; Variables can be one of the following type:
;
; Boolean
; Integer
; String
; IP address
; Enumeration
;
; Boolean has 2 possible states, each of them can be
; presented in several forms:
;   false: 0, no, off, false
;   true : 1, yes, on, true
;
; Integer is presented as decimal number with iptional sign
;
; String can be presented in three forms:
; string
; 'string'
; "string"
;
; NOTE: if string assigned to variable like this
;
;       	variable = some string value
;
;       then spaces between '=' and first not blank character in string
;       are deleted. If this spaces is significant, just use one of the
;       quoted representations of string.
;
; IP address is in usual dot-delimited-four-decimal-numbers format
;
; Enumeration

[plugman]
;this section contains global settings

[global]
;this section will be passed to all plugins

;include external file file.ext
;!include=file.ext

;Default priority setting is TC+0
;priority.class=3
;priority.delta=0

[<plugin_location>]
;section with such a name will be passed to all plugins
;which are loaded by "load=<plugin_location>" statement
[pl_ppp:pppport]
;test=test

;!include <section-name>
;this will pass all the options
;from <section-name> section to the plugin
;note: no recursion is allowed

[ppp]
load=pl_ppp:pppport
;bind=dod:dodfilter.port
bind=io:ccp.compressed
;bind=io:pppstack.io
;bind=io:nat.port

;com port options

    ;port.name=com1            - serial port name, for example:
        	;    port.name=\\server\comport
            ;    port.name=com2

    ;port.speed=               - serial port speed, default 38400
    port.speed=115200

    ;port.rtscts=0             - {0,1} - to use RTSCTS for flow control
    port.rtscts=1

    ;port.dcd=0                - {0,1} - to use DCD to track carrier loss
    port.dcd=1

    ;port.dtr=0                - {0,1} - is PPP allowed to use DTR line
    port.dtr=1

    ;port.modem.init       =   - default ATZ
    ;port.modem.dial       =   - default ATD
    port.modem.dial=ATDP
    ;port.modem.connect    =   - default CONNECT
    ;port.modem.busy       =   - default BUSY
    ;port.modem.nocarrier  =   - default NO CARRIER
    ;port.modem.nodialtone =   - default NO DIALTONE
    ;port.modem.ring       =   - default RING

    ; Actual interval between redials is random number
    ; betweem port.modem.redial.min to port.modem.redial.max
    ;
    ;port.modem.redial.min = 5
    ;port.modem.redial.max = 20

    ;port.script=              - file name or chat script, depending on the mode
    ;port.script.mode =        - {SLATTACH | DIAL | REXX} - default 'DIAL'

    port.script.mode=DIAL
    port.script=

    ;port.script.timeout=      - -1 disables timeout, suitable for dial-in
    port.script.timeout=120

    ;port.script.guard.timeout=300 - total time for chatting before restart

    ;port.phones=12345;        - list of phone numbers separated by ';'

    ;restart=-1                - how many times to restart (-1 - unlimited)
    restart=-1

;callback

    ;callback.mode=NONE ; {NONE, CLIENT, SERVER}
    ;callback.client.operation=0
    ;callback.client.location=      ; Use provider's provided opeation/location values
    ;callback.script
    ;callback.phones
    ;callback.script.timeout
    ;callback.script.mode
    ;callback.modem.*

;lcp options
    ;lcp peer-to-us options
        ;lcp.recv.ac=1 - {0,1} - if allow address/control compression
        ;lcp.recv.as=1 - {0,1} - if to negotiate accm ;if accm will not be negotiated it wil be ffffffff
        ;lcp.recv.accm=0 - 32bit hex number - what accm to propose to peer
        ;lcp.recv.mru=1500     - first MRU proposed during negotiation
        ;lcp.recv.maxmru=3500  - maximum accepted MRU
    ;lcp us-to-peer options
        ;lcp.send.ac=1 - {0,1} - if try to negotiate address/control compression
        ;lcp.send.as=1 - {0,1} - if allow accm negotiation
        ;lcp.send.accm=0 - 32bit hex number - what bits force to be set in accm
        ;lcp.send.mtu=1500
    ;lcp general options
        ;lcp.passive=0 - {0,1} - see description of passive ppp.exe option
        ;lcp.silent=0  - {0,1} - see description of silent ppp.exe option

        ;lcp.restart=3
        ;lcp.max.terminate=2
        ;lcp.max.configure=10

;authentication options
    ;server-role authentication options
        ;auth.serverenabled=0 - {0,1} - if require peer to authenticate
        ;auth.serverenabled=1
        ;note: The priorities of protocols are: chap, mschap, pap.
        ;      ie. if all protocols are enabled, the first proposed to peer
        ;      will be chap, then mschap and then pap.
        ;      First protocol accepted by peer will be used.
        ;      Peer must support either of protocols.

        ;auth.server.pap.enabled=1     - {0,1} - if pap authentication possible
        ;auth.server.chap.enabled=1    - {0,1} - if chap authentication possible
        ;auth.server.mschap.enabled=0  - {0,1} - if mschap authentication possible

        ;note: All following options can be used without protocol name part.
        ;      So you can set the option for all authentication protocols.
        ;      Given examples are for pap, but can be used for other protocols
        ;      too (if not specified otherwise)

        ;auth.server.chap.servername=  - string - name of this ppp side - not applicable for pap
        ;auth.server.pap.clientname=   - string - name of client to authenticate - obsolete - will be replaced by authbase
        ;auth.server.pap.clientpass=   - string - client's password - obsolete - will be replaced by authbase
        ;auth.server.pap.authbase=     - [<authdll>][,<params>] - authdll is the name of dll used to access authentication database
                                                            ; params is params string for that dll
                                                            ; either one can be not defined
                                                            ; default authdll with access database in file, it's params must contain
                                                            ; file name. the contents is as in standart ppp sct files
                                                            ; default file is %etc%\pap.sct for pap, %etc%\chap.sct for both chaps
        ;protocol - specific options
        ;auth.server.pap.timeout=10    - time in seconds -  how long to wait for peer to authenticate
        ;auth.server.mschap.servername=server
        ;auth.server.mschap.clientname=tivv
        ;auth.server.mschap.clientpass=hi
        ;auth.server.enabled=0
        ;auth.serverenabled=0

    ;client-role authentication options
        ;note: all next options can be used without protocol name part. so you can set the option for all authentication protocols
        ;all next options will be defined for pap, but can be used for other protocols too (if not specified otherwise)
        ;auth.client.pap.enabled=1     - {0,1} - if to agree to authenticate with pap
        ;auth.client.pap.servername=   - string - server name to authenticate with (not used in pap)
        ;auth.client.pap.clientname=   - string - your name as client
        ;auth.client.pap.clientpass=   - string - your password
        ;protocol - specific options

    ;PAP-only options
        ;auth.client.pap.max.authreq=6 - how many times to retry authentication
        ;auth.client.pap.restart       - how often to retry authentication
        ;auth.server.pap.timeout=10

    ;CHAP, MSCHAP options
        ;auth.server.chap.restart=2
        ;auth.server.chap.max.challenge=10
        ;auth.client.chap.timeout=10
        ;MSCHAP-only options
        ;auth.client.mschap.makelmresp=0 - {0,1} if make lan manager response

        auth.client.clientname=PUT LOGIN NAME HERE
        auth.client.clientpass=PUT PASSWORD HERE

;ip-protocol options
    ;ip.address=0.0.0.0 - doted decimal ip address - my ip address (will be asked from peer if 0)
    ;ip.peeraddress=0.0.0.0 - doted decimal ip address - fixed peer address. peer will be forced to use this address
    ;ip.address=10.0.5.1
    ;ip.peeraddress=10.0.5.2

    ;ip.restart=3
    ;ip.max.configure=10

;DNS addresses to propose to client
    ;ip.dns.primary=
    ;ip.dns.secondary=

;dial on demand options
;	 dod.enabled=1
    ; fake IP addresses for DoD interface
    ;dod.address=10.0.3.1
    ;dod.peeraddress=10.0.3.2
    ;dod.enabled
    ;dod.address
    ;dod.peeraddress - fake addresses for dod interface

;timeouts
;    timeout.idle.time = 10
;    timeout.idle.notify.start = 10
;    timeout.idle.notify.period = 2
;    timeout.idle.exit = 1

    ;timeout.idle.time=-1           - period of time after the last packet for timer to execute
    ;timeout.idle.exit=0            - If to exit sfppp or only restart connection
    ;timeout.idle.notify.start=0    - When to start notifying user (seconds before timer executing)
    ;timeout.idle.notify.period=0   - How often to make notifies

    ;timeout.connection.time=-1     - period of time after establishing connection for timer to execute
    ;timeout.connection.exit=0      - Boolean - If to exit sfppp or only restart connection
    ;timeout.connection.notify.start=0  - When to start notifying user (seconds before timer executing)
    ;timeout.connection.notify.period=0 - How often to make notifies

[pppstack]
load=pl_ppp:pppstack

;pppnum=10       - number of ppp interface to try to attach first
;pppfixed=1      - if to try to attach to tcpip-proposed interface(0) or
;                  to fail(1) if first try was not ok
;This variable defines prefix for interface name,
;by defaul set to 'ppp'
;prefix=ppp

;This parameter controls whenever ppp is allowed to set default route
;through peer address after establishing connection
;
; Type: Boolean
;defaultroute=0

defaultroute=1

;netmask=255.255.255.255 - netmask for interface
;proxyarp=no
;loopback.mode=2        {0,1,2}   0 - no loopback, 1 - loopback and forward, 2 - loopback only


[dodstack]
load=pl_ppp:pppstack

;Simplify catching up unusual interface name
prefix=dod
;pppnum=10
defaultroute=yes

[nat]

load=pl_alias:nat

bind=stack:filter.port
;bind=stack:pppstack.io

;map=<rule>

; This variable can be mentioned more than once, i.e. you can define as many
; port mappings as you wish by adding appropriate 'rule' variable.
;
; Each rule is described by two pairs addr:port as in following example:
;
;   map = 123.45.67.89:80,192.168.1.1:8080
;
; This rule will redirect all connections going trough SafeFire PPP to
; host 123.45.67.89 and port 80 (www) to host 192.168.1.1 and port 8080.
; You can use 0 in the place of first address if host is the same
; where SafeFire PPP is running.
; For example:
;
;   map = 0:80,10.0.1.1:8080
;
;   Rule above means that all connections going to the port 80 (WWW) of
;   the interface created by SafeFire PPP will be redirected to the port
;   8080 of the host 10.0.1.0 in an internal net.

;enabled=yes
;defragment=yes

forward_ignored=no
private_net=no

[filter]
load = pl_flt:filter
bind=stack:pppstack.io

enabled=no

; This variable can be mentioned more than once, i.e. you can define as many
; rules as you wish by adding appropriate 'rule' variable.
;
; Each rule is described using following syntax (refer to documentation
; for more details):
;   rule = [number] action [log] proto src dst [extra[,...]]
;
;     [log] : send information about matching packet to SYSLOG
;     action: {allow|accept|permit} | {deny|drop|reject}
;
;     proto : {all|ip|tcp|udp|icmp}
;
;     src   : from [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]
;     dst   : to [not] {any|ip[{/bits|:mask}]} [{port|port-port},[port],...]
;
;     extra : {fragment|in|out|established|setup|flags}
;     flags : tcpflags [!]{syn|fin|rst|ack|psh|urg},...

;rule=

[dodfilter]
load = pl_flt:filter
bind=stack:dodstack.io

enabled=yes
rule= allow log ip from any to any


[ccp]
load = pl_ppp:ccp
bind=data:nat.port

[plugman]
log.level=7
log.console=yes
buzz=1
;dump.rexx=0
;fhandles.max=
;message.hook=dnshook.cmd

