propppctl(1) ProL2TP Manual propppctl(1)
NAME
propppctl - Command line control utility for propppd
SYNOPSIS
propppctl
create create-args...
destroy ppp-instance
show ppp-instance or ultilink-bundle
status
list options
DESCRIPTION
The propppctl utility is used to configure and control the propppd(8)
daemon. PPP instances may be created or destroyed, and daemon runtime
status may be queried.
The command name is the first argument. The arguments accepted differs
for each command.
CREATE
Creates a new PPP instance. Each instance is assigned a unique name of
the form session-N. This name can be used as an argument to SHOW and
DESTROY commands to operate on the instance.
DESTROY
Destroys the named PPP instance. PPP LCP messages are sent to the peer
to terminate the connection.
SHOW
Shows information about the named PPP instance or multilink bundle.
STATUS
Shows status information about propppd, such as the number of PPP
instances, RADIUS requests and events.
LIST
Prints a summary of all PPP instances. For each instance, its name,
connection state and PPP username (if available) may be listed. The
user may list only the PPP instances which are up or only those which
are down.
OPTIONS
CREATE
The create command creates a new PPP instance. Arguments are specified
as a space-separated list. If an argument takes a value, the value is
given in the word following the argument name. e.g.
propppctl create param1 param1value param2 param3 param3value
propppd supports PPP over several different link types.
o Ethernet (PPPoE)
o L2TP (PPPoL2TP)
o Serial tty device
The following sections describe all of the options available. Many
arguments are the same as those used in pppd(8)
Common Options
auth Require the peer to authenticate itself before allowing network
packets to be sent or received.
mru n Set the MRU [Maximum Receive Unit] value to n. Propppd will ask
the peer to send packets of no more than n bytes. The value of
n must be between 128 and 16384; the default is 1500. Note that
for the IPv6 protocol, the MRU must be at least 1280.
mtu n Set the MTU [Maximum Transmit Unit] value to n. Unless the peer
requests a smaller value via MRU negotiation, propppd will
request that the kernel networking code send data packets of no
more than n bytes through the PPP network interface. Note that
for the IPv6 protocol, the MTU must be at least 1280.
passive
Enables the "passive" option in the LCP. With this option,
propppd will attempt to initiate a connection; if no reply is
received from the peer, propppd will then just wait passively
for a valid LCP packet from the peer, instead of terminating, as
it would without this option.
<local_IP_address>:<remote_IP_address>
Set the local and/or remote interface IP addresses. Either one
may be omitted. The IP addresses can be specified with a host
name or in decimal dot notation (e.g. 150.234.56.78). The
remote address will be obtained from the peer if not specified
in any option. If a local and/or remote IP address is specified
with this option, propppd will not accept a different value from
the peer in the IPCP negotiation, unless the ipcp-accept-local
and/or ipcp-accept-remote options are given, respectively.
+ipv6 Enable the IPv6CP and IPv6 protocols.
ipv6 <local_interface_id>,<remote_interface_id>
Set the local and/or remote 64-bit interface identifier. Either
one may be omitted. The identifier must be specified in standard
ASCII notation of IPv6 addresses (e.g. ::dead:beef). If the
ipv6cp-use-ipaddr option is given, the local identifier is the
local IPv4 address (see above). On systems which supports a
unique persistent id, such as EUI-48 derived from the Ethernet
MAC address, ipv6cp-use-persistent option can be used to replace
the ipv6 <local>,<remote> option. Otherwise the identifier is
randomized.
allow-ip address(es)
Allow peers to use the given IP address or subnet without
authenticating themselves. The parameter is parsed as for each
element of the list of allowed IP addresses in the secrets files
(see the AUTHENTICATION section in propppd.conf(5) ).
bsdcomp nr,nt
Request that the peer compress packets that it sends, using the
BSD-Compress scheme, with a maximum code size of nr bits, and
agree to compress packets sent to the peer with a maximum code
size of nt bits. If nt is not specified, it defaults to the
value given for nr. Values in the range 9 to 15 may be used for
nr and nt; larger values give better compression but consume
more kernel memory for compression dictionaries. Alternatively,
a value of 0 for nr or nt disables compression in the
corresponding direction. Use nobsdcomp or bsdcomp 0 to disable
BSD-Compress compression entirely.
chap-interval n
If this option is given, propppd will rechallenge the peer every
n seconds.
chap-max-challenge n
Set the maximum number of CHAP challenge transmissions to n
(default 10).
chap-restart n
Set the CHAP restart interval (retransmission timeout for
challenges) to n seconds (default 3).
debug Enables connection debugging facilities. If this option is
given, propppd will enable debug messages for the PPP instance
which may be useful to diagnose connection problems.
loglevel level
Sets the PPP instance debug log level. level must be one of
"error", "warning", "notice", "info" or "debug". "loglevel
debug" is equivalent to the debug option.
default-mru
Disable MRU [Maximum Receive Unit] negotiation. With this
option, propppd will use the default MRU value of 1500 bytes for
both the transmit and receive direction.
deflate nr,nt
Request that the peer compress packets that it sends, using the
Deflate scheme, with a maximum window size of 2**nr bytes, and
agree to compress packets sent to the peer with a maximum window
size of 2**nt bytes. If nt is not specified, it defaults to the
value given for nr. Values in the range 9 to 15 may be used for
nr and nt; larger values give better compression but consume
more kernel memory for compression dictionaries. Alternatively,
a value of 0 for nr or nt disables compression in the
corresponding direction. Use nodeflate or deflate 0 to disable
Deflate compression entirely. (Note: propppd requests Deflate
compression in preference to BSD-Compress if the peer can do
either.)
domain d
Append the domain name d to the local host name for
authentication purposes. For example, if gethostname() returns
the name porsche, but the fully qualified domain name is
porsche.Quotron.COM, you could specify domain Quotron.COM.
Propppd would then use the name porsche.Quotron.COM for looking
up secrets in the secrets file, and as the default name to send
to the peer when authenticating itself to the peer. This option
is privileged.
enable-session
Enables session accounting via PAM. When PAM is enabled, the
PAM "account" and "session" module stacks determine behavior,
and are enabled for all PPP authentication protocols. PAM may
be configured separately to record wtmp/wtmpx entries for each
login, making peers visible in the last(1) log. See pam.conf(5)
for more information. This feature is automatically enabled
when the propppd login option is used. Session accounting is
disabled by default.
endpoint <epdisc>
Sets the endpoint discriminator sent by the local machine to the
peer during multilink negotiation to <epdisc>. The default is
to use the MAC address of the first ethernet interface on the
system. The endpoint discriminator can be the string null or of
the form type:value, where type is a decimal number or one of
the strings local, IP, MAC, magic, or phone. The value is an IP
address in dotted-decimal notation for the IP type, or a string
of bytes in hexadecimal, separated by periods or colons for the
other types. For the MAC type, the value may also be the name
of an ethernet or similar network interface.
eap-interval n
If this option is given and propppd authenticates the peer with
EAP (i.e., is the server), propppd will restart EAP
authentication every n seconds.
eap-max-rreq n
Set the maximum number of EAP Requests to which propppd will
respond (as a client) without hearing EAP Success or Failure.
(Default is 20.)
eap-max-sreq n
Set the maximum number of EAP Requests that propppd will issue
(as a server) while attempting authentication. (Default is 10.)
eap-restart n
Set the retransmit timeout for EAP Requests when acting as a
server (authenticator). (Default is 3 seconds.)
eap-timeout n
Set the maximum time to wait for the peer to send an EAP Request
when acting as a client (authenticatee). (Default is 20
seconds.)
ifname name
Sets the interface name to be assigned to the PPP interface when
it is established. The default name is assigned by the Linux
kernel using the 'pppN' naming convention.
holdoff n
Specifies how many seconds to wait before re-initiating the link
after it terminates. This option only has any effect if the
persist option is used. The holdoff period is not applied if
the link was terminated because it was idle.
idle n Specifies that propppd should disconnect if the link is idle for
n seconds. The link is idle when no data packets (i.e. IP
packets) are being sent or received. Note: it is not advisable
to use this option with the persist option.
ipcp-accept-local
With this option, propppd will accept the peer's idea of our
local IP address, even if the local IP address was specified in
an option.
ipcp-accept-remote
With this option, propppd will accept the peer's idea of its
(remote) IP address, even if the remote IP address was specified
in an option.
ipcp-max-configure n
Set the maximum number of IPCP configure-request transmissions
to n (default 10).
ipcp-max-failure n
Set the maximum number of IPCP configure-NAKs returned before
starting to send configure-Rejects instead to n (default 10).
ipcp-max-terminate n
Set the maximum number of IPCP terminate-request transmissions
to n (default 3).
ipcp-restart n
Set the IPCP restart interval (retransmission timeout) to n
seconds (default 3).
ipv6cp-accept-local
With this option, propppd will accept the peer's idea of our
local IPv6 interface identifier, even if the local IPv6
interface identifier was specified in an option.
ipv6cp-max-configure n
Set the maximum number of IPv6CP configure-request transmissions
to n (default 10).
ipv6cp-max-failure n
Set the maximum number of IPv6CP configure-NAKs returned before
starting to send configure-Rejects instead to n (default 10).
ipv6cp-max-terminate n
Set the maximum number of IPv6CP terminate-request transmissions
to n (default 3).
ipv6cp-restart n
Set the IPv6CP restart interval (retransmission timeout) to n
seconds (default 3).
kdebug n
Enable debugging code in the kernel-level PPP driver. The
argument values depend on the specific kernel driver, but in
general a value of 1 will enable general kernel debug messages.
(Note that these messages are usually only useful for debugging
the kernel driver itself.) On most systems, messages printed by
the kernel are logged by syslog(1) to a file as directed in the
/etc/syslog.conf configuration file.
lcp-echo-failure n
If this option is given, propppd will presume the peer to be
dead if n LCP echo-requests are sent without receiving a valid
LCP echo-reply. If this happens, propppd will terminate the
connection. Use of this option requires a non-zero value for
the lcp-echo-interval parameter. This option can be used to
enable propppd to terminate after the physical connection has
been broken (e.g., the modem has hung up) in situations where no
hardware modem control lines are available.
lcp-echo-interval n
If this option is given, propppd will send an LCP echo-request
frame to the peer every n seconds. Normally the peer should
respond to the echo-request by sending an echo-reply. This
option can be used with the lcp-echo-failure option to detect
that the peer is no longer connected.
lcp-max-configure n
Set the maximum number of LCP configure-request transmissions to
n (default 10).
lcp-max-failure n
Set the maximum number of LCP configure-NAKs returned before
starting to send configure-Rejects instead to n (default 10).
lcp-max-terminate n
Set the maximum number of LCP terminate-request transmissions to
n (default 3).
lcp-restart n
Set the LCP restart interval (retransmission timeout) to n
seconds (default 3).
login Use the system password database for authenticating the peer
using PAP. Note that the peer must have an entry in the
/etc/proppp/pap-secrets file as well as the system password
database to be allowed access. If the password given in
/etc/proppp/pap-secrets is the special value @login, the
password is obtained from the system's password file
/etc/passwd. See also the enable-session option.
maxconnect n
Terminate the connection when it has been available for network
traffic for n seconds (i.e. n seconds after the first network
control protocol comes up).
maxfail n
Terminate after n consecutive failed connection attempts. A
value of 0 means no limit. The default value is 10.
mpshortseq
Enables the use of short (12-bit) sequence numbers in multilink
headers, as opposed to 24-bit sequence numbers. This option
only has any effect if multilink is enabled (see the multilink
option).
mrru n Sets the Maximum Reconstructed Receive Unit to n. The MRRU is
the maximum size for a received packet on a multilink bundle,
and is analogous to the MRU for the individual links. This
option only has any effect if multilink is enabled (see the
multilink option).
ms-dns <addr>
If propppd is acting as a server for Microsoft Windows clients,
this option allows propppd to supply one or two DNS (Domain Name
Server) addresses to the clients. The first instance of this
option specifies the primary DNS address; the second instance
(if given) specifies the secondary DNS address.
ms-wins <addr>
If propppd is acting as a server for Microsoft Windows or
"Samba" clients, this option allows propppd to supply one or two
WINS (Windows Internet Name Services) server addresses to the
clients. The first instance of this option specifies the
primary WINS address; the second instance (if given) specifies
the secondary WINS address.
multilink
Enables the use of the PPP multilink protocol. If the peer also
supports multilink, then this link can become part of a bundle
between the local system and the peer. If there is an existing
bundle to the peer, propppd will join this link to that bundle,
otherwise propppd will create a new bundle. See the MULTILINK
section below.
name name
Set the name of the local system for authentication purposes to
name. With this option, propppd will use lines in the secrets
files which have name as the second field when looking for a
secret to use in authenticating the peer. In addition, unless
overridden with the user option, name will be used as the name
to send to the peer when authenticating the local system to the
peer. (Note that propppd does not append the domain name to
name.)
noaccomp
Disable Address/Control compression in both directions (send and
receive).
noauth Do not require the peer to authenticate itself.
nobsdcomp
Disables BSD-Compress compression; propppd will not request or
agree to compress packets using the BSD-Compress scheme.
noccp Disable CCP (Compression Control Protocol) negotiation. This
option should only be required if the peer is buggy and gets
confused by requests from propppd for CCP negotiation.
nodeflate
Disables Deflate compression; propppd will not request or agree
to compress packets using the Deflate scheme.
noendpoint
Disables propppd from sending an endpoint discriminator to the
peer or accepting one from the peer (see the MULTILINK section
below). This option should only be required if the peer is
buggy.
noip Disable IPCP negotiation and IP communication. This option
should only be required if the peer is buggy and gets confused
by requests from propppd for IPCP negotiation.
noipv6 Disable IPv6CP negotiation and IPv6 communication. This option
should only be required if the peer is buggy and gets confused
by requests from propppd for IPv6CP negotiation.
noipdefault
Disables the default behaviour when no local IP address is
specified, which is to determine (if possible) the local IP
address from the hostname. With this option, the peer will have
to supply the local IP address during IPCP negotiation (unless
it specified explicitly on the command line).
nomagic
Disable magic number negotiation. With this option, propppd
cannot detect a looped-back line. This option should only be
needed if the peer is buggy.
nompshortseq
Disables the use of short (12-bit) sequence numbers in the PPP
multilink protocol, forcing the use of 24-bit sequence numbers.
This option only has any effect if multilink is enabled.
nomultilink
Disables the use of PPP multilink.
nopcomp
Disable protocol field compression negotiation in both the
receive and the transmit direction.
nopredictor1
Do not accept or agree to Predictor-1 compression.
novj Disable Van Jacobson style TCP/IP header compression in both the
transmit and the receive direction.
novjccomp
Disable the connection-ID compression option in Van Jacobson
style TCP/IP header compression. With this option, propppd will
not omit the connection-ID byte from Van Jacobson compressed
TCP/IP headers, nor ask the peer to do so.
papcrypt
Indicates that all secrets in the /etc/proppp/pap-secrets file
which are used for checking the identity of the peer are
encrypted, and thus propppd should not accept a password which,
before encryption, is identical to the secret from the
/etc/proppp/pap-secrets file.
pap-max-authreq n
Set the maximum number of PAP authenticate-request transmissions
to n (default 10).
pap-restart n
Set the PAP restart interval (retransmission timeout) to n
seconds (default 3).
pap-timeout n
Set the maximum time that propppd will wait for the peer to
authenticate itself with PAP to n seconds (0 means no limit).
password password-string
Specifies the password to use for authenticating to the peer.
persist
If the connection is terminated, try to reopen the connection.
The maxfail option still has an effect on persistent
connections.
predictor1
Request that the peer compress frames that it sends using
Predictor-1 compression, and agree to compress transmitted
frames with Predictor-1 if requested. This option has no effect
unless the kernel driver supports Predictor-1 compression.
profile
Tells propppd to fetch additional arguments from the named
profile defined in propppd.conf(5). The profile must exist.
This option may be specified multiple times.
proxyarp
Add an entry to this system's ARP [Address Resolution Protocol]
table with the IP address of the peer and the Ethernet address
of this system. This will have the effect of making the peer
appear to other systems to be on the local ethernet.
receive-all
With this option, propppd will accept all control characters
from the peer, including those marked in the receive asyncmap.
Without this option, propppd will discard those characters as
specified in RFC1662. This option should only be needed if the
peer is buggy.
remotename name
Set the assumed name of the remote system for authentication
purposes to name.
remotenumber number
Set the assumed telephone number of the remote system for
authentication purposes to number.
refuse-chap
With this option, propppd will not agree to authenticate itself
to the peer using CHAP.
refuse-eap
With this option, propppd will not agree to authenticate itself
to the peer using EAP.
refuse-pap
With this option, propppd will not agree to authenticate itself
to the peer using PAP.
require-chap
Require the peer to authenticate itself using CHAP [Challenge
Handshake Authentication Protocol] authentication.
require-eap
Require the peer to authenticate itself using EAP [Extensible
Authentication Protocol] authentication.
require-pap
Require the peer to authenticate itself using PAP [Password
Authentication Protocol] authentication.
scope string
This option is ignored if not using multilink. It adds a string
to the key used to match multilink links with bundles. It may be
useful to associate links with specific multilink bundles when
there is more than one multilink bundle to a peer.
set name=value
Set a variable for use by external applications that listen for
and receive events from propppd. The variables and values are
included in the PPP event data sent by propppd when a PPP
instance is destroyed or changes state.
silent With this option, propppd will not transmit LCP packets to
initiate a connection until a valid LCP packet is received from
the peer.
sync Use synchronous HDLC serial encoding instead of asynchronous.
The device used by propppd with this option must have sync
support.
user name
Sets the name used for authenticating the local system to the
peer to name.
vj-max-slots n
Sets the number of connection slots to be used by the Van
Jacobson TCP/IP header compression and decompression code to n,
which must be between 2 and 16 (inclusive).
radius Enables RADIUS authentication. propppd will contact the RADIUS
servers specified in propppd.conf(5) when establishing and
managing the PPP instance if RADIUS operations are enabled for
the PPP instance.
rad-nas-ip-addr ip-address
Sets the value set in the RADIUS NAS-IP-Address AVP in RADIUS
messages sent to the RADIUS server. By default, no NAS-IP-
Address data is sent.
rad-nas-id string
Sets the value set in the RADIUS NAS-Id AVP in RADIUS messages
sent to the RADIUS server. By default, no NAS-Id data is sent.
rad-calling-station-id string
Sets the value set in the RADIUS Calling-Station-ID AVP in
RADIUS messages sent to the RADIUS server. By default, no
Calling-Station-ID data is sent.
rad-nas-port-type number
Sets the value set in the RADIUS NAS-Port-Type AVP in RADIUS
messages sent to the RADIUS server. By default, no NAS-Port-Type
data is sent.
rad-nas-port number
Sets the value set in the RADIUS NAS-Port AVP in RADIUS messages
sent to the RADIUS server. By default, no NAS-Port data is sent.
rad-acct
Indicates that RADIUS accounting messages should be sent to a
RADIUS Accounting server when the PPP instance is established
and when it closes. The default is that no RADIUS Accounting
messages are sent.
rad-acct-interim-interval number
Specifies the periodic interval (as a number of seconds) with
which propppd will send RADIUS Interim Accounting updates to the
RADIUS Accounting server. Such messages are used to gather usage
statistics of a PPP instance over time. The default is 0 (no
interim updates are sent).
Ethernet
The following arguments may be used for PPP instances which use PPPoE.
pppoe devicename
Indicates that the PPP instance will use PPPoE on the indicated
device. The PPPoE session must already be established with the
PPPoE server.
pppoe-session-id number
The PPPoE session ID to be used for the instance. This is the
ID provided by the PPPoE server when establishing the session.
pppoe-peer-mac mac-address
The MAC address of the interface to direct PPPoE packets to.
This is the MAC of the PPPoE server the session is established
with.
L2TP
The following arguments may be used for PPP instances which use L2TP.
The L2TP tunnel and session must already be established. Since L2TP
sessions are created by an external L2TP application, these options
would probably only be used by the L2TP application.
pppol2tp
Indicates that the PPP instance will use L2TP.
pppol2tp_fd number
The file descriptor of the L2TP tunnel. This is usually a UDP
socket, but may also be an L2TPIP socket if the tunnel uses
L2TPv3 IP encapsulation.
pppol2tp_protocol_version number
The L2TP protocol version. Must be 2 or 3 and must match the
L2TP protocol version of the tunnel identified by the
pppol2tp_tunnel_id parameter.
pppol2tp_lns_mode
Indicates that this side of the PPP connection is at an L2TP
LNS. This enables L2TP-specific behaviour where LCP packets are
checked for ACCM settings. The default is that propppd does not
snoop LCP packets.
pppol2tp_send_seq
Indicates that L2TP sequence numbers should be added to
transmitted L2TP data packets. Sequence numbers may be used by
the peer to reorder packets. The default is off.
pppol2tp_recv_seq
Indicates that L2TP sequence numbers should be checked in
received L2TP data packets and packets optionally reordered. The
default is off.
pppol2tp_reorderto number
If pppol2tp_recv_seq is specified, this parameter sets the time
which out-of-sequence packets should be held while trying to
reorder them. The default is 0 (reordering disabled).
pppol2tp_debug_mask mask
This option may be used to enable debug messages in the L2TP PPP
implementation. The mask is a bitmask of debug options: bit0 -
verbose, bit1 - control API, bit2 - sequence numbers, bit3 -
data packets. The default is 0 (no debug).
pppol2tp_ifname name
This option is deprecated. Use the equivalent ifname option
instead.
pppol2tp_tunnel_id number
Specifies the L2TP tunnel-id. This identifies the L2TP tunnel
instance over which the new PPP instance will be established.
The tunnel must already exist.
pppol2tp_session_id number
Specifies the L2TP session-id. This identifies the L2TP session
instance within the L2TP tunnel over which the new PPP instance
will be established. The session must already exist.
pppol2tp_peer_tunnel_id number
Specifies the L2TP peer tunnel-id. This identifies the L2TP
tunnel instance over which the new PPP instance will be
established. The tunnel must already exist.
pppol2tp_peer_session_id number
Specifies the L2TP peer session-id. This identifies the L2TP
session instance over which the new PPP instance will be
established. The session must already exist.
Serial tty device
The following arguments may be used for PPP instances which use a
serial device.
allow-number number
Allow peers to connect from the given telephone number. A
trailing `*' character will match all numbers beginning with the
leading part.
local If using serial terminal devices, this option tells propppd to
not use the modem control lines. With this option, propppd will
ignore the state of the CD (Carrier Detect) signal from the
modem and will not change the state of the DTR (Data Terminal
Ready) signal. This is the opposite of the modem option.
ttyname
Use the serial port called ttyname to communicate with the peer.
If ttyname does not begin with a slash (/), the string "/dev/"
is prepended to ttyname to form the name of the device to open.
speed This option sets the desired baud rate for the serial device.
asyncmap map
This option sets the Async-Control-Character-Map (ACCM) for this
end of the link. The ACCM is a set of 32 bits, one for each of
the ASCII control characters with values from 0 to 31, where a 1
bit indicates that the corresponding control character should
not be used in PPP packets sent to this system. The map is
encoded as a hexadecimal number (without a leading 0x) where the
least significant bit (00000001) represents character 0 and the
most significant bit (80000000) represents character 31.
Propppd will ask the peer to send these characters as a 2-byte
escape sequence. If multiple asyncmap options are given, the
values are ORed together. If no asyncmap option is given, the
default is zero, so propppd will ask the peer not to escape any
control characters. To escape transmitted characters, use the
escape option.
crtscts
Specifies that propppd should set the serial port to use
hardware flow control using the RTS and CTS signals in the
RS-232 interface. If neither the crtscts, the nocrtscts, the
cdtrcts nor the nocdtrcts option is given, the hardware flow
control setting for the serial port is left unchanged. Some
serial ports (such as Macintosh serial ports) lack a true RTS
output. Such serial ports use this mode to implement
unidirectional flow control. The serial port will suspend
transmission when requested by the modem (via CTS) but will be
unable to request the modem to stop sending to the computer.
This mode retains the ability to use DTR as a modem control
line.
escape xx,yy,...
Specifies that certain characters should be escaped on
transmission (regardless of whether the peer requests them to be
escaped with its async control character map). The characters
to be escaped are specified as a list of hex numbers separated
by commas. Note that almost any character can be specified for
the escape option, unlike the asyncmap option which only allows
control characters to be specified. The characters which may
not be escaped are those with hex values 0x20 - 0x3f or 0x5e.
modem Use the modem control lines. This option is the default. With
this option, propppd will wait for the CD (Carrier Detect)
signal from the modem to be asserted when opening the serial
device and it will drop the DTR (Data Terminal Ready) signal
briefly when the connection is terminated. and before executing
This is the opposite of the local option.
nocrtscts
Disable hardware flow control (i.e. RTS/CTS) on the serial port.
If neither the crtscts nor the nocrtscts nor the cdtrcts nor the
nocdtrcts option is given, the hardware flow control setting for
the serial port is left unchanged.
nocdtrcts
This option is a synonym for nocrtscts. Either of these options
will disable both forms of hardware flow control.
xonxoff
Use software flow control (i.e. XON/XOFF) to control the flow of
data on the serial port.
DESTROY
The destroy command destroys a PPP instance. The instance is identified
by its name, e.g. "session-42" which must be given as a parameter. When
a PPP instance is destroyed, propppd will send LCP Term packets to the
peer. The instance is destroyed when the peer acknowledges the LCP
messages, or after a timeout.
SHOW
The show command displays detailed information about a PPP instance.
The instance is identified by its name, e.g. "session-42" which must be
given as a parameter.
LIST
The list command is useful to show a summary of all PPP instances or a
subset of them. The following parameters may be used to filter the
output:
up list only PPP instances which are up.
down list only PPP instances which are down.
brief list only the PPP instance names, one per line. This may
be most useful for external scripting.
session-N
list only information for the specified PPP instance,
e.g. "session-101".
MULTILINK
Multilink PPP provides the capability to combine two or more PPP links
between a pair of machines into a single `bundle', which appears as a
single virtual PPP link which has the combined bandwidth of the
individual links.
Propppd detects that the link it is controlling is connected to the
same peer as another link using the peer's endpoint discriminator and
the authenticated identity of the peer. The endpoint discriminator is
a block of data which is hopefully unique for each peer. Several types
of data can be used, including locally-assigned strings of bytes, IP
addresses, MAC addresses, randomly strings of bytes, or E-164 phone
numbers. The endpoint discriminator sent to the peer by propppd can be
set using the endpoint option.
In some circumstances the peer may send no endpoint discriminator or a
non-unique value. The scope option adds an extra string which is added
to the peer's endpoint discriminator and authenticated identity when
matching up links to be joined together in a bundle. The scope option
can also be used to allow the establishment of multiple bundles between
the local system and the peer.
Assuming that multilink is enabled and the peer is willing to negotiate
multilink, then when propppd is invoked to bring up the first link to
the peer, it will detect that no other link is connected to the peer
and create a new bundle, that is, another ppp network interface unit.
When another link is brought up to the peer, it will detect the
existing bundle and join its link to it.
If the first link terminates (for example, because of a received LCP
terminate-request) the bundle is not destroyed unless there are no
other links remaining in the bundle. The first ppp instance of a
bundle remains after its link terminates, until all the links in the
bundle have terminated.
EXAMPLES
# propppctl create /dev/ttyS3 local 10.1.1.254: passive persist maxfail 0 \
require-pap refuse-chap refuse-eap \
radius rad-acct rad-acct-interim-interval 600
# propppctl list
Name Interface Multilink Duration State User
session-1 ppp0 - 0:02:21 UP dave
session-2 ppp1 - 0:02:21 UP bob
session-3 ppp2 multilink-1 0:00:18 UP alfie
session-4 ppp2 multilink-1 0:00:18 UP alfie
# propppctl list session-2
session-3 ppp2 - 0:02:23 UP bob
# propppctl list up
Name Interface Multilink Duration State User
session-1 ppp0 - 0:02:55 UP dave
session-2 ppp1 - 0:02:55 UP bob
session-3 ppp2 multilink-1 0:00:52 UP alfie
session-4 ppp2 multilink-1 0:00:52 UP alfie
# propppctl list down
Name Interface Multilink Duration State User
# propppctl list up brief
4 contexts
session-1
session-2
session-3
session-4
# propppctl list brief down
0 contexts
# propppctl show session-3
interface name: ppp2
created: 2021-03-04 16:11:16
type: tty
debug: 7
connect delay: 1000
state: RUNNING
connect time: 0.1 minutes
link mtu: 1500, peer mru: 1500
run count: 20
tty:
baud: 38400, hardware flow control: no
sync: no, stop bits: 1
lcp:
echo interval: 0, max echo failures: 0
want: pap asyncmap magic mru mrru pcomp accomp epdisc
got: pap asyncmap magic mru mrru pcomp accomp epdisc
allow: asyncmap magic mru mrru pcomp accomp epdisc
his: asyncmap magic mrru pcomp accomp epdisc
state: OPENED
timeout: 3
max confreqs: 10, max termreqs: 2
retransmits: 10, naks: 0
naks since last ack: 0
ccp:
want: bsd deflate
got: bsd deflate
allow: bsd deflate predictor1
his: bsd deflate
state: OPENED
timeout: 3
max confreqs: 10, max termreqs: 2
retransmits: 10, naks: 0
naks since last ack: 0
ipcp:
want: negaddr reqaddr
got: negaddr reqaddr
allow: negaddr proxyarp
his: negaddr
state: OPENED
timeout: 3
max confreqs: 10, max termreqs: 2
retransmits: 10, naks: 0
naks since last ack: 0
local ip: 10.1.1.254
peer ip: 10.1.1.2
pap:
auth timeout: 30, retransmit interval: 3
our state: OPEN, peer state: CLOSED
chap:
timeout: 3, rechallenge time: 0
local state: lowerup
transmits: 0
peer state: lowerup
eap:
local:
state: Closed
requests: 0, responses: 0
timeout: 3, max requests: 10
peer:
state: Closed
requests: 0, responses: 0
timeout: 20, max requests: 20
auth:
remote name: 'alfie'
config: local: , peer:
done: local: pap, peer:
multilink:
bundle: multilink-1
endpoint: 'MAC:00:1b:21:6a:7e:96'
mrru: 1500, mtru:1500
short-seq-tx: 0, short-seq-rx: 0
# propppctl show multilink-1
multilink-1:
key: 'test/MAC:00:1b:21:6a:7e:96/'
interface: ppp2
links: session-3 session-4
# propppctl status
ProPPP v2.2.0
support: support@prol2tp.com
License:
product: proppp
licensed to: Katalix Systems Ltd
PPP:
ppp instance count: 4
create requests: 4, failures: 0
destroy requests: 0, failures: 0
RADIUS:
access requests: 0, accepts: 0, rejects: 0, challenges: 0
accounting starts: 0, stops: 0, updates: 0, responses: 0
disconnect requests: 0, responses: 0
retransmits: 0, timeouts: 0
auth requests in progress: 0, accounting requests in progress: 0
Events:
created: 4, destroyed: 0, up: 4, down: 0
Config:
config updates: 1, failures: 0
SEE ALSO
propppd(8), propppwatch(1)
COPYRIGHT
propppctl is proprietary software developed and maintained by Katalix
Systems Limited, and is part of its ProPPP software.
ProL2TP 2.5.2 October 2023 propppctl(1)