X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/17552803b25d07f0df3add1ede410ec72afa099c..c7b02a09277af710d0e77813ca644a50737e9ac5:/Docs/manual.html?ds=sidebyside diff --git a/Docs/manual.html b/Docs/manual.html index b95858b..5c830f2 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -184,6 +184,18 @@ the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. </LI> +<LI><B>l2tp_mtu</B> (int)<BR> +MTU of interface for L2TP traffic (default: 1500). Used to set link +MRU and adjust TCP MSS. +</LI> + +<LI><B>ppp_restart_time</B> (int)<BR> +<B>ppp_max_configure</B> (int)<BR> +<B>ppp_max_failure</B> (int)<BR> +PPP counter and timer values, as described in §4.1 of +<a href="ftp://ftp.rfc-editor.org/in-notes/rfc1661.txt">RFC1661</a>. +</LI> + <LI><B>primary_dns</B> (ip address) <LI><B>secondary_dns</B> (ip address)<BR> Whenever a PPP connection is established, DNS servers will be sent to the @@ -191,14 +203,6 @@ user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. </LI> -<LI><B>save_state</B> (boolean)<BR> -When l2tpns receives a STGTERM it will write out its current -ip_address_pool, session and tunnel tables to disk prior to exiting to -be re-loaded at startup. The validity of this data is obviously quite -short and the intent is to allow an sessions to be retained over a -software upgrade. -</LI> - <LI><B>primary_radius</B> (ip address) <LI><B>secondary_radius</B> (ip address)<BR> Sets the RADIUS servers used for both authentication and accounting. @@ -231,6 +235,22 @@ This secret will be used in all RADIUS queries. If this is not set then RADIUS queries will fail. </LI> +<LI><B>radius_authtypes</B> (string)</BR> +A comma separated list of supported RADIUS authentication methods +(<B>pap</B> or <B>chap</B>), in order of preference (default <B>pap</B>). +</LI> + +<LI><B>radius_dae_port</B> (short)<BR> +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: <B>3799</B>). +</LI> + +<LI><B>allow_duplicate_users</B> (boolean)</BR> +Allow multiple logins with the same username. If false (the default), +any prior session with the same username will be dropped when a new +session is established. +</LI> + <LI><B>bind_address</B> (ip address)<BR> When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -282,10 +302,6 @@ second. Even if this is disabled, you can see this information by running the <EM>uptime</EM> command on the CLI. </LI> -<LI><B>cleanup_interval</B> (int)<BR> -Interval between regular cleanups (in seconds). -</LI> - <LI><B>multi_read_count</B> (int)<BR> Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -307,6 +323,13 @@ Keep all pages mapped by the l2tpns process in memory. Maximum number of host unreachable ICMP packets to send per second. </LI> +<LI><B>packet_limit</B> (int><BR> +Maximum number of packets of downstream traffic to be handled each +tenth of a second per session. If zero, no limit is applied (default: +0). Intended as a DoS prevention mechanism and not a general +throttling control (packets are dropped, not queued). +</LI> + <LI><B>cluster_address</B> (ip address)<BR> Multicast cluster address (default: 239.192.13.13). See the section on <A HREF="#Clustering">Clustering</A> for more information. @@ -316,6 +339,10 @@ on <A HREF="#Clustering">Clustering</A> for more information. Interface for cluster packets (default: eth0). </LI> +<LI><B>cluster_mcast_ttl</B> (int)<BR> +TTL for multicast packets (default: 1). +</LI> + <LI><B>cluster_hb_interval</B> (int)<BR> Interval in tenths of a second between cluster heartbeat/pings. </LI> @@ -325,6 +352,11 @@ Cluster heartbeat timeout in tenths of a second. A new master will be elected when this interval has been passed without seeing a heartbeat from the master. </LI> + +<LI><B>cluster_master_min_adv</B> (int)<BR> +Determines the minumum number of up to date slaves required before the +master will drop routes (default: 1). +</LI> </UL> <P>BGP routing configuration is entered by the command: @@ -684,16 +716,15 @@ killall -HUP l2tpns </PRE> The signals understood are: -<UL> -<LI>SIGHUP - Reload the config from disk and re-open log file<P></LI> -<LI>SIGTERM / SIGINT - Shut down for a restart. This will dump the current -state to disk (if <EM>save_state</EM> is set to true). Upon restart, the -process will read this saved state to resume active sessions.<P> -<LI>SIGQUIT - Shut down cleanly. This will send a disconnect message for -every active session and tunnel before shutting down. This is a good idea -when upgrading the code, as no sessions will be left with the remote end -thinking they are open.</LI> -</UL> +<DL> +<DT>SIGHUP</DT><DD>Reload the config from disk and re-open log file.</DD> +<DT>SIGTERM, SIGINT</DT><DD>Stop process. Tunnels and sessions are not +terminated. This signal should be used to stop l2tpns on a +<A HREF="#Clustering">cluster node</A> where there are other machines to +continue handling traffic.</DD> +<DT>SIGQUIT</DT><DD>Shut down tunnels and sessions, exit process when +complete.</DD> +</DL> <H2 ID="Throttling">Throttling</H2> @@ -806,14 +837,14 @@ supplied structure: some way. </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - <LI>username</LI> - <LI>password</LI> - <LI>protocol (0xC023 for PAP, 0xC223 for CHAP)</LI> - <LI>continue_auth - Set to 0 to stop processing authentication modules</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + <DT>username + <DT>password + <DT>protocol<DD>0xC023 for PAP, 0xC223 for CHAP + <DT>continue_auth<DD>Set to 0 to stop processing authentication modules + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>post_auth</B></TD> @@ -823,16 +854,16 @@ supplied structure: to be accepted. </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - <LI>username</LI> - <LI>auth_allowed - This is already set to true or + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + <DT>username + <DT>auth_allowed<DD>This is already set to true or false depending on whether authentication has been allowed so far. You can set this to 1 or 0 to force - allow or disallow authentication</LI> - <LI>protocol (0xC023 for PAP, 0xC223 for CHAP)</LI> - </UL> + allow or disallow authentication + <DT>protocol<DD>0xC023 for PAP, 0xC223 for CHAP + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>packet_rx</B></TD> @@ -841,12 +872,12 @@ supplied structure: seriously slow down the system.</FONT> </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - <LI>buf - The raw packet data</LI> - <LI>len - The length of buf</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + <DT>buf<DD>The raw packet data + <DT>len<DD>The length of buf + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>packet_tx</B></TD> @@ -855,12 +886,12 @@ supplied structure: seriously slow down the system.</FONT> </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - <LI>buf - The raw packet data</LI> - <LI>len - The length of buf</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + <DT>buf<DD>The raw packet data + <DT>len<DD>The length of buf + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>timer</B></TD> @@ -869,9 +900,9 @@ supplied structure: you do is reentrant. </TD> <TD> - <UL> - <LI>time_now - The current unix timestamp</LI> - </UL> + <DL> + <DT>time_now<DD>The current unix timestamp + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>new_session</B></TD> @@ -879,10 +910,10 @@ supplied structure: session is now ready to handle traffic. </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>kill_session</B></TD> @@ -890,10 +921,10 @@ supplied structure: This may be called multiple times for the same session. </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>radius_response</B></TD> @@ -903,12 +934,24 @@ supplied structure: modules. </TD> <TD> - <UL> - <LI>t - Tunnel ID</LI> - <LI>s - Session ID</LI> - <LI>key</LI> - <LI>value</LI> - </UL> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + <DT>key + <DT>value + </DL> + </TD> + </TR> + <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>radius_reset</B></TD> + <TD>This is called whenever a RADIUS CoA request is + received to reset any options to default values before + the new values are applied. + </TD> + <TD> + <DL> + <DT>t<DD>Tunnel + <DT>s<DD>Session + </DL> </TD> </TR> <TR VALIGN=TOP BGCOLOR=WHITE><TD><B>control</B></TD> @@ -917,21 +960,13 @@ supplied structure: required. </TD> <TD> - <UL> - <LI>buf - The raw packet data</LI> - <LI>l - The raw packet data length</LI> - <LI>source_ip - Where the request came from</LI> - <LI>source_port - Where the request came from</LI> - <LI>response - Allocate a buffer and put your response in here</LI> - <LI>response_length - Length of response</LI> - <LI>send_response - true or false whether a response - should be sent. If you set this to true, you must - allocate a response buffer.</LI> - <LI>type - Type of request (see nsctl.c)</LI> - <LI>id - ID of request</LI> - <LI>data - I'm really not sure</LI> - <LI>data_length - Length of data</LI> - </UL> + <DL> + <DT>iam_master<DD>Cluster master status + <DT>argc<DD>The number of arguments + <DT>argv<DD>Arguments + <DT>response<DD>Return value: NSCTL_RES_OK or NSCTL_RES_ERR + <DT>additional<DD>Extended response text + </DL> </TD> </TR> </TABLE>