1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
2: <HTML>
3: <HEAD>
4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
5: <TITLE>L2TP device type commands</TITLE>
6: </HEAD>
7: <BODY text="#000000" bgcolor="#ffffff">
8:
9: <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A>
10: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
11: <b>:</b> <EM>L2TP device type commands</EM><BR>
12: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
13: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
14:
15:
16: <HR NOSHADE>
17: <H2><A NAME="48"></A>5.6. L2TP device type commands<A NAME="l2tp"></A></H2>
18: <p>This chapter describes commands that are specific to L2TP type links.
19: These commands apply to the currently active link, and are only
20: valid if the currently active link has type <b>l2tp</b>.</p>
21: <p>The L2TP protocol utilizes UDP datagrams on port 1701 (and this is
22: the default for <code><em>port</em></code> in the commands below)
23: to create and maintain virtual tunnel between IP peers.
24: One or more independent PPP connections (sessions) can be
25: carried inside this tunnel.</p>
26: <p>Complete L2TP network topology looks like:
27: <pre>
28: client <- some link type -> LAC <- L2TP tunnel -> LNS
29: </pre>
30: </p>
31: <p>LAC is physical level repeater, which receives PPP connection of some
32: type and forwards it to LNS using L2TP protocol. LNS is a PPP endpoint,
33: which receives PPP frames via L2TP tunnel and processes them.</p>
34: <p>In simple case, when physical conversion is not required, topology
35: can be simplified to:
36: <pre>
37: client (LAC emulator) <- L2TP tunnel -> LNS
38: </pre>
39: </p>
40: <p>Mpd is able to operate in both LAC and LNS modes. As LAC mpd supports
41: both simple case LAC emulator and complete LAC topologies. Complete
42: LAC can be configured by joining two physical devices using mpd's
43: repeater functionality.</p>
44: <p>Windows L2TP client uses IPSec encryption for the additional tunnel
45: security. So, to let it connect you must configure IPSec on your
46: MPD router or disable IPSec on Windows by setting registry
47: DWORD value ProhibitIpSec at the key
48: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
49: into "1".</p>
50: <p>
51: <dl>
52:
53: <dt><b><code>set l2tp self <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the local IP address and port for the L2TP connection.
54: There is known implementation bug if this option is not set
55: while accepting incoming connections on the router with multiple
56: IPs and clients are connecting not to the nearest address of
57: this router.</p>
58:
59: <dt><b><code>set l2tp peer <em>ipaddr</em> [ <em>port</em> ]</code></b><dd><p>Sets the peer IP address and port for the L2TP connection.
60: This command applies to both incoming and outgoing connections.
61: For outgoing connections, this command is required in order to
62: specify where to connect to. For incoming connections, this command
63: is optional; if not given, mpd accepts incoming connections from any
64: host. Otherwise, only connections from the stated IP address
65: (and, optionally, port) are allowed.</p>
66:
67: <dt><b><code>set l2tp hostname <em>name</em></code></b><dd><p>Sets the L2TP tunnel local hostname. For server side, only one
68: unique hostname supported for every pair of listening IP (set l2tp self ...)
69: and peer ip (set l2tp peer ...).
70: If several hostnames defined, only the first matching will be used for all
71: incoming connections.</p>
72:
73: <dt><b><code>set l2tp pmask <em>mask</em></code></b><dd><p>Check peer hostname, related to wildcard <code><em>mask</em></code>.
74: Wildcard can contain any shell-like mask, such as "*.myhost.com"
75: Peer can set self hostname with <code><em>set l2tp hostname</em></code> command.</p>
76:
77: <dt><b><code>set l2tp secret <em>secret</em></code></b><dd><p>Sets the L2TP tunnel secret. Used to authenticate tunnel connection
78: and encrypt important control packets avpairs. For server side, only
79: one unique secret supported for every pair of listening IP (set l2tp self ...)
80: and peer ip (set l2tp peer ...).
81: If several secrets defined, only the first matching will be used for all
82: incoming connections.</p>
83: <p>NOTE: This options is not related with usual PPP authentication.
84: Windows client does not support tunnel authentication.</p>
85:
86: <dt><b><code>set l2tp callingnum <em>number</em></code></b><dd>
87: <dt><b><code>set l2tp callednum <em>number</em></code></b><dd><p>Sets the calling and called telephone number to use when initiating a L2TP
88: connection. For most VPN applications this is ignored, but in certain
89: cases an actual phone number is required.
90: The default is the empty string.</p>
91:
92: <dt><b><code>set l2tp enable <em>option ...</em> </code></b><dd>
93: <dt><b><code>set l2tp disable <em>option ...</em> </code></b><dd>
94: <p>Enable and disable L2TP device type options for the link.</p>
95:
96: </dl>
97: </p>
98:
99: <p>The following options are supported:</p>
100: <p>
101: <dl>
102:
103: <dt><b><code>outcall</code></b><dd><p>Inside L2TP tunnel, each individual PPP connection (there may be several),
104: is initiated as either an incoming or an outgoing call.
105: This allows to make an outgoing phone call (by LNS) via a remote access
106: server (LAC), as well as in more common case forward an incoming
107: phone call from an access server (LAC) to a remote L2TP server (LNS).</p>
108: <p>When this option is enabled, mpd will initiate outgoing calls (LNS);
109: otherwise mpd will initiate incoming calls (LAC).</p>
110: <p>The default is disable.</p>
111:
112: <dt><b><code>hidden</code></b><dd><p>When L2TP tunnel secret is configured it is possible hide (encrypt) some
113: control data for additional protection.</p>
114: <p>The default is disable.</p>
115:
116: <dt><b><code>length</code></b><dd><p>By default L2TP uses header Length field for control packets, but not for
117: data packets. This option enables Length field for data packets.
118: This feature enabled may be useful on links where packets padding may
119: happend. Disabling it reduces overhead by 2 bytes per packet.</p>
120: <p>The default is disable.</p>
121:
122: <dt><b><code>dataseq</code></b><dd><p>By default L2TP requires header sequence fields for control packets, but
123: not require them for data packets. This option enables sequence fields for
124: data packets.
125: This feature enabled may be useful on links where packets reordering may
126: happend but it is intolerable. Disabling it reduces overhead by 4 bytes per packet.</p>
127: <p>The default is enable.</p>
128:
129: <dt><b><code>resolve-once</code></b><dd><p>Enables resolving peer address only once, on startup, or on manual
130: typing in CLI.</p>
131: <p>The default is enable.</p>
132: </dl>
133: </p>
134:
135:
136:
137: <HR NOSHADE>
138: <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A>
139: <b>:</b> <A HREF="mpd42.html"><EM>Device Types</EM></A>
140: <b>:</b> <EM>L2TP device type commands</EM><BR>
141: <b>Previous:</b> <A HREF="mpd47.html"><EM>PPTP device type commands</EM></A><BR>
142: <b>Next:</b> <A HREF="mpd49.html"><EM>PPPoE device type commands</EM></A>
143:
144:
145:
146: </BODY>
147: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd48.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc