diff options
Diffstat (limited to 'accel-pppd/accel-ppp.conf.5')
| -rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 384 |
1 files changed, 384 insertions, 0 deletions
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 new file mode 100644 index 00000000..d9aaadb3 --- /dev/null +++ b/accel-pppd/accel-ppp.conf.5 @@ -0,0 +1,384 @@ +.TH ACCEL-PPP.CONF 5 "6 October 2010" +.SH NAME +.B accel-ppp.conf +- ACCEL-PPP VPN daemon configuration +.SH DESCRIPTION +.BR accel-pppd (8) +reads options from this file, usually +.IR /etc/accel-ppp.conf +.TP +Configuration file consists of sections in form: +.TP +[section1] +.br +name1=val1 +.br +name2=val2 +.br +name3 +.TP +[section2] +.br + .... +.br +.SH SECTIONS +.TP +.SH [modules] +containes list of modules to load +.TP +.BI log_file +This is logging target which logs messages to files. It support per-session/per-user features. +.TP +.BI log_tcp +This is logging target which logs messages over TCP/IP. +.TP +.BI log_pgsql +This is logging target which logs messages to PostgreSQL. +.TP +.BI pptp +.br +PPTP controlling connection handling module. +.TP +.BI pppoe +.br +PPPoE discovery stage handling module. +.TP +.BI auth_pap +PAP authentication module. +.TP +.BI auth_chap +CHAP (md5) authentication module. +.TP +.BI auth_mschap_v1 +Microsoft CHAP (version 1) authentication module. +.TP +.BI auth_mschap_v2 +Microsoft CHAP (version 2) authentication module. +.TP +.BI radius +.br +RADIUS interaction module. +.TP +.BI ippool +.br +IP address assigning module. +.TP +.BI sigchld +Helper module to manage child processes, required by pppd_compat +.TP +.BI pppd_compat +This module starts pppd compatible ip-up/ip-down scripts and ip-change to handle RADIUS CoA request. +.TP +.SH [core] +Configuration of core module +.TP +.BI "log-error=" path +Path to file for core module error logging. +.TP +.BI "thread-count=" n +number of working threads, optimal - number of processors/cores +.TP +.SH [ppp] +.br +PPP module configuration. +.TP +.BI "verbose=" n +If n is not zero ppp module will produce verbose logging. +.TP +.BI "min-mtu=" n +Minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. +.TP +.BI "mtu=" n +MTU which will be negotiated if client's MRU will be not acceptable. +.TP +.BI "mru=" n +Prefered MRU. +.TP +.BI "ccp=" n +Disable CCP negotiation if this parameter is zero. +.TP +.TP +.BI "sid-case=" upper|lower +Specifies in which case generate session identifier (default lower). +.TP +.BI "check-ip=" 0|1 +Specifies whether accel-ppp should check if IP already assigned to other ppp interface (default 0). +.TP +.SH [lcp] +.br +PPP LCP module configuration +.TP +.BI "echo-interval=" n +If this option is given and greater then 0 then lcp module will send echo-request every +.B n +seconds. +.TP +.BI "echo-failure=" n +Specifies maximum number of echo-requests may be sent without valid echo-reply, if exceeds connection will be terminated. +.TP +.SH [dns] +.TP +.BI "dns1=" x.x.x.x +Specifies primary DNS to be sent to peer. +.TP +.BI "dns2=" x.x.x.x +Specifies secondary DNS to be sent to peer. +.TP +.SH [client-ip-range] +You have to explicitly specify range of ip address from which clients can connect to server in form: +.br +.B x.x.x.x/mask +(for example 10.0.0.0/8) +.br +.B x.x.x.x-y +(for example 10.0.0.1-254) +.TP +.SH [pptp] +.br +Configuration of PPTP module. +.TP +.BI "bind=" x.x.x.x +If this option is given then pptp server will bind to specified IP address. +.TP +.BI "verbose=" n +If this option is given and +.B n +is greater of zero then pptp module will produce verbose logging. +.TP +.BI "echo-interval=" n +If this option is given and greater then zero then pptp module will send echo-request every +.B n +seconds. +.TP +.BI "echo-failure=" n +Specifies maximum number of echo-requests may be sent without valid echo-reply, if exceeds connection will be terminated. +.TP +.BI "timeout=" n +Timeout waiting reply from client in seconds (default 5). +.TP +.SH [pppoe] +.br +Configuration of PPPoE module. +.TP +.BI "interface=" ethX +Specifies interface name to listen/send discovery packets. You may specify multiple +.B interface +options. +.TP +.BI "ac-name=" ac-name +Specifies AC-Name tag value. If absent tag will not be sent. +.TP +.BI "service-name=" service-name +Specifies Service-Name to respond. If absent any Service-Name is acceptable and client's Service-Name will be sent back. +.TP +.BI "pado-delay=" delay[,delay1:count1[,delay2:count2[,...]]] +Specifies delays (also in condition of connection count) to send PADO (ms). +Last delay in list may be -1 which means don't accept new connections. +List have to be sorted by count key. +.TP +.BI "mac-filter=" filename,type +Specifies mac-filter filename and type, type maybe +.B allow +or +.B deny +.TP +.BI "ifname-in-sid=" called-sid|calling-sid|both +Specifies that interface name should be present in Called-Station-ID or in Calling-Station-ID or in both attributes. +.TP +.BI "verbose=" n +If this option is given and +.B n +is greater of zero then pppoe module will produce verbose logging. +.TP +.SH [l2tp] +.br +Configuration of L2TP module. +.TP +.BI "bind=" x.x.x.x +Specifies IP address to bind. +.TP +.BI "host-name=" string +This name will be sent to clients in Host-Name attribute. +.TP +.BI "hello-interval=" n +Specifies interval (in seconds) to send Hello control message. Its used for keep alive connection. If peer will not respond to Hello connection will be terminated. +.TP +.BI "timeout=" n +Specifies timeout (in seconds) to wait peer completes tunnel and session negotiation. +.TP +.BI "rtimeout=" n +Specifies timeout (in seconds) to wait message acknowledge, if elapsed message retransmition will be performed. +.TP +.BI "retransmit=" n +Specifies maximum number of message retransmission, if exceeds connection will be terminated. +.TP +.BI "verbose=" n +If this option is given and +.B n +is greater of zero then l2tp module will produce verbose logging. +.TP +.SH [radius] +.br +Configuration of RADIUS module. +.TP +.BI "nas-identifier=" identifier +Specifies value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. +.TP +.BI "nas-ip-address=" x.x.x.x +Specifies value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. +Also DM/CoA server will bind to that address. +.TP +.BI "gw-ip-address=" x.x.x.x +Specifies address to use as local address of ppp interfaces if Framed-IP-Address received from RADIUS server. +.TP +.BI "auth-server=" x.x.x.x:port,secret +Specifies IP address, port and secret of authentication RADIUS server. +.TP +.BI "acct-server=" x.x.x.x:port,secret +Specifies IP address, port and secret of accounting RADIUS server. +.TP +.BI "dae-server=" x.x.x.x:port,secret +Specifies IP address, port to bind and secret for Dynamic Authorization Extension server (DM/CoA). +.TP +.BI "dm_coa_secret=" secret (deprecated, use dae-server instead) +Specifies secret to use in DM/CoA communication. +.TP +.BI "acct-interim-interval=" n +Specifies interval in seconds to send accounting information (may be overriden by radius Acct-Interim-Interval attribute) +.TP +.BI "verbose=" n +If this option is given and +.B n +is greater of zero then radius module will produce verbose logging. +.TP +.BI "interim-verbose=" n +If this option is given and +.B n +is greater of zero then radius module will produce verbose logging of interim radius packets. +.TP +.BI "timeout=" n +Timeout to wait response from server (sec) +.TP +.BI "max-try=" n +Specifies number of tries to send Access-Request/Accounting-Request queries. +.TP +.BI "acct-timeout=" n +Specifies timeout of accounting interim update. +.TP +.SH [log] +.br +Configuration of log and log_file modules. +.TP +.BI "log-file=" file +Path to file to write general log. +.TP +.BI "log-emerg=" file +Path to file to write emergency messages. +.TP +.BI "log-tcp=" x.x.x.x:port +Send logs to specified host. +.TP +.BI "copy=" n +If this options is given and greater then zero logging engine will duplicate session log in general log. +(Useful when per-session/per-user logs are not used) +.TP +.BI "per-session-dir=" dir +Directory for session logs. If specified each session will be logged separately to file which name is unique session identifier. +.TP +.BI "per-user-dir=" dir +Directory for user logs. If specified all sessions of same user will be logged to file which name is user name. +.TP +.BI "per-session=" n +If specified and n is greater then zero each session of same user will be logger separately to directory specified by "per-user-dir" +and subdirectory which name is user name and to file which name os unique session identifier. +.TP +.BI "level=" n +Specifies log level which values are: +.br +.B 0 +turn off all logging +.br +.B 1 +log only error messages +.br +.B 2 +log error and warning messages +.br +.B 3 +log error, warning and minimum information messages (use this level in conjuction with verbose option of other modules if you need verbose logging) +.br +.B 4 +log error, warning and full information messages (use this level in conjuction with verbose option of other modules if you need verbose logging) +.br +.B 5 +log all messages including debug messages +.TP +.SH [log-pgsql] +.br +Configuration of log_pgsql module. +.TP +.BI "conninfo=" conninfo +Conninfo to connect to PostgreSQL server. +.TP +.BI "log-table=" table +Table to send log messages. Table must contain following field: +.br +.B timestamp +timestamp +.br +.B username +text +.br +.B sessionid +text +.br +.B msg +text +.TP +.SH [pppd_compat] +.br +Configuration of pppd_compat module. +.TP +.BI "ip-pre-up=" file +Path to ip-pre-up script which is executed before ppp interface comes up, useful to setup firewall rules before any traffic can pass through the interface. +.TP +.BI "ip-up=" file +Path to ip-up script which is executed when ppp interfaces is completly configured and started. +.TP +.BI "ip-down=" file +Path to ip-down script which is executed when session is about to terminate. +.TP +.BI "ip-change=" file +Path to ip-change script which is executed for RADIUS CoA handling. +.TP +.BI "radattr=" prefix +Prefix of radattr files (for example /var/run/radattr, resulting files will be /var/run/radattr.pppX) +.TP +.BI "verbose=" n +If specified and greated then zero pppd_module will produce verbose logging. +.TP +.SH [ip-pool] +.br +Configuration of ippool module. +.TP +.BI "gw-ip-address=" x.x.x.x +Specifies single IP address to be used as local address of ppp interfaces. +.TP +.BI "gw=" range +Specifies range of local address of ppp interfaces if form: +.br +.B x.x.x.x/mask +(for example 10.0.0.0/8) +.br +.B x.x.x.x-y +(for example 10.0.0.1-254) +.TP +.BI "tunnel=" range +Specifies range of remote address of ppp interfaces if form: +.br +.B x.x.x.x/mask +.br +.B x.x.x.x-y +.TP +.BI "x.x.x.x/mask or x.x.x.x-y" +Also specifies range of remote address of ppp interfaces. |