welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
l2tpns/Docs/startup-config.5
Brendan O'Dea bde7904f92 - Add l2tp_mtu configuration option, used to define MRU, MSS. 
- Adjust TCP MSS options in SYN and SYN,ACK packets to avoid
  fragmentation of tcp packets.
2005-09-16 05:04:28 +00:00

363 lines
8.6 KiB
Groff
Raw Blame History

.\" -*- nroff -*-
.de Id
.ds Dt \\$4 \\$5
..
.Id $Id: startup-config.5,v 1.15 2005-09-16 05:04:31 bodea Exp $
.TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions"
.SH NAME
startup\-config \- configuration file for l2tpns
.SH SYNOPSIS
/etc/l2tpns/startup-config
.SH DESCRIPTION
.B startup-config
is the configuration file for
.BR l2tpns .
.PP
The format is plain text, in the same format as accepted by the
configuration mode of
.BR l2tpns 's
telnet administrative interface. Comments are indicated by either the
character
.B #
or
.BR ! .
.SS SETTINGS
Settings are specified with
.IP
.BI "set " "variable value"
.PP
The following
.IR variable s
may be set:
.RS
.TP
.B debug
Set the level of debugging messages written to the log file. The
value should be between 0 and 5, with 0 being no debugging, and 5
being the highest.
.TP
.B log_file
This will be where all logging and debugging information is written
to. This may be either a filename, such as
.BR /var/log/l2tpns ,
or the string
.BR syslog : \fIfacility\fR ,
where
.I facility
is any one of the syslog logging facilities, such as
.BR local5 .
.TP
.B pid_file
If set, the process id will be written to the specified file. The
value must be an absolute path.
.TP
.B random_device
Path to random data source (default
.BR /dev/urandom ).
Use "" to use the rand() library function.
.TP
.B l2tp_secret
The secret used by
.B l2tpns
for authenticating tunnel request. Must be the same as the LAC, or
authentication will fail. Only actually be used if the LAC requests
authentication.
.TP
.B l2tp_mtu
MTU of interface for L2TP traffic (default: 1500). Used to set link
MRU and adjust TCP MSS.
.TP
.B ppp_restart_time
Restart timer for PPP protocol negotiation in seconds (default: 3).
.TP
.B ppp_max_configure
Number of configure requests to send before giving up (default: 10).
.TP
.B ppp_max_failure
Number of Configure-Nak requests to send before sending a
Configure-Reject (default: 5).
.TP
.BR primary_dns , " secondary_dns"
Whenever a PPP connection is established, DNS servers will be sent to the
user, both a primary and a secondary. If either is set to 0.0.0.0, then that
one will not be sent.
.TP
.BR primary_radius , " secondary_radius"
Sets the RADIUS servers used for both authentication and accounting.
If the primary server does not respond, then the secondary RADIUS
server will be tried.
.TP
.BR primary_radius_port , " secondary_radius_port"
Sets the authentication ports for the primary and secondary RADIUS
servers. The accounting port is one more than the authentication
port. If no ports are given, authentication defaults to 1645, and
accounting to 1646.
.TP
.B radius_accounting
If set to true, then RADIUS accounting packets will be sent. A
.B Start
record will be sent when the session is successfully authenticated,
and a
.B Stop
record when the session is closed.
.TP
.B radius_interim
If
.B radius_accounting
is on, defines the interval between sending of RADIUS interim
accounting records (in seconds).
.TP
.B radius_secret
Secret to be used in RADIUS packets.
.TP
.B radius_authtypes
A comma separated list of supported RADIUS authentication methods
("pap" or "chap"), in order of preference (default "pap").
.TP
.B radius_dae_port
Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization)
requests (default: 3799).
.TP
.B allow_duplicate_users
Allow multiple logins with the same username. If false (the default),
any prior session with the same username will be dropped when a new
session is established.
.TP
.B bind_address
When the tun interface is created, it is assigned the address
specified here. If no address is given, 1.1.1.1 is used. Packets
containing user traffic should be routed via this address if given,
otherwise the primary address of the machine.
.TP
.B peer_address
Address to send to clients as the default gateway.
.TP
.B send_garp
Determines whether or not to send a gratuitous ARP for the
.B bind_address
when the server is ready to handle traffic (default: true). This
setting is ignored if BGP is configured.
.TP
.B throttle_speed
Sets the default speed (in kbits/s) which sessions will be limited to.
.TP
.B throttle_buckets
Number of token buckets to allocate for throttling. Each throttled
session requires two buckets (in and out).
.TP
.B accounting_dir
If set to a directory, then every 5 minutes the current usage for
every connected use will be dumped to a file in this directory.
.TP
.B setuid
After starting up and binding the interface, change UID to this. This
doesn't work properly.
.TP
.B dump_speed
If set to true, then the current bandwidth utilization will be logged
every second. Even if this is disabled, you can see this information
by running the
.B uptime
command on the CLI.
.TP
.B multi_read_count
Number of packets to read off each of the UDP and TUN fds when
returned as readable by select (default: 10). Avoids incurring the
unnecessary system call overhead of select on busy servers.
.TP
.B scheduler_fifo
Sets the scheduling policy for the
.B l2tpns
process to
.BR SCHED_FIFO .
This causes the kernel to immediately preempt any currently running
.B SCHED_OTHER
(normal) process in favour of
.B l2tpns
when it becomes runnable.
.br
Ignored on uniprocessor systems.
.TP
.B lock_pages
Keep all pages mapped by the
.B l2tpns
process in memory.
.TP
.B icmp_rate
Maximum number of host unreachable ICMP packets to send per second.
.TP
.B packet_limit
Maximum number of packets of downstream traffic to be handled each
tenth of a second per session. If zero, no limit is applied (default:
0). Intended as a DoS prevention mechanism and not a general
throttling control (packets are dropped, not queued).
.TP
.B cluster_address
Multicast cluster address (default: 239.192.13.13).
.TP
.B cluster_interface
Interface for cluster packets (default: eth0).
.TP
.B cluster_mcast_ttl
TTL for multicast packets (default: 1).
.TP
.B cluster_hb_interval
Interval in tenths of a second between cluster heartbeat/pings.
.TP
.B cluster_hb_timeout
Cluster heartbeat timeout in tenths of a second. A new master will be
elected when this interval has been passed without seeing a heartbeat
from the master.
.TP
.B cluster_master_min_adv
Determines the minumum number of up to date slaves required before the
master will drop routes (default: 1).
.TP
.B ipv6_prefix
Enable negotiation of IPv6. This forms the the first 64 bits of the
client allocated address. The remaining 64 come from the allocated
IPv4 address and 4 bytes of 0s.
.RE
.SS BGP ROUTING
The routing configuration section is entered by the command
.IP
.BI "router bgp " as
.PP
where
.I as
specifies the local AS number.
.PP
Subsequent lines prefixed with
.BI "neighbour " peer
define the attributes of BGP neighhbours. Valid commands are:
.IP
.BI "neighbour " peer " remote-as " as
.br
.BI "neighbour " peer " timers " "keepalive hold"
.PP
Where
.I peer
specifies the BGP neighbour as either a hostname or IP address,
.I as
is the remote AS number and
.IR keepalive ,
.I hold
are the timer values in seconds.
.SS NAMED ACCESS LISTS
Named access lists may be defined with either of
.IP
.BI "ip access\-list standard " name
.br
.BI "ip access\-list extended " name
.PP
Subsequent lines starting with
.B permit
or
.B deny
define the body of the access\-list.
.PP
.B Standard Access Lists
.RS 4n
Standard access lists are defined with:
.IP
.RB { permit | deny }
.IR source " [" dest ]
.PP
Where
.I source
and
.I dest
specify IP matches using one of:
.IP
.I address
.I wildard
.br
.B host
.I address
.br
.B any
.PP
.I address
and
.I wildard
are in dotted-quad notation, bits in the
.I wildard
indicate which address bits in
.I address
are relevant to the match (0 = exact match; 1 = don't care).
.PP
The shorthand
.RB ' host
.IR address '
is equivalent to
.RI ' address
.BR 0.0.0.0 ';
.RB ' any '
to
.RB ' 0.0.0.0
.BR 255.255.255.255 '.
.RE
.PP
.B Extended Access Lists
.RS 4n
Extended access lists are defined with:
.IP
.RB { permit | deny }
.I proto
.IR source " [" ports "] " dest " [" ports "] [" flags ]
.PP
Where
.I proto
is one of
.BR ip ,
.B tcp
or
.BR udp ,
and
.I source
and
.I dest
are as described above for standard lists.
.PP
For TCP and UDP matches, source and destination may be optionally
followed by a
.I ports
specification:
.IP
.RB { eq | neq | gt | lt }
.I port
.br
.B
range
.I from to
.PP
.I flags
may be one of:
.RS
.HP
.RB { match\-any | match\-all }
.RB { + | - }{ fin | syn | rst | psh | ack | urg }
\&...
.br
Match packets with any or all of the tcp flags set
.RB ( + )
or clear
.RB ( - ).
.HP
.B established
.br
Match "established" TCP connections: packets with
.B RST
or
.B ACK
set, and
.B SYN
clear.
.HP
.B fragments
.br
Match IP fragments. May not be specified on rules with layer 4
matches.
.RE
.SH SEE ALSO
.BR l2tpns (8)
Reference in a new issue View git blame Copy permalink