1This is the README file for ppp-2.4, a package which implements the
2Point-to-Point Protocol (PPP) to provide Internet connections over
3serial lines.
4
5
6Introduction.
7*************
8
9The Point-to-Point Protocol (PPP) provides a standard way to establish
10a network connection over a serial link.  At present, this package
11supports IP and the protocols layered above IP, such as TCP and UDP.
12The Linux and Solaris ports of this package have optional support for
13IPV6; the Linux port of this package also has support for IPX.
14
15This software consists of two parts:
16
17- Kernel code, which establishes a network interface and passes
18packets between the serial port, the kernel networking code and the
19PPP daemon (pppd).  This code is implemented using STREAMS modules on
20Solaris, and as a line discipline under Linux.
21
22- The PPP daemon (pppd), which negotiates with the peer to establish
23the link and sets up the ppp network interface.  Pppd includes support
24for authentication, so you can control which other systems may make a
25PPP connection and what IP addresses they may use.
26
27The platforms supported by this package are Linux and Solaris.  I have
28code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX
29and Ultrix but no active maintainers for these platforms.  Code for
30all of these except AIX is included in the ppp-2.3.11 release.
31
32
33Installation.
34*************
35
36The file SETUP contains general information about setting up your
37system for using PPP.  There is also a README file for each supported
38system, which contains more specific details for installing PPP on
39that system.  The supported systems, and the corresponding README
40files, are:
41
42	Linux				README.linux
43	Solaris				README.sol2
44
45In each case you start by running the ./configure script.  This works
46out which operating system you are using and creates the appropriate
47makefiles.  You then run `make' to compile the user-level code, and
48(as root) `make install' to install the user-level programs pppd, chat
49and pppstats.
50
51N.B. Since 2.3.0, leaving the permitted IP addresses column of the
52pap-secrets or chap-secrets file empty means that no addresses are
53permitted.  You need to put a "*" in that column to allow the peer to
54use any IP address.  (This only applies where the peer is
55authenticating itself to you, of course.)
56
57
58What's new in ppp-2.4.4.
59************************
60
61* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
62  the ppp interface and configuring its IP addresses but before
63  bringing it up.  This can be used, for example, for adding firewall
64  rules for the interface.
65
66* Lots of bugs fixed, particularly in the area of demand-dialled and
67  persistent connections.
68
69* The rp-pppoe plugin now accepts any interface name (that isn't an
70  existing pppd option name) without putting "nic-" on the front of
71  it, not just eth*, nas*, tap* and br*.
72
73
74What was new in ppp-2.4.3.
75**************************
76
77* The configure script now accepts --prefix and --sysconfdir options.
78  These default to /usr/local and /etc.  If you want pppd put in
79  /usr/sbin as before, use ./configure --prefix=/usr.
80
81* Doing `make install' no longer puts example configuration files in
82  /etc/ppp.  Use `make install-etcppp' if you want that.
83
84* The code has been updated to work with version 0.8.3 of libpcap.
85  Unfortunately the libpcap maintainers removed support for the
86  "inbound" and "outbound" keywords on PPP links, meaning that if you
87  link pppd with libpcap-0.8.3, you can't use those keywords in the
88  active-filter and pass-filter expressions.  The support has been
89  reinstated in the CVS version and should be in future libpcap
90  releases.  If you need the in/outbound keywords, use a later release
91  than 0.8.3, or get the CVS version from http://www.tcpdump.org.
92
93* There is a new option, child-timeout, which sets the length of time
94  that pppd will wait for child processes (such as the command
95  specified with the pty option) to exit before exiting itself.  It
96  defaults to 5 seconds.  After the timeout, pppd will send a SIGTERM
97  to any remaining child processes and exit.  A value of 0 means no
98  timeout.
99
100* Various bugs have been fixed, including some CBCP packet parsing
101  bugs that could lead to the peer being able to crash pppd if CBCP
102  support is enabled.
103
104* Various fixes and enhancements to the radius and rp-pppoe plugins
105  have been added.
106
107* There is a new winbind plugin, from Andrew Bartlet of the Samba
108  team, which provides the ability to authenticate the peer against an
109  NT domain controller using MS-CHAP or MS-CHAPV2.
110
111* There is a new pppoatm plugin, by various authors, sent in by David
112  Woodhouse.
113
114* The multilink code has been substantially reworked.  The first pppd
115  for a bundle still controls the ppp interface, but it doesn't exit
116  until all the links in the bundle have terminated.  If the first
117  pppd is signalled to exit, it signals all the other pppds
118  controlling links in the bundle.
119
120* The TDB code has been updated to the latest version.  This should
121  eliminate the problem that some people have seen where the database
122  file (/var/run/pppd.tdb) keeps on growing.  Unfortunately, however,
123  the new code uses an incompatible database format.  For this reason,
124  pppd now uses /var/run/pppd2.tdb as the database filename.
125
126
127What was new in ppp-2.4.2.
128**************************
129
130* The CHAP code has been rewritten.  Pppd now has support for MS-CHAP
131  V1 and V2 authentication, both as server and client.  The new CHAP
132  code is cleaner than the old code and avoids some copyright problems
133  that existed in the old code.
134
135* MPPE (Microsoft Point-to-Point Encryption) support has been added,
136  although the current implementation shouldn't be considered
137  completely secure.  (There is no assurance that the current code
138  won't ever transmit an unencrypted packet.)
139
140* James Carlson's implementation of the Extensible Authentication
141  Protocol (EAP) has been added.
142
143* Support for the Encryption Control Protocol (ECP) has been added.
144
145* Some new plug-ins have been included:
146  - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
147  - A plug-in for supplying the PAP password over a pipe from another
148    process
149  - A plug-in for authenticating using a Radius server.
150
151* Updates and bug-fixes for the Solaris port.
152
153* The CBCP (Call Back Control Protocol) code has been updated.  There
154  are new options `remotenumber' and `allow-number'.
155
156* Extra hooks for plugins to use have been added.
157
158* There is now a `maxoctets' option, which causes pppd to terminate
159  the link once the number of bytes passed on the link exceeds a given
160  value.
161
162* There are now options to control whether pppd can use the IPCP
163  IP-Address and IP-Addresses options: `ipcp-no-address' and
164  `ipcp-no-addresses'.
165
166* Fixed several bugs, including potential buffer overflows in chat.
167
168
169What was new in ppp-2.4.1.
170**************************
171
172* Pppd can now print out the set of options that are in effect.  The
173  new `dump' option causes pppd to print out the option values after
174  option parsing is complete.  The `dryrun' option causes pppd to
175  print the options and then exit.
176
177* The option parsing code has been fixed so that options in the
178  per-tty options file are parsed correctly, and don't override values
179  from the command line in most cases.
180
181* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
182  example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
183  there is no slash in the plugin name.
184
185* When loading a plugin, pppd will now check the version of pppd for
186  which the plugin was compiled, and refuse to load it if it is
187  different to pppd's version string.  To enable this, the plugin
188  source needs to #include "pppd.h" and have a line saying:
189	char pppd_version[] = VERSION;
190
191* There is a bug in zlib, discovered by James Carlson, which can cause
192  kernel memory corruption if Deflate is used with the lowest setting,
193  8.  As a workaround pppd will now insist on using at least 9.
194
195* Pppd should compile on Solaris and SunOS again.
196
197* Pppd should now set the MTU correctly on demand-dialled interfaces.
198
199
200What was new in ppp-2.4.0.
201**************************
202
203* Multilink: this package now allows you to combine multiple serial
204  links into one logical link or `bundle', for increased bandwidth and
205  reduced latency.  This is currently only supported under the
206  2.4.x and later Linux kernels.
207
208* All the pppd processes running on a system now write information
209  into a common database.  I used the `tdb' code from samba for this.
210
211* New hooks have been added.
212
213For a list of the changes made during the 2.3 series releases of this
214package, see the Changes-2.3 file.
215
216
217Compression methods.
218********************
219
220This package supports two packet compression methods: Deflate and
221BSD-Compress.  Other compression methods which are in common use
222include Predictor, LZS, and MPPC.  These methods are not supported for
223two reasons - they are patent-encumbered, and they cause some packets
224to expand slightly, which pppd doesn't currently allow for.
225BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
226ever expand packets.
227
228
229Patents.
230********
231
232The BSD-Compress algorithm used for packet compression is the same as
233that used in the Unix "compress" command.  It was apparently covered
234by U.S. patents 4,814,746 (owned by IBM) and 4,558,302 (owned by
235Unisys), and corresponding patents in various other countries (but not
236Australia).  Apparently the Unisys patent expired in the US on 20 June
2372003, but the IBM patent is still pending.
238
239If these patents are of concern in your situation, you can build the
240package without including BSD-Compress.  To do this, edit
241net/ppp-comp.h to change the definition of DO_BSD_COMPRESS to 0.  The
242bsd-comp.c files are then no longer needed, so the references to
243bsd-comp.o may optionally be removed from the Makefiles.
244
245
246Contacts.
247*********
248
249The comp.protocols.ppp newsgroup is a useful place to get help if you
250have trouble getting your ppp connections to work.  Please do not send
251me questions of the form "please help me get connected to my ISP" -
252I'm sorry, but I simply do not have the time to answer all the
253questions like this that I get.
254
255If you find bugs in this package, please report them to the maintainer
256for the port for the operating system you are using:
257
258Linux			Paul Mackerras <paulus@samba.org>
259Solaris			James Carlson <carlson@workingcode.com>
260
261
262Copyrights:
263***********
264
265All of the code can be freely used and redistributed.  The individual
266source files each have their own copyright and permission notice.
267Pppd, pppstats and pppdump are under BSD-style notices.  Some of the
268pppd plugins are GPL'd.  Chat is public domain.
269
270
271Distribution:
272*************
273
274The primary site for releases of this software is:
275
276	ftp://ftp.samba.org/pub/ppp/
277
278
279($Id: README,v 1.37 2006/05/29 23:51:29 paulus Exp $)
280