l2tpd.conf - L2TPD configuration file
The l2tpd.conf file contains configuration information for l2tpd, the
implementation of l2tp protocol.
The configuration file is composed of sections and parameters.
Each section has a given name which will be used when using the
configuration FIFO (normaly /var/run/l2tp-control). See l2tpd.8 for more
details.
The specific given name default will specify parameters
applicables for all the following sections.
- auth file
- Specify where to find the authentication file used to authenticate l2tp
tunnels. The default is /usr/local/etc/l2tp/l2tp-secrets.
- Address
- Specify which IP address l2tpd should use. The default is all addresses.
- Port
- Specify which udp port l2tpd should use. The default is 1701.
- access control
- If set to use, the l2tpd process will only accept connections from peers
addresses specified in the following sections. CHECK
- exclusive
- If set to yes, only one control tunnel will be allowed to be built between
2 peers. CHECK
- (no) ip range
- Specify the range of ip addresses the LNS will assign to the connecting
LAC PPP tunnels. Multiple ranges can be defined. Using the 'no' statement
disallows the use of that particular range. Ranges are defined using the
format IP - IP (example: 1.1.1.1 - 1.1.1.10)
- (no) lac
- Specify the ip addresses of LAC's which are allowed to connect to l2tpd
acting as a LNS. The format is the same as the ip range option.
- hidden bit
- If set to yes, l2tpd will use the AVP hiding feature of L2TP. To get more
information about hidden AVP's and AVP in general, refer to rfc2661 (add
URL?)
- local ip
- Use the following IP as l2tpd's own ip address.
- length bit
- If set to yes, the length bit present in the l2tp packet payload will be
used.
- (refuse | require) chap
- Will require or refuse the remote peer to get authenticated via CHAP for
the ppp authentication.
- (refuse | require) pap
- Will require or refuse the remote peer to get authenticated via PAP for
the ppp authentication.
- (refuse | require) authentication
- Will require or refuse the remote peer to authenticate itself.
- unix authentication
- If set to yes, /etc/passwd will be used for remote peer ppp
authentication.
- hostname
- Will report this as the l2tpd hostname in negociation.
- ppp debug
- This will enable the debug for pppd.
- pppoptfile
- Specify the path for a file which contains pppd configuration parameters
to be used.
- call rws
- This option is deprecated and no longer functions. It used to be used to
define the flow control window size for individual L2TP calls or sessions.
The L2TP standard (RFC2661) no longer defines flow control or window sizes
on calls or sessions.
- tunnel rws
- This defines the window size of the control channel. The window size is
defined as the number of outstanding unacknowledged packets, not as a
number of bytes.
- flow bits
- If set to yes, sequence numbers will be included in the communication. The
feature to use sequence numbers in sessions is currently broken and does
not function.
- challenge
- If set to yes, use challenge authentication to authenticate peer.
The following are LAC specific configuration flags. Most of those described in
the LNS section may be used in a LAC context, where it make common sense
(essentially l2tp procotols tuning flags and authentication / ppp related
ones).
- lns
- Set the dns name or ip address of the LNS to connect to.
- redial
- If set to yes, l2tpd will attemps to redial if the call get disconected.
- redial timeout
- Wait X seconds before redial. The redial option must be set to yes to use
this option.
- max redial
- Will give up redial tries after X attempts.
/usr/local/etc/l2tp/l2tpd.conf /usr/local/etc/l2tp/l2tp-secrets
/var/run/l2tp-control
Please address bugs and comment to l2tpd-dev@l2tpd.org
Jeff McAdams <jeffm@iglou.com>
Previous development was hosted at sourceforge
(http://www.sourceforge.net/projects/l2tpd) by:
Scott Balmos <sbalmos@iglou.com>
David Stipp <dstipp@one.net>
Jeff McAdams <jeffm@iglou.com>
Based off of l2tpd version 0.60
Copyright (C)1998 Adtran, Inc.
Mark Spencer <markster@marko.net>