X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/9c77145f71b0e669421d00ae0b34680f875121ae..07e1df5b92a099b3b390822d0f594b175226dc01:/Docs/startup-config.5 diff --git a/Docs/startup-config.5 b/Docs/startup-config.5 index e76e269..e18c69f 100644 --- a/Docs/startup-config.5 +++ b/Docs/startup-config.5 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STARTUP-CONFIG.5 1" -.TH STARTUP-CONFIG.5 1 "2014-09-11" "perl v5.14.2" "User Contributed Perl Documentation" +.TH STARTUP-CONFIG.5 1 "2015-09-22" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,14 +184,14 @@ Allow multiple logins with the same username. If false (the default), any prior This parameter authorize to change the source \s-1IP\s0 of the tunnels l2tp. This parameter can be used when the remotes \s-1BAS/LAC\s0 are l2tpns server configured in cluster mode, but that the interface to remote \s-1LNS\s0 are not clustered (the tunnel can be coming from different source \s-1IP\s0) (default: no). .IP "\fBbind_address\fR (ip address)" 4 .IX Item "bind_address (ip address)" -It's the listen address of the l2tp udp protocol sent and received to \s-1LAC\s0. This address is also assigned to the tun interface if no iftun_address is specified. Packets containing user traffic should be routed via this address if given, otherwise the primary address of the machine. +It's the listen address of the l2tp udp protocol sent and received to \s-1LAC.\s0 This address is also assigned to the tun interface if no iftun_address is specified. Packets containing user traffic should be routed via this address if given, otherwise the primary address of the machine. .IP "\fBbind_multi_address\fR (ip address)" 4 .IX Item "bind_multi_address (ip address)" This parameter permit to listen several addresss of the l2tp udp protocol (and set several address to the tun interface). .Sp \&\s-1WHEN\s0 this parameter is set, It \s-1OVERWRITE\s0 the parameters \*(L"bind_address\*(R" and \*(L"iftun_address\*(R". .Sp -these can be interesting when you want do load-balancing in cluster mode of the uploaded from the \s-1LAC\s0. For example you can set a bgp.prepend(\s-1MY_AS\s0) for Address1 on \s-1LNS1\s0 and a bgp.prepend(\s-1MY_AS\s0) for Address2 on \s-1LNS2\s0 (see \s-1BGP\s0 AS-path prepending). +these can be interesting when you want do load-balancing in cluster mode of the uploaded from the \s-1LAC.\s0 For example you can set a bgp.prepend(\s-1MY_AS\s0) for Address1 on \s-1LNS1\s0 and a bgp.prepend(\s-1MY_AS\s0) for Address2 on \s-1LNS2 \s0(see \s-1BGP\s0 AS-path prepending). .Sp example of use with 2 address: .Sp @@ -232,13 +241,13 @@ Note that the higher you set the debugging level, the slower the program will ru .RE .IP "\fBdump_speed\fR (boolean)" 4 .IX Item "dump_speed (boolean)" -If set to true, then the current bandwidth utilization will be logged every second. Even if this is disabled, you can see this information by running the uptime command on the \s-1CLI\s0. +If set to true, then the current bandwidth utilization will be logged every second. Even if this is disabled, you can see this information by running the uptime command on the \s-1CLI.\s0 .IP "\fBdisable_sending_hello\fR (boolean)" 4 .IX Item "disable_sending_hello (boolean)" -Disable l2tp sending \s-1HELLO\s0 message for Apple compatibility. Some \s-1OS\s0 X implementation of l2tp no manage the L2TP \*(L"\s-1HELLO\s0 message\*(R". (default: no). +Disable l2tp sending \s-1HELLO\s0 message for Apple compatibility. Some \s-1OS X\s0 implementation of l2tp no manage the L2TP \*(L"\s-1HELLO\s0 message\*(R". (default: no). .IP "\fBecho_timeout\fR (int)" 4 .IX Item "echo_timeout (int)" -Time between last packet sent and \s-1LCP\s0 \s-1ECHO\s0 generation (default: 10 (seconds)). +Time between last packet sent and \s-1LCP ECHO\s0 generation (default: 10 (seconds)). .IP "\fBguest_account\fR" 4 .IX Item "guest_account" Allow multiple logins matching this specific username. @@ -253,10 +262,10 @@ Drop sessions who have not responded within idle_echo_timeout seconds (default: This parameter is used when you want a tun interface address different from the address of \*(L"bind_address\*(R" (For use in cases of specific configuration). If no address is given to iftun_address and bind_address, 1.1.1.1 is used. .IP "\fBl2tp_mtu\fR (int)" 4 .IX Item "l2tp_mtu (int)" -\&\s-1MTU\s0 of interface for L2TP traffic (default: 1500). Used to set link \s-1MRU\s0 and adjust \s-1TCP\s0 \s-1MSS\s0. +\&\s-1MTU\s0 of interface for L2TP traffic (default: 1500). Used to set link \s-1MRU\s0 and adjust \s-1TCP MSS.\s0 .IP "\fBl2tp_secret\fR (string)" 4 .IX Item "l2tp_secret (string)" -The secret used by l2tpns for authenticating tunnel request. Must be the same as the \s-1LAC\s0, or authentication will fail. Only actually be used if the \s-1LAC\s0 requests authentication. +The secret used by l2tpns for authenticating tunnel request. Must be the same as the \s-1LAC,\s0 or authentication will fail. Only actually be used if the \s-1LAC\s0 requests authentication. .IP "\fBlock_pages\fR (boolean)" 4 .IX Item "lock_pages (boolean)" Keep all pages mapped by the l2tpns process in memory. @@ -275,6 +284,9 @@ Address to send to clients as the default gateway. .IP "\fBpid_file\fR (string)" 4 .IX Item "pid_file (string)" If set, the process id will be written to the specified file. The value must be an absolute path. +.IP "\fBppp_keepalive\fR (boolean)" 4 +.IX Item "ppp_keepalive (boolean)" +Change this value to no to force generation of \s-1LCP ECHO\s0 every echo_timeout seconds, even there are activity on the link (default: yes) .IP "\fBppp_restart_time\fR (int)" 4 .IX Item "ppp_restart_time (int)" .PD 0 @@ -283,7 +295,7 @@ If set, the process id will be written to the specified file. The value must be .IP "\fBppp_max_failure\fR (int)" 4 .IX Item "ppp_max_failure (int)" .PD -\&\s-1PPP\s0 counter and timer values, as described in Section 4.1 of \s-1RFC1661\s0. +\&\s-1PPP\s0 counter and timer values, as described in Section 4.1 of \s-1RFC1661.\s0 .Sp \&\fIppp_restart_time\fR, Restart timer for \s-1PPP\s0 protocol negotiation in seconds (default: 3). .Sp @@ -315,16 +327,16 @@ This secret will be used in all \s-1RADIUS\s0 queries. If this is not set then \ A comma separated list of supported \s-1RADIUS\s0 authentication methods (\*(L"pap\*(R" or \*(L"chap\*(R"), in order of preference (default \*(L"pap\*(R"). .IP "\fBradius_dae_port\fR (short)" 4 .IX Item "radius_dae_port (short)" -Port for \s-1DAE\s0 \s-1RADIUS\s0 (Packet of Death/Disconnect, Change of Authorization) requests (default: 3799). +Port for \s-1DAE RADIUS \s0(Packet of Death/Disconnect, Change of Authorization) requests (default: 3799). .IP "\fBradius_bind_min\fR, \fBradius_bind_max\fR (int)" 4 .IX Item "radius_bind_min, radius_bind_max (int)" -Define a port range in which to bind sockets used to send and receive \s-1RADIUS\s0 packets. Must be at least \s-1RADIUS_FDS\s0 (64) wide. Simplifies firewalling of \s-1RADIUS\s0 ports (default: dynamically assigned). +Define a port range in which to bind sockets used to send and receive \s-1RADIUS\s0 packets. Must be at least \s-1RADIUS_FDS \s0(64) wide. Simplifies firewalling of \s-1RADIUS\s0 ports (default: dynamically assigned). .IP "\fBrandom_device\fR (string)" 4 .IX Item "random_device (string)" Path to random data source (default /dev/urandom). Use "" to use the \fIrand()\fR library function. .IP "\fBscheduler_fifo\fR (boolean)" 4 .IX Item "scheduler_fifo (boolean)" -Sets the scheduling policy for the l2tpns process to \s-1SCHED_FIFO\s0. This causes the kernel to immediately preempt any currently running \s-1SCHED_OTHER\s0 (normal) process in favour of l2tpns when it becomes runnable. Ignored on uniprocessor systems. +Sets the scheduling policy for the l2tpns process to \s-1SCHED_FIFO.\s0 This causes the kernel to immediately preempt any currently running \s-1SCHED_OTHER \s0(normal) process in favour of l2tpns when it becomes runnable. Ignored on uniprocessor systems. .IP "\fBsend_garp\fR (boolean)" 4 .IX Item "send_garp (boolean)" Determines whether or not to send a gratuitous \s-1ARP\s0 for the bind_address when the server is ready to handle traffic (default: true). This value is ignored if \s-1BGP\s0 is configured. @@ -333,7 +345,7 @@ Determines whether or not to send a gratuitous \s-1ARP\s0 for the bind_address w Name of the tun interface (default: \*(L"tun0\*(R"). .IP "\fBthrottle_speed\fR (int)" 4 .IX Item "throttle_speed (int)" -Sets the default speed (in kbits/s) which sessions will be limited to. If this is set to 0, then throttling will not be used at all. Note: You can set this by the \s-1CLI\s0, but changes will not affect currently connected users. +Sets the default speed (in kbits/s) which sessions will be limited to. If this is set to 0, then throttling will not be used at all. Note: You can set this by the \s-1CLI,\s0 but changes will not affect currently connected users. .IP "\fBthrottle_buckets\fR (int)" 4 .IX Item "throttle_buckets (int)" Number of token buckets to allocate for throttling. Each throttled session requires two buckets (in and out). @@ -357,27 +369,27 @@ The Domain Search List (ex: \*(L"fdn.fr\*(R") (see rfc3646). .IP "\fBipv6_prefix\fR (Ipv6 address)" 4 .IX Item "ipv6_prefix (Ipv6 address)" Enable negotiation of IPv6. This forms the the first 64 bits of the client allocated address. The remaining 64 come from the allocated IPv4 address and 4 bytes of 0. -.SS "\s-1LAC\s0 \s-1SETTINGS\s0" +.SS "\s-1LAC SETTINGS\s0" .IX Subsection "LAC SETTINGS" .IP "\fBbind_address_remotelns\fR (ip address)" 4 .IX Item "bind_address_remotelns (ip address)" Address of the interface to listen the remote \s-1LNS\s0 tunnels. If no address is given, all interfaces are listened (Any Address). .IP "\fBbind_portremotelns\fR (short)" 4 .IX Item "bind_portremotelns (short)" -Port to bind for the Remote \s-1LNS\s0 (default: 65432). +Port to bind for the Remote \s-1LNS \s0(default: 65432). .PP -A static \s-1REMOTES\s0 \s-1LNS\s0 configuration can be entered by the command: +A static \s-1REMOTES LNS\s0 configuration can be entered by the command: .IP "\fBsetforward\fR \fI\s-1MASK\s0\fR \fI\s-1IP\s0\fR \fI\s-1PORT\s0\fR \fI\s-1SECRET\s0\fR" 4 .IX Item "setforward MASK IP PORT SECRET" -where \s-1MASK\s0 specifies the mask of users who have forwarded to remote \s-1LNS\s0 (ex: \*(L"/friendISP@company.com\*(R"). +where \s-1MASK\s0 specifies the mask of users who have forwarded to remote \s-1LNS \s0(ex: \*(L"/friendISP@company.com\*(R"). .Sp -where \s-1IP\s0 specifies the \s-1IP\s0 of the remote \s-1LNS\s0 (ex: \*(L"66.66.66.55\*(R"). +where \s-1IP\s0 specifies the \s-1IP\s0 of the remote \s-1LNS \s0(ex: \*(L"66.66.66.55\*(R"). .Sp -where \s-1PORT\s0 specifies the L2TP Port of the remote \s-1LNS\s0 (Normally should be 1701) (ex: 1701). +where \s-1PORT\s0 specifies the L2TP Port of the remote \s-1LNS \s0(Normally should be 1701) (ex: 1701). .Sp -where \s-1SECRET\s0 specifies the secret password the remote \s-1LNS\s0 (ex: mysecret). +where \s-1SECRET\s0 specifies the secret password the remote \s-1LNS \s0(ex: mysecret). .PP -The static \s-1REMOTE\s0 \s-1LNS\s0 configuration can be used when the friend \s-1ISP\s0 not have a proxied Radius. +The static \s-1REMOTE LNS\s0 configuration can be used when the friend \s-1ISP\s0 not have a proxied Radius. .PP If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes: .IP "Tunnel\-Type:1 = L2TP" 4 @@ -385,8 +397,8 @@ If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes: .PD 0 .IP "Tunnel\-Medium\-Type:1 = IPv4" 4 .IX Item "Tunnel-Medium-Type:1 = IPv4" -.ie n .IP "Tunnel\-Password:1 = ""\s-1LESECRETL2TP\s0""" 4 -.el .IP "Tunnel\-Password:1 = ``\s-1LESECRETL2TP\s0''" 4 +.ie n .IP "Tunnel\-Password:1 = ""\s-1LESECRETL2TP""\s0" 4 +.el .IP "Tunnel\-Password:1 = ``\s-1LESECRETL2TP''\s0" 4 .IX Item "Tunnel-Password:1 = LESECRETL2TP" .ie n .IP "Tunnel\-Server\-Endpoint:1 = ""88.xx.xx.x1""" 4 .el .IP "Tunnel\-Server\-Endpoint:1 = ``88.xx.xx.x1''" 4 @@ -398,8 +410,8 @@ If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes: .IX Item "Tunnel-Type:2 += L2TP" .IP "Tunnel\-Medium\-Type:2 += IPv4" 4 .IX Item "Tunnel-Medium-Type:2 += IPv4" -.ie n .IP "Tunnel\-Password:2 += ""\s-1LESECRETL2TP\s0""" 4 -.el .IP "Tunnel\-Password:2 += ``\s-1LESECRETL2TP\s0''" 4 +.ie n .IP "Tunnel\-Password:2 += ""\s-1LESECRETL2TP""\s0" 4 +.el .IP "Tunnel\-Password:2 += ``\s-1LESECRETL2TP''\s0" 4 .IX Item "Tunnel-Password:2 += LESECRETL2TP" .ie n .IP "Tunnel\-Server\-Endpoint:2 += ""88.xx.xx.x2""" 4 .el .IP "Tunnel\-Server\-Endpoint:2 += ``88.xx.xx.x2''" 4 @@ -408,7 +420,7 @@ If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes: .el .IP "Tunnel\-Assignment\-Id:2 += ``friendisp_lns2''" 4 .IX Item "Tunnel-Assignment-Id:2 += friendisp_lns2" .PD -.SS "\s-1PPPOE\s0 \s-1SETTINGS\s0" +.SS "\s-1PPPOE SETTINGS\s0" .IX Subsection "PPPOE SETTINGS" .IP "\fBpppoe_if_to_bind\fR (string)" 4 .IX Item "pppoe_if_to_bind (string)" @@ -422,7 +434,7 @@ If a proxied Radius is used, It will return the \s-1RADIUS\s0 attributes: .IP "\fBpppoe_only_equal_svc_name\fR (boolean)" 4 .IX Item "pppoe_only_equal_svc_name (boolean)" If set to yes, the \s-1PPPOE\s0 server only accepts clients with a \*(L"service-name\*(R" different from \s-1NULL\s0 and a \*(L"service-name\*(R" equal to server \*(L"service-name\*(R" (default: no). -.SS "\s-1BGP\s0 \s-1ROUTING\s0" +.SS "\s-1BGP ROUTING\s0" .IX Subsection "BGP ROUTING" The routing configuration section is entered by the command .PP @@ -437,7 +449,7 @@ Subsequent lines prefixed with \fBneighbour\fR \fIpeer\fR define the attributes \&\fBneighbour\fR \fIpeer\fR \fBtimers\fR \fIkeepalive\fR \fIhold\fR .PP Where \fIpeer\fR specifies the \s-1BGP\s0 neighbour as either a hostname or \s-1IP\s0 address, \fIas\fR is the remote \s-1AS\s0 number and \fIkeepalive\fR, \fIhold\fR are the timer values in seconds. -.SS "\s-1NAMED\s0 \s-1ACCESS\s0 \s-1LISTS\s0" +.SS "\s-1NAMED ACCESS LISTS\s0" .IX Subsection "NAMED ACCESS LISTS" Named access lists may be defined with either of .IP "\(bu" 4