Annotation of embedaddon/mpd/doc/mpd48.html, revision 1.1.1.2

1.1       misho       1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
                      2: <HTML>
                      3: <HEAD>
                      4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
                      5: <TITLE>L2TP device type commands</TITLE>
                      6: </HEAD>
                      7: <BODY text="#000000" bgcolor="#ffffff">
                      8: 
1.1.1.2 ! misho       9: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1       misho      10:  <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
                     11:  <b>:</b> <EM>L2TP device type commands</EM><BR>
                     12: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
                     13: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
                     14: 
                     15: 
                     16: <HR NOSHADE>
                     17:   <H2><A NAME="48"></A>5.6. L2TP device type commands<A NAME="l2tp"></A></H2>
                     18: <p>This chapter describes commands that are specific to L2TP type links.
                     19: These commands apply to the currently active link, and are only
                     20: valid if the currently active link has type <b>l2tp</b>.</p>
                     21: <p>The L2TP protocol utilizes UDP datagrams on port 1701 (and this is 
                     22: the default for <code><em>port</em></code> in the commands below) 
                     23: to create and maintain virtual tunnel between IP peers. 
                     24: One or more independent PPP connections (sessions) can be 
                     25: carried inside this tunnel.</p>
                     26: <p>Complete L2TP network topology looks like:
                     27: <pre>
                     28: client &lt;- some link type -&gt; LAC &lt;- L2TP tunnel -&gt; LNS
                     29: </pre>
                     30: </p>
                     31: <p>LAC is physical level repeater, which receives PPP connection of some 
                     32: type and forwards it to LNS using L2TP protocol. LNS is a PPP endpoint, 
                     33: which receives PPP frames via L2TP tunnel and processes them.</p>
                     34: <p>In simple case, when physical conversion is not required, topology 
                     35: can be simplified to:
                     36: <pre>
                     37: client (LAC emulator) &lt;- L2TP tunnel -&gt; LNS
                     38: </pre>
                     39: </p>
                     40: <p>Mpd is able to operate in both LAC and LNS modes. As LAC mpd supports 
                     41: both simple case LAC emulator and complete LAC topologies. Complete 
                     42: LAC can be configured by joining two physical devices using mpd's
                     43: repeater functionality.</p>
                     44: <p>Windows L2TP client uses IPSec encryption for the additional tunnel 
                     45: security. So, to let it connect you must configure IPSec on your 
                     46: MPD router or disable IPSec on Windows by setting registry 
                     47: DWORD value ProhibitIpSec at the key
                     48: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
                     49: into "1".</p>
                     50: <p>
                     51: <dl>
                     52: 
                     53: <dt><b><code>set l2tp self <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the local IP address and port for the L2TP connection.
                     54: There is known implementation bug if this option is not set 
                     55: while accepting incoming connections on the router with multiple 
                     56: IPs and clients are connecting not to the nearest address of 
                     57: this router.</p>
                     58: 
                     59: <dt><b><code>set l2tp peer <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the peer IP address and port for the L2TP connection.
                     60: This command applies to both incoming and outgoing connections.
                     61: For outgoing connections, this command is required in order to
                     62: specify where to connect to. For incoming connections, this command
                     63: is optional; if not given, mpd accepts incoming connections from any
                     64: host. Otherwise, only connections from the stated IP address
                     65: (and, optionally, port) are allowed.</p>
                     66: 
                     67: <dt><b><code>set l2tp hostname <em>name</em></code></b><dd><p>Sets the L2TP tunnel local hostname. For server side, only one 
                     68: unique hostname supported for every pair of listening IP (set l2tp self ...)
                     69: and peer ip (set l2tp peer ...).
                     70: If several hostnames defined, only the first matching will be used for all
                     71: incoming connections.</p>
                     72: 
                     73: <dt><b><code>set l2tp secret <em>secret</em></code></b><dd><p>Sets the L2TP tunnel secret. Used to authenticate tunnel connection 
                     74: and encrypt important control packets avpairs. For server side, only
                     75: one unique secret supported for every pair of listening IP (set l2tp self ...)
                     76: and peer ip (set l2tp peer ...).
                     77: If several secrets defined, only the first matching will be used for all 
                     78: incoming connections.</p>
                     79: <p>NOTE: This options is not related with usual PPP authentication.
                     80: Windows client does not support tunnel authentication.</p>
                     81: 
                     82: <dt><b><code>set l2tp callingnum <em>number</em></code></b><dd>
                     83: <dt><b><code>set l2tp callednum <em>number</em></code></b><dd><p>Sets the calling and called telephone number to use when initiating a L2TP
                     84: connection. For most VPN applications this is ignored, but in certain
                     85: cases an actual phone number is required.
                     86: The default is the empty string.</p>
                     87: 
                     88: <dt><b><code>set l2tp enable <em>option ...</em> </code></b><dd>
                     89: <dt><b><code>set l2tp disable <em>option ...</em> </code></b><dd>
                     90: <p>Enable and disable L2TP device type options for the link.</p>
                     91: 
                     92: </dl>
                     93: </p>
                     94: 
                     95: <p>The following options are supported:</p>
                     96: <p>
                     97: <dl>
                     98: 
                     99: <dt><b><code>outcall</code></b><dd><p>Inside L2TP tunnel, each individual PPP connection (there may be several), 
                    100: is initiated as either an incoming or an outgoing call. 
                    101: This allows to make an outgoing phone call (by LNS) via a remote access
                    102: server (LAC), as well as in more common case forward an incoming
                    103: phone call from an access server (LAC) to a remote L2TP server (LNS).</p>
                    104: <p>When this option is enabled, mpd will initiate outgoing calls (LNS);
                    105: otherwise mpd will initiate incoming calls (LAC).</p>
                    106: <p>The default is disable.</p>
                    107: 
                    108: <dt><b><code>hidden</code></b><dd><p>When L2TP tunnel secret is configured it is possible hide (encrypt) some
                    109: control data for additional protection.</p>
                    110: <p>The default is disable.</p>
                    111: 
                    112: <dt><b><code>length</code></b><dd><p>By default L2TP uses header Length field for control packets, but not for 
                    113: data packets. This option enables Length field for data packets.
                    114: This feature enabled may be useful on links where packets padding may
                    115: happend. Disabling it reduces overhead by 2 bytes per packet.</p>
                    116: <p>The default is disable.</p>
                    117: 
                    118: <dt><b><code>dataseq</code></b><dd><p>By default L2TP requires header sequence fields for control packets, but
                    119: not require them for data packets. This option enables sequence fields for 
                    120: data packets.
                    121: This feature enabled may be useful on links where packets reordering may
                    122: happend but it is intolerable. Disabling it reduces overhead by 4 bytes per packet.</p>
                    123: <p>The default is enable.</p>
                    124: 
                    125: <dt><b><code>resolve-once</code></b><dd><p>Enables resolving peer address only once, on startup, or on manual
                    126: typing in CLI.</p>
                    127: <p>The default is enable.</p>
                    128: </dl>
                    129: </p>
                    130: 
                    131: 
                    132: 
                    133:  <HR NOSHADE>
1.1.1.2 ! misho     134: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1       misho     135:  <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
                    136:  <b>:</b> <EM>L2TP device type commands</EM><BR>
                    137: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
                    138: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
                    139: 
                    140: 
                    141: 
                    142: </BODY>
                    143: </HTML>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>