GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


       xl2tpd.conf - L2TPD configuration file


       The xl2tpd.conf file contains configuration information for xl2tpd, the
       implementation of l2tp protocol.

       The configuration file is composed of  sections  and  parameters.  Each
       section   has   a  given  name  which  will  be  used  when  using  the
       configuration FIFO (normaly /var/run/l2tp-control). See  xl2tpd.8   for
       more details.

       The specific given name default will specify parameters applicables for
       all the following sections.


       auth file
              Specify  where  to  find  the  authentication   file   used   to
              authenticate      l2tp      tunnels.      The     default     is

       ipsec saref
              Use IPsec Security Association trackinng. When this is  enabled,
              packets  received  by  xl2tpd should have to extra fields (refme
              and refhim) which allows tracking of multiple clients using  the
              same  internal NATed IP address, and allows tracking of multiple
              clients behind the same NAT router. This neds to be supported by
              the  kernel.  Currently,  this only works with Openswan KLIPS in
              "mast" mode. (see

              Set this to yes and the system will provide proper SAref  values
              in the recvmsg() calls.

              Values can be yes or no. The default is no.

       saref refinfo
              When   using   IPsec   Security  Association  trackinng,  a  new
              setsockopt is used.  Since this is not (yet?) an official  Linux
              kernel  option,  we  got bumped.  Openswan upto 2.6.35 for linux
              kernels up to 2.6.35 used a saref num of 22.  Linux 3.6.36+ uses
              22 for IP_NODEFRAG. We moved our IP_IPSEC_REFINFO to 30.  If not
              set, the default is to use 30. For older SAref patched  kernels,
              use 22.

              The IP address of the interface on which the daemon listens.  By
              default, it listens on INADDR_ANY (, meaning it  listens
              on all interfaces.

       port   Specify which UDP port xl2tpd should use. The default is 1701.

       access control
              If  set  to yes, the xl2tpd process will only accept connections
              from peers addresses specified in the  following  sections.  The
              default is no.

       debug avp
              Set  this  to  yes to enable syslog output of L2TP AVP debugging

       debug network
              Set this to yes to enable syslog  output  of  network  debugging

       debug packet
              Set  this  to  yes  to  enable printing of L2TP packet debugging
              information.  Note: Output goes to STDOUT, so use this  only  in
              conjunction with the -D command line option.

       debug state
              Set  this  to  yes  to  enable  syslog  output  of FSM debugging

       debug tunnel
              Set this to yes to enable  syslog  output  of  tunnel  debugging


              If  set  to  yes,  only one control tunnel will be allowed to be
              built between 2 peers. CHECK

       (no) ip range
              Specify the range of ip addresses the LNS  will  assign  to  the
              connecting  LAC  PPP  tunnels.  Multiple  ranges can be defined.
              Using the 'no' statement disallows the use  of  that  particular
              range.   Ranges  are  defined using the format IP - IP (example:
     -  Note that either at  least  one  ip  range
              option must be given, or you must set assign ip to no.

       assign ip
              Set  this  to no if xl2tpd should not assign IP addresses out of
              the pool defined with the ip range option.  This can  be  useful
              if  you  have  some  other means to assign IP addresses, e. g. a
              pppd that supports RADIUS AAA.

       (no) lac
              Specify the ip addresses of LAC's which are allowed  to  connect
              to  xl2tpd  acting  as  a  LNS. The format is the same as the ip
              range option.

       hidden bit
              If set to yes, xl2tpd will use the AVP hiding feature  of  L2TP.
              To  get  more information about hidden AVP's and AVP in general,
              refer to rfc2661 (add URL?)

       local ip
              Use the following IP as xl2tpd's own ip address.

       local ip range
              Specify the range of addresses the LNS will assign as the  local
              address  to connecting LAC PPP tunnels.  This option is mutually
              exclusive with the local ip option and is useful in cases  where
              it  is  desirable  to  have a unique IP address for each tunnel.
              Specify the range value exactly like the ip range option.   Note
              that the assign ip option has no effect on this option.

       length bit
              If set to yes, the length bit present in the l2tp packet payload
              will be used.

       (refuse | require) chap
              Will require or refuse the remote peer to get authenticated  via
              CHAP for the ppp authentication.

       (refuse | require) pap
              Will  require or refuse the remote peer to get authenticated via
              PAP for the ppp authentication.

       (refuse | require) authentication
              Will require or refuse the remote peer to authenticate itself.

       unix authentication
              If set to yes, /etc/passwd will be  used  for  remote  peer  ppp

              Will report this as the xl2tpd hostname in negociation.

       ppp debug
              This will enable the debug for pppd.

       pass peer
              Pass  the  peer's  IP  address  to  pppd as ipparam.  Enabled by

              Specify the path for a file which  contains  pppd  configuration
              parameters to be used.

       call rws
              This  option  is deprecated and no longer functions.  It used to
              be used to define the flow control window  size  for  individual
              L2TP  calls  or sessions.  The L2TP standard (RFC2661) no longer
              defines flow control or window sizes on calls or sessions.

       tunnel rws
              This defines the window size of the control channel.  The window
              size  is  defined  as  the  number of outstanding unacknowledged
              packets, not as a number of bytes.

       flow bits
              If set  to  yes,  sequence  numbers  will  be  included  in  the
              communication.   The feature to use sequence numbers in sessions
              is currently broken and does not function.

              If set to yes,  use  challenge  authentication  to  authenticate

       rx bps If set, the receive bandwidth maximum will be set to this value

       tx bps If set, the transmit bandwidth maximum will be set to this value


       The  following  are  LAC  specific  configuration  flags. Most of those
       described in the LNS section may be used in a  LAC  context,  where  it
       make   common  sense  (essentially  l2tp  procotols  tuning  flags  and
       authentication / ppp related ones).

       lns    Set the dns name or ip address of the LNS to connect to.

       redial If set to yes, xl2tpd will attempts to redial if  the  call  get
              disconected.   Note that, if enabled, xl2tpd will keep passwords
              in memory: a potental security risk.

       redial timeout
              Wait X seconds before redial. The redial option must be  set  to
              yes to use this option.  Defaults to 30 seconds.

       max redial
              Will give up redial tries after X attempts.


       /etc/xl2tpd/xl2tpd.conf                        /etc/xl2tpd/l2tp-secrets


       Please address bugs and comment to




       Forked           from           xl2tpd           by           Xelerance

       Michael      Richardson      <>      Paul      Wouters

       Many thanks to Jacco de Leeuw <> for maintaining l2tpd.

       Previous      development      was      hosted      at      sourceforge
       ( by:

       Scott Balmos <>
       David Stipp <>
       Jeff McAdams <>

       Based off of l2tpd version 0.60
       Copyright (C)1998 Adtran, Inc.
       Mark Spencer <>

  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to
Page load time: 0.046 seconds. Last modified: November 04 2018 12:49:43.