X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/8261839e1625710ec2c3db3bb569f5dfb5881fa3..fd021320eca6d370c46de3893c113b4fd72f6f9a:/Docs/manual.html
diff --git a/Docs/manual.html b/Docs/manual.html
index ff7f0b3..5c830f2 100644
--- a/Docs/manual.html
+++ b/Docs/manual.html
@@ -56,7 +56,6 @@ H3 {
Filtering
Clustering
Routing
- Avoiding Fragmentation
Performance
@@ -185,6 +184,18 @@ the same as the LAC, or authentication will fail. Only actually be
used if the LAC requests authentication.
+l2tp_mtu (int)
+MTU of interface for L2TP traffic (default: 1500). Used to set link
+MRU and adjust TCP MSS.
+
+
+ppp_restart_time (int)
+ppp_max_configure (int)
+ppp_max_failure (int)
+PPP counter and timer values, as described in §4.1 of
+RFC1661.
+
+
primary_dns (ip address)
secondary_dns (ip address)
Whenever a PPP connection is established, DNS servers will be sent to the
@@ -229,6 +240,11 @@ A comma separated list of supported RADIUS authentication methods
(pap or chap), in order of preference (default pap).
+radius_dae_port (short)
+Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization)
+requests (default: 3799).
+
+
allow_duplicate_users (boolean)
Allow multiple logins with the same username. If false (the default),
any prior session with the same username will be dropped when a new
@@ -323,6 +339,10 @@ on Clustering for more information.
Interface for cluster packets (default: eth0).
+cluster_mcast_ttl (int)
+TTL for multicast packets (default: 1).
+
+
cluster_hb_interval (int)
Interval in tenths of a second between cluster heartbeat/pings.
@@ -702,7 +722,8 @@ The signals understood are:
terminated. This signal should be used to stop l2tpns on a
cluster node where there are other machines to
continue handling traffic.
-SIGQUITShut down: closes sessions and tunnels.
+SIGQUITShut down tunnels and sessions, exit process when
+complete.
Throttling
@@ -816,14 +837,14 @@ supplied structure:
some way.
-
- - t - Tunnel ID
- - s - Session ID
- - username
- - password
- - protocol (0xC023 for PAP, 0xC223 for CHAP)
- - continue_auth - Set to 0 to stop processing authentication modules
-
+
+ - t
- Tunnel
+
- s
- Session
+
- username
+
- password
+
- protocol
- 0xC023 for PAP, 0xC223 for CHAP
+
- continue_auth
- Set to 0 to stop processing authentication modules
+
|
post_auth |
@@ -833,16 +854,16 @@ supplied structure:
to be accepted.
-
- - t - Tunnel ID
- - s - Session ID
- - username
- - auth_allowed - This is already set to true or
+
+ - t
- Tunnel
+
- s
- Session
+
- username
+
- auth_allowed
- This is already set to true or
false depending on whether authentication has been
allowed so far. You can set this to 1 or 0 to force
- allow or disallow authentication
- - protocol (0xC023 for PAP, 0xC223 for CHAP)
-
+ allow or disallow authentication
+ protocol0xC023 for PAP, 0xC223 for CHAP
+
|
packet_rx |
@@ -851,12 +872,12 @@ supplied structure:
seriously slow down the system.
-
- - t - Tunnel ID
- - s - Session ID
- - buf - The raw packet data
- - len - The length of buf
-
+
+ - t
- Tunnel
+
- s
- Session
+
- buf
- The raw packet data
+
- len
- The length of buf
+
|
packet_tx |
@@ -865,12 +886,12 @@ supplied structure:
seriously slow down the system.
-
- - t - Tunnel ID
- - s - Session ID
- - buf - The raw packet data
- - len - The length of buf
-
+
+ - t
- Tunnel
+
- s
- Session
+
- buf
- The raw packet data
+
- len
- The length of buf
+
|
timer |
@@ -879,9 +900,9 @@ supplied structure:
you do is reentrant.
-
- - time_now - The current unix timestamp
-
+
+ - time_now
- The current unix timestamp
+
|
new_session |
@@ -889,10 +910,10 @@ supplied structure:
session is now ready to handle traffic.
-
- - t - Tunnel ID
- - s - Session ID
-
+
+ - t
- Tunnel
+
- s
- Session
+
|
kill_session |
@@ -900,10 +921,10 @@ supplied structure:
This may be called multiple times for the same session.
-
- - t - Tunnel ID
- - s - Session ID
-
+
+ - t
- Tunnel
+
- s
- Session
+
|
radius_response |
@@ -913,12 +934,24 @@ supplied structure:
modules.
-
- - t - Tunnel ID
- - s - Session ID
- - key
- - value
-
+
+ - t
- Tunnel
+
- s
- Session
+
- key
+
- value
+
+ |
+
+ radius_reset |
+ This is called whenever a RADIUS CoA request is
+ received to reset any options to default values before
+ the new values are applied.
+ |
+
+
+ - t
- Tunnel
+
- s
- Session
+
|
control |
@@ -927,21 +960,13 @@ supplied structure:
required.
-
- - buf - The raw packet data
- - l - The raw packet data length
- - source_ip - Where the request came from
- - source_port - Where the request came from
- - response - Allocate a buffer and put your response in here
- - response_length - Length of response
- - send_response - true or false whether a response
- should be sent. If you set this to true, you must
- allocate a response buffer.
- - type - Type of request (see nsctl.c)
- - id - ID of request
- - data - I'm really not sure
- - data_length - Length of data
-
+
+ - iam_master
- Cluster master status
+
- argc
- The number of arguments
+
- argv
- Arguments
+
- response
- Return value: NSCTL_RES_OK or NSCTL_RES_ERR
+
- additional
- Extended response text
+
|
@@ -1033,22 +1058,6 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you
can use "maximum-paths" (which works for EBGP) and set
as_number to a private value such as 64512.
-
Avoiding Fragmentation
-
-Fragmentation of encapsulated return packets to the LAC may be avoided
-for TCP sessions by adding a firewall rule to clamps the MSS on
-outgoing SYN packets.
-
-The following is appropriate for interfaces with a typical MTU of
-1500:
-
-
-iptables -A FORWARD -i tun+ -o eth0 \
- -p tcp --tcp-flags SYN,RST SYN \
- -m tcpmss --mss 1413:1600 \
- -j TCPMSS --set-mss 1412
-
-
Performance is great.