X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/ca4801db5521d0dc9f7c7f854f62f27c55420558..75ba8921cf932ef11ccac40e5f7bf9627f9697e0:/Docs/manual.html?ds=inline diff --git a/Docs/manual.html b/Docs/manual.html index e4cc1a5..65d7f4c 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,6 +56,7 @@ H3 {
  • Filtering
  • Clustering
  • Routing
    • +
  • Avoiding Fragmentation
  • Performance
    • @@ -184,6 +185,13 @@ the same as the LAC, or authentication will fail. Only actually be used if the LAC requests authentication. +
  • ppp_restart_time (int)
    +ppp_max_configure (int)
    +ppp_max_failure (int)
    +PPP counter and timer values, as described in §4.1 of +RFC1661. +
    • +
  • primary_dns (ip address)
  • secondary_dns (ip address)
    Whenever a PPP connection is established, DNS servers will be sent to the @@ -223,6 +231,22 @@ This secret will be used in all RADIUS queries. If this is not set then RADIUS queries will fail.
    • +
  • radius_authtypes (string)
    +A comma separated list of supported RADIUS authentication methods +(pap or chap), in order of preference (default pap). +
    • + +
  • radius_dae_port (short)
    +Port for DAE RADIUS (Packet of Death/Disconnect, Change of Authorization) +requests (default: 3799). +
    • + +
  • allow_duplicate_users (boolean)
    +Allow multiple logins with the same username. If false (the default), +any prior session with the same username will be dropped when a new +session is established. +
    • +
  • bind_address (ip address)
    When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -274,10 +298,6 @@ second. Even if this is disabled, you can see this information by running the uptime command on the CLI.
    • -
  • cleanup_interval (int)
    -Interval between regular cleanups (in seconds). -
    • -
  • multi_read_count (int)
    Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -688,12 +708,15 @@ killall -HUP l2tpns The signals understood are: - +
    +
    SIGHUP
    Reload the config from disk and re-open log file.
    +
    SIGTERM, SIGINT
    Stop process. Tunnels and sessions are not +terminated. This signal should be used to stop l2tpns on a +cluster node where there are other machines to +continue handling traffic.
    +
    SIGQUIT
    Shut down tunnels and sessions, exit process when +complete.
    +

    Throttling

    @@ -806,14 +829,14 @@ supplied structure: some way. - +
    +
    t
    Tunnel +
    s
    Session +
    username +
    password +
    protocol
    0xC023 for PAP, 0xC223 for CHAP +
    continue_auth
    Set to 0 to stop processing authentication modules +
    post_auth @@ -823,16 +846,16 @@ supplied structure: to be accepted. - + allow or disallow authentication +
    protocol
    0xC023 for PAP, 0xC223 for CHAP + packet_rx @@ -841,12 +864,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    packet_tx @@ -855,12 +878,12 @@ supplied structure: seriously slow down the system. - +
    +
    t
    Tunnel +
    s
    Session +
    buf
    The raw packet data +
    len
    The length of buf +
    timer @@ -869,9 +892,9 @@ supplied structure: you do is reentrant. - +
    +
    time_now
    The current unix timestamp +
    new_session @@ -879,10 +902,10 @@ supplied structure: session is now ready to handle traffic. - +
    +
    t
    Tunnel +
    s
    Session +
    kill_session @@ -890,10 +913,10 @@ supplied structure: This may be called multiple times for the same session. - +
    +
    t
    Tunnel +
    s
    Session +
    radius_response @@ -903,12 +926,24 @@ supplied structure: modules. - +
    +
    t
    Tunnel +
    s
    Session +
    key +
    value +
    + + + radius_reset + This is called whenever a RADIUS CoA request is + received to reset any options to default values before + the new values are applied. + + +
    +
    t
    Tunnel +
    s
    Session +
    control @@ -917,21 +952,13 @@ supplied structure: required. - +
    +
    iam_master
    Cluster master status +
    argc
    The number of arguments +
    argv
    Arguments +
    response
    Return value: NSCTL_RES_OK or NSCTL_RES_ERR +
    additional
    Extended response text +
    @@ -1023,6 +1050,22 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    +

    Avoiding Fragmentation

    + +Fragmentation of encapsulated return packets to the LAC may be avoided +for TCP sessions by adding a firewall rule to clamps the MSS on +outgoing SYN packets. + +The following is appropriate for interfaces with a typical MTU of +1500: + +
    +iptables -A FORWARD -i tun+ -o eth0 	\
+    -p tcp --tcp-flags SYN,RST SYN	\
+    -m tcpmss --mss 1413:1600		\
+    -j TCPMSS --set-mss 1412
+
    +

    Performance

    Performance is great.