xl2tpd.conf.sample 3.8 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. ;
  2. ; Sample l2tpd configuration file
  3. ;
  4. ; This example file should give you some idea of how the options for l2tpd
  5. ; should work. The best place to look for a list of all options is in
  6. ; the source code itself, until I have the time to write better documetation :)
  7. ; Specifically, the file "file.c" contains a list of commands at the end.
  8. ;
  9. ; You most definitely don't have to spell out everything as it is done here
  10. ;
  11. ; [global] ; Global parameters:
  12. ; port = 1701 ; * Bind to port 1701
  13. ; auth file = /etc/xl2tpd/xl2tp-secrets ; * Where our challenge secrets are
  14. ; access control = yes ; * Refuse connections without IP match
  15. ; rand source = dev ; Source for entropy for random
  16. ; ; numbers, options are:
  17. ; ; dev - reads of /dev/urandom
  18. ; ; sys - uses rand()
  19. ; ; egd - reads from egd socket
  20. ; ; egd is not yet implemented
  21. ;
  22. ; [lns default] ; Our fallthrough LNS definition
  23. ; exclusive = no ; * Only permit one tunnel per host
  24. ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
  25. ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
  26. ; ip range = 192.168.0.5 ; * But this one is okay
  27. ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
  28. ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
  29. ; no lac = untrusted.marko.net ; * This guy can't connect
  30. ; hidden bit = no ; * Use hidden AVP's?
  31. ; local ip = 192.168.1.2 ; * Our local IP to use
  32. ; length bit = yes ; * Use length bit in payload?
  33. ; require chap = yes ; * Require CHAP auth. by peer
  34. ; refuse pap = yes ; * Refuse PAP authentication
  35. ; refuse chap = no ; * Refuse CHAP authentication
  36. ; refuse authentication = no ; * Refuse authentication altogether
  37. ; require authentication = yes ; * Require peer to authenticate
  38. ; unix authentication = no ; * Use /etc/passwd for auth.
  39. ; name = myhostname ; * Report this as our hostname
  40. ; ppp debug = no ; * Turn on PPP debugging
  41. ; pppoptfile = /etc/ppp/options.xl2tpd.lns ; * ppp options file
  42. ; call rws = 10 ; * RWS for call (-1 is valid)
  43. ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
  44. ; flow bit = yes ; * Include sequence numbers
  45. ; challenge = yes ; * Challenge authenticate peer ;
  46. ;
  47. ; [lac marko] ; Example VPN LAC definition
  48. ; lns = lns.marko.net ; * Who is our LNS?
  49. ; lns = lns2.marko.net ; * A backup LNS (not yet used)
  50. ; redial = yes ; * Redial if disconnected?
  51. ; redial timeout = 15 ; * Wait n seconds between redials
  52. ; max redials = 5 ; * Give up after n consecutive failures
  53. ; hidden bit = yes ; * User hidden AVP's?
  54. ; local ip = 192.168.1.1 ; * Force peer to use this IP for us
  55. ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
  56. ; length bit = no ; * Use length bit in payload?
  57. ; require pap = no ; * Require PAP auth. by peer
  58. ; require chap = yes ; * Require CHAP auth. by peer
  59. ; refuse pap = yes ; * Refuse PAP authentication
  60. ; refuse chap = no ; * Refuse CHAP authentication
  61. ; refuse authentication = no ; * Refuse authentication altogether
  62. ; require authentication = yes ; * Require peer to authenticate
  63. ; name = marko ; * Report this as our hostname
  64. ; ppp debug = no ; * Turn on PPP debugging
  65. ; pppoptfile = /etc/ppp/options.xl2tpd.marko ; * ppp options file for this lac
  66. ; call rws = 10 ; * RWS for call (-1 is valid)
  67. ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
  68. ; flow bit = yes ; * Include sequence numbers
  69. ; challenge = yes ; * Challenge authenticate peer
  70. ;
  71. ; [lac cisco] ; Another quick LAC
  72. ; lns = cisco.marko.net ; * Required, but can take from default
  73. ; require authentication = yes