1xl2tpd.conf(5) xl2tpd.conf(5)
2
3
4
6 xl2tpd.conf - L2TPD configuration file
7
9 The xl2tpd.conf file contains configuration information for xl2tpd, the
10 implementation of l2tp protocol.
11
12 The configuration file is composed of sections and parameters. Each
13 section has a given name which will be used when using the configura‐
14 tion FIFO (normaly /var/run/l2tp-control). See xl2tpd.8 for more
15 details.
16
17 The specific given name default will specify parameters applicables for
18 all the following sections.
19
21 auth file
22 Specify where to find the authentication file used to authenti‐
23 cate l2tp tunnels. The default is /etc/l2tpd/l2tp-secrets.
24
25
26 ipsec saref
27 Use IPsec Security Association trackinng. When this is enabled,
28 packets received by xl2tpd should have to extra fields (refme
29 and refhim) which allows tracking of multiple clients using the
30 same internal NATed IP address, and allows tracking of multiple
31 clients behind the same NAT router. This neds to be supported by
32 the kernel. Currently, this only works with Openswan KLIPS in
33 "mast" mode. (see http://www.openswan.org/)
34
35 Set this to yes and the system will provide proper SAref values
36 in the recvmsg() calls.
37
38 Values can be yes or no. The default is no.
39
40
41 saref refinfo
42 When using IPsec Security Association trackinng, a new setsock‐
43 opt is used. Since this is not (yet?) an official Linux kernel
44 option, we got bumped. Openswan upto 2.6.35 for linux kernels
45 up to 2.6.35 used a saref num of 22. Linux 3.6.36+ uses 22 for
46 IP_NODEFRAG. We moved our IP_IPSEC_REFINFO to 30. If not set,
47 the default is to use 30. For older SAref patched kernels, use
48 22.
49
50
51 listen-addr
52 The IP address of the interface on which the daemon listens. By
53 default, it listens on INADDR_ANY (0.0.0.0), meaning it listens
54 on all interfaces.
55
56
57 port Specify which UDP port xl2tpd should use. The default is 1701.
58
59
60 access control
61 If set to yes, the xl2tpd process will only accept connections
62 from peers addresses specified in the following sections. The
63 default is no.
64
65
66 debug avp
67 Set this to yes to enable syslog output of L2TP AVP debugging
68 information.
69
70
71 debug network
72 Set this to yes to enable syslog output of network debugging
73 information.
74
75
76 debug packet
77 Set this to yes to enable printing of L2TP packet debugging
78 information. Note: Output goes to STDOUT, so use this only in
79 conjunction with the -D command line option.
80
81
82 debug state
83 Set this to yes to enable syslog output of FSM debugging infor‐
84 mation.
85
86
87 debug tunnel
88 Set this to yes to enable syslog output of tunnel debugging
89 information.
90
91
93 exclusive
94 If set to yes, only one control tunnel will be allowed to be
95 built between 2 peers. CHECK
96
97
98 (no) ip range
99 Specify the range of ip addresses the LNS will assign to the
100 connecting LAC PPP tunnels. Multiple ranges can be defined.
101 Using the 'no' statement disallows the use of that particular
102 range. Ranges are defined using the format IP - IP (example:
103 1.1.1.1 - 1.1.1.10). Note that either at least one ip range
104 option must be given, or you must set assign ip to no.
105
106
107 assign ip
108 Set this to no if xl2tpd should not assign IP addresses out of
109 the pool defined with the ip range option. This can be useful
110 if you have some other means to assign IP addresses, e. g. a
111 pppd that supports RADIUS AAA.
112
113
114
115 (no) lac
116 Specify the ip addresses of LAC's which are allowed to connect
117 to xl2tpd acting as a LNS. The format is the same as the ip
118 range option.
119
120
121 hidden bit
122 If set to yes, xl2tpd will use the AVP hiding feature of L2TP.
123 To get more information about hidden AVP's and AVP in general,
124 refer to rfc2661 (add URL?)
125
126
127 local ip
128 Use the following IP as xl2tpd's own ip address.
129
130
131 length bit
132 If set to yes, the length bit present in the l2tp packet payload
133 will be used.
134
135
136 (refuse | require) chap
137 Will require or refuse the remote peer to get authenticated via
138 CHAP for the ppp authentication.
139
140
141 (refuse | require) pap
142 Will require or refuse the remote peer to get authenticated via
143 PAP for the ppp authentication.
144
145
146 (refuse | require) authentication
147 Will require or refuse the remote peer to authenticate itself.
148
149
150 unix authentication
151 If set to yes, /etc/passwd will be used for remote peer ppp
152 authentication.
153
154
155 hostname
156 Will report this as the xl2tpd hostname in negociation.
157
158
159 ppp debug
160 This will enable the debug for pppd.
161
162
163 pppoptfile
164 Specify the path for a file which contains pppd configuration
165 parameters to be used.
166
167
168 call rws
169 This option is deprecated and no longer functions. It used to
170 be used to define the flow control window size for individual
171 L2TP calls or sessions. The L2TP standard (RFC2661) no longer
172 defines flow control or window sizes on calls or sessions.
173
174
175 tunnel rws
176 This defines the window size of the control channel. The window
177 size is defined as the number of outstanding unacknowledged
178 packets, not as a number of bytes.
179
180
181 flow bits
182 If set to yes, sequence numbers will be included in the communi‐
183 cation. The feature to use sequence numbers in sessions is cur‐
184 rently broken and does not function.
185
186
187 challenge
188 If set to yes, use challenge authentication to authenticate
189 peer.
190
191
192 rx bps If set, the receive bandwidth maximum will be set to this value
193
194
195 tx bps If set, the transmit bandwidth maximum will be set to this value
196
197
199 The following are LAC specific configuration flags. Most of those
200 described in the LNS section may be used in a LAC context, where it
201 make common sense (essentially l2tp procotols tuning flags and authen‐
202 tication / ppp related ones).
203
204
205 lns Set the dns name or ip address of the LNS to connect to.
206
207
208 redial If set to yes, xl2tpd will attempts to redial if the call get
209 disconected.
210
211
212 redial timeout
213 Wait X seconds before redial. The redial option must be set to
214 yes to use this option.
215
216
217 max redial
218 Will give up redial tries after X attempts.
219
220
222 /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/l2tp-secrets
223 /var/run/xl2tpd/l2tp-control
224
226 Please address bugs and comment to xl2tpd-dev@xelerance.com
227
229 xl2tpd(8)
230
232 Forked from xl2tpd by Xelerance (http://www.xelerance.com/soft‐
233 ware/xl2tpd/
234
235 Michael Richardson <mcr@xelerance.com> Paul Wouters <paul@xeler‐
236 ance.com>
237
238 Many thanks to Jacco de Leeuw <jacco2@dds.nl> for maintaining l2tpd.
239
240
241 Previous development was hosted at sourceforge (http://www.source‐
242 forge.net/projects/l2tpd) by:
243
244 Scott Balmos <sbalmos@iglou.com>
245 David Stipp <dstipp@one.net>
246 Jeff McAdams <jeffm@iglou.com>
247
248
249 Based off of l2tpd version 0.60
250 Copyright (C)1998 Adtran, Inc.
251 Mark Spencer <markster@marko.net>
252
253
254
255Jean-Francois Dive xl2tpd.conf(5)