diff options
| author | brian <brian@FreeBSD.org> | 2000-10-30 00:15:04 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2000-10-30 00:15:04 +0000 |
| commit | 06792c58d5296e43c29af28744e2aa418b29c02c (patch) | |
| tree | b3faf577f26b4b6238bf2ed28bb1cced590c6645 /usr.sbin/ppp/ppp.8 | |
| parent | c238c956a4e688205b311cfc63717fc84e6d43eb (diff) | |
| download | FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.zip FreeBSD-src-06792c58d5296e43c29af28744e2aa418b29c02c.tar.gz | |
Add MPPE and MSChap v2 support (denied and disabled by default)
Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
Diffstat (limited to 'usr.sbin/ppp/ppp.8')
| -rw-r--r-- | usr.sbin/ppp/ppp.8 | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8 index 33cb29f..90d99f8 100644 --- a/usr.sbin/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp.8 @@ -243,7 +243,7 @@ In direct mode, acts as server which accepts incoming .Em PPP connections on stdin/stdout. -.It Supports PAP and CHAP (rfc 1994) authentication. +.It Supports PAP and CHAP (rfc 1994, 2433 and 2759) authentication. With PAP or CHAP, it is possible to skip the Unix style .Xr login 1 procedure, and use the @@ -353,6 +353,14 @@ It is possible to configure .Nm to open more than one physical connection to the peer, combining the bandwidth of all links for better throughput. +.It Supports MPPE (draft-ietf-pppext-mppe) +MPPE is Microsoft Point to Point Encryption scheme. It is possible to configure +.Nm +to participate in Microsoft's Windows VPN. For now, +.Nm +can only get encryption keys from CHAP 81 authentication. +.Nm +must be compiled with DES for MPPE to operate. .El .Sh PERMISSIONS .Nm @@ -2654,8 +2662,20 @@ level, and any appropriate .Dq reconnect values are honoured as if the peer were responsible for dropping the connection. +.It mppe +Default: Disabled and Denied. +This is Microsoft Point to Point Encryption scheme. MPPE key size can be +40-, 56- and 128-bits. Refer to +.Dq set mppe +command. +.It MSChapV2|chap81 +Default: Disabled and Denied. +It is very similar to standard CHAP (type 0x05) +except that it issues challenges of a fixed 16 bytes in length and uses a +combination of MD4, SHA-1 and DES to encrypt the challenge rather than using the +standard MD5 mechanism. .It MSChap|chap80nt -Default: Disabled and Accepted. +Default: Disabled and Denied. The use of this authentication protocol is discouraged as it partially violates the authentication protocol by implementing two different mechanisms (LANMan & NT) under the guise of @@ -4738,6 +4758,8 @@ This will allow to do the necessary address translations to enable the process that triggers the connection to connect once the link is up despite the peer assigning us a new (dynamic) IP address. +.It set mppe {40|56|128} +This option selects particular key length. Default is 128. .It set mrru Op Ar value Setting this option enables Multi-link PPP negotiations, also known as Multi-link Protocol or MP. |
