From 7442bddd3ddcdfee1a274af39f9975683f7c2feb Mon Sep 17 00:00:00 2001 From: Tassilo Schweyer Date: Tue, 29 Apr 2025 00:41:21 +0200 Subject: [PATCH] More example configs --- etc/startup-config.default | 18 +++- etc/startup-config.l2tp-switch | 182 +++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+), 3 deletions(-) create mode 100644 etc/startup-config.l2tp-switch diff --git a/etc/startup-config.default b/etc/startup-config.default index 75c2cec..8680641 100644 --- a/etc/startup-config.default +++ b/etc/startup-config.default @@ -1,8 +1,16 @@ +set pppoe_if_to_bind "vpplan" +#set pppoe_service_name "l2tpns" +setforward "@l2tp.de" 10.0.0.11 1701 "test1" + +set bind_portremotelns 1701 + +set cluster_interface "lo" + # Debugging level set debug 3 # Log file: comment out to use stderr, use "syslog:facility" for syslog -set log_file "/var/log/l2tpns" +#set log_file "/var/log/l2tpns" # Write pid to this file set pid_file "/var/run/l2tpns.pid" @@ -11,7 +19,7 @@ set pid_file "/var/run/l2tpns.pid" #set hostname "localhost" # Shared secret with LAC -set l2tp_secret "secret" +set l2tp_secret "test1" # MTU of interface for L2TP traffic #set l2tp_mtu 1500 @@ -24,6 +32,10 @@ set l2tp_secret "secret" #set ppp_max_configure 10 #set ppp_max_failure 5 +# Can be set to "on-mismatch" to enable proxy LCP negotiation +# (e.g. if LAC cannot pass LCP through) +#set lcp_renegotiation "always" + # Only 2 DNS server entries are allowed set primary_dns 10.0.0.1 set secondary_dns 10.0.0.2 @@ -155,7 +167,7 @@ set ppp_keepalive yes #load plugin "garden" # Kernel acceleration, enable on no more than one instance on the same machine! -#set kernel_accel yes +set kernel_accel yes # # You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more: # iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu diff --git a/etc/startup-config.l2tp-switch b/etc/startup-config.l2tp-switch new file mode 100644 index 0000000..d934cba --- /dev/null +++ b/etc/startup-config.l2tp-switch @@ -0,0 +1,182 @@ +#set pppoe_if_to_bind "vpplan" +#set pppoe_service_name "l2tpns" +setforward "@l2tp.de" 10.0.0.11 1701 "test1" + +set bind_portremotelns 1701 + +set cluster_interface "lo" + +# Debugging level +set debug 3 + +# Log file: comment out to use stderr, use "syslog:facility" for syslog +#set log_file "/var/log/l2tpns" + +# Write pid to this file +set pid_file "/var/run/l2tpns.pid" + +# This host name, if different from the OS one +#set hostname "localhost" + +# Shared secret with LAC +set l2tp_secret "test1" + +# MTU of interface for L2TP traffic +#set l2tp_mtu 1500 + +# MRRU for MP traffic +#set mp_mrru 1614 + +# PPP counter and timer values +#set ppp_restart_time 3 +#set ppp_max_configure 10 +#set ppp_max_failure 5 + +# Can be set to "on-mismatch" to enable proxy LCP negotiation +# (e.g. if LAC cannot pass LCP through) +#set lcp_renegotiation "always" + +# Only 2 DNS server entries are allowed +set primary_dns 10.0.0.1 +set secondary_dns 10.0.0.2 + +# Can have multiple radius server entries, but ony one radius secret +set primary_radius 10.0.0.3 +#set primary_radius_port 1812 +#set secondary_radius 0.0.0.0 +#set secondary_radius_port 1812 +set radius_secret "secret" +# Set this to yes once you have confirmed that your RADIUS server provides MessageAuthenticator in its responses +#set radius_require_message_authenticator auto + +# Acceptable authentication types (pap, chap) in order of preference +#set radius_authtypes "pap" + +# Turn on or off Radius Accounting +#set radius_accounting no + +# Port for DAE RADIUS requests +#set radius_dae_port 3799 + +# Allow multiple logins for the same username +#set allow_duplicate_users no + +# Kill timedout sessions ? (default yes) +#set kill_timedout_sessions no + +# Allow multiple logins for specific username +#set guest_account "" + +# Write usage accounting files into specified directory +#set accounting_dir "/var/run/l2tpns/acct" + +# Listen address for L2TP +#set bind_address 1.1.1.1 + +# Listen address for CLI +set cli_bind_address 127.0.0.1 + +# Send a gratiuitous ARP for bind address +#set send_garp no + +# Gateway address given to clients +#set peer_address 0.0.0.0 + +# Default throttle rate in kb/s +#set throttle_speed 0 + +# Number of buckets to allocate for throttling +#set throttle_buckets 3000 + +# If set to true, dump current speed to stderr every second +#set dump_speed no + +# Number of packets to read from tun/udp/cluster fd when select +# returns readable +#set multi_read_count 10 + +# Set scheduling priority of process to SCHED_FIFO +#set scheduler_fifo no + +# Lock pages into memory +#set lock_pages no + +# Maximum number of host unreachable packets to send per second +#set icmp_rate 0 + +# Maximum number of downstream packets per 0.1s to handle for each +# session (0 = ulimited) +#set packet_limit 0 + +# Cluster multicast address, interface +#set cluster_address 239.192.13.13 +#set cluster_port 32792 +#set cluster_interface eth0 + +# Cluster multicast TTL +#set cluster_mcast_ttl 1 + +# Cluster timers (1/10th second) +#set cluster_hb_interval 5 +#set cluster_hb_timeout 150 + +# Minimum number of slaves before master withdraws routes +#set cluster_master_min_adv 1 + +# IPv6 address prefix +#set ipv6_prefix :: + +# Only 2 IPv6 DNS server entries are allowed +#set primary_ipv6_dns 2001:db8::1 +#set secondary_ipv6_dns 2001:db8::2 + +# BGP NEXT_HOP path attribute +#set nexthop 10.0.1.1 +#set nexthop6 2001:db8::1 + +# Route metric (lower is preferred) +#set route_metric 1 +# Route protocol number to use +#set route_protocol 42 + +# Time between last packet sent and LCP ECHO generation (default 10 seconds) +#set echo_timeout 10 +# Drop sessions who have not responded within idle_echo_timeout seconds (default 240 seconds) +#set idle_echo_timeout 240 +# Change this value to no to force generation of LCP ECHO every echo_timeout seconds, even there are activity on the link (default yes) +set ppp_keepalive yes + +# Drop/kill sessions +#load plugin "sessionctl" + +# Throttle/snoop based on RADIUS +#load plugin "autothrottle" +#load plugin "autosnoop" + +# Control throttle/snoop with nsctl +#load plugin "throttlectl" +#load plugin "snoopctl" + +# Punt RX speed if not supplied +#load plugin "setrxspeed" + +# Remove domain from username +#load plugin "stripdomain" + +# Walled garden +#load plugin "garden" + +# Kernel acceleration, enable on no more than one instance on the same machine! +set kernel_accel yes +# +# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more: +# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +# or +# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu +# +# and allow dhcpv6 traffic: +# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT +# +# and increase the memory available for igmp6 for DHCPv6 and RS: +# sysctl net.core.optmem_max=10485760