1############################################################################### 2# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $ 3# 4# Sample Poptop PPP options file /etc/ppp/options.pptpd 5# Options used by PPP when a connection arrives from a client. 6# This file is pointed to by /etc/pptpd.conf option keyword. 7# Changes are effective on the next connection. See "man pppd". 8# 9# You are expected to change this file to suit your system. As 10# packaged, it requires PPP 2.4.2 and the kernel MPPE module. 11############################################################################### 12 13 14# Authentication 15 16# Name of the local system for authentication purposes 17# (must match the second field in /etc/ppp/chap-secrets entries) 18name pptpd 19 20# Strip the domain prefix from the username before authentication. 21# (applies if you use pppd with chapms-strip-domain patch) 22#chapms-strip-domain 23 24 25# Encryption 26# (There have been multiple versions of PPP with encryption support, 27# choose with of the following sections you will use.) 28 29 30# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o 31# {{{ 32refuse-pap 33refuse-chap 34refuse-mschap 35# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft 36# Challenge Handshake Authentication Protocol, Version 2] authentication. 37require-mschap-v2 38# Require MPPE 128-bit encryption 39# (note that MPPE requires the use of MSCHAP-V2 during authentication) 40require-mppe-128 41# }}} 42 43 44# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o 45# {{{ 46#-chap 47#-chapms 48# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft 49# Challenge Handshake Authentication Protocol, Version 2] authentication. 50#+chapms-v2 51# Require MPPE encryption 52# (note that MPPE requires the use of MSCHAP-V2 during authentication) 53#mppe-40 # enable either 40-bit or 128-bit, not both 54#mppe-128 55#mppe-stateless 56# }}} 57 58 59# Network and Routing 60 61# If pppd is acting as a server for Microsoft Windows clients, this 62# option allows pppd to supply one or two DNS (Domain Name Server) 63# addresses to the clients. The first instance of this option 64# specifies the primary DNS address; the second instance (if given) 65# specifies the secondary DNS address. 66#ms-dns 10.0.0.1 67#ms-dns 10.0.0.2 68 69# If pppd is acting as a server for Microsoft Windows or "Samba" 70# clients, this option allows pppd to supply one or two WINS (Windows 71# Internet Name Services) server addresses to the clients. The first 72# instance of this option specifies the primary WINS address; the 73# second instance (if given) specifies the secondary WINS address. 74#ms-wins 10.0.0.3 75#ms-wins 10.0.0.4 76 77# Add an entry to this system's ARP [Address Resolution Protocol] 78# table with the IP address of the peer and the Ethernet address of this 79# system. This will have the effect of making the peer appear to other 80# systems to be on the local ethernet. 81# (you do not need this if your PPTP server is responsible for routing 82# packets to the clients -- James Cameron) 83proxyarp 84 85# Normally pptpd passes the IP address to pppd, but if pptpd has been 86# given the delegate option in pptpd.conf or the --delegate command line 87# option, then pppd will use chap-secrets or radius to allocate the 88# client IP address. The default local IP address used at the server 89# end is often the same as the address of the server. To override this, 90# specify the local IP address here. 91# (you must not use this unless you have used the delegate option) 92#10.8.0.100 93 94 95# Logging 96 97# Enable connection debugging facilities. 98# (see your syslog configuration for where pppd sends to) 99#debug 100 101# Print out all the option values which have been set. 102# (often requested by mailing list to verify options) 103#dump 104 105 106# Miscellaneous 107 108# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive 109# access. 110#lock 111 112# Disable BSD-Compress compression 113nobsdcomp 114nodeflate 115 116# Disable Van Jacobson compression 117# (needed on some networks with Windows 9x/ME/XP clients, see posting to 118# poptop-server on 14th April 2005 by Pawel Pokrywka and followups, 119# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 ) 120novj 121novjccomp 122 123# turn off logging to stderr, since this may be redirected to pptpd, 124# which may trigger a loopback 125nologfd 126 127# put plugins here 128# (putting them higher up may cause them to sent messages to the pty) 129 130