X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/404aee88c9ed9281cb167dcb4b19fe212b943a88..567f8e36533551fe8c2e9f8c7d5258cae4d57023:/Docs/manual.html diff --git a/Docs/manual.html b/Docs/manual.html index ad4bbec..65d7f4c 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,6 +56,7 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • +
  • Avoiding Fragmentation
  • Performance
  • @@ -184,6 +185,13 @@ the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. +
  • ppp_restart_time (int)
    +ppp_max_configure (int)
    +ppp_max_failure (int)
    +PPP counter and timer values, as described in §4.1 of +RFC1661. +
  • +
  • primary_dns (ip address)
  • secondary_dns (ip address)
    Whenever a PPP connection is established, DNS servers will be sent to the @@ -228,6 +236,11 @@ A comma separated list of supported RADIUS authentication methods (pap or chap), in order of preference (default pap).
  • +
  • radius_dae_port (short)
    +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: 3799). +
  • +
  • allow_duplicate_users (boolean)
    Allow multiple logins with the same username. If false (the default), any prior session with the same username will be dropped when a new @@ -285,10 +298,6 @@ second. Even if this is disabled, you can see this information by running the uptime command on the CLI.
  • -
  • cleanup_interval (int)
    -Interval between regular cleanups (in seconds). -
  • -
  • multi_read_count (int)
    Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -699,12 +708,15 @@ killall -HUP l2tpns The signals understood are: - +
    +
    SIGHUP
    Reload the config from disk and re-open log file.
    +
    SIGTERM, SIGINT
    Stop process. Tunnels and sessions are not +terminated. This signal should be used to stop l2tpns on a +cluster node where there are other machines to +continue handling traffic.
    +
    SIGQUIT
    Shut down tunnels and sessions, exit process when +complete.
    +

    Throttling

    @@ -817,14 +829,14 @@ supplied structure: some way. - +
    +
    t
    Tunnel +
    s
    Session +
    username +
    password +
    protocol
    0xC023 for PAP, 0xC223 for CHAP +
    continue_auth
    Set to 0 to stop processing authentication modules +
    post_auth @@ -834,16 +846,16 @@ supplied structure: to be accepted. - + allow or disallow authentication +
    protocol
    0xC023 for PAP, 0xC223 for CHAP + packet_rx @@ -852,12 +864,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    packet_tx @@ -866,12 +878,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    timer @@ -880,9 +892,9 @@ supplied structure: you do is reentrant. - +
    +
    time_now
    The current unix timestamp +
    new_session @@ -890,10 +902,10 @@ supplied structure: session is now ready to handle traffic. - +
    +
    t
    Tunnel +
    s
    Session +
    kill_session @@ -901,10 +913,10 @@ supplied structure: This may be called multiple times for the same session. - +
    +
    t
    Tunnel +
    s
    Session +
    radius_response @@ -914,12 +926,24 @@ supplied structure: modules. - +
    +
    t
    Tunnel +
    s
    Session +
    key +
    value +
    + + + radius_reset + This is called whenever a RADIUS CoA request is + received to reset any options to default values before + the new values are applied. + + +
    +
    t
    Tunnel +
    s
    Session +
    control @@ -928,21 +952,13 @@ supplied structure: required. - +
    +
    iam_master
    Cluster master status +
    argc
    The number of arguments +
    argv
    Arguments +
    response
    Return value: NSCTL_RES_OK or NSCTL_RES_ERR +
    additional
    Extended response text +
    @@ -1034,6 +1050,22 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    +

    Avoiding Fragmentation

    + +Fragmentation of encapsulated return packets to the LAC may be avoided +for TCP sessions by adding a firewall rule to clamps the MSS on +outgoing SYN packets. + +The following is appropriate for interfaces with a typical MTU of +1500: + +
    +iptables -A FORWARD -i tun+ -o eth0 	\
    +    -p tcp --tcp-flags SYN,RST SYN	\
    +    -m tcpmss --mss 1413:1600		\
    +    -j TCPMSS --set-mss 1412
    +
    +

    Performance

    Performance is great.