.de Id
.ds Dt \\$4 \\$5
..
-.Id $Id: startup-config.5,v 1.2 2004/11/27 05:19:54 bodea Exp $
+.Id $Id: startup-config.5,v 1.12 2005/07/31 10:04:14 bodea Exp $
.TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions"
.SH NAME
startup\-config \- configuration file for l2tpns
If set, the process id will be written to the specified file. The
value must be an absolute path.
.TP
+.B random_device
+Path to random data source (default
+.BR /dev/urandom ).
+Use "" to use the rand() library function.
+.TP
.B l2tp_secret
The secret used by
.B l2tpns
authentication will fail. Only actually be used if the LAC requests
authentication.
.TP
+.B ppp_restart_time
+Restart timer for PPP protocol negotiation in seconds (default: 3).
+.TP
+.B ppp_max_configure
+Number of configure requests to send before giving up (default: 10).
+.TP
+.B ppp_max_failure
+Number of Configure-Nak requests to send before sending a
+Configure-Reject (default: 5).
+.TP
.BR primary_dns , " secondary_dns"
Whenever a PPP connection is established, DNS servers will be sent to the
user, both a primary and a secondary. If either is set to 0.0.0.0, then that
one will not be sent.
.TP
-.B save_state
-When
-.B l2tpns
-receives a STGTERM it will write out its current ip_address_pool,
-session and tunnel tables to disk prior to exiting to be re-loaded at
-startup. The validity of this data is obviously quite short and the
-intent is to allow an sessions to be retained over a software upgrade.
-.TP
.BR primary_radius , " secondary_radius"
Sets the RADIUS servers used for both authentication and accounting.
If the primary server does not respond, then the secondary RADIUS
.B Stop
record when the session is closed.
.TP
+.B radius_interim
+If
+.B radius_accounting
+is on, defines the interval between sending of RADIUS interim
+accounting records (in seconds).
+.TP
.B radius_secret
Secret to be used in RADIUS packets.
.TP
+.B radius_authtypes
+A comma separated list of supported RADIUS authentication methods
+("pap" or "chap"), in order of preference (default "pap").
+.TP
+.B radius_dae_port
+Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization)
+requests (default: 3799).
+.TP
+.B allow_duplicate_users
+Allow multiple logins with the same username. If false (the default),
+any prior session with the same username will be dropped when a new
+session is established.
+.TP
.B bind_address
When the tun interface is created, it is assigned the address
specified here. If no address is given, 1.1.1.1 is used. Packets
.B send_garp
Determines whether or not to send a gratuitous ARP for the
.B bind_address
-when the server is ready to handle traffic (default: true). This
+when the server is ready to handle traffic (default: true). This
setting is ignored if BGP is configured.
.TP
.B throttle_speed
If set to true, then the current bandwidth utilization will be logged
every second. Even if this is disabled, you can see this information
by running the
-.B
-uptime
+.B uptime
command on the CLI.
.TP
-.B cleanup_interval
-Interval between regular cleanups (in seconds).
-.TP
.B multi_read_count
Number of packets to read off each of the UDP and TUN fds when
returned as readable by select (default: 10). Avoids incurring the
.B icmp_rate
Maximum number of host unreachable ICMP packets to send per second.
.TP
+.B packet_limit
+Maximum number of packets of downstream traffic to be handled each
+tenth of a second per session. If zero, no limit is applied (default:
+0). Intended as a DoS prevention mechanism and not a general
+throttling control (packets are dropped, not queued).
+.TP
.B cluster_address
Multicast cluster address (default: 239.192.13.13).
.TP
Cluster heartbeat timeout in tenths of a second. A new master will be
elected when this interval has been passed without seeing a heartbeat
from the master.
+.TP
+.B cluster_master_min_adv
+Determines the minumum number of up to date slaves required before the
+master will drop routes (default: 1).
+.TP
+.B ipv6_prefix
+Enable negotiation of IPv6. This forms the the first 64 bits of the
+client allocated address. The remaining 64 come from the allocated
+IPv4 address and 4 bytes of 0s.
.RE
.SS BGP ROUTING
The routing configuration section is entered by the command
.I dest
are as described above for standard lists.
.PP
-For
-.B tcp
-and
-.B udp
-matches, source and destination may be optionally followed by a
+For TCP and UDP matches, source and destination may be optionally
+followed by a
.I ports
specification:
.IP
range
.I from to
.PP
-.B tcp
-matches may also specify
.I flags
-to match against tcp header flags:
-.IP
+may be one of:
+.RS
+.HP
.RB { match\-any | match\-all }
.RB { + | - }{ fin | syn | rst | psh | ack | urg }
\&...
.br
+Match packets with any or all of the tcp flags set
+.RB ( + )
+or clear
+.RB ( - ).
+.HP
.B established
-.PP
-.RB ' established '
-is shorthand for
-.RB ' "match-any +ack +rst -syn" '.
+.br
+Match "established" TCP connections: packets with
+.B RST
+or
+.B ACK
+set, and
+.B SYN
+clear.
+.HP
+.B fragments
+.br
+Match IP fragments. May not be specified on rules with layer 4
+matches.
.RE
.SH SEE ALSO
.BR l2tpns (8)