This chapter describes commands that configure the bundle layer.
All of these commands (except new
)
apply to the currently active bundle, i.e.,
the bundle shown at the command line prompt.
new
[ -i iface
] bundle link1
[ link2
... ]This command creates a new bundle named bundle
.
The bundle will be associated with system interface
iface
, which should be the name of a netgraph
interface, i.e., ng0
, ng1
, etc. If an interface
is specified but does not exist yet, mpd will create it (and any
lower numbered ng*
interfaces as well). If no
iface
is specified, mpd will create a new one.
Specifying an interface explicitly is advised, as otherwise a
new interface will be created on your system every time mpd is
invoked.
The links that constitute the bundle are created and named
link1
, link2
, etc. For each
link, there must be a corresponding entry with the same name (i.e.,
label) in mpd.links
. This entry must at the very least
define the type of the link (via the set link type
command).
set bundle period seconds
set bundle hiwat percent
set bundle lowat percent
set bundle min-con seconds
set bundle min-dis seconds
These commands are only meaningful when bandwidth management is enabled.
Mpd will attempt to bring up a new link or take down an existing link
when the utilization goes above hiwat
or
below lowat
percent, respectively. The utilization is
sampled every period
divided by 6 seconds, and
is averaged over the past period
seconds.
Mpd will not attempt to reconnect a link unless it has been disconnected
for at least min-dis
seconds. Similarly, mpd will
not bring down a link unless it has stayed connected for at least
min-con
seconds. These latter two parameters
help prevent oscillations, but cause slower response time.
set bundle authname login
This command sets the authentication login name associated with
the bundle (in multi-link PPP, though each link is authenticated
individually, they all must use the same login name). The
login
must have a corresponding entry in
mpd.secrets
. The login
and password
are used when the peer requires us to authenticate ourselves.
set bundle password password
This command is normally not necessary. It causes mpd to not
lookup the password corresponding to
login
in mpd.secrets
, but rather to use
password
instead. If you're too lazy to set up
mpd.secrets
and are only dialing out, you can use this
command instead.
set bundle retry seconds
This sets the finite state machine (FSM) retry interval for all FSM's on this bundle. The default is 2 seconds. This command should only be used in exceptional situations, such as doing PPP over high-latency satellite links.
set bundle accept option ...
set bundle deny option ...
set bundle enable option ...
set bundle disable option ...
set bundle yes option ...
set bundle no option ...
These commands configure various bundle options. Most options are bi-directional in that they can be independently enabled and disabled in each direction.
The enable
and disable
commands determine
whether we want the corresponding option.
The accept
and deny
commands determine
whether we will allow the peer to request the corresponding option.
The yes
command is the same as
enable
and accept
.
The no
command is the same as
disable
and deny
.
The options available at the bundle layer are:
bw-manage
This command enables bandwidth management, in which mpd attempts to dynamically adjust the number of connected links depending on the traffic load.
The proper functioning of bandwidth management depends on the correct
latency and bandwidth information configured for each link; see the
set link latency
and set link bandwidth
commands.
The default for this option is off -- mpd connects the links ``all or none.''
multilink
This command enables multi-link PPP on the bundle. This option is required in both directions if there is more than one link in the bundle. However, multi-link PPP is sometimes useful on single links when the link MTU is low; multi-link PPP allows arbitrarily long packets to go over a link in fragments.
This option defaults to enable
and accept
unless
there is only one link in the bundle, in which case it defaults to
disable
and deny
(i.e., normal non-multilink PPP).
shortseq
This option is only meaningful if multi-link PPP is negotiated.
It proscribes shorter multi-link fragment headers,
saving two bytes on every frame. It defaults to
enable
and accept
.
compression
When compression support is compiled into mpd, this option must be enabled in order to activate it.
encryption
When encryption support is compiled into mpd, this option must be enabled in order to activate it.
crypt-reqd
Require encryption. When encryption support is compiled into mpd, this option causes mpd to drop the link if encryption cannot be succesfully negotiated in both directions. This means in effect, ``use encryption or don't connect at all.''
round-robin
When multilink PPP is enabled and there are two or more links connected, this option enables round robin packet scheduling across the links. That is, instead of breaking each packet into fragments and delivering the individual fragments over all the links in the bundle, each packet is delivered whole over single link. The link is chosen by rotating in round-robin fashion over all the links in the bundle.
This option normally would result in higher latency and possible delays due to TCP packets being received out of order; however, it may help in certain situations of high packet loss or broken peer equipment.
The default for this option is off.
noretry
This tells mpd to not attempt to reconnect a bundle whose last link has closed. This is needed for dialin-only bundles, where mpd doesn't know how to initiate an outgoing connection.
radius-auth
Enable authentication via RADIUS. All authentication methods are supported (PAP, CHAP, MS-CHAPv1, MS-CHAPv2). When using IAS as RADIUS server you can not use CHAP, because CHAP needs a plaintext password on the server, and Windows servers only store the NT-HASH. Password changing is currently not supported.
radius-fallback
This option is only relevant when radius-auth
is enabled.
If disabled, authentication is only attempted via RADIUS.
Otherwise, if authentication via RADIUS fails, mpd will attempt
to authenticate using the traditional method using mpd.secrets
.
radius-acct
Enable accounting via RADIUS. Accounting is implemented at bundle-level (in BundJoin() and BundLeave()). Accounting is done per link. There are some minor problems:
quit
on the console, Account-stop will not be sent.Note: Its possible to use RADIUS-accounting without RADIUS-authentication.
The following attributes are set when doing accounting requests:
RAD_FRAMED_IP_ADDRESS
RAD_ACCT_STATUS_TYPE
RAD_ACCT_SESSION_ID
RAD_ACCT_MULTI_SESSION_ID
RAD_USER_NAME
RAD_ACCT_LINK_COUNT
RAD_ACCT_AUTHENTIC
RAD_ACCT_TERMINATE_CAUSE
RAD_ACCT_INPUT_OCTETS
RAD_ACCT_INPUT_PACKETS
RAD_ACCT_OUTPUT_OCTETS
RAD_ACCT_OUTPUT_PACKETS
RAD_ACCT_INPUT_GIGAWORDS
RAD_ACCT_OUTPUT_GIGAWORDS
RAD_ACCT_SESSION_TIME
tcp-wrapper
With this option mpd uses /etc/hosts.allow
everytime a
connection is made from the client. This is useful if you would
like to restrict access to mpd. This option affects all TCP
connections, including PPTP and the TCP device layer.
The console is also affected, but a bug requires this option to be set consistently on all bundles for it to work reliably.
max-logins num
Limit the max. amount of concurrent logins with the same username. If set to zero, then this feature is disabled.