78 lines
3.9 KiB
Plaintext
78 lines
3.9 KiB
Plaintext
;
|
|
; Sample l2tpd configuration file
|
|
;
|
|
; This example file should give you some idea of how the options for l2tpd
|
|
; should work. The best place to look for a list of all options is in
|
|
; the source code itself, until I have the time to write better documetation :)
|
|
; Specifically, the file "file.c" contains a list of commands at the end.
|
|
;
|
|
; You most definitely don't have to spell out everything as it is done here
|
|
;
|
|
; [global] ; Global parameters:
|
|
; port = 1701 ; * Bind to port 1701
|
|
; auth file = /etc/l2tp/l2tp-secrets ; * Where our challenge secrets are
|
|
; access control = yes ; * Refuse connections without IP match
|
|
; rand source = dev ; Source for entropy for random
|
|
; ; numbers, options are:
|
|
; ; dev - reads of /dev/urandom
|
|
; ; sys - uses rand()
|
|
; ; egd - reads from egd socket
|
|
; ; egd is not yet implemented
|
|
;
|
|
; [lns default] ; Our fallthrough LNS definition
|
|
; exclusive = no ; * Only permit one tunnel per host
|
|
; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
|
|
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
|
|
; ip range = 192.168.0.5 ; * But this one is okay
|
|
; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
|
|
; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
|
|
; no lac = untrusted.marko.net ; * This guy can't connect
|
|
; hidden bit = no ; * Use hidden AVP's?
|
|
; local ip = 192.168.1.2 ; * Our local IP to use
|
|
; length bit = yes ; * Use length bit in payload?
|
|
; require chap = yes ; * Require CHAP auth. by peer
|
|
; refuse pap = yes ; * Refuse PAP authentication
|
|
; refuse chap = no ; * Refuse CHAP authentication
|
|
; refuse authentication = no ; * Refuse authentication altogether
|
|
; require authentication = yes ; * Require peer to authenticate
|
|
; unix authentication = no ; * Use /etc/passwd for auth.
|
|
; name = myhostname ; * Report this as our hostname
|
|
; ppp debug = no ; * Turn on PPP debugging
|
|
; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
|
|
; call rws = 10 ; * RWS for call (-1 is valid)
|
|
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
|
|
; flow bit = yes ; * Include sequence numbers
|
|
; challenge = yes ; * Challenge authenticate peer ;
|
|
;
|
|
; [lac marko] ; Example VPN LAC definition
|
|
; lns = lns.marko.net ; * Who is our LNS?
|
|
; lns = lns2.marko.net ; * A backup LNS (not yet used)
|
|
; redial = yes ; * Redial if disconnected?
|
|
; redial timeout = 15 ; * Wait n seconds between redials
|
|
; max redials = 5 ; * Give up after n consecutive failures
|
|
; hidden bit = yes ; * User hidden AVP's?
|
|
; local ip = 192.168.1.1 ; * Force peer to use this IP for us
|
|
; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
|
|
; length bit = no ; * Use length bit in payload?
|
|
; require pap = no ; * Require PAP auth. by peer
|
|
; require chap = yes ; * Require CHAP auth. by peer
|
|
; refuse pap = yes ; * Refuse PAP authentication
|
|
; refuse chap = no ; * Refuse CHAP authentication
|
|
; refuse authentication = no ; * Refuse authentication altogether
|
|
; require authentication = yes ; * Require peer to authenticate
|
|
; name = marko ; * Report this as our hostname
|
|
; ppp debug = no ; * Turn on PPP debugging
|
|
; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
|
|
; call rws = 10 ; * RWS for call (-1 is valid)
|
|
; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
|
|
; flow bit = yes ; * Include sequence numbers
|
|
; challenge = yes ; * Challenge authenticate peer
|
|
;
|
|
; [lac cisco] ; Another quick LAC
|
|
; lns = cisco.marko.net ; * Required, but can take from default
|
|
; require authentication = yes
|
|
[lac TP_L2TP]
|
|
lns = 192.168.255.10
|
|
; pppoptfile = /etc/ppp/options
|
|
; lns = ppp.rd3.com
|