L2TP Virtual Private Network (VPN) Remote access L2TP VPN #include External IP address to which VPN clients will connect #include #include L2TP Network Server (LNS) Tunnel password used to authenticate the client (LAC) Sent to the client (LAC) in the Host-Name attribute Disable Compression Control Protocol (CCP) Internet Protocol Security (IPsec) for remote access L2TP VPN IPsec authentication settings Authentication mode for IPsec pre-shared-secret Use pre-shared secret for IPsec authentication x509 Use X.509 certificate for IPsec authentication ^(pre-shared-secret|x509)$ pre-shared-secret x509 Pre-shared secret for IPsec X.509 certificate #include File containing the X.509 Certificate Revocation List (CRL) txt File in /config/auth File containing the X.509 certificate for the remote access VPN server (this host) txt File in /config/auth File containing the private key for the X.509 certificate for the remote access VPN server (this host) txt File in /config/auth Password that protects the private key IKE lifetime u32:30-86400 IKE lifetime in seconds (default 3600) ESP lifetime u32:30-86400 IKE lifetime in seconds (default 3600) #include Pool of client IP addresses (must be within a /24) #include #include #include Description for L2TP remote-access settings DHCP interface to listen on PPP idle timeout u32:30-86400 PPP idle timeout in seconds (default 1800) Authentication for remote access L2TP VPN Authentication protocol for remote access peer L2TP VPN pap Require the peer to authenticate itself using PAP [Password Authentication Protocol]. chap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. mschap-v2 Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. ^(pap|chap|mschap|mschap-v2)$ pap chap mschap mschap-v2 #include #include #include #include #include Mark server unavailable for N seconds on failure u32:0-600 Fail time penalty Fail time must be between 0 and 600 seconds Timeout to wait response from server (seconds) Timeout to wait reply for Interim-Update packets. (default 3 seconds) Maximum number of tries to send Access-Request/Accounting-Request queries Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) IP address for Dynamic Authorization Extension server (DM/CoA) Port for Dynamic Authorization Extension server (DM/CoA) default: 3799 3799 Secret for Dynamic Authorization Extension server (DM/CoA) Upload/Download speed limits Specifies which radius attribute contains rate information. (default is Filter-Id) Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) Enables Bandwidth shaping via RADIUS Advanced protocol options #include