X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/0f22007377e186b9a16839c31156190d378fcffc..9470245fe1052218fcf098f35741a1aa9c7368b8:/Docs/manual.html?ds=inline diff --git a/Docs/manual.html b/Docs/manual.html index a857d9b..5c830f2 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,7 +56,6 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • -
  • Avoiding Fragmentation
  • Performance
  • @@ -185,6 +184,18 @@ the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. +
  • l2tp_mtu (int)
    +MTU of interface for L2TP traffic (default: 1500). Used to set link +MRU and adjust TCP MSS. +
  • + +
  • ppp_restart_time (int)
    +ppp_max_configure (int)
    +ppp_max_failure (int)
    +PPP counter and timer values, as described in §4.1 of +RFC1661. +
  • +
  • primary_dns (ip address)
  • secondary_dns (ip address)
    Whenever a PPP connection is established, DNS servers will be sent to the @@ -229,6 +240,11 @@ A comma separated list of supported RADIUS authentication methods (pap or chap), in order of preference (default pap).
  • +
  • radius_dae_port (short)
    +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: 3799). +
  • +
  • allow_duplicate_users (boolean)
    Allow multiple logins with the same username. If false (the default), any prior session with the same username will be dropped when a new @@ -323,6 +339,10 @@ on Clustering for more information. Interface for cluster packets (default: eth0).
  • +
  • cluster_mcast_ttl (int)
    +TTL for multicast packets (default: 1). +
  • +
  • cluster_hb_interval (int)
    Interval in tenths of a second between cluster heartbeat/pings.
  • @@ -696,12 +716,15 @@ killall -HUP l2tpns The signals understood are: - +
    +
    SIGHUP
    Reload the config from disk and re-open log file.
    +
    SIGTERM, SIGINT
    Stop process. Tunnels and sessions are not +terminated. This signal should be used to stop l2tpns on a +cluster node where there are other machines to +continue handling traffic.
    +
    SIGQUIT
    Shut down tunnels and sessions, exit process when +complete.
    +

    Throttling

    @@ -814,14 +837,14 @@ supplied structure: some way. - +
    +
    t
    Tunnel +
    s
    Session +
    username +
    password +
    protocol
    0xC023 for PAP, 0xC223 for CHAP +
    continue_auth
    Set to 0 to stop processing authentication modules +
    post_auth @@ -831,16 +854,16 @@ supplied structure: to be accepted. - + allow or disallow authentication +
    protocol
    0xC023 for PAP, 0xC223 for CHAP + packet_rx @@ -849,12 +872,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    packet_tx @@ -863,12 +886,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    timer @@ -877,9 +900,9 @@ supplied structure: you do is reentrant. - +
    +
    time_now
    The current unix timestamp +
    new_session @@ -887,10 +910,10 @@ supplied structure: session is now ready to handle traffic. - +
    +
    t
    Tunnel +
    s
    Session +
    kill_session @@ -898,10 +921,10 @@ supplied structure: This may be called multiple times for the same session. - +
    +
    t
    Tunnel +
    s
    Session +
    radius_response @@ -911,12 +934,24 @@ supplied structure: modules. - +
    +
    t
    Tunnel +
    s
    Session +
    key +
    value +
    + + + radius_reset + This is called whenever a RADIUS CoA request is + received to reset any options to default values before + the new values are applied. + + +
    +
    t
    Tunnel +
    s
    Session +
    control @@ -925,21 +960,13 @@ supplied structure: required. - +
    +
    iam_master
    Cluster master status +
    argc
    The number of arguments +
    argv
    Arguments +
    response
    Return value: NSCTL_RES_OK or NSCTL_RES_ERR +
    additional
    Extended response text +
    @@ -1031,22 +1058,6 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    -

    Avoiding Fragmentation

    - -Fragmentation of encapsulated return packets to the LAC may be avoided -for TCP sessions by adding a firewall rule to clamps the MSS on -outgoing SYN packets. - -The following is appropriate for interfaces with a typical MTU of -1500: - -
    -iptables -A FORWARD -i tun+ -o eth0 	\
    -    -p tcp --tcp-flags SYN,RST SYN	\
    -    -m tcpmss --mss 1413:1600		\
    -    -j TCPMSS --set-mss 1412
    -
    -

    Performance

    Performance is great.