one will not be sent.
</LI>
-<LI><B>save_state</B> (boolean)<BR>
-When l2tpns receives a STGTERM it will write out its current
-ip_address_pool, session and tunnel tables to disk prior to exiting to
-be re-loaded at startup. The validity of this data is obviously quite
-short and the intent is to allow an sessions to be retained over a
-software upgrade.
-</LI>
-
<LI><B>primary_radius</B> (ip address)
<LI><B>secondary_radius</B> (ip address)<BR>
Sets the RADIUS servers used for both authentication and accounting.
RADIUS queries will fail.
</LI>
+<LI><B>radius_authtypes</B> (string)</BR>
+A comma separated list of supported RADIUS authentication methods
+(<B>pap</B> or <B>chap</B>), in order of preference (default <B>pap</B>).
+</LI>
+
+<LI><B>allow_duplicate_users</B> (boolean)</BR>
+Allow multiple logins with the same username. If false (the default),
+any prior session with the same username will be dropped when a new
+session is established.
+</LI>
+
<LI><B>bind_address</B> (ip address)<BR>
When the tun interface is created, it is assigned the address
specified here. If no address is given, 1.1.1.1 is used. Packets
Maximum number of host unreachable ICMP packets to send per second.
</LI>
+<LI><B>packet_limit</B> (int><BR>
+Maximum number of packets of downstream traffic to be handled each
+tenth of a second per session. If zero, no limit is applied (default:
+0). Intended as a DoS prevention mechanism and not a general
+throttling control (packets are dropped, not queued).
+</LI>
+
<LI><B>cluster_address</B> (ip address)<BR>
Multicast cluster address (default: 239.192.13.13). See the section
on <A HREF="#Clustering">Clustering</A> for more information.
elected when this interval has been passed without seeing a heartbeat
from the master.
</LI>
+
+<LI><B>cluster_master_min_adv</B> (int)<BR>
+Determines the minumum number of up to date slaves required before the
+master will drop routes (default: 1).
+</LI>
</UL>
<P>BGP routing configuration is entered by the command:
Extended access-lists:
-<DL>
- <DD>{<B>permit</B>|<B>deny</B>} <B>ip</B>
+<DIV STYLE="margin-left: 4em; text-indent: -2em">
+ <P>{<B>permit</B>|<B>deny</B>} <B>ip</B>
{<I>host</I>|<I>source source-wildcard</I>|<B>any</B>}
- {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>}
- <DD>{<B>permit</B>|<B>deny</B>} <B>udp</B>
+ {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>} [<B>fragments</B>]
+ <P>{<B>permit</B>|<B>deny</B>} <B>udp</B>
{<I>host</I>|<I>source source-wildcard</I>|<B>any</B>}
[{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>]
{<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>}
[{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>]
- <DD>{<B>permit</B>|<B>deny</B>} <B>tcp</B>
+ [<B>fragments</B>]
+ <P>{<B>permit</B>|<B>deny</B>} <B>tcp</B>
{<I>host</I>|<I>source source-wildcard</I>|<B>any</B>}
[{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>]
{<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>}
[{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>]
[{<B>established</B>|{<B>match-any</B>|<B>match-all</B>}
- {<B>+</B>|<B>-</B>}{<B>fin</B>|<B>syn</B>|<B>rst</B>|<B>psh</B>|<B>ack</B>|<B>urg</B>} ...]
-</DL>
+ {<B>+</B>|<B>-</B>}{<B>fin</B>|<B>syn</B>|<B>rst</B>|<B>psh</B>|<B>ack</B>|<B>urg</B>}
+ ...|<B>fragments</B>]
+</DIV>
<H3 ID="users">users</H3>
The signals understood are:
<UL>
-<LI>SIGHUP - Reload the config from disk and re-open log file<P></LI>
-<LI>SIGTERM / SIGINT - Shut down for a restart. This will dump the current
-state to disk (if <EM>save_state</EM> is set to true). Upon restart, the
-process will read this saved state to resume active sessions.<P>
+<LI>SIGHUP - Reload the config from disk and re-open log file</LI>
+<LI>SIGTERM / SIGINT - Shut down.</LI>
<LI>SIGQUIT - Shut down cleanly. This will send a disconnect message for
-every active session and tunnel before shutting down. This is a good idea
-when upgrading the code, as no sessions will be left with the remote end
-thinking they are open.</LI>
+every active session and tunnel before shutting down.</LI>
</UL>
<H2 ID="Throttling">Throttling</H2>