X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/77498b8d0b42ed4d024e947751b535c2ec164cf6..35f10d93f4f2bbd5791dc0996a36f0ba8386576d:/Docs/manual.html?ds=inline diff --git a/Docs/manual.html b/Docs/manual.html index 1395e3a..d6930dd 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,7 +56,6 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • -
  • Avoiding Fragmentation
  • Performance
  • @@ -185,6 +184,18 @@ the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. +
  • l2tp_mtu (int)
    +MTU of interface for L2TP traffic (default: 1500). Used to set link +MRU and adjust TCP MSS. +
  • + +
  • ppp_restart_time (int)
    +ppp_max_configure (int)
    +ppp_max_failure (int)
    +PPP counter and timer values, as described in §4.1 of +RFC1661. +
  • +
  • primary_dns (ip address)
  • secondary_dns (ip address)
    Whenever a PPP connection is established, DNS servers will be sent to the @@ -229,6 +240,11 @@ A comma separated list of supported RADIUS authentication methods (pap or chap), in order of preference (default pap).
  • +
  • radius_dae_port (short)
    +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: 3799). +
  • +
  • allow_duplicate_users (boolean)
    Allow multiple logins with the same username. If false (the default), any prior session with the same username will be dropped when a new @@ -236,15 +252,22 @@ session is established.
  • bind_address (ip address)
    -When the tun interface is created, it is assigned the address -specified here. If no address is given, 1.1.1.1 is used. Packets -containing user traffic should be routed via this address if given, -otherwise the primary address of the machine. +It's the listen address of the l2tp udp protocol sent and received +to LAC. This address is also assigned to the tun interface if no +iftun_address is specified. Packets containing user traffic should be +routed via this address if given, otherwise the primary address of the +machine. +
  • + +
  • iftun_address (ip address)
    +This parameter is used when you want a tun interface address different +from the address of "bind_address" (For use in cases of specific configuration). +If no address is given to iftun_address and bind_address, 1.1.1.1 is used.
  • peer_address (ip address)
    Address to send to clients as the default gateway. - +
  • send_garp (boolean)
    Determines whether or not to send a gratuitous ARP for the @@ -323,6 +346,10 @@ on Clustering for more information. Interface for cluster packets (default: eth0).
  • +
  • cluster_mcast_ttl (int)
    +TTL for multicast packets (default: 1). +
  • +
  • cluster_hb_interval (int)
    Interval in tenths of a second between cluster heartbeat/pings.
  • @@ -337,8 +364,38 @@ from the master. Determines the minumum number of up to date slaves required before the master will drop routes (default: 1). + +
  • echo_timeout (int)
    +Time between last packet sent and LCP ECHO generation +(default: 10 (seconds)). +
  • + +
  • idle_echo_timeout (int)
    +Drop sessions who have not responded within idle_echo_timeout seconds +(default: 240 (seconds)) +
  • + +
  • bind_address_remotelns (ip address)
    +Address of the interface to listen the remote LNS tunnels. +If no address is given, all interfaces are listened (Any Address). +
  • + +
  • bind_portremotelns (short)
    +Port to bind for the Remote LNS (default: 65432). +
  • + +

    The REMOTES LNS configuration is entered by the command: +

    setforward MASK IP PORT SECRET
    + +where MASK specifies the mask of users who have forwarded to +remote LNS (ex: /myISP@company.com).
    +where IP specifies the IP of the remote LNS (ex: 66.66.66.55).
    +where PORT specifies the L2TP Port of the remote LNS +(Normally should be 1701) (ex: 1701).
    +where SECRET specifies the secret password the remote LNS (ex: mysecret).
    +

    BGP routing configuration is entered by the command: The routing configuration section is entered by the command

    router bgp as
    @@ -817,14 +874,14 @@ supplied structure: some way. - +
    +
    t
    Tunnel +
    s
    Session +
    username +
    password +
    protocol
    0xC023 for PAP, 0xC223 for CHAP +
    continue_auth
    Set to 0 to stop processing authentication modules +
    post_auth @@ -834,16 +891,16 @@ supplied structure: to be accepted. - + allow or disallow authentication +
    protocol
    0xC023 for PAP, 0xC223 for CHAP + packet_rx @@ -852,12 +909,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    packet_tx @@ -866,12 +923,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    timer @@ -880,9 +937,9 @@ supplied structure: you do is reentrant. - +
    +
    time_now
    The current unix timestamp +
    new_session @@ -890,10 +947,10 @@ supplied structure: session is now ready to handle traffic. - +
    +
    t
    Tunnel +
    s
    Session +
    kill_session @@ -901,10 +958,10 @@ supplied structure: This may be called multiple times for the same session. - +
    +
    t
    Tunnel +
    s
    Session +
    radius_response @@ -914,12 +971,24 @@ supplied structure: modules. - +
    +
    t
    Tunnel +
    s
    Session +
    key +
    value +
    + + + radius_reset + This is called whenever a RADIUS CoA request is + received to reset any options to default values before + the new values are applied. + + +
    +
    t
    Tunnel +
    s
    Session +
    control @@ -928,21 +997,13 @@ supplied structure: required. - +
    +
    iam_master
    Cluster master status +
    argc
    The number of arguments +
    argv
    Arguments +
    response
    Return value: NSCTL_RES_OK or NSCTL_RES_ERR +
    additional
    Extended response text +
    @@ -1034,22 +1095,6 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    -

    Avoiding Fragmentation

    - -Fragmentation of encapsulated return packets to the LAC may be avoided -for TCP sessions by adding a firewall rule to clamps the MSS on -outgoing SYN packets. - -The following is appropriate for interfaces with a typical MTU of -1500: - -
    -iptables -A FORWARD -i tun+ -o eth0 	\
    -    -p tcp --tcp-flags SYN,RST SYN	\
    -    -m tcpmss --mss 1413:1600		\
    -    -j TCPMSS --set-mss 1412
    -
    -

    Performance

    Performance is great.