summaryrefslogtreecommitdiff
path: root/accel-pppd/accel-ppp.conf.5
diff options
context:
space:
mode:
authorDmitry Kozlov <xeb@mail.ru>2011-01-05 15:18:59 +0300
committerDmitry Kozlov <xeb@mail.ru>2011-01-05 15:18:59 +0300
commitf28cb1b0a926f1ea98700b7871537ad1793511fd (patch)
treebaf35570bc6b38b6fab5b6524e8f19f58f71e57f /accel-pppd/accel-ppp.conf.5
parent2fdf3586c13a72c36f9530084962e29d57dc0329 (diff)
downloadaccel-ppp-f28cb1b0a926f1ea98700b7871537ad1793511fd.tar.gz
accel-ppp-f28cb1b0a926f1ea98700b7871537ad1793511fd.zip
rename accel-pptp to accel-ppp
Diffstat (limited to 'accel-pppd/accel-ppp.conf.5')
-rw-r--r--accel-pppd/accel-ppp.conf.5384
1 files changed, 384 insertions, 0 deletions
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5
new file mode 100644
index 0000000..d9aaadb
--- /dev/null
+++ b/accel-pppd/accel-ppp.conf.5
@@ -0,0 +1,384 @@
+.TH ACCEL-PPP.CONF 5 "6 October 2010"
+.SH NAME
+.B accel-ppp.conf
+- ACCEL-PPP VPN daemon configuration
+.SH DESCRIPTION
+.BR accel-pppd (8)
+reads options from this file, usually
+.IR /etc/accel-ppp.conf
+.TP
+Configuration file consists of sections in form:
+.TP
+[section1]
+.br
+name1=val1
+.br
+name2=val2
+.br
+name3
+.TP
+[section2]
+.br
+ ....
+.br
+.SH SECTIONS
+.TP
+.SH [modules]
+containes list of modules to load
+.TP
+.BI log_file
+This is logging target which logs messages to files. It support per-session/per-user features.
+.TP
+.BI log_tcp
+This is logging target which logs messages over TCP/IP.
+.TP
+.BI log_pgsql
+This is logging target which logs messages to PostgreSQL.
+.TP
+.BI pptp
+.br
+PPTP controlling connection handling module.
+.TP
+.BI pppoe
+.br
+PPPoE discovery stage handling module.
+.TP
+.BI auth_pap
+PAP authentication module.
+.TP
+.BI auth_chap
+CHAP (md5) authentication module.
+.TP
+.BI auth_mschap_v1
+Microsoft CHAP (version 1) authentication module.
+.TP
+.BI auth_mschap_v2
+Microsoft CHAP (version 2) authentication module.
+.TP
+.BI radius
+.br
+RADIUS interaction module.
+.TP
+.BI ippool
+.br
+IP address assigning module.
+.TP
+.BI sigchld
+Helper module to manage child processes, required by pppd_compat
+.TP
+.BI pppd_compat
+This module starts pppd compatible ip-up/ip-down scripts and ip-change to handle RADIUS CoA request.
+.TP
+.SH [core]
+Configuration of core module
+.TP
+.BI "log-error=" path
+Path to file for core module error logging.
+.TP
+.BI "thread-count=" n
+number of working threads, optimal - number of processors/cores
+.TP
+.SH [ppp]
+.br
+PPP module configuration.
+.TP
+.BI "verbose=" n
+If n is not zero ppp module will produce verbose logging.
+.TP
+.BI "min-mtu=" n
+Minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU.
+.TP
+.BI "mtu=" n
+MTU which will be negotiated if client's MRU will be not acceptable.
+.TP
+.BI "mru=" n
+Prefered MRU.
+.TP
+.BI "ccp=" n
+Disable CCP negotiation if this parameter is zero.
+.TP
+.TP
+.BI "sid-case=" upper|lower
+Specifies in which case generate session identifier (default lower).
+.TP
+.BI "check-ip=" 0|1
+Specifies whether accel-ppp should check if IP already assigned to other ppp interface (default 0).
+.TP
+.SH [lcp]
+.br
+PPP LCP module configuration
+.TP
+.BI "echo-interval=" n
+If this option is given and greater then 0 then lcp module will send echo-request every
+.B n
+seconds.
+.TP
+.BI "echo-failure=" n
+Specifies maximum number of echo-requests may be sent without valid echo-reply, if exceeds connection will be terminated.
+.TP
+.SH [dns]
+.TP
+.BI "dns1=" x.x.x.x
+Specifies primary DNS to be sent to peer.
+.TP
+.BI "dns2=" x.x.x.x
+Specifies secondary DNS to be sent to peer.
+.TP
+.SH [client-ip-range]
+You have to explicitly specify range of ip address from which clients can connect to server in form:
+.br
+.B x.x.x.x/mask
+(for example 10.0.0.0/8)
+.br
+.B x.x.x.x-y
+(for example 10.0.0.1-254)
+.TP
+.SH [pptp]
+.br
+Configuration of PPTP module.
+.TP
+.BI "bind=" x.x.x.x
+If this option is given then pptp server will bind to specified IP address.
+.TP
+.BI "verbose=" n
+If this option is given and
+.B n
+is greater of zero then pptp module will produce verbose logging.
+.TP
+.BI "echo-interval=" n
+If this option is given and greater then zero then pptp module will send echo-request every
+.B n
+seconds.
+.TP
+.BI "echo-failure=" n
+Specifies maximum number of echo-requests may be sent without valid echo-reply, if exceeds connection will be terminated.
+.TP
+.BI "timeout=" n
+Timeout waiting reply from client in seconds (default 5).
+.TP
+.SH [pppoe]
+.br
+Configuration of PPPoE module.
+.TP
+.BI "interface=" ethX
+Specifies interface name to listen/send discovery packets. You may specify multiple
+.B interface
+options.
+.TP
+.BI "ac-name=" ac-name
+Specifies AC-Name tag value. If absent tag will not be sent.
+.TP
+.BI "service-name=" service-name
+Specifies Service-Name to respond. If absent any Service-Name is acceptable and client's Service-Name will be sent back.
+.TP
+.BI "pado-delay=" delay[,delay1:count1[,delay2:count2[,...]]]
+Specifies delays (also in condition of connection count) to send PADO (ms).
+Last delay in list may be -1 which means don't accept new connections.
+List have to be sorted by count key.
+.TP
+.BI "mac-filter=" filename,type
+Specifies mac-filter filename and type, type maybe
+.B allow
+or
+.B deny
+.TP
+.BI "ifname-in-sid=" called-sid|calling-sid|both
+Specifies that interface name should be present in Called-Station-ID or in Calling-Station-ID or in both attributes.
+.TP
+.BI "verbose=" n
+If this option is given and
+.B n
+is greater of zero then pppoe module will produce verbose logging.
+.TP
+.SH [l2tp]
+.br
+Configuration of L2TP module.
+.TP
+.BI "bind=" x.x.x.x
+Specifies IP address to bind.
+.TP
+.BI "host-name=" string
+This name will be sent to clients in Host-Name attribute.
+.TP
+.BI "hello-interval=" n
+Specifies interval (in seconds) to send Hello control message. Its used for keep alive connection. If peer will not respond to Hello connection will be terminated.
+.TP
+.BI "timeout=" n
+Specifies timeout (in seconds) to wait peer completes tunnel and session negotiation.
+.TP
+.BI "rtimeout=" n
+Specifies timeout (in seconds) to wait message acknowledge, if elapsed message retransmition will be performed.
+.TP
+.BI "retransmit=" n
+Specifies maximum number of message retransmission, if exceeds connection will be terminated.
+.TP
+.BI "verbose=" n
+If this option is given and
+.B n
+is greater of zero then l2tp module will produce verbose logging.
+.TP
+.SH [radius]
+.br
+Configuration of RADIUS module.
+.TP
+.BI "nas-identifier=" identifier
+Specifies value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.
+.TP
+.BI "nas-ip-address=" x.x.x.x
+Specifies value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests.
+Also DM/CoA server will bind to that address.
+.TP
+.BI "gw-ip-address=" x.x.x.x
+Specifies address to use as local address of ppp interfaces if Framed-IP-Address received from RADIUS server.
+.TP
+.BI "auth-server=" x.x.x.x:port,secret
+Specifies IP address, port and secret of authentication RADIUS server.
+.TP
+.BI "acct-server=" x.x.x.x:port,secret
+Specifies IP address, port and secret of accounting RADIUS server.
+.TP
+.BI "dae-server=" x.x.x.x:port,secret
+Specifies IP address, port to bind and secret for Dynamic Authorization Extension server (DM/CoA).
+.TP
+.BI "dm_coa_secret=" secret (deprecated, use dae-server instead)
+Specifies secret to use in DM/CoA communication.
+.TP
+.BI "acct-interim-interval=" n
+Specifies interval in seconds to send accounting information (may be overriden by radius Acct-Interim-Interval attribute)
+.TP
+.BI "verbose=" n
+If this option is given and
+.B n
+is greater of zero then radius module will produce verbose logging.
+.TP
+.BI "interim-verbose=" n
+If this option is given and
+.B n
+is greater of zero then radius module will produce verbose logging of interim radius packets.
+.TP
+.BI "timeout=" n
+Timeout to wait response from server (sec)
+.TP
+.BI "max-try=" n
+Specifies number of tries to send Access-Request/Accounting-Request queries.
+.TP
+.BI "acct-timeout=" n
+Specifies timeout of accounting interim update.
+.TP
+.SH [log]
+.br
+Configuration of log and log_file modules.
+.TP
+.BI "log-file=" file
+Path to file to write general log.
+.TP
+.BI "log-emerg=" file
+Path to file to write emergency messages.
+.TP
+.BI "log-tcp=" x.x.x.x:port
+Send logs to specified host.
+.TP
+.BI "copy=" n
+If this options is given and greater then zero logging engine will duplicate session log in general log.
+(Useful when per-session/per-user logs are not used)
+.TP
+.BI "per-session-dir=" dir
+Directory for session logs. If specified each session will be logged separately to file which name is unique session identifier.
+.TP
+.BI "per-user-dir=" dir
+Directory for user logs. If specified all sessions of same user will be logged to file which name is user name.
+.TP
+.BI "per-session=" n
+If specified and n is greater then zero each session of same user will be logger separately to directory specified by "per-user-dir"
+and subdirectory which name is user name and to file which name os unique session identifier.
+.TP
+.BI "level=" n
+Specifies log level which values are:
+.br
+.B 0
+turn off all logging
+.br
+.B 1
+log only error messages
+.br
+.B 2
+log error and warning messages
+.br
+.B 3
+log error, warning and minimum information messages (use this level in conjuction with verbose option of other modules if you need verbose logging)
+.br
+.B 4
+log error, warning and full information messages (use this level in conjuction with verbose option of other modules if you need verbose logging)
+.br
+.B 5
+log all messages including debug messages
+.TP
+.SH [log-pgsql]
+.br
+Configuration of log_pgsql module.
+.TP
+.BI "conninfo=" conninfo
+Conninfo to connect to PostgreSQL server.
+.TP
+.BI "log-table=" table
+Table to send log messages. Table must contain following field:
+.br
+.B timestamp
+timestamp
+.br
+.B username
+text
+.br
+.B sessionid
+text
+.br
+.B msg
+text
+.TP
+.SH [pppd_compat]
+.br
+Configuration of pppd_compat module.
+.TP
+.BI "ip-pre-up=" file
+Path to ip-pre-up script which is executed before ppp interface comes up, useful to setup firewall rules before any traffic can pass through the interface.
+.TP
+.BI "ip-up=" file
+Path to ip-up script which is executed when ppp interfaces is completly configured and started.
+.TP
+.BI "ip-down=" file
+Path to ip-down script which is executed when session is about to terminate.
+.TP
+.BI "ip-change=" file
+Path to ip-change script which is executed for RADIUS CoA handling.
+.TP
+.BI "radattr=" prefix
+Prefix of radattr files (for example /var/run/radattr, resulting files will be /var/run/radattr.pppX)
+.TP
+.BI "verbose=" n
+If specified and greated then zero pppd_module will produce verbose logging.
+.TP
+.SH [ip-pool]
+.br
+Configuration of ippool module.
+.TP
+.BI "gw-ip-address=" x.x.x.x
+Specifies single IP address to be used as local address of ppp interfaces.
+.TP
+.BI "gw=" range
+Specifies range of local address of ppp interfaces if form:
+.br
+.B x.x.x.x/mask
+(for example 10.0.0.0/8)
+.br
+.B x.x.x.x-y
+(for example 10.0.0.1-254)
+.TP
+.BI "tunnel=" range
+Specifies range of remote address of ppp interfaces if form:
+.br
+.B x.x.x.x/mask
+.br
+.B x.x.x.x-y
+.TP
+.BI "x.x.x.x/mask or x.x.x.x-y"
+Also specifies range of remote address of ppp interfaces.