diff options
| author | brian <brian@FreeBSD.org> | 2001-06-18 15:00:22 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2001-06-18 15:00:22 +0000 |
| commit | e0acd9811e2350c85429fd10644125ff61d45f07 (patch) | |
| tree | b58f089492e9f96c30634a8674bc53fab1f5a1eb /usr.sbin/ppp/ppp.8.m4 | |
| parent | 14263ff751db1d878bad974a406737533ea6b70c (diff) | |
| download | FreeBSD-src-e0acd9811e2350c85429fd10644125ff61d45f07.zip FreeBSD-src-e0acd9811e2350c85429fd10644125ff61d45f07.tar.gz | |
Add support for stateful MPPE (microsoft encryption) providing
encryption compatibility with Windows 2000. Stateful encryption
uses less CPU but is bad on lossy transports.
The ``set mppe'' command has been expanded. If it's used with any
arguments, ppp will insist on encryption, closing LCP if the other
end refuses.
Unfortunately, Microsoft have abused the CCP reset request so that
receiving a reset request does not result in a reset ack when using
MPPE...
Sponsored by: Monzoon Networks AG and FreeBSD Services Limited
Diffstat (limited to 'usr.sbin/ppp/ppp.8.m4')
| -rw-r--r-- | usr.sbin/ppp/ppp.8.m4 | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4 index 42743be..23e4e9a 100644 --- a/usr.sbin/ppp/ppp.8.m4 +++ b/usr.sbin/ppp/ppp.8.m4 @@ -4910,8 +4910,34 @@ This will allow to do the necessary address translations to enable the process that triggers the connection to connect once the link is up despite the peer assigning us a new (dynamic) IP address. -.It set mppe {40|56|128} -This option selects particular key length. Default is 128. +.It set mppe Op 40|56|128|* Op stateless|statefull|* +This option selects the encryption parameters used when negotiation +MPPE. MPPE can be disabled entirely with the +.Dq disable mppe +command. +If no arguments are given, +.Nm +will attempt to negotiate a statefull link with a 128 bit key, but +will agree to whatever the peer requests (including no encryption +at all). +.Pp +If any arguments are given, +.Nm +will +.Em insist +on using MPPE and will close the link if it's rejected by the peer. +.Pp +The first argument specifies the number of bits that +.Nm +should insist on during negotiations and the second specifies whether +.Nm +should insist on statefull or stateless mode. In stateless mode, the +encryption dictionary is re-initialised with every packet according to +an encryption key that is changed with every packet. In statefull mode, +the encryption dictionary is re-initialised every 256 packets or after +the loss of any data and the key is changed every 256 packets. +Stateless mode is less efficient but is better for unreliable transport +layers. .It set mrru Op Ar value Setting this option enables Multi-link PPP negotiations, also known as Multi-link Protocol or MP. |
