L2TP Virtual Private Network (VPN) Remote access L2TP VPN Maximum Transmission Unit (MTU) External IP address to which VPN clients will connect Nexthop IP address for reaching the VPN clients IPv4 Domain Name Service (DNS) server Primary DNS server ipv4 IPv4 address Secondary DNS server ipv4 IPv4 address Internet Protocol Security (IPsec) for remote access L2TP VPN IPsec authentication settings Authentication mode for IPsec pre-shared-secret Use pre-shared secret for IPsec authentication x509 Use X.509 certificate for IPsec authentication ^(pre-shared-secret|x509) pre-shared-secret x509 Pre-shared secret for IPsec X.509 certificate File containing the X.509 certificate for the Certificate Authority (CA) <text> File in /config/auth File containing the X.509 Certificate Revocation List (CRL) <text> File in /config/auth File containing the X.509 certificate for the remote access VPN server (this host) <text> File in /config/auth File containing the private key for the X.509 certificate for the remote access VPN server (this host) <text> File in /config/auth Password that protects the private key IKE lifetime <30-86400> IKE lifetime in seconds (default 3600) ESP lifetime <30-86400> IKE lifetime in seconds (default 3600) Windows Internet Name Service (WINS) server settings Primary WINS server Secondary WINS server Pool of client IP addresses (must be within a /24) First IP address in the pool (will be used as gateway address) Last IP address in the pool Client IP subnet (CIDR notation) Not a valid CIDR formatted prefix ipv4net IPv4 subnet address Description for L2TP remote-access settings DHCP interface to listen on PPP idle timeout <30-86400> PPP idle timeout in seconds (default 1800) Authentication for remote access L2TP VPN Authentication protocol for remote access peer L2TP VPN pap Require the peer to authenticate itself using PAP [Password Authentication Protocol]. chap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap-v2 Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. ^(pap|chap|mschap|mschap-v2) pap chap mschap mschap-v2 Specifies mppe negotioation preference. (default require mppe 128-bit stateless deny deny mppe prefer ask client for mppe, if it rejects don't fail require ask client for mppe, if it rejects drop connection ^(deny|prefer|require) deny prefer require Authentication mode for remote access L2TP VPN local Use local username/password configuration radius Use a RADIUS server to autenticate users ^(local|radius) local radius Local user authentication for remote access L2TP VPN User name for authentication Option to disable a L2TP Server user Password for authentication Static client IP address Upload/Download speed limits Upload bandwidth limit in kbits/sec Download bandwidth limit in kbits/sec RADIUS specific configuration IP address of radius server ipv4 IP address of RADIUS server Key for accessing the specified server Maximum number of simultaneous requests to server (default: unlimited) If server doesn't responds mark it as unavailable for this amount of time in seconds RADIUS settings Timeout to wait response from server (seconds) Timeout to wait reply for Interim-Update packets. (default 3 seconds) Maximum number of tries to send Access-Request/Accounting-Request queries Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) IP address for Dynamic Authorization Extension server (DM/CoA) Port for Dynamic Authorization Extension server (DM/CoA) Secret for Dynamic Authorization Extension server (DM/CoA) Upload/Download speed limits Specifies which radius attribute contains rate information. (default is Filter-Id) Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) Enables Bandwidth shaping via RADIUS