welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
l2tpns/INSTALL
David Parrish fc0a363208 * Fri Mar 5 2004 David Parrish <david@dparrish.com> 1.1.0 
- Change all strcpy() calls to strncpy() to avoid buffer overflow potential
- Add ICMP host unreachable support
- Logging to syslog if log_file = "syslog:facility"
- Now requires libcli 1.5
- All configuration moves to a config structure
- Ability to modify and write config on the fly through command-line interface
- Config file support is removed, and now handled by the cli
- Show hostname in cli prompt
- Keep current state type for tunnels
- Add uptime command do CLI, which also shows real-time bandwidth utilisation
- Add goodbye command to cluster master, which forces droppping a slave
- Cache IP address allocation, so that reconnecting users get the same address
- Fix tunnel resend timeouts, so that dead tunnels will be cleaned up
- Allocate tunnels and radius without using a linked list which had issues
- Fix some off-by-one errors in tunnel and session and radius arrays
- Save and reload ip address pool when dieing
- Check version and size of reloaded data when restarting
- Remove plugin_config support
- Remove old support for TBF which didn't work anyway. HTB is required to do throttling now.
- Add COPYING and Changes files
2004-03-05 00:09:03 +00:00

71 lines
2.2 KiB
Text
Raw Blame History

Brief Installation guide for L2TPNS
1. Requirements
* libcli 1.5.0 or greater
You can get it from http://sourceforge.net/projects/libcli.
* A kernel with iptables support
* If you want to use throttling, you must have a kernel and a tc (iproute) which supports HTB.
2. Compile
./configure --prefix=/usr --sysconfdir=/etc/l2tpns
make
3. Install
* make install. This does:
* Install the binaries into /usr/bin (l2tpns, cluster_master and nsctl)
* Create config dir /etc/l2tpns and create default config files
* Ensures that /dev/net/tun exists
* Modify config file. You probably need to change most of the config options.
* Set up basic firewall rules. This should be done in an init script.
iptables -t nat -N l2tpns
iptables -t nat -A PREROUTING -j l2tpns
iptables -t mangle -N l2tpns
iptables -t mangle -A PREROUTING -j l2tpns
* Set up walled garden firewall rules. This should be done in an init
script. This is not required unless you are using the garden plugin.
iptables -t nat -N garden >/dev/null 2>&1
iptables -t nat -F garden
iptables -t nat -A garden -p tcp -m tcp --dport 25 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p udp -m udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p tcp -m tcp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p tcp -m tcp --dport 80 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p tcp -m tcp --dport 110 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p tcp -m tcp --dport 443 -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p icmp -m icmp --icmp-type echo-request -j DNAT --to 192.168.1.1
iptables -t nat -A garden -p icmp -j ACCEPT
iptables -t nat -A garden -j DROP
* Set up IP address pools in /etc/l2tpns/ip_pool
* Set up clustering
* Run cluster_master on a separate machine
* Set the "cluster master" and "bind address" parameters in /etc/l2tpns/l2tpns.cfg
* Make l2tpns run on startup
* Test it out
This software is quite stable and is being used in a production
environment at a quite large ISP. However, you may have problems
setting it up, and if so, I would appreciate it if you would file
useful bug reports on the Source Forge page:
http://sourceforge.net/projects/l2tpns/
-- David Parrish
Reference in a new issue View git blame Copy permalink