Annotation of embedaddon/mpd/doc/mpd48.html, revision 1.1
1.1 ! misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
! 2: <HTML>
! 3: <HEAD>
! 4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
! 5: <TITLE>L2TP device type commands</TITLE>
! 6: </HEAD>
! 7: <BODY text="#000000" bgcolor="#ffffff">
! 8:
! 9: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 10: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
! 11: <b>:</b> <EM>L2TP device type commands</EM><BR>
! 12: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
! 13: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
! 14:
! 15:
! 16: <HR NOSHADE>
! 17: <H2><A NAME="48"></A>5.6. L2TP device type commands<A NAME="l2tp"></A></H2>
! 18: <p>This chapter describes commands that are specific to L2TP type links.
! 19: These commands apply to the currently active link, and are only
! 20: valid if the currently active link has type <b>l2tp</b>.</p>
! 21: <p>The L2TP protocol utilizes UDP datagrams on port 1701 (and this is
! 22: the default for <code><em>port</em></code> in the commands below)
! 23: to create and maintain virtual tunnel between IP peers.
! 24: One or more independent PPP connections (sessions) can be
! 25: carried inside this tunnel.</p>
! 26: <p>Complete L2TP network topology looks like:
! 27: <pre>
! 28: client <- some link type -> LAC <- L2TP tunnel -> LNS
! 29: </pre>
! 30: </p>
! 31: <p>LAC is physical level repeater, which receives PPP connection of some
! 32: type and forwards it to LNS using L2TP protocol. LNS is a PPP endpoint,
! 33: which receives PPP frames via L2TP tunnel and processes them.</p>
! 34: <p>In simple case, when physical conversion is not required, topology
! 35: can be simplified to:
! 36: <pre>
! 37: client (LAC emulator) <- L2TP tunnel -> LNS
! 38: </pre>
! 39: </p>
! 40: <p>Mpd is able to operate in both LAC and LNS modes. As LAC mpd supports
! 41: both simple case LAC emulator and complete LAC topologies. Complete
! 42: LAC can be configured by joining two physical devices using mpd's
! 43: repeater functionality.</p>
! 44: <p>Windows L2TP client uses IPSec encryption for the additional tunnel
! 45: security. So, to let it connect you must configure IPSec on your
! 46: MPD router or disable IPSec on Windows by setting registry
! 47: DWORD value ProhibitIpSec at the key
! 48: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
! 49: into "1".</p>
! 50: <p>
! 51: <dl>
! 52:
! 53: <dt><b><code>set l2tp self <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the local IP address and port for the L2TP connection.
! 54: There is known implementation bug if this option is not set
! 55: while accepting incoming connections on the router with multiple
! 56: IPs and clients are connecting not to the nearest address of
! 57: this router.</p>
! 58:
! 59: <dt><b><code>set l2tp peer <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the peer IP address and port for the L2TP connection.
! 60: This command applies to both incoming and outgoing connections.
! 61: For outgoing connections, this command is required in order to
! 62: specify where to connect to. For incoming connections, this command
! 63: is optional; if not given, mpd accepts incoming connections from any
! 64: host. Otherwise, only connections from the stated IP address
! 65: (and, optionally, port) are allowed.</p>
! 66:
! 67: <dt><b><code>set l2tp hostname <em>name</em></code></b><dd><p>Sets the L2TP tunnel local hostname. For server side, only one
! 68: unique hostname supported for every pair of listening IP (set l2tp self ...)
! 69: and peer ip (set l2tp peer ...).
! 70: If several hostnames defined, only the first matching will be used for all
! 71: incoming connections.</p>
! 72:
! 73: <dt><b><code>set l2tp secret <em>secret</em></code></b><dd><p>Sets the L2TP tunnel secret. Used to authenticate tunnel connection
! 74: and encrypt important control packets avpairs. For server side, only
! 75: one unique secret supported for every pair of listening IP (set l2tp self ...)
! 76: and peer ip (set l2tp peer ...).
! 77: If several secrets defined, only the first matching will be used for all
! 78: incoming connections.</p>
! 79: <p>NOTE: This options is not related with usual PPP authentication.
! 80: Windows client does not support tunnel authentication.</p>
! 81:
! 82: <dt><b><code>set l2tp callingnum <em>number</em></code></b><dd>
! 83: <dt><b><code>set l2tp callednum <em>number</em></code></b><dd><p>Sets the calling and called telephone number to use when initiating a L2TP
! 84: connection. For most VPN applications this is ignored, but in certain
! 85: cases an actual phone number is required.
! 86: The default is the empty string.</p>
! 87:
! 88: <dt><b><code>set l2tp enable <em>option ...</em> </code></b><dd>
! 89: <dt><b><code>set l2tp disable <em>option ...</em> </code></b><dd>
! 90: <p>Enable and disable L2TP device type options for the link.</p>
! 91:
! 92: </dl>
! 93: </p>
! 94:
! 95: <p>The following options are supported:</p>
! 96: <p>
! 97: <dl>
! 98:
! 99: <dt><b><code>outcall</code></b><dd><p>Inside L2TP tunnel, each individual PPP connection (there may be several),
! 100: is initiated as either an incoming or an outgoing call.
! 101: This allows to make an outgoing phone call (by LNS) via a remote access
! 102: server (LAC), as well as in more common case forward an incoming
! 103: phone call from an access server (LAC) to a remote L2TP server (LNS).</p>
! 104: <p>When this option is enabled, mpd will initiate outgoing calls (LNS);
! 105: otherwise mpd will initiate incoming calls (LAC).</p>
! 106: <p>The default is disable.</p>
! 107:
! 108: <dt><b><code>hidden</code></b><dd><p>When L2TP tunnel secret is configured it is possible hide (encrypt) some
! 109: control data for additional protection.</p>
! 110: <p>The default is disable.</p>
! 111:
! 112: <dt><b><code>length</code></b><dd><p>By default L2TP uses header Length field for control packets, but not for
! 113: data packets. This option enables Length field for data packets.
! 114: This feature enabled may be useful on links where packets padding may
! 115: happend. Disabling it reduces overhead by 2 bytes per packet.</p>
! 116: <p>The default is disable.</p>
! 117:
! 118: <dt><b><code>dataseq</code></b><dd><p>By default L2TP requires header sequence fields for control packets, but
! 119: not require them for data packets. This option enables sequence fields for
! 120: data packets.
! 121: This feature enabled may be useful on links where packets reordering may
! 122: happend but it is intolerable. Disabling it reduces overhead by 4 bytes per packet.</p>
! 123: <p>The default is enable.</p>
! 124:
! 125: <dt><b><code>resolve-once</code></b><dd><p>Enables resolving peer address only once, on startup, or on manual
! 126: typing in CLI.</p>
! 127: <p>The default is enable.</p>
! 128: </dl>
! 129: </p>
! 130:
! 131:
! 132:
! 133: <HR NOSHADE>
! 134: <A HREF="mpd.html"><EM>Mpd 5.6 User Manual</EM></A>
! 135: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
! 136: <b>:</b> <EM>L2TP device type commands</EM><BR>
! 137: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
! 138: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
! 139:
! 140:
! 141:
! 142: </BODY>
! 143: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd48.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc