1xl2tpd.conf(5) File Formats Manual xl2tpd.conf(5)
2
6 xl2tpd.conf - L2TPD configuration file
7
9 The xl2tpd.conf file contains configuration information for xl2tpd, the
10 free implementation of l2tp protocol.
11 The configuration file is composed of sections and parameters. Each
13 section has a given name which will be used when using the configura‐
14 tion FIFO (normally /var/run/xl2tpd/l2tp-control). See xl2tpd.8 for
15 more details.
16 The specific given name default will specify parameters applicable for
18 all the following sections.
19
22 auth file
23 Specify where to find the authentication file used to authenti‐
24 cate l2tp tunnels. The default is /etc/xl2tpd/l2tp-secrets.
25 ipsec saref
28 Use IPsec Security Association tracking. When this is enabled,
29 packets received by xl2tpd should have two extra fields (refme
30 and refhim) which allows tracking of multiple clients using the
31 same internal NATed IP address, and allows tracking of multiple
32 clients behind the same NAT router. This needs to be supported
33 by the kernel. Currently, this only works with Openswan KLIPS in
34 "mast" mode. (see http://www.openswan.org/)
35 Set this to yes and the system will provide proper SAref values
37 in the recvmsg() calls.
38 Values can be 'yes' or 'no'. The default is 'no'.
40 saref refinfo
43 When using IPsec Security Association trackinng, a new setsock‐
44 opt is used. Since this is not (yet?) an official Linux kernel
45 option, we got bumped. Openswan upto 2.6.35 for linux kernels
46 up to 2.6.35 used a saref num of 22. Linux 3.6.36+ uses 22 for
47 IP_NODEFRAG. We moved our IP_IPSEC_REFINFO to 30. If not set,
48 the default is to use 30. For older SAref patched kernels, use
49 22.
50 listen-addr
53 The IP address of the interface on which the daemon listens. By
54 default, it listens on INADDR_ANY (0.0.0.0), meaning it listens
55 on all interfaces.
56 port Specify which UDP port xl2tpd should use. The default is 1701.
59 access control
62 If set to 'yes', the xl2tpd process will only accept connections
63 from peers addresses specified in the following sections. The
64 default is 'no'.
65 debug avp
68 Set this to 'yes' to enable syslog output of L2TP AVP debugging
69 information.
70 debug network
73 Set this to 'yes' to enable syslog output of network debugging
74 information.
75 debug packet
78 Set this to 'yes' to enable printing of L2TP packet debugging
79 information. Note: Output goes to STDOUT, so use this only in
80 conjunction with the -D command line option.
81 debug state
84 Set this to 'yes' to enable syslog output of FSM debugging in‐
85 formation.
86 debug tunnel
89 Set this to 'yes' to enable syslog output of tunnel debugging
90 information.
91 max retries
94 Specify how many retries before a tunnel is closed. If there is
95 no tunnel, then stop re-transmitting. The default is 5.
96
99 exclusive
100 If set to 'yes', only one control tunnel will be allowed to be
101 built between 2 peers.
102 (no) ip range
105 Specify the range of IP addresses the LNS will assign to the
106 connecting LAC PPP tunnels. Multiple ranges can be defined. Us‐
107 ing the 'no' statement disallows the use of that particular
108 range. Ranges are defined using the format IP - IP (example:
109 1.1.1.1 - 1.1.1.10). Note that either at least one ip range op‐
110 tion must be given, or you must set assign ip to no.
111 assign ip
114 Set this to 'no' if xl2tpd should not assign IP addresses out of
115 the pool defined with the ip range option. This can be useful
116 if you have some other means to assign IP addresses, e. g. a
117 pppd that supports RADIUS AAA.
118 (no) lac
122 Specify the IP addresses of LAC's which are allowed to connect
123 to xl2tpd acting as a LNS. The format is the same as the ip
124 range option.
125 hidden bit
128 If set to 'yes', xl2tpd will use the AVP hiding feature of L2TP.
129 To get more information about hidden AVP's and AVP in general,
130 refer to rfc2661 (add URL?)
131 local ip
134 Use the following IP as xl2tpd's own IP address.
135 local ip range
138 Specify the range of addresses the LNS will assign as the local
139 address to connecting LAC PPP tunnels. This option is mutually
140 exclusive with the local ip option and is useful in cases where
141 it is desirable to have a unique IP address for each tunnel.
142 Specify the range value exactly like the ip range option. Note
143 that the assign ip option has no effect on this option.
144 length bit
147 If set to 'yes', the length bit present in the l2tp packet pay‐
148 load will be used.
149 (refuse | require) chap
152 Will require or refuse the remote peer to get authenticated via
153 CHAP for the ppp authentication.
154 (refuse | require) pap
157 Will require or refuse the remote peer to get authenticated via
158 PAP for the ppp authentication.
159 (refuse | require) authentication
162 Will require or refuse the remote peer to authenticate itself.
163 unix authentication
166 If set to 'yes', /etc/passwd will be used for remote peer ppp
167 authentication.
168 hostname
171 Will report this as the xl2tpd hostname in negotiation.
172 ppp debug
175 This will enable the debug for pppd.
176 pass peer
179 Pass the peer's IP address to pppd as ipparam. Enabled by de‐
180 fault.
181 pppoptfile
184 Specify the path for a file which contains pppd configuration
185 parameters to be used.
186 call rws
189 This option is deprecated and no longer functions. It used to be
190 used to define the flow control window size for individual L2TP
191 calls or sessions. The L2TP standard (RFC2661) no longer defines
192 flow control or window sizes on calls or sessions.
193 tunnel rws
196 This defines the window size of the control channel. The window
197 size is defined as the number of outstanding unacknowledged
198 packets, not as a number of bytes.
199 flow bits
202 If set to 'yes', sequence numbers will be included in the commu‐
203 nication. The feature to use sequence numbers in sessions is
204 currently broken and does not function.
205 challenge
208 If set to 'yes', use challenge authentication to authenticate
209 peer.
210 rx bps If set, the receive bandwidth maximum will be set to this value
213 tx bps If set, the transmit bandwidth maximum will be set to this value
216
219 The following are LAC specific configuration flags. Most of those de‐
220 scribed in the LNS section may be used in a LAC context, where it makes
221 common sense (essentially l2tp protocols tuning flags and authentica‐
222 tion / ppp related ones).
223 lns Set the dns name or ip address of the LNS to connect to.
226 autodial
229 If set to 'yes', xl2tpd will automatically dial the LAC during
230 startup.
231 redial If set to 'yes', xl2tpd will attempt to redial if the call get
234 disconnected. Note that, if enabled, xl2tpd will keep passwords
235 in memory: a potential security risk.
236 redial timeout
239 Wait X seconds before redial. The redial option must be set to
240 yes to use this option. Defaults to 30 seconds.
241 max redials
244 Will give up redial tries after X attempts.
245
248 /etc/xl2tpd/xl2tpd.conf
249 Configuration file of xl2tpd, used by default.
250 /etc/xl2tpd/l2tp-secrets
253 Secrets file, used by default.
254 /var/run/xl2tpd/l2tp-control
257 Control file, used by default.
258
262 Please use the github project page https://github.com/xelerance/xl2tpd
263 to send bugreports, issues and any other feedback
264
268 xl2tpd(8), xl2tpd-control(8), pppd(8)
269
272 This program is free software; you can redistribute it and/or modify it
273 under the terms of the GNU General Public License as published by the
274 Free Software Foundation; either version 2 of the License, or (at your
275 option) any later version.
276 This program is distributed in the hope that it will be useful, but
278 WITHOUT ANY WARRANTY; without even the implied warranty of MER‐
279 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
280 Public License for more details.
281 You should have received a copy of the GNU General Public License along
283 with this program (see the file LICENSE); if not, see
284 https://www.gnu.org/licenses/, or contact Free Software Foundation,
285 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
286
290 Alexander Dorokhov <alex.dorokhov@gmail.com>
291 Alexander Naumov <alexander_naumov@opensuse.org>
292
296 Forked from l2tpd by Xelerance: https://github.com/xelerance/xl2tpd
297 Michael Richardson <mcr@xelerance.com>
299 Paul Wouters <paul@xelerance.com>
300 Samir Hussain <shussain@xelerance.com>
301 Previous development was hosted at sourceforge (http://www.source‐
304 forge.net/projects/l2tpd) by:
305 Scott Balmos <sbalmos@iglou.com>
307 David Stipp <dstipp@one.net>
308 Jeff McAdams <jeffm@iglou.com>
309 Based off of l2tpd version 0.61. Many thanks to Jacco de Leeuw
312 <jacco2@dds.nl> for maintaining l2tpd.
313 Copyright (C)1998 Adtran, Inc.
314 Mark Spencer <markster@marko.net>
315 Sep 2020 xl2tpd.conf(5)