Options can be taken from files as well as the command line. Pppd reads
options from the files /etc/ppp/options, ~/.ppprc, and
/etc/ppp/options.ttyname (in that order) before processing the options on
the command line. (In fact, the command-line options are scanned to find the
terminal name before the options.ttyname file is read.) In forming the name
of the options.ttyname file, the initial /dev/ is removed from the terminal
name, and any remaining / characters are replaced with dots.
An options file is parsed into a series of words, delimited by whitespace.
Whitespace can be included in a word by enclosing the word in double-quotes
("). A backslash (\) quotes the following character. A hash (#) starts a
comment, which continues until the end of the line. There is no restriction
on using the file or call options within an options file.
You can specify an options file other than the defaults with the pppd
daemon's file option:
pppd file /etc/ppp/options.ttyS1
The following is a list of options that may be used followed by a description
of what the option does:
NOTE:
If you put the port (eg., /dev/ttyS1) into /etc/ppp/options, instead
of on the pppd command line, pppd will connect to the port as root,
rather than as user. Then you do not have to worry about the
permissions on the port.
tty_name
Communicate over the named device. The string "/dev/" is prepended
if necessary. If no device name is given, or if the name of the
terminal connected to the standard input is given, pppd will use
that terminal, and will not fork to put itself in the background.
A value for this option from a privileged source cannot be
overridden by a non-privileged user.
speed
Set the baud rate to (speed) (a decimal number). On systems such
as 4.4BSD and NetBSD, any speed can be specified. Other systems
(e.g. SunOS) allow only a limited set of speeds.
active-filter filter-expression
Specifies a packet filter to be applied to data packets to determine
which packets are to be regarded as link activity, and therefore
reset the idle timer, or cause the link to be brought up in
demand-dialling mode. This option is useful in conjunction with the
idle option if there are packets being sent or received regularly
over the link (for example, routing information packets) which would
otherwise prevent the link from ever appearing to be idle. The
filter-expression syntax is as described for tcpdump(1), except that
qualifiers which are inappropriate for a PPP link, such as ether and
arp, are not permitted. Generally the filter expression should be
enclosed in single-quotes to prevent whitespace in the expression
from being interpreted by the shell. This option is currently only
available under NetBSD, and then only if both the kernel and pppd
were compiled with PPP_FILTER defined.
allow-ip address(es)
Allow peers to use the given IP address or subnet without
authenticating themselves. The parameter is parsed as for each
element of the list of allowed IP addresses in the secrets files
(see the AUTHENTICATION section).
asyncmap 0
async character map -- 32-bit hex; each bit is a character
that needs to be escaped for pppd to receive it. 0x00000001
represents '\x01', and 0x80000000 represents '\x1f'.
auth
Require the peer to authenticate itself before allowing network
packets to be sent or received.
call name
Read options from the file /etc/ppp/peers/name. This file may
contain privileged options, such as noauth, even if pppd is not
being run by root. The name string may not begin with / or include
.. as a pathname component. The format of the options file is
described below.
cdtrcts
Use a non-standard hardware flow control (i.e. DTR/CTS) to control
the flow of data on the serial port. If neither the crtscts, the
nocrtscts, the cdtrcts nor the nocdtrcts option is given, the
hardware flow control setting for the serial port is left unchanged.
Some serial ports (such as Macintosh serial ports) lack a true RTS
output. Such serial ports use this mode to implement true
bi-directional flow control. The sacrifice is that this flow control
mode does not permit using DTR as a modem control line.
crtscts
Use hardware flow control (i.e. RTS/CTS) to control the flow of data
on the serial port.
connect script
connect "echo You need to install a connect command."
init script
Use the executable or shell command specified to set up the serial
line. This script would typically use the "chat" program to dial the
modem and start the remote ppp session. A value for this option from
a privileged source cannot be overridden by a non-privileged user.
connect-delay n
Wait for up n milliseconds after the connect script finishes for a
valid PPP packet from the peer. At the end of this time, or when a
valid PPP packet is received from the peer, pppd will commence
negotiation by sending its first LCP packet. The default value is
1000 (1 second). This wait period only applies if the connect or pty
option is used.
disconnect "chat -- \d+++\d\c OK ath0 OK"
Run the executable or shell command specified after pppd has
terminated the link. This script could, for example, issue commands
to the modem to cause it to hang up if hardware modem control signals
were not available.
debug
Increase debugging level (same as -d). If this option is given, pppd
will log the contents of all control packets sent or received in a
readable form. The packets are logged through syslog with facility
daemon and level debug. This information can be directed to a file by
setting up /etc/syslog.conf appropriately (see syslog.conf(5)). (If
pppd is compiled with extra debugging enabled, it will log messages
using facility local2 instead of daemon).
defaultroute
Add a default route to the system routing tables, using the peer as
the gateway, when IPCP negotiation is successfully completed. This
entry is removed when the PPP connection is broken.
domain d
Append the domain name d to the local host name for authentication
purposes. For example, if gethostname() returns the name porsche,
but the fully qualified domain name is porsche.Quotron.COM, you would
use the domain option to set the domain name to Quotron.COM.
escape 11,13,ff
Specifies that certain characters should be escaped on transmission
(regardless of whether the peer requests them to be escaped with its
async control character map). The characters to be escaped are
specified as a list of hex numbers separated by commas. Note that
almost any character can be specified for the escape option, unlike
the asyncmap option which only allows control characters to be
specified. The characters which may not be escaped are those with hex
values 0x20 - 0x3f or 0x5e.
idle 1800
Specifies that if no traffic has gone across the ppp network in a
certain amount of time, pppd should hang up. This will hang up the
phone if there has been no traffic for 1800 seconds (30 min).
ipcp-accept-local
With this option, pppd will accept the peer's idea of our local IP
address, even if the local IP address was specified in an option.
ipcp-accept-remote
With this option, pppd will accept the peer's idea of its (remote) IP
address, even if the remote IP address was specified in an option.
ipcp-restart n
Set the IPCP restart interval (retransmission timeout) to n
seconds (default 3).
ipcp-max-terminate n
Set the maximum number of IPCP terminate-request transmissions to n
(default 3).
ipcp-max-configure n
Set the maximum number of IPCP configure-request transmissions to n
(default 10).
ipcp-max-failure n
Set the maximum number of IPCP configure-NAKs returned before starting
to send configure-Rejects instead to n (default 10).
ipv6 local_interface_identifier,remote_interface_identifier
Set the local and/or remote 64-bit interface identifier. Either one
may be omitted. The identifier must be specified in standard ascii
notation of IPv6 addresses (e.g. ::dead:beef). If the
ipv6cp-use-ipaddr option is given, the local identifier is the local
IPv4 address. On systems which supports a unique persistent id, such
as EUI-48 derived from the Ethernet MAC address,
ipv6cp-use-persistent option can be used to replace the ipv6
local,remote option. Otherwise the identifier is randomized.
local
Don't use the modem control lines.
lock
Specifies that pppd should use a UUCP-style lock on the serial device
to ensure exclusive access to the device.
modem
Use the modem control lines. On Ultrix, this option implies hardware
flow control, as for the crtscts option. (This option is not fully
implemented.)
mru 542
Set the MRU [Maximum Receive Unit] value to n for negotiation.
pppd will ask the peer to send packets of no more than n bytes. The
minimum MRU value is 128. The default MRU value is 1500. A value of
296 is recommended for slow links (40 bytes for TCP/IP header + 256
bytes of data).
netmask 255.255.255.0
Set the interface netmask to n, a 32 bit netmask in "decimal dot"
notation (e.g. 255.255.255.0).
noipdefault
Disables the default behaviour when no local IP address is specified,
which is to determine (if possible) the local IP address from the
hostname. With this option, the peer will have to supply the local IP
address during IPCP negotiation (unless it specified explicitly on the
command line or in an options file).
passive
Enables the "passive" option in the LCP. With this option, pppd will
attempt to initiate a connection; if no reply is received from the
peer, pppd will then just wait passively for a valid LCP packet from
the peer (instead of exiting, as it does without this option).
silent
With this option, pppd will not transmit LCP packets to initiate a
connection until a valid LCP packet is received from the peer (as for
the "passive" option with old versions of pppd).
kdebug n
Enable debugging code in the kernel-level PPP driver. The argument n
is a number which is the sum of the following values: 1 to enable
general debug messages, 2 to request that the contents of received
packets be printed, and 4 to request that the contents of transmitted
packets be printed.
mtu n
Set the MTU [Maximum Transmit Unit] value to n. Unless the peer
requests a smaller value via MRU negotiation, pppd will request that
the kernel networking code send data packets of no more than n bytes
through the PPP network interface.
name n
Set the name of the local system for authentication purposes to n.
This will probably have to be set to your ISP user name if you are
using PAP/CHAP.
user u
Set the user name to use for authenticating this machine with the peer
using PAP to u.
Do NOT use this if you are using 'name' above!
usehostname
Enforce the use of the host name as the name of the local system for
authentication purposes (overrides the name option).
remotename n
Set the assumed name of the remote system for authentication purposes
to n.
proxyarp
Add an entry to this system's ARP [Address Resolution Protocol]
table with the IP address of the peer and the Ethernet address of this
system.
login
Use the system password database for authenticating the peer using
PAP.
lcp-echo-interval n
If this option is given, pppd will send an LCP echo-request frame to
the peer every n seconds. Under Linux, the echo-request is sent when
no packets have been received from the peer for n seconds. Normally
the peer should respond to the echo-request by sending an echo-reply.
This option can be used with the lcp-echo-failure option to detect
that the peer is no longer connected.
lcp-echo-failure n
If this option is given, pppd will presume the peer to be dead if n
LCP echo-requests are sent without receiving a valid LCP echo-reply.
If this happens, pppd will terminate the connection. Use of this
option requires a non-zero value for the lcp-echo-interval parameter.
This option can be used to enable pppd to terminate after the physical
connection has been broken (e.g., the modem has hung up) in
situations where no hardware modem control lines are available.
lcp-restart n
Set the LCP restart interval (retransmission timeout) to n seconds
(default 3).
lcp-max-terminate n
Set the maximum number of LCP terminate-request transmissions to n
(default 3).
lcp-max-configure n
Set the maximum number of LCP configure-request transmissions to n
(default 10).
Some PPP servers are slow to start up. You may need to increase this
if you keep getting 'serial line looped back' errors and your are SURE
that you have logged in correctly and PPP should be starting on the server.
lcp-max-failure n
Set the maximum number of LCP configure-NAKs returned before starting
to send configure-Rejects instead to n (default 10).
pap-restart n
Set the PAP restart interval (retransmission timeout) to n seconds
(default 3).
pap-max-authreq n
Set the maximum number of PAP authenticate-request transmissions to
n (default 10).
chap-restart n
Set the CHAP restart interval (retransmission timeout for
challenges) to n seconds (default 3).
chap-max-challenge
Set the maximum number of CHAP challenge transmissions to n
(default 10).
chap-interval n
If this option is given, pppd will re-challenge the peer every n
seconds.
local_IP_address:remote_IP_address
Set the local and/or remote interface IP addresses. Either one may
be omitted. The IP addresses can be specified with a host name or
in decimal dot notation (e.g. 150.234.56.78). The default local
address is the (first) IP address of the system (unless the
noipdefault option is given). The remote address will be obtained
from the peer if not specified in any option. Thus, in simple
cases, this option is not required. If a local and/or remote IP
address is specified with this option, pppd will not accept a
different value from the peer in the IPCP negotiation, unless the
ipcp-accept-local and/or ipcp-accept-remote options are given,
respectively.
xonxoff
Use software flow control (i.e. XON/XOFF) to control the flow of data
on the serial port.
-all
Don't request or allow negotiation of any options for LCP and IPCP
(use default values).
-ac
Disable Address/Control compression negotiation (use default, i.e.
address/control field disabled).
-am
Disable asyncmap negotiation (use the default asyncmap, i.e. escape
all control characters).
-detach
Don't fork to become a background process (otherwise pppd will do so
if a serial device is specified).
-ip
Disable IP address negotiation (with this option, the remote IP
address must be specified with an option on the command line or in an
options file).
-mn
Disable magic number negotiation. With this option, pppd cannot
detect a looped-back line.
-mru
Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
1500).
-pc
Disable protocol field compression negotiation (use default, i.e.
protocol field compression disabled).
+pap
Require the peer to authenticate itself using PAP.
This requires TWO WAY authentication - do NOT use this for a standard
PAP authenticated link to an ISP as this will require the ISP machine
to authenticate itself to your machine (and it will not be able to).
-pap
Don't agree to authenticate using PAP.
+chap
Require the peer to authenticate itself using CHAP [Cryptographic
Handshake Authentication Protocol] authentication.
This requires TWO WAY authentication - do NOT use this for a standard
CHAP authenticated link to an ISP as this will require the ISP machine
to authenticate itself to your machine (and it will not be able to).
-chap
Don't agree to authenticate using CHAP.
-vj
Disable negotiation of Van Jacobson style IP header compression (use
default, i.e. no compression).