Imported Upstream version 2.1.21

2011-07-07 12:45:05 +02:00 · 2011-07-07 12:45:05 +02:00 · f2a3180cc0
commit f2a3180cc0
57 changed files with 24656 additions and 0 deletions
--- a/Docs/l2tpns.8
+++ b/Docs/l2tpns.8
@ -0,0 +1,70 @@
+.\" -*- nroff -*-
+.de Id
+.ds Dt \\$4 \\$5
+..
+.Id $Id: l2tpns.8,v 1.4 2005/06/12 06:09:35 bodea Exp $
+.TH L2TPNS 8 "\*(Dt" L2TPNS "System Management Commands"
+.SH NAME
+l2tpns \- Layer 2 tunneling protocol network server (LNS)
+.SH SYNOPSIS
+.B l2tpns
+.RB [ \-d ]
+.RB [ \-v ]
+.RB [ \-c
+.IR file ]
+.RB [ \-h
+.IR hostname ]
+.SH DESCRIPTION
+.B l2tpns
+is a daemon for terminating layer 2 tunneling protocol (L2TP: RFC
+2661) sessions.
+.PP
+Once running,
+.B l2tpns
+may be controlled by telnetting to port 23 on the machine running the
+daemon and with the
+.B nsctl
+utility.
+.SH OPTIONS
+.TP
+.B \-d
+Detach from terminal and fork into the background. By default l2tpns
+will stay in the foreground.
+.TP
+.B \-v
+Increase verbosity for debugging. Can be used multiple times.
+.TP
+.BI "\-c " file
+Specify configuration file.
+.TP
+.BI "\-h " hostname
+Force hostname to
+.IR hostname .
+.SH FILES
+.TP
+.I /etc/l2tpns/startup-config
+The default configuration file.
+.TP
+.I /etc/l2tpns/ip_pool
+IP address pool configuration.
+.TP
+.I /etc/l2tpns/users
+Username/password configuration for access to admin interface.
+.SH SIGNALS
+.TP
+.B SIGHUP
+Reload the config from disk and re-open log file.
+.TP
+.BR SIGTERM ", " SIGINT
+Stop process.  Tunnels and sessions are not terminated.  This signal
+should be used to stop l2tpns on a cluster node where there are other
+machines to continue handling traffic.
+.TP
+.B SIGQUIT
+Shut down tunnels and sessions, exit process when complete.
+.SH SEE ALSO
+.BR startup-config (5),
+.BR nsctl (8)
+.SH AUTHOR
+This manual page was written by Jonathan McDowell <noodles@earth.li>,
+for the Debian GNU/Linux system (but may be used by others).
--- a/Docs/manual.html
+++ b/Docs/manual.html
--- a/Docs/nsctl.8
+++ b/Docs/nsctl.8
@ -0,0 +1,69 @@
+.\" -*- nroff -*-
+.de Id
+.ds Dt \\$4 \\$5
+..
+.Id $Id: nsctl.8,v 1.2 2004/11/17 15:08:19 bodea Exp $
+.TH NSCTL 8 "\*(Dt" L2TPNS "System Management Commands"
+.SH NAME
+nsctl \- manage running l2tpns instance
+.SH SYNOPSIS
+.B nsctl
+.RB [ \-d ]
+.RB [ \-h
+.IR host [: port ]]
+.RB [ \-t
+.IR timeout ]
+.I command
+.RI [ arg " ...]"
+.SH DESCRIPTION
+.B nsctl
+sends commands to a running
+.B l2tpns
+process.  It provides both for the loading or unloading of plugins and
+also the management of sessions via functions provided by those plugins.
+.SH OPTIONS
+.TP
+.B \-d
+Enable debugging output.
+.TP
+.B \-h \fIhost\fR[:\fIport\fR]
+The host running
+.B l2tpns
+that should receive the message.  By default the message is sent to
+UDP port 1702 on
+.BR localhost .
+.TP
+.B \-t \fItimeout\fR
+Timeout in seconds to wait for a response from the server.
+.SH COMMANDS
+The first argument specifies the command to send to
+.B l2tpns .
+The following commands are as defined:
+.TP
+.BI "load_plugin " plugin
+Load the named
+.IR plugin .
+.TP
+.BI "unload_plugin " plugin
+Unload the named
+.IR plugin .
+.TP
+.B help
+Each loaded plugin is queried for what commands it supports and the
+synopsis for each is output.
+.PP
+Any other value of
+.I command
+(and
+.I args
+if any)
+are sent to
+.B l2tpns
+as-is, to be passed to each plugin which registers a
+.B plugin_control
+function in turn (in which it may be acted upon).
+.SH SEE ALSO
+.BR l2tpns (8)
+.SH AUTHOR
+This manual page was written by Jonathan McDowell <noodles@the.earth.li>,
+for the Debian GNU/Linux system (but may be used by others).
--- a/Docs/startup-config.5
+++ b/Docs/startup-config.5
@ -0,0 +1,363 @@
+.\" -*- nroff -*-
+.de Id
+.ds Dt \\$4 \\$5
+..
+.Id $Id: startup-config.5,v 1.15 2005/09/16 05:04:31 bodea Exp $
+.TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions"
+.SH NAME
+startup\-config \- configuration file for l2tpns
+.SH SYNOPSIS
+/etc/l2tpns/startup-config
+.SH DESCRIPTION
+.B startup-config
+is the configuration file for
+.BR l2tpns .
+.PP
+The format is plain text, in the same format as accepted by the
+configuration mode of
+.BR l2tpns 's
+telnet administrative interface.  Comments are indicated by either the
+character
+.B #
+or
+.BR ! .
+.SS SETTINGS
+Settings are specified with
+.IP
+.BI "set " "variable value"
+.PP
+The following
+.IR variable s
+may be set:
+.RS
+.TP
+.B debug
+Set the level of debugging messages written to the log file.  The
+value should be between 0 and 5, with 0 being no debugging, and 5
+being the highest.
+.TP
+.B log_file
+This will be where all logging and debugging information is written
+to.  This may be either a filename, such as
+.BR /var/log/l2tpns ,
+or the string
+.BR syslog : \fIfacility\fR ,
+where
+.I facility
+is any one of the syslog logging facilities, such as
+.BR local5 .
+.TP
+.B pid_file
+If set, the process id will be written to the specified file.  The
+value must be an absolute path.
+.TP
+.B random_device
+Path to random data source (default
+.BR /dev/urandom ).
+Use "" to use the rand() library function.
+.TP
+.B l2tp_secret
+The secret used by
+.B l2tpns
+for authenticating tunnel request.  Must be the same as the LAC, or
+authentication will fail.  Only actually be used if the LAC requests
+authentication.
+.TP
+.B l2tp_mtu
+MTU of interface for L2TP traffic (default: 1500).  Used to set link
+MRU and adjust TCP MSS.
+.TP
+.B ppp_restart_time
+Restart timer for PPP protocol negotiation in seconds (default: 3).
+.TP
+.B ppp_max_configure
+Number of configure requests to send before giving up (default: 10).
+.TP
+.B ppp_max_failure
+Number of Configure-Nak requests to send before sending a
+Configure-Reject (default: 5).
+.TP
+.BR primary_dns , " secondary_dns"
+Whenever a PPP connection is established, DNS servers will be sent to the
+user, both a primary and a secondary.  If either is set to 0.0.0.0, then that
+one will not be sent.
+.TP
+.BR primary_radius , " secondary_radius"
+Sets the RADIUS servers used for both authentication and accounting. 
+If the primary server does not respond, then the secondary RADIUS
+server will be tried.
+.TP
+.BR primary_radius_port , " secondary_radius_port"
+Sets the authentication ports for the primary and secondary RADIUS
+servers.  The accounting port is one more than the authentication
+port.  If no ports are given, authentication defaults to 1645, and
+accounting to 1646.
+.TP
+.B radius_accounting
+If set to true, then RADIUS accounting packets will be sent.  A
+.B Start
+record will be sent when the session is successfully authenticated,
+and a
+.B Stop
+record when the session is closed.
+.TP
+.B radius_interim
+If
+.B radius_accounting
+is on, defines the interval between sending of RADIUS interim
+accounting records (in seconds).
+.TP
+.B radius_secret
+Secret to be used in RADIUS packets.
+.TP
+.B radius_authtypes
+A comma separated list of supported RADIUS authentication methods
+("pap" or "chap"), in order of preference (default "pap").
+.TP
+.B radius_dae_port
+Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization)
+requests (default: 3799).
+.TP
+.B allow_duplicate_users
+Allow multiple logins with the same username.  If false (the default),
+any prior session with the same username will be dropped when a new
+session is established.
+.TP
+.B bind_address
+When the tun interface is created, it is assigned the address
+specified here.  If no address is given, 1.1.1.1 is used.  Packets
+containing user traffic should be routed via this address if given,
+otherwise the primary address of the machine.
+.TP
+.B peer_address
+Address to send to clients as the default gateway.
+.TP
+.B send_garp
+Determines whether or not to send a gratuitous ARP for the
+.B bind_address
+when the server is ready to handle traffic (default: true).  This
+setting is ignored if BGP is configured.
+.TP
+.B throttle_speed
+Sets the default speed (in kbits/s) which sessions will be limited to.
+.TP
+.B throttle_buckets
+Number of token buckets to allocate for throttling.  Each throttled
+session requires two buckets (in and out).
+.TP
+.B accounting_dir
+If set to a directory, then every 5 minutes the current usage for
+every connected use will be dumped to a file in this directory.
+.TP
+.B setuid
+After starting up and binding the interface, change UID to this.  This
+doesn't work properly.
+.TP
+.B dump_speed
+If set to true, then the current bandwidth utilization will be logged
+every second.  Even if this is disabled, you can see this information
+by running the
+.B uptime
+command on the CLI.
+.TP
+.B multi_read_count
+Number of packets to read off each of the UDP and TUN fds when
+returned as readable by select (default: 10).  Avoids incurring the
+unnecessary system call overhead of select on busy servers.
+.TP
+.B scheduler_fifo
+Sets the scheduling policy for the
+.B l2tpns
+process to
+.BR SCHED_FIFO .
+This causes the kernel to immediately preempt any currently running
+.B SCHED_OTHER
+(normal) process in favour of
+.B l2tpns
+when it becomes runnable. 
+.br
+Ignored on uniprocessor systems.
+.TP
+.B lock_pages
+Keep all pages mapped by the
+.B l2tpns
+process in memory.
+.TP
+.B icmp_rate
+Maximum number of host unreachable ICMP packets to send per second.
+.TP
+.B packet_limit
+Maximum number of packets of downstream traffic to be handled each
+tenth of a second per session.  If zero, no limit is applied (default: 
+0).  Intended as a DoS prevention mechanism and not a general
+throttling control (packets are dropped, not queued).
+.TP
+.B cluster_address
+Multicast cluster address (default: 239.192.13.13).
+.TP
+.B cluster_interface
+Interface for cluster packets (default: eth0).
+.TP
+.B cluster_mcast_ttl
+TTL for multicast packets (default: 1).
+.TP
+.B cluster_hb_interval
+Interval in tenths of a second between cluster heartbeat/pings.
+.TP
+.B cluster_hb_timeout
+Cluster heartbeat timeout in tenths of a second.  A new master will be
+elected when this interval has been passed without seeing a heartbeat
+from the master.
+.TP
+.B cluster_master_min_adv
+Determines the minumum number of up to date slaves required before the
+master will drop routes (default: 1).
+.TP
+.B ipv6_prefix
+Enable negotiation of IPv6.  This forms the the first 64 bits of the
+client allocated address.  The remaining 64 come from the allocated
+IPv4 address and 4 bytes of 0s.
+.RE
+.SS BGP ROUTING
+The routing configuration section is entered by the command
+.IP
+.BI "router bgp " as
+.PP
+where
+.I as
+specifies the local AS number.
+.PP
+Subsequent lines prefixed with
+.BI "neighbour " peer
+define the attributes of BGP neighhbours.  Valid commands are:
+.IP
+.BI "neighbour " peer " remote-as " as
+.br
+.BI "neighbour " peer " timers " "keepalive hold"
+.PP
+Where
+.I peer
+specifies the BGP neighbour as either a hostname or IP address,
+.I as
+is the remote AS number and
+.IR keepalive ,
+.I hold
+are the timer values in seconds.
+.SS NAMED ACCESS LISTS
+Named access lists may be defined with either of
+.IP
+.BI "ip access\-list standard " name
+.br
+.BI "ip access\-list extended " name
+.PP
+Subsequent lines starting with
+.B permit
+or
+.B deny
+define the body of the access\-list.
+.PP
+.B Standard Access Lists
+.RS 4n
+Standard access lists are defined with:
+.IP
+.RB { permit | deny }
+.IR source " [" dest ]
+.PP
+Where
+.I source
+and
+.I dest
+specify IP matches using one of:
+.IP
+.I address
+.I wildard
+.br
+.B host
+.I address
+.br
+.B any
+.PP
+.I address
+and
+.I wildard
+are in dotted-quad notation, bits in the
+.I wildard
+indicate which address bits in
+.I address
+are relevant to the match (0 = exact match; 1 = don't care).
+.PP
+The shorthand
+.RB ' host
+.IR address '
+is equivalent to
+.RI ' address
+.BR 0.0.0.0 ';
+.RB ' any '
+to
+.RB ' 0.0.0.0
+.BR 255.255.255.255 '.
+.RE
+.PP
+.B Extended Access Lists
+.RS 4n
+Extended access lists are defined with:
+.IP
+.RB { permit | deny }
+.I proto
+.IR source " [" ports "] " dest " [" ports "] [" flags ]
+.PP
+Where
+.I proto
+is one of
+.BR ip ,
+.B tcp
+or
+.BR udp ,
+and
+.I source
+and
+.I dest
+are as described above for standard lists.
+.PP
+For TCP and UDP matches, source and destination may be optionally
+followed by a
+.I ports
+specification:
+.IP
+.RB { eq | neq | gt | lt }
+.I port
+.br
+.B
+range
+.I from to
+.PP
+.I flags
+may be one of:
+.RS
+.HP
+.RB { match\-any | match\-all }
+.RB { + | - }{ fin | syn | rst | psh | ack | urg }
+\&...
+.br
+Match packets with any or all of the tcp flags set
+.RB ( + )
+or clear
+.RB ( - ).
+.HP
+.B established
+.br
+Match "established" TCP connections:  packets with
+.B RST
+or
+.B ACK
+set, and
+.B SYN
+clear.
+.HP
+.B fragments
+.br
+Match IP fragments.  May not be specified on rules with layer 4
+matches.
+.RE
+.SH SEE ALSO
+.BR l2tpns (8)