1This is the README file for ppp-2.4, a package which implements the 2Point-to-Point Protocol (PPP) to provide Internet connections over 3serial lines. 4 5 6Introduction. 7************* 8 9The Point-to-Point Protocol (PPP) provides a standard way to establish 10a network connection over a serial link. At present, this package 11supports IP and the protocols layered above IP, such as TCP and UDP. 12The Linux and Solaris ports of this package have optional support for 13IPV6; the Linux port of this package also has support for IPX. 14 15This software consists of two parts: 16 17- Kernel code, which establishes a network interface and passes 18packets between the serial port, the kernel networking code and the 19PPP daemon (pppd). This code is implemented using STREAMS modules on 20Solaris, and as a line discipline under Linux. 21 22- The PPP daemon (pppd), which negotiates with the peer to establish 23the link and sets up the ppp network interface. Pppd includes support 24for authentication, so you can control which other systems may make a 25PPP connection and what IP addresses they may use. 26 27The platforms supported by this package are Linux and Solaris. I have 28code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX 29and Ultrix but no active maintainers for these platforms. Code for 30all of these except AIX is included in the ppp-2.3.11 release. 31 32 33Installation. 34************* 35 36The file SETUP contains general information about setting up your 37system for using PPP. There is also a README file for each supported 38system, which contains more specific details for installing PPP on 39that system. The supported systems, and the corresponding README 40files, are: 41 42 Linux README.linux 43 Solaris README.sol2 44 45In each case you start by running the ./configure script. This works 46out which operating system you are using and creates the appropriate 47makefiles. You then run `make' to compile the user-level code, and 48(as root) `make install' to install the user-level programs pppd, chat 49and pppstats. 50 51N.B. Since 2.3.0, leaving the permitted IP addresses column of the 52pap-secrets or chap-secrets file empty means that no addresses are 53permitted. You need to put a "*" in that column to allow the peer to 54use any IP address. (This only applies where the peer is 55authenticating itself to you, of course.) 56 57 58What's new in ppp-2.4.4. 59************************ 60 61* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating 62 the ppp interface and configuring its IP addresses but before 63 bringing it up. This can be used, for example, for adding firewall 64 rules for the interface. 65 66* Lots of bugs fixed, particularly in the area of demand-dialled and 67 persistent connections. 68 69* The rp-pppoe plugin now accepts any interface name (that isn't an 70 existing pppd option name) without putting "nic-" on the front of 71 it, not just eth*, nas*, tap* and br*. 72 73 74What was new in ppp-2.4.3. 75************************** 76 77* The configure script now accepts --prefix and --sysconfdir options. 78 These default to /usr/local and /etc. If you want pppd put in 79 /usr/sbin as before, use ./configure --prefix=/usr. 80 81* Doing `make install' no longer puts example configuration files in 82 /etc/ppp. Use `make install-etcppp' if you want that. 83 84* The code has been updated to work with version 0.8.3 of libpcap. 85 Unfortunately the libpcap maintainers removed support for the 86 "inbound" and "outbound" keywords on PPP links, meaning that if you 87 link pppd with libpcap-0.8.3, you can't use those keywords in the 88 active-filter and pass-filter expressions. The support has been 89 reinstated in the CVS version and should be in future libpcap 90 releases. If you need the in/outbound keywords, use a later release 91 than 0.8.3, or get the CVS version from http://www.tcpdump.org. 92 93* There is a new option, child-timeout, which sets the length of time 94 that pppd will wait for child processes (such as the command 95 specified with the pty option) to exit before exiting itself. It 96 defaults to 5 seconds. After the timeout, pppd will send a SIGTERM 97 to any remaining child processes and exit. A value of 0 means no 98 timeout. 99 100* Various bugs have been fixed, including some CBCP packet parsing 101 bugs that could lead to the peer being able to crash pppd if CBCP 102 support is enabled. 103 104* Various fixes and enhancements to the radius and rp-pppoe plugins 105 have been added. 106 107* There is a new winbind plugin, from Andrew Bartlet of the Samba 108 team, which provides the ability to authenticate the peer against an 109 NT domain controller using MS-CHAP or MS-CHAPV2. 110 111* There is a new pppoatm plugin, by various authors, sent in by David 112 Woodhouse. 113 114* The multilink code has been substantially reworked. The first pppd 115 for a bundle still controls the ppp interface, but it doesn't exit 116 until all the links in the bundle have terminated. If the first 117 pppd is signalled to exit, it signals all the other pppds 118 controlling links in the bundle. 119 120* The TDB code has been updated to the latest version. This should 121 eliminate the problem that some people have seen where the database 122 file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however, 123 the new code uses an incompatible database format. For this reason, 124 pppd now uses /var/run/pppd2.tdb as the database filename. 125 126 127What was new in ppp-2.4.2. 128************************** 129 130* The CHAP code has been rewritten. Pppd now has support for MS-CHAP 131 V1 and V2 authentication, both as server and client. The new CHAP 132 code is cleaner than the old code and avoids some copyright problems 133 that existed in the old code. 134 135* MPPE (Microsoft Point-to-Point Encryption) support has been added, 136 although the current implementation shouldn't be considered 137 completely secure. (There is no assurance that the current code 138 won't ever transmit an unencrypted packet.) 139 140* James Carlson's implementation of the Extensible Authentication 141 Protocol (EAP) has been added. 142 143* Support for the Encryption Control Protocol (ECP) has been added. 144 145* Some new plug-ins have been included: 146 - A plug-in for kernel-mode PPPoE (PPP over Ethernet) 147 - A plug-in for supplying the PAP password over a pipe from another 148 process 149 - A plug-in for authenticating using a Radius server. 150 151* Updates and bug-fixes for the Solaris port. 152 153* The CBCP (Call Back Control Protocol) code has been updated. There 154 are new options `remotenumber' and `allow-number'. 155 156* Extra hooks for plugins to use have been added. 157 158* There is now a `maxoctets' option, which causes pppd to terminate 159 the link once the number of bytes passed on the link exceeds a given 160 value. 161 162* There are now options to control whether pppd can use the IPCP 163 IP-Address and IP-Addresses options: `ipcp-no-address' and 164 `ipcp-no-addresses'. 165 166* Fixed several bugs, including potential buffer overflows in chat. 167 168 169What was new in ppp-2.4.1. 170************************** 171 172* Pppd can now print out the set of options that are in effect. The 173 new `dump' option causes pppd to print out the option values after 174 option parsing is complete. The `dryrun' option causes pppd to 175 print the options and then exit. 176 177* The option parsing code has been fixed so that options in the 178 per-tty options file are parsed correctly, and don't override values 179 from the command line in most cases. 180 181* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for 182 example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if 183 there is no slash in the plugin name. 184 185* When loading a plugin, pppd will now check the version of pppd for 186 which the plugin was compiled, and refuse to load it if it is 187 different to pppd's version string. To enable this, the plugin 188 source needs to #include "pppd.h" and have a line saying: 189 char pppd_version[] = VERSION; 190 191* There is a bug in zlib, discovered by James Carlson, which can cause 192 kernel memory corruption if Deflate is used with the lowest setting, 193 8. As a workaround pppd will now insist on using at least 9. 194 195* Pppd should compile on Solaris and SunOS again. 196 197* Pppd should now set the MTU correctly on demand-dialled interfaces. 198 199 200What was new in ppp-2.4.0. 201************************** 202 203* Multilink: this package now allows you to combine multiple serial 204 links into one logical link or `bundle', for increased bandwidth and 205 reduced latency. This is currently only supported under the 206 2.4.x and later Linux kernels. 207 208* All the pppd processes running on a system now write information 209 into a common database. I used the `tdb' code from samba for this. 210 211* New hooks have been added. 212 213For a list of the changes made during the 2.3 series releases of this 214package, see the Changes-2.3 file. 215 216 217Compression methods. 218******************** 219 220This package supports two packet compression methods: Deflate and 221BSD-Compress. Other compression methods which are in common use 222include Predictor, LZS, and MPPC. These methods are not supported for 223two reasons - they are patent-encumbered, and they cause some packets 224to expand slightly, which pppd doesn't currently allow for. 225BSD-Compress and Deflate (which uses the same algorithm as gzip) don't 226ever expand packets. 227 228 229Patents. 230******** 231 232The BSD-Compress algorithm used for packet compression is the same as 233that used in the Unix "compress" command. It was apparently covered 234by U.S. patents 4,814,746 (owned by IBM) and 4,558,302 (owned by 235Unisys), and corresponding patents in various other countries (but not 236Australia). Apparently the Unisys patent expired in the US on 20 June 2372003, but the IBM patent is still pending. 238 239If these patents are of concern in your situation, you can build the 240package without including BSD-Compress. To do this, edit 241net/ppp-comp.h to change the definition of DO_BSD_COMPRESS to 0. The 242bsd-comp.c files are then no longer needed, so the references to 243bsd-comp.o may optionally be removed from the Makefiles. 244 245 246Contacts. 247********* 248 249The comp.protocols.ppp newsgroup is a useful place to get help if you 250have trouble getting your ppp connections to work. Please do not send 251me questions of the form "please help me get connected to my ISP" - 252I'm sorry, but I simply do not have the time to answer all the 253questions like this that I get. 254 255If you find bugs in this package, please report them to the maintainer 256for the port for the operating system you are using: 257 258Linux Paul Mackerras <paulus@samba.org> 259Solaris James Carlson <carlson@workingcode.com> 260 261 262Copyrights: 263*********** 264 265All of the code can be freely used and redistributed. The individual 266source files each have their own copyright and permission notice. 267Pppd, pppstats and pppdump are under BSD-style notices. Some of the 268pppd plugins are GPL'd. Chat is public domain. 269 270 271Distribution: 272************* 273 274The primary site for releases of this software is: 275 276 ftp://ftp.samba.org/pub/ppp/ 277 278 279($Id: README,v 1.37 2006/05/29 23:51:29 paulus Exp $) 280