API tools faq
paste
Advertisement
foriamrootgmail

xl2tpd.conf

foriamrootgmail
Aug 26th, 2014
40
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.83 KB | None | 0 0
raw download clone embed print report
  1. root@DARKSTARVPN:/etc/xl2tpd# cat ./xl2tpd.conf
  2. ;
  3. ; Sample l2tpd configuration file
  4. ;
  5. ; This example file should give you some idea of how the options for l2tpd
  6. ; should work. The best place to look for a list of all options is in
  7. ; the source code itself, until I have the time to write better documetation :)
  8. ; Specifically, the file "file.c" contains a list of commands at the end.
  9. ;
  10. ; You most definitely don't have to spell out everything as it is done here
  11. ;
  12. ; [global] ; Global parameters:
  13. ; port = 1701 ; * Bind to port 1701
  14. ; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are
  15. ; access control = yes ; * Refuse connections without IP match
  16. ; rand source = dev ; Source for entropy for random
  17. ; ; numbers, options are:
  18. ; ; dev - reads of /dev/urandom
  19. ; ; sys - uses rand()
  20. ; ; egd - reads from egd socket
  21. ; ; egd is not yet implemented
  22. ;
  23. ; [lns default] ; Our fallthrough LNS definition
  24. ; exclusive = no ; * Only permit one tunnel per host
  25. ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range
  26. ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
  27. ; ip range = 192.168.0.5 ; * But this one is okay
  28. ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP
  29. ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's
  30. ; no lac = untrusted.marko.net ; * This guy can't connect
  31. ; hidden bit = no ; * Use hidden AVP's?
  32. ; local ip = 192.168.1.2 ; * Our local IP to use
  33. ; length bit = yes ; * Use length bit in payload?
  34. ; require chap = yes ; * Require CHAP auth. by peer
  35. ; refuse pap = yes ; * Refuse PAP authentication
  36. ; refuse chap = no ; * Refuse CHAP authentication
  37. ; refuse authentication = no ; * Refuse authentication altogether
  38. ; require authentication = yes ; * Require peer to authenticate
  39. ; unix authentication = no ; * Use /etc/passwd for auth.
  40. ; name = myhostname ; * Report this as our hostname
  41. ; ppp debug = no ; * Turn on PPP debugging
  42. ; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file
  43. ; call rws = 10 ; * RWS for call (-1 is valid)
  44. ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
  45. ; flow bit = yes ; * Include sequence numbers
  46. ; challenge = yes ; * Challenge authenticate peer ;
  47. ; rx bps = 10000000 ; Receive tunnel speed
  48. ; tx bps = 10000000 ; Transmit tunnel speed
  49. ; bps = 100000 ; Define both receive and transmit speed in one option
  50.  
  51. ; [lac marko] ; Example VPN LAC definition
  52. ; lns = lns.marko.net ; * Who is our LNS?
  53. ; lns = lns2.marko.net ; * A backup LNS (not yet used)
  54. ; redial = yes ; * Redial if disconnected?
  55. ; redial timeout = 15 ; * Wait n seconds between redials
  56. ; max redials = 5 ; * Give up after n consecutive failures
  57. ; hidden bit = yes ; * User hidden AVP's?
  58. ; local ip = 192.168.1.1 ; * Force peer to use this IP for us
  59. ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP
  60. ; length bit = no ; * Use length bit in payload?
  61. ; require pap = no ; * Require PAP auth. by peer
  62. ; require chap = yes ; * Require CHAP auth. by peer
  63. ; refuse pap = yes ; * Refuse PAP authentication
  64. ; refuse chap = no ; * Refuse CHAP authentication
  65. ; refuse authentication = no ; * Refuse authentication altogether
  66. ; require authentication = yes ; * Require peer to authenticate
  67. ; name = marko ; * Report this as our hostname
  68. ; ppp debug = no ; * Turn on PPP debugging
  69. ; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac
  70. ; call rws = 10 ; * RWS for call (-1 is valid)
  71. ; tunnel rws = 4 ; * RWS for tunnel (must be > 0)
  72. ; flow bit = yes ; * Include sequence numbers
  73. ; challenge = yes ; * Challenge authenticate peer
  74. ;
  75. ; [lac cisco] ; Another quick LAC
  76. ; lns = cisco.marko.net ; * Required, but can take from default
  77. ; require authentication = yes
  78. [global]
  79. listen-addr = 10.13.8.251
  80. ;
  81. ; requires openswan-2.5.18 or higher - Also does not yet work in combination
  82. ; with kernel mode l2tp as present in linux 2.6.23+
  83. ; ipsec saref = yes
  84. ; Use refinfo of 22 if using an SAref kernel patch based on openswan 2.6.35 or
  85. ; when using any of the SAref kernel patches for kernels up to 2.6.35.
  86. ; ipsec refinfo = 30
  87. ;
  88. ; works around bug: http://bugs.centos.org/view.php?id=5832
  89.  
  90. force userspace = yes
  91.  
  92. ;
  93. [lns default]
  94. ip range = 10.13.8.6-10.13.8.20
  95. local ip = 10.13.8.5
  96. ; leave chap unspecified for maximum compatibility with windows, iOS, etc
  97. ; require chap = yes
  98. refuse pap = yes
  99. require authentication = yes
  100. name = DARKSTARVPN
  101. ppp debug = yes
  102. pppoptfile = /etc/ppp/options.xl2tpd
  103. length bit = yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!