Man Linux: Main Page and Category List


       startup-config - configuration file for l2tpns




       startup-config is the configuration file for l2tpns.

       The  format  is  plain  text,  in  the  same  format as accepted by the
       configuration  mode  of  l2tpns’s  telnet   administrative   interface.
       Comments are indicated by either the character # or !.

       Settings are specified with

              set variable value

       The following variables may be set:

              debug  Set  the  level  of debugging messages written to the log
                     file.  The value should be between 0 and 5, with 0  being
                     no debugging, and 5 being the highest.

                     This  will be where all logging and debugging information
                     is written to.  This may be either a  filename,  such  as
                     /var/log/l2tpns,  or  the  string  syslog:facility, where
                     facility is any one of  the  syslog  logging  facilities,
                     such as local5.

                     If  set,  the process id will be written to the specified
                     file.  The value must be an absolute path.

                     Path to random data source (default  /dev/urandom).   Use
                     "" to use the rand() library function.

                     The  secret  used  by  l2tpns  for  authenticating tunnel
                     request.  Must be the same as the LAC, or  authentication
                     will  fail.   Only  actually  be used if the LAC requests

                     MTU of interface for L2TP traffic (default: 1500).   Used
                     to set link MRU and adjust TCP MSS.

                     Restart  timer  for  PPP  protocol negotiation in seconds
                     (default: 3).

                     Number of configure requests to  send  before  giving  up
                     (default: 10).

                     Number of Configure-Nak requests to send before sending a
                     Configure-Reject (default: 5).

              primary_dns, secondary_dns
                     Whenever a PPP connection  is  established,  DNS  servers
                     will be sent to the user, both a primary and a secondary.
                     If either is set to, then that one  will  not  be

              primary_radius, secondary_radius
                     Sets  the RADIUS servers used for both authentication and
                     accounting.  If the primary server does not respond, then
                     the secondary RADIUS server will be tried.

              primary_radius_port, secondary_radius_port
                     Sets   the  authentication  ports  for  the  primary  and
                     secondary RADIUS servers.  The  accounting  port  is  one
                     more  than  the  authentication  port.   If  no ports are
                     given, authentication defaults to 1645, and accounting to

                     If  set  to  true, then RADIUS accounting packets will be
                     sent.  A Start record will be sent when  the  session  is
                     successfully  authenticated,  and  a Stop record when the
                     session is closed.

                     If radius_accounting is on, defines the interval  between
                     sending   of   RADIUS   interim  accounting  records  (in

                     Secret to be used in RADIUS packets.

                     A comma separated list of supported RADIUS authentication
                     methods   ("pap"  or  "chap"),  in  order  of  preference
                     (default "pap").

                     Port for DAE RADIUS (Packet of  Death/Disconnect,  Change
                     of Authorization) requests (default: 3799).

                     Allow  multiple  logins with the same username.  If false
                     (the default), any prior session with the  same  username
                     will be dropped when a new session is established.

                     When  the  tun  interface  is created, it is assigned the
                     address specified here.  If no address is given,
                     is  used.   Packets  containing  user  traffic  should be
                     routed via this address if given, otherwise  the  primary
                     address of the machine.

                     Address to send to clients as the default gateway.

                     Determines  whether  or  not to send a gratuitous ARP for
                     the bind_address when  the  server  is  ready  to  handle
                     traffic  (default: true).  This setting is ignored if BGP
                     is configured.

                     Sets the default speed (in kbits/s) which  sessions  will
                     be limited to.

                     Number of token buckets to allocate for throttling.  Each
                     throttled session requires two buckets (in and out).

                     If set to a directory, then every 5 minutes  the  current
                     usage for every connected use will be dumped to a file in
                     this directory.

              setuid After starting up and binding the interface,  change  UID
                     to this.  This doesn’t work properly.

                     If  set  to  true, then the current bandwidth utilization
                     will be logged every second.  Even if this  is  disabled,
                     you  can  see  this  information  by  running  the uptime
                     command on the CLI.

                     Number of packets to read off each of the UDP and TUN fds
                     when  returned  as  readable  by  select  (default:  10).
                     Avoids incurring the unnecessary system call overhead  of
                     select on busy servers.

                     Sets  the  scheduling  policy  for  the l2tpns process to
                     SCHED_FIFO.   This  causes  the  kernel  to   immediately
                     preempt   any   currently  running  SCHED_OTHER  (normal)
                     process in favour of l2tpns when it becomes runnable.
                     Ignored on uniprocessor systems.

                     Keep all pages mapped by the l2tpns process in memory.

                     Maximum number of host unreachable ICMP packets  to  send
                     per second.

                     Maximum  number  of  packets  of downstream traffic to be
                     handled each tenth of a second per session.  If zero,  no
                     limit  is  applied  (default:  0).   Intended  as  a  DoS
                     prevention mechanism and not a general throttling control
                     (packets are dropped, not queued).

                     Multicast cluster address (default:

                     Interface for cluster packets (default: eth0).

                     TTL for multicast packets (default: 1).

                     Interval   in   tenths   of   a  second  between  cluster

                     Cluster heartbeat timeout in tenths of a second.   A  new
                     master will be elected when this interval has been passed
                     without seeing a heartbeat from the master.

                     Determines the  minumum  number  of  up  to  date  slaves
                     required before the master will drop routes (default: 1).

                     Enable negotiation of IPv6.  This forms the the first  64
                     bits  of  the client allocated address.  The remaining 64
                     come from the allocated IPv4 address and 4 bytes of 0s.

       The routing configuration section is entered by the command

              router bgp as

       where as specifies the local AS number.

       Subsequent lines prefixed with neighbour peer define the attributes  of
       BGP neighhbours.  Valid commands are:

              neighbour peer remote-as as
              neighbour peer timers keepalive hold

       Where  peer  specifies  the  BGP  neighbour  as either a hostname or IP
       address, as is the remote AS number and keepalive, hold are  the  timer
       values in seconds.

       Named access lists may be defined with either of

              ip access-list standard name
              ip access-list extended name

       Subsequent  lines  starting  with permit or deny define the body of the

       Standard Access Lists
           Standard access lists are defined with:

                  {permit|deny} source [dest]

           Where source and dest specify IP matches using one of:

                  address wildard
                  host address

           address and wildard  are  in  dotted-quad  notation,  bits  in  the
           wildard  indicate which address bits in address are relevant to the
           match (0 = exact match; 1 = don’t care).

           The shorthand ’host address’ is equivalent  to  ’address’;
           ’any’ to ’’.

       Extended Access Lists
           Extended access lists are defined with:

                  {permit|deny} proto source [ports] dest [ports] [flags]

           Where  proto  is  one of ip, tcp or udp, and source and dest are as
           described above for standard lists.

           For TCP and UDP matches, source and destination may  be  optionally
           followed by a ports specification:

                  {eq|neq|gt|lt} port
                  range from to

           flags may be one of:

                  {match-any|match-all} {+|-}{fin|syn|rst|psh|ack|urg} ...
                         Match  packets  with  any or all of the tcp flags set
                         (+) or clear (-).

                         Match "established" TCP  connections:   packets  with
                         RST or ACK set, and SYN clear.

                         Match  IP  fragments.   May not be specified on rules
                         with layer 4 matches.