spppcontrol(8)
NAME
- spppcontrol - display or set parameters for an sppp inter
- face
SYNOPSIS
spppcontrol [-v] ifname [parameter[=value]] [...]
DESCRIPTION
- The sppp(4) driver might require a number of additional ar
- guments or
optional parameters besides the settings that can be adjust - ed with
ifconfig(8). These are things like authentication protocol - parameters,
but also other tunable configuration variables. The - spppcontrol utility
can be used to display the current settings, or adjust these - parameters
as required. - For whatever intent spppcontrol is being called, at least
- the parameter
ifname needs to be specified, naming the interface for which - the settings
are to be performed or displayed. Use ifconfig(8), or net - stat(1) to see
which interfaces are available. - If no other parameter is given, spppcontrol will just list
- the current
settings for ifname and exit. The reported settings include - the current
PPP phase the interface is in, which can be one of the names - dead,
establish, authenticate, network, or terminate. If an au - thentication
protocol is configured for the interface, the name of the - protocol to be
used, as well as the system name to be used or expected will - be displayed, plus any possible options to the authentication pro
- tocol if
applicable. Note that the authentication secrets (sometimes - also called
keys) are not being returned by the underlying system call, - and are thus
not displayed. - If any additional parameter is supplied, superuser privi
- leges are
required, and the command works in the ``set'' mode. This - is normally
done quietly, unless the option -v is also enabled, which - will cause a
final printout of the settings as described above once all - other actions
have been taken. Use of this mode will be rejected if the - interface is
currently in any other phase than dead. Note that you can - force an
interface into dead phase by calling ifconfig(8) with the - parameter down.
- The currently supported parameters include:
authproto=protonameSet both, his and my authentication protocolto protoname.
The protocol name can be one of ``chap'',``pap'', or
``none''. In the latter case, the use of anauthentication
protocol will be turned off for the named interface. This
has the side-effect of clearing the other authenticationrelated parameters for this interface as well(i.e., system
name and authentication secret will be forgotten).- myauthproto=protoname
- Same as above, but only for my end of the
- link. I.e., this
is the protocol when remote is authenticator, - and I am the
peer required to authenticate. - hisauthproto=protoname
- Same as above, but only for his end of the
- link.
- myauthname=name
- Set my system name for the authentication pro
- tocol.
- hisauthname=name
- Set his system name for the authentication
- protocol. For
CHAP, this will only be used as a hint, caus - ing a warning
message if remote did supply a different name. - For PAP, it
is the name remote must use to authenticate - himself (in
connection with his secret). - myauthsecret=secret
- Set my secret (key, password) for use in the
- authentication
phase. For CHAP, this will be used to compute - the response
hash value, based on remote's challenge. For - PAP, it will
be transmitted as plain text together with the - system name.
Do not forget to quote the secrets from the - shell if they
contain shell metacharacters (or white space). - myauthkey=secret
- Same as above.
- hisauthsecret=secret
- Same as above, to be used if we are an authen
- ticator and
the remote peer needs to authenticate. - hisauthkey=secret
- Same as above.
- callin Require remote to authenticate himself only
- when he is
- calling in, but not when we are caller. This
- is required
for some peers that do not implement the au - thentication
protocols symmetrically (like Ascend routers, - for example).
- always The opposite of callin. Require remote to al
- ways authenti
- cate, regardless of which side is placing the
- call. This
is the default, and will not be explicitly - displayed in the
``list'' mode. - norechallenge
- Only meaningful with CHAP. Do not re-chal
- lenge peer once
the initial CHAP handshake was successful. - Used to work
around broken peer implementations that cannot - grok being
re-challenged once the connection is up. - rechallenge
- With CHAP, send re-challenges at random inter
- vals while the
connection is in network phase. (The inter - vals are currently in the range of 300 through approxi
- mately 800 seconds.) This is the default, and will not be
- explicitly
displayed in the ``list'' mode. - lcp-timeout=timeout-value
- Allows to change the value of the LCP restart
- timer. Values are specified in milliseconds. The value
- must be
between 10 and 20000 ms, defaulting to 3000 - ms.
- enable-vj
- Enable negotiation of Van Jacobsen header com
- pression.
(Enabled by default.) - disable-vj
- Disable negotiation of Van Jacobsen header
- compression.
- enable-ipv6
- Enable negotiation of the IPv6 network control
- protocol.
(Enabled by default if the kernel has IPv6 en - abled.)
- disable-ipv6
- Disable negotiation of the IPv6 network con
- trol protocol.
Since every IPv4 interface in an IPv6-enabled - kernel automatically gets an IPv6 address assigned, this
- option provides for a way to administratively prevent
- the link from
attempting to negotiate IPv6. Note that ini - tialization of
an IPv6 interface causes a multicast packet to - be sent,
which can cause unwanted traffic costs (for - dial-on-demand
interfaces).
EXAMPLES
- # spppcontrol bppp0
bppp0: phase=dead - myauthproto=chap myauthname="uriah"
hisauthproto=chap hisauthname="ifb-gw" norechallenge
lcp-timeout=3000
enable-vj
enable-ipv6 - Display the settings for bppp0. The interface is currently
- in dead
phase, i.e., the LCP layer is down, and no traffic is possi - ble. Both
ends of the connection use the CHAP protocol, my end tells - remote the
system name ``uriah'', and remote is expected to authenti - cate by the name
``ifb-gw''. Once the initial CHAP handshake was successful, - no further
CHAP challenges will be transmitted. There are supposedly - some known
CHAP secrets for both ends of the link which are not being - shown.
- # spppcontrol bppp0 authproto=chap
- myauthname=uriah myauthsecret='some secret' hisauth
- name=ifb-gw hisauthsecret='another' norechallenge
- A possible call to spppcontrol that could have been used to
- bring the
interface into the state shown by the previous example.
SEE ALSO
netstat(1), sppp(4), ifconfig(8)
- B. Lloyd and W. Simpson, PPP Authentication Protocols, RFC
- 1334.
- W. Simpson, Editor, The Point-to-Point Protocol (PPP), RFC
- 1661.
- W. Simpson, PPP Challenge Handshake Authentication Protocol
- (CHAP), RFC
1994.
HISTORY
The spppcontrol utility appeared in FreeBSD 3.0.
AUTHORS
- The program was written by Jorg Wunsch, Dresden.
- BSD December 30, 2001