diff --git a/examples/l2tp.nix b/examples/l2tp.nix
index 31d8fd3..2fcf6bc 100644
--- a/examples/l2tp.nix
+++ b/examples/l2tp.nix
@@ -62,12 +62,9 @@ in rec {
     let
       pppoe = svc.pppoe.build {
         interface = config.hardware.networkInterfaces.wan;
-
-        ppp-options = [
-          "debug" "+ipv6" "noauth"
-          "name" rsecrets.l2tp.name
-          "password" rsecrets.l2tp.password
-        ];
+        debug = true;
+        username = rsecrets.l2tp.name;
+        password = rsecrets.l2tp.password;
       };
 
       l2tp =
diff --git a/modules/ppp/default.nix b/modules/ppp/default.nix
index 086fca9..495cde2 100644
--- a/modules/ppp/default.nix
+++ b/modules/ppp/default.nix
@@ -12,6 +12,8 @@
 let
   inherit (lib) mkOption types;
   inherit (pkgs) liminix;
+  mkStringOption =
+    description: mkOption { type = types.str; inherit description; };
 in {
   options = {
     system.service.pppoe = mkOption {
@@ -27,9 +29,34 @@ in {
         type = liminix.lib.types.service;
         description = "ethernet interface to run PPPoE over";
       };
+      username = mkStringOption "username";
+      password = mkStringOption "password";
+      lcpEcho = {
+        adaptive = mkOption {
+          description = "send LCP echo-request frames only if no traffic was received from the peer since the last echo-request was sent";
+          type = types.bool;
+          default = true;
+        };
+        interval = mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "send an LCP echo-request frame to the peer every n seconds";
+        };
+        failure =  mkOption {
+          type = types.nullOr types.int;
+          default = 3;
+          description = "terminate connection if n LCP echo-requests are sent without receiving a valid LCP echo-reply";
+        };
+      };
+      debug = mkOption {
+        description = "log the contents of all control packets sent or received";
+        default = false;
+        type = types.bool;
+      };
       ppp-options = mkOption {
         type = types.listOf types.str;
         description = "options supplied on ppp command line";
+        default = [];
       };
     };
     system.service.l2tp = config.system.callService ./l2tp.nix {
diff --git a/modules/ppp/pppoe.nix b/modules/ppp/pppoe.nix
index 33462c9..1dd38d5 100644
--- a/modules/ppp/pppoe.nix
+++ b/modules/ppp/pppoe.nix
@@ -6,11 +6,16 @@
 , writeAshScript
 , serviceFns
 } :
-{ interface, ppp-options }:
+{ interface,
+  ppp-options,
+  lcpEcho,
+  username,
+  password,
+  debug
+}:
 let
   inherit (liminix.services) longrun;
-  lcp-echo-interval = 4;
-  lcp-echo-failure = 3;
+  inherit (lib) optional optionals;
   name = "${interface.name}.pppoe";
   ip-up = writeAshScript "ip-up" {} ''
     . ${serviceFns} 
@@ -33,25 +38,35 @@ let
     )
     echo >/proc/self/fd/10
   '';
-  ppp-options' = ppp-options ++ [
-    "ip-up-script" ip-up
-    "ipv6-up-script" ip6-up
-    "ipparam" name
-    "nodetach"
-    "usepeerdns"
-    "lcp-echo-interval" (builtins.toString lcp-echo-interval)
-    "lcp-echo-failure" (builtins.toString lcp-echo-failure)
-    "logfd" "2"
-  ];
+  ppp-options' = ["+ipv6" "noauth"]
+    ++ optional debug "debug"
+    ++ optionals (username != null) ["name" username]
+    ++ optionals (password != null) ["password" password]
+    ++ optional lcpEcho.adaptive "lcp-echo-adaptive"
+    ++ optionals (lcpEcho.interval != null)
+      ["lcp-echo-interval" (builtins.toString lcpEcho.interval)]
+    ++ optionals (lcpEcho.failure != null)
+      ["lcp-echo-failure" (builtins.toString lcpEcho.failure)]
+    ++ ppp-options
+    ++ ["ip-up-script" ip-up
+        "ipv6-up-script" ip6-up
+        "ipparam" name
+        "nodetach"
+        "usepeerdns"
+        "logfd" "2"
+       ];
+  timeoutOpt = if lcpEcho.interval != null then "-T ${builtins.toString (4 * lcpEcho.interval)}" else "";
 in
 longrun {
   inherit name;
   run = ''
     . ${serviceFns}
     echo Starting pppoe, pppd pid is $$
-    exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe -T ${builtins.toString (4 * lcp-echo-interval)}  -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
+    exec ${ppp}/bin/pppd pty "${pppoe}/bin/pppoe ${timeoutOpt}  -I $(output ${interface} ifname)" ${lib.concatStringsSep " " ppp-options'}
   '';
   notification-fd = 10;
-  timeout-up = (10 + lcp-echo-failure * lcp-echo-interval) * 1000;
+  timeout-up = if lcpEcho.failure != null
+               then (10 + lcpEcho.failure * lcpEcho.interval) * 1000
+               else 60 * 1000;
   dependencies = [ interface ];
 }
diff --git a/modules/profiles/gateway.nix b/modules/profiles/gateway.nix
index 1df3c80..762b8c9 100644
--- a/modules/profiles/gateway.nix
+++ b/modules/profiles/gateway.nix
@@ -87,12 +87,7 @@ in {
     };
 
     services.wan = svc.pppoe.build {
-      inherit (cfg.wan) interface;
-      ppp-options = [
-        "debug" "+ipv6" "noauth"
-        "name" cfg.wan.username
-        "password" cfg.wan.password
-      ];
+      inherit (cfg.wan) interface username password;
     };
 
     services.packet_forwarding = svc.network.forward.build { };