$NetBSD: patch-bq,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $ --- pppd/pppd.8.orig Sat Sep 25 13:47:24 1999 +++ pppd/pppd.8 Sat Sep 25 13:57:21 1999 @@ -27,9 +27,14 @@ and configuring different network-layer protocols. .LP The encapsulation scheme is provided by driver code in the kernel. -Pppd provides the basic LCP, authentication support, and an NCP for +PPPD provides the basic LCP, authentication support, and an NCP for establishing and configuring the Internet Protocol (IP) (called the IP Control Protocol, IPCP). +.LP +This version includes support for multilink operations, Microsoft +specific CHAP authentication algorithms (known as CHAP-MS-V1 and +CHAP-MS-V2) and transparent encryption (Microsoft Point-to-Point +Encryption, MPPE) also. .SH FREQUENTLY USED OPTIONS .TP .I @@ -90,6 +95,15 @@ or include .. as a pathname component. The format of the options file is described below. .TP +.B callback \fIphone +Request client to call back to specified \fIphone\fR number. +.TP +.B nocallback +Don't argee to use callback negotiation. +.TP +.B +callback +Request server to negotiate callback and log negotiated results. +.TP .B connect \fIscript Use the executable or shell command specified by \fIscript\fR to set up the serial line. This script would typically use the chat(8) @@ -309,6 +323,10 @@ options are given, data packets which are rejected by the specified activity filter also count as the link being idle. .TP +.B ip +Enable IPCP and IP protocols. You can disable IP negotiation if you +want to use other protocols only. +.TP .B ipcp-accept-local With this option, pppd will accept the peer's idea of our local IP address, even if the local IP address was specified in an option. @@ -493,7 +511,7 @@ the connect script. On Ultrix, this option implies hardware flow control, as for the \fIcrtscts\fR option. .TP -.B ms-dns \fI +.B ms-dns \fI\fR If pppd is acting as a server for Microsoft Windows clients, this option allows pppd to supply one or two DNS (Domain Name Server) addresses to the clients. The first instance of this option specifies @@ -723,7 +741,11 @@ .TP .B refuse-chap With this option, pppd will not agree to authenticate itself to the -peer using CHAP. +peer using any CHAP protocol. +.TP +.B refuse-chap-md5 +With this option, pppd will not agree to authenticate itself to the +peer using standard MD5 CHAP. .TP .B refuse-pap With this option, pppd will not agree to authenticate itself to the @@ -783,6 +805,48 @@ .B xonxoff Use software flow control (i.e. XON/XOFF) to control the flow of data on the serial port. +.SH MICROSOFT SPECIFIC EXTENSIONS +This version of PPPD supports some Microsoft-specific extensions such +as non-standard CHAP algorithms (known as CHAP-MS-V1 and CHAP-MS-V2) and +transparent encryption of all sending and receiving traffic. +.LP +Those options allows to configure PPPD to work with Microsoft extensions of +standard PPP protocol. +.TP +.B require-chapms +Require the peer to authenticate itself using CHAP [Challenge +Handshake Authentication Protocol] authentication with Microsoft +extensions [known as CHAP-MS-V1]. +.TP +.B require-chapms-v2 +Require the peer to authenticate itself using CHAP authentication +with Microsoft extensions [known as CHAP-MS-V2]. +.TP +.B refuse-chapms +With this option, pppd will not agree to authenticate itself to the +peer using CHAP-MS-V1. +.TP +.B refuse-chapms-v2 +With this option, pppd will not agree to authenticate itself to the +peer using CHAP-MS-V2. +.TP +.B mppe-40 +This option enables use of Microsoft Point-to-point Encryption (MPPE) +using 40-bit encryption keys. These keys can be used with any Microsoft +software (Windows 95, Windows 98, Windows NT) because their cryptographic +strength is relatively low. This option requires that chapms or chapms-v2 +be enabled. +.TP +.B mppe-128 +This option enables use of Microsoft Point-to-Point Encryption (MPPE) +using 128-bit encryption keys. These keys can be used with software designed +for domestic usage (within US and Canada). This option requires that chapms +or chapms-v2 be enabled. +.TP +.B mppe-stateless +This option negotiates stateless mode for Microsoft Point-to-Point Encryption +(MPPE), which changes the encryption keys on every packet. The default mode is +stateful (non-stateless, or single key). .SH OPTIONS FILES Options can be taken from files as well as the command line. Pppd reads options from the files /etc/ppp/options, ~/.ppprc and @@ -1093,9 +1157,40 @@ rlogin implementations are not transparent; they will remove the sequence [0xff, 0xff, 0x73, 0x73, followed by any 8 bytes] from the stream. +.SH EXAMPLES OF MICROSOFT EXTENSIONS +To enable full-featured Microsoft encryption you must add those options +to your \fI/etc/ppp/options/fR file: +.IP ++chapms +.br ++chapms-v2 +.br +mppe-40 +.br +mppe-128 +.br +mppe-stateless +.LP +To authentificate client with Microsoft CHAP version 1 or 2, you need to +use those options: +.IP +auth +.br ++chap +.br ++chapms +.br ++chapms-v2 +.LP +To make possible to authentificate itself with Microsoft CHAP version 1 +or 2, you need to add those options: +.IP ++chapms +.br ++chapms-v2 .SH DIAGNOSTICS .LP -Messages are sent to the syslog daemon using facility LOG_DAEMON. +.Messages are sent to the syslog daemon using facility LOG_DAEMON. (This can be overriden by recompiling pppd with the macro LOG_PPP defined as the desired facility.) In order to see the error and debug messages, you will need to edit your /etc/syslog.conf file