pppd(1)pppd(1)NAME
pppd - PPP point to point protocal daemon
SYNOPSIS
[options]...
DESCRIPTION
is a daemon process used in UNIX systems to manage connections to other
hosts using PPP (Point to Point Protocol) or SLIP (Serial Line Internet
Protocol). It uses the UNIX host's native serial ports. It communi‐
cates with the UNIX kernel's own TCP/IP implementation via the HP IP
tunnel driver.
The functionality supplied by this daemon supersedes that provided by
in HP-UX prior to Release 10.30. only supported the SLIP and CSLIP
(Compressed Header SLIP) protocols.
Daemon Management Options
Start in "autocall" mode and detach from the controlling terminal to
run as a daemon. Initiate a connection in response to a packet speci‐
fied in the "bringup" category in filter-file. Requires the remote
address.
When used with
bring the link up immediately rather than waiting for traffic.
If the link goes down, attempt to restart it (after the call
retry delay timer expires) without waiting for an outbound
packet.
Treat the connection as a dedicated line rather than a demand-dial
connection. This option tells to never give up on the connec‐
tion; that is, if the peer tries to shut down the link, go ahead
and do so, but then immediately try to reestablish the connec‐
tion. Similarly, when first trying to connect, will not give up
after sending a fixed number of Configure-Request messages.
Hangup events (LQM failures, loss of Carrier Detect) will still
cause the device to be closed, just as with dial-up connections,
and the file will then be checked for alternate entries. If
none are available, the connection will be reestablished after
the call retry delay timer expires. Use a short call retry
delay timer on dedicated circuits; something like should work
well. Implies
Set the delay of
delay seconds between dialing each alternate numbers in the file
for the same destination. The default value is 1 second.
Don't detach from the controlling terminal in "autocall" mode.
When used with this can be useful for watching the progress of
the PPP session.
Append logging messages to
log-file (default:
Append session accounting messages to
acct-file. If acct-file is the same as log-file, the session
accounting messages will be interleaved with other logging
information.
Look in
filter-file for packet filtering and link management information
(default:
Set the log file verbosity to the following debug-level and each debug‐
ging
verbosity level also provides the information of all the lower-
numbered levels.
0 Daemon start messages
1 Link status messages, calling attempts (the default)
2 Chat script processing, input framing errors
3 LCP, IPCP, IPV6CP, PAP and CHAP negotiation
4 LQM status summaries
5 IP interface changes
6 IP message summaries
7 Full LQM reports
8 All PPP messages (without framing)
9 Characters read or written
10 Procedure call messages
11 Internal timers
Run when the link comes up, and when it goes down; where addr is the
IP address of the peer, and args is the list of arguments given
to
Run when the link comes up, and when it goes down; where interfac-id
is the 64-bit IPv6 interface identifier of the peer, and args is
the list of arguments supplied to
When IPv6 is enabled, the
flag will not be set to IPv6 interface so that the interface is
able to forward IPv6 datagrams. Also, this interface will not
be able to receive any router advertisement packets for config‐
uring the IPv6 secondary interface. Instead, use the command or
stateful configuration methods like DHCPv6 to configure the IPv6
secondary interface.
When specified, IPCP negotiation will not take place and no
IPv4 datagrams will pass through the link.
When specified, IPV6CP negotiation will not take place and no
IPv6 datagrams will pass through the link.
Run at a normal user process priority, rather than using the
library routine to elevate scheduling priority to
Communications Options
Set the desired Async Control Character Map to async-map, expressed in
C-style hexadecimal notation (default 0xA0000).
Disable LCP Async Control Character Map negotiation.
In addition to those characters specified in the PPP Async Control
Character Map (which can include only 0x00 through 0x1F), also
apply the escaping algorithm when transmitting odd-character.
The value of odd-character must be between 0x00 and 0xFF, and
cannot be any of 0x5E, 0x7D or 0x7E.
odd-character can be specified as a decimal number, in C-style
hexadecimal notation, or as an ASCII character with optional
control-character notation. For example, the XON character
could be specified as 17, 0x11, or ^Q.
If a character specified with the argument, when transformed
into its escaped form, would be the same as a character con‐
tained in the peer's negotiated Async Control Character Map, a
warning will be printed in the log file and the character speci‐
fied on the command line will not be escaped.
If a character specified with the argument, when transformed
into its escaped form, would be the same as a character speci‐
fied in another argument on the daemon's command line, will
print an error message and exit.
Communicate over the named device (default
Set communications rate to comm-speed bits per second.
Ignore the state of the CD (Carrier Detect, also called DCD, Data
Carrier Detect) signal. This is useful for systems that don't
support CD but want to run PPP over a dedicated line.
Set the line to use in-band ("software") flow control, using the
characters DC3 (^S, XOFF, ASCII 0x13) to stop the flow and DC1
(^Q, XON, ASCII 0x11) to resume. (The default is to use no flow
control.) For an outbound connection, this may be specified
either in or on the command line.
When used on an answering
command line, negotiate the telnet binary option and understand
telnet escape processing. Not for use with or
Link Management Options
Disable all LCP and IPCP options.
Disable HDLC Address and Control Field compression.
Disable LCP Protocol Field Compression.
Use RFC 1055 SLIP
packet framing rather than PPP packet framing. Disables all
option negotiation, and implies and Implies if peer sends a
header-compressed TCP packet.
When running in SLIP mode, prepend a SLIP packet framing character
(0xC0) to each frame before transmission, even if this frame
immediately follows the previous frame. By default, transmits
only one framing character between adjacent SLIP frames.
When running in PPP mode, prepend a PPP packet framing character
(0x7E) to each frame before transmission, even if this frame
immediately follows the previous frame. By default, transmits
only one framing character between adjacent PPP frames.
Disable LCP Magic Number negotiation.
Set LCP Maximum Receive Unit value to mru-size for negotiation.
The default is 1500 for PPP and 1006 for SLIP.
Disable LCP Maximum Receive Unit negotiation, and use 1500 for our
interface.
Begin LCP parameter negotiation immediately (the default).
Do not send our first LCP packet until we receive an LCP packet from
the peer.
Set the LCP, IPCP, CCP, PAP, and CHAP option negotiation restart
timers to restart-time (default 3 seconds).
Send Link-Quality-Reports or Echo-Requests every
time seconds (default 10 seconds). If the peer responds with a
Protocol-Reject, send LCP Echo-Requests every time seconds
instead, and use the received LCP Echo-Replies for link status
policy decisions.
Set a minimum standard for link quality by considering the connection
to have failed if fewer than min out of the last per LQRs we
sent have been responded to by the peer (default 1/5).
Use LCP Echo-Requests rather than standard Link-Quality-Report
messages for link quality assessment and policy decisions. The
peer can override this if it actively tries to configure Link
Quality Monitoring unless the parameter is also specified.
Don't send or recognize Link-Quality-Report messages.
If is also specified, Echo-Request messages will be used to
detect link failures.
Shut down the link when idle-time seconds pass
without receiving or transmitting a packet specified in the
"keepup" category in the filter file (default is to never con‐
sider the link idle).
If session-idle-time is specified and any TCP sessions are open,
shut down the link when session-idle-time seconds pass without
receiving or transmitting a packet.
Set the PPP Max-Configure counter (the maximum number of
Configure-Requests sent without a response) to tries.
Set the PPP Max-Terminate counter (the maximum number of
Terminate-Requests sent without a response) to tries.
Set the PPP Max-Failure counter (the maximum number of
Configure-Naks sent without a positive response) to tries.
IP Options
The address of this machine, followed by the expected address for the
remote machine. Can be specified either as symbolic names or as lit‐
eral IP addresses, if their addresses cannot be discovered locally
without using the PPP link.
Both addresses are optional, but a colon by itself is not valid,
and the remote address is required when running as a daemon in
"autocall" mode. If only local: is specified when receiving an
incoming call, the remote address will be discovered during IPCP
IP-Address negotiations.
If either address is followed by a tilde character or if the
tilde appears alone, accepts the IP address given by the peer
during IPCP negotiations, whether for the local end or the
peer's end of the link (not available in SLIP mode).
Because SLIP cannot perform option negotiations, including IPCP,
both addresses should normally be specified, and the tilde
option is unavailable. To obtain a similar "feature", the peer
must provide the IP address textually during the login process,
and a new value must be obtained using the Systems file "\A"
chat script feature (see ppp.Systems(4)).
should be followed by two 64-bit IPv6 interface identifiers namely,
the interface identifier of this machine and the expected inter‐
face identifier for the remote machine.
Both interface identifiers are optional, but a comma by itself
is not valid, and the remote address is required when running as
a daemon in the "autocall" mode. If only local-ifid: is speci‐
fied when receiving an incoming call, the remote interface iden‐
tifier will be discovered during IPV6CP interface id negotia‐
tions.
If either interface identifier is followed by a tilde character
or if the tilde appears alone, accepts the interface identifier
given by the peer during IPV6CP negotiations, whether for the
local end or the peer's end of the link. Note that, SLIP is not
supported for IPv6 transmission. When this option is specified
along with option, will exit with error message.
Set the subnet mask of the interface to subnet-mask, expressed either
in C-style hexadecimal (for example, 0xffffff00) or in decimal
dotted-quad notation (for example, 255.255.255.0). The default
subnet mask will be appropriate for the network (class A, B, or
C), assuming no subnetting.
Ask the peer to assign us an IP address.
Get a 64-bit IPv6 interface identifier assigned by the peer.
Disable IPCP IP-Address negotiation.
Disable IPV6CP interface identifier negotiation.
Enable RFC 1144 "VJ" Van Jacobson TCP header compression
negotiation with 16 slots and slot ID compression (this is the
default with PPP framing). "VJ" compression is enabled by
default for async connections, and disabled by default for sync
connections.
Disable RFC 1144 "VJ" Van Jacobson TCP header compression (this is the
default with SLIP framing, until the peer sends a header-com‐
pressed TCP packet).
Set the number of VJ compression slots
(min 3, max 256, default 16).
Disable VJ compression slot ID compression (enabled by default).
Backwards compatibility with older PPP implementations (4-byte VJ
configuration option), but with the correct option negotiation
value of 0x002d.
Backwards compatibility with older PPP implementations (4-byte VJ
configuration option) that conform to the typographical error in
RFC 1172 section 5.2 (Compression-Type value 0x0037).
Backwards compatibility with older PPP implementations that conform to
RFC 1172 section 5.1 (IP-Addresses, IPCP configuration option 1)
and not with the newer RFC 1332 (IP-Address, IPCP configuration
option 3), but that respond with something besides a Configure-
Reject when they receive an IPCP Configure-Request containing an
option 3.
Do not send nak (negative acknowledgement) if the IPV6CP
interface identifier option has already been sent negative
acknowledgements during previous replies.
Authentication Options
Require either PAP or CHAP authentication.
Require CHAP authentication as described in RFC 1334.
Require MS-CHAP authentication.
Require PAP authentication.
Demand that the peer re-authenticate itself (using CHAP) every
interval seconds. If the peer fails the new challenge, the link
is terminated.
Provide the
identifier used during PAP or CHAP negotiation. This option is
necessary if the PPP peer requires authentication. The default
value is the value returned by the gethostname(2) system call or
the hostname(1) command.
MicroSoft Compatibility Options
Set the MS DNS address to provide to the peer. First occurrence of
this option on the command line sets the primary address; the second
occurrence sets the secondary address.
Set the MS NBNS address to provide to the peer.
First occurrence of this option on the command line sets the
primary address; the second occurrence sets the secondary
address.
Encryption Options
Encryption is not currently available in software exported from the
USA. However, customer may contact sales@progressive-systems.com to
obtain encryption functionality.
Link Compression Options
Offer all supported link compression types (currently only Predictor-1)
when negotiating. The default is to propose and accept no link com‐
pression type.
Accept any supported compression type, but prefer Predictor type 1
compression.
Never use Predictor-1 compression.
LOG FILE
Status information is recorded in the log file by default) by each copy
of running on a single machine. Each line in the file consists of a
message preceded by the date, the time, and the process ID number of
the daemon writing the message. The quantity and verbosity of messages
are controlled with the option and with the filter (see ppp.Filter(4)).
Each packet that brings up the link (at debug level 1 or more), each
packet that matches the filter (at any debug level), or any packet when
the debug level is 7 or more writes a one-line description of the
packet to the log file. The first item of the message is the protocol
or a numeric protocol value).
For ICMP packets, the keyword is followed by the ICMP message type and
sub code, separated by slashes. After the protocol comes an IP address
and optionally a TCP or UDP port number, followed by an arrow indicat‐
ing whether the packet was sent or received followed by another address
and port number, followed by the length of the packet in bytes before
VJ TCP header compression, followed by zero or more keywords.
For transmitted packets, the first IP address is the source address,
while for received packets, the first IP address is the destination
address. Well known TCP and UDP port numbers will be replaced by the
name returned by the library function. The keywords and their meanings
are:
The packet is a middle or later part of a fragmented IP frame.
The packet has the TCP SYN bit set.
The packet has the TCP FIN bit set.
The transmitted packet matches the
filter and is bringing up the link.
the packet has been rejected by the
filter.
The packet has been rejected by the
filter.
The packet was dropped because
is waiting for the call retry timer to expire.
The received packet is VJ TCP header compressed.
The received packet is VJ TCP header uncompressed.
For example, the following log file line
9/6-14:06:26-83 tcp 63.1.6.3/1050 -> 8.1.1.9/smtp 44 syn
indicates that at 2:06:26 PM on September 6, process ID 83 sent a
44-byte TCP packet with the SYN bit set from port 1050 on 63.1.6.3 to
the SMTP port on 8.1.1.9.
SIGNALS
Upon reception of the following signals, closes and reopens the log
file, re-reads the filter and key files, then takes the indicated
actions:
Don't use this.
Never, never use this. Since won't be able to shut down
gracefully, it will leave your serial interfaces
(whether and your IP tunnel driver in some unknown
state. Use SIGTERM instead, so will shut down cleanly,
and leave the system in a well-defined state.
Disconnect gracefully from an active session.
If in "autocall" mode, reset the call retry delay timer
and call retry backoff interval. If was specified,
attempt to re-establish the link. Exit if not in "auto‐
call" mode. If is specified, disconnect gracefully from
an active session, clean up the state of any serial and
IP interfaces that are open, and then exit.
Disconnect abruptly from an active session.
If was specified, attempt to re-establish the link.
Exit if not in "autocall" mode.
Disconnect gracefully from an active session, clean up the state of
any serial and IP interfaces that are open, then exit.
Increment the verbosity level for
debugging information written to the log file.
Reset the debugging verbosity level to
the base value (1 unless was supplied on the command
line).
Take no action except to re-read the filter and key files.
EXAMPLES
To run a pair of daemons on "oursystem", one maintaining a constant
link with "backbonesystem" and the other prepared to initiate outbound
calls to a neighboring machine named "theirsystem", add the following
to
if [ -f /etc/ppp/Autostart ]; then
/etc/ppp/Autostart
fi
Then make look like this:
#!/bin/sh
PATH=/usr/etc:/bin:/usr/bin
if [ -f /var/adm/pppd.log ]; then
mv /var/adm/pppd.log /var/adm/OLDpppd.log
fi
echo -n "Starting PPP daemons:" >/dev/console
pppd oursystem:backbonesystem auto noipv6 up
(echo -n ' backbonesystem') >/dev/console
pppd oursystem:backbonesystem ipv6 <local-ifid>,<remote-ifid> auto up
<echo -n ' backbonesystem') >/dev/console
pppd oursystem:theirsystem auto noipv6 idle 120
(echo -n ' theirsystem') >/dev/console
pppd oursystem:theirsystem ipv6 <local-ifid>,<remote-ifid> auto idle 120
<echo -n ' theirsystem'> >/dev/console
To allow a PPP implementation running on "theirsystem" to dial into
"oursystem", insert the following into on "oursystem":
Pthem:?:105:20:Their PPP:/etc/ppp:/etc/ppp/Login
where group 20 is the gid of the ppp group which owns and is an exe‐
cutable shell script that looks something like
#!/bin/sh
PATH=/usr/bin:/usr/etc:/bin
mesg n
stty -tostop
exec pppd noipv6 `hostname`:
To enable IPV6CP negotiation, insert the following:
#!/bin/sh
PATH=/usr/bin:/usr/etc:/bin
mesg n
stty -tostop
exec pppd ipv6 <local-ifid>,<remote-ifid> `hostname`:
RECOMMENDATIONS
Use host names when running from only if they are known locally. If a
PPP connection to a DNS server would be required to resolve a host
name, use its literal IP address instead.
EXTERNAL INFLUENCES
Environment Variables
The environment variable if present, specifies the directory in which
looks for its configuration files and for all connections, along with
and if the connection is "outbound"). You can specify either in the
script or in an incoming connection's script. If is not present, will
expect to find its configuration files in
SECURITY CONCERNS
should be mode 4750, owned by root, and executable only by the members
of the group containing all the incoming PPP login "users".
AUTHOR
was developed by the Progressive Systems.
SEE ALSOppp.Auth(4), ppp.Devices(4), ppp.Dialers(4), ppp.Filter(4),
ppp.Keys(4), ppp.Systems(4).
RFC 1055, RFC 1144, RFC 1172, RFC 1332, RFC 1333, RFC 1334, RFC 1548,
RFC 1549, RFC 1962.
STANDARDS CONFORMANCE
HP PPP implements the IETF Proposed Standard Point-to-Point Protocol
and many of its options and extensions, in conformance with RFCs 1548,
1549, 1332, 1333, 1334, and 1144.
It can be configured to be conformant with earlier specifications of
the PPP protocol, as described in RFCs 1134, 1171, and 1172.
It implements the nonstandard SLIP protocol as described in RFCs 1055
and 1144.
pppd(1)