1.\" Copyright (C) 1997, 2001 by Joerg Wunsch, Dresden 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS 14.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 16.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, 17.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 18.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 19.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 21.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 22.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 23.\" POSSIBILITY OF SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd December 30, 2001 28.Dt SPPPCONTROL 8 29.Os 30.Sh NAME 31.Nm spppcontrol 32.Nd display or set parameters for an sppp interface 33.Sh SYNOPSIS 34.Nm 35.Op Fl v 36.Ar ifname 37.Op Ar parameter Ns Op Li = Ns Ar value 38.Op Ar ... 39.Sh DESCRIPTION 40The 41.Xr sppp 4 42driver might require a number of additional arguments or optional 43parameters besides the settings that can be adjusted with 44.Xr ifconfig 8 . 45These are things like authentication protocol parameters, but also 46other tunable configuration variables. 47The 48.Nm 49utility can be used to display the current settings, or adjust these 50parameters as required. 51.Pp 52For whatever intent 53.Nm 54is being called, at least the parameter 55.Ar ifname 56needs to be specified, naming the interface for which the settings 57are to be performed or displayed. 58Use 59.Xr ifconfig 8 , 60or 61.Xr netstat 1 62to see which interfaces are available. 63.Pp 64If no other parameter is given, 65.Nm 66will just list the current settings for 67.Ar ifname 68and exit. 69The reported settings include the current PPP phase the 70interface is in, which can be one of the names 71.Em dead , 72.Em establish , 73.Em authenticate , 74.Em network , 75or 76.Em terminate . 77If an authentication protocol is configured for the interface, the 78name of the protocol to be used, as well as the system name to be used 79or expected will be displayed, plus any possible options to the 80authentication protocol if applicable. 81Note that the authentication 82secrets (sometimes also called 83.Em keys ) 84are not being returned by the underlying system call, and are thus not 85displayed. 86.Pp 87If any additional parameter is supplied, superuser privileges are 88required, and the command works in the 89.Dq set 90mode. 91This is normally done quietly, unless the option 92.Fl v 93is also enabled, which will cause a final printout of the settings as 94described above once all other actions have been taken. 95Use of this 96mode will be rejected if the interface is currently in any other phase 97than 98.Em dead . 99Note that you can force an interface into 100.Em dead 101phase by calling 102.Xr ifconfig 8 103with the parameter 104.Cm down . 105.Pp 106The currently supported parameters include: 107.Bl -tag -offset indent -width indent 108.It Va authproto Ns Li = Ns Ar protoname 109Set both, his and my authentication protocol to 110.Ar protoname . 111The protocol name can be one of 112.Dq Li chap , 113.Dq Li pap , 114or 115.Dq Li none . 116In the latter case, the use of an authentication protocol will be 117turned off for the named interface. 118This has the side-effect of 119clearing the other authentication-related parameters for this 120interface as well (i.e., system name and authentication secret will 121be forgotten). 122.It Va myauthproto Ns Li = Ns Ar protoname 123Same as above, but only for my end of the link. 124I.e., this is the 125protocol when remote is authenticator, and I am the peer required to 126authenticate. 127.It Va hisauthproto Ns Li = Ns Ar protoname 128Same as above, but only for his end of the link. 129.It Va myauthname Ns Li = Ns Ar name 130Set my system name for the authentication protocol. 131.It Va hisauthname Ns Li = Ns Ar name 132Set his system name for the authentication protocol. 133For CHAP, this 134will only be used as a hint, causing a warning message if remote did 135supply a different name. 136For PAP, it is the name remote must use to 137authenticate himself (in connection with his secret). 138.It Va myauthsecret Ns Li = Ns Ar secret 139Set my secret (key, password) for use in the authentication phase. 140For CHAP, this will be used to compute the response hash value, based 141on remote's challenge. 142For PAP, it will be transmitted as plain text 143together with the system name. 144Do not forget to quote the secrets from 145the shell if they contain shell metacharacters (or white space). 146.It Va myauthkey Ns Li = Ns Ar secret 147Same as above. 148.It Va hisauthsecret Ns Li = Ns Ar secret 149Same as above, to be used if we are an authenticator and the remote peer 150needs to authenticate. 151.It Va hisauthkey Ns Li = Ns Va secret 152Same as above. 153.It Va callin 154Require remote to authenticate himself only when he is calling in, but 155not when we are caller. 156This is required for some peers that do not 157implement the authentication protocols symmetrically (like Ascend 158routers, for example). 159.It Va always 160The opposite of 161.Va callin . 162Require remote to always authenticate, regardless of which side is 163placing the call. 164This is the default, and will not be explicitly 165displayed in the 166.Dq list 167mode. 168.It Va norechallenge 169Only meaningful with CHAP. 170Do not re-challenge peer once the initial 171CHAP handshake was successful. 172Used to work around broken peer 173implementations that cannot grok being re-challenged once the 174connection is up. 175.It Ar rechallenge 176With CHAP, send re-challenges at random intervals while the connection 177is in network phase. 178(The intervals are currently in the range of 300 179through approximately 800 seconds.) 180This is the default, and will not 181be explicitly displayed in the 182.Dq list 183mode. 184.It Va lcp-timeout Ns Li = Ns Ar timeout-value 185Allows to change the value of the LCP restart timer. 186Values are 187specified in milliseconds. 188The value must be between 10 and 20000 ms, 189defaulting to 3000 ms. 190.It Va enable-vj 191Enable negotiation of Van Jacobsen header compression. 192(Enabled by default.) 193.It Va disable-vj 194Disable negotiation of Van Jacobsen header compression. 195.It Va enable-ipv6 196Enable negotiation of the IPv6 network control protocol. 197(Enabled by default if the kernel has IPv6 enabled.) 198.It Va disable-ipv6 199Disable negotiation of the IPv6 network control protocol. 200Since every 201IPv4 interface in an IPv6-enabled kernel automatically gets an IPv6 202address assigned, this option provides for a way to administratively 203prevent the link from attempting to negotiate IPv6. 204Note that 205initialization of an IPv6 interface causes a multicast packet to be 206sent, which can cause unwanted traffic costs (for dial-on-demand 207interfaces). 208.El 209.Sh EXAMPLES 210.Bd -literal 211# spppcontrol bppp0 212bppp0: phase=dead 213 myauthproto=chap myauthname="uriah" 214 hisauthproto=chap hisauthname="ifb-gw" norechallenge 215 lcp-timeout=3000 216 enable-vj 217 enable-ipv6 218.Ed 219.Pp 220Display the settings for 221.Li bppp0 . 222The interface is currently in 223.Em dead 224phase, i.e., the LCP layer is down, and no traffic is possible. 225Both 226ends of the connection use the CHAP protocol, my end tells remote the 227system name 228.Dq Li uriah , 229and remote is expected to authenticate by the name 230.Dq Li ifb-gw . 231Once the initial CHAP handshake was successful, no further CHAP 232challenges will be transmitted. 233There are supposedly some known CHAP 234secrets for both ends of the link which are not being shown. 235.Bd -literal 236# spppcontrol bppp0 \e 237 authproto=chap \e 238 myauthname=uriah myauthsecret='some secret' \e 239 hisauthname=ifb-gw hisauthsecret='another' \e 240 norechallenge 241.Ed 242.Pp 243A possible call to 244.Nm 245that could have been used to bring the interface into the state shown 246by the previous example. 247.Sh SEE ALSO 248.Xr netstat 1 , 249.Xr sppp 4 , 250.Xr ifconfig 8 251.Rs 252.%A B. Lloyd 253.%A W. Simpson 254.%T "PPP Authentication Protocols" 255.%O RFC 1334 256.Re 257.Rs 258.%A W. Simpson, Editor 259.%T "The Point-to-Point Protocol (PPP)" 260.%O RFC 1661 261.Re 262.Rs 263.%A W. Simpson 264.%T "PPP Challenge Handshake Authentication Protocol (CHAP)" 265.%O RFC 1994 266.Re 267.Sh HISTORY 268The 269.Nm 270utility appeared in 271.Fx 3.0 . 272.Sh AUTHORS 273The program was written by 274.An J\(:org Wunsch , 275Dresden. 276