X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/3057f5e655405b7ba84a559213a1dbaaa3eaaab6..f7ec2b61a40a4940defb1cfe082fe41765c1fc7e:/Docs/startup-config.5?ds=sidebyside diff --git a/Docs/startup-config.5 b/Docs/startup-config.5 index c1112ff..97ebab9 100644 --- a/Docs/startup-config.5 +++ b/Docs/startup-config.5 @@ -2,7 +2,7 @@ .de Id .ds Dt \\$4 \\$5 .. -.Id $Id: startup-config.5,v 1.2 2004-11-27 05:19:54 bodea Exp $ +.Id $Id: startup-config.5,v 1.15 2005-09-16 05:04:31 bodea Exp $ .TH STARTUP-CONFIG 5 "\*(Dt" L2TPNS "File Formats and Conventions" .SH NAME startup\-config \- configuration file for l2tpns @@ -51,6 +51,11 @@ is any one of the syslog logging facilities, such as If set, the process id will be written to the specified file. The value must be an absolute path. .TP +.B random_device +Path to random data source (default +.BR /dev/urandom ). +Use "" to use the rand() library function. +.TP .B l2tp_secret The secret used by .B l2tpns @@ -58,19 +63,25 @@ for authenticating tunnel request. Must be the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. .TP +.B l2tp_mtu +MTU of interface for L2TP traffic (default: 1500). Used to set link +MRU and adjust TCP MSS. +.TP +.B ppp_restart_time +Restart timer for PPP protocol negotiation in seconds (default: 3). +.TP +.B ppp_max_configure +Number of configure requests to send before giving up (default: 10). +.TP +.B ppp_max_failure +Number of Configure-Nak requests to send before sending a +Configure-Reject (default: 5). +.TP .BR primary_dns , " secondary_dns" Whenever a PPP connection is established, DNS servers will be sent to the user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. .TP -.B save_state -When -.B l2tpns -receives a STGTERM it will write out its current ip_address_pool, -session and tunnel tables to disk prior to exiting to be re-loaded at -startup. The validity of this data is obviously quite short and the -intent is to allow an sessions to be retained over a software upgrade. -.TP .BR primary_radius , " secondary_radius" Sets the RADIUS servers used for both authentication and accounting. If the primary server does not respond, then the secondary RADIUS @@ -90,9 +101,28 @@ and a .B Stop record when the session is closed. .TP +.B radius_interim +If +.B radius_accounting +is on, defines the interval between sending of RADIUS interim +accounting records (in seconds). +.TP .B radius_secret Secret to be used in RADIUS packets. .TP +.B radius_authtypes +A comma separated list of supported RADIUS authentication methods +("pap" or "chap"), in order of preference (default "pap"). +.TP +.B radius_dae_port +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: 3799). +.TP +.B allow_duplicate_users +Allow multiple logins with the same username. If false (the default), +any prior session with the same username will be dropped when a new +session is established. +.TP .B bind_address When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -105,7 +135,7 @@ Address to send to clients as the default gateway. .B send_garp Determines whether or not to send a gratuitous ARP for the .B bind_address -when the server is ready to handle traffic (default: true). This +when the server is ready to handle traffic (default: true). This setting is ignored if BGP is configured. .TP .B throttle_speed @@ -127,13 +157,9 @@ doesn't work properly. If set to true, then the current bandwidth utilization will be logged every second. Even if this is disabled, you can see this information by running the -.B -uptime +.B uptime command on the CLI. .TP -.B cleanup_interval -Interval between regular cleanups (in seconds). -.TP .B multi_read_count Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -160,12 +186,21 @@ process in memory. .B icmp_rate Maximum number of host unreachable ICMP packets to send per second. .TP +.B packet_limit +Maximum number of packets of downstream traffic to be handled each +tenth of a second per session. If zero, no limit is applied (default: +0). Intended as a DoS prevention mechanism and not a general +throttling control (packets are dropped, not queued). +.TP .B cluster_address Multicast cluster address (default: 239.192.13.13). .TP .B cluster_interface Interface for cluster packets (default: eth0). .TP +.B cluster_mcast_ttl +TTL for multicast packets (default: 1). +.TP .B cluster_hb_interval Interval in tenths of a second between cluster heartbeat/pings. .TP @@ -173,6 +208,15 @@ Interval in tenths of a second between cluster heartbeat/pings. Cluster heartbeat timeout in tenths of a second. A new master will be elected when this interval has been passed without seeing a heartbeat from the master. +.TP +.B cluster_master_min_adv +Determines the minumum number of up to date slaves required before the +master will drop routes (default: 1). +.TP +.B ipv6_prefix +Enable negotiation of IPv6. This forms the the first 64 bits of the +client allocated address. The remaining 64 come from the allocated +IPv4 address and 4 bytes of 0s. .RE .SS BGP ROUTING The routing configuration section is entered by the command @@ -275,11 +319,8 @@ and .I dest are as described above for standard lists. .PP -For -.B tcp -and -.B udp -matches, source and destination may be optionally followed by a +For TCP and UDP matches, source and destination may be optionally +followed by a .I ports specification: .IP @@ -290,20 +331,33 @@ specification: range .I from to .PP -.B tcp -matches may also specify .I flags -to match against tcp header flags: -.IP +may be one of: +.RS +.HP .RB { match\-any | match\-all } .RB { + | - }{ fin | syn | rst | psh | ack | urg } \&... .br +Match packets with any or all of the tcp flags set +.RB ( + ) +or clear +.RB ( - ). +.HP .B established -.PP -.RB ' established ' -is shorthand for -.RB ' "match-any +ack +rst -syn" '. +.br +Match "established" TCP connections: packets with +.B RST +or +.B ACK +set, and +.B SYN +clear. +.HP +.B fragments +.br +Match IP fragments. May not be specified on rules with layer 4 +matches. .RE .SH SEE ALSO .BR l2tpns (8)