_fail=num
changes the limit on the number of times the PPP finite state
machine will attempt to negotiate (i.e. Configure-Requests and
receive Configure-Naks or Configure-Rejects). The default is 10.
max_FSM_conf=num
changes the number of times the PPP FSM will send a Configuration-
Request without receiving a response before giving up (.e. send
Configure-Requests and no response). The default is 10.
max_FSM_term=num
changes the number of times a Terminate-Request will be sent by the
local FSM before turning off the link unilaterally. Use
max_FSM_term or max_term_ms but not both.
max_term_ms=milliseconds
changes the duration Terminate-Requests will be sent by the local
FSM before turning off the link unilaterally. Use max_FSM_term or
max_term_ms but not both. The default is 7 seconds.
-LCP_IDENT
turns off LCP Identification packets. See RFC 1570.
-LCP_ECHOS
turns off LCP Echo Requests. By default, an LCP Echo Request packet
is sent periodically to ensure that the peer is still working.
LCP_ECHO_INTERVAL=num
changes the repetition rate of LCP Echo Requests from its default
value of 10 seconds. The new value must be between 1 and 120
seconds.
-ipv4
Prevents configuration of the link for IPv4. It should never be
necessary to use this option, but it might be used when connecting
to a host that does not support IPv4.
-ipv6
Prevents configuration of the link for IPv6. It should never be
necessary to use this option, but it might be used when connecting
to a host that does not support IPv6.
noicmp
causes the system to discard all ICMP packets instead of
transmitting them over the link. This is intended for extremely low
speed links.
qmax=num
sets the maximum depth of the interface queue. The size of the
queue can be monitored with the netstat command.
Page 14
ppp(1M)ppp(1M)-telnettos
turns off the "telnet type of service hack," which tries to give
interactive traffic better service by moving ICMP packets and TCP
packets to or from ports 23, 513, or 518 to the front of the
transmit queue. Note that the IP TOS "low delay" bits are always
honored by the PPP driver.
inact_port=port
adds the TCP or UDP port number port to the list of ports that are
not considered evidence of activity. Traffic transmitted by this
machine to ports not in the list causes the system to restore the
PPP link (while in quiet mode). The port can be specified by
number, service name in /etc/services, or NIS service name.
By default, the list contains only ports 13 (daytime), 37 (time),
123 (ntp), 520 (route), and 525 (timed).
-inact_port
clears the list of uninteresting port numbers, making all ports
evidence of traffic.
inact_icmp=type
adds an ICMP packet type to the list of types that are not
considered evidence of activity. Other kinds of ICMP packets cause
the system to restore the PPP link (while in quiet mode).
The packet type must be a number from
/usr/include/netinet/ip_icmp.h. By default, the list contains only
5 (ICMP_UNREACH), 4 (ICMP_SOURCEQUENCH), 9 (ICMP_ROUTERADVERT), 10
(ICMP_ROUTERSOLICIT), 13 (ICMP_TSTAMP), and 14 (ICMP_TSTAMPREPLY).
-inact_icmp
clears the list of uninteresting ICMP packet types.
sync
-sync
indicate whether the line is "synchronous" or "asynchronous." The
default is asynchronous, except when its major device number is
known to be that of an ISDN line or when the top-most STREAMS module
is not recognized as the familiar module "TTY line discipline."
xon_xoff
turns on "XON/XOFF" or "software flow control" when a modem is used.
This should be avoided if at all possible.
-pcomp
disables PPP LCP protocol field compression. It is on by default.
-acomp
disables PPP LCP address and control field compression. It is on by
default on asynchronous links.
Page 15
ppp(1M)ppp(1M)-vj_comp
disables Van Jacobson TCP/IP header compression. It is on by
default.
vj_compslot
enables compression of the Van Jacobson TCP/IP header compression
slot ID. It is off by default, and should be off whenever there is
no reliable notification of the kernel PPP code of lost bytes.
There is no such notification over IRIX asynchronous serial lines.
Van Jacobson header compression is described in RFC 1144.
-vj_compslot
disables compression of the Van Jacobson TCP/IP header compression
ID.
vj_slots=slots
changes the number of Van Jacobson TCP header compression slots from
its default of 16.
-ccp disables the Compression Control Protocol and all link layer
compression.
-tx_predictor1
disables "Predictor Type 1" link layer compression on packets
transmitted by this system.
tx_bsd=bits
limits to no more than bits the code size of "BSD compress" link
layer compression on packets transmitted by this system.
-tx_bsd
disables "BSD compress" link layer compression on packet transmitted
by this system.
-rx_predictor1
disables "Predictor Type 1" link layer compression on packets
received by this system.
rx_bsd=bits
limits to no more than bits the code size of "BSD compress" link
layer compression on packets received by this system.
-rx_bsd
disables "BSD compress" link layer compression on packet received by
this system.
"BSD compress" code sizes of 9 to 15 bits are allowed.
"BSD compress" compression is more effective but requires more CPU
cycles than "Predictor Type 1." "BSD compress" code sizes larger
than 12 require more system memory than "Predictor Type 1."
Page 16
ppp(1M)ppp(1M)
Packets are not compressed unless both the transmitting and
receiving systems agree. BSD compress is preferred when both BSD
compress and Predictor are enabled and permitted by the other
system. Both 12-bit "BSD Compress" and "Predictor Type 1"
compression are enabled by default. When both are enabled, "BSD
Compress" is preferred.
The compression a system uses on the packets it transmits is chosen
and negotiated independently of the compression it expects to see on
the packets it receives.
stream_module=sname
adds the stream module with name sname to the list of modules that
will be pushed onto the STREAMS device beneath the two PPP modules.
The modules are pushed in the order they are named.
The ppp program must be killed to finally terminate a link that is
"camping" or in "quiet" mode (see kill(1) or killall(1M)). The TERM or
INT signals, as in `killall -v -TERM ppp`, are best because they allow
the ppp program to notify the other machine that the link is being turned
off.
Installation Notes
The program uses the dialing information on each appropriate line of the
/etc/uucp/Systems file until it succeeds. This can be useful if there is
more than one telephone number that might be used to contact the remote
machine. A /etc/uucp/Systems line like the following works well to call
an IRIS running this ppp software:
rmt Any ACUSLIP 19200 5551234 "" @\r\c ogin: mynam ssword: xxx PPP
The last check for "PPP," output by the ppp program by the remote IRIS
just before it starts the IP protocol, ignores banners or messages of the
day. It ensures the remote machine is not waiting for an additional
password. The check for "PPP" may not be appropriate with other brands
of computer.
The following shell script can be used to start the connection with the
Systems file entry above:
#!/bin/sh
exec </dev/null >/dev/null 2>&1
/usr/etc/ppp -r rmt $* &
The following sample PPP configuration file assumes a "quiet" mode
# common parameters
me add_route #install default route
# special parameters for rmt,
rmt remotehost=rmt.foo.bar.com
quiet #requires both host names be known
Page 17
ppp(1M)ppp(1M)
#
uucp_name=rmt #not needed, since same as default
continue=me
# another host that can use parallel links, and correctly negotiates
# its IP address, and uses ISDN and so needs PAP authentication.
other remotehost=0 outdevs=2
send_name=mynam send_passwd=guess@it
continue=me
# common entry for incoming ISDN connections
_ISDN_INCOMING
continue=_INCOMING
# common entry for incoming WSYNC connections
_WSYNC_INCOMING
continue=_INCOMING
_INCOMING
reconfigure
A machine which has no network connection other than a PPP link should
use a terminator on its ethernet port, and so act as if it has a valid
although very small local area network.
Because the ppp program can use the UUCP control files, the best way to
install a PPP connection is to first install a UUCP connection. So, one
first creates appropriate entries in the /etc/uucp/Dialers,
/etc/uucp/Devices, and /etc/uucp/Systems files, and then "debugs" the
connection with cu -d remotesystem.
A server which other machines call to use PPP should establish separate
"user names" in /etc/passwd (see passwd(4)), all using the ppp program as
their "login shell." Each username should be the same as a remote
machine name starting a line in the control file, thereby choosing
appropriate parameters for the link.
Since the ppp command configures network interfaces, it must be executed
with UID 0, and so the password entry on the remote system should use UID
0.
Routing demons can be used to exchange RIP packets (see routed(1M) or
gated(1M)) over the link, as well as advertise the link to the rest of
the IP network. The -h option to routed can usefully reduce the
resulting clutter of "host-routes." The -F option to routed on the
machine gatewaying a point-to-point link to an ethernet sends a synthetic
"default route" over the PPP link instead of the full routing tables,
making the cost of running RIP over the link negligible.
Page 18
ppp(1M)ppp(1M)
Each time the link is (re)established, the program sends a SIGHUP signal
to the gated and routed daemons, if they are running. This causes the
routing daemons to more quickly notice the (probably) new network
interface and to start advertising adjusted routes. It also causes a
"killed" message in the debugging output.
Static routing can be used instead of a routing daemon with the add_route
control file keyword or with route(1M) commands in a
/etc/init.d/network.local files associated with the /etc/init.d/network
file.
Note that
A ppp program using demand-dialing ("quiet" mode in the control file) can
call another ppp program which is in input, output, or demand-dialing
mode. In case the other system is calling this system, demand-dialing
uses random binary exponential backoffs after failed attempts.
The network information service (NIS, see ypbind(1M)) is not often useful
over a PPP link. it is usually necessary to use local copies of mail
aliases. However, the Internet domain name server can be useful, by
creating a /usr/etc/resolv.conf file (see resolver(4)) similar to the
following but with the addresses and domain name changed appropriately:
domain your.dom.ain
hostresorder local bind
nameserver 192.26.61.24
nameserver 192.26.61.21
nameserver 192.26.51.194
It is possible to use NFS over a PPP link, necessary to adjust the mount
options for the relatively long latencies and low bandwidth (see
automount(1M) and fstab(4)). Timeouts should be set long enough to allow
a complete transaction to pass the link before becoming too late, and
having to be retransmitted. A plausible value for timeo with default
8KByte block sizes over a 19.2Kbit/s link is 90, for 9 seconds. It can
be useful to increase the attribute timeouts substantially, to minutes.
To synchronize clocks over a PPP link timed can be used, but timeslave is
often more accurate.
Once each day at about midnight, if the ppp program has been running for
at least several hours, it logs some statistics concerning its work for
the previous 24 hours.
DIAGNOSTICS
Error messages complaining that "I_PUSH" failed mean that the kernel does
not contain the required PPP STREAMS modules, if_ppp and ppp_fram.
Page 19
ppp(1M)ppp(1M)FILES
/etc/ppp.conf default control file
/etc/init.d/network network start-up script
/etc/passwd
/var/adm/SYSLOG system log for debugging messages
/etc/uucp/Systems "modem chat scripts"
/etc/uucp/Dialers "chat scripts" to control modems
/etc/uucp/Devices tty port/modem configurations
/etc/hosts hostname database
/var/sysgen/master.d/if_ppp kernel STREAMS module
/var/sysgen/master.d/ppp_fram
/var/sysgen/boot/if_ppp.o
/var/sysgen/boot/ppp_fram.o
/tmp/.ppp-rendezvous rendezvous for demand dialing and pppstat
/dev/tty[dmf]x tty port attached to modem.
SEE ALSOchkconfig(1M), cu(1), getty(1M), ifconfig(1M), icmp(7P), isdn(7M),
gated(1M), master(4), passwd(4), pppstat(1m), resolver(4), routed(1M),
slip(1m), syslog(1M), wsyncd(1M), uucico(1M)BUGS
Only IP datagrams (and so TCP, UDP, NFS, and so on) are currently
supported.
Page 20
