NAME
xl2tpd.conf - L2TPD configuration file
DESCRIPTION
The xl2tpd.conf file contains configuration information for xl2tpd, the
implementation of l2tp protocol.
The configuration file is composed of sections and parameters. Each
section has a given name which will be used when using the
configuration FIFO (normaly /var/run/l2tp-control). See xl2tpd.8 for
more details.
The specific given name default will specify parameters applicables for
all the following sections.
GLOBAL SECTION
auth file
Specify where to find the authentication file used to
authenticate l2tp tunnels. The default is
/etc/l2tpd/l2tp-secrets.
ipsec saref
Use ipsec Security Association trackinng. When this is enabled,
packets received by xl2tpd should have to extra fields (refme
and refhim) which allows tracking of multiple clients using the
same internal NATed IP address, and allows tracking of multiple
clients behind the same NAT router. This neds to be supported by
the kernel. Currently, this only works with Openswan KLIPS in
"mast" mode. (see http://www.openswan.org/)
Set this to yes and the system will provide proper SAref values
in the recvmsg() calls.
Values can be yes or no. The default is no.
listen-addr
The IP address of the interface on which the daemon listens. By
default, it listens on INADDR_ANY (0.0.0.0), meaning it listens
on all interfaces.
port Specify which UDP port xl2tpd should use. The default is 1701.
access control
If set to yes, the xl2tpd process will only accept connections
from peers addresses specified in the following sections. The
default is no.
debug avp
Set this to yes to enable syslog output of L2TP AVP debugging
information.
debug network
Set this to yes to enable syslog output of network debugging
information.
debug packet
Set this to yes to enable printing of L2TP packet debugging
information. Note: Output goes to STDOUT, so use this only in
conjunction with the -D command line option.
debug state
Set this to yes to enable syslog output of FSM debugging
information.
debug tunnel
Set this to yes to enable syslog output of tunnel debugging
information.
LNS SECTION
exclusive
If set to yes, only one control tunnel will be allowed to be
built between 2 peers. CHECK
(no) ip range
Specify the range of ip addresses the LNS will assign to the
connecting LAC PPP tunnels. Multiple ranges can be defined.
Using the ’no’ statement disallows the use of that particular
range. Ranges are defined using the format IP - IP (example:
1.1.1.1 - 1.1.1.10). Note that either at least one ip range
option must be given, or you must set assign ip to no.
assign ip
Set this to no if xl2tpd should not assign IP addresses out of
the pool defined with the ip range option. This can be useful
if you have some other means to assign IP addresses, e. g. a
pppd that supports RADIUS AAA.
(no) lac
Specify the ip addresses of LAC’s which are allowed to connect
to xl2tpd acting as a LNS. The format is the same as the ip
range option.
hidden bit
If set to yes, xl2tpd will use the AVP hiding feature of L2TP.
To get more information about hidden AVP’s and AVP in general,
refer to rfc2661 (add URL?)
local ip
Use the following IP as xl2tpd’s own ip address.
length bit
If set to yes, the length bit present in the l2tp packet payload
will be used.
(refuse | require) chap
Will require or refuse the remote peer to get authenticated via
CHAP for the ppp authentication.
(refuse | require) pap
Will require or refuse the remote peer to get authenticated via
PAP for the ppp authentication.
(refuse | require) authentication
Will require or refuse the remote peer to authenticate itself.
unix authentication
If set to yes, /etc/passwd will be used for remote peer ppp
authentication.
hostname
Will report this as the xl2tpd hostname in negociation.
ppp debug
This will enable the debug for pppd.
pppoptfile
Specify the path for a file which contains pppd configuration
parameters to be used.
call rws
This option is deprecated and no longer functions. It used to
be used to define the flow control window size for individual
L2TP calls or sessions. The L2TP standard (RFC2661) no longer
defines flow control or window sizes on calls or sessions.
tunnel rws
This defines the window size of the control channel. The window
size is defined as the number of outstanding unacknowledged
packets, not as a number of bytes.
flow bits
If set to yes, sequence numbers will be included in the
communication. The feature to use sequence numbers in sessions
is currently broken and does not function.
challenge
If set to yes, use challenge authentication to authenticate
peer.
LAC SECTION
The following are LAC specific configuration flags. Most of those
described in the LNS section may be used in a LAC context, where it
make common sense (essentially l2tp procotols tuning flags and
authentication / ppp related ones).
lns Set the dns name or ip address of the LNS to connect to.
redial If set to yes, xl2tpd will attemps to redial if the call get
disconected.
redial timeout
Wait X seconds before redial. The redial option must be set to
yes to use this option.
max redial
Will give up redial tries after X attempts.
FILES
/etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/l2tp-secrets
/var/run/xl2tpd/l2tp-control
BUGS
Please address bugs and comment to xl2tpd-dev@xelerance.com
SEE ALSO
xl2tpd(8)
AUTHORS
Forked from xl2tpd by Xelerance
(http://www.xelerance.com/software/xl2tpd/
Michael Richardson <mcr@xelerance.com> Paul Wouters
<paul@xelerance.com>
Many thanks to Jacco de Leeuw <jacco2@dds.nl> for maintaining l2tpd.
Previous development was hosted at sourceforge
(http://www.sourceforge.net/projects/l2tpd) by:
Scott Balmos <sbalmos@iglou.com>
David Stipp <dstipp@one.net>
Jeff McAdams <jeffm@iglou.com>
Based off of l2tpd version 0.60
Copyright (C)1998 Adtran, Inc.
Mark Spencer <markster@marko.net>