first commit

etc_org/ppp/chap-secrets

@@ -0,0 +1,4 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+

etc_org/ppp/ip-down

@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
+# routes, unset IP addresses etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+#    Arg  Name                          Example
+#    $1   Interface name                ppp0
+#    $2   The tty                       ttyS1
+#    $3   The link speed                38400
+#    $4   Local IP number               12.34.56.78
+#    $5   Peer  IP number               12.34.56.99
+#    $6   Optional ``ipparam'' value    foo
+
+# The  environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME 
+
+# If /var/log/ppp-ipupdown.log exists use it for logging.
+if [ -e /var/log/ppp-ipupdown.log ]; then
+  exec >> /var/log/ppp-ipupdown.log 2>&1
+  echo $0 $@
+  echo
+fi
+
+# This script can be used to override the .d files supplied by other packages.
+if [ -x /etc/ppp/ip-down.local ]; then
+  exec /etc/ppp/ip-down.local "$@"
+fi
+
+run-parts /etc/ppp/ip-down.d \
+  --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
+

etc_org/ppp/ip-down.d/0000usepeerdns

@@ -0,0 +1,24 @@
+#!/bin/sh -e
+
+# exit if the resolvconf package is installed
+[ -x /sbin/resolvconf ] && exit 0
+
+# follow any symlink to find the real file
+if [ -e /etc/resolv.conf ]; then
+  REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf)
+else
+  REALRESOLVCONF=/etc/resolv.conf
+fi
+
+# if an old resolv.conf file exists, restore it
+if [ -e $REALRESOLVCONF.pppd-backup.$PPP_IFACE ]; then
+  mv -f $REALRESOLVCONF.pppd-backup.$PPP_IFACE $REALRESOLVCONF
+
+  # restart nscd because resolv.conf has changed
+  if [ -e /var/run/nscd.pid ]; then
+    /etc/init.d/nscd restart || true
+  fi
+fi
+
+exit 0
+

etc_org/ppp/ip-down.d/000resolvconf

@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# PPP down hook script for resolvconf
+#
+# Reconfigures resolver to take into account
+# the disappearance of the ppp interface.
+#
+# This file is part of the resolvconf package.
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+
+case "$6" in
+  nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*)
+    # NetworkManager handles it
+    exit 0
+    ;;
+esac
+
+/sbin/resolvconf -d "${PPP_IFACE}.pppd"
+

etc_org/ppp/ip-up

@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# This script is run by the pppd after the link is established.
+# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
+# set IP address, run the mailq etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+#    Arg  Name                          Example
+#    $1   Interface name                ppp0
+#    $2   The tty                       ttyS1
+#    $3   The link speed                38400
+#    $4   Local IP number               12.34.56.78
+#    $5   Peer  IP number               12.34.56.99
+#    $6   Optional ``ipparam'' value    foo
+
+# The  environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME 
+
+# If /var/log/ppp-ipupdown.log exists use it for logging.
+if [ -e /var/log/ppp-ipupdown.log ]; then
+  exec > /var/log/ppp-ipupdown.log 2>&1
+  echo $0 $@
+  echo
+fi
+
+# This script can be used to override the .d files supplied by other packages.
+if [ -x /etc/ppp/ip-up.local ]; then
+  exec /etc/ppp/ip-up.local "$@"
+fi
+
+run-parts /etc/ppp/ip-up.d \
+  --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
+
+# if pon was called with the "quick" argument, stop pppd
+if [ -e /var/run/ppp-quick ]; then
+  rm /var/run/ppp-quick
+  wait
+  kill $PPPD_PID
+fi
+

etc_org/ppp/ip-up.d/0000usepeerdns

@@ -0,0 +1,33 @@
+#!/bin/sh -e
+
+# this variable is only set if the usepeerdns pppd option is being used
+[ "$USEPEERDNS" ] || exit 0
+
+# exit if the resolvconf package is installed
+[ -x /sbin/resolvconf ] && exit 0
+
+# create the file if it does not exist
+if [ ! -e /etc/resolv.conf ]; then
+  : > /etc/resolv.conf
+fi
+
+# follow any symlink to find the real file
+REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf)
+
+# merge the new nameservers with the other options from the old configuration
+{
+  cat /etc/ppp/resolv.conf
+  grep --invert-match '^nameserver[[:space:]]' "$REALRESOLVCONF" || true
+} > "$REALRESOLVCONF.tmp"
+
+# backup the old configuration and install the new one
+cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
+mv -f "$REALRESOLVCONF.tmp" "$REALRESOLVCONF"
+
+# restart nscd because resolv.conf has changed
+if [ -e /var/run/nscd.pid ]; then
+  /etc/init.d/nscd restart || true
+fi
+
+exit 0
+

etc_org/ppp/ip-up.d/000resolvconf

@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# PPP up hook script for resolvconf
+#
+# Reconfigures resolver to take into account
+# the appearance of the ppp interface.
+#
+# This file is part of the resolvconf package.
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+
+[ "$USEPEERDNS" ] || exit 0
+
+case "$6" in
+  nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*)
+	# NetworkManager handles it
+	exit 0
+	;;
+esac
+
+R=""
+if [ "$DNS1" ] ; then
+	R="${R}nameserver $DNS1
+"
+fi
+if [ "$DNS2" ] ; then
+	R="${R}nameserver $DNS2
+"
+fi
+
+echo -n "$R" | /sbin/resolvconf -a "${PPP_IFACE}.pppd"
+

etc_org/ppp/ipv6-down

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# These variables are for the use of the scripts run by run-parts.
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+# The environment is cleared before executing this script.
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+
+# If /var/log/ppp-ipupdown.log exists use it for logging.
+if [ -e /var/log/ppp-ipupdown.log ]; then
+  exec >> /var/log/ppp-ipupdown.log 2>&1
+fi
+
+# This script can be used to override the .d files supplied by other packages.
+if [ -x /etc/ppp/ipv6-down.local ]; then
+  exec /etc/ppp/ipv6-down.local "$@"
+fi
+
+run-parts /etc/ppp/ipv6-down.d \
+  --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
+

etc_org/ppp/ipv6-up

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# These variables are for the use of the scripts run by run-parts.
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+# The environment is cleared before executing this script.
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+
+# If /var/log/ppp-ipupdown.log exists use it for logging.
+if [ -e /var/log/ppp-ipupdown.log ]; then
+  exec >> /var/log/ppp-ipupdown.log 2>&1
+fi
+
+# This script can be used to override the .d files supplied by other packages.
+if [ -x /etc/ppp/ipv6-up.local ]; then
+  exec /etc/ppp/ipv6-up.local "$@"
+fi
+
+run-parts /etc/ppp/ipv6-up.d \
+  --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
+
+# if pon was called with the "quick" argument, stop pppd
+if [ -e /var/run/ppp-quick ]; then
+  rm /var/run/ppp-quick
+  wait
+  kill $PPPD_PID
+fi
+

etc_org/ppp/options

@@ -0,0 +1,348 @@
+# /etc/ppp/options
+# 
+# Originally created by Jim Knoble <jmknoble@mercury.interpath.net>
+# Modified for Debian by alvar Bray <alvar@meiko.co.uk>
+# Modified for PPP Server setup by Christoph Lameter <clameter@debian.org>
+#
+# To quickly see what options are active in this file, use this command:
+#   egrep -v '#|^ *$' /etc/ppp/options
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+# ms-wins 192.168.1.50
+# ms-wins 192.168.1.51
+
+# Run the executable or shell command specified after pppd has
+# terminated the link.  This script could, for example, issue commands
+# to the modem to cause it to hang up if hardware modem control signals
+# were not available.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it.  0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+asyncmap 0
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+auth
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Use software flow control (i.e. XON/XOFF) to control the flow of data
+# on the serial port.
+#xonxoff
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map).  The characters to be escaped are
+# specified as a list of hex numbers separated by commas.  Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified.  The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Don't use the modem control lines.
+#local
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Don't show the passwords when logging the contents of PAP packets.
+# This is the default.
+hide-password
+
+# When logging the contents of PAP packets, this option causes pppd to
+# show the password string in the log message.
+#show-password
+
+# Use the modem control lines.  On Ultrix, this option implies hardware
+# flow control, as for the crtscts option.  (This option is not fully
+# implemented.)
+modem
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128.  The default MRU value is 1500.  A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Disables the default behaviour when no local IP address is specified,
+# which is to determine (if possible) the local IP address from the
+# hostname. With this option, the peer will have to supply the local IP
+# address during IPCP negotiation (unless it specified explicitly on the
+# command line or in an options file).
+#noipdefault
+
+# Enables the "passive" option in the LCP.  With this option, pppd will
+# attempt to initiate a connection; if no reply is received from the
+# peer, pppd will then just wait passively for a valid LCP packet from
+# the peer (instead of exiting, as it does without this option).
+#passive
+
+# With this option, pppd will not transmit LCP packets to initiate a
+# connection until a valid LCP packet is received from the peer (as for
+# the "passive" option with old versions of pppd).
+#silent
+
+# Don't request or allow negotiation of any options for LCP and IPCP
+# (use default values).
+#-all
+
+# Disable Address/Control compression negotiation (use default, i.e.
+# address/control field disabled).
+#-ac
+
+# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
+# all control characters).
+#-am
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+#-detach
+
+# Disable IP address negotiation (with this option, the remote IP
+# address must be specified with an option on the command line or in
+# an options file).
+#-ip
+
+# Disable IPCP negotiation and IP communication. This option should
+# only be required if the peer is buggy and gets confused by requests
+# from pppd for IPCP negotiation.
+#noip
+
+# Disable magic number negotiation.  With this option, pppd cannot
+# detect a looped-back line.
+#-mn
+
+# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
+# 1500).
+#-mru
+
+# Disable protocol field compression negotiation (use default, i.e.
+# protocol field compression disabled).
+#-pc
+
+# Require the peer to authenticate itself using PAP.
+#+pap
+
+# Don't agree to authenticate using PAP.
+#-pap
+
+# Require the peer to authenticate itself using CHAP [Cryptographic
+# Handshake Authentication Protocol] authentication.
+#+chap
+
+# Don't agree to authenticate using CHAP.
+#-chap
+
+# Disable negotiation of Van Jacobson style IP header compression (use
+# default, i.e. no compression).
+#-vj
+
+# Increase debugging level (same as -d).  If this option is given, pppd
+# will log the contents of all control packets sent or received in a
+# readable form.  The packets are logged through syslog with facility
+# daemon and level debug. This information can be directed to a file by
+# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
+# pppd is compiled with extra debugging enabled, it will log messages
+# using facility local2 instead of daemon).
+#debug
+
+# Append the domain name <d> to the local host name for authentication
+# purposes.  For example, if gethostname() returns the name porsche,
+# but the fully qualified domain name is porsche.Quotron.COM, you would
+# use the domain option to set the domain name to Quotron.COM.
+#domain <d>
+
+# Enable debugging code in the kernel-level PPP driver.  The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the name of the local system for authentication purposes to <n>.
+# This is a privileged option. With this option, pppd will use lines in the
+# secrets files which have <n> as the second field when looking for a
+# secret to use in authenticating the peer. In addition, unless overridden
+# with the user option, <n> will be used as the name to send to the peer
+# when authenticating the local system to the peer. (Note that pppd does
+# not append the domain name to <n>.)
+#name <n>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+#usehostname
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.
+#proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+# login
+
+# If this option is given, pppd will send an LCP echo-request frame to the
+# peer every n seconds. Normally the peer should respond to the echo-request
+# by sending an echo-reply. This option can be used with the
+# lcp-echo-failure option to detect that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection.  Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Set the LCP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#lcp-restart <n>
+
+# Set the maximum number of LCP terminate-request transmissions to <n>
+# (default 3).
+#lcp-max-terminate <n>
+
+# Set the maximum number of LCP configure-request transmissions to <n>
+# (default 10).
+#lcp-max-configure <n>
+
+# Set the maximum number of LCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#lcp-max-failure <n>
+
+# Set the IPCP restart interval (retransmission timeout) to <n>
+# seconds (default 3).
+#ipcp-restart <n>
+
+# Set the maximum number of IPCP terminate-request transmissions to <n>
+# (default 3).
+#ipcp-max-terminate <n>
+
+# Set the maximum number of IPCP configure-request transmissions to <n>
+# (default 10).
+#ipcp-max-configure <n>
+
+# Set the maximum number of IPCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#ipcp-max-failure <n>
+
+# Set the PAP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#pap-restart <n>
+
+# Set the maximum number of PAP authenticate-request transmissions to
+# <n> (default 10).
+#pap-max-authreq <n>
+
+# Set the maximum time that pppd will wait for the peer to authenticate
+# itself with PAP to <n> seconds (0 means no limit).
+#pap-timeout <n>
+
+# Set the CHAP restart interval (retransmission timeout for
+# challenges) to <n> seconds (default 3).
+#chap-restart <n>
+
+# Set the maximum number of CHAP challenge transmissions to <n>
+# (default 10).
+#chap-max-challenge
+
+# If this option is given, pppd will rechallenge the peer every <n>
+# seconds.
+#chap-interval <n>
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Disable the IPXCP and IPX protocols.
+# To let pppd pass IPX packets comment this out --- you'll probably also
+# want to install ipxripd, and have the Internal IPX Network option enabled
+# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
+noipx
+
+# Exit once a connection has been made and terminated. This is the default,
+# unless the `persist' or `demand' option has been specified.
+#nopersist
+
+# Do not exit after a connection is terminated; instead try to reopen
+# the connection.
+#persist
+
+# Terminate after n consecutive failed connection attempts.
+# A value of 0 means no limit. The default value is 10.
+#maxfail <n>
+
+# Initiate the link only on demand, i.e. when data traffic is present. 
+# With this option, the remote IP address must be specified by the user on
+# the command line or in an options file.  Pppd will initially configure
+# the interface and enable it for IP traffic without connecting to the peer. 
+# When traffic is available, pppd will connect to the peer and perform
+# negotiation, authentication, etc.  When this is completed, pppd will
+# commence passing data packets (i.e., IP packets) across the link.
+#demand
+
+# Specifies that pppd should disconnect if the link is idle for <n> seconds.
+# The link is idle when no data packets (i.e. IP packets) are being sent or
+# received.  Note: it is not advisable to use this option with the persist
+# option without the demand option.  If the active-filter option is given,
+# data packets which are rejected by the specified activity filter also
+# count as the link being idle.
+#idle <n>
+
+# Specifies how many seconds to wait before re-initiating the link after
+# it terminates.  This option only has any effect if the persist or demand
+# option is used.  The holdoff period is not applied if the link was
+# terminated because it was idle.
+#holdoff <n>
+
+# Wait for up n milliseconds after the connect script finishes for a valid
+# PPP packet from the peer.  At the end of this time, or when a valid PPP
+# packet is received from the peer, pppd will commence negotiation by
+# sending its first LCP packet.  The default value is 1000 (1 second).
+# This wait period only applies if the connect or pty option is used.
+#connect-delay <n>
+
+# Packet filtering: for more information, see pppd(8)
+# Any packets matching the filter expression will be interpreted as link
+# activity, and will cause a "demand" connection to be activated, and reset
+# the idle connection timer. (idle option)
+# The filter expression is akin to that of tcpdump(1)
+#active-filter <filter-expression>
+
+# ---<End of File>---

etc_org/ppp/options.pptp

@@ -0,0 +1,59 @@
+###############################################################################
+# $Id: options.pptp,v 1.4 2012/08/30 21:34:13 quozl Exp $
+#
+# Sample PPTP PPP options file /etc/ppp/options.pptp
+# Options used by PPP when a connection is made by a PPTP client.
+# This file can be referred to by an /etc/ppp/peers file for the tunnel.
+# Changes are effective on the next connection.  See "man pppd".
+#
+# You are expected to change this file to suit your system.  As
+# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
+# and the kernel MPPE module available from the CVS repository also on
+# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
+###############################################################################
+
+# Lock the port
+lock
+
+# Authentication
+# We don't need the tunnel server to authenticate itself
+noauth
+
+# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
+# (you may need to remove these refusals if the server is not using MPPE)
+refuse-pap
+refuse-eap
+refuse-chap
+refuse-mschap
+
+# Compression
+# Turn off compression protocols we know won't be used
+nobsdcomp
+nodeflate
+
+# Encryption
+# (There have been multiple versions of PPP with encryption support,
+# choose which of the following sections you will use.  Note that MPPE
+# requires the use of MSCHAP-V2 during authentication)
+#
+# Note that using PPTP with MPPE and MSCHAP-V2 should be considered
+# insecure:
+# http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2
+# https://github.com/moxie0/chapcrack/blob/master/README.md
+# http://technet.microsoft.com/en-us/security/advisory/2743314
+
+# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
+# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
+# is not allowed and PPTP-MPPE is not available.
+# {{{
+# Require MPPE 128-bit encryption
+#require-mppe-128
+# }}}
+
+# http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec
+# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
+# {{{
+# Require MPPE 128-bit encryption
+#mppe required,stateless
+# }}}

etc_org/ppp/pap-secrets

@@ -0,0 +1,43 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+

etc_org/ppp/peers/provider

@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+