1xl2tpd.conf(5)                                                  xl2tpd.conf(5)
2
3
4

NAME

6       xl2tpd.conf - L2TPD configuration file
7

DESCRIPTION

9       The xl2tpd.conf file contains configuration information for xl2tpd, the
10       implementation of l2tp protocol.
11
12       The configuration file is composed of  sections  and  parameters.  Each
13       section  has  a given name which will be used when using the configura‐
14       tion FIFO (normally /var/run/xl2tpd/l2tp-control).  See  xl2tpd.8   for
15       more details.
16
17       The  specific given name default will specify parameters applicable for
18       all the following sections.
19

GLOBAL SECTION

21       auth file
22              Specify where to find the authentication file used to  authenti‐
23              cate l2tp tunnels. The default is /etc/xl2tpd/l2tp-secrets.
24
25
26       ipsec saref
27              Use  IPsec  Security Association tracking. When this is enabled,
28              packets received by xl2tpd should have to  extra  fields  (refme
29              and  refhim) which allows tracking of multiple clients using the
30              same internal NATed IP address, and allows tracking of  multiple
31              clients  behind  the same NAT router. This needs to be supported
32              by the kernel. Currently, this only works with Openswan KLIPS in
33              "mast" mode. (see http://www.openswan.org/)
34
35              Set  this to yes and the system will provide proper SAref values
36              in the recvmsg() calls.
37
38              Values can be yes or no. The default is no.
39
40
41       saref refinfo
42              When using IPsec Security Association trackinng, a new  setsock‐
43              opt  is used.  Since this is not (yet?) an official Linux kernel
44              option, we got bumped.  Openswan upto 2.6.35 for  linux  kernels
45              up  to 2.6.35 used a saref num of 22.  Linux 3.6.36+ uses 22 for
46              IP_NODEFRAG. We moved our IP_IPSEC_REFINFO to 30.  If  not  set,
47              the  default  is to use 30. For older SAref patched kernels, use
48              22.
49
50
51       listen-addr
52              The IP address of the interface on which the daemon listens.  By
53              default,  it listens on INADDR_ANY (0.0.0.0), meaning it listens
54              on all interfaces.
55
56
57       port   Specify which UDP port xl2tpd should use. The default is 1701.
58
59
60       access control
61              If set to yes, the xl2tpd process will only  accept  connections
62              from  peers  addresses  specified in the following sections. The
63              default is no.
64
65
66       debug avp
67              Set this to yes to enable syslog output of  L2TP  AVP  debugging
68              information.
69
70
71       debug network
72              Set  this  to  yes  to enable syslog output of network debugging
73              information.
74
75
76       debug packet
77              Set this to yes to enable  printing  of  L2TP  packet  debugging
78              information.   Note:  Output goes to STDOUT, so use this only in
79              conjunction with the -D command line option.
80
81
82       debug state
83              Set this to yes to enable syslog output of FSM debugging  infor‐
84              mation.
85
86
87       debug tunnel
88              Set  this  to  yes  to  enable syslog output of tunnel debugging
89              information.
90
91
92       max retries
93              Specify how many retries before a tunnel is closed. If there  is
94              no tunnel, then stop re-transmitting. The default is 5.
95
96

LNS SECTION

98       exclusive
99              If  set  to  yes,  only one control tunnel will be allowed to be
100              built between 2 peers. CHECK
101
102
103       (no) ip range
104              Specify the range of ip addresses the LNS  will  assign  to  the
105              connecting  LAC  PPP  tunnels.  Multiple  ranges can be defined.
106              Using the 'no' statement disallows the use  of  that  particular
107              range.   Ranges  are  defined using the format IP - IP (example:
108              1.1.1.1 - 1.1.1.10).  Note that either at  least  one  ip  range
109              option must be given, or you must set assign ip to no.
110
111
112       assign ip
113              Set  this  to no if xl2tpd should not assign IP addresses out of
114              the pool defined with the ip range option.  This can  be  useful
115              if  you  have  some  other means to assign IP addresses, e. g. a
116              pppd that supports RADIUS AAA.
117
118
119
120       (no) lac
121              Specify the ip addresses of LAC's which are allowed  to  connect
122              to  xl2tpd  acting  as  a  LNS. The format is the same as the ip
123              range option.
124
125
126       hidden bit
127              If set to yes, xl2tpd will use the AVP hiding feature  of  L2TP.
128              To  get  more information about hidden AVP's and AVP in general,
129              refer to rfc2661 (add URL?)
130
131
132       local ip
133              Use the following IP as xl2tpd's own ip address.
134
135
136       local ip range
137              Specify the range of addresses the LNS will assign as the  local
138              address  to connecting LAC PPP tunnels.  This option is mutually
139              exclusive with the local ip option and is useful in cases  where
140              it  is  desirable  to  have a unique IP address for each tunnel.
141              Specify the range value exactly like the ip range option.   Note
142              that the assign ip option has no effect on this option.
143
144
145       length bit
146              If set to yes, the length bit present in the l2tp packet payload
147              will be used.
148
149
150       (refuse | require) chap
151              Will require or refuse the remote peer to get authenticated  via
152              CHAP for the ppp authentication.
153
154
155       (refuse | require) pap
156              Will  require or refuse the remote peer to get authenticated via
157              PAP for the ppp authentication.
158
159
160       (refuse | require) authentication
161              Will require or refuse the remote peer to authenticate itself.
162
163
164       unix authentication
165              If set to yes, /etc/passwd will be  used  for  remote  peer  ppp
166              authentication.
167
168
169       hostname
170              Will report this as the xl2tpd hostname in negotiation.
171
172
173       ppp debug
174              This will enable the debug for pppd.
175
176
177       pass peer
178              Pass  the  peer's  IP  address  to  pppd as ipparam.  Enabled by
179              default.
180
181
182       pppoptfile
183              Specify the path for a file which  contains  pppd  configuration
184              parameters to be used.
185
186
187       call rws
188              This  option  is deprecated and no longer functions.  It used to
189              be used to define the flow control window  size  for  individual
190              L2TP  calls  or sessions.  The L2TP standard (RFC2661) no longer
191              defines flow control or window sizes on calls or sessions.
192
193
194       tunnel rws
195              This defines the window size of the control channel.  The window
196              size  is  defined  as  the  number of outstanding unacknowledged
197              packets, not as a number of bytes.
198
199
200       flow bits
201              If set to yes, sequence numbers will be included in the communi‐
202              cation.  The feature to use sequence numbers in sessions is cur‐
203              rently broken and does not function.
204
205
206       challenge
207              If set to yes,  use  challenge  authentication  to  authenticate
208              peer.
209
210
211       rx bps If set, the receive bandwidth maximum will be set to this value
212
213
214       tx bps If set, the transmit bandwidth maximum will be set to this value
215
216

LAC SECTION

218       The  following  are  LAC  specific  configuration  flags. Most of those
219       described in the LNS section may be used in a  LAC  context,  where  it
220       makes common sense (essentially l2tp protocols tuning flags and authen‐
221       tication / ppp related ones).
222
223
224       lns    Set the dns name or ip address of the LNS to connect to.
225
226
227       autodial
228              If set to yes, xl2tpd will automatically  dial  the  LAC  during
229              startup.
230
231
232       redial If  set  to  yes,  xl2tpd will attempt to redial if the call get
233              disconnected.  Note that, if enabled, xl2tpd will keep passwords
234              in memory: a potential security risk.
235
236
237       redial timeout
238              Wait  X  seconds before redial. The redial option must be set to
239              yes to use this option.  Defaults to 30 seconds.
240
241
242       max redials
243              Will give up redial tries after X attempts.
244
245

FILES

247       /etc/xl2tpd/xl2tpd.conf                        /etc/xl2tpd/l2tp-secrets
248       /var/run/xl2tpd/l2tp-control
249

BUGS

251       Please address bugs and comment to xl2tpdv@lists.xelerance.com
252

SEE ALSO

254       xl2tpd(8)
255

AUTHORS

257       Forked   from   xl2tpd  by  Xelerance  (https://www.xelerance.com/soft
258       ware/xl2tpd/)
259
260       Michael  Richardson  <mcr@xelerance.com>  Paul   Wouters   <paul@xeler‐
261       ance.com>
262
263       Many thanks to Jacco de Leeuw <jacco2@dds.nl> for maintaining l2tpd.
264
265
266       Previous  development  was  hosted  at  sourceforge (http://www.source
267       forge.net/projects/l2tpd) by:
268
269       Scott Balmos <sbalmos@iglou.com>
270       David Stipp <dstipp@one.net>
271       Jeff McAdams <jeffm@iglou.com>
272
273
274       Based off of l2tpd version 0.60
275       Copyright (C)1998 Adtran, Inc.
276       Mark Spencer <markster@marko.net>
277
278
279
280Jean-Francois Dive                                              xl2tpd.conf(5)
Impressum