+.IP "\fBdump_speed\fR (boolean)" 4
+.IX Item "dump_speed (boolean)"
+If set to true, then the current bandwidth utilization will be logged every second. Even if this is disabled, you can see this information by running the uptime command on the \s-1CLI\s0.
+.IP "\fBdisable_sending_hello\fR (boolean)" 4
+.IX Item "disable_sending_hello (boolean)"
+Disable l2tp sending \s-1HELLO\s0 message for Apple compatibility. Some \s-1OS\s0 X implementation of l2tp no manage the L2TP \*(L"\s-1HELLO\s0 message\*(R". (default: no).
+.IP "\fBecho_timeout\fR (int)" 4
+.IX Item "echo_timeout (int)"
+Time between last packet sent and \s-1LCP\s0 \s-1ECHO\s0 generation (default: 10 (seconds)).
+.IP "\fBguest_account\fR" 4
+.IX Item "guest_account"
+Allow multiple logins matching this specific username.
+.IP "\fBicmp_rate\fR (int)" 4
+.IX Item "icmp_rate (int)"
+Maximum number of host unreachable \s-1ICMP\s0 packets to send per second.
+.IP "\fBidle_echo_timeout\fR (int)" 4
+.IX Item "idle_echo_timeout (int)"
+Drop sessions who have not responded within idle_echo_timeout seconds (default: 240 (seconds))
+.IP "\fBiftun_address\fR (ip address)" 4
+.IX Item "iftun_address (ip address)"
+This parameter is used when you want a tun interface address different from the address of \*(L"bind_address\*(R" (For use in cases of specific configuration). If no address is given to iftun_address and bind_address, 1.1.1.1 is used.
+.IP "\fBl2tp_mtu\fR (int)" 4
+.IX Item "l2tp_mtu (int)"
+\&\s-1MTU\s0 of interface for L2TP traffic (default: 1500). Used to set link \s-1MRU\s0 and adjust \s-1TCP\s0 \s-1MSS\s0.
+.IP "\fBl2tp_secret\fR (string)" 4
+.IX Item "l2tp_secret (string)"
+The secret used by l2tpns for authenticating tunnel request. Must be the same as the \s-1LAC\s0, or authentication will fail. Only actually be used if the \s-1LAC\s0 requests authentication.
+.IP "\fBlock_pages\fR (boolean)" 4
+.IX Item "lock_pages (boolean)"
+Keep all pages mapped by the l2tpns process in memory.
+.IP "\fBlog_file\fR (string)" 4
+.IX Item "log_file (string)"
+This will be where all logging and debugging information is written to.This may be either a filename, such as /var/log/l2tpns, or the string syslog:facility, where facility is any one of the syslog logging facilities, such as local5.
+.IP "\fBmulti_read_count\fR (int)" 4
+.IX Item "multi_read_count (int)"
+Number of packets to read off each of the \s-1UDP\s0 and \s-1TUN\s0 fds when returned as readable by select (default: 10). Avoids incurring the unnecessary system call overhead of select on busy servers.
+.IP "\fBpacket_limit\fR (int>" 4
+.IX Item "packet_limit (int>"
+Maximum number of packets of downstream traffic to be handled each tenth of a second per session. If zero, no limit is applied (default: 0). Intended as a DoS prevention mechanism and not a general throttling control (packets are dropped, not queued).
+.IP "\fBpeer_address\fR (ip address)" 4
+.IX Item "peer_address (ip address)"
+Address to send to clients as the default gateway.
+.IP "\fBpid_file\fR (string)" 4
+.IX Item "pid_file (string)"
+If set, the process id will be written to the specified file. The value must be an absolute path.
+.IP "\fBppp_restart_time\fR (int)" 4
+.IX Item "ppp_restart_time (int)"
+.PD 0
+.IP "\fBppp_max_configure\fR (int)" 4
+.IX Item "ppp_max_configure (int)"
+.IP "\fBppp_max_failure\fR (int)" 4
+.IX Item "ppp_max_failure (int)"
+.PD
+\&\s-1PPP\s0 counter and timer values, as described in Section 4.1 of \s-1RFC1661\s0.
+.Sp
+\&\fIppp_restart_time\fR, Restart timer for \s-1PPP\s0 protocol negotiation in seconds (default: 3).
+.Sp
+\&\fIppp_max_configure\fR, Number of configure requests to send before giving up (default: 10).
+.Sp
+\&\fIppp_max_failure\fR, Number of Configure-Nak requests to send before sending a Configure-Reject (default: 5).
+.IP "\fBprimary_dns\fR (ip address), \fBsecondary_dns\fR (ip address)" 4
+.IX Item "primary_dns (ip address), secondary_dns (ip address)"
+Whenever a \s-1PPP\s0 connection is established, \s-1DNS\s0 servers will be sent to the user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent.
+.IP "\fBprimary_radius\fR (ip address), \fBsecondary_radius\fR (ip address)" 4
+.IX Item "primary_radius (ip address), secondary_radius (ip address)"
+Sets the \s-1RADIUS\s0 servers used for both authentication and accounting. If the primary server does not respond, then the secondary \s-1RADIUS\s0 server will be tried.
+.Sp
+Note: in addition to the source \s-1IP\s0 address and identifier, the \s-1RADIUS\s0 server must include the source port when detecting duplicates to supress (in order to cope with a large number of sessions comming on-line simultaneously l2tpns uses a set of udp sockets, each with a seperate identifier).
+.IP "\fBprimary_radius_port\fR (short), \fBsecondary_radius_port\fR (short)" 4
+.IX Item "primary_radius_port (short), secondary_radius_port (short)"
+Sets the authentication ports for the primary and secondary \s-1RADIUS\s0 servers. The accounting port is one more than the authentication port. If no \s-1RADIUS\s0 ports are given, the authentication port defaults to 1645, and the accounting port to 1646.
+.IP "\fBradius_accounting\fR (boolean)" 4
+.IX Item "radius_accounting (boolean)"
+If set to true, then \s-1RADIUS\s0 accounting packets will be sent. This means that a \fBStart\fR record will be sent when the session is successfully authenticated, and a \fBStop\fR record will be sent when the session is closed.
+.IP "\fBradius_interim\fR (int)" 4
+.IX Item "radius_interim (int)"
+If radius_accounting is on, defines the interval between sending of \s-1RADIUS\s0 interim accounting records (in seconds).
+.IP "\fBradius_secret\fR (string)" 4
+.IX Item "radius_secret (string)"
+This secret will be used in all \s-1RADIUS\s0 queries. If this is not set then \s-1RADIUS\s0 queries will fail.
+.IP "\fBradius_authtypes\fR (string)" 4
+.IX Item "radius_authtypes (string)"
+A comma separated list of supported \s-1RADIUS\s0 authentication methods (\*(L"pap\*(R" or \*(L"chap\*(R"), in order of preference (default \*(L"pap\*(R").
+.IP "\fBradius_dae_port\fR (short)" 4
+.IX Item "radius_dae_port (short)"
+Port for \s-1DAE\s0 \s-1RADIUS\s0 (Packet of Death/Disconnect, Change of Authorization) requests (default: 3799).
+.IP "\fBradius_bind_min\fR, \fBradius_bind_max\fR (int)" 4
+.IX Item "radius_bind_min, radius_bind_max (int)"
+Define a port range in which to bind sockets used to send and receive \s-1RADIUS\s0 packets. Must be at least \s-1RADIUS_FDS\s0 (64) wide. Simplifies firewalling of \s-1RADIUS\s0 ports (default: dynamically assigned).
+.IP "\fBrandom_device\fR (string)" 4
+.IX Item "random_device (string)"
+Path to random data source (default /dev/urandom). Use "" to use the \fIrand()\fR library function.
+.IP "\fBscheduler_fifo\fR (boolean)" 4
+.IX Item "scheduler_fifo (boolean)"
+Sets the scheduling policy for the l2tpns process to \s-1SCHED_FIFO\s0. This causes the kernel to immediately preempt any currently running \s-1SCHED_OTHER\s0 (normal) process in favour of l2tpns when it becomes runnable. Ignored on uniprocessor systems.
+.IP "\fBsend_garp\fR (boolean)" 4
+.IX Item "send_garp (boolean)"
+Determines whether or not to send a gratuitous \s-1ARP\s0 for the bind_address when the server is ready to handle traffic (default: true). This value is ignored if \s-1BGP\s0 is configured.
+.IP "\fBtundevicename\fR (string)" 4
+.IX Item "tundevicename (string)"
+Name of the tun interface (default: \*(L"tun0\*(R").
+.IP "\fBthrottle_speed\fR (int)" 4
+.IX Item "throttle_speed (int)"
+Sets the default speed (in kbits/s) which sessions will be limited to. If this is set to 0, then throttling will not be used at all. Note: You can set this by the \s-1CLI\s0, but changes will not affect currently connected users.
+.IP "\fBthrottle_buckets\fR (int)" 4
+.IX Item "throttle_buckets (int)"
+Number of token buckets to allocate for throttling. Each throttled session requires two buckets (in and out).
+.SS "DHCPv6 And IPv6 \s-1SETTINGS\s0"
+.IX Subsection "DHCPv6 And IPv6 SETTINGS"
+.IP "\fBdhcp6_preferred_lifetime\fR (int)" 4
+.IX Item "dhcp6_preferred_lifetime (int)"
+The preferred lifetime for the IPv6 address and the IPv6 prefix address, expressed in units of seconds (see rfc3315).
+.IP "\fBdhcp6_valid_lifetime\fR (int)" 4
+.IX Item "dhcp6_valid_lifetime (int)"
+The valid lifetime for the IPv6 address and the IPv6 prefix address, expressed in units of seconds (see rfc3315).
+.IP "\fBdhcp6_server_duid\fR (int)" 4
+.IX Item "dhcp6_server_duid (int)"
+\&\s-1DUID\s0 Based on Link-layer Address (DUID-LL) (see rfc3315).
+.IP "\fBprimary_ipv6_dns\fR, \fBsecondary_ipv6_dns\fR (Ipv6 address)" 4
+.IX Item "primary_ipv6_dns, secondary_ipv6_dns (Ipv6 address)"
+IPv6 \s-1DNS\s0 servers will be sent to the user (see rfc3646).
+.IP "\fBdefault_ipv6_domain_list\fR (string)" 4
+.IX Item "default_ipv6_domain_list (string)"
+The Domain Search List (ex: \*(L"fdn.fr\*(R") (see rfc3646).
+.IP "\fBipv6_prefix\fR (Ipv6 address)" 4
+.IX Item "ipv6_prefix (Ipv6 address)"
+Enable negotiation of IPv6. This forms the the first 64 bits of the client allocated address. The remaining 64 come from the allocated IPv4 address and 4 bytes of 0.
+.SS "\s-1LAC\s0 \s-1SETTINGS\s0"
+.IX Subsection "LAC SETTINGS"
+.IP "\fBbind_address_remotelns\fR (ip address)" 4
+.IX Item "bind_address_remotelns (ip address)"
+Address of the interface to listen the remote \s-1LNS\s0 tunnels. If no address is given, all interfaces are listened (Any Address).
+.IP "\fBbind_portremotelns\fR (short)" 4
+.IX Item "bind_portremotelns (short)"
+Port to bind for the Remote \s-1LNS\s0 (default: 65432).
+.PP
+A static \s-1REMOTES\s0 \s-1LNS\s0 configuration can be entered by the command:
+.IP "\fBsetforward\fR \fI\s-1MASK\s0\fR \fI\s-1IP\s0\fR \fI\s-1PORT\s0\fR \fI\s-1SECRET\s0\fR" 4
+.IX Item "setforward MASK IP PORT SECRET"
+where \s-1MASK\s0 specifies the mask of users who have forwarded to remote \s-1LNS\s0 (ex: \*(L"/friendISP@company.com\*(R").
+.Sp
+where \s-1IP\s0 specifies the \s-1IP\s0 of the remote \s-1LNS\s0 (ex: \*(L"66.66.66.55\*(R").
+.Sp
+where \s-1PORT\s0 specifies the L2TP Port of the remote \s-1LNS\s0 (Normally should be 1701) (ex: 1701).
+.Sp
+where \s-1SECRET\s0 specifies the secret password the remote \s-1LNS\s0 (ex: mysecret).
+.PP
+The static \s-1REMOTE\s0 \s-1LNS\s0 configuration can be used when the friend \s-1ISP\s0 not have a proxied Radius.
+.PP
+If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes:
+.IP "Tunnel\-Type:1 = L2TP" 4
+.IX Item "Tunnel-Type:1 = L2TP"
+.PD 0
+.IP "Tunnel\-Medium\-Type:1 = IPv4" 4
+.IX Item "Tunnel-Medium-Type:1 = IPv4"
+.ie n .IP "Tunnel\-Password:1 = ""\s-1LESECRETL2TP\s0""" 4
+.el .IP "Tunnel\-Password:1 = ``\s-1LESECRETL2TP\s0''" 4
+.IX Item "Tunnel-Password:1 = LESECRETL2TP"
+.ie n .IP "Tunnel\-Server\-Endpoint:1 = ""88.xx.xx.x1""" 4
+.el .IP "Tunnel\-Server\-Endpoint:1 = ``88.xx.xx.x1''" 4
+.IX Item "Tunnel-Server-Endpoint:1 = 88.xx.xx.x1"
+.ie n .IP "Tunnel\-Assignment\-Id:1 = ""friendisp_lns1""" 4
+.el .IP "Tunnel\-Assignment\-Id:1 = ``friendisp_lns1''" 4
+.IX Item "Tunnel-Assignment-Id:1 = friendisp_lns1"
+.IP "Tunnel\-Type:2 += L2TP" 4
+.IX Item "Tunnel-Type:2 += L2TP"
+.IP "Tunnel\-Medium\-Type:2 += IPv4" 4
+.IX Item "Tunnel-Medium-Type:2 += IPv4"
+.ie n .IP "Tunnel\-Password:2 += ""\s-1LESECRETL2TP\s0""" 4
+.el .IP "Tunnel\-Password:2 += ``\s-1LESECRETL2TP\s0''" 4
+.IX Item "Tunnel-Password:2 += LESECRETL2TP"
+.ie n .IP "Tunnel\-Server\-Endpoint:2 += ""88.xx.xx.x2""" 4
+.el .IP "Tunnel\-Server\-Endpoint:2 += ``88.xx.xx.x2''" 4
+.IX Item "Tunnel-Server-Endpoint:2 += 88.xx.xx.x2"
+.ie n .IP "Tunnel\-Assignment\-Id:2 += ""friendisp_lns2""" 4
+.el .IP "Tunnel\-Assignment\-Id:2 += ``friendisp_lns2''" 4
+.IX Item "Tunnel-Assignment-Id:2 += friendisp_lns2"
+.PD
+.SS "\s-1PPPOE\s0 \s-1SETTINGS\s0"
+.IX Subsection "PPPOE SETTINGS"
+.IP "\fBpppoe_if_to_bind\fR (string)" 4
+.IX Item "pppoe_if_to_bind (string)"
+\&\s-1PPPOE\s0 server interface to bind (ex: \*(L"eth0.12\*(R"), If not specified the server \s-1PPPOE\s0 is not enabled. For the pppoe clustering, all the interfaces \s-1PPPOE\s0 of the clusters must use the same \s-1HW\s0 address (\s-1MAC\s0 address).
+.IP "\fBpppoe_service_name\fR (string)" 4
+.IX Item "pppoe_service_name (string)"
+\&\s-1PPPOE\s0 service name (default: \s-1NULL\s0).
+.IP "\fBpppoe_ac_name\fR (string)" 4
+.IX Item "pppoe_ac_name (string)"
+\&\s-1PPPOE\s0 access concentrator name (default: \*(L"l2tpns\-pppoe\*(R").
+.IP "\fBpppoe_only_equal_svc_name\fR (boolean)" 4
+.IX Item "pppoe_only_equal_svc_name (boolean)"
+If set to yes, the \s-1PPPOE\s0 server only accepts clients with a \*(L"service-name\*(R" different from \s-1NULL\s0 and a \*(L"service-name\*(R" equal to server \*(L"service-name\*(R" (default: no).
+.SS "\s-1BGP\s0 \s-1ROUTING\s0"
+.IX Subsection "BGP ROUTING"