display or set parameters for an sppp interface
driver might require a number of additional arguments or optional parameters
besides the settings that can be adjusted with
These are things like authentication protocol parameters, but also other
tunable configuration variables. The
utility can be used to display
the current settings, or adjust these parameters as required.
For whatever intent
called, at least the parameter ifname
to be specified, naming the interface for which the settings are to be
performed or displayed. Use
to see which interfaces are available.
If no other parameter is given,
will just list the current settings for
and exit. The reported settings
include the current PPP phase the interface is in, which can be one of the
. If an authentication protocol is
configured for the interface, the name of the protocol to be used, as well as
the system name to be used or expected will be displayed, plus any possible
options to the authentication protocol if applicable. Note that the
authentication secrets (sometimes also called
) are not being returned by the underlying
system call, and are thus not displayed.
If any additional parameter is supplied, superuser privileges are required, and
the command works in the “set” mode. This is normally done
quietly, unless the option
enabled, which will cause a final printout of the settings as described above
once all other actions have been taken. Use of this mode will be rejected if
the interface is currently in any other phase than
. Note that you can force an interface into
phase by calling
with the parameter
The currently supported parameters include:
- Set both, his and my authentication protocol to
protoname. The protocol name can be one
none”. In the latter case, the use
of an authentication protocol will be turned off for the named interface.
This has the side-effect of clearing the other authentication-related
parameters for this interface as well (i.e., system name and
authentication secret will be forgotten).
- Same as above, but only for my end of the link. I.e., this is the protocol
when remote is authenticator, and I am the peer required to
- Same as above, but only for his end of the link.
- Set my system name for the authentication protocol.
- Set his system name for the authentication protocol. For CHAP, this will
only be used as a hint, causing a warning message if remote did supply a
different name. For PAP, it is the name remote must use to authenticate
himself (in connection with his secret).
- Set my secret (key, password) for use in the authentication phase. For
CHAP, this will be used to compute the response hash value, based on
remote's challenge. For PAP, it will be transmitted as plain text together
with the system name. Do not forget to quote the secrets from the shell if
they contain shell metacharacters (or white space).
- Same as above.
- Same as above, to be used if we are an authenticator and the remote peer
needs to authenticate.
- Same as above.
- Require remote to authenticate himself only when he is calling in, but not
when we are caller. This is required for some peers that do not implement
the authentication protocols symmetrically (like Ascend routers, for
- The opposite of callin. Require remote to
always authenticate, regardless of which side is placing the call. This is
the default, and will not be explicitly displayed in the
- Only meaningful with CHAP. Do not re-challenge peer once the initial CHAP
handshake was successful. Used to work around broken peer implementations
that cannot grok being re-challenged once the connection is up.
- With CHAP, send re-challenges at random intervals while the connection is
in network phase. (The intervals are currently in the range of 300 through
approximately 800 seconds.) This is the default, and will not be
explicitly displayed in the “list” mode.
- Allows to change the value of the LCP restart timer. Values are specified
in milliseconds. The value must be between 10 and 20000 ms, defaulting to
- Enable negotiation of Van Jacobsen header compression. (Enabled by
- Disable negotiation of Van Jacobsen header compression.
- Enable negotiation of the IPv6 network control protocol. (Enabled by
default if the kernel has IPv6 enabled.)
- Disable negotiation of the IPv6 network control protocol. Since every IPv4
interface in an IPv6-enabled kernel automatically gets an IPv6 address
assigned, this option provides for a way to administratively prevent the
link from attempting to negotiate IPv6. Note that initialization of an
IPv6 interface causes a multicast packet to be sent, which can cause
unwanted traffic costs (for dial-on-demand interfaces).
# spppcontrol bppp0
hisauthproto=chap hisauthname="ifb-gw" norechallenge
Display the settings for
. The interface is
currently in dead
phase, i.e., the LCP layer is
down, and no traffic is possible. Both ends of the connection use the CHAP
protocol, my end tells remote the system name
”, and remote is expected to
authenticate by the name “
the initial CHAP handshake was successful, no further CHAP challenges will be
transmitted. There are supposedly some known CHAP secrets for both ends of the
link which are not being shown.
# spppcontrol bppp0 \
myauthname=uriah myauthsecret='some secret' \
hisauthname=ifb-gw hisauthsecret='another' \
A possible call to
have been used to bring the interface into the state shown by the previous
B. Lloyd and
W. Simpson, PPP Authentication
Protocols, RFC 1334.
W. Simpson, Editor,
The Point-to-Point Protocol (PPP),
PPP Challenge Handshake Authentication Protocol
(CHAP), RFC 1994.
utility appeared in
The program was written by Jörg