welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Convert docbook documentation to markdown, add build mechanism using pandoc

Browse source
This commit is contained in:
Julien Rabier 2021-01-31 17:06:23 +01:00
parent db5ff8c356
commit 72609641db
26 changed files with 4273 additions and 6022 deletions
Download patch file Download diff file Expand all files Collapse all files

181
docs/manpages/l2tpns.8 Normal file
View file

@ -0,0 +1,181 @@
.SH NAME
.PP
l2tpns - Layer 2 tunneling protocol network server (LNS)
.SH SYNOPSIS
.PP
\f[B]l2tpns\f[R] [-\f[B]d\f[R]] [-\f[B]v\f[R]] [-\f[B]c\f[R]
\f[I]file\f[R]] [-\f[B]h\f[R] \f[I]hostname\f[R]]
.SH DESCRIPTION
.PP
\f[B]l2tpns\f[R] is a daemon for terminating layer 2 tunneling protocol
(L2TP: RFC2661) sessions.
.PP
\f[B]l2tpns\f[R] is a complete L2TP implementation.
It supports the LAC, LNS, PPPOE and DHCPv6 server.
.PP
Once running, \f[B]l2tpns\f[R] may be controlled by telnetting to port
23 on the machine running the daemon and with the \f[B]nsctl\f[R]
utility.
.SH OPTIONS
.IP \[bu] 2
\f[B]-d\f[R] Detach from terminal and fork into the background.
By default l2tpns will stay in the foreground.
.RS 2
.PP
\&.
.RE
.IP \[bu] 2
\f[B]-v\f[R] Increase verbosity for debugging.
Can be used multiple times.
.RS 2
.PP
\&.
.RE
.IP \[bu] 2
\f[B]-c\f[R] \f[I]file\f[R]
.RS 2
.PP
Specify configuration file.
.RE
.IP \[bu] 2
\f[B]-h\f[R] \f[I]hostname\f[R]
.RS 2
.PP
Force hostname to \f[I]hostname\f[R].
.RE
.SH FILES
.IP \[bu] 2
\f[I]/etc/l2tpns/startup-config\f[R]
.RS 2
.PP
The default configuration file.
.RE
.IP \[bu] 2
\f[I]/etc/l2tpns/ip_pool\f[R]
.RS 2
.PP
IP address pool configuration.
.RE
.IP \[bu] 2
\f[I]/etc/l2tpns/users\f[R]
.RS 2
.PP
Username/password configuration for access to admin interface.
.RE
.SH SIGNALS
.IP \[bu] 2
\f[B]SIGHUP\f[R] Reload the config from disk and re-open log file.
.RS 2
.PP
\&.
.RE
.IP \[bu] 2
\f[B]SIGTERM\f[R], \f[B]SIGINT\f[R]
.RS 2
.PP
Stop process.
Tunnels and sessions are not terminated.
This signal should be used to stop l2tpns on a cluster node where there
are other machines to continue handling traffic.
.RE
.IP \[bu] 2
\f[B]SIGQUIT\f[R]
.RS 2
.PP
Shut down tunnels and sessions, exit process when complete.
.RE
.SH MANAGED RADIUS ATTRIBUTE
.IP \[bu] 2
\f[B]Ascend-Client-Primary-DNS\f[R],
\f[B]Ascend-Client-Secondary-DNS\f[R]
.RS 2
.PP
Specifies a primary and secondary DNS server address to send to user.
.RE
.IP \[bu] 2
\f[B]Delegated-IPv6-Prefix\f[R]
.RS 2
.PP
Assign a network address IPv6 prefix to a user by DHCPv6.
.RE
.IP \[bu] 2
\f[B]Framed-IP-Address\f[R]
.RS 2
.PP
The address to be configured for the user (IPv4 address of the interface
ppp).
.RE
.IP \[bu] 2
\f[B]Framed-Route\f[R]
.RS 2
.PP
provides routing information to be configured for the user.
.RE
.IP \[bu] 2
\f[B]Framed-IPv6-Route\f[R]
.RS 2
.PP
Has the same action as \f[B]Delegated-IPv6-Prefix\f[R].
\f[B]Delegated-IPv6-Prefix\f[R] is the correct one to use.
.RE
.IP \[bu] 2
\f[B]Framed-IPv6-Address\f[R]
.RS 2
.PP
IPv6 address to be assigned to the user by DHCPv6 (IPv6 address of the
interface ppp).
.RE
.IP \[bu] 2
\f[B]Idle-Timeout\f[R]
.RS 2
.PP
disconnects the session if no data for more than \f[B]Idle-Timeout\f[R]
(in seconds).
.RE
.IP \[bu] 2
\f[B]Session-Timeout\f[R]
.RS 2
.PP
disconnects the user session when the time \f[B]Session-Timeout\f[R] is
reached (in seconds).
.RE
.IP \[bu] 2
\f[B]Tunnel-Type\f[R], \f[B]Tunnel-Medium-Type\f[R],
\f[B]Tunnel-Server-Endpoint\f[R], \f[B]Tunnel-Password\f[R],
\f[B]Tunnel-Assignment-Id\f[R]
.RS 2
.PP
attributes returned by the Radius of the remote LNS server (LAC
functionality).
.PP
example, Radius that return the information of 2 remote LNS server with
which must be open a L2TP TUNNEL:
.IP \[bu] 2
\f[B]Tunnel-Type\f[R]: 1 = L2TP
.IP \[bu] 2
\f[B]Tunnel-Medium-Type\f[R]: 1 = IPv4
.IP \[bu] 2
\f[B]Tunnel-Password\f[R]: 1 = \[lq]TheSecretL2TP\[rq]
.IP \[bu] 2
\f[B]Tunnel-Server-Endpoint\f[R]: 1 = \[lq]88.xx.xx.x1\[rq]
.IP \[bu] 2
\f[B]Tunnel-Assignment-Id\f[R]: 1 = \[lq]friendisp_lns1\[rq]
.IP \[bu] 2
\f[B]Tunnel-Type\f[R]: 2 = L2TP
.IP \[bu] 2
\f[B]Tunnel-Medium-Type\f[R]: 2 = IPv4
.IP \[bu] 2
\f[B]Tunnel-Password\f[R]: 2 = \[lq]TheSecretL2TP\[rq]
.IP \[bu] 2
\f[B]Tunnel-Server-Endpoint\f[R]: 2 = \[lq]88.xx.xx.x2\[rq]
.IP \[bu] 2
\f[B]Tunnel-Assignment-Id\f[R]: 2 = \[lq]friendisp_lns2\[rq]
.RE
.SH SEE ALSO
.PP
\f[B]startup-config\f[R](5), \f[B]nsctl\f[R](8)
.SH AUTHOR
.PP
This manual page was written by Jonathan McDowell <noodles@earth.li> and
Fernando Alves (fendo\[at]sameswifi.fr), for the Debian GNU/Linux system
(but may be used by others).

51
docs/manpages/nsctl.8 Normal file
View file

@ -0,0 +1,51 @@
.SH NAME
.PP
nsctl - manage running l2tpns instance
.SH SYNOPSIS
.PP
\f[B]nsctl\f[R] [\f[B]-d\f[R]] [\f[B]-h\f[R]
\f[I]host\f[R][:\f[I]port\f[R]]] [\f[B]-t\f[R] \f[I]timeout\f[R]]
\f[I]command\f[R] [\f[I]arg\f[R] ...]
.SH DESCRIPTION
.PP
\f[B]nsctl\f[R] sends commands to a running \f[B]l2tpns\f[R] process.
It provides both for the loading or unloading of plugins and also the
management of sessions via functions provided by those plugins.
.SH OPTIONS
.TP
\f[B]-d\f[R]
Enable debugging output.
.TP
\f[B]-h \f[BI]host\f[B][:\f[BI]port\f[B]]\f[R]
The host running \f[B]l2tpns\f[R] that should receive the message.
By default the message is sent to UDP port 1702 on \f[B]localhost\f[R].
.TP
\f[B]-t \f[BI]timeout\f[B]\f[R]
Timeout in seconds to wait for a response from the server.
.SH COMMANDS
.PP
The first argument specifies the command to send to \f[B]l2tpns .\f[R]
The following commands are as defined:
.TP
\f[B]load_plugin \f[R]\f[I]plugin\f[R]
Load the named \f[I]plugin\f[R].
.TP
\f[B]unload_plugin \f[R]\f[I]plugin\f[R]
Unload the named \f[I]plugin\f[R].
.TP
\f[B]help\f[R]
Each loaded plugin is queried for what commands it supports and the
synopsis for each is output.
.PP
Any other value of \f[I]command\f[R] (and \f[I]args\f[R] if any) are
sent to \f[B]l2tpns\f[R] as-is, to be passed to each plugin which
registers a \f[B]plugin_control\f[R] function in turn (in which it may
be acted upon).
.SH SEE ALSO
.PP
\f[B]l2tpns\f[R](8)
.SH AUTHOR
.PP
This manual page was written by Jonathan McDowell
<noodles\[at]the.earth.li>, for the Debian GNU/Linux system (but may be
used by others).

682
docs/manpages/startup-config.5 Normal file
View file

@ -0,0 +1,682 @@
.SH NAME
.PP
startup-config - configuration file for l2tpns
.SH SYNOPSIS
.PP
/etc/l2tpns/startup-config
.SH DESCRIPTION
.PP
\f[B]startup-config\f[R] is the configuration file for \f[B]l2tpns\f[R]
.PP
The format is plain text, in the same format as accepted by the
configuration mode of l2tpns\[cq]s telnet administrative interface.
Comments are indicated by either the character # or !.
.SS SETTINGS
.PP
Settings are specified with
.IP \[bu] 2
\f[B]set\f[R] \f[C]variable\f[R] \f[C]value\f[R]
.PP
A list of the possible configuration directives follows.
Each of these should be set by a line like:
.IP \[bu] 2
\f[B]set\f[R] \f[I]configstring\f[R] \f[I]\[lq]value\[rq]\f[R]
.IP \[bu] 2
\f[B]set\f[R] \f[I]ipaddress\f[R] \f[I]192.168.1.1\f[R]
.IP \[bu] 2
\f[B]set\f[R] \f[I]boolean\f[R] \f[I]true\f[R]
.PP
The following \f[C]variables\f[R] may be set:
.IP \[bu] 2
\f[B]accounting_dir\f[R] (string)
.RS 2
.PP
If set to a directory, then every 5 minutes the current usage for every
connected use will be dumped to a file in this directory.
Each file dumped begins with a header, where each line is prefixed by #.
Following the header is a single line for every connected user, fields
separated by a space.
.PP
The fields are username, ip, qos, uptxoctets, downrxoctets, origin
(optional).
The qos field is 1 if a standard user, and 2 if the user is throttled.
The origin field is dump if \f[B]account_all_origin\f[R] is set to true
(origin value: L=LAC data, R=Remote LNS data, P=PPPOE data).
.RE
.IP \[bu] 2
\f[B]account_all_origin\f[R] (boolean)
.RS 2
.PP
If set to true, all origin of the usage is dumped to the accounting file
(LAC+Remote LNS+PPPOE)(default false).
.RE
.IP \[bu] 2
\f[B]allow_duplicate_users\f[R] (boolean)
.RS 2
.PP
Allow multiple logins with the same username.
If false (the default), any prior session with the same username will be
dropped when a new session is established.
.RE
.IP \[bu] 2
\f[B]auth_tunnel_change_addr_src\f[R] (boolean)
.RS 2
.PP
This parameter authorize to change the source IP of the tunnels l2tp.
This parameter can be used when the remotes BAS/LAC are l2tpns server
configured in cluster mode, but that the interface to remote LNS are not
clustered (the tunnel can be coming from different source IP) (default:
no).
.RE
.IP \[bu] 2
\f[B]bind_address\f[R] (ip address)
.RS 2
.PP
It\[cq]s the listen address of the l2tp udp protocol sent and received
to LAC.
This address is also assigned to the tun interface if no iftun_address
is specified.
Packets containing user traffic should be routed via this address if
given, otherwise the primary address of the machine.
.RE
.IP \[bu] 2
\f[B]bind_multi_address\f[R] (ip address)
.RS 2
.PP
This parameter permit one to listen several address of the l2tp udp
protocol (and set several address to the tun interface).
.PP
WHEN this parameter is set, It OVERWRITE the parameters
\[lq]bind_address\[rq] and \[lq]iftun_address\[rq].
.PP
these can be interesting when you want do load-balancing in cluster mode
of the uploaded from the LAC.
For example you can set a bgp.prepend(MY_AS) for Address1 on LNS1 and a
bgp.prepend(MY_AS) for Address2 on LNS2 (see BGP AS-path prepending).
.PP
example of use with 2 address:
.PP
\f[B]set\f[R] \f[I]bind_multi_address\f[R] \[lq]64.14.13.41,
64.14.13.42\[rq]
.RE
.IP \[bu] 2
\f[B]cluster_address\f[R] (ip address)
.RS 2
.PP
Multicast cluster address (default: 239.192.13.13).
See the section on Clustering for more information.
.RE
.IP \[bu] 2
\f[B]Bcluster_port\f[R] (int)
.RS 2
.PP
UDP cluster port (default: 32792).
See the section on Clustering for more information.
.RE
.IP \[bu] 2
\f[B]cluster_interface\f[R] (string)
.RS 2
.PP
Interface for cluster packets (default: eth0).
.RE
.IP \[bu] 2
\f[B]cluster_mcast_ttl\f[R] (int)
.RS 2
.PP
TTL for multicast packets (default: 1).
.RE
.IP \[bu] 2
\f[B]cluster_hb_interval\f[R] (int)
.RS 2
.PP
Interval in tenths of a second between cluster heartbeat/pings.
.RE
.IP \[bu] 2
\f[B]cluster_hb_timeout\f[R] (int)
.RS 2
.PP
Cluster heartbeat timeout in tenths of a second.
A new master will be elected when this interval has been passed without
seeing a heartbeat from the master.
.RE
.IP \[bu] 2
\f[B]cluster_master_min_adv\f[R] (int)
.RS 2
.PP
Determines the minimum number of up to date slaves required before the
master will drop routes (default: 1).
.RE
.IP \[bu] 2
\f[B]debug\f[R] (int)
.RS 2
.PP
Set the level of debugging messages written to the log file.
The value should be between 0 and 5, with 0 being no debugging, and 5
being the highest.
A rough description of the levels is:
\[bu] .RS 2
.IP "0." 3
Critical Errors - Things are probably broken
.RE
\[bu] .RS 2
.IP "1." 3
Errors - Things might have gone wrong, but probably will recover
.RE
\[bu] .RS 2
.IP "2." 3
Warnings - Just in case you care what is not quite perfect
.RE
\[bu] .RS 2
.IP "3." 3
Information - Parameters of control packets
.RE
\[bu] .RS 2
.IP "4." 3
Calls - For tracing the execution of the code
.RE
\[bu] .RS 2
.IP "5." 3
Packets - Everything, including a hex dump of all packets processed\&...
probably twice
.RE
.PP
Note that the higher you set the debugging level, the slower the program
will run.
Also, at level 5 a LOT of information will be logged.
This should only ever be used for working out why it doesn\[cq]t work at
all.
.RE
.IP \[bu] 2
\f[B]dump_speed\f[R] (boolean)
.RS 2
.PP
If set to true, then the current bandwidth utilization will be logged
every second.
Even if this is disabled, you can see this information by running the
uptime command on the CLI.
.RE
.IP \[bu] 2
\f[B]disable_sending_hello\f[R] (boolean)
.RS 2
.PP
Disable l2tp sending HELLO message for Apple compatibility.
Some OS X implementation of l2tp no manage the L2TP \[lq]HELLO
message\[rq].
(default: no).
.RE
.IP \[bu] 2
\f[B]echo_timeout\f[R] (int)
.RS 2
.PP
Time between last packet sent and LCP ECHO generation (default: 10
(seconds)).
.RE
.IP \[bu] 2
\f[B]guest_account\f[R]
.RS 2
.PP
Allow multiple logins matching this specific username.
.RE
.IP \[bu] 2
\f[B]icmp_rate\f[R] (int)
.RS 2
.PP
Maximum number of host unreachable ICMP packets to send per second.
.RE
.IP \[bu] 2
\f[B]idle_echo_timeout\f[R] (int)
.RS 2
.PP
Drop sessions who have not responded within idle_echo_timeout seconds
(default: 240 (seconds))
.RE
.IP \[bu] 2
\f[B]iftun_address\f[R] (ip address)
.RS 2
.PP
This parameter is used when you want a tun interface address different
from the address of \[lq]bind_address\[rq] (For use in cases of specific
configuration).
If no address is given to iftun_address and bind_address, 1.1.1.1 is
used.
.RE
.IP \[bu] 2
\f[B]l2tp_mtu\f[R] (int)
.RS 2
.PP
MTU of interface for L2TP traffic (default: 1500).
Used to set link MRU and adjust TCP MSS.
.RE
.IP \[bu] 2
\f[B]l2tp_secret\f[R] (string)
.RS 2
.PP
The secret used by l2tpns for authenticating tunnel request.
Must be the same as the LAC, or authentication will fail.
Only actually be used if the LAC requests authentication.
.RE
.IP \[bu] 2
\f[B]lock_pages\f[R] (boolean)
.RS 2
.PP
Keep all pages mapped by the l2tpns process in memory.
.RE
.IP \[bu] 2
\f[B]log_file\f[R] (string)
.RS 2
.PP
This will be where all logging and debugging information is written
to.This may be either a filename, such as /var/log/l2tpns, or the string
syslog:facility, where facility is any one of the syslog logging
facilities, such as local5.
.RE
.IP \[bu] 2
\f[B]multi_read_count\f[R] (int)
.RS 2
.PP
Number of packets to read off each of the UDP and TUN fds when returned
as readable by select (default: 10).
Avoids incurring the unnecessary system call overhead of select on busy
servers.
.RE
.IP \[bu] 2
\f[B]packet_limit\f[R] (int>
.RS 2
.PP
Maximum number of packets of downstream traffic to be handled each tenth
of a second per session.
If zero, no limit is applied (default: 0).
Intended as a DoS prevention mechanism and not a general throttling
control (packets are dropped, not queued).
.RE
.IP \[bu] 2
\f[B]peer_address\f[R] (ip address)
.RS 2
.PP
Address to send to clients as the default gateway.
.RE
.IP \[bu] 2
\f[B]pid_file\f[R] (string)
.RS 2
.PP
If set, the process id will be written to the specified file.
The value must be an absolute path.
.RE
.IP \[bu] 2
\f[B]ppp_keepalive\f[R] (boolean)
.RS 2
.PP
Change this value to no to force generation of LCP ECHO every
echo_timeout seconds, even there are activity on the link (default: yes)
.RE
.IP \[bu] 2
\f[B]ppp_restart_time\f[R] (int)
.IP \[bu] 2
\f[B]ppp_max_configure\f[R] (int)
.IP \[bu] 2
\f[B]ppp_max_failure\f[R] (int)
.RS 2
.PP
PPP counter and timer values, as described in Section 4.1 of RFC1661.
.PP
\f[I]ppp_restart_time\f[R], Restart timer for PPP protocol negotiation
in seconds (default: 3).
.PP
\f[I]ppp_max_configure\f[R], Number of configure requests to send before
giving up (default: 10).
.PP
\f[I]ppp_max_failure\f[R], Number of Configure-Nak requests to send
before sending a Configure-Reject (default: 5).
.RE
.IP \[bu] 2
\f[B]primary_dns\f[R] (ip address), \f[B]secondary_dns\f[R] (ip address)
.RS 2
.PP
Whenever a PPP connection is established, DNS servers will be sent to
the user, both a primary and a secondary.
If either is set to 0.0.0.0, then that one will not be sent.
.RE
.IP \[bu] 2
\f[B]primary_radius\f[R] (ip address), \f[B]secondary_radius\f[R] (ip
address)
.RS 2
.PP
Sets the RADIUS servers used for both authentication and accounting.
If the primary server does not respond, then the secondary RADIUS server
will be tried.
.PP
Note: in addition to the source IP address and identifier, the RADIUS
server must include the source port when detecting duplicates to
suppress (in order to cope with a large number of sessions coming
on-line simultaneously l2tpns uses a set of udp sockets, each with a
separate identifier).
.RE
.IP \[bu] 2
\f[B]primary_radius_port\f[R] (short), \f[B]secondary_radius_port\f[R]
(short)
.RS 2
.PP
Sets the authentication ports for the primary and secondary RADIUS
servers.
The accounting port is one more than the authentication port.
If no RADIUS ports are given, the authentication port defaults to 1645,
and the accounting port to 1646.
.RE
.IP \[bu] 2
\f[B]radius_accounting\f[R] (boolean)
.RS 2
.PP
If set to true, then RADIUS accounting packets will be sent.
This means that a \f[B]Start\f[R] record will be sent when the session
is successfully authenticated, and a \f[B]Stop\f[R] record will be sent
when the session is closed.
.RE
.IP \[bu] 2
\f[B]radius_interim\f[R] (int)
.RS 2
.PP
If radius_accounting is on, defines the interval between sending of
RADIUS interim accounting records (in seconds).
.RE
.IP \[bu] 2
\f[B]radius_secret\f[R] (string)
.RS 2
.PP
This secret will be used in all RADIUS queries.
If this is not set then RADIUS queries will fail.
.RE
.IP \[bu] 2
\f[B]radius_authtypes\f[R] (string)
.RS 2
.PP
A comma separated list of supported RADIUS authentication methods
(\[lq]pap\[rq] or \[lq]chap\[rq]), in order of preference (default
\[lq]pap\[rq]).
.RE
.IP \[bu] 2
\f[B]radius_dae_port\f[R] (short)
.RS 2
.PP
Port for DAE RADIUS (Packet of Death/Disconnect, Change of
Authorization) requests (default: 3799).
.RE
.IP \[bu] 2
\f[B]radius_bind_min\f[R], \f[B]radius_bind_max\f[R] (int)
.RS 2
.PP
Define a port range in which to bind sockets used to send and receive
RADIUS packets.
Must be at least RADIUS_FDS (64) wide.
Simplifies firewalling of RADIUS ports (default: dynamically assigned).
.RE
.IP \[bu] 2
\f[B]random_device\f[R] (string)
.RS 2
.PP
Path to random data source (default /dev/urandom).
Use \[dq]\[dq] to use the rand() library function.
.RE
.IP \[bu] 2
\f[B]scheduler_fifo\f[R] (boolean)
.RS 2
.PP
Sets the scheduling policy for the l2tpns process to SCHED_FIFO.
This causes the kernel to immediately preempt any currently running
SCHED_OTHER (normal) process in favour of l2tpns when it becomes
runnable.
Ignored on uniprocessor systems.
.RE
.IP \[bu] 2
\f[B]send_garp\f[R] (boolean)
.RS 2
.PP
Determines whether or not to send a gratuitous ARP for the bind_address
when the server is ready to handle traffic (default: true).
This value is ignored if BGP is configured.
.RE
.IP \[bu] 2
\f[B]tundevicename\f[R] (string)
.RS 2
.PP
Name of the tun interface (default: \[lq]tun0\[rq]).
.RE
.IP \[bu] 2
\f[B]throttle_speed\f[R] (int)
.RS 2
.PP
Sets the default speed (in kbits/s) which sessions will be limited to.
If this is set to 0, then throttling will not be used at all.
Note: You can set this by the CLI, but changes will not affect currently
connected users.
.RE
.IP \[bu] 2
\f[B]throttle_buckets\f[R] (int)
.RS 2
.PP
Number of token buckets to allocate for throttling.
Each throttled session requires two buckets (in and out).
.RE
.SS DHCPv6 And IPv6 SETTINGS
.IP \[bu] 2
\f[B]dhcp6_preferred_lifetime\f[R] (int)
.RS 2
.PP
The preferred lifetime for the IPv6 address and the IPv6 prefix address,
expressed in units of seconds (see rfc3315).
.RE
.IP \[bu] 2
\f[B]dhcp6_valid_lifetime\f[R] (int)
.RS 2
.PP
The valid lifetime for the IPv6 address and the IPv6 prefix address,
expressed in units of seconds (see rfc3315).
.RE
.IP \[bu] 2
\f[B]dhcp6_server_duid\f[R] (int)
.RS 2
.PP
DUID Based on Link-layer Address (DUID-LL) (see rfc3315).
.RE
.IP \[bu] 2
\f[B]primary_ipv6_dns\f[R], \f[B]secondary_ipv6_dns\f[R] (Ipv6 address)
.RS 2
.PP
IPv6 DNS servers will be sent to the user (see rfc3646).
.RE
.IP \[bu] 2
\f[B]default_ipv6_domain_list\f[R] (string)
.RS 2
.PP
The Domain Search List (ex: \[lq]fdn.fr\[rq]) (see rfc3646).
.RE
.IP \[bu] 2
\f[B]ipv6_prefix\f[R] (Ipv6 address)
.RS 2
.PP
Enable negotiation of IPv6.
This forms the the first 64 bits of the client allocated address.
The remaining 64 come from the allocated IPv4 address and 4 bytes of 0.
.RE
.SS LAC SETTINGS
.IP \[bu] 2
\f[B]bind_address_remotelns\f[R] (ip address)
.RS 2
.PP
Address of the interface to listen the remote LNS tunnels.
If no address is given, all interfaces are listened (Any Address).
.RE
.IP \[bu] 2
\f[B]bind_portremotelns\f[R] (short)
.RS 2
.PP
Port to bind for the Remote LNS (default: 65432).
.RE
.PP
A static REMOTES LNS configuration can be entered by the command:
.IP \[bu] 2
\f[B]setforward\f[R] \f[I]MASK\f[R] \f[I]IP\f[R] \f[I]PORT\f[R]
\f[I]SECRET\f[R]
.RS 2
.PP
where MASK specifies the mask of users who have forwarded to remote LNS
(ex: \[lq]/friendISP\[at]company.com\[rq]).
.PP
where IP specifies the IP of the remote LNS (ex: \[lq]66.66.66.55\[rq]).
.PP
where PORT specifies the L2TP Port of the remote LNS (Normally should be
1701) (ex: 1701).
.PP
where SECRET specifies the secret password the remote LNS (ex:
mysecret).
.RE
.PP
The static REMOTE LNS configuration can be used when the friend ISP not
have a proxied Radius.
.PP
If a proxied Radius is used, It will return the RADIUS attributes:
.IP \[bu] 2
Tunnel-Type:1 = L2TP
.IP \[bu] 2
Tunnel-Medium-Type:1 = IPv4
.IP \[bu] 2
Tunnel-Password:1 = \[lq]LESECRETL2TP\[rq]
.IP \[bu] 2
Tunnel-Server-Endpoint:1 = \[lq]88.xx.xx.x1\[rq]
.IP \[bu] 2
Tunnel-Assignment-Id:1 = \[lq]friendisp_lns1\[rq]
.IP \[bu] 2
Tunnel-Type:2 += L2TP
.IP \[bu] 2
Tunnel-Medium-Type:2 += IPv4
.IP \[bu] 2
Tunnel-Password:2 += \[lq]LESECRETL2TP\[rq]
.IP \[bu] 2
Tunnel-Server-Endpoint:2 += \[lq]88.xx.xx.x2\[rq]
.IP \[bu] 2
Tunnel-Assignment-Id:2 += \[lq]friendisp_lns2\[rq]
.SS PPPOE SETTINGS
.IP \[bu] 2
\f[B]pppoe_if_to_bind\f[R] (string)
.RS 2
.PP
PPPOE server interface to bind (ex: \[lq]eth0.12\[rq]), If not specified
the server PPPOE is not enabled.
For the pppoe clustering, all the interfaces PPPOE of the clusters must
use the same HW address (MAC address).
.RE
.IP \[bu] 2
\f[B]pppoe_service_name\f[R] (string)
.RS 2
.PP
PPPOE service name (default: NULL).
.RE
.IP \[bu] 2
\f[B]pppoe_ac_name\f[R] (string)
.RS 2
.PP
PPPOE access concentrator name (default: \[lq]l2tpns-pppoe\[rq]).
.RE
.IP \[bu] 2
\f[B]pppoe_only_equal_svc_name\f[R] (boolean)
.RS 2
.PP
If set to yes, the PPPOE server only accepts clients with a
\[lq]service-name\[rq] different from NULL and a \[lq]service-name\[rq]
equal to server \[lq]service-name\[rq] (default: no).
.RE
.SS BGP ROUTING
.PP
The routing configuration section is entered by the command
.PP
\f[B]router\f[R] \f[B]bgp\f[R] \f[I]as\f[R]
.PP
where \f[I]as\f[R] specifies the local AS number.
.PP
Subsequent lines prefixed with \f[B]neighbour\f[R] \f[I]peer\f[R] define
the attributes of BGP neighhbours.
Valid commands are:
.PP
\f[B]neighbour\f[R] \f[I]peer\f[R] \f[B]remote-as\f[R] \f[I]as\f[R]
.PP
\f[B]neighbour\f[R] \f[I]peer\f[R] \f[B]timers\f[R] \f[I]keepalive\f[R]
\f[I]hold\f[R]
.PP
Where \f[I]peer\f[R] specifies the BGP neighbour as either a hostname or
IP address, \f[I]as\f[R] is the remote AS number and
\f[I]keepalive\f[R], \f[I]hold\f[R] are the timer values in seconds.
.SS NAMED ACCESS LISTS
.PP
Named access lists may be defined with either of
.IP \[bu] 2
\f[B]ip\f[R] \f[B]access-list\f[R] \f[B]standard\f[R] \f[I]name\f[R]
.IP \[bu] 2
\f[B]ip\f[R] \f[B]access-list\f[R] \f[B]extended\f[R] \f[I]name\f[R]
.PP
Subsequent lines starting with permit or deny define the body of the
access-list.
.SS Standard Access Lists
.PP
Standard access lists are defined with:
.IP \[bu] 2
{\f[B]permit\f[R]|\f[B]deny\f[R]} \f[I]source\f[R] [\f[I]dest\f[R]]
.PP
Where \f[I]source\f[R] and \f[I]dest\f[R] specify IP matches using one
of:
.IP \[bu] 2
\f[I]address\f[R] \f[I]wildard\f[R]
.IP \[bu] 2
\f[B]host\f[R] \f[I]address\f[R]
.IP \[bu] 2
\f[B]any\f[R]
.PP
\f[I]address\f[R] and \f[I]wildard\f[R] are in dotted-quad notation,
bits in the \f[I]wildard\f[R] indicate which address bits in
\f[I]address\f[R] are relevant to the match (0 = exact match; 1 =
don\[cq]t care).
.PP
The shorthand `host address' is equivalent to `\f[I]address\f[R]
\f[B]0.0.0.0\f[R]'; `\f[B]any\f[R]' to `\f[B]0.0.0.0\f[R]
\f[B]255.255.255.255\f[R]'.
.SS Extended Access Lists
.PP
Extended access lists are defined with:
.IP \[bu] 2
{\f[B]permit\f[R]|\f[B]deny\f[R]} \f[I]proto\f[R] \f[I]source\f[R]
[\f[I]ports\f[R]] \f[I]dest\f[R] [\f[I]ports\f[R]] [\f[I]flags\f[R]]
.PP
Where \f[I]proto\f[R] is one of \f[B]ip\f[R], \f[B]tcp\f[R] or
\f[B]udp\f[R], and \f[I]source\f[R] and \f[I]dest\f[R] are as described
above for standard lists.
.PP
For TCP and UDP matches, source and destination may be optionally
followed by a ports specification:
.IP \[bu] 2
{\f[B]eq|neq|gt|lt\f[R]} \f[I]port\f[R]
.IP \[bu] 2
\f[B]range\f[R] \f[I]from\f[R] \f[I]to\f[R]
.PP
\f[I]flags\f[R] may be one of:
.IP \[bu] 2
{\f[B]match-any|match-all\f[R]}
{\f[B]+|-\f[R]}{\f[B]fin|syn|rst|psh|ack|urg\f[R]} \&...
.RS 2
.PP
Match packets with any or all of the tcp flags set (+) or clear (-).
.RE
.IP \[bu] 2
\f[B]established\f[R]
.RS 2
.PP
Match \[lq]established\[rq] TCP connections: packets with RST or ACK
set, and SYN clear.
.RE
.IP \[bu] 2
\f[B]fragments\f[R]
.RS 2
.PP
Match IP fragments.
May not be specified on rules with layer 4 matches.
.RE
.SH SEE ALSO
.PP
l2tpns(8) (http://man.he.net/man8/l2tpns)