165 lines
4.3 KiB
Text
165 lines
4.3 KiB
Text
# Debugging level
|
|
set debug 3
|
|
|
|
# Log file: comment out to use stderr, use "syslog:facility" for syslog
|
|
set log_file "/var/log/l2tpns"
|
|
|
|
# Write pid to this file
|
|
set pid_file "/var/run/l2tpns.pid"
|
|
|
|
# This host name, if different from the OS one
|
|
#set hostname "localhost"
|
|
|
|
# Shared secret with LAC
|
|
set l2tp_secret "secret"
|
|
|
|
# MTU of interface for L2TP traffic
|
|
#set l2tp_mtu 1500
|
|
|
|
# MRRU for MP traffic
|
|
#set mp_mrru 1614
|
|
|
|
# PPP counter and timer values
|
|
#set ppp_restart_time 3
|
|
#set ppp_max_configure 10
|
|
#set ppp_max_failure 5
|
|
|
|
# Only 2 DNS server entries are allowed
|
|
set primary_dns 10.0.0.1
|
|
set secondary_dns 10.0.0.2
|
|
|
|
# Can have multiple radius server entries, but ony one radius secret
|
|
set primary_radius 10.0.0.3
|
|
#set primary_radius_port 1812
|
|
#set secondary_radius 0.0.0.0
|
|
#set secondary_radius_port 1812
|
|
set radius_secret "secret"
|
|
# Set this to yes once you have confirmed that your RADIUS server provides MessageAuthenticator in its responses
|
|
#set radius_require_message_authenticator auto
|
|
|
|
# Acceptable authentication types (pap, chap) in order of preference
|
|
#set radius_authtypes "pap"
|
|
|
|
# Turn on or off Radius Accounting
|
|
#set radius_accounting no
|
|
|
|
# Port for DAE RADIUS requests
|
|
#set radius_dae_port 3799
|
|
|
|
# Allow multiple logins for the same username
|
|
#set allow_duplicate_users no
|
|
|
|
# Kill timedout sessions ? (default yes)
|
|
#set kill_timedout_sessions no
|
|
|
|
# Allow multiple logins for specific username
|
|
#set guest_account ""
|
|
|
|
# Write usage accounting files into specified directory
|
|
#set accounting_dir "/var/run/l2tpns/acct"
|
|
|
|
# Listen address for L2TP
|
|
#set bind_address 1.1.1.1
|
|
|
|
# Listen address for CLI
|
|
set cli_bind_address 127.0.0.1
|
|
|
|
# Send a gratiuitous ARP for bind address
|
|
#set send_garp no
|
|
|
|
# Gateway address given to clients
|
|
#set peer_address 0.0.0.0
|
|
|
|
# Default throttle rate in kb/s
|
|
#set throttle_speed 0
|
|
|
|
# Number of buckets to allocate for throttling
|
|
#set throttle_buckets 3000
|
|
|
|
# If set to true, dump current speed to stderr every second
|
|
#set dump_speed no
|
|
|
|
# Number of packets to read from tun/udp/cluster fd when select
|
|
# returns readable
|
|
#set multi_read_count 10
|
|
|
|
# Set scheduling priority of process to SCHED_FIFO
|
|
#set scheduler_fifo no
|
|
|
|
# Lock pages into memory
|
|
#set lock_pages no
|
|
|
|
# Maximum number of host unreachable packets to send per second
|
|
#set icmp_rate 0
|
|
|
|
# Maximum number of downstream packets per 0.1s to handle for each
|
|
# session (0 = ulimited)
|
|
#set packet_limit 0
|
|
|
|
# Cluster multicast address, interface
|
|
#set cluster_address 239.192.13.13
|
|
#set cluster_port 32792
|
|
#set cluster_interface eth0
|
|
|
|
# Cluster multicast TTL
|
|
#set cluster_mcast_ttl 1
|
|
|
|
# Cluster timers (1/10th second)
|
|
#set cluster_hb_interval 5
|
|
#set cluster_hb_timeout 150
|
|
|
|
# Minimum number of slaves before master withdraws routes
|
|
#set cluster_master_min_adv 1
|
|
|
|
# IPv6 address prefix
|
|
#set ipv6_prefix ::
|
|
|
|
# Only 2 IPv6 DNS server entries are allowed
|
|
#set primary_ipv6_dns 2001:db8::1
|
|
#set secondary_ipv6_dns 2001:db8::2
|
|
|
|
# BGP NEXT_HOP path attribute
|
|
#set nexthop 10.0.1.1
|
|
#set nexthop6 2001:db8::1
|
|
|
|
# Time between last packet sent and LCP ECHO generation (default 10 seconds)
|
|
#set echo_timeout 10
|
|
# Drop sessions who have not responded within idle_echo_timeout seconds (default 240 seconds)
|
|
#set idle_echo_timeout 240
|
|
# Change this value to no to force generation of LCP ECHO every echo_timeout seconds, even there are activity on the link (default yes)
|
|
set ppp_keepalive yes
|
|
|
|
# Drop/kill sessions
|
|
#load plugin "sessionctl"
|
|
|
|
# Throttle/snoop based on RADIUS
|
|
#load plugin "autothrottle"
|
|
#load plugin "autosnoop"
|
|
|
|
# Control throttle/snoop with nsctl
|
|
#load plugin "throttlectl"
|
|
#load plugin "snoopctl"
|
|
|
|
# Punt RX speed if not supplied
|
|
#load plugin "setrxspeed"
|
|
|
|
# Remove domain from username
|
|
#load plugin "stripdomain"
|
|
|
|
# Walled garden
|
|
#load plugin "garden"
|
|
|
|
# Kernel acceleration, enable on no more than one instance on the same machine!
|
|
#set kernel_accel yes
|
|
#
|
|
# You will probably want to also enable MSS clamping, which l2tpns won't be able to do any more:
|
|
# iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
# ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
|
# or
|
|
# nft add rule inet filter forward tcp flags syn tcp option maxseg size set rt mtu
|
|
#
|
|
# and allow dhcpv6 traffic:
|
|
# iptables -A INPUT -i ppp+ -p udp --sport 546 --dport 547 -j ACCEPT
|
|
#
|
|
# and increase the memory available for igmp6 for DHCPv6 and RS:
|
|
# sysctl net.core.optmem_max=10485760
|