.B nodeflateDisables Deflate compression; pppd will not request or agree tocompress packets using the Deflate scheme..TP.B nodetachDon't detach from the controlling terminal.  Without this option, if aserial device other than the terminal on the standard input isspecified, pppd will fork to become a background process..TP.B noipDisable IPCP negotiation and IP communication.  This option shouldonly be required if the peer is buggy and gets confused by requestsfrom pppd for IPCP negotiation..TP.B noipv6Disable IPv6CP negotiation and IPv6 communication. This option shouldonly be required if the peer is buggy and gets confused by requestsfrom pppd for IPv6CP negotiation..TP.B noipdefaultDisables the default behaviour when no local IP address is specified,which is to determine (if possible) the local IP address from thehostname.  With this option, the peer will have to supply the local IPaddress during IPCP negotiation (unless it specified explicitly on thecommand line or in an options file)..TP.B noipxDisable the IPXCP and IPX protocols.  This option should only berequired if the peer is buggy and gets confused by requests from pppdfor IPXCP negotiation..TP.B noktuneOpposite of the \fIktune\fR option; disables pppd from changing systemsettings..TP.B nologDo not send log messages to a file or file descriptor.  This optioncancels the \fBlogfd\fR and \fBlogfile\fR options..B nomagicDisable magic number negotiation.  With this option, pppd cannotdetect a looped-back line.  This option should only be needed if thepeer is buggy..TP.B nopcompDisable protocol field compression negotiation in both the receive andthe transmit direction..TP.B nopersistExit once a connection has been made and terminated.  This is thedefault unless the \fIpersist\fR or \fIdemand\fR option has beenspecified..TP.B nopredictor1Do not accept or agree to Predictor-1 compression..TP.B noproxyarpDisable the \fIproxyarp\fR option.  The system administrator whowishes to prevent users from creating proxy ARP entries with pppd cando so by placing this option in the /etc/ppp/options file..TP.B nottyNormally, pppd requires a terminal device.  With this option, pppdwill allocate itself a pseudo-tty master/slave pair and use the slaveas its terminal device.  Pppd will create a child process to act as a`character shunt' to transfer characters between the pseudo-tty masterand its standard input and output.  Thus pppd will transmit characterson its standard output and receive characters on its standard inputeven if they are not terminal devices.  This option increases thelatency and CPU overhead of transferring data over the ppp interfaceas all of the characters sent and received must flow through thecharacter shunt process.  An explicit device name may not be given ifthis option is used..TP.B novjDisable Van Jacobson style TCP/IP header compression in both thetransmit and the receive direction..TP.B novjccompDisable the connection-ID compression option in Van Jacobson styleTCP/IP header compression.  With this option, pppd will not omit theconnection-ID byte from Van Jacobson compressed TCP/IP headers, norask the peer to do so..TP.B papcryptIndicates that all secrets in the /etc/ppp/pap-secrets file which areused for checking the identity of the peer are encrypted, and thuspppd should not accept a password which, before encryption, isidentical to the secret from the /etc/ppp/pap-secrets file..TP.B pap-max-authreq \fInSet the maximum number of PAP authenticate-request transmissions to\fIn\fR (default 10)..TP.B pap-restart \fInSet the PAP restart interval (retransmission timeout) to \fIn\fRseconds (default 3)..TP.B pap-timeout \fInSet the maximum time that pppd will wait for the peer to authenticateitself with PAP to \fIn\fR seconds (0 means no limit)..TP.B pass-filter \fIfilter-expressionSpecifies a packet filter to applied to data packets being sent orreceived to determine which packets should be allowed to pass.Packets which are rejected by the filter are silently discarded.  Thisoption can be used to prevent specific network daemons (such asrouted) using up link bandwidth, or to provide a basic firewallcapability.The \fIfilter-expression\fR syntax is as described for tcpdump(1),except that qualifiers which are inappropriate for a PPP link, such as\fBether\fR and \fBarp\fR, are not permitted.  Generally the filterexpression should be enclosed in single-quotes to prevent whitespacein the expression from being interpreted by the shell.  Note that itis possible to apply different constraints to incoming and outgoingpackets using the \fBinbound\fR and \fBoutbound\fR qualifiers. Thisoption is currently only available under NetBSD, and then only if boththe kernel and pppd were compiled with PPP_FILTER defined..TP.B persistDo not exit after a connection is terminated; instead try to reopenthe connection..TP.B plugin \fIfilenameLoad the shared library object file \fIfilename\fR as a plugin.  Thisis a privileged option..TP.B predictor1Request that the peer compress frames that it sends using Predictor-1compression, and agree to compress transmitted frames with Predictor-1if requested.  This option has no effect unless the kernel driversupports Predictor-1 compression..TP.B privgroup \fIgroup-nameAllows members of group \fIgroup-name\fR to use privileged options.This is a privileged option.  Use of this option requires care asthere is no guarantee that members of \fIgroup-name\fR cannot use pppdto become root themselves.  Consider it equivalent to putting themembers of \fIgroup-name\fR in the kmem or disk group..TP.B proxyarpAdd an entry to this system's ARP [Address Resolution Protocol] tablewith the IP address of the peer and the Ethernet address of thissystem.  This will have the effect of making the peer appear to othersystems to be on the local ethernet..TP.B pty \fIscriptSpecifies that the command \fIscript\fR is to be used to communicaterather than a specific terminal device.  Pppd will allocate itself apseudo-tty master/slave pair and use the slave as its terminaldevice.  The \fIscript\fR will be run in a child process with thepseudo-tty master as its standard input and output.  An explicitdevice name may not be given if this option is used.  (Note: if the\fIrecord\fR option is used in conjuction with the \fIpty\fR option,the child process will have pipes on its standard input and output.).TP.B receive-allWith this option, pppd will accept all control characters from thepeer, including those marked in the receive asyncmap.  Without thisoption, pppd will discard those characters as specified in RFC1662.This option should only be needed if the peer is buggy..TP.B record \fIfilenameSpecifies that pppd should record all characters sent and received toa file named \fIfilename\fR.  This file is opened in append mode,using the user's user-ID and permissions.  This option is implementedusing a pseudo-tty and a process to transfer characters between thepseudo-tty and the real serial device, so it will increase the latencyand CPU overhead of transferring data over the ppp interface.  Thecharacters are stored in a tagged format with timestamps, which can bedisplayed in readable form using the pppdump(8) program..TP.B remotename \fInameSet the assumed name of the remote system for authentication purposesto \fIname\fR..TP.B refuse-chapWith this option, pppd will not agree to authenticate itself to thepeer using CHAP..TP.B refuse-papWith this option, pppd will not agree to authenticate itself to thepeer using PAP..TP.B require-chapRequire the peer to authenticate itself using CHAP [ChallengeHandshake Authentication Protocol] authentication..TP.B require-papRequire the peer to authenticate itself using PAP [PasswordAuthentication Protocol] authentication..TP.B show-passwordWhen logging the contents of PAP packets, this option causes pppd toshow the password string in the log message..TP.B silentWith this option, pppd will not transmit LCP packets to initiate aconnection until a valid LCP packet is received from the peer (as forthe `passive' option with ancient versions of pppd)..TP.B syncUse synchronous HDLC serial encoding instead of asynchronous.The device used by pppd with this option must have sync support.Currently supports Microgate SyncLink adaptersunder Linux and FreeBSD 2.2.8 and later..TP.B updetachWith this option, pppd will detach from its controlling terminal onceit has successfully established the ppp connection (to the point wherethe first network control protocol, usually the IP control protocol,has come up)..TP.B usehostnameEnforce the use of the hostname (with domain name appended, if given)as the name of the local system for authentication purposes (overridesthe \fIname\fR option).  This option is not normally needed since the\fIname\fR option is privileged..TP.B usepeerdnsAsk the peer for up to 2 DNS server addresses.  The addresses suppliedby the peer (if any) are passed to the /etc/ppp/ip-up script in theenvironment variables DNS1 and DNS2.  In addition, pppd will create an/etc/ppp/resolv.conf file containing one or two nameserver lines withthe address(es) supplied by the peer..TP.B user \fInameSets the name used for authenticating the local system to the peer to\fIname\fR..TP.B vj-max-slots \fInSets the number of connection slots to be used by the Van JacobsonTCP/IP header compression and decompression code to \fIn\fR, whichmust be between 2 and 16 (inclusive)..TP.B welcome \fIscriptRun the executable or shell command specified by \fIscript\fR beforeinitiating PPP negotiation, after the connect script (if any) hascompleted.  A value for this option from a privileged source cannot beoverridden by a non-privileged user..TP.B xonxoffUse software flow control (i.e. XON/XOFF) to control the flow of data onthe serial port..SH OPTIONS FILESOptions can be taken from files as well as the command line.  Pppdreads options from the files /etc/ppp/options, ~/.ppprc and/etc/ppp/options.\fIttyname\fR (in that order) before processing theoptions on the command line.  (In fact, the command-line options arescanned to find the terminal name before the options.\fIttyname\fRfile is read.)  In forming the name of the options.\fIttyname\fR file,the initial /dev/ is removed from the terminal name, and any remaining/ characters are replaced with dots..PPAn options file is parsed into a series of words, delimited bywhitespace.  Whitespace can be included in a word by enclosing theword in double-quotes (").  A backslash (\\) quotes the following character.A hash (#) starts a comment, which continues until the end of theline.  There is no restriction on using the \fIfile\fR or \fIcall\fRoptions within an options file..SH SECURITY.I pppdprovides system administrators with sufficient access control that PPPaccess to a server machine can be provided to legitimate users withoutfear of compromising the security of the server or the network it'son.  This control is provided through restrictions on which IPaddresses the peer may use, based on its authenticated identity (ifany), and through restrictions on which options a non-privileged usermay use.  Several of pppd's options are privileged, in particularthose which permit potentially insecure configurations; these optionsare only accepted in files which are under the control of the systemadministrator, or if pppd is being run by root..PPThe default behaviour of pppd is to allow an unauthenticated peer touse a given IP address only if the system does not already have aroute to that IP address.  For example, a system with apermanent connection to the wider internet will normally have adefault route, and thus all peers will have to authenticate themselvesin order to set up a connection.  On such a system, the \fIauth\fRoption is the default.  On the other hand, a system where thePPP link is the only connection to the internet will not normally havea default route, so the peer will be able to use almost any IP addresswithout authenticating itself..PPAs indicated above, some security-sensitive options are privileged,which means that they may not be used by an ordinary non-privilegeduser running a setuid-root pppd, either on the command line, in theuser's ~/.ppprc file, or in an options file read using the \fIfile\fRoption.  Privileged options may be used in /etc/ppp/options file or inan options file read using the \fIcall\fR option.  If pppd is beingrun by the root user, privileged options can be used withoutrestriction..PPWhen opening the device, pppd uses either the invoking user's user IDor the root UID (that is, 0), depending on whether the device name wasspecified by the user or the system administrator.  If the device namecomes from a privileged source, that is, /etc/ppp/options or anoptions file read using the \fIcall\fR option, pppd uses full root