diff options
Diffstat (limited to 'configuration/ipoe.html')
| -rw-r--r-- | configuration/ipoe.html | 469 |
1 files changed, 469 insertions, 0 deletions
diff --git a/configuration/ipoe.html b/configuration/ipoe.html new file mode 100644 index 0000000..456f423 --- /dev/null +++ b/configuration/ipoe.html @@ -0,0 +1,469 @@ +<!DOCTYPE html> +<html class="writer-html5" lang="en" data-content_root="../"> +<head> + <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /> + + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <title>[ipoe] — Accel-ppp 1.12 documentation</title> + <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=80d5e7a1" /> + <link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=19f00094" /> + + + <link rel="shortcut icon" href="../_static/favicon.ico"/> + <!--[if lt IE 9]> + <script src="../_static/js/html5shiv.min.js"></script> + <![endif]--> + + <script src="../_static/jquery.js?v=5d32c60e"></script> + <script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script> + <script src="../_static/documentation_options.js?v=2d52a127"></script> + <script src="../_static/doctools.js?v=9a2dae69"></script> + <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> + <script src="../_static/js/theme.js"></script> + <link rel="index" title="Index" href="../genindex.html" /> + <link rel="search" title="Search" href="../search.html" /> + <link rel="next" title="[ip-pool]" href="ip-pool.html" /> + <link rel="prev" title="[l2tp]" href="l2tp.html" /> +</head> + +<body class="wy-body-for-nav"> + <div class="wy-grid-for-nav"> + <nav data-toggle="wy-nav-shift" class="wy-nav-side"> + <div class="wy-side-scroll"> + <div class="wy-side-nav-search" > + + + + <a href="../index.html" class="icon icon-home"> + Accel-ppp + <img src="../_static/logo.png" class="logo" alt="Logo"/> + </a> +<div role="search"> + <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> + <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> +</div> + </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu"> + <p class="caption" role="heading"><span class="caption-text">Contents:</span></p> +<ul class="current"> +<li class="toctree-l1"><a class="reference internal" href="../installation/install.html">Installation</a></li> +<li class="toctree-l1 current"><a class="reference internal" href="configuration.html">Configuration</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="modules.html">[modules]</a></li> +<li class="toctree-l2"><a class="reference internal" href="core.html">[core]</a></li> +<li class="toctree-l2"><a class="reference internal" href="common.html">[common]</a></li> +<li class="toctree-l2"><a class="reference internal" href="radius.html">[radius]</a></li> +<li class="toctree-l2"><a class="reference internal" href="chap_secrets.html">[chap-secrets]</a></li> +<li class="toctree-l2"><a class="reference internal" href="ppp.html">[ppp]</a></li> +<li class="toctree-l2"><a class="reference internal" href="pppoe.html">[pppoe]</a></li> +<li class="toctree-l2"><a class="reference internal" href="pptp.html">[pptp]</a></li> +<li class="toctree-l2"><a class="reference internal" href="l2tp.html">[l2tp]</a></li> +<li class="toctree-l2 current"><a class="current reference internal" href="#">[ipoe]</a><ul> +<li class="toctree-l3"><a class="reference internal" href="#ipoe-configuration-overview">IPoE configuration overview</a></li> +</ul> +</li> +<li class="toctree-l2"><a class="reference internal" href="ip-pool.html">[ip-pool]</a></li> +<li class="toctree-l2"><a class="reference internal" href="sstp.html">[sstp]</a></li> +<li class="toctree-l2"><a class="reference internal" href="dns.html">[dns]</a></li> +<li class="toctree-l2"><a class="reference internal" href="ipv6-dns.html">[ipv6-dns]</a></li> +<li class="toctree-l2"><a class="reference internal" href="ipv6-pool.html">[ipv6-pool]</a></li> +<li class="toctree-l2"><a class="reference internal" href="ipv6-nd.html">[ipv6-nd]</a></li> +<li class="toctree-l2"><a class="reference internal" href="ipv6-dhcp.html">[ipv6-dhcp]</a></li> +<li class="toctree-l2"><a class="reference internal" href="shaper.html">[shaper]</a></li> +<li class="toctree-l2"><a class="reference internal" href="log.html">[log]</a></li> +<li class="toctree-l2"><a class="reference internal" href="cli.html">[cli]</a></li> +<li class="toctree-l2"><a class="reference internal" href="pppd_compat.html">[pppd-compat]</a></li> +<li class="toctree-l2"><a class="reference internal" href="snmp.html">SNMP</a></li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../guides/control_features.html">Control features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../guides/recommendations.html">Recommendations</a></li> +<li class="toctree-l1"><a class="reference internal" href="../guides/BRAS_tuning.html">BRAS tuning</a></li> +<li class="toctree-l1"><a class="reference internal" href="../guides/radius_features.html">RADIUS and DM/CoA features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../examples/examples.html">Examples</a></li> +<li class="toctree-l1"><a class="reference internal" href="../debugging/index.html">Debugging</a></li> +<li class="toctree-l1"><a class="reference internal" href="../debugging/faq.html">FAQ</a></li> +</ul> + + </div> + </div> + </nav> + + <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" > + <i data-toggle="wy-nav-top" class="fa fa-bars"></i> + <a href="../index.html">Accel-ppp</a> + </nav> + + <div class="wy-nav-content"> + <div class="rst-content"> + <div role="navigation" aria-label="Page navigation"> + <ul class="wy-breadcrumbs"> + <li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li> + <li class="breadcrumb-item"><a href="configuration.html">Configuration</a></li> + <li class="breadcrumb-item active">[ipoe]</li> + <li class="wy-breadcrumbs-aside"> + <a href="../_sources/configuration/ipoe.rst.txt" rel="nofollow"> View page source</a> + </li> + </ul> + <hr/> +</div> + <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> + <div itemprop="articleBody"> + + <section id="ipoe"> +<span id="id1"></span><h1>[ipoe]<a class="headerlink" href="#ipoe" title="Link to this heading"></a></h1> +<p>Method authentication users, control sessions and delivery without any tunnel “called” as IPoE (IP over Ethernet). +Accel-ppp support L2 and L3 topologies and start sessions on DHCP Discover or unclassified packet.</p> +<p>Develop auxiliary kernel module for sessions start on unclassified packet and shared interfaces. +This module creates virtual interface, an analogue of ifb and used for sessions shaper and One-to-one NAT.</p> +<p>The difference between L2 and L3. L2 incoming packet will be checked for the mac address set at the session start, and outgoing packets will be sent straight to this mac address without additional ARP requests, which provides protection against IP/mac address spoofing. +In the case of L3, the outgoing packet will be routed according to the established routing rules.</p> +<section id="ipoe-configuration-overview"> +<h2>IPoE configuration overview<a class="headerlink" href="#ipoe-configuration-overview" title="Link to this heading"></a></h2> +<p>Section IPoE contain many flexible customization.</p> +<p><strong>[ipoe]</strong></p> +<dl> +<dt><strong>verbose=0|1</strong></dt><dd><p>Default value is <code class="docutils literal notranslate"><span class="pre">verbose=0</span></code></p> +<p>Writes more detailed logs.</p> +</dd> +<dt><strong>ipv6=0|1</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">ipv6=0</span></code></p> +<p>Activate support ipv6 globally. Also may defined per-interface. Required modules <code class="docutils literal notranslate"><span class="pre">ipv6_nd</span></code>, <code class="docutils literal notranslate"><span class="pre">ipv6_dhcp</span></code> and <code class="docutils literal notranslate"><span class="pre">ipv6pool</span></code> if ipv6 addresses will allocate accel-ppp.</p> +</dd> +<dt><strong>mode=L2|L3</strong></dt><dd><p>By default mode is L2.</p> +<p>Parameter specifies client connectivity mode. <code class="docutils literal notranslate"><span class="pre">mode=L2</span></code> then it means that clients are on same network where interfaces. <code class="docutils literal notranslate"><span class="pre">mode=L3</span></code> means that client are behind some router. Also may defined per-interface.</p> +</dd> +<dt><strong>start=dhcpv4|up|auto</strong></dt><dd><p>By default is not defined. Important to set this.</p> +<p>Parameter specifies which way session starts:</p> +<ul class="simple"> +<li><p><strong>dhcpv4</strong> - start on DHCP Discover.</p></li> +<li><p><strong>up</strong> - unclassified packet.</p></li> +<li><p><strong>auto</strong> - means automatically start session with username=interface name. Use it with conjunction vlan_mon.</p></li> +</ul> +<p>Also may defined per-interface.</p> +</dd> +<dt><strong>lua-file=/path/to/file.lua</strong></dt><dd><p>By default is not defined.</p> +<p>Needs only if used lua functions for create username from packet header information. Often used with DHCP Option 82. Look <a class="reference internal" href="../examples/lua_examples.html#lua-examples"><span class="std std-ref">Lua examples</span></a> for more information.</p> +</dd> +<dt><strong>username=ifname|lua:function</strong></dt><dd><p>By default for DHCP sessions <code class="docutils literal notranslate"><span class="pre">username=ifname</span></code>, for sessions start by unclassified packet (<code class="docutils literal notranslate"><span class="pre">start=up</span></code>) <code class="docutils literal notranslate"><span class="pre">username</span></code> is client ip address.</p> +<p>If <code class="docutils literal notranslate"><span class="pre">username=ifname</span></code> then interface name from which packet was arrived will be used as username.</p> +<p>If <code class="docutils literal notranslate"><span class="pre">username=lua:username</span></code> then lua function with name <code class="docutils literal notranslate"><span class="pre">username</span></code> will be called to construct username from dhcp packet fields. +Also may defined per-interface.</p> +</dd> +<dt><strong>password=username|csid|empty|<string></strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">password=username</span></code> +Specifies how to generate password.</p> +<p>If <code class="docutils literal notranslate"><span class="pre">password=username</span></code> then password will be same as username.</p> +<p>If <code class="docutils literal notranslate"><span class="pre">password=csid</span></code> then password will be same as Calling-Station-Id.</p> +<p>Also you can specify fixed password in <code class="docutils literal notranslate"><span class="pre"><string></span></code> or leave empty.</p> +</dd> +<dt><strong>session-timeout=n</strong></dt><dd><blockquote> +<div><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">session-timeout=0</span></code></p> +</div></blockquote> +<p>Define max sessions time in seconds. After this time session will be terminated. May redefine with radius attribute <strong>Session-Timeout</strong></p> +</dd> +<dt><strong>idle-timeout=n</strong></dt><dd><p>By default is disabled <code class="docutils literal notranslate"><span class="pre">idle-timeout=0</span></code></p> +<p>Specifies timeout in seconds to wait for any packets from client, after this time session will terminated if client don’t send any packet. Often used with <code class="docutils literal notranslate"><span class="pre">mode=L3</span></code>.</p> +</dd> +<dt><strong>lease-time=n</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">lease-time=600</span></code></p> +<p>Specifies lease time in seconds to be sent to DHCP client.</p> +</dd> +<dt><strong>max-lease-time=n</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">max-lease-time=660</span></code></p> +<p>Specifies max lease time in seconds, after this time session will be terminated if client won’t renew it.</p> +</dd> +<dt><strong>renew-time=n</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">renew-time</span></code> calculate as lease-time/2.</p> +<p>Specifies lease renew time (option 58) in seconds to be sent to DHCP client. Might be overwritten by RADIUS attribute DHCP-Renewal-Time.</p> +</dd> +<dt><strong>rebind-time=n</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">rebind-time</span></code> calculate as lease-time/2+lease-time/4+lease-time/8.</p> +<p>Specifies lease rebind time (option 59) in seconds to be sent to DHCP client. Might be overwritten by RADIUS attribute DHCP-Rebinding-Time.</p> +</dd> +<dt><strong>shared=0|1</strong></dt><dd><p>By default is active <code class="docutils literal notranslate"><span class="pre">shared=1</span></code></p> +<p>Specifies where interface is shared by multiple users. If used vlan-per-user need turn this to 0. Also may defined per-interface.</p> +</dd> +<dt><strong>unit-cache=n</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">unit-cache=0</span></code></p> +<p>Specifies number of interfaces to keep in cache. It means that don’t destory interface after corresponding session is destoyed, instead place it to cache and use it later for new sessions repeatedly. Actial only if used shared interfaces.</p> +</dd> +<dt><strong>ip-pool=pool_name</strong></dt><dd><p>By default is not defined.</p> +<p>Specifies ip pool name which accel-ppp will use for allocate client ip address.</p> +</dd> +</dl> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>For use ippool need add this module to <code class="docutils literal notranslate"><span class="pre">[modules]</span></code> section, and sets params on section <code class="docutils literal notranslate"><span class="pre">[ip-pool]</span></code></p> +</div> +<dl> +<dt><strong>ipv6-pool=pool_name</strong></dt><dd><p>By default is not defined.</p> +<p>Specifies ipv6 pool name which accel-ppp will use for allocate client ipv6 prefix.</p> +</dd> +<dt><strong>ipv6-pool-delegate=pool_name</strong></dt><dd><p>By default is not defined.</p> +<p>Specifies ipv6 prefix delegation pool name which accel-ppp will use for allocate client ipv6 prefix delegation.</p> +</dd> +<dt><strong>vlan-mon=[re:]name[,filter]</strong></dt><dd><p>vlan-mon needs for automatically crate vlans interfaces, more often on vlan-per-user schemas. Support regular expression (<strong>re:</strong>). Parameter specifies list of vlans or ranges of vlans to monitor for and may be in following form: vlan-mon=eth1,2,5,10,20-30</p> +</dd> +<dt><strong>vlan-timeout=n</strong></dt><dd><p>By default: <code class="docutils literal notranslate"><span class="pre">vlan-timeout=60</span></code>. +Specifies time on second of vlan inactivity before it will be removed.</p> +</dd> +<dt><strong>vlan-name=pattern</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">vlan-name=%I.%N</span></code></p> +<p>The vlan-name parameter allows you to specify the pattern for the VLAN interface name.</p> +<p>The pattern may include the following macros:</p> +<p><code class="docutils literal notranslate"><span class="pre">%I</span></code>: Represents the name of the parent interface (e.g. ethX, enoX, enpXsY, etc.).</p> +<p><code class="docutils literal notranslate"><span class="pre">%N</span></code>: Represents the number of the VLAN (the latest tag ID). In the case of Q-in-Q, this refers to the C-VLAN.</p> +<p><code class="docutils literal notranslate"><span class="pre">%P</span></code>: Represents the number of the VLAN for the parent interface. In the case of Q-in-Q, this refers to the S-VLAN.</p> +<p>For example, if the parent interface name is eth0 and the VLAN number is 10, the VLAN interface name would be eth0.10 based on the default pattern %I.%N.</p> +<p>Works with interface params and required regular expression.</p> +</dd> +<dt><strong>noauth=0|1</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">noauth=0</span></code> and used RADIUS or chap-secrets authentication.</p> +<p>Allows users to connect without authentication by radius or chap-secrets. For correct work it is necessary to use with ip-pool.</p> +</dd> +<dt><strong>ifcfg=0|1</strong></dt><dd><p>By default is active: <code class="docutils literal notranslate"><span class="pre">ifcfg=1</span></code></p> +<p>Parameter specifies whether accel-ppp should add router IP address and route to client to interface or it is explicitly configured. Also may defined per-interface.</p> +</dd> +<dt><strong>proto=n</strong></dt><dd><p>By default 3 - boot.</p> +<p>Specifies number of protocol to be used for inserted routes. Works only with <code class="docutils literal notranslate"><span class="pre">ifcfg=0</span></code>, when the routes create an accel-ppp, not a kernel. Also need exist gw ip address in the system on any of the interfaces, otherwise an error will be output to the accel-ppp.log</p> +</dd> +</dl> +<div class="admonition-log-output admonition"> +<p class="admonition-title">Log output:</p> +<p>debug: libnetlink: RTNETLINK answers: Invalid argument</p> +</div> +<dl> +<dt><strong>check-mac-change=0|1</strong></dt><dd><p>By default is active: <code class="docutils literal notranslate"><span class="pre">check-mac-change=1</span></code></p> +<p>Terminate session when detects change of mac address of client.</p> +</dd> +<dt><strong>soft-terminate=0|1</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">soft-terminate=0</span></code></p> +<p>When terminating sessions through <code class="docutils literal notranslate"><span class="pre">cli</span></code> or <code class="docutils literal notranslate"><span class="pre">Radius</span> <span class="pre">Disconnect-Message</span></code>, the session will not be terminated immediately, but will be marked as finished and client will continue working, but next time renew lease the session will be terminated. Session will terminate immediately when expired <cite>max-lease-time</cite>. For manually terminate session immediately you may use cli command <code class="docutils literal notranslate"><span class="pre">accel-cmd</span> <span class="pre">terminate</span> <span class="pre"><session</span> <span class="pre">selector></span> <span class="pre">hard</span></code></p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>accel-cmd<span class="w"> </span>terminate<span class="w"> </span><span class="k">if</span><span class="w"> </span>ipoe0<span class="w"> </span>hard +</pre></div> +</div> +<dl> +<dt><strong>l4-redirect-table=n</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">l4-redirect-table=0</span></code></p> +<p>Specifies number of table. If L4-Redirect radius attribute is received and it’s value is not 0 or ‘0’ then accel-ppp will add following rule: ip rule add from <client_ip> table</p> +</dd> +<dt><strong>l4-redirect-ipset=<name></strong></dt><dd><p>By default is not defined.</p> +<blockquote> +<div><p>Specifies name of ipset list. If L4-Redirect radius attribute is received and it’s value is not 0 or ‘0’ then accel-ppp will add client’s ip to that ipset name.</p> +</div></blockquote> +</dd> +<dt><strong>l4-redirect-on-reject=n</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">l4-redirect-on-reject=0</span></code></p> +<p>Specified time in seconds for creating temporary sessions if radius rejects access and ‘ip rule add from ip_addr table l4-redirect-table’ rule will be created.</p> +</dd> +<dt><strong>l4-redirect-ip-pool=pool_name</strong></dt><dd><p>By default is not defined.</p> +<p>Allocates ip address from specified pool name if radius rejects access. Pool must be sets in section <cite>[ip-pool]</cite></p> +</dd> +<dt><strong>agent-remote-id=<identifier></strong></dt><dd><p>By default is not defined.</p> +<p>If accel-ppp used as DHCP relay, than to DHCP requests will inserted Option 82 with agent-remote-id and agent-circuit-id with interface name from which received client request.</p> +</dd> +<dt><strong>local-net=x.x.x.x/mask</strong></dt><dd><p>By default is not defined.</p> +<p>Specifies networks from which packets will be treated as unclassified. Need only for <code class="docutils literal notranslate"><span class="pre">start=up</span></code>. You may specify multiple local-net options. For example:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>local-net<span class="o">=</span><span class="m">100</span>.64.0.0/24 +local-net<span class="o">=</span><span class="m">192</span>.168.0.0/24 +local-net<span class="o">=</span><span class="m">172</span>.16.0.0/24 +</pre></div> +</div> +<dl> +<dt><strong>vendor=<vendor name></strong></dt><dd><p>By default is not defined.</p> +<p>Specifies vendor name for RADIUS attributes in current section. For using RADIUS DHCP attributes, set <code class="docutils literal notranslate"><span class="pre">vendor=dhcp</span></code></p> +</dd> +<dt><strong>attr-dhcp-client-ip=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specified radius attribute which contains ip address for assign to client. Example with existing attribute:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-client-ip<span class="o">=</span>DHCP-Client-IP-Address +</pre></div> +</div> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.</p> +</div> +<dl> +<dt><strong>attr-dhcp-router-ip=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specified radius attribute which contains router ip address for assign to client. Example with existing attribute:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-router-ip<span class="o">=</span>DHCP-Gateway-IP-Address +</pre></div> +</div> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.</p> +</div> +<dl> +<dt><strong>attr-dhcp-mask=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specified radius attribute which contains netmask (CIDR) for assign to client. Example with existing attribute:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-mask<span class="o">=</span>DHCP-Subnet-Mask +</pre></div> +</div> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>If set custom attribute then need add its for both (radius server and accel-ppp) dictionaries.</p> +</div> +<dl> +<dt><strong>attr-dhcp-lease-time=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specified radius attribute which contains lease time in seconds to be sent to DHCP client. This attribute has priority and may redefine value which sets in <code class="docutils literal notranslate"><span class="pre">lease-time</span></code> sets globally.</p> +</dd> +<dt><strong>attr-dhcp-renew-time=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specified radius attribute which contains lease renew time (option 58) in seconds to be sent to DHCP client. This attribute has priority and may redefine value which sets in <code class="docutils literal notranslate"><span class="pre">renew-time</span></code> sets globally.</p> +</dd> +<dt><strong>gw-ip-address=x.x.x.x/mask</strong></dt><dd><p>By default is not defined.</p> +<p>Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options. +For example:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>gw-ip-address<span class="o">=</span><span class="m">100</span>.64.0.1/24 +gw-ip-address<span class="o">=</span><span class="m">192</span>.168.0.1/24 +gw-ip-address<span class="o">=</span><span class="m">172</span>.16.0.0/24 +</pre></div> +</div> +<dl> +<dt><strong>attr-dhcp-opt82=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specifies radius attribute which will contain option 82 from DHCP packet header in binary and send to radius server. +Example:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-opt82<span class="o">=</span>DHCP-Option82 +</pre></div> +</div> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>Need add custom attribute in both radius and accel-ppp dictionaries. By default dictionary is located at <code class="docutils literal notranslate"><span class="pre">/usr/share/accel-ppp/radius/dictionary</span></code> if accel-ppp build as pkg DEB or RPM. Dictionary path may be redefine in section <code class="docutils literal notranslate"><span class="pre">[radius]</span></code>.</p> +<p>Example adding custom attribute:</p> +</div> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>ATTRIBUTE<span class="w"> </span>DHCP-Option82<span class="w"> </span><span class="m">245</span><span class="w"> </span>octets +</pre></div> +</div> +<dl> +<dt><strong>attr-dhcp-opt82-remote-id=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specifies radius attribute which will contain only <strong>Agent Remote Id</strong> from DHCP packet header and send to radius server. Example with existing attribute in dictionary:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-opt82-remote-id<span class="o">=</span>DHCP-Agent-Remote-Id +</pre></div> +</div> +<dl> +<dt><strong>attr-dhcp-opt82-circuit-id=<attribute></strong></dt><dd><p>By default is not defined.</p> +<p>Specifies radius attribute which will contain only <strong>Agent Circuit Id</strong> from DHCP packet header and send to radius server. Example with existing attribute in dictionary:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>attr-dhcp-opt82-circuit-id<span class="o">=</span>DHCP-Agent-Circuit-Id +</pre></div> +</div> +<dl> +<dt><strong>offer-timeout=n</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">offer-timeout=10</span></code></p> +<p>Specified time in seconds which accel-ppp wait DHCP request from client. If client don’t send DHCP request for this time, accel-ppp terminate session.</p> +</dd> +<dt><strong>offer-delay=delay[,delay1:count1[,delay2:count2[,…]]]</strong></dt><dd><p>By default is not defined.</p> +<p>One of load balancing mechanism. specifies delays in milliseconds (also in condition of connection count) to send DHCPOFFER . Last delay in list may be -1 which means don’t accept new connections. List must to be sorted by count key. Example:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span>offer-delay<span class="o">=</span><span class="m">0</span>,100:1000,200:2500,300:5000,400:9999,-1:10000 +</pre></div> +</div> +<div class="admonition-explain admonition"> +<p class="admonition-title">Explain:</p> +<p>Clients from 1 to 999 take DHCP offers without delay, client from 1000 to 2499 take DHCP offers with delay 100 ms, clients from 2500 to 4999 take DHCP offers with delay 200 ms, clients from 5000 to 9999 take DHCP offers with delay 300 ms, last client take DHCP offer with delay 400 ms and accel-ppp no more accept connections.</p> +</div> +<dl> +<dt><strong>weight=n</strong></dt><dd><p>By default not defined:</p> +<p>More modern load balancing mechanism based on weight.</p> +<p>How it works: +On reception of DHCPDISCOVER accel-ppp sends broadcast DHCP message to port 67 with same xid and add special vendor-specific option where encodes its current session count multiplied by weight. On reception of such message accel-ppp searches session with same xid and compares weight. If received weight is less than session’s weight then it terminates this session. +May be used as per-interface.</p> +</dd> +</dl> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>Per-interface weight=0 has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight.</p> +</div> +<dl> +<dt><strong>calling-sid=mac|ip</strong></dt><dd><p>By default <code class="docutils literal notranslate"><span class="pre">calling-sid=mac</span></code></p> +<p>Specifies value of Calling-Station-Id radius attribute.</p> +</dd> +<dt><strong>proxy-arp=0|1|2</strong></dt><dd><p>By default is disabled: <code class="docutils literal notranslate"><span class="pre">proxy-arp=0</span></code></p> +<p>Parameter specifies whether accel-ppp should reply to arp requests. Also may defined per-interface.</p> +<p><code class="docutils literal notranslate"><span class="pre">0</span></code> - proxy-arp disabled.</p> +<p><code class="docutils literal notranslate"><span class="pre">1</span></code> - proxy-arp enabled. Accel send arp-reply if src ip and dst ip on different interfaces (as well as linux proxy_arp).</p> +<p><code class="docutils literal notranslate"><span class="pre">2</span></code> - proxy-arp enabled. Accel send arp-reply back to the same interface (as well as linux proxy_arp_pvlan).</p> +</dd> +</dl> +<div class="admonition-note admonition"> +<p class="admonition-title">Note:</p> +<p>Works only for subnets defined in <cite>local-net</cite> param</p> +</div> +<dl> +<dt><strong>ip-unnumbered=0|1</strong></dt><dd><p>By default is enabled: <code class="docutils literal notranslate"><span class="pre">ip-unnumbered=1</span></code></p> +<p>Specifies should accel-ppp create route for session with netmask /32. May be used as per-interface.</p> +</dd> +<dt><strong>interface=[re:]name</strong></dt><dd><p>By default interface has many params which explain below.</p> +<p>Specifies interface to listen dhcp or unclassified packets. If name is prefixed with <strong>re:</strong> then name is treated as <strong>regular expression</strong>.</p> +<p>May be specify multiple interface options, for example:</p> +</dd> +</dl> +<div class="highlight-sh notranslate"><div class="highlight"><pre><span></span><span class="nv">interface</span><span class="o">=</span>eth0,mode<span class="o">=</span>L3,start<span class="o">=</span>UP,shared<span class="o">=</span><span class="m">1</span> +<span class="nv">interface</span><span class="o">=</span>re:^eth1<span class="se">\.</span><span class="o">[</span><span class="m">0</span>-9<span class="o">]</span>+<span class="se">\.</span><span class="o">[</span><span class="m">0</span>-9<span class="o">][</span><span class="m">0</span>-9<span class="o">][</span><span class="m">0</span>-9<span class="o">]</span>$,mode<span class="o">=</span>L2,shared<span class="o">=</span><span class="m">0</span>,start<span class="o">=</span>dhcpv4,mtu<span class="o">=</span><span class="m">1500</span>,ifcfg<span class="o">=</span><span class="m">1</span> +</pre></div> +</div> +<p>The <code class="docutils literal notranslate"><span class="pre">mode=L2|L3</span></code> parameter specifies client connectivity mode. If <code class="docutils literal notranslate"><span class="pre">mode=L2</span></code> then it means that clients are on same network where interface is. <code class="docutils literal notranslate"><span class="pre">mode=L3</span></code> means that client are behind some router.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">shared=0|1</span></code> parameter specifies where interface is shared by multiple users or it is vlan-per-user.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">start=dhcpv4|up|auto</span></code> parameter specifies which way session starts.</p> +<blockquote> +<div><ul class="simple"> +<li><p><code class="docutils literal notranslate"><span class="pre">dhcpv4</span></code> - start by DHCP Discover packet.</p></li> +<li><p><code class="docutils literal notranslate"><span class="pre">up</span></code> - start by unclassified packet.</p></li> +<li><p><code class="docutils literal notranslate"><span class="pre">auto</span></code> - means automatically start session with <code class="docutils literal notranslate"><span class="pre">username=interface</span></code> name. Use it with conjunction vlan_mon.</p></li> +</ul> +</div></blockquote> +<p>The <code class="docutils literal notranslate"><span class="pre">ipv6</span></code></p> +<p>The <code class="docutils literal notranslate"><span class="pre">mtu=n</span></code> parameter specifies whether accel-ppp should change MTU(maximum transmission unit) on interfaces. By default not set and MTU value inherited from root interface. Often used for vlan-per-user (QinQ).</p> +<p>The <code class="docutils literal notranslate"><span class="pre">range=x.x.x.x/mask</span></code> parameter specifies local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use <code class="docutils literal notranslate"><span class="pre">ip-pool</span></code> instead of <code class="docutils literal notranslate"><span class="pre">range</span></code>.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">ifcfg=0|1</span></code> parameter specifies whether accel-ppp should add router IP address and route to client to interface or it is explicitly configured. By default inheris global <code class="docutils literal notranslate"><span class="pre">ifcfg</span></code> value.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">relay=x.x.x.x</span></code> parameter specifies DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">giaddr=x.x.x.x</span></code> parameter specifies relay agent IP address.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">src=x.x.x.x</span></code> parameter specifies ip address to use as source when adding route to client.</p> +<p>The <code class="docutils literal notranslate"><span class="pre">username=ifname|lua:function_name</span></code> allow set custom LUA function to form username from packet header information. Often used this param on varius BRAS connection type.</p> +<p><code class="docutils literal notranslate"><span class="pre">ipv6=0|1</span></code> will activate support ipv6 on interface. If not defined, inherit global params.</p> +<p><code class="docutils literal notranslate"><span class="pre">weight=n</span></code> is load balancing mechanism based on weight. <code class="docutils literal notranslate"><span class="pre">weight=0</span></code> has special meaning as backup (fail-over) interface, f.e. it terminates session on any received weight.</p> +<dl> +<dt><strong>check-ip=0|1</strong></dt><dd><p>By default is: <code class="docutils literal notranslate"><span class="pre">check-ip=0</span></code></p> +<p>Specifies whether accel-ppp should check if IP already assigned to other ppp or ipoe interface.</p> +</dd> +</dl> +</section> +</section> + + + </div> + </div> + <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer"> + <a href="l2tp.html" class="btn btn-neutral float-left" title="[l2tp]" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a> + <a href="ip-pool.html" class="btn btn-neutral float-right" title="[ip-pool]" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a> + </div> + + <hr/> + + <div role="contentinfo"> + <p>© Copyright 2023, Accel-ppp Dev.</p> + </div> + + Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a + <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> + provided by <a href="https://readthedocs.org">Read the Docs</a>. + + +</footer> + </div> + </div> + </section> + </div> + <script> + jQuery(function () { + SphinxRtdTheme.Navigation.enable(true); + }); + </script> + +</body> +</html>
\ No newline at end of file |