2 ; Sample l2tpd configuration file
4 ; This example file should give you some idea of how the options for l2tpd
5 ; should work. The best place to look for a list of all options is in
6 ; the source code itself, until I have the time to write better documetation :)
7 ; Specifically, the file "file.c" contains a list of commands at the end.
9 ; You most definitely don't have to spell out everything as it is done here
11 ; [global] ; Global parameters:
12 ; port = 1701 ; * Bind to port 1701
13 ; auth file = /etc/xl2tpd/xl2tp-secrets ; * Where our challenge secrets are
14 ; access control = yes ; * Refuse connections without IP match
15 ; rand source = dev ; Source for entropy for random
16 ; ; numbers, options are:
17 ; ; dev - reads of /dev/urandom
19 ; ; egd - reads from egd socket
20 ; ; egd is not yet implemented
22 ; [lns default] ; Our fallthrough LNS definition
23 ; exclusive = no ; * Only permit one tunnel per host
24 ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
25 ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
26 ; ip range = 192.168.0.5 ; * But this one is okay
27 ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
28 ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
29 ; no lac = untrusted.marko.net ; * This guy can't connect
30 ; hidden bit = no ; * Use hidden AVP's?
31 ; local ip = 192.168.1.2 ; * Our local IP to use
32 ; length bit = yes ; * Use length bit in payload?
33 ; require chap = yes ; * Require CHAP auth. by peer
34 ; refuse pap = yes ; * Refuse PAP authentication
35 ; refuse chap = no ; * Refuse CHAP authentication
36 ; refuse authentication = no ; * Refuse authentication altogether
37 ; require authentication = yes ; * Require peer to authenticate
38 ; unix authentication = no ; * Use /etc/passwd for auth.
39 ; name = myhostname ; * Report this as our hostname
40 ; ppp debug = no ; * Turn on PPP debugging
41 ; pppoptfile = /etc/ppp/options.xl2tpd.lns ; * ppp options file
42 ; call rws = 10 ; * RWS for call (-1 is valid)
43 ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
44 ; flow bit = yes ; * Include sequence numbers
45 ; challenge = yes ; * Challenge authenticate peer ;
47 ; [lac marko] ; Example VPN LAC definition
48 ; lns = lns.marko.net ; * Who is our LNS?
49 ; lns = lns2.marko.net ; * A backup LNS (not yet used)
50 ; redial = yes ; * Redial if disconnected?
51 ; redial timeout = 15 ; * Wait n seconds between redials
52 ; max redials = 5 ; * Give up after n consecutive failures
53 ; hidden bit = yes ; * User hidden AVP's?
54 ; local ip = 192.168.1.1 ; * Force peer to use this IP for us
55 ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
56 ; length bit = no ; * Use length bit in payload?
57 ; require pap = no ; * Require PAP auth. by peer
58 ; require chap = yes ; * Require CHAP auth. by peer
59 ; refuse pap = yes ; * Refuse PAP authentication
60 ; refuse chap = no ; * Refuse CHAP authentication
61 ; refuse authentication = no ; * Refuse authentication altogether
62 ; require authentication = yes ; * Require peer to authenticate
63 ; name = marko ; * Report this as our hostname
64 ; ppp debug = no ; * Turn on PPP debugging
65 ; pppoptfile = /etc/ppp/options.xl2tpd.marko ; * ppp options file for this lac
66 ; call rws = 10 ; * RWS for call (-1 is valid)
67 ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
68 ; flow bit = yes ; * Include sequence numbers
69 ; challenge = yes ; * Challenge authenticate peer
71 ; [lac cisco] ; Another quick LAC
72 ; lns = cisco.marko.net ; * Required, but can take from default
73 ; require authentication = yes
projects / packages.git / blob