X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/fa3a21e4a815106d785c6bd78fbecce76077854f..973c5fd008fec1a71bc8c50e2a2782e10995d485:/Docs/manual.html diff --git a/Docs/manual.html b/Docs/manual.html index b95858b..1395e3a 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -56,6 +56,7 @@ H3 {
  • Filtering
  • Clustering
  • Routing
  • +
  • Avoiding Fragmentation
  • Performance
  • @@ -191,14 +192,6 @@ user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. -
  • save_state (boolean)
    -When l2tpns receives a STGTERM it will write out its current -ip_address_pool, session and tunnel tables to disk prior to exiting to -be re-loaded at startup. The validity of this data is obviously quite -short and the intent is to allow an sessions to be retained over a -software upgrade. -
  • -
  • primary_radius (ip address)
  • secondary_radius (ip address)
    Sets the RADIUS servers used for both authentication and accounting. @@ -231,6 +224,17 @@ This secret will be used in all RADIUS queries. If this is not set then RADIUS queries will fail.
  • +
  • radius_authtypes (string)
    +A comma separated list of supported RADIUS authentication methods +(pap or chap), in order of preference (default pap). +
  • + +
  • allow_duplicate_users (boolean)
    +Allow multiple logins with the same username. If false (the default), +any prior session with the same username will be dropped when a new +session is established. +
  • +
  • bind_address (ip address)
    When the tun interface is created, it is assigned the address specified here. If no address is given, 1.1.1.1 is used. Packets @@ -282,10 +286,6 @@ second. Even if this is disabled, you can see this information by running the uptime command on the CLI.
  • -
  • cleanup_interval (int)
    -Interval between regular cleanups (in seconds). -
  • -
  • multi_read_count (int)
    Number of packets to read off each of the UDP and TUN fds when returned as readable by select (default: 10). Avoids incurring the @@ -307,6 +307,13 @@ Keep all pages mapped by the l2tpns process in memory. Maximum number of host unreachable ICMP packets to send per second.
  • +
  • packet_limit (int>
    +Maximum number of packets of downstream traffic to be handled each +tenth of a second per session. If zero, no limit is applied (default: +0). Intended as a DoS prevention mechanism and not a general +throttling control (packets are dropped, not queued). +
  • +
  • cluster_address (ip address)
    Multicast cluster address (default: 239.192.13.13). See the section on Clustering for more information. @@ -325,6 +332,11 @@ Cluster heartbeat timeout in tenths of a second. A new master will be elected when this interval has been passed without seeing a heartbeat from the master.
  • + +
  • cluster_master_min_adv (int)
    +Determines the minumum number of up to date slaves required before the +master will drop routes (default: 1). +
  • BGP routing configuration is entered by the command: @@ -684,16 +696,15 @@ killall -HUP l2tpns The signals understood are: -

    +
    +
    SIGHUP
    Reload the config from disk and re-open log file.
    +
    SIGTERM, SIGINT
    Stop process. Tunnels and sessions are not +terminated. This signal should be used to stop l2tpns on a +cluster node where there are other machines to +continue handling traffic.
    +
    SIGQUIT
    Shut down tunnels and sessions, exit process when +complete.
    +

    Throttling

    @@ -1023,6 +1034,22 @@ ibgp" for IBGP. If this is not supported by your IOS revision, you can use "maximum-paths" (which works for EBGP) and set as_number to a private value such as 64512.

    +

    Avoiding Fragmentation

    + +Fragmentation of encapsulated return packets to the LAC may be avoided +for TCP sessions by adding a firewall rule to clamps the MSS on +outgoing SYN packets. + +The following is appropriate for interfaces with a typical MTU of +1500: + +
    +iptables -A FORWARD -i tun+ -o eth0 	\
    +    -p tcp --tcp-flags SYN,RST SYN	\
    +    -m tcpmss --mss 1413:1600		\
    +    -j TCPMSS --set-mss 1412
    +
    +

    Performance

    Performance is great.