X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/bb63cb999417e2fea8e70e498b8f8eb97a0edd80..e0c65e8957cf9863bae84eba3018a68b3f6d4866:/Docs/manual.html?ds=sidebyside diff --git a/Docs/manual.html b/Docs/manual.html index 8dd2532..a857d9b 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,6 +56,7 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • +
  • Avoiding Fragmentation
  • Performance
  • @@ -191,14 +192,6 @@ user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. -
  • save_state (boolean)
    -When l2tpns receives a STGTERM it will write out its current -ip_address_pool, session and tunnel tables to disk prior to exiting to -be re-loaded at startup. The validity of this data is obviously quite -short and the intent is to allow an sessions to be retained over a -software upgrade. -
  • -
  • primary_radius (ip address)
  • secondary_radius (ip address)
    Sets the RADIUS servers used for both authentication and accounting. @@ -231,6 +224,17 @@ This secret will be used in all RADIUS queries. If this is not set then RADIUS queries will fail.
  • +
  • radius_authtypes (string)
    +A comma separated list of supported RADIUS authentication methods +(pap or chap), in order of preference (default pap). +
  • + +
  • allow_duplicate_users (boolean)
    +Allow multiple logins with the same username. If false (the default), +any prior session with the same username will be dropped when a new +session is established. +
  • +
  • bind_address (ip address)
    When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -282,10 +286,6 @@ second. Even if this is disabled, you can see this information by running the uptime command on the CLI.
  • -
  • cleanup_interval (int)
    -Interval between regular cleanups (in seconds). -
  • -
  • multi_read_count (int)
    Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -332,6 +332,11 @@ Cluster heartbeat timeout in tenths of a second. A new master will be elected when this interval has been passed without seeing a heartbeat from the master.
  • + +
  • cluster_master_min_adv (int)
    +Determines the minumum number of up to date slaves required before the +master will drop routes (default: 1). +
  • BGP routing configuration is entered by the command: @@ -692,14 +697,10 @@ killall -HUP l2tpns The signals understood are:

    Throttling

    @@ -1030,6 +1031,22 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    +

    Avoiding Fragmentation

    + +Fragmentation of encapsulated return packets to the LAC may be avoided +for TCP sessions by adding a firewall rule to clamps the MSS on +outgoing SYN packets. + +The following is appropriate for interfaces with a typical MTU of +1500: + +
    +iptables -A FORWARD -i tun+ -o eth0 	\
    +    -p tcp --tcp-flags SYN,RST SYN	\
    +    -m tcpmss --mss 1413:1600		\
    +    -j TCPMSS --set-mss 1412
    +
    +

    Performance

    Performance is great.