1; 2; Sample l2tpd configuration file 3; 4; This example file should give you some idea of how the options for l2tpd 5; should work. The best place to look for a list of all options is in 6; the source code itself, until I have the time to write better documetation :) 7; Specifically, the file "file.c" contains a list of commands at the end. 8; 9; You most definitely don't have to spell out everything as it is done here 10; 11; [global] ; Global parameters: 12; port = 1701 ; * Bind to port 1701 13; auth file = /etc/l2tp/l2tp-secrets ; * Where our challenge secrets are 14; access control = yes ; * Refuse connections without IP match 15; rand source = dev ; Source for entropy for random 16; ; numbers, options are: 17; ; dev - reads of /dev/urandom 18; ; sys - uses rand() 19; ; egd - reads from egd socket 20; ; egd is not yet implemented 21; 22; [lns default] ; Our fallthrough LNS definition 23; exclusive = no ; * Only permit one tunnel per host 24; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range 25; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts 26; ip range = 192.168.0.5 ; * But this one is okay 27; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP 28; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's 29; no lac = untrusted.marko.net ; * This guy can't connect 30; hidden bit = no ; * Use hidden AVP's? 31; local ip = 192.168.1.2 ; * Our local IP to use 32; length bit = yes ; * Use length bit in payload? 33; require chap = yes ; * Require CHAP auth. by peer 34; refuse pap = yes ; * Refuse PAP authentication 35; refuse chap = no ; * Refuse CHAP authentication 36; refuse authentication = no ; * Refuse authentication altogether 37; require authentication = yes ; * Require peer to authenticate 38; unix authentication = no ; * Use /etc/passwd for auth. 39; name = myhostname ; * Report this as our hostname 40; ppp debug = no ; * Turn on PPP debugging 41; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file 42; call rws = 10 ; * RWS for call (-1 is valid) 43; tunnel rws = 4 ; * RWS for tunnel (must be > 0) 44; flow bit = yes ; * Include sequence numbers 45; challenge = yes ; * Challenge authenticate peer ; 46; 47; [lac marko] ; Example VPN LAC definition 48; lns = lns.marko.net ; * Who is our LNS? 49; lns = lns2.marko.net ; * A backup LNS (not yet used) 50; redial = yes ; * Redial if disconnected? 51; redial timeout = 15 ; * Wait n seconds between redials 52; max redials = 5 ; * Give up after n consecutive failures 53; hidden bit = yes ; * User hidden AVP's? 54; local ip = 192.168.1.1 ; * Force peer to use this IP for us 55; remote ip = 192.168.1.2 ; * Force peer to use this as their IP 56; length bit = no ; * Use length bit in payload? 57; require pap = no ; * Require PAP auth. by peer 58; require chap = yes ; * Require CHAP auth. by peer 59; refuse pap = yes ; * Refuse PAP authentication 60; refuse chap = no ; * Refuse CHAP authentication 61; refuse authentication = no ; * Refuse authentication altogether 62; require authentication = yes ; * Require peer to authenticate 63; name = marko ; * Report this as our hostname 64; ppp debug = no ; * Turn on PPP debugging 65; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac 66; call rws = 10 ; * RWS for call (-1 is valid) 67; tunnel rws = 4 ; * RWS for tunnel (must be > 0) 68; flow bit = yes ; * Include sequence numbers 69; challenge = yes ; * Challenge authenticate peer 70; 71; [lac cisco] ; Another quick LAC 72; lns = cisco.marko.net ; * Required, but can take from default 73; require authentication = yes 74