1xl2tpd.conf(5) xl2tpd.conf(5)
2
3
4
6 xl2tpd.conf - L2TPD configuration file
7
9 The xl2tpd.conf file contains configuration information for xl2tpd, the
10 implementation of l2tp protocol.
11
12 The configuration file is composed of sections and parameters. Each
13 section has a given name which will be used when using the configura‐
14 tion FIFO (normaly /var/run/l2tp-control). See xl2tpd.8 for more
15 details.
16
17 The specific given name default will specify parameters applicables for
18 all the following sections.
19
21 auth file
22 Specify where to find the authentication file used to authenti‐
23 cate l2tp tunnels. The default is /etc/l2tpd/l2tp-secrets.
24
25
26 ipsec saref
27 Use ipsec Security Association trackinng. When this is enabled,
28 packets received by xl2tpd should have to extra fields (refme
29 and refhim) which allows tracking of multiple clients using the
30 same internal NATed IP address, and allows tracking of multiple
31 clients behind the same NAT router. This neds to be supported by
32 the kernel. Currently, this only works with Openswan KLIPS in
33 "mast" mode. (see http://www.openswan.org/)
34
35 Set this to yes and the system will provide proper SAref values
36 in the recvmsg() calls.
37
38 Values can be yes or no. The default is no.
39
40
41 listen-addr
42 The IP address of the interface on which the daemon listens. By
43 default, it listens on INADDR_ANY (0.0.0.0), meaning it listens
44 on all interfaces.
45
46
47 port Specify which UDP port xl2tpd should use. The default is 1701.
48
49
50 access control
51 If set to yes, the xl2tpd process will only accept connections
52 from peers addresses specified in the following sections. The
53 default is no.
54
55
56 debug avp
57 Set this to yes to enable syslog output of L2TP AVP debugging
58 information.
59
60
61 debug network
62 Set this to yes to enable syslog output of network debugging
63 information.
64
65
66 debug packet
67 Set this to yes to enable printing of L2TP packet debugging
68 information. Note: Output goes to STDOUT, so use this only in
69 conjunction with the -D command line option.
70
71
72 debug state
73 Set this to yes to enable syslog output of FSM debugging infor‐
74 mation.
75
76
77 debug tunnel
78 Set this to yes to enable syslog output of tunnel debugging
79 information.
80
81
83 exclusive
84 If set to yes, only one control tunnel will be allowed to be
85 built between 2 peers. CHECK
86
87
88 (no) ip range
89 Specify the range of ip addresses the LNS will assign to the
90 connecting LAC PPP tunnels. Multiple ranges can be defined.
91 Using the 'no' statement disallows the use of that particular
92 range. Ranges are defined using the format IP - IP (example:
93 1.1.1.1 - 1.1.1.10). Note that either at least one ip range
94 option must be given, or you must set assign ip to no.
95
96
97 assign ip
98 Set this to no if xl2tpd should not assign IP addresses out of
99 the pool defined with the ip range option. This can be useful
100 if you have some other means to assign IP addresses, e. g. a
101 pppd that supports RADIUS AAA.
102
103
104
105 (no) lac
106 Specify the ip addresses of LAC's which are allowed to connect
107 to xl2tpd acting as a LNS. The format is the same as the ip
108 range option.
109
110
111 hidden bit
112 If set to yes, xl2tpd will use the AVP hiding feature of L2TP.
113 To get more information about hidden AVP's and AVP in general,
114 refer to rfc2661 (add URL?)
115
116
117 local ip
118 Use the following IP as xl2tpd's own ip address.
119
120
121 length bit
122 If set to yes, the length bit present in the l2tp packet payload
123 will be used.
124
125
126 (refuse | require) chap
127 Will require or refuse the remote peer to get authenticated via
128 CHAP for the ppp authentication.
129
130
131 (refuse | require) pap
132 Will require or refuse the remote peer to get authenticated via
133 PAP for the ppp authentication.
134
135
136 (refuse | require) authentication
137 Will require or refuse the remote peer to authenticate itself.
138
139
140 unix authentication
141 If set to yes, /etc/passwd will be used for remote peer ppp
142 authentication.
143
144
145 hostname
146 Will report this as the xl2tpd hostname in negociation.
147
148
149 ppp debug
150 This will enable the debug for pppd.
151
152
153 pppoptfile
154 Specify the path for a file which contains pppd configuration
155 parameters to be used.
156
157
158 call rws
159 This option is deprecated and no longer functions. It used to
160 be used to define the flow control window size for individual
161 L2TP calls or sessions. The L2TP standard (RFC2661) no longer
162 defines flow control or window sizes on calls or sessions.
163
164
165 tunnel rws
166 This defines the window size of the control channel. The window
167 size is defined as the number of outstanding unacknowledged
168 packets, not as a number of bytes.
169
170
171 flow bits
172 If set to yes, sequence numbers will be included in the communi‐
173 cation. The feature to use sequence numbers in sessions is cur‐
174 rently broken and does not function.
175
176
177 challenge
178 If set to yes, use challenge authentication to authenticate
179 peer.
180
181
182
184 The following are LAC specific configuration flags. Most of those
185 described in the LNS section may be used in a LAC context, where it
186 make common sense (essentially l2tp procotols tuning flags and authen‐
187 tication / ppp related ones).
188
189
190 lns Set the dns name or ip address of the LNS to connect to.
191
192
193 redial If set to yes, xl2tpd will attemps to redial if the call get
194 disconected.
195
196
197 redial timeout
198 Wait X seconds before redial. The redial option must be set to
199 yes to use this option.
200
201
202 max redial
203 Will give up redial tries after X attempts.
204
205
207 /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/l2tp-secrets
208 /var/run/xl2tpd/l2tp-control
209
211 Please address bugs and comment to xl2tpd-dev@xelerance.com
212
214 xl2tpd(8)
215
217 Forked from xl2tpd by Xelerance (http://www.xelerance.com/soft‐
218 ware/xl2tpd/
219
220 Michael Richardson <mcr@xelerance.com> Paul Wouters <paul@xeler‐
221 ance.com>
222
223 Many thanks to Jacco de Leeuw <jacco2@dds.nl> for maintaining l2tpd.
224
225
226 Previous development was hosted at sourceforge (http://www.source‐
227 forge.net/projects/l2tpd) by:
228
229 Scott Balmos <sbalmos@iglou.com>
230 David Stipp <dstipp@one.net>
231 Jeff McAdams <jeffm@iglou.com>
232
233
234 Based off of l2tpd version 0.60
235 Copyright (C)1998 Adtran, Inc.
236 Mark Spencer <markster@marko.net>
237
238
239
240Jean-Francois Dive xl2tpd.conf(5)