ppp.conf.sample revision 50476
1249261Sdim################################################################# 2249261Sdim# 3353358Sdim# PPP Sample Configuration File 4353358Sdim# 5353358Sdim# Originally written by Toshiharu OHNO 6249261Sdim# 7249261Sdim# $FreeBSD: head/share/examples/ppp/ppp.conf.sample 50476 1999-08-28 00:22:10Z peter $ 8249261Sdim# 9341825Sdim################################################################# 10309124Sdim 11249261Sdim# This file is separated into sections. Each section is named with 12249261Sdim# a label starting in column 0 and followed directly by a ``:''. The 13249261Sdim# section continues until the next section. Blank lines and lines 14249261Sdim# beginning with ``#'' are ignored. 15276479Sdim# 16249261Sdim# Lines beginning with "!include" will ``include'' another file. You 17249261Sdim# may want to ``!include ~/.ppp.conf'' for backwards compatibility. 18249261Sdim# 19249261Sdim 20249261Sdim# Default setup. Always executed when PPP is invoked. 21249261Sdim# This section is *not* pre-loaded by the ``load'' or ``dial'' commands. 22249261Sdim# 23249261Sdim# This is the best place to specify your modem device, it's DTR rate, 24249261Sdim# your dial script and any logging specification. Logging specs should 25249261Sdim# be done first so that the results of subsequent commands are logged. 26249261Sdim# 27249261Sdimdefault: 28249261Sdim set log Phase Chat LCP IPCP CCP tun command 29249261Sdim set device /dev/cuaa1 30249261Sdim set speed 115200 31261991Sdim set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT \ 32296417Sdim OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 33296417Sdim 34296417Sdim# Client side PPP 35249261Sdim# 36249261Sdim# Although the PPP protocol is a peer to peer protocol, we normally 37249261Sdim# consider the side that initiates the connection as the client and 38249261Sdim# the side that receives the connection as the server. Authentication 39249261Sdim# is required by the server either using a unix-style login procedure 40249261Sdim# or by demanding PAP or CHAP authentication from the client. 41249261Sdim# 42249261Sdim 43296417Sdim# An on demand example where we have dynamic IP addresses and wish to 44276479Sdim# use a unix-style login script: 45249261Sdim# 46249261Sdim# If the peer assigns us an arbitrary IP (most ISPs do this) and we 47249261Sdim# can't predict what their IP will be either, take a wild guess at 48249261Sdim# some IPs that you can't currently route to. Ppp can change this 49261991Sdim# when the link comes up. 50249261Sdim# 51249261Sdim# The /0 bit in "set ifaddr" says that we insist on 0 bits of the 52296417Sdim# specified IP actually being correct, therefore, the other side can assign 53249261Sdim# any IP number. 54261991Sdim# 55309124Sdim# The forth arg to "set ifaddr" makes us send "0.0.0.0" as our requested 56353358Sdim# IP number, forcing the peer to make the decision. This is necessary 57353358Sdim# when negotiating with some (broken) ppp implementations. 58353358Sdim# 59353358Sdim# This entry also works with static IP numbers or when not in -auto mode. 60353358Sdim# The ``add'' line adds a `sticky' default route that will be updated if 61353358Sdim# and when any of the IP numbers are changed in IPCP negotiations. 62353358Sdim# The "set ifaddr" is required in -auto mode. 63353358Sdim# 64353358Sdim# Finally, the ``enable dns'' line tells ppp to ask the peer for the 65353358Sdim# nameserver addresses that should be used. This isn't always supported 66353358Sdim# by the other side, but if it is, ppp will update /etc/resolv.conf with 67353358Sdim# the correct nameserver values at connection time. 68353358Sdim# 69353358Sdim# The login script shown says that you're expecting ``ogin:''. If you 70353358Sdim# don't receive that, send a ``\n'' and expect ``ogin:'' again. When 71353358Sdim# it's received, send ``ppp'', expect ``word:'' then send ``ppp''. 72353358Sdim# You *MUST* customise this login script according to your local 73353358Sdim# requirements. 74353358Sdim# 75353358Sdimpmdemand: 76353358Sdim set phone 1234567 77353358Sdim set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" 78353358Sdim set timeout 120 79353358Sdim set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 80353358Sdim add default HISADDR 81353358Sdim enable dns 82353358Sdim 83353358Sdim# If you want to use PAP or CHAP instead of using a unix-style login 84353358Sdim# procedure, do the following. Note, the peer suggests whether we 85353358Sdim# should send PAP or CHAP. By default, we send whatever we're asked for. 86353358Sdim# 87353358Sdim# You *MUST* customise ``MyName'' and ``MyKey'' below. 88353358Sdim# 89353358SdimPAPorCHAPpmdemand: 90353358Sdim set phone 1234567 91353358Sdim set login 92353358Sdim set authname MyName 93353358Sdim set authkey MyKey 94353358Sdim set timeout 120 95353358Sdim set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 96353358Sdim add default HISADDR 97353358Sdim enable dns 98353358Sdim 99344779Sdim# On demand dialup example with static IP addresses: 100344779Sdim# Here, the local side uses 192.244.185.226 and the remote side 101344779Sdim# uses 192.244.176.44. 102344779Sdim# 103344779Sdim# # ppp -auto ondemand 104344779Sdim# 105344779Sdim# With static IP numbers, our setup is similar to dynamic: 106344779Sdim# Remember, ppp.linkup is searched for a "192.244.176.44" label, then 107344779Sdim# a "ondemand" label, and finally the "MYADDR" label. 108344779Sdim# 109344779Sdimondemand: 110344779Sdim set phone 1234567 111344779Sdim set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp" 112344779Sdim set timeout 120 113344779Sdim set ifaddr 192.244.185.226 192.244.176.44 114344779Sdim add default HISADDR 115344779Sdim enable dns 116344779Sdim 117344779Sdim# Example segments 118344779Sdim# 119344779Sdim# The following lines may be included as part of your configuration 120344779Sdim# section and aren't themselves complete. They're provided as examples 121344779Sdim# of how to achieve different things. 122344779Sdim 123344779Sdimexamples: 124344779Sdim# Multi-phone example. Numbers separated by a : are used sequentially. 125344779Sdim# Numbers separated by a | are used if the previous dial or login script 126344779Sdim# failed. Usually, you will prefer to use only one of | or :, but both 127344779Sdim# are allowed. 128344779Sdim# 129344779Sdim set phone 12345678|12345679:12345670|12345671 130344779Sdim# 131309124Sdim# Ppp can accept control instructions from the ``pppctl'' program. 132309124Sdim# First, you must set up your control socket. It's safest to use 133309124Sdim# a UNIX domain socket, and watch the permissions: 134344779Sdim# 135344779Sdim set server /var/tmp/internet MySecretPassword 0177 136344779Sdim# 137344779Sdim# Although a TCP port may be used if you want to allow control 138344779Sdim# connections from other machines: 139344779Sdim# 140344779Sdim set server 6670 MySecretpassword 141344779Sdim# 142309124Sdim# If you don't like ppp's builtin chat, use an external one: 143309124Sdim# 144309124Sdim set login "\"!chat \\\\-f /etc/ppp/ppp.dev.chat\"" 145309124Sdim# 146309124Sdim# If we have a ``strange'' modem that must be re-initialized when we 147309124Sdim# hangup: 148309124Sdim# 149309124Sdim set hangup "\"\" AT OK-AT-OK ATZ OK" 150309124Sdim# 151309124Sdim# To adjust logging withouth blasting the setting in default: 152309124Sdim# 153309124Sdim set log -command +tcp/ip 154309124Sdim# 155309124Sdim# To see log messages on the screen in interactive mode: 156309124Sdim# 157309124Sdim set log local LCP IPCP CCP 158309124Sdim# 159309124Sdim# If you're seeing a lot of magic number problems and failed connections, 160309124Sdim# try this (see the man page): 161309124Sdim# 162309124Sdim set openmode active 5 163309124Sdim# 164309124Sdim# For noisy lines, we may want to reconnect (up to 20 times) after loss 165309124Sdim# of carrier, with 3 second delays between each attempt: 166309124Sdim# 167309124Sdim set reconnect 3 20 168309124Sdim# 169353358Sdim# When playing server for M$ clients, tell them who our NetBIOS name 170353358Sdim# servers are: 171353358Sdim# 172353358Sdim set nbns 10.0.0.1 10.0.0.2 173353358Sdim# 174353358Sdim# Inform the client if they ask for our DNS IP numbers: 175353358Sdim# 176353358Sdim enable dns 177353358Sdim# 178353358Sdim# If you don't want to tell them what's in your /etc/resolf.conf file 179353358Sdim# with `enable dns', override the values: 180353358Sdim# 181353358Sdim set dns 10.0.0.1 10.0.0.2 182353358Sdim# 183353358Sdim# If we're using the -alias switch, redirect ftp and http to an internal 184353358Sdim# machine: 185353358Sdim# 186353358Sdim alias port 10.0.0.2:ftp ftp 187353358Sdim alias port 10.0.0.2:http http 188353358Sdim# 189353358Sdim# or don't trust the outside at all 190353358Sdim# 191353358Sdim alias deny_incoming yes 192353358Sdim# 193353358Sdim# I trust user brian to run ppp, so this goes in the `default' section: 194353358Sdim# 195353358Sdim allow user brian 196353358Sdim# 197353358Sdim# But label `internet' contains passwords that even brian can't have, so 198353358Sdim# I empty out the user access list in that section so that only root can 199353358Sdim# have access: 200353358Sdim# 201353358Sdim allow users 202353358Sdim# 203353358Sdim# I also may wish to set up my ppp login script so that it asks the client 204353358Sdim# for the label they wish to use. I may only want user ``dodgy'' to access 205353358Sdim# their own label in direct mode: 206353358Sdim# 207353358Sdimdodgy: 208353358Sdim allow user dodgy 209353358Sdim allow mode direct 210353358Sdim# 211353358Sdim# If we don't want ICMP and DNS packets to keep the connection alive: 212353358Sdim# 213353358Sdim set filter alive 0 deny icmp 214353358Sdim set filter alive 1 deny udp src eq 53 215353358Sdim set filter alive 2 deny udp dst eq 53 216353358Sdim set filter alive 3 permit 0 0 217353358Sdim# 218353358Sdim# And we don't want ICMPs to cause a dialup: 219353358Sdim# 220353358Sdim set filter dial 0 deny icmp 221353358Sdim set filter dial 1 permit 0 0 222353358Sdim# 223353358Sdim# or any TCP SYN or RST packets (badly closed TCP channels): 224353358Sdim# 225353358Sdim set filter dial 2 deny 0 0 tcp syn finrst 226353358Sdim# 227353358Sdim# Once the line's up, allow connections for ident (113), telnet (23), 228353358Sdim# ftp (20 & 21), DNS (53), my place of work (192.244.191.0/24), 229309124Sdim# ICMP (ping) and traceroute (>33433). 230309124Sdim# 231309124Sdim# Anything else is blocked by default 232309124Sdim# 233309124Sdim set filter in 0 permit tcp dst eq 113 234309124Sdim set filter out 0 permit tcp src eq 113 235314564Sdim set filter in 1 permit tcp src eq 23 estab 236314564Sdim set filter out 1 permit tcp dst eq 23 237341825Sdim set filter in 2 permit tcp src eq 21 estab 238341825Sdim set filter out 2 permit tcp dst eq 21 239309124Sdim set filter in 3 permit tcp src eq 20 dst gt 1023 240309124Sdim set filter out 3 permit tcp dst eq 20 241309124Sdim set filter in 4 permit udp src eq 53 242309124Sdim set filter out 4 permit udp dst eq 53 243341825Sdim set filter in 5 permit 192.244.191.0/24 0/0 244341825Sdim set filter out 5 permit 0/0 192.244.191.0/24 245309124Sdim set filter in 6 permit icmp 246309124Sdim set filter out 6 permit icmp 247314564Sdim set filter in 7 permit udp dst gt 33433 248314564Sdim set filter out 7 permit udp dst gt 33433 249344779Sdim 250314564Sdim# 251# ``dodgynet'' is an example intended for an autodial configuration which 252# is connecting a local network to a host on an untrusted network. 253dodgynet: 254 # Log link uptime 255 set log Phase 256 # For autoconnect only 257 allow modes auto 258 # Define modem device and speed 259 set device /dev/cuaa1 260 set speed 115200 261 # Don't support LQR 262 deny lqr 263 # Remote system phone number, login and password 264 set phone 0W1194 265 set authname pppLogin 266 set authkey MyPassword 267 # Chat script to dial remote system 268 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ OK-ATZ-OK \ 269 ATE1Q0M0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 270 # Chat script to login to remote Unix system 271 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P" 272 # Drop the link after 15 minutes of inactivity 273 # Inactivity is defined by the `set filter alive' line below 274 set timeout 900 275 # Hard-code remote system to appear within local subnet and use proxy arp 276 # to make this system the gateway 277 set ifaddr 172.17.20.247 172.17.20.248 255.255.240.0 278 enable proxy 279 280 # Allow any TCP packet to keep the link alive 281 set filter alive 0 permit tcp 282 283 # Only allow dialup to be triggered by http, rlogin, rsh, telnet, ftp or 284 # private TCP ports 24 and 4000 285 set filter dial 0 7 0 0 tcp dst eq http 286 set filter dial 1 7 0 0 tcp dst eq login 287 set filter dial 2 7 0 0 tcp dst eq shell 288 set filter dial 3 7 0 0 tcp dst eq telnet 289 set filter dial 4 7 0 0 tcp dst eq ftp 290 set filter dial 5 7 0 0 tcp dst eq 24 291 set filter dial 6 deny ! 0 0 tcp dst eq 4000 292 # From hosts on a couple of local subnets to the remote peer 293 # If the remote host allowed IP forwarding and we wanted to use it, the 294 # following rules could be split into two groups to separately validate 295 # the source and destination addresses. 296 set filter dial 7 permit 172.17.16.0/20 172.17.20.248 297 set filter dial 8 permit 172.17.36.0/22 172.17.20.248 298 set filter dial 9 permit 172.17.118.0/26 172.17.20.248 299 set filter dial 10 permit 10.123.5.0/24 172.17.20.248 300 301 # Once the link's up, limit outgoing access to the specified hosts 302 set filter out 0 4 172.17.16.0/20 172.17.20.248 303 set filter out 1 4 172.17.36.0/22 172.17.20.248 304 set filter out 2 4 172.17.118.0/26 172.17.20.248 305 set filter out 3 deny ! 10.123.5.0/24 172.17.20.248 306 # Allow established TCP connections 307 set filter out 4 permit 0 0 tcp estab 308 # And new connections to http, rlogin, rsh, telnet, ftp and ports 309 # 24 and 4000 310 set filter out 5 permit 0 0 tcp dst eq http 311 set filter out 6 permit 0 0 tcp dst eq login 312 set filter out 7 permit 0 0 tcp dst eq shell 313 set filter out 8 permit 0 0 tcp dst eq telnet 314 set filter out 9 permit 0 0 tcp dst eq ftp 315 set filter out 10 permit 0 0 tcp dst eq 24 316 set filter out 11 permit 0 0 tcp dst eq 4000 317 # And outgoing icmp 318 set filter out 12 permit 0 0 icmp 319 320 # Once the link's up, limit incoming access to the specified hosts 321 set filter in 0 4 172.17.20.248 172.17.16.0/20 322 set filter in 1 4 172.17.20.248 172.17.36.0/22 323 set filter in 2 4 172.17.20.248 172.17.118.0/26 324 set filter in 3 deny ! 172.17.20.248 10.123.5.0/24 325 # Established TCP connections and non-PASV FTP 326 set filter in 4 permit 0/0 0/0 tcp estab 327 set filter in 5 permit 0/0 0/0 tcp src eq 20 328 # Useful ICMP messages 329 set filter in 6 permit 0/0 0/0 icmp src eq 3 330 set filter in 7 permit 0/0 0/0 icmp src eq 4 331 set filter in 8 permit 0/0 0/0 icmp src eq 11 332 set filter in 9 permit 0/0 0/0 icmp src eq 12 333 # Echo reply (local systems can ping the remote host) 334 set filter in 10 permit 0/0 0/0 icmp src eq 0 335 # And the remote host can ping the local gateway (only) 336 set filter in 11 permit 0/0 172.17.20.247 icmp src eq 8 337 338 339# Server side PPP 340# 341# If you want the remote system to authenticate itself, you must insist 342# that the peer uses CHAP or PAP with the "enable" keyword. Both CHAP and 343# PAP are disabled by default. You may enable either or both. If both 344# are enabled, CHAP is requested first. If the client doesn't agree, PAP 345# will then be requested. 346# 347# Note: If you use the getty/login process to authenticate users, you 348# don't need to enable CHAP or PAP, but the user that has logged 349# in *MUST* be a member of the ``network'' group (in /etc/group). 350# 351# If you wish to allow any user in the passwd database ppp access, you 352# can ``enable passwdauth''. 353# 354# When the peer authenticates itself, we use ppp.secret for verification 355# (although refer to the ``set radius'' command below for an alternative). 356# 357# Note: We may supply a third field in ppp.secret specifying the IP 358# address for that user, a forth field to specify the 359# ppp.link{up,down} label to use and a fifth field to specify 360# callback characteristics. 361# 362# The easiest way to allow transparent LAN access to your dialin users 363# is to assign them a number from your local LAN and tell ppp to make a 364# ``proxy'' arp entry for them. In this example, we have a local LAN 365# with IP numbers 10.0.0.1 - 10.0.0.99, and we assign numbers to our 366# ppp clients between 10.0.0.100 and 10.0.0.199. It is possible to 367# override the dynamic IP number with a static IP number specified in 368# ppp.secret. 369# 370# Ppp is launched with: 371# # ppp -direct server 372# 373server: 374 enable chap 375 enable pap 376 enable passwdauth 377 enable proxy 378 set ifaddr 10.0.0.1 10.0.0.100-10.0.0.199 379 accept dns 380 381# Example of a RADIUS configuration: 382# If there are one or more radius servers available, we can use them 383# instead of the ppp.secret file. Simply put then in a radius 384# configuration file (usually /etc/radius.conf) and give ppp the 385# file name. 386# Ppp will use the FRAMED characteristics supplied by the radius server 387# to configure the link. 388 389radius-server: 390 load server 391 set radius /etc/radius.conf 392 393 394# Example to connect using a null-modem cable: 395# The important thing here is to allow the lqr packets on both sides. 396# Without them enabled, we can't tell if the line's dropped - there 397# should always be carrier on a direct connection. 398# Here, the server sends lqr's every 10 seconds and quits if five in a 399# row fail. 400# 401# Make sure you don't have "deny lqr" in your default: on the client ! 402# If the peer denies LQR, we still send ECHO LQR packets at the given 403# lqrperiod interval (ppp-style-pings). 404# 405direct-client: 406 set dial "" 407 set device /dev/cuaa0 408 set sp 115200 409 set timeout 900 410 set lqrperiod 10 411 set log Phase Chat LQM 412 set login "ABORT NO\\sCARRIER TIMEOUT 5 ogin:--ogin: ppp word: ppp HELLO" 413 set ifaddr 10.0.4.2 10.0.4.1 414 enable lqr 415 accept lqr 416 417direct-server: 418 set timeout 0 419 set lqrperiod 10 420 set log Phase LQM 421 set ifaddr 10.0.4.1 10.0.4.2 422 enable lqr 423 accept lqr 424 425 426# Example to connect via compuserve 427# Compuserve insists on 7 bits even parity during the chat phase. Modem 428# parity is always reset to ``none'' after the link has been established. 429# 430compuserve: 431 set phone 1234567 432 set parity even 433 set login "TIMEOUT 100 \"\" \"\" Name: CIS ID: 999999,9999/go:pppconnect \ 434 word: XXXXXXXX PPP" 435 set timeout 300 436 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 437 delete ALL 438 add default HISADDR 439 440 441# Example for PPP over TCP. 442# We assume that inetd on tcpsrv.mynet has been 443# configured to run "ppp -direct tcp-server" when it gets a connection on 444# port 1234. Read the man page for further details 445# 446# Note, we assume we're using a binary-clean connection. If something 447# such as `rlogin' is involved, you may need to ``set escape 0xff'' 448# 449tcp-client: 450 set device tcpsrv.mynet:1234 451 set dial 452 set login 453 set ifaddr 10.0.5.1 10.0.4.1 255.255.255.0 454 455tcp-server: 456 set ifaddr 10.0.4.1 10.0.5.1 255.255.255.0 457 458# Example for PPP testing. 459# If you want to test ppp, do it through the loopback interface: 460# 461# Requires a line in /etc/services: 462# ppploop 6671/tcp # loopback ppp daemon 463# 464# and a line in /etc/inetd.conf: 465# ppploop stream tcp nowait root /usr/sbin/ppp ppp -direct loop-in 466# 467loop: 468 set timeout 0 469 set log phase chat connect lcp ipcp command 470 set device localhost:ppploop 471 set dial 472 set login 473 set ifaddr 127.0.0.2 127.0.0.3 474 set server /var/tmp/loop "" 0177 475 476loop-in: 477 set timeout 0 478 set log phase lcp ipcp command 479 allow mode direct 480 481# Example of a VPN. 482# If you're going to create a tunnel through a public network, your VPN 483# should be set up something like this: 484# 485# You should already have set up ssh using ssh-agent & ssh-add. 486# 487sloop: 488 load loop 489 # Passive mode allows ssh plenty of time to establish the connection 490 set openmode passive 491 set device "!ssh whatevermachine /usr/sbin/ppp -direct loop-in" 492 493# Example of non-PPP callback. 494# If you wish to connect to a server that will dial back *without* using 495# the ppp callback facility (rfc1570), take advantage of the fact that 496# ppp doesn't look for carrier 'till `set login' is complete: 497# 498# Here, we expect the server to say DIALBACK then disconnect after 499# we've authenticated ourselves. When this has happened, we wait 500# 60 seconds for a RING. 501# 502dialback: 503 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATZ OK-ATZ-OK \ 504 ATDT\\T TIMEOUT 60 CONNECT" 505 set login "TIMEOUT 5 ogin:--ogin: ppp word: ppp TIMEOUT 15 DIALBACK \ 506 \"\" NO\\sCARRIER \"\" TIMEOUT 60 RING ATA CONNECT" 507 508# Example of PPP callback. 509# Alternatively, if the peer is using the PPP callback protocol, we're 510# happy either with ``auth'' style callback where the server dials us 511# back based on what we authenticate ourselves with, ``cbcp'' style 512# callback (invented by Microsoft but not agreed by the IETF) where 513# we negotiate callback *after* authentication or E.164 callback where 514# we specify only a phone number. I would recommend only ``auth'' and/or 515# ``cbcp'' callback methods. 516# For ``cbcp'', we insist that we choose ``1234567'' as the number that 517# the server must call back. 518# 519callback: 520 load pmdemand 521 set callback auth cbcp e.164 1234567 522 set cbcp 1234567 523 524# If we're running a ppp server that wants to only call back microsoft 525# clients on numbers configured in /etc/ppp/ppp.secret (the 5th field): 526# 527callback-server: 528 load server 529 set callback cbcp 530 set cbcp 531 set log +cbcp 532 set redial 3 1 533 set device /dev/cuaa0 534 set speed 115200 535 set dial "TIMEOUT 10 \"\" AT OK-AT-OK ATDT\\T CONNECT" 536 537# Or if we want to allow authenticated clients to specify their own 538# callback number: 539# 540callback-server-client-decides: 541 load callback-server 542 set cbcp * 543 544# Multilink mode is available (rfc1990). 545# To enable multilink capabilities, you must specify a MRRU. 1500 is 546# a reasonable value. To create new links, use the ``clone'' command 547# to duplicate an existing link. If you already have more than one 548# link, you must specify which link you wish to run the command on via 549# the ``link'' command. 550# 551# You can now ``dial'' specific links, or even dial all links at the 552# same time. The `dial' command may also be prefixed with a specific 553# link that should do the dialing. 554# 555mloop: 556 load loop 557 set mode interactive 558 set mrru 1500 559 clone 1 2 3 560 link deflink remove 561 # dial 562 # link 2 dial 563 # link 3 dial 564 565mloop-in: 566 set timeout 0 567 set log tun phase 568 allow mode direct 569 set mrru 1500 570 571# User supplied authentication: 572# It's possible to run ppp in the background while specifying a 573# program to use to obtain authentication details on demand. 574# This program would usually be a simple GUI that presents a 575# prompt to a known user. The ``chap-auth'' program is supplied 576# as an example (and requires tcl version 8.0). 577# 578CHAPprompt: 579 load PAPorCHAPpmdemand 580 set authkey !/usr/share/examples/ppp/chap-auth 581 582# It's possible to do the same sort of thing at the login prompt. 583# Here, after sending ``brian'' in response to the ``name'' prompt, 584# we're prompted with ``code:''. A window is then displayed on the 585# ``keep:0.0'' display and the typed response is sent to the peer 586# as the password. We then expect to see ``MTU'' and ``.'' in the 587# servers response. 588# 589loginprompt: 590 load pmdemand 591 set authname brian 592 set login "ABORT NO\\sCARRIER TIMEOUT 15 \"\" \"\" name:--name: \\U \ 593 code: \"!/usr/share/examples/ppp/login-auth -display keep:0.0 \ 594 AUTHNAME\" MTU \\c ." 595