1;
2; Sample l2tpd configuration file
3;
4; This example file should give you some idea of how the options for l2tpd
5; should work.  The best place to look for a list of all options is in
6; the source code itself, until I have the time to write better documetation :)
7; Specifically, the file "file.c" contains a list of commands at the end.
8;
9; You most definitely don't have to spell out everything as it is done here
10;
11; [global]								; Global parameters:
12; port = 1701						 	; * Bind to port 1701
13; auth file = /etc/l2tp/l2tp-secrets 	; * Where our challenge secrets are
14; access control = yes					; * Refuse connections without IP match
15; rand source = dev                     ; Source for entropy for random
16;                                       ; numbers, options are:
17;                                       ; dev - reads of /dev/urandom
18;                                       ; sys - uses rand()
19;                                       ; egd - reads from egd socket
20;                                       ; egd is not yet implemented
21;
22; [lns default]							; Our fallthrough LNS definition
23; exclusive = no						; * Only permit one tunnel per host
24; ip range = 192.168.0.1-192.168.0.20	; * Allocate from this IP range
25; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
26; ip range = 192.168.0.5				; * But this one is okay
27; ip range = lac1-lac2					; * And anything from lac1 to lac2's IP
28; lac = 192.168.1.4 - 192.168.1.8		; * These can connect as LAC's
29; no lac = untrusted.marko.net			; * This guy can't connect
30; hidden bit = no						; * Use hidden AVP's?
31; local ip = 192.168.1.2				; * Our local IP to use
32; length bit = yes						; * Use length bit in payload?
33; require chap = yes					; * Require CHAP auth. by peer
34; refuse pap = yes						; * Refuse PAP authentication
35; refuse chap = no						; * Refuse CHAP authentication
36; refuse authentication = no			; * Refuse authentication altogether
37; require authentication = yes			; * Require peer to authenticate
38; unix authentication = no				; * Use /etc/passwd for auth.
39; name = myhostname						; * Report this as our hostname
40; ppp debug = no						; * Turn on PPP debugging
41; pppoptfile = /etc/ppp/options.l2tpd.lns	; * ppp options file
42; call rws = 10							; * RWS for call (-1 is valid)
43; tunnel rws = 4						; * RWS for tunnel (must be > 0)
44; flow bit = yes						; * Include sequence numbers
45; challenge = yes						; * Challenge authenticate peer ; 
46;
47; [lac marko]							; Example VPN LAC definition
48; lns = lns.marko.net					; * Who is our LNS?
49; lns = lns2.marko.net					; * A backup LNS (not yet used)
50; redial = yes							; * Redial if disconnected?
51; redial timeout = 15					; * Wait n seconds between redials
52; max redials = 5						; * Give up after n consecutive failures
53; hidden bit = yes						; * User hidden AVP's?
54; local ip = 192.168.1.1				; * Force peer to use this IP for us
55; remote ip = 192.168.1.2				; * Force peer to use this as their IP
56; length bit = no						; * Use length bit in payload?
57; require pap = no						; * Require PAP auth. by peer
58; require chap = yes					; * Require CHAP auth. by peer
59; refuse pap = yes						; * Refuse PAP authentication
60; refuse chap = no						; * Refuse CHAP authentication
61; refuse authentication = no			; * Refuse authentication altogether
62; require authentication = yes			; * Require peer to authenticate
63; name = marko							; * Report this as our hostname
64; ppp debug = no						; * Turn on PPP debugging
65; pppoptfile = /etc/ppp/options.l2tpd.marko	; * ppp options file for this lac
66; call rws = 10							; * RWS for call (-1 is valid)
67; tunnel rws = 4						; * RWS for tunnel (must be > 0)
68; flow bit = yes						; * Include sequence numbers
69; challenge = yes						; * Challenge authenticate peer 
70;
71; [lac cisco]							; Another quick LAC
72; lns = cisco.marko.net					; * Required, but can take from default
73; require authentication = yes			
74