X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/3057f5e655405b7ba84a559213a1dbaaa3eaaab6..c98bf0cb8b1e6144f57e6e12b75dcf7c0512746b:/Docs/startup-config.5 diff --git a/Docs/startup-config.5 b/Docs/startup-config.5 index c1112ff..35d5346 100644 --- a/Docs/startup-config.5 +++ b/Docs/startup-config.5 @@ -2,7 +2,7 @@ .de Id .ds Dt \\$4 \\$5 .. -.Id $Id: startup-config.5,v 1.2 2004-11-27 05:19:54 bodea Exp $ +.Id $Id: startup-config.5,v 1.7 2005-05-10 11:59:25 bodea Exp $ .TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions" .SH NAME startup\-config \- configuration file for l2tpns @@ -51,6 +51,11 @@ is any one of the syslog logging facilities, such as If set, the process id will be written to the specified file. The value must be an absolute path. .TP +.B random_device +Path to random data source (default +.BR /dev/urandom ). +Use "" to use the rand() library function. +.TP .B l2tp_secret The secret used by .B l2tpns @@ -63,14 +68,6 @@ Whenever a PPP connection is established, DNS servers will be sent to the user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. .TP -.B save_state -When -.B l2tpns -receives a STGTERM it will write out its current ip_address_pool, -session and tunnel tables to disk prior to exiting to be re-loaded at -startup. The validity of this data is obviously quite short and the -intent is to allow an sessions to be retained over a software upgrade. -.TP .BR primary_radius , " secondary_radius" Sets the RADIUS servers used for both authentication and accounting. If the primary server does not respond, then the secondary RADIUS @@ -90,9 +87,22 @@ and a .B Stop record when the session is closed. .TP +.B radius_interim +If +.B radius_accounting +is on, defines the interval between sending of RADIUS interim +accounting records (in seconds). Note: checking of this interval +occurs no more frequently than +.B cleanup_interval +seconds (see below). +.TP .B radius_secret Secret to be used in RADIUS packets. .TP +.B radius_authtypes +A comma separated list of supported RADIUS authentication methods +("pap" or "chap"), in order of preference (default "pap"). +.TP .B bind_address When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -105,7 +115,7 @@ Address to send to clients as the default gateway. .B send_garp Determines whether or not to send a gratuitous ARP for the .B bind_address -when the server is ready to handle traffic (default: true). This +when the server is ready to handle traffic (default: true). This setting is ignored if BGP is configured. .TP .B throttle_speed @@ -127,8 +137,7 @@ doesn't work properly. If set to true, then the current bandwidth utilization will be logged every second. Even if this is disabled, you can see this information by running the -.B -uptime +.B uptime command on the CLI. .TP .B cleanup_interval @@ -160,6 +169,12 @@ process in memory. .B icmp_rate Maximum number of host unreachable ICMP packets to send per second. .TP +.B packet_limit +Maximum number of packets of downstream traffic to be handled each +tenth of a second per session. If zero, no limit is applied (default: +0). Intended as a DoS prevention mechanism and not a general +throttling control (packets are dropped, not queued). +.TP .B cluster_address Multicast cluster address (default: 239.192.13.13). .TP @@ -173,6 +188,11 @@ Interval in tenths of a second between cluster heartbeat/pings. Cluster heartbeat timeout in tenths of a second. A new master will be elected when this interval has been passed without seeing a heartbeat from the master. +.TP +.B ipv6_prefix +Enable negotiation of IPv6. This forms the the first 64 bits of the +client allocated address. The remaining 64 come from the allocated +IPv4 address and 4 bytes of 0s. .RE .SS BGP ROUTING The routing configuration section is entered by the command @@ -275,11 +295,8 @@ and .I dest are as described above for standard lists. .PP -For -.B tcp -and -.B udp -matches, source and destination may be optionally followed by a +For TCP and UDP matches, source and destination may be optionally +followed by a .I ports specification: .IP @@ -290,20 +307,33 @@ specification: range .I from to .PP -.B tcp -matches may also specify .I flags -to match against tcp header flags: -.IP +may be one of: +.RS +.HP .RB { match\-any | match\-all } .RB { + | - }{ fin | syn | rst | psh | ack | urg } \&... .br +Match packets with any or all of the tcp flags set +.RB ( + ) +or clear +.RB ( - ). +.HP .B established -.PP -.RB ' established ' -is shorthand for -.RB ' "match-any +ack +rst -syn" '. +.br +Match "established" TCP connections: packets with +.B RST +or +.B ACK +set, and +.B SYN +clear. +.HP +.B fragments +.br +Match IP fragments. May not be specified on rules with layer 4 +matches. .RE .SH SEE ALSO .BR l2tpns (8)