PPP and Link Control Protocol
network layer implements the state
machine and Link Control Protocol (LCP) of the Point-to-Point Protocol (PPP)
as described in RFC 1661. Note that this layer does not provide network
interfaces of its own, it is rather intended to be layered on top of drivers
providing a point-to-point connection that wish to run a PPP stack over it.
The corresponding network interfaces have to be provided by these hardware
layer provides three basic modes of
operation. The default mode, with no special flags set, is to create the PPP
connection (administrative Open
event to the LCP
layer) as soon as the interface is taken up with the
the interface down again will terminate the LCP layer and thus all other
layers on top. The link will also terminate itself as soon as no Network
Control Protocol (NCP) is open anymore, indicating that the lower layers are
no longer needed.
Setting the link-level flag
will cause the
respective network interface to go into passive
mode. This means the administrative Open
the LCP layer will be delayed until after the lower layers signal an
event (rise of “carrier”). This
can be used by the lower layers to support a dial-in connection where the
physical layer isn't available immediately at startup, but only after some
external event arrives. Receipt of a Down
from the lower layer will not take the interface completely down in this case.
Finally, setting the flag
the interface to operate in dial-on-demand
This is also only useful if the lower layers support the notion of a carrier
(like with an ISDN line). Upon configuring the respective interface, it will
delay the administrative Open
event to the LCP
layer until either an outbound network packet arrives, or until the lower
layers signal an Up
event, indicating an inbound
connection. As with passive mode, receipt of a
event (loss of carrier) will not
automatically take the interface down, thus it remains available for further
layer supports the
interface flag, which can be set with
. If this flag is
set, the various control protocol packets being exchanged as well as the
option negotiation between both ends of the link will be logged at level
. This can be helpful to examine
configuration problems during the first attempts to set up a new
configuration. Without this flag being set, only the major phase transitions
will be logged at level
It is possible to leave the local interface IP address open for negotiation by
setting it to 0.0.0.0. This requires that the remote peer can correctly supply
a value for it based on the identity of the caller, or on the remote address
supplied by this side. Due to the way the IPCP option negotiation works, this
address is supplied late during the negotiation, which could cause the remote
peer to make false assumptions.
In a similar spirit the remote address can be set to the magical value 0.0.0.1,
which means that we don't care what address the remote side will use, as long
as it is not 0.0.0.0. This is useful if your ISP has several dial-in servers.
You can of course
route add something or other
and it will do exactly what you would want it to.
The PAP and CHAP authentication protocols, as described in RFCs 1334 and 1994,
respectively, are also implemented. Their parameters are controlled by the
Display the settings for pppoe0. The interface is currently in the
phase and tries to connect to the
remote peer; other possible PPP phases are dead
. Both ends of the connection use the
CHAP protocol, the local client tells the remote peer the system name
’, and the peer is expected to
authenticate by the name ‘
the initial CHAP handshake has been successful, no further CHAP challenges
will be transmitted. There are supposedly some known CHAP secrets for both
ends of the link which are not displayed.
$ ifconfig pppoe0
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
dev: em0 state: PADI sent
sid: 0x0 PADI retries: 0 PADR retries: 0
sppp: phase establish authproto chap authname "uriah" \
peerproto chap peername "ifb-gw" norechallenge
inet 0.0.0.0 --> 0.0.0.1 netmask 0xffffffff
A possible call to ifconfig(8)
that could have been used to bring the interface into the state shown by the
# ifconfig em0 up
# ifconfig pppoe0 0.0.0.0 0.0.0.1 netmask 0xffffffff \
pppoedev em0 \
authproto chap authname uriah authkey "some secret" \
peerproto chap peername "ifb-gw" peerkey "another" \
peerflag norechallenge \
- <ifname><ifnum>: <proto> illegal <event> in state
- An event happened that should not happen for the current state the
respective control protocol is in. See RFC 1661 for a description of the
- <ifname><ifnum>: loopback
- The state automaton detected a line loopback (that is, it was talking with
itself). The interface will be temporarily disabled.
- <ifname><ifnum>: up
- The LCP layer is running again, after a line loopback had previously been
- <ifname><ifnum>: down
- The keepalive facility detected the line being unresponsive. Keepalive
must be explicitly requested by the lower layers in order to take
The PPP Internet Protocol Control Protocol (IPCP),
RFC 1332, May 1992.
B. Lloyd and
W. Simpson, PPP Authentication
Protocols, RFC 1334, October
The Point-to-Point Protocol (PPP),
RFC 1661, July 1994.
PPP Challenge Handshake Authentication Protocol
(CHAP), RFC 1994, August
D. Haskins, and E. Allen,
IP Version 6 over PPP, RFC
5072, September 2007.
The original implementation of
written in 1994 at Cronyx Ltd., Moscow, by Serge
rewrote a large part in 1997 in order to fully implement the state machine as
described in RFC 1661, so it could also be used for dialup lines. He also
wrote the initial version of this man page. Serge later on wrote a basic
implementation for PAP and CHAP, which served as the base for the current
implementation, done again by Joerg Wunsch.
in order to remove the original
’ utility, which was
previously used to configure and display the
Negotiation loop avoidance is not fully implemented. If the negotiation doesn't
converge, this can cause an endless loop.
The various parameters that should be adjustable per RFC 1661 are currently
hard-coded into the kernel, and should be made accessible through
mode has not been tested extensively.
More NCPs should be implemented, as well as other control protocols for
authentication and link quality reporting.
IPCP should support VJ header compression.
Link-level compression protocols should be supported.