ppp.8 (131266) | ppp.8 (131500) |
---|---|
1changequote({,})dnl 2changecom(,)dnl 3.\" 4.\" Copyright (c) 2001 Brian Somers <brian@Awfulhak.org> 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions --- 11 unchanged lines hidden (view full) --- 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" | 1changequote({,})dnl 2changecom(,)dnl 3.\" 4.\" Copyright (c) 2001 Brian Somers <brian@Awfulhak.org> 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions --- 11 unchanged lines hidden (view full) --- 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" |
28.\" $FreeBSD: head/usr.sbin/ppp/ppp.8.m4 131266 2004-06-29 07:48:43Z brian $ | 28.\" $FreeBSD: head/usr.sbin/ppp/ppp.8.m4 131500 2004-07-02 23:13:00Z ru $ |
29.\" 30.Dd September 20, 1995 31.Dt PPP 8 32.Os 33.Sh NAME 34.Nm ppp 35.Nd Point to Point Protocol (a.k.a. user-ppp) 36.Sh SYNOPSIS --- 217 unchanged lines hidden (view full) --- 254will force an LCP renegotiation, and a 255.Dv SIGTERM 256will force it to exit. 257.It Supports client callback. 258.Nm 259can use either the standard LCP callback protocol or the Microsoft 260CallBack Control Protocol (ftp://ftp.microsoft.com/developr/rfc/cbcp.txt). 261.It Supports NAT or packet aliasing. | 29.\" 30.Dd September 20, 1995 31.Dt PPP 8 32.Os 33.Sh NAME 34.Nm ppp 35.Nd Point to Point Protocol (a.k.a. user-ppp) 36.Sh SYNOPSIS --- 217 unchanged lines hidden (view full) --- 254will force an LCP renegotiation, and a 255.Dv SIGTERM 256will force it to exit. 257.It Supports client callback. 258.Nm 259can use either the standard LCP callback protocol or the Microsoft 260CallBack Control Protocol (ftp://ftp.microsoft.com/developr/rfc/cbcp.txt). 261.It Supports NAT or packet aliasing. |
262Packet aliasing (a.k.a. IP masquerading) allows computers on a | 262Packet aliasing (a.k.a.\& IP masquerading) allows computers on a |
263private, unregistered network to access the Internet. 264The 265.Em PPP 266host acts as a masquerading gateway. 267IP addresses as well as TCP and 268UDP port numbers are NAT'd for outgoing packets and de-NAT'd for 269returning packets. 270.It Supports background PPP connections. --- 1348 unchanged lines hidden (view full) --- 1619without any additional changes (although ensure you have 1620.Dq set authname 1621and 1622.Dq set authkey 1623in your profile). 1624.Sh NETWORK ADDRESS TRANSLATION (PACKET ALIASING) 1625The 1626.Fl nat | 263private, unregistered network to access the Internet. 264The 265.Em PPP 266host acts as a masquerading gateway. 267IP addresses as well as TCP and 268UDP port numbers are NAT'd for outgoing packets and de-NAT'd for 269returning packets. 270.It Supports background PPP connections. --- 1348 unchanged lines hidden (view full) --- 1619without any additional changes (although ensure you have 1620.Dq set authname 1621and 1622.Dq set authkey 1623in your profile). 1624.Sh NETWORK ADDRESS TRANSLATION (PACKET ALIASING) 1625The 1626.Fl nat |
1627command line option enables network address translation (a.k.a. packet | 1627command line option enables network address translation (a.k.a.\& packet |
1628aliasing). 1629This allows the 1630.Nm 1631host to act as a masquerading gateway for other computers over 1632a local area network. 1633Outgoing IP packets are NAT'd so that they appear to come from the 1634.Nm 1635host, and incoming packets are de-NAT'd so that they are routed --- 1832 unchanged lines hidden (view full) --- 3468The range will be cleared when the 3469.Dq nat punch_fw 3470command is run. 3471.Pp 3472If no arguments are given, firewall punching is disabled. 3473.It nat skinny_port Op Ar port 3474This command tells 3475.Nm | 1628aliasing). 1629This allows the 1630.Nm 1631host to act as a masquerading gateway for other computers over 1632a local area network. 1633Outgoing IP packets are NAT'd so that they appear to come from the 1634.Nm 1635host, and incoming packets are de-NAT'd so that they are routed --- 1832 unchanged lines hidden (view full) --- 3468The range will be cleared when the 3469.Dq nat punch_fw 3470command is run. 3471.Pp 3472If no arguments are given, firewall punching is disabled. 3473.It nat skinny_port Op Ar port 3474This command tells 3475.Nm |
3476which TCP port is used by the Skinny Station protocol. Skinny is used by | 3476which TCP port is used by the Skinny Station protocol. 3477Skinny is used by |
3477Cisco IP phones to communicate with Cisco Call Managers to setup voice | 3478Cisco IP phones to communicate with Cisco Call Managers to setup voice |
3478over IP calls. The typical port used by Skinny is 2000. | 3479over IP calls. 3480The typical port used by Skinny is 2000. |
3479.Pp 3480If no argument is given, skinny aliasing is disabled. 3481.It nat same_ports yes|no 3482When enabled, this command will tell the network address translation engine to 3483attempt to avoid changing the port number on outgoing packets. 3484This is useful 3485if you want to support protocols such as RPC and LPD which require 3486connections to come from a well known port. --- 1877 unchanged lines hidden (view full) --- 5364This also applies for RADIUS routes that don't {include} the 5365.Dv MYADDR 5366or 5367.Dv HISADDR 5368keywords. 5369.Pp 5370.It RAD_FRAMED_IPV6_PREFIX 5371If this attribute is supplied, the value is substituted for IPV6PREFIX | 3481.Pp 3482If no argument is given, skinny aliasing is disabled. 3483.It nat same_ports yes|no 3484When enabled, this command will tell the network address translation engine to 3485attempt to avoid changing the port number on outgoing packets. 3486This is useful 3487if you want to support protocols such as RPC and LPD which require 3488connections to come from a well known port. --- 1877 unchanged lines hidden (view full) --- 5366This also applies for RADIUS routes that don't {include} the 5367.Dv MYADDR 5368or 5369.Dv HISADDR 5370keywords. 5371.Pp 5372.It RAD_FRAMED_IPV6_PREFIX 5373If this attribute is supplied, the value is substituted for IPV6PREFIX |
5372in a command. You may pass it to such as DHCPv6 for delegating an | 5374in a command. 5375You may pass it to such as DHCPv6 for delegating an |
5373IPv6 prefix to a peer. 5374.It RAD_FRAMED_IPV6_ROUTE 5375The received string is expected to be in the format 5376.Ar dest Ns Op / Ns Ar bits 5377.Ar gw 5378.Op Ar metrics . 5379Any specified metrics are ignored. 5380.Dv MYADDR6 --- 24 unchanged lines hidden (view full) --- 5405and a returned value of 5406.Dq :: :: 5407or 5408.Dq default HISADDR6 5409would result in a default route to 5410.Dv HISADDR6 . 5411.Pp 5412All RADIUS IPv6 routes are applied after any sticky routes are | 5376IPv6 prefix to a peer. 5377.It RAD_FRAMED_IPV6_ROUTE 5378The received string is expected to be in the format 5379.Ar dest Ns Op / Ns Ar bits 5380.Ar gw 5381.Op Ar metrics . 5382Any specified metrics are ignored. 5383.Dv MYADDR6 --- 24 unchanged lines hidden (view full) --- 5408and a returned value of 5409.Dq :: :: 5410or 5411.Dq default HISADDR6 5412would result in a default route to 5413.Dv HISADDR6 . 5414.Pp 5415All RADIUS IPv6 routes are applied after any sticky routes are |
5413applied, making RADIUS IPv6 routes override configured routes. This | 5416applied, making RADIUS IPv6 routes override configured routes. 5417This |
5414also applies for RADIUS IPv6 routes that don't {include} the 5415.Dv MYADDR6 5416or 5417.Dv HISADDR6 5418keywords. 5419.Pp 5420.It RAD_SESSION_TIMEOUT 5421If supplied, the client connection is closed after the given number of --- 32 unchanged lines hidden (view full) --- 5454.Dq set mppe 5455command. 5456Note, it is not currently possible for the RADIUS server to specify 56 bit 5457encryption. 5458.It RAD_MICROSOFT_MS_MPPE_RECV_KEY 5459If this 5460.Dv RAD_VENDOR_MICROSOFT 5461vendor specific attribute is supplied, it's value is used as the master | 5418also applies for RADIUS IPv6 routes that don't {include} the 5419.Dv MYADDR6 5420or 5421.Dv HISADDR6 5422keywords. 5423.Pp 5424.It RAD_SESSION_TIMEOUT 5425If supplied, the client connection is closed after the given number of --- 32 unchanged lines hidden (view full) --- 5458.Dq set mppe 5459command. 5460Note, it is not currently possible for the RADIUS server to specify 56 bit 5461encryption. 5462.It RAD_MICROSOFT_MS_MPPE_RECV_KEY 5463If this 5464.Dv RAD_VENDOR_MICROSOFT 5465vendor specific attribute is supplied, it's value is used as the master |
5462key for decryption of incoming data. When clients are authenticated using | 5466key for decryption of incoming data. 5467When clients are authenticated using |
5463MSCHAPv2, the RADIUS server MUST provide this attribute if inbound MPPE is 5464to function. 5465.It RAD_MICROSOFT_MS_MPPE_SEND_KEY 5466If this 5467.Dv RAD_VENDOR_MICROSOFT 5468vendor specific attribute is supplied, it's value is used as the master | 5468MSCHAPv2, the RADIUS server MUST provide this attribute if inbound MPPE is 5469to function. 5470.It RAD_MICROSOFT_MS_MPPE_SEND_KEY 5471If this 5472.Dv RAD_VENDOR_MICROSOFT 5473vendor specific attribute is supplied, it's value is used as the master |
5469key for encryption of outgoing data. When clients are authenticated using | 5474key for encryption of outgoing data. 5475When clients are authenticated using |
5470MSCHAPv2, the RADIUS server MUST provide this attribute if outbound MPPE is 5471to function. 5472.El 5473.Pp 5474Values received from the RADIUS server may be viewed using 5475.Dq show bundle . 5476.It set reconnect Ar timeout ntries 5477Should the line drop unexpectedly (due to loss of CD or LQR --- 275 unchanged lines hidden (view full) --- 5753environment variable. 5754Otherwise, the given 5755.Ar command 5756is executed. 5757Word replacement is done in the same way as for the 5758.Dq !bg 5759command as described above. 5760.Pp | 5476MSCHAPv2, the RADIUS server MUST provide this attribute if outbound MPPE is 5477to function. 5478.El 5479.Pp 5480Values received from the RADIUS server may be viewed using 5481.Dq show bundle . 5482.It set reconnect Ar timeout ntries 5483Should the line drop unexpectedly (due to loss of CD or LQR --- 275 unchanged lines hidden (view full) --- 5759environment variable. 5760Otherwise, the given 5761.Ar command 5762is executed. 5763Word replacement is done in the same way as for the 5764.Dq !bg 5765command as described above. 5766.Pp |
5761Use of the ! character | 5767Use of the !\& character |
5762requires a following space as with any of the other commands. 5763You should note that this command is executed in the foreground; 5764.Nm 5765will not continue running until this process has exited. 5766Use the 5767.Dv bg 5768command if you wish processing to happen in the background. 5769.It show Ar var --- 216 unchanged lines hidden --- | 5768requires a following space as with any of the other commands. 5769You should note that this command is executed in the foreground; 5770.Nm 5771will not continue running until this process has exited. 5772Use the 5773.Dv bg 5774command if you wish processing to happen in the background. 5775.It show Ar var --- 216 unchanged lines hidden --- |