Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PPPOECTL(8) System Manager's Manual PPPOECTL(8)
NAME
pppoectl - display or set parameters for an PPPoE interface
SYNOPSIS
pppoectl [-v] ifname [parameter[=value]] [...]
pppoectl -e ethernet-ifname [-s service-name]
[-a access-concentrator-name] [-d] [-n 1 | 2] ifname
pppoectl -f config-file ifname [...]
DESCRIPTION
There are two basic modes of operation: configuring security-related
parameters and attaching a PPPoE interface to its ethernet interface,
optionally passing in additional parameters for the PPPoE encapsulation.
The latter usage is indicated by the presence of the -e option, which
takes the name of the ethernet interface as its argument.
-e specifies the ethernet interface used to communicate with the
access concentrator (typically via a DSL modem).
-a specifies the name of the access concentrator.
-s specifies the name of the service connected to.
-d dump the current connection state information (this parameter is
typically used alone, for informational purposes, not during
interface configuration).
-n 1 | 2
print the IP address of the primary or secondary DNS name server
for this PPP connection. This is only available if DNS query is
enabled, see query-dns.
-f parse config-file for parameter[=value] pairs, one per line, as
if they had been specified on the command line. This allows the
password to be not passed as a command line argument. Unless
escaped by \, comments starting with # to the end of the current
line are ignored.
Typically, not both the access concentrator name and the service name are
specified.
The pppoe(4) driver requires a number of additional arguments or optional
parameters besides the settings that can be adjusted with ifconfig(8).
These are things like authentication protocol parameters, but also other
tunable configuration variables. The pppoectl utility can be used to
display the current settings, or adjust these parameters as required.
For whatever intent pppoectl is being called, at least the parameter
ifname needs to be specified, naming the interface for which the settings
are to be performed or displayed. Use ifconfig(8) or netstat(1) to see
which interfaces are available.
If no other parameter is given, pppoectl will just list the current
settings for ifname and exit. The reported settings include the current
PPP phase the interface is in, which can be one of the names dead,
establish, authenticate, network, or terminate. If an authentication
protocol is configured for the interface, the name of the protocol to be
used, as well as the system name to be used or expected will be
displayed, plus any possible options to the authentication protocol if
applicable. Note that the authentication secrets (sometimes also called
keys) are not being returned by the underlying system call, and are thus
not displayed.
If any additional parameter is supplied, superuser privileges are
required, and the command works in `set' mode. This is normally done
quietly, unless the option -v is also enabled, which will cause a final
printout of the settings as described above once all other actions have
been taken. Use of this mode will be rejected if the interface is
currently in any other phase than dead. Note that you can force an
interface into dead phase by calling ifconfig(8) with the parameter
`down'.
The currently supported parameters include:
authproto=protoname Set both his and my authentication protocol to
protoname. The protocol name can be one of
`chap', `pap', or `none'. In the latter case,
the use of an authentication protocol will be
turned off for the named interface. This has
the side-effect of clearing the other
authentication-related parameters for this
interface as well (i. e., system name and
authentication secret will be forgotten).
myauthproto=protoname Same as above, but only for my end of the
link. I.e., this is the protocol when remote
is authenticator, and I am the peer required
to authenticate.
hisauthproto=protoname Same as above, but only for his end of the
link.
myauthname=name Set my system name for the authentication
protocol.
hisauthname=name Set his system name for the authentication
protocol. For CHAP, this will only be used as
a hint, causing a warning message if remote
did supply a different name. For PAP, it's
the name remote must use to authenticate
himself (in connection with his secret).
myauthsecret=secret Set my secret (key, password) for use in the
authentication phase. For CHAP, this will be
used to compute the response hash value, based
on remote's challenge. For PAP, it will be
transmitted as plaintext together with the
system name. Don't forget to quote the
secrets from the shell if they contain shell
metacharacters (or whitespace).
myauthkey=secret Same as above.
hisauthsecret=secret Same as above, to be used if we are
authenticator and the remote peer needs to
authenticate.
hisauthkey=secret Same as above.
callin Require remote to authenticate himself only
when he's calling in, but not when we are
caller. This is required for some peers that
do not implement the authentication protocols
symmetrically (like Ascend routers, for
example).
always The opposite of callin. Require remote to
always authenticate, regardless of which side
is placing the call. This is the default, and
will not be explicitly displayed in `list'
mode.
norechallenge Only meaningful with CHAP. Do not re-
challenge peer once the initial CHAP handshake
was successful. Used to work around broken
peer implementations that can't grok being re-
challenged once the connection is up.
rechallenge With CHAP, send re-challenges at random
intervals while the connection is in network
phase. (The intervals are currently in the
range of 300 through approximately 800
seconds.) This is the default, and will not
be explicitly displayed in `list' mode.
idle-timeout=idle-seconds For services that are charged by connection
time the interface can optionally disconnect
after a configured idle time. If set to 0,
this feature is disabled.
lcp-timeout=timeout-value Allows to change the value of the LCP timeout.
The default value of the LCP timeout is
currently set to 1 second. The timeout-value
must be specified in milliseconds.
max-noreceive=sec Sets the number of seconds after last
reception of data from the peer before the
line state is probed by sending LCP echo
requests. The sec interval is not used
verbatim, the first echo request might be
delayed upto 10 seconds after the configured
interval.
max-alive-missed=count Sets the number of unanswered LCP echo
requests that we will tolerate before
considering a connection to be dead. LCP echo
requests are sent in 10 seconds interval after
the configured max-noreceive interval has
passed with no data received from the peer.
max-auth-failure=count Since some ISPs disable accounts after too
many unsuccessful authentication attempts,
there is a maximum number of authentication
failures before we will stop retrying without
manual intervention. Manual intervention is
either changing the authentication data (name,
password) or setting the maximum retry count.
If count is set to 0 this feature is disabled.
clear-auth-failure If an authentication failure has been caused
by remote problems and you want to retry
connecting using unchanged local settings,
this command can be used to reset the failure
count to zero.
query-dns=flags During PPP protocol negotiation we can query
the peer for addresses of two name servers.
If flags is 1 only the first server address
will be requested, if flags is 2 the second
will be requested. Setting flags to 3 queries
both.
The result of the negotiation can be retrieved
with the -n option.
EXAMPLES
The following example is the complete sequence of commands to bring a
PPPoE connection up:
# Need ethernet interface UP (or it won't send any packets)
ifconfig ne0 up
# Let pppoe0 use ne0 as its ethernet interface
pppoectl -e ne0 pppoe0
# Configure authentication
pppoectl pppoe0 \
myauthproto=pap \
myauthname=XXXXX \
myauthsecret=YYYYY \
hisauthproto=none
# Configure the pppoe0 interface itself. These addresses are magic,
# meaning we don't care about either address and let the remote
# ppp choose them.
ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff up
SEE ALSO
netstat(1), pppoe(4), ifconfig(8), ifwatchd(8)
B. Lloyd and W. Simpson, PPP Authentication Protocols, RFC 1334.
W. Simpson, Editor, The Point-to-Point Protocol (PPP), RFC 1661.
W. Simpson, PPP Challenge Handshake Authentication Protocol (CHAP), RFC
1994.
L. Mamakos, K. Lidl, J. Evarts, D. Carrel, D. Simone, and R. Wheeler, A
Method for Transmitting PPP Over Ethernet (PPPoE), RFC 2516.
HISTORY
The pppoectl utility is based on the spppcontrol utility which appeared
in FreeBSD 3.0. The pppoectl utility first appeared in NetBSD 1.6.
AUTHORS
The program was written by J"org Wunsch, Dresden, and modified for PPPoE
support by Martin Husemann.
NetBSD 10.99 September 22, 2018 NetBSD 10.99