L2TP Virtual Private Network (VPN) Remote access L2TP VPN Maximum Transmission Unit (MTU) External IP address to which VPN clients will connect Nexthop IP address for reaching the VPN clients IPv4 Domain Name Service (DNS) server Primary DNS server ipv4 IPv4 address Secondary DNS server ipv4 IPv4 address IPv6 Domain Name Service (DNS) server ipv6 IPv6 DNS address L2TP Network Server (LNS) Tunnel password used to authenticate the client (LAC) Disable Compression Control Protocol (CCP) Internet Protocol Security (IPsec) for remote access L2TP VPN IPsec authentication settings Authentication mode for IPsec pre-shared-secret Use pre-shared secret for IPsec authentication x509 Use X.509 certificate for IPsec authentication ^(pre-shared-secret|x509) pre-shared-secret x509 Pre-shared secret for IPsec X.509 certificate File containing the X.509 certificate for the Certificate Authority (CA) <text> File in /config/auth File containing the X.509 Certificate Revocation List (CRL) <text> File in /config/auth File containing the X.509 certificate for the remote access VPN server (this host) <text> File in /config/auth File containing the private key for the X.509 certificate for the remote access VPN server (this host) <text> File in /config/auth Password that protects the private key IKE lifetime <30-86400> IKE lifetime in seconds (default 3600) ESP lifetime <30-86400> IKE lifetime in seconds (default 3600) Windows Internet Name Service (WINS) server settings Primary WINS server Secondary WINS server Pool of client IP addresses (must be within a /24) First IP address in the pool (will be used as gateway address) Last IP address in the pool Client IP subnet (CIDR notation) Not a valid CIDR formatted prefix ipv4net IPv4 subnet address Pool of client IPv6 addresses IPV6 prefix delegation ipv6prefix/mask,prefix_len e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients DHCPv6 prefix delegation - rfc3633 ipv6prefix/mask,prefix_len Delegate to clients through DHCPv6 prefix delegation - rfc3633 Description for L2TP remote-access settings DHCP interface to listen on PPP idle timeout <30-86400> PPP idle timeout in seconds (default 1800) Authentication for remote access L2TP VPN Authentication protocol for remote access peer L2TP VPN pap Require the peer to authenticate itself using PAP [Password Authentication Protocol]. chap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap-v2 Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. ^(pap|chap|mschap|mschap-v2) pap chap mschap mschap-v2 Specifies mppe negotioation preference. (default require mppe 128-bit stateless deny deny mppe prefer Ask client for mppe, if it rejects do not fail require ask client for mppe, if it rejects drop connection ^(deny|prefer|require) deny prefer require Authentication mode for remote access L2TP VPN local Use local username/password configuration radius Use a RADIUS server to autenticate users ^(local|radius) local radius Local user authentication for remote access L2TP VPN User name for authentication Option to disable a L2TP Server user Password for authentication Static client IP address Upload/Download speed limits Upload bandwidth limit in kbits/sec Download bandwidth limit in kbits/sec RADIUS specific configuration IP address of RADIUS server ipv4 IPv4 address of RADIUS server Key for accessing the specified server Maximum number of simultaneous requests to server (default: unlimited) If server doesn not responds mark it unavailable for this time (seconds) Local RADIUS client address from which packets are sent. <x.x.x.x> Local RADIUS client address from which packets are sent Timeout to wait response from server (seconds) Timeout to wait reply for Interim-Update packets. (default 3 seconds) Maximum number of tries to send Access-Request/Accounting-Request queries Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) IP address for Dynamic Authorization Extension server (DM/CoA) Port for Dynamic Authorization Extension server (DM/CoA) Secret for Dynamic Authorization Extension server (DM/CoA) Upload/Download speed limits Specifies which radius attribute contains rate information. (default is Filter-Id) Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) Enables Bandwidth shaping via RADIUS Advanced protocol options LCP echo-requests/sec Maximum number of Echo-Requests may be sent without valid reply