Project

General

Profile

Statistics
| Branch: | Revision:

duckcorp-infra / ansible / roles / dc-base / templates / l2tp / xl2tpd.conf @ 1a13ada2

History | View | Annotate | Download (4.38 KB)

1
; {{ ansible_managed }}
2
;
3
; Sample l2tpd configuration file
4
;
5
; This example file should give you some idea of how the options for l2tpd
6
; should work.  The best place to look for a list of all options is in
7
; the source code itself, until I have the time to write better documetation :)
8
; Specifically, the file "file.c" contains a list of commands at the end.
9
;
10
; You most definitely don't have to spell out everything as it is done here
11
;
12
; [global]								; Global parameters:
13
; port = 1701						 	; * Bind to port 1701
14
; auth file = /etc/l2tpd/l2tp-secrets 	; * Where our challenge secrets are
15
; access control = yes					; * Refuse connections without IP match
16
; rand source = dev                     ; Source for entropy for random
17
;                                       ; numbers, options are:
18
;                                       ; dev - reads of /dev/urandom
19
;                                       ; sys - uses rand()
20
;                                       ; egd - reads from egd socket
21
;                                       ; egd is not yet implemented
22
;
23
; [lns default]							; Our fallthrough LNS definition
24
; exclusive = no						; * Only permit one tunnel per host
25
; ip range = 192.168.0.1-192.168.0.20	; * Allocate from this IP range
26
; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts
27
; ip range = 192.168.0.5				; * But this one is okay
28
; ip range = lac1-lac2					; * And anything from lac1 to lac2's IP
29
; lac = 192.168.1.4 - 192.168.1.8		; * These can connect as LAC's
30
; no lac = untrusted.marko.net			; * This guy can't connect
31
; hidden bit = no						; * Use hidden AVP's?
32
; local ip = 192.168.1.2				; * Our local IP to use
33
; local ip range = 192.168.200.0-192.168.200.20   ; Alternatively, use a range for local addressing
34
; length bit = yes						; * Use length bit in payload?
35
; require chap = yes					; * Require CHAP auth. by peer
36
; refuse pap = yes						; * Refuse PAP authentication
37
; refuse chap = no						; * Refuse CHAP authentication
38
; refuse authentication = no			; * Refuse authentication altogether
39
; require authentication = yes			; * Require peer to authenticate
40
; unix authentication = no				; * Use /etc/passwd for auth.
41
; name = myhostname						; * Report this as our hostname
42
; ppp debug = no						; * Turn on PPP debugging
43
; pppoptfile = /etc/ppp/options.l2tpd.lns	; * ppp options file
44
; call rws = 10							; * RWS for call (-1 is valid)
45
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
46
; flow bit = yes						; * Include sequence numbers
47
; challenge = yes						; * Challenge authenticate peer ;
48
; rx bps = 10000000				; Receive tunnel speed
49
; tx bps = 10000000				; Transmit tunnel speed
50
; bps = 100000					; Define both receive and transmit speed in one option
51

    
52
; [lac marko]							; Example VPN LAC definition
53
; lns = lns.marko.net					; * Who is our LNS?
54
; lns = lns2.marko.net					; * A backup LNS (not yet used)
55
; redial = yes							; * Redial if disconnected?
56
; redial timeout = 15					; * Wait n seconds between redials
57
; max redials = 5						; * Give up after n consecutive failures
58
; hidden bit = yes						; * User hidden AVP's?
59
; local ip = 192.168.1.1				; * Force peer to use this IP for us
60
; remote ip = 192.168.1.2				; * Force peer to use this as their IP
61
; length bit = no						; * Use length bit in payload?
62
; require pap = no						; * Require PAP auth. by peer
63
; require chap = yes					; * Require CHAP auth. by peer
64
; refuse pap = yes						; * Refuse PAP authentication
65
; refuse chap = no						; * Refuse CHAP authentication
66
; refuse authentication = no			; * Refuse authentication altogether
67
; require authentication = yes			; * Require peer to authenticate
68
; name = marko							; * Report this as our hostname
69
; ppp debug = no						; * Turn on PPP debugging
70
; pppoptfile = /etc/ppp/options.l2tpd.marko	; * ppp options file for this lac
71
; call rws = 10							; * RWS for call (-1 is valid)
72
; tunnel rws = 4						; * RWS for tunnel (must be > 0)
73
; flow bit = yes						; * Include sequence numbers
74
; challenge = yes						; * Challenge authenticate peer
75
;
76
; [lac cisco]							; Another quick LAC
77
; lns = cisco.marko.net					; * Required, but can take from default
78
; require authentication = yes
79

    
80
{% for lac_name, lac_params in net.l2tp.items() %}
81
[lac {{ lac_name }}]
82
lns = {{ lac_params.server }}
83
redial = yes
84
redial timeout = 15
85
require chap = yes
86
refuse pap = yes
87
require authentication = yes
88
name = {{ lac_params.login }}
89
pppoptfile = /etc/ppp/options.l2tp.{{ lac_name }}
90
ppp debug = yes
91

    
92
{% endfor %}