6
+ Upgrading from versions older than 2.4.1[.uus-3]
7
+ Upgrading from versions older than 2.3.9 *important*
8
+ Upgrading from versions older than 2.3.5-2
9
+ Upgrading from versions older than 2.3.1
10
+ PAM support (needed for inbound PAP)
11
6
+ Provided user space scripts
12
8
+ Outbound dialing setup
13
9
+ Inbound setup combined with mgetty
15
+ Demand dial-up links
16
10
+ Syslog facility level
21
Upgrading from versions older than 2.4.1[.uus-3]:
22
-------------------------------------------------
24
PPP packet filtering has been enabled since 2.4.1.uus-2, which is available
25
by using the "active-filter" option. See pppd(8) for more information.
26
The CONFIG_PPP_FILTER option is required in the kernel. (If this is not
27
enabled, the following warning will be sent to the syslog, but ppp will
29
pppd[pid]: Couldn't set pass-filter in kernel: Invalid argument )
31
IPV6 support has also been enabled, for usage, see the pppd(8) manpage.
33
Upgrading from versions older than 2.3.9:
34
-----------------------------------------
36
Default value for number of redial attempts with `persist' option was
37
changed from infinity to 10, by introducing a new `maxfail' option.
39
If you used the `persist' option in your pppd settings, you will have to
40
add `maxfail 0' to get the old behaviour back.
42
(Possible) Rationale: some people had ISDN dial-on-demand routers that were
43
dialing but failing to authenticate. Because of the pppd setting to dial
44
infinitely, it happened about once a second, so after a month or two, the
45
phone bill was several thousand pounds! This is clearly unacceptable, so the
46
default was changed from infinity to 10 to prevent this and all similar cases.
48
Upgrading from versions older than 2.3.5-2:
49
-------------------------------------------
51
Debian package had included an incorrect example of /etc/ppp/pap-secrets
52
in the inbound connection section. The old wrong example was this:
54
# Every regular user can use PPP and has to use passwords from /etc/passwd
57
This was fixed in ppp package version 2.3.5-2, to:
59
# Every regular user can use PPP and has to use passwords from /etc/passwd
62
Note: the string "hostname" must be replaced with the output of `hostname`
63
on your system. It will be done by the post-installation scripts, but you
64
should check it's done nonetheless.
66
Upgrading from versions older than 2.3.1:
67
-----------------------------------------
69
The default setup in /etc/ppp/options is to turn authentication on.
71
This may cause you not to be able to log into your ISP any more, if they do
72
not support PAP or CHAP authentication. All you need to do is set ``noauth''
73
either on pppd's command line or in /etc/ppp/peers/provider, in order to switch
74
it off for this connection.
76
[Don't just turn it off again in the options file, since it is better to deny
77
access by default for security reasons.]
79
PAM support (needed for inbound PAP):
80
-------------------------------------
82
pppd with PAM support for inbound PAP logins is now available in the
83
normal `ppp' package, marking the `ppp-pam' package obsolete. The
84
packaging system should automatically remove the old package on upgrade.
86
Provided user space scripts:
87
----------------------------
11
+ Logging of ip-up and ip-down
14
+ Naming of PPPoE interfaces
16
-- Christoph Lameter <clameter@debian.org>, 22 July 1997
17
Phil Hands <phil@hands.com>
18
Josip Rodin <jrodin@jagor.srce.hr>, 27 November 1999.
19
Marco d'Itri <md@linux.it>
22
Provided user space scripts
23
~~~~~~~~~~~~~~~~~~~~~~~~~~~
89
24
Since release 2.3.1, the ppp package provides scripts to conveniently
90
25
control PPP from user space. Note that the scripts only work with the
91
26
proper setup in /etc/ppp. Edit the configuration files and test the
103
38
Please read the manual page pon(1) for specific descriptions of these
106
Outbound and inbound dialing setup:
107
-----------------------------------
109
pppd attempts to handle both inbound and outbound through one set of
110
configuration files. The /etc/ppp/options file has been set up for the
113
If it isn't absolutely necessary, please don't edit the file, but specify
114
parameters on the commandline. If you find a change that would be beneficial
115
to all users, then please inform the package maintainer about it.
117
Outbound dialing setup:
118
-----------------------
120
Edit the file /etc/chatscripts/provider and make sure it contains what
121
you need to dial-up into your server and eventually start up PPP on the
122
remote machine. I.e. replace strings in brackets with appropriate values
123
like telephone number, login name, and password.
44
Access to pppd is controlled via the membership in the "dip" group.
47
Outbound dialing setup
48
~~~~~~~~~~~~~~~~~~~~~~
125
49
Edit the file /etc/ppp/peers/provider and put all options in it that you need
126
50
to connect to your server. The most common options are already provided for
127
you. If you need the common PAP password authentication then add
128
`user <username>' to it. Otherwise you might also change the system name to
129
be like your username. The systemname is used for authentication if you do
130
not provide the "user" directive. See also pppd(8) manual page.
132
Note: If you are NOT using PAP or CHAP authentication, you need to put
133
`noauth' in /etc/ppp/peers/provider to allow a connection to be made.
51
you, and you should only need to set the login name and telephone number.
135
53
Edit the file /etc/ppp/pap-secrets and put your password into the designated
138
56
You should then be able to start the PPP connection with pon.
140
If you want to have PPP on bootup then rename the file
141
/etc/ppp/no_ppp_on_boot to /etc/ppp/ppp_on_boot. If you wish to further
142
customize it, mark it executable and edit it (it's a shell script).
144
For more advanced usage of PPP outbound connections install pppconfig.
146
Inbound setup combined with mgetty:
147
-----------------------------------
58
You should never need to modify /etc/ppp/options.
60
If you want to have PPP started at boot time then add something like this
61
to /etc/network/interfaces:
68
Inbound setup combined with mgetty
69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
149
70
Note: for this to work you need to have mgetty version >= 0.99 with its
150
71
AutoPPP feature turned on.
175
96
(see /usr/share/doc/ppp/examples/scripts/*callback), and with mgetty's
176
97
`callback' program (see callback(8) manual page).
181
Access to PPPD is controlled via the membership in the "dip" group.
183
Demand dial-up links:
184
---------------------
186
Note: if you use an older kernel version (older 2.0.x), you need to patch
187
the kernel itself, in order to support demand dial-up with the patches for
190
Add the following options to /etc/ppp/peers/provider:
192
demand idle 600 holdoff 20
194
to set up demand dialing. 600 seconds (=10 minutes) idle time disconnects.
195
20 seconds between attempts to connect. This setup implies the "persist"
196
option. You might also want to enable PPP on boot up so you won't have to
197
worry about the PPP connection at all.
199
Syslog facility level:
200
----------------------
100
Syslog facility level
101
~~~~~~~~~~~~~~~~~~~~~
202
102
The default level of LOG_DAEMON has been overridden (as described in the
203
103
pppd(8) man page), to be LOG_LOCAL2. The intent being that local2 be sent
204
104
to /var/log/ppp.log for use by plog, if you add the following line to your
207
107
local2.* -/var/log/ppp.log
212
Password expiration was once implemented with a direct call to a
213
non-exported function in libshadow, but isn't anymore. Why are
214
they doing such things?
219
As of version 2.3.1 the kernel stuff is broken for some old 2.0.x kernels.
220
See the file called "kernel.fix-2.0.30-2" in this directory.
222
-- Christoph Lameter <clameter@debian.org>, 22 July 1997
223
Phil Hands <phil@hands.com>
224
Josip Rodin <jrodin@jagor.srce.hr>, 27 November 1999.
110
Logging of ip-up and ip-down
111
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
112
If you want to enable logging of the ip-up and ip-down scripts output,
113
then create the file /var/log/ppp-ipupdown.log .
118
The files peers-pppoa, peers-pppoe and interfaces from
119
/usr/share/doc/ppp/examples/ contain complete configuration examples
120
for the protocols commonly used for DSL connections.
121
Beware: the pppoatm kernel driver currently is not autoloaded, so PPPoA
122
users probably want to add it to /proc/modules.
123
The same applies to PPPoE users who need the br2684 module.
128
If the computer running pppd acts as a router for other machines, you
129
probably want to make it reduce the MSS field of outgoing packets, to
130
avoid fragmentation and problems caused by path MTU blackholing.
131
You may add something like this to /etc/ppp/ip-up.d/local:
133
iptables --insert FORWARD 1 --proto tcp --tcp-flags SYN,RST SYN \
134
--out-interface $PPP_IFACE --match tcpmss --mss 1400:1536 \
135
--jump TCPMSS --clamp-mss-to-pmtu
138
Naming of PPPoE interfaces
139
~~~~~~~~~~~~~~~~~~~~~~~~~~
140
The rp-pppoe plugin usually accepts only eth*, nas* or tap* as interface
141
names. Different names can be specified by adding the "nic-" prefix,
142
which will be removed by the program.
added
removed
debian/README.Debian
