X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/be29ef6cb251dbcf421701a44333520a755aecae..1f48c2907f50134331af26fa6161a27075adac28:/Docs/manual.html?ds=inline
diff --git a/Docs/manual.html b/Docs/manual.html
index 3d1adf9..4215189 100644
--- a/Docs/manual.html
+++ b/Docs/manual.html
@@ -184,6 +184,18 @@ the same as the LAC, or authentication will fail. Only actually be
used if the LAC requests authentication.
+
l2tp_mtu (int)
+MTU of interface for L2TP traffic (default: 1500). Used to set link
+MRU and adjust TCP MSS.
+
+
+ppp_restart_time (int)
+ppp_max_configure (int)
+ppp_max_failure (int)
+PPP counter and timer values, as described in §4.1 of
+RFC1661.
+
+
primary_dns (ip address)
secondary_dns (ip address)
Whenever a PPP connection is established, DNS servers will be sent to the
@@ -223,16 +235,43 @@ This secret will be used in all RADIUS queries. If this is not set then
RADIUS queries will fail.
+radius_authtypes (string)
+A comma separated list of supported RADIUS authentication methods
+(pap or chap), in order of preference (default pap).
+
+
+radius_dae_port (short)
+Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization)
+requests (default: 3799).
+
+
+allow_duplicate_users (boolean)
+Allow multiple logins with the same username. If false (the default),
+any prior session with the same username will be dropped when a new
+session is established.
+
+
bind_address (ip address)
-When the tun interface is created, it is assigned the address
-specified here. If no address is given, 1.1.1.1 is used. Packets
-containing user traffic should be routed via this address if given,
-otherwise the primary address of the machine.
+It's the listen address of the l2tp udp protocol sent and received
+to LAC. This address is also assigned to the tun interface if no
+iftun_address is specified. Packets containing user traffic should be
+routed via this address if given, otherwise the primary address of the
+machine.
+
+
+iftun_address (ip address)
+This parameter is used when you want a tun interface address different
+from the address of "bind_address" (For use in cases of specific configuration).
+If no address is given to iftun_address and bind_address, 1.1.1.1 is used.
+
+
+tundevicename (string)
+Name of the tun interface (default: "tun0").
peer_address (ip address)
Address to send to clients as the default gateway.
-
+
send_garp (boolean)
Determines whether or not to send a gratuitous ARP for the
@@ -274,10 +313,6 @@ second. Even if this is disabled, you can see this information by running
the uptime command on the CLI.
-cleanup_interval (int)
-Interval between regular cleanups (in seconds).
-
-
multi_read_count (int)
Number of packets to read off each of the UDP and TUN fds when
returned as readable by select (default: 10). Avoids incurring the
@@ -315,6 +350,10 @@ on Clustering for more information.
Interface for cluster packets (default: eth0).
+cluster_mcast_ttl (int)
+TTL for multicast packets (default: 1).
+
+
cluster_hb_interval (int)
Interval in tenths of a second between cluster heartbeat/pings.
@@ -324,8 +363,51 @@ Cluster heartbeat timeout in tenths of a second. A new master will be
elected when this interval has been passed without seeing a heartbeat
from the master.
+
+cluster_master_min_adv (int)
+Determines the minumum number of up to date slaves required before the
+master will drop routes (default: 1).
+
+
+echo_timeout (int)
+Time between last packet sent and LCP ECHO generation
+(default: 10 (seconds)).
+
+
+idle_echo_timeout (int)
+Drop sessions who have not responded within idle_echo_timeout seconds
+(default: 240 (seconds))
+
+
+bind_address_remotelns (ip address)
+Address of the interface to listen the remote LNS tunnels.
+If no address is given, all interfaces are listened (Any Address).
+
+
+bind_portremotelns (short)
+Port to bind for the Remote LNS (default: 65432).
+
+
+auth_tunnel_change_addr_src (boolean)
+This parameter authorize to change the source IP of the tunnels l2tp.
+This parameter can be used when the remotes BAS/LAC are l2tpns server
+configured in cluster mode, but that the interface to remote LNS are
+not clustered (the tunnel can be coming from different source IP)
+(default: no).
+
+
+The REMOTES LNS configuration is entered by the command:
+
- setforward MASK IP PORT SECRET
+
+where MASK specifies the mask of users who have forwarded to
+remote LNS (ex: /myISP@company.com).
+where IP specifies the IP of the remote LNS (ex: 66.66.66.55).
+where PORT specifies the L2TP Port of the remote LNS
+(Normally should be 1701) (ex: 1701).
+where SECRET specifies the secret password the remote LNS (ex: mysecret).
+
BGP routing configuration is entered by the command:
The routing configuration section is entered by the command
- router bgp as
@@ -683,12 +765,15 @@ killall -HUP l2tpns
The signals understood are:
-
-- SIGHUP - Reload the config from disk and re-open log file
-- SIGTERM / SIGINT - Shut down.
-- SIGQUIT - Shut down cleanly. This will send a disconnect message for
-every active session and tunnel before shutting down.
-
+
+- SIGHUP
- Reload the config from disk and re-open log file.
+- SIGTERM, SIGINT
- Stop process. Tunnels and sessions are not
+terminated. This signal should be used to stop l2tpns on a
+cluster node where there are other machines to
+continue handling traffic.
+- SIGQUIT
- Shut down tunnels and sessions, exit process when
+complete.
+
Throttling
@@ -801,14 +886,14 @@ supplied structure:
some way.
-
- - t - Tunnel ID
- - s - Session ID
- - username
- - password
- - protocol (0xC023 for PAP, 0xC223 for CHAP)
- - continue_auth - Set to 0 to stop processing authentication modules
-
+
+ - t
- Tunnel
+
- s
- Session
+
- username
+
- password
+
- protocol
- 0xC023 for PAP, 0xC223 for CHAP
+
- continue_auth
- Set to 0 to stop processing authentication modules
+
|
post_auth |
@@ -818,16 +903,16 @@ supplied structure:
to be accepted.
-
- - t - Tunnel ID
- - s - Session ID
- - username
- - auth_allowed - This is already set to true or
+
+ - t
- Tunnel
+
- s
- Session
+
- username
+
- auth_allowed
- This is already set to true or
false depending on whether authentication has been
allowed so far. You can set this to 1 or 0 to force
- allow or disallow authentication
- - protocol (0xC023 for PAP, 0xC223 for CHAP)
-
+ allow or disallow authentication
+ protocol0xC023 for PAP, 0xC223 for CHAP
+
|
packet_rx |
@@ -836,12 +921,12 @@ supplied structure:
seriously slow down the system.
-
- - t - Tunnel ID
- - s - Session ID
- - buf - The raw packet data
- - len - The length of buf
-
+
+ - t
- Tunnel
+
- s
- Session
+
- buf
- The raw packet data
+
- len
- The length of buf
+
|
packet_tx |
@@ -850,12 +935,12 @@ supplied structure:
seriously slow down the system.
-
- - t - Tunnel ID
- - s - Session ID
- - buf - The raw packet data
- - len - The length of buf
-
+
+ - t
- Tunnel
+
- s
- Session
+
- buf
- The raw packet data
+
- len
- The length of buf
+
|
timer |
@@ -864,9 +949,9 @@ supplied structure:
you do is reentrant.
-
- - time_now - The current unix timestamp
-
+
+ - time_now
- The current unix timestamp
+
|
new_session |
@@ -874,10 +959,10 @@ supplied structure:
session is now ready to handle traffic.
-
- - t - Tunnel ID
- - s - Session ID
-
+
+ - t
- Tunnel
+
- s
- Session
+
|
kill_session |
@@ -885,10 +970,10 @@ supplied structure:
This may be called multiple times for the same session.
-
- - t - Tunnel ID
- - s - Session ID
-
+
+ - t
- Tunnel
+
- s
- Session
+
|
radius_response |
@@ -898,12 +983,24 @@ supplied structure:
modules.
-
- - t - Tunnel ID
- - s - Session ID
- - key
- - value
-
+
+ - t
- Tunnel
+
- s
- Session
+
- key
+
- value
+
+ |
+
+ radius_reset |
+ This is called whenever a RADIUS CoA request is
+ received to reset any options to default values before
+ the new values are applied.
+ |
+
+
+ - t
- Tunnel
+
- s
- Session
+
|
control |
@@ -912,21 +1009,13 @@ supplied structure:
required.
-
- - buf - The raw packet data
- - l - The raw packet data length
- - source_ip - Where the request came from
- - source_port - Where the request came from
- - response - Allocate a buffer and put your response in here
- - response_length - Length of response
- - send_response - true or false whether a response
- should be sent. If you set this to true, you must
- allocate a response buffer.
- - type - Type of request (see nsctl.c)
- - id - ID of request
- - data - I'm really not sure
- - data_length - Length of data
-
+
+ - iam_master
- Cluster master status
+
- argc
- The number of arguments
+
- argv
- Arguments
+
- response
- Return value: NSCTL_RES_OK or NSCTL_RES_ERR
+
- additional
- Extended response text
+
|