Annotation of embedaddon/mpd/doc/mpd48.html, revision 1.1.1.2
1.1 misho 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>L2TP device type commands</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
1.1.1.2 ! misho 9: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1 misho 10: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
11: <b>:</b> <EM>L2TP device type commands</EM><BR>
12: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="48"></A>5.6. L2TP device type commands<A NAME="l2tp"></A></H2>
18: <p>This chapter describes commands that are specific to L2TP type links.
19: These commands apply to the currently active link, and are only
20: valid if the currently active link has type <b>l2tp</b>.</p>
21: <p>The L2TP protocol utilizes UDP datagrams on port 1701 (and this is
22: the default for <code><em>port</em></code> in the commands below)
23: to create and maintain virtual tunnel between IP peers.
24: One or more independent PPP connections (sessions) can be
25: carried inside this tunnel.</p>
26: <p>Complete L2TP network topology looks like:
27: <pre>
28: client <- some link type -> LAC <- L2TP tunnel -> LNS
29: </pre>
30: </p>
31: <p>LAC is physical level repeater, which receives PPP connection of some
32: type and forwards it to LNS using L2TP protocol. LNS is a PPP endpoint,
33: which receives PPP frames via L2TP tunnel and processes them.</p>
34: <p>In simple case, when physical conversion is not required, topology
35: can be simplified to:
36: <pre>
37: client (LAC emulator) <- L2TP tunnel -> LNS
38: </pre>
39: </p>
40: <p>Mpd is able to operate in both LAC and LNS modes. As LAC mpd supports
41: both simple case LAC emulator and complete LAC topologies. Complete
42: LAC can be configured by joining two physical devices using mpd's
43: repeater functionality.</p>
44: <p>Windows L2TP client uses IPSec encryption for the additional tunnel
45: security. So, to let it connect you must configure IPSec on your
46: MPD router or disable IPSec on Windows by setting registry
47: DWORD value ProhibitIpSec at the key
48: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
49: into "1".</p>
50: <p>
51: <dl>
52:
53: <dt><b><code>set l2tp self <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the local IP address and port for the L2TP connection.
54: There is known implementation bug if this option is not set
55: while accepting incoming connections on the router with multiple
56: IPs and clients are connecting not to the nearest address of
57: this router.</p>
58:
59: <dt><b><code>set l2tp peer <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the peer IP address and port for the L2TP connection.
60: This command applies to both incoming and outgoing connections.
61: For outgoing connections, this command is required in order to
62: specify where to connect to. For incoming connections, this command
63: is optional; if not given, mpd accepts incoming connections from any
64: host. Otherwise, only connections from the stated IP address
65: (and, optionally, port) are allowed.</p>
66:
67: <dt><b><code>set l2tp hostname <em>name</em></code></b><dd><p>Sets the L2TP tunnel local hostname. For server side, only one
68: unique hostname supported for every pair of listening IP (set l2tp self ...)
69: and peer ip (set l2tp peer ...).
70: If several hostnames defined, only the first matching will be used for all
71: incoming connections.</p>
72:
73: <dt><b><code>set l2tp secret <em>secret</em></code></b><dd><p>Sets the L2TP tunnel secret. Used to authenticate tunnel connection
74: and encrypt important control packets avpairs. For server side, only
75: one unique secret supported for every pair of listening IP (set l2tp self ...)
76: and peer ip (set l2tp peer ...).
77: If several secrets defined, only the first matching will be used for all
78: incoming connections.</p>
79: <p>NOTE: This options is not related with usual PPP authentication.
80: Windows client does not support tunnel authentication.</p>
81:
82: <dt><b><code>set l2tp callingnum <em>number</em></code></b><dd>
83: <dt><b><code>set l2tp callednum <em>number</em></code></b><dd><p>Sets the calling and called telephone number to use when initiating a L2TP
84: connection. For most VPN applications this is ignored, but in certain
85: cases an actual phone number is required.
86: The default is the empty string.</p>
87:
88: <dt><b><code>set l2tp enable <em>option ...</em> </code></b><dd>
89: <dt><b><code>set l2tp disable <em>option ...</em> </code></b><dd>
90: <p>Enable and disable L2TP device type options for the link.</p>
91:
92: </dl>
93: </p>
94:
95: <p>The following options are supported:</p>
96: <p>
97: <dl>
98:
99: <dt><b><code>outcall</code></b><dd><p>Inside L2TP tunnel, each individual PPP connection (there may be several),
100: is initiated as either an incoming or an outgoing call.
101: This allows to make an outgoing phone call (by LNS) via a remote access
102: server (LAC), as well as in more common case forward an incoming
103: phone call from an access server (LAC) to a remote L2TP server (LNS).</p>
104: <p>When this option is enabled, mpd will initiate outgoing calls (LNS);
105: otherwise mpd will initiate incoming calls (LAC).</p>
106: <p>The default is disable.</p>
107:
108: <dt><b><code>hidden</code></b><dd><p>When L2TP tunnel secret is configured it is possible hide (encrypt) some
109: control data for additional protection.</p>
110: <p>The default is disable.</p>
111:
112: <dt><b><code>length</code></b><dd><p>By default L2TP uses header Length field for control packets, but not for
113: data packets. This option enables Length field for data packets.
114: This feature enabled may be useful on links where packets padding may
115: happend. Disabling it reduces overhead by 2 bytes per packet.</p>
116: <p>The default is disable.</p>
117:
118: <dt><b><code>dataseq</code></b><dd><p>By default L2TP requires header sequence fields for control packets, but
119: not require them for data packets. This option enables sequence fields for
120: data packets.
121: This feature enabled may be useful on links where packets reordering may
122: happend but it is intolerable. Disabling it reduces overhead by 4 bytes per packet.</p>
123: <p>The default is enable.</p>
124:
125: <dt><b><code>resolve-once</code></b><dd><p>Enables resolving peer address only once, on startup, or on manual
126: typing in CLI.</p>
127: <p>The default is enable.</p>
128: </dl>
129: </p>
130:
131:
132:
133: <HR NOSHADE>
1.1.1.2 ! misho 134: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1 misho 135: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
136: <b>:</b> <EM>L2TP device type commands</EM><BR>
137: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
138: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
139:
140:
141:
142: </BODY>
143: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>