Initial commit

package/network/services/ppp/files/etc/ppp/chap-secrets

@@ -0,0 +1 @@
+#USERNAME  PROVIDER  PASSWORD  IPADDRESS

package/network/services/ppp/files/etc/ppp/filter

@@ -0,0 +1,23 @@
+#
+# Expression: outbound and not icmp[0] != 8 and not tcp[13] & 4 != 0
+#
+19
+48 0 0 0
+21 0 16 1
+40 0 0 2
+21 0 13 33
+48 0 0 13
+21 0 5 1
+40 0 0 10
+69 9 0 8191
+177 0 0 4
+80 0 0 4
+21 6 7 8
+21 0 5 6
+40 0 0 10
+69 3 0 8191
+177 0 0 4
+80 0 0 17
+69 1 0 4
+6 0 0 4
+6 0 0 0

package/network/services/ppp/files/etc/ppp/options

@@ -0,0 +1,8 @@
+#debug
+logfile /dev/null
+noipdefault
+noaccomp
+nopcomp
+nocrtscts
+lock
+maxfail 0

package/network/services/ppp/files/etc/ppp/options.pptp

@@ -0,0 +1,7 @@
+noipdefault
+noauth
+nobsdcomp
+nodeflate
+idle 0
+mppe required,no40,no56,stateless
+maxfail 0

package/network/services/ppp/files/etc/ppp/radius.conf

@@ -0,0 +1,8 @@
+authserver localhost:1812
+acctserver localhost:1813
+dictionary /etc/ppp/radius/dictionary
+servers /etc/ppp/radius/servers
+mapfile /dev/null
+seqfile /tmp/radius.seq
+radius_timeout 5
+radius_retries 3

package/network/services/ppp/files/etc/ppp/radius/dictionary

@@ -0,0 +1,253 @@
+#
+# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl
+#
+#	This file contains dictionary translations for parsing
+#	requests and generating responses.  All transactions are
+#	composed of Attribute/Value Pairs.  The value of each attribute
+#	is specified as one of 4 data types.  Valid data types are:
+#
+#	string - 0-253 octets
+#	ipaddr - 4 octets in network byte order
+#	integer - 32 bit value in big endian order (high byte first)
+#	date - 32 bit value in big endian order - seconds since
+#					00:00:00 GMT,  Jan.  1,  1970
+#
+#	Enumerated values are stored in the user file with dictionary
+#	VALUE translations for easy administration.
+#
+#	Example:
+#
+#	ATTRIBUTE	  VALUE
+#	---------------   -----
+#	Framed-Protocol = PPP
+#	7		= 1	(integer encoding)
+#
+
+# The dictionary format now supports vendor-specific attributes.
+# Vendors are introduced like this:
+#
+#	VENDOR vendor_name vendor_number
+#
+# For example:
+#
+#	VENDOR RoaringPenguin 10055
+#
+# Vendor-specific attributes have a fifth field with the name of the
+# vendor.  For example:
+#
+#       ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin
+#
+# introduces a Roaring Penguin vendor-specific attribbute with name
+# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin.
+
+#
+#	Following are the proper new names. Use these.
+#
+ATTRIBUTE	User-Name		1	string
+ATTRIBUTE	Password		2	string
+ATTRIBUTE	CHAP-Password		3	string
+ATTRIBUTE	NAS-IP-Address		4	ipaddr
+ATTRIBUTE	NAS-Port-Id		5	integer
+ATTRIBUTE	Service-Type		6	integer
+ATTRIBUTE	Framed-Protocol		7	integer
+ATTRIBUTE	Framed-IP-Address	8	ipaddr
+ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
+ATTRIBUTE	Framed-Routing		10	integer
+ATTRIBUTE	Filter-Id		11	string
+ATTRIBUTE	Framed-MTU		12	integer
+ATTRIBUTE	Framed-Compression	13	integer
+ATTRIBUTE	Login-IP-Host		14	ipaddr
+ATTRIBUTE	Login-Service		15	integer
+ATTRIBUTE	Login-TCP-Port		16	integer
+ATTRIBUTE	Reply-Message		18	string
+ATTRIBUTE	Callback-Number		19	string
+ATTRIBUTE	Callback-Id		20	string
+ATTRIBUTE	Framed-Route		22	string
+ATTRIBUTE	Framed-IPX-Network	23	ipaddr
+ATTRIBUTE	State			24	string
+ATTRIBUTE	Class			25	string
+ATTRIBUTE	Session-Timeout		27	integer
+ATTRIBUTE	Idle-Timeout		28	integer
+ATTRIBUTE	Termination-Action	29	integer
+ATTRIBUTE	Called-Station-Id	30	string
+ATTRIBUTE	Calling-Station-Id	31	string
+ATTRIBUTE	NAS-Identifier		32	string
+ATTRIBUTE	Acct-Status-Type	40	integer
+ATTRIBUTE	Acct-Delay-Time		41	integer
+ATTRIBUTE	Acct-Input-Octets	42	integer
+ATTRIBUTE	Acct-Output-Octets	43	integer
+ATTRIBUTE	Acct-Session-Id		44	string
+ATTRIBUTE	Acct-Authentic		45	integer
+ATTRIBUTE	Acct-Session-Time	46	integer
+ATTRIBUTE	Acct-Input-Packets	47	integer
+ATTRIBUTE	Acct-Output-Packets	48	integer
+ATTRIBUTE	Acct-Terminate-Cause	49	integer
+ATTRIBUTE	Chap-Challenge		60	string
+ATTRIBUTE	NAS-Port-Type		61	integer
+ATTRIBUTE	Port-Limit		62	integer
+ATTRIBUTE	Connect-Info		77	string
+
+# RFC 2869
+ATTRIBUTE	Acct-Interim-Interval	85	integer
+
+#
+#	Experimental Non Protocol Attributes used by Cistron-Radiusd
+#
+ATTRIBUTE	Huntgroup-Name		221	string
+ATTRIBUTE	User-Category		1029	string
+ATTRIBUTE	Group-Name		1030	string
+ATTRIBUTE	Simultaneous-Use	1034	integer
+ATTRIBUTE	Strip-User-Name		1035	integer
+ATTRIBUTE	Fall-Through		1036	integer
+ATTRIBUTE	Add-Port-To-IP-Address	1037	integer
+ATTRIBUTE	Exec-Program		1038	string
+ATTRIBUTE	Exec-Program-Wait	1039	string
+ATTRIBUTE	Hint			1040	string
+
+#
+#	Non-Protocol Attributes
+#	These attributes are used internally by the server
+#
+ATTRIBUTE	Expiration		  21	date
+ATTRIBUTE	Auth-Type		1000	integer
+ATTRIBUTE	Menu			1001	string
+ATTRIBUTE	Termination-Menu	1002	string
+ATTRIBUTE	Prefix			1003	string
+ATTRIBUTE	Suffix			1004	string
+ATTRIBUTE	Group			1005	string
+ATTRIBUTE	Crypt-Password		1006	string
+ATTRIBUTE	Connect-Rate		1007	integer
+
+#
+#       Experimental, implementation specific attributes
+#
+# Limit session traffic
+ATTRIBUTE	Session-Octets-Limit	227	integer
+# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
+ATTRIBUTE	Octets-Direction	228	integer
+
+#
+#	Integer Translations
+#
+
+#	User Types
+
+VALUE		Service-Type		Login-User		1
+VALUE		Service-Type		Framed-User		2
+VALUE		Service-Type		Callback-Login-User	3
+VALUE		Service-Type		Callback-Framed-User	4
+VALUE		Service-Type		Outbound-User		5
+VALUE		Service-Type		Administrative-User	6
+VALUE		Service-Type		NAS-Prompt-User		7
+
+#	Framed Protocols
+
+VALUE		Framed-Protocol		PPP			1
+VALUE		Framed-Protocol		SLIP			2
+
+#	Framed Routing Values
+
+VALUE		Framed-Routing		None			0
+VALUE		Framed-Routing		Broadcast		1
+VALUE		Framed-Routing		Listen			2
+VALUE		Framed-Routing		Broadcast-Listen	3
+
+#	Framed Compression Types
+
+VALUE		Framed-Compression	None			0
+VALUE		Framed-Compression	Van-Jacobson-TCP-IP	1
+
+#	Login Services
+
+VALUE		Login-Service		Telnet			0
+VALUE		Login-Service		Rlogin			1
+VALUE		Login-Service		TCP-Clear		2
+VALUE		Login-Service		PortMaster		3
+
+#	Status Types
+
+VALUE		Acct-Status-Type	Start			1
+VALUE		Acct-Status-Type	Stop			2
+VALUE		Acct-Status-Type	Accounting-On		7
+VALUE		Acct-Status-Type	Accounting-Off		8
+
+#	Authentication Types
+
+VALUE		Acct-Authentic		RADIUS			1
+VALUE		Acct-Authentic		Local			2
+VALUE		Acct-Authentic		PowerLink128		100
+
+#	Termination Options
+
+VALUE		Termination-Action	Default			0
+VALUE		Termination-Action	RADIUS-Request		1
+
+#	NAS Port Types, available in 3.3.1 and later
+
+VALUE		NAS-Port-Type		Async			0
+VALUE		NAS-Port-Type		Sync			1
+VALUE		NAS-Port-Type		ISDN			2
+VALUE		NAS-Port-Type		ISDN-V120		3
+VALUE		NAS-Port-Type		ISDN-V110		4
+
+#	Acct Terminate Causes, available in 3.3.2 and later
+
+VALUE           Acct-Terminate-Cause    User-Request            1
+VALUE           Acct-Terminate-Cause    Lost-Carrier            2
+VALUE           Acct-Terminate-Cause    Lost-Service            3
+VALUE           Acct-Terminate-Cause    Idle-Timeout            4
+VALUE           Acct-Terminate-Cause    Session-Timeout         5
+VALUE           Acct-Terminate-Cause    Admin-Reset             6
+VALUE           Acct-Terminate-Cause    Admin-Reboot            7
+VALUE           Acct-Terminate-Cause    Port-Error              8
+VALUE           Acct-Terminate-Cause    NAS-Error               9
+VALUE           Acct-Terminate-Cause    NAS-Request             10
+VALUE           Acct-Terminate-Cause    NAS-Reboot              11
+VALUE           Acct-Terminate-Cause    Port-Unneeded           12
+VALUE           Acct-Terminate-Cause    Port-Preempted          13
+VALUE           Acct-Terminate-Cause    Port-Suspended          14
+VALUE           Acct-Terminate-Cause    Service-Unavailable     15
+VALUE           Acct-Terminate-Cause    Callback                16
+VALUE           Acct-Terminate-Cause    User-Error              17
+VALUE           Acct-Terminate-Cause    Host-Request            18
+
+#
+#	Non-Protocol Integer Translations
+#
+
+VALUE		Auth-Type		Local			0
+VALUE		Auth-Type		System			1
+VALUE		Auth-Type		SecurID			2
+VALUE		Auth-Type		Crypt-Local		3
+VALUE		Auth-Type		Reject			4
+
+#
+#	Cistron extensions
+#
+VALUE		Auth-Type		Pam			253
+VALUE		Auth-Type		None			254
+
+#
+#	Experimental Non-Protocol Integer Translations for Cistron-Radiusd
+#
+VALUE		Fall-Through		No			0
+VALUE		Fall-Through		Yes			1
+VALUE		Add-Port-To-IP-Address	No			0
+VALUE		Add-Port-To-IP-Address	Yes			1
+
+#
+#	Configuration Values
+#	uncomment these two lines to turn account expiration on
+#
+
+#VALUE		Server-Config		Password-Expiration	30
+#VALUE		Server-Config		Password-Warning	5
+
+#       Octets-Direction
+VALUE		Octets-Direction        Sum			0
+VALUE		Octets-Direction        Input			1
+VALUE		Octets-Direction        Output			2
+VALUE		Octets-Direction        MaxOveral		3
+VALUE		Octets-Direction        MaxSession		4
+
+INCLUDE /etc/ppp/radius/dictionary.microsoft

package/network/services/ppp/files/etc/ppp/radius/dictionary.asnet

@@ -0,0 +1,3 @@
+VENDOR		ASNET		50000
+ATTRIBUTE	Speed-Down		1	string	ASNET
+ATTRIBUTE	Speed-Up		2	string	ASNET

package/network/services/ppp/files/etc/ppp/radius/dictionary.microsoft

@@ -0,0 +1,80 @@
+#
+#	Microsoft's VSA's, from RFC 2548
+#
+#
+
+VENDOR		Microsoft	311	Microsoft
+
+ATTRIBUTE	MS-CHAP-Response	1	string	Microsoft
+ATTRIBUTE	MS-CHAP-Error		2	string	Microsoft
+ATTRIBUTE	MS-CHAP-CPW-1		3	string	Microsoft
+ATTRIBUTE	MS-CHAP-CPW-2		4	string	Microsoft
+ATTRIBUTE	MS-CHAP-LM-Enc-PW	5	string	Microsoft
+ATTRIBUTE	MS-CHAP-NT-Enc-PW	6	string	Microsoft
+ATTRIBUTE	MS-MPPE-Encryption-Policy 7	string	Microsoft
+# This is referred to as both singular and plural in the RFC.
+# Plural seems to make more sense.
+ATTRIBUTE	MS-MPPE-Encryption-Type 8	string	Microsoft
+ATTRIBUTE	MS-MPPE-Encryption-Types  8	string	Microsoft
+ATTRIBUTE	MS-RAS-Vendor		9	integer	Microsoft
+ATTRIBUTE	MS-CHAP-Domain		10	string	Microsoft
+ATTRIBUTE	MS-CHAP-Challenge	11	string	Microsoft
+ATTRIBUTE	MS-CHAP-MPPE-Keys	12	string	Microsoft
+ATTRIBUTE	MS-BAP-Usage		13	integer	Microsoft
+ATTRIBUTE	MS-Link-Utilization-Threshold 14 integer	Microsoft
+ATTRIBUTE	MS-Link-Drop-Time-Limit	15	integer	Microsoft
+ATTRIBUTE	MS-MPPE-Send-Key	16	string	Microsoft
+ATTRIBUTE	MS-MPPE-Recv-Key	17	string	Microsoft
+ATTRIBUTE	MS-RAS-Version		18	string	Microsoft
+ATTRIBUTE	MS-Old-ARAP-Password	19	string	Microsoft
+ATTRIBUTE	MS-New-ARAP-Password	20	string	Microsoft
+ATTRIBUTE	MS-ARAP-PW-Change-Reason 21	integer	Microsoft
+
+ATTRIBUTE	MS-Filter		22	string	Microsoft
+ATTRIBUTE	MS-Acct-Auth-Type	23	integer	Microsoft
+ATTRIBUTE	MS-Acct-EAP-Type	24	integer	Microsoft
+
+ATTRIBUTE	MS-CHAP2-Response	25	string	Microsoft
+ATTRIBUTE	MS-CHAP2-Success	26	string	Microsoft
+ATTRIBUTE	MS-CHAP2-CPW		27	string	Microsoft
+
+ATTRIBUTE	MS-Primary-DNS-Server	28	ipaddr	Microsoft
+ATTRIBUTE	MS-Secondary-DNS-Server	29	ipaddr	Microsoft
+ATTRIBUTE	MS-Primary-NBNS-Server	30	ipaddr	Microsoft
+ATTRIBUTE	MS-Secondary-NBNS-Server 31	ipaddr	Microsoft
+
+#ATTRIBUTE	MS-ARAP-Challenge	33	string	Microsoft
+
+
+#
+#	Integer Translations
+#
+
+#	MS-BAP-Usage Values
+
+VALUE		MS-BAP-Usage		Not-Allowed	0
+VALUE		MS-BAP-Usage		Allowed		1
+VALUE		MS-BAP-Usage		Required	2
+
+#	MS-ARAP-Password-Change-Reason Values
+
+VALUE	MS-ARAP-PW-Change-Reason	Just-Change-Password		1
+VALUE	MS-ARAP-PW-Change-Reason	Expired-Password		2
+VALUE	MS-ARAP-PW-Change-Reason	Admin-Requires-Password-Change	3
+VALUE	MS-ARAP-PW-Change-Reason	Password-Too-Short		4
+
+#	MS-Acct-Auth-Type Values
+
+VALUE		MS-Acct-Auth-Type	PAP		1
+VALUE		MS-Acct-Auth-Type	CHAP		2
+VALUE		MS-Acct-Auth-Type	MS-CHAP-1	3
+VALUE		MS-Acct-Auth-Type	MS-CHAP-2	4
+VALUE		MS-Acct-Auth-Type	EAP		5
+
+#	MS-Acct-EAP-Type Values
+
+VALUE		MS-Acct-EAP-Type	MD5		4
+VALUE		MS-Acct-EAP-Type	OTP		5
+VALUE		MS-Acct-EAP-Type	Generic-Token-Card	6
+VALUE		MS-Acct-EAP-Type	TLS		13
+

package/network/services/ppp/files/etc/ppp/radius/servers

@@ -0,0 +1,2 @@
+# SERVER SECRET
+localhost secret

package/network/services/ppp/files/lib/netifd/ppp-down

@@ -0,0 +1,13 @@
+#!/bin/sh
+PPP_IPPARAM="$6"
+
+. /lib/netifd/netifd-proto.sh
+proto_init_update "$IFNAME" 0
+proto_send_update "$PPP_IPPARAM"
+
+[ -d /etc/ppp/ip-down.d ] && {
+	for SCRIPT in /etc/ppp/ip-down.d/*
+	do
+		[ -x "$SCRIPT" ] && "$SCRIPT" "$@"
+	done
+}

package/network/services/ppp/files/lib/netifd/ppp-up

@@ -0,0 +1,20 @@
+#!/bin/sh
+PPP_IPPARAM="$6"
+
+. /lib/netifd/netifd-proto.sh
+proto_init_update "$IFNAME" 1 1
+proto_set_keep 1
+[ -n "$PPP_IPPARAM" ] && {
+	[ -n "$IPLOCAL" ] && proto_add_ipv4_address "$IPLOCAL" 32 "" "${IPREMOTE:-2.2.2.2}"
+	[ -n "$IPREMOTE" ] && proto_add_ipv4_route 0.0.0.0 0 "$IPREMOTE"
+	[ -n "$DNS1" ] && proto_add_dns_server "$DNS1"
+	[ -n "$DNS2" -a "$DNS1" != "$DNS2" ] && proto_add_dns_server "$DNS2"
+}
+proto_send_update "$PPP_IPPARAM"
+
+[ -d /etc/ppp/ip-up.d ] && {
+	for SCRIPT in /etc/ppp/ip-up.d/*
+	do
+		[ -x "$SCRIPT" ] && "$SCRIPT" "$@"
+	done
+}

package/network/services/ppp/files/lib/netifd/ppp6-up

@@ -0,0 +1,34 @@
+#!/bin/sh
+PPP_IPPARAM="$6"
+
+. /lib/netifd/netifd-proto.sh
+proto_init_update "$IFNAME" 1 1
+proto_set_keep 1
+[ -n "$PPP_IPPARAM" ] && {
+	[ -n "$LLLOCAL" ] && proto_add_ipv6_address "$LLLOCAL" 128
+}
+proto_send_update "$PPP_IPPARAM"
+
+[ -d /etc/ppp/ip-up.d ] && {
+	for SCRIPT in /etc/ppp/ip-up.d/*
+	do
+		[ -x "$SCRIPT" ] && "$SCRIPT" "$@"
+	done
+}
+
+if [ -n "$AUTOIPV6" ]; then
+	ZONE=$(fw3 -q network $PPP_IPPARAM 2>/dev/null)
+
+	json_init
+	json_add_string name "${PPP_IPPARAM}_6"
+	json_add_string ifname "@$PPP_IPPARAM"
+	json_add_string proto "dhcpv6"
+	[ -n "$ZONE" ] && json_add_string zone "$ZONE"
+	[ -n "$EXTENDPREFIX" ] && json_add_string extendprefix 1
+	[ -n "$IP6TABLE" ] && json_add_string ip6table $IP6TABLE
+	[ -n "$PEERDNS" ] && json_add_boolean peerdns $PEERDNS
+	[ "$NOSOURCEFILTER" = "1" ] && json_add_boolean sourcefilter "0"
+	[ "$DELEGATE" = "0" ] && json_add_boolean delegate "0"
+	json_close_object
+	ubus call network add_dynamic "$(json_dump)"
+fi

package/network/services/ppp/files/ppp.sh

@@ -0,0 +1,334 @@
+#!/bin/sh
+
+[ -x /usr/sbin/pppd ] || exit 0
+
+[ -n "$INCLUDE_ONLY" ] || {
+	. /lib/functions.sh
+	. /lib/functions/network.sh
+	. ../netifd-proto.sh
+	init_proto "$@"
+}
+
+ppp_select_ipaddr()
+{
+	local subnets=$1
+	local res
+	local res_mask
+
+	for subnet in $subnets; do
+		local addr="${subnet%%/*}"
+		local mask="${subnet#*/}"
+
+		if [ -n "$res_mask" -a "$mask" != 32 ]; then
+			[ "$mask" -gt "$res_mask" ] || [ "$res_mask" = 32 ] && {
+				res="$addr"
+				res_mask="$mask"
+			}
+		elif [ -z "$res_mask" ]; then
+			res="$addr"
+			res_mask="$mask"
+		fi
+	done
+
+	echo "$res"
+}
+
+ppp_exitcode_tostring()
+{
+	local errorcode=$1
+	[ -n "$errorcode" ] || errorcode=5
+
+	case "$errorcode" in
+		0) echo "OK" ;;
+		1) echo "FATAL_ERROR" ;;
+		2) echo "OPTION_ERROR" ;;
+		3) echo "NOT_ROOT" ;;
+		4) echo "NO_KERNEL_SUPPORT" ;;
+		5) echo "USER_REQUEST" ;;
+		6) echo "LOCK_FAILED" ;;
+		7) echo "OPEN_FAILED" ;;
+		8) echo "CONNECT_FAILED" ;;
+		9) echo "PTYCMD_FAILED" ;;
+		10) echo "NEGOTIATION_FAILED" ;;
+		11) echo "PEER_AUTH_FAILED" ;;
+		12) echo "IDLE_TIMEOUT" ;;
+		13) echo "CONNECT_TIME" ;;
+		14) echo "CALLBACK" ;;
+		15) echo "PEER_DEAD" ;;
+		16) echo "HANGUP" ;;
+		17) echo "LOOPBACK" ;;
+		18) echo "INIT_FAILED" ;;
+		19) echo "AUTH_TOPEER_FAILED" ;;
+		20) echo "TRAFFIC_LIMIT" ;;
+		21) echo "CNID_AUTH_FAILED";;
+		*) echo "UNKNOWN_ERROR" ;;
+	esac
+}
+
+ppp_generic_init_config() {
+	proto_config_add_string username
+	proto_config_add_string password
+	proto_config_add_string keepalive
+	proto_config_add_boolean keepalive_adaptive
+	proto_config_add_int demand
+	proto_config_add_string pppd_options
+	proto_config_add_string 'connect:file'
+	proto_config_add_string 'disconnect:file'
+	[ -e /proc/sys/net/ipv6 ] && proto_config_add_string ipv6
+	proto_config_add_boolean authfail
+	proto_config_add_int mtu
+	proto_config_add_string pppname
+	proto_config_add_string unnumbered
+	proto_config_add_boolean persist
+	proto_config_add_int maxfail
+	proto_config_add_int holdoff
+	proto_config_add_boolean sourcefilter
+	proto_config_add_boolean delegate
+}
+
+ppp_generic_setup() {
+	local config="$1"; shift
+	local localip
+
+	json_get_vars ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns sourcefilter delegate
+
+	[ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6
+
+	if [ "$ipv6" = 0 ]; then
+		ipv6=""
+	elif [ -z "$ipv6" -o "$ipv6" = auto ]; then
+		ipv6=1
+		autoipv6=1
+	fi
+
+	if [ "${demand:-0}" -gt 0 ]; then
+		demand="precompiled-active-filter /etc/ppp/filter demand idle $demand"
+	else
+		demand=""
+	fi
+	if [ -n "$persist" ]; then
+		[ "${persist}" -lt 1 ] && persist="nopersist" || persist="persist"
+	fi
+	if [ -z "$maxfail" ]; then
+		[ "$persist" = "persist" ] && maxfail=0 || maxfail=1
+	fi
+	[ -n "$mtu" ] || json_get_var mtu mtu
+	[ -n "$pppname" ] || pppname="${proto:-ppp}-$config"
+	[ -n "$unnumbered" ] && {
+		local subnets
+		( proto_add_host_dependency "$config" "" "$unnumbered" )
+		network_get_subnets subnets "$unnumbered"
+		localip=$(ppp_select_ipaddr "$subnets")
+		[ -n "$localip" ] || {
+			proto_block_restart "$config"
+			return
+		}
+	}
+
+	[ -n "$keepalive" ] || keepalive="5 1"
+
+	local lcp_failure="${keepalive%%[, ]*}"
+	local lcp_interval="${keepalive##*[, ]}"
+	local lcp_adaptive="lcp-echo-adaptive"
+	[ "${lcp_failure:-0}" -lt 1 ] && lcp_failure=""
+	[ "$lcp_interval" != "$keepalive" ] || lcp_interval=5
+	[ "${keepalive_adaptive:-1}" -lt 1 ] && lcp_adaptive=""
+	[ -n "$connect" ] || json_get_var connect connect
+	[ -n "$disconnect" ] || json_get_var disconnect disconnect
+	[ "$sourcefilter" = "0" ] || sourcefilter=""
+	[ "$delegate" != "0" ] && delegate=""
+
+	proto_run_command "$config" /usr/sbin/pppd \
+		nodetach ipparam "$config" \
+		ifname "$pppname" \
+		${localip:+$localip:} \
+		${lcp_failure:+lcp-echo-interval $lcp_interval lcp-echo-failure $lcp_failure $lcp_adaptive} \
+		${ipv6:++ipv6} \
+		${autoipv6:+set AUTOIPV6=1} \
+		${ip6table:+set IP6TABLE=$ip6table} \
+		${peerdns:+set PEERDNS=$peerdns} \
+		${sourcefilter:+set NOSOURCEFILTER=1} \
+		${delegate:+set DELEGATE=0} \
+		nodefaultroute \
+		usepeerdns \
+		$demand $persist maxfail $maxfail \
+		${holdoff:+holdoff "$holdoff"} \
+		${username:+user "$username" password "$password"} \
+		${connect:+connect "$connect"} \
+		${disconnect:+disconnect "$disconnect"} \
+		ip-up-script /lib/netifd/ppp-up \
+		${ipv6:+ipv6-up-script /lib/netifd/ppp6-up} \
+		ip-down-script /lib/netifd/ppp-down \
+		${ipv6:+ipv6-down-script /lib/netifd/ppp-down} \
+		${mtu:+mtu $mtu mru $mtu} \
+		"$@" $pppd_options
+}
+
+ppp_generic_teardown() {
+	local interface="$1"
+	local errorstring=$(ppp_exitcode_tostring $ERROR)
+
+	case "$ERROR" in
+		0)
+		;;
+		2)
+			proto_notify_error "$interface" "$errorstring"
+			proto_block_restart "$interface"
+		;;
+		11|19)
+			json_get_var authfail authfail
+			proto_notify_error "$interface" "$errorstring"
+			if [ "${authfail:-0}" -gt 0 ]; then
+				proto_block_restart "$interface"
+			fi
+		;;
+		*)
+			proto_notify_error "$interface" "$errorstring"
+		;;
+	esac
+
+	proto_kill_command "$interface"
+}
+
+# PPP on serial device
+
+proto_ppp_init_config() {
+	proto_config_add_string "device"
+	ppp_generic_init_config
+	no_device=1
+	available=1
+	lasterror=1
+}
+
+proto_ppp_setup() {
+	local config="$1"
+
+	json_get_var device device
+	ppp_generic_setup "$config" "$device"
+}
+
+proto_ppp_teardown() {
+	ppp_generic_teardown "$@"
+}
+
+proto_pppoe_init_config() {
+	ppp_generic_init_config
+	proto_config_add_string "ac"
+	proto_config_add_string "service"
+	proto_config_add_string "host_uniq"
+	proto_config_add_int "padi_attempts"
+	proto_config_add_int "padi_timeout"
+
+	lasterror=1
+}
+
+proto_pppoe_setup() {
+	local config="$1"
+	local iface="$2"
+
+	/sbin/modprobe -qa slhc ppp_generic pppox pppoe
+
+	json_get_var mtu mtu
+	mtu="${mtu:-1492}"
+
+	json_get_var ac ac
+	json_get_var service service
+	json_get_var host_uniq host_uniq
+	json_get_var padi_attempts padi_attempts
+	json_get_var padi_timeout padi_timeout
+
+	ppp_generic_setup "$config" \
+		plugin pppoe.so \
+		${ac:+rp_pppoe_ac "$ac"} \
+		${service:+rp_pppoe_service "$service"} \
+		${host_uniq:+host-uniq "$host_uniq"} \
+		${padi_attempts:+pppoe-padi-attempts $padi_attempts} \
+		${padi_timeout:+pppoe-padi-timeout $padi_timeout} \
+		"nic-$iface"
+}
+
+proto_pppoe_teardown() {
+	ppp_generic_teardown "$@"
+}
+
+proto_pppoa_init_config() {
+	ppp_generic_init_config
+	proto_config_add_int "atmdev"
+	proto_config_add_int "vci"
+	proto_config_add_int "vpi"
+	proto_config_add_string "encaps"
+	no_device=1
+	available=1
+	lasterror=1
+}
+
+proto_pppoa_setup() {
+	local config="$1"
+	local iface="$2"
+
+	/sbin/modprobe -qa slhc ppp_generic pppox pppoatm
+
+	json_get_vars atmdev vci vpi encaps
+
+	case "$encaps" in
+		1|vc) encaps="vc-encaps" ;;
+		*) encaps="llc-encaps" ;;
+	esac
+
+	ppp_generic_setup "$config" \
+		plugin pppoatm.so \
+		${atmdev:+$atmdev.}${vpi:-8}.${vci:-35} \
+		${encaps}
+}
+
+proto_pppoa_teardown() {
+	ppp_generic_teardown "$@"
+}
+
+proto_pptp_init_config() {
+	ppp_generic_init_config
+	proto_config_add_string "server"
+	proto_config_add_string "interface"
+	available=1
+	no_device=1
+	lasterror=1
+}
+
+proto_pptp_setup() {
+	local config="$1"
+	local iface="$2"
+
+	local ip serv_addr server interface
+	json_get_vars interface server
+	[ -n "$server" ] && {
+		for ip in $(resolveip -t 5 "$server"); do
+			( proto_add_host_dependency "$config" "$ip" $interface )
+			serv_addr=1
+		done
+	}
+	[ -n "$serv_addr" ] || {
+		echo "Could not resolve server address"
+		sleep 5
+		proto_setup_failed "$config"
+		exit 1
+	}
+
+	/sbin/modprobe -qa slhc ppp_generic ppp_async ppp_mppe ip_gre gre pptp
+	sleep 1
+
+	ppp_generic_setup "$config" \
+		plugin pptp.so \
+		pptp_server $server \
+		file /etc/ppp/options.pptp
+}
+
+proto_pptp_teardown() {
+	ppp_generic_teardown "$@"
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+	add_protocol ppp
+	[ -f /usr/lib/pppd/*/pppoe.so ] && add_protocol pppoe
+	[ -f /usr/lib/pppd/*/pppoatm.so ] && add_protocol pppoa
+	[ -f /usr/lib/pppd/*/pptp.so ] && add_protocol pptp
+}