Translation(s): Русский

(!) ?Обсуждения


OpenL2TP >> l2tpconfig

l2tpconfig - это приложение для управления из командной строки программой OpenL2TP. "l2tpconfig" взаимодействует с демоном программы OpenL2TP - "openl2tpd" по IP (Internet Protocol). Интерфейс командной строки (command-line interface, CLI) утилиты l2tpconfig запоминает ранее набранные команды, умеет завершать синтаксис команд клавишей "Tab" и поддерживает контекстно-зависимую справку по командам (наберите знак вопроса - "?").

Если вы поменяли параметры при настройке программы OpenL2TP через утилиту "l2tpconfig", то это действие можно сохранить в указанный вами файл с настройками при помощи одной простой команды, это делается для того, чтобы не редактировать параметры настраивая OpenL2TP каждый раз. Пользователям рекомендуется использовать интерактивные команды утилиты l2tpconfig для того, чтобы первоначально один раз настроить программу OpenL2TP так как вам угодно, а затем сохранить настройки в файл для того, чтобы настройки могли быть загружены при следующем запуске демона openl2tpd.


l2tpconfig(1)

Руководство OpenL2TP

l2tpconfig(1)

НАЗВАНИЕ

РЕЗЮМЕ

ОПИСАНИЕ

ПАРАМЕТРЫ:

ОКРУЖАЮЩАЯ СРЕДА

КОМАНДЫ

Общий формат команды

Каждый объект всех различных типов поддерживает одну или более из следующих операций:

В одной команде возможна только одна, из перечисленных выше, операция с объектом; в случае операций "CREATE" и "MODIFY", одна команда может содержать множество параметров. При вызове нескольких последовательных друг за другом операций на объект, в параметрах обязательно должно быть указано _название_экземпляра_ объекта какого то конкретно одного типа. (Исключение - "LIST", потому что в зависимости от контекста, для этой операции, возможно, не потребуются параметры.)

ТИПЫ ОБЪЕКТОВ

ИНТЕРАКТИВНЫЙ РЕЖИМ

ПРИВЯЗКА КЛАВИШ

начало строки; конец строки;

стирание символов от курсора до конца строки; стирание символов перевода строки

переход по слову; переход по слову назад

ИСТОРИЯ КОМАНД

ПОСТОЯННАЯ НАСТРОЙКА

ПОЛНЫЙ СИНТАКСИС ВСЕХ КОМАНД

l2tp> ?

l2tp> peer ?

l2tp> peer profile ?

• exit - выйти из приложения "l2tpconfig"

• profile - команды для управления профилями партнёра (peer profiles)

• create - создать новый профиль для L2TP-партнёра

• peer - команды для управления партнёрами (peers)

• list - отобразить список всех существующих (ранее созданных) профилей, применяемых к партнёрам

• ppp - команды для управления ppp

• show - показать подробную информацию о профиле для партнёра

• session - команды для управления сессиями (session)

• modify - изменить параметры настройки профиля для партнёра

• tunnel - команды для управления туннелями (tunnels)

• delete - удалить профиль для партнёра

• system - все системные команды

• unset - удалить значения параметров у профиля для партнёра

• debug - команды только для отладки

• server - здесь настройка сервера (LNS)

• config - сохранить/восстановить параметры настроек

• quit - выйти из приложения "l2tpconfig"

l2tp> ppp ?

l2tp> ppp profile ?

• profile - команды для управления профилями PPP (PPP profiles)

• create - создать новый профиль для PPP

• list - отобразить список всех доступных (ранее созданных) профилей, применяемых к PPP

• show - показать подробную информацию о профиле для PPP

• modify - изменить параметры настройки профиля для PPP

• delete - удалить профиль для PPP

• unset - удалить значения параметров у профиля для PPP

l2tp> tunnel ?

l2tp> tunnel profile ?

• create - создать новый L2TP-туннель

• create - создать новый профиль для L2TP-туннеля

• profile - команды для управления профилями туннеля

• list - отобразить список всех существующих (ранее созданных) профилей, применяемых к туннелям

• show - показать подробную информацию о состоянии L2TP-туннеля

• show - показать подробную информацию о профиле для туннеля

• show - показать подробную информацию о туннеле

• modify - изменить параметры настройки профиля для туннеля

• modify - изменить параметры настройки туннеля

• delete - удалить профиль для L2TP-туннеля

• delete - удалить L2TP-туннель

• unset - удалить значения параметров настройки у профиля для туннеля

l2tp> session ?

l2tp> session profile ?

• create - создать новую L2TP-сессию

• create - создать новый профиль для L2TP-сессии

• profile - команды для управления профилями для сессий

• list - отобразить список всех доступных (ранее созданных) профилей, применяемых к сессиям

• list - отобразить список всех существующих (ранее созданных) сессий на указанном туннеле

• show - показать подробную информацию о профиле для сессии

• show - показать подробную информацию о состоянии L2TP-сессии

• modify - изменить параметры настройки профиля для туннеля

• modify - изменить параметры настройки для сессии

• delete - удалить профиль для L2TP-сессии

• delete - удалить L2TP-сессию

• unset - удалить значения параметров настройки у профиля для сессии

l2tp> system ?

l2tp> debug ?

• modify - изменить параметры настройки для системы

• modify - изменить параметры настройки для отладки

• show - показать подробную статистику и подробную информацию о параметрах настройки для системы

• show - показать подробную информацию о параметрах настройки для отладки

l2tp> server ?

l2tp> config ?

• modify - изменить параметры настройки для сервера

• save - сохранить в указанный вами файл параметры настроек, введённые вами в интерфейсе командной строки утилиты "l2tpconfig"

• show - показать подробную информацию о параметрах настройки для сервера

• restore - восстановить из указанного вами файла ранее сохранённые параметры настройки

  • ИНТЕРАКТИВНАЯ СПРАВКА ВТОРОГО УРОВНЯ

PEER PROFILE CREATE / MODIFY / UNSET / LIST / SHOW / DELETE

  • Вынесено в отдельную страничку peer

PPP PROFILE CREATE / MODIFY / UNSET / LIST / SHOW / DELETE

  • Вынесено в отдельную страничку ppp

    • TUNNEL CREATE / MODIFY TUNNEL LIST

    l2tp> tunnel list ?

  • local_only - List only locally created tunnels.
  • remote_only - List only remotely created tunnels.
  • names - List only named tunnels.
    • TUNNEL SHOW

Tunnel instances are identified by either tunnel_id or tunnel_name.

  • l2tp> tunnel show ?

  • tunnel_id - Tunnel ID of tunnel.
  • tunnel_name - Administrative name of tunnel
  • config - Display only tunnel configuration/status information.
  • transport - Display only tunnel transport information.
    • TUNNEL DELETE

Tunnel instances are identified by either tunnel_id or tunnel_name.

  • l2tp> tunnel delete ?

  • tunnel_id - Tunnel ID of tunnel.
  • tunnel_name - Administrative name of tunnel
    • TUNNEL PROFILE CREATE / MODIFY / UNSET

    l2tp> tunnel profile create ?

  • profile_name - Name of tunnel profile
  • dest_ipaddr - Destination IP address
  • src_ipaddr - Source IP address
  • udp_port - UDP port number with which to contact peer L2TP server. Default: 1701
  • use_tiebreaker - Enable use of a tiebreaker when setting up the tunnel. Default: ON
  • allow_ppp_proxy - Allow PPP proxy
  • framing_caps - Framing capabilities: sync:async
  • bearer_caps - Bearer capabilities: digital:analog
  • host_name - Name to advertise to peer when setting up the tunnel.
  • secret - Optional secret which is shared with tunnel peer. Must be specified when hide_avps is enabled.
  • auth_mode - Tunnel authentication mode:-

none - no authentication, unless secret is given simple - check peer hostname challenge - require tunnel secret

  • hide_avps - Hide AVPs. Default OFF
  • pmtu_discovery - Do Path MTU Discovery. Default: OFF
  • trace_flags - Trace flags, for debugging network problems
  • udp_csum - Use UDP checksums in data frames. Default: ON
  • hello_timeout - Set timeout used for periodic L2TP Hello messages (in seconds). Default: 0 (no hello messages are generated.
  • max_retries - max retries
  • rx_window_size - Receive window size
  • tx_window_size - Transmit window size
  • retry_timeout - Retry timeout
    • idle_timeout - Idle timeout max_sessions - Maximum number of sessions allowed on tunnel.
      • Default=0 (limited only by max_sessions limit in system parameters).
      mtu - MTU for all sessions in tunnel. Default: 1460. tunnel_name - Administrative name of this tunnel. peer_profile_name - Name of peer profile which will be used for
      • default values of the tunnel's parameters.
      session_profile_name - Name of session profile which will be used for
      • default values of the tunnel's session parameters.
      ppp_profile_name - Name of ppp profile which will be used for
      • default values of the tunnel's session PPP parameters.
      interface_name - Name of system interface for the tunnel.
      • Default: l2tpN where N is tunnel_id. Not currently used.
    • TUNNEL PROFILE LIST
      • l2tp> tunnel profile list ?

      TUNNEL PROFILE SHOW
      • l2tp> tunnel profile show ? profile_name - Name of tunnel profile

      TUNNEL PROFILE DELETE
      • l2tp> tunnel profile delete ? profile_name - Name of tunnel profile

    Вынесено в отдельную страничку tunnel

    • SESSION CREATE
      • l2tp> session create ? tunnel_id - Tunnel ID on which to create session. tunnel_name - Administrative name of tunnel on which to

        • create session.
        profile_name - Name of session profile ppp_profile_name - Name of ppp profile to use for PPP parameters session_name - Administrative name of this session trace_flags - Trace flags, for debugging network problems sequencing_required - The use of sequence numbers in the data
        • channel is mandatory.
        use_sequence_numbers - Enable sequence numbers in the data channel
        • if peer supports them.
        no_ppp - Don't start PPP on the L2TP session. reorder_timeout - Timeout to wait for out-of-sequence packets
        • before discarding.
        session_type - Session type: LAC/LNS incoming/outgoing priv_group_id - Private group ID, used to separate this
        • session into a named administrative group
        interface_name - PPP interface name.Default: pppN user_name - PPP user name user_password - PPP user password framing_type - Framing type: sync, async or any.
        • Default: any
        bearer_type - Bearer type: digital, analog, any.
        • Default: any
        minimum_bps - Minimum bits/sec acceptable. Default: 0 maximum_bps - Maximum bits/sec required.
        • Default: no limit
        connect_speed - Specified as speed[:txspeed], indicates
        • connection speeds.
        session_id - Session ID of session. Default: system
        • chooses random ID.
      SESSION MODIFY
      • Session instances are identified by a tunnel / session pair. The tunnel or session may be specified by id or name, i.e. tunnel_id / tun- nel_name session_id / session_name.

        l2tp> session modify ? tunnel_id - Tunnel ID on which session exists. tunnel_name - Administrative name of tunnel on which session exists. session_id - Session ID of session. session_name - Administrative name of this session trace_flags - Trace flags, for debugging network problems sequencing_required - The use of sequence numbers in the data channel

        • is mandatory.
        use_sequence_numbers - Enable sequence numbers in the data channel if
        • peer supports them.
        reorder_timeout - Timeout to wait for out-of-sequence packets
        • before discarding.
      SESSION LIST
      • l2tp> session list ? tunnel_id - Tunnel ID on which to list sessions. tunnel_name - Administrative name of tunnel on which session exists. local_only - Show only locally created sessions. remote_only - Show only remotely created sessions. names - Show only named sessions.

      SESSION SHOW
      • Session instances are identified by a tunnel / session pair. The tunnel or session may be specified by id or name, i.e. tunnel_id / tun- nel_name session_id / session_name.

        l2tp> session show ? tunnel_id - Tunnel ID on which session exists. tunnel_name - Administrative name of tunnel on which session exists. session_id - Session ID of session. session_name - Administrative name of session.

      SESSION DELETE
      • Session instances are identified by a tunnel / session pair. The tunnel or session may be specified by id or name, i.e. tunnel_id / tun- nel_name session_id / session_name.

        l2tp> session delete ? tunnel_id - Tunnel ID on which session exists. tunnel_name - Administrative name of tunnel on which session exists. session_id - Session ID of session. session_name - Administrative name of session.

      SESSION PROFILE CREATE / MODIFY / UNSET
      • l2tp> session profile create ? profile_name - Name of session profile ppp_profile_name - Name of ppp profile to use for PPP parameters session_name - Administrative name of this session trace_flags - Trace flags, for debugging network problems sequencing_required - The use of sequence numbers in the data channel

        • is mandatory.
        use_sequence_numbers - Enable sequence numbers in the data channel if
        • peer supports them.
        no_ppp - Don't start PPP on the L2TP session. reorder_timeout - Timeout to wait for out-of-sequence packets
        • before discarding.
        session_type - Session type: LAC/LNS incoming/outgoing priv_group_id - Private group ID, used to separate this session
        • into a named administrative group
        framing_type - Framing type: sync, async or any.
        • Default: any
        bearer_type - Bearer type: digital, analog, any.
        • Default: any
        minimum_bps - Minimum bits/sec acceptable. Default: 0 maximum_bps - Maximum bits/sec required. Default: no limit connect_speed - Specified as speed[:txspeed, indicates
        • connection speeds.
      SESSION PROFILE LIST
      • l2tp> session profile list ?

      SESSION PROFILE SHOW
      • l2tp> session profile show ? profile_name - Name of session profile

      SESSION PROFILE DELETE
      • l2tp> session profile delete ? profile_name - Name of session profile

      USER LIST
      • l2tp> user list ?

      SYSTEM MODIFY
      • l2tp> system modify ? trace_flags - Default trace flags to use if not

        • otherwise overridden.
        max_tunnels - Maximum number of tunnels permitted.
        • Default=0 (no limit).
        max_sessions - Maximum number of sessions permitted.
        • Default=0 (no limit).
        drain_tunnels - Enable the draining of existing tunnels
        • (prevent new tunnels from being created.
        tunnel_establish_timeout - Timeout for tunnel establishment.
        • Default=120 seconds..
        session_establish_timeout - Timeout for session establishment.
        • Default=120 seconds..
        tunnel_persist_pend_timeout - Timeout to hold persistent tunnels before
        • retrying. Default=300 seconds.
        session_persist_pend_timeout - Timeout to hold persistent sessions before
        • retrying. Default=60 seconds.
        deny_local_tunnel_creates - Deny the creation of new tunnels by local
        • request.
        deny_remote_tunnel_creates - Deny the creation of new tunnels by remote
        • peers.
        reset_statistics - Reset statistics.
      SYSTEM SHOW
      • l2tp> system show ? configuration - show system configuration version - show system version statistics - show system statistics status - show system status

      DEBUG MODIFY
      • May be used to modify an object's trace_flags instead of manipulating the trace_flags directly with one of the above modify commands. The de- bug commands hide the detail of the trace_flags bitmask from the opera- tor since trace options are controlled by CLI keywords. Only one object may be modified with one command.

        l2tp> debug modify ? tunnel_id - tunnel_id of entity being modified tunnel_name - tunnel_name of entity being modified session_id - session_id of entity being modified session_name - session_name of entity being modified tunnel_profile_name - Name of tunnel profile being modified session_profile_name - Name of session profile being modified ppp_profile_name - Name of ppp profile being modified app - Modify application debug settings protocol - L2TP protocol events fsm - Finite State Machine events (e.g. state changes) api - Management interface interactions transport - Log tunnel transport activity, e.g. packet

        • sequence numbers, packet receive and transmit, to debug tunnel link establishment or failures
        data - Log L2TP data channel activity. Only L2TP control
        • messages are logged, never user data packets.
        ppp_control - Enables trace of PPP packets from the PPP subsystem avp_data - L2TP Attribute Value Pairs (AVPs) data contentsFor
        • detailed message content trace
        avp_hide - Show AVP hiding details avp_info - High level AVP info (shows AVPs present, not their
        • contents)
        func - Internal functional behavior system - Low level system activity, e.g. timers, sockets etc
      DEBUG SHOW
      • l2tp> debug show ? tunnel_id - tunnel_id of entity being shown tunnel_name - tunnel_name of entity being shown session_id - session_id of entity being shown session_name - session_name of entity being shown tunnel_profile_name - Name of tunnel profile being shown session_profile_name - Name of session profile being shown ppp_profile_name - Name of ppp profile being shown app - Show application debug settings

      SERVER MODIFY
      • l2tp> server modify ? name - IP address or hostname of L2TP daemon to attach to. Default=localhost.

      CONFIG SAVE
      • l2tp> config save ? file - Filename for save/restore operation.

      CONFIG RESTORE
      • l2tp> config restore ? file - Filename for save/restore operation.

ПРИМЕРЫ:

  • Create an L2TP tunnel to a remote LNS 1.2.3.4 which requires no authentication. Add a session using PPP username/password
    • myuser/mypassword

      l2tp> tunnel create dest_ipaddr=1.2.3.4 Created tunnel 39767

      l2tp> session create tunnel_id=39767 user_name=myuser \

      • password=mypassword
      Created session 39767/10287 Create an L2TP tunnel to a remote LNS which requires authentication using shared secret 'mypassword'.

      l2tp> tunnel create dest_ipaddr=1.2.3.4 secret=mypassword Created tunnel 4964

      l2tp> session create tunnel_id=39767 user_name=myuser \

      • password=mypassword
      Created session 4964/54933 Setup an LNS that accepts tunnels only from IP addresses in the subnet 1.2.3.0/24 and from hostname 'one'. For hostname 'one', enable L2TP data sequence numbers, use tunnel authentication, enable AVP hiding and send a PPP LCP echo every 5 seconds.

      l2tp> peer profile create profile_name=mysubnet \

      • ip_addr=1.2.3.0 netmask=255.255.255.0
      Created peer profile mysubnet

      l2tp> peer profile create profile_name=one \

      • default_tunnel_profile=one \ default_session_profile=one \ default_ppp_profile=one
      Created peer profile one

      l2tp> tunnel profile modify profile_name=default \

      • auth_mode=simple
      Modified tunnel profile default

      l2tp> tunnel profile create profile_name=one \

      • hide_avps=yes secret=mysecret auth_mode=challenge
      Created tunnel profile one

      l2tp> session profile create profile_name=one \

      • use_data_sequencing=yes
      Created session profile one

      l2tp> ppp profile create profile_name=one \

      • lcp_echo_interval=5
      Created ppp profile one Enable debug trace for tunnels from peer 'one' to debug tunnel setup problems.

      l2tp> tunnel profile modify profile_name=one \

      • trace_flags=protocol,fsm,api,avp,data,ppp
      Modified tunnel profile one Enable PROTOCOL/FSM and disable DATA debug trace for tunnels from peer 'one', leaving existing trace settings of the profile unchanged.

      l2tp> debug modify tunnel_profile_name=one \

      • protocol=on fsm=on data=off
      Display a list of active tunnels and show detail about one of them.

      l2tp> tunnel list

      • ?TunId Peer Local PeerTId ?ConfigId State

    • 53502 192.168.0.1 192.168.0.2 55348 1 ESTABLISHED
      • 20903 192.168.0.253 192.168.0.2 33790 1 ESTABLISHED
      Tunnels marked with * in the first column are those created by remote request. Their parameters may be displayed or modified using the same commands as are used for locally created tunnels.

      l2tp> tunnel show tunnel_id=20903 Tunnel 20903, from 192.168.0.2 to 192.168.0.253:-

      • state: ESTABLISHED created at: Aug 31 11:04:55 2005 administrative name: 'one' created by admin: YES, tunnel mode: LAC peer tunnel id: 33790, host name: NOT SET UDP ports: local 32771, peer 1701 authorization mode: NONE, hide AVPs: OFF, allow PPP proxy: OFF tunnel secret: 'wibble' session limit: 0, session count: 2 tunnel profile: default, peer profile: default session profile: default, ppp profile: default hello timeout: 60, retry timeout: 1, idle timeout: 0 rx window size: 10, tx window size: 10, max retries: 5 use udp checksums: OFF do pmtu discovery: OFF, mtu: 1460 framing capability: SYNC, bearer capability: DIGITAL use tiebreaker: OFF trace flags: NONE peer vendor name: Cisco Systems, Inc. peer protocol version: 1.0, firmware 4384 peer framing capability: NONE peer bearer capability: NONE peer rx window size: 800 Transport status:-
        • ns/nr: 5/2, peer 5/2 cwnd: 6, ssthresh: 10, congpkt_acc: 0
        Transport statistics:-
        • out-of-sequence control/data discards: 0/0 zlbs tx/txfail/rx: 2/0/3 retransmits: 0, duplicate pkt discards: 0, data pkt discards: 0 hellos tx/txfail/rx: 1/0/0 control rx packets: 5, rx bytes: 194 control tx packets: 7, tx bytes: 303 data rx packets: 15, rx bytes: 347, rx errors: 0 data tx packets: 15, tx bytes: 298, tx errors: 0 establish retries: 0

      l2tp> tunnel show tunnel_id=53502 config Tunnel 53502, from 192.168.0.2 to 192.168.0.1:-

      • state: ESTABLISHED created at: Aug 31 11:09:20 2005 created by admin: NO, tunnel mode: LNS peer tunnel id: 55348, host name: NOT SET UDP ports: local 32772, peer 34215 authorization mode: NONE, hide AVPs: OFF, allow PPP proxy: OFF session limit: 0, session count: 0 tunnel profile: default, peer profile: default session profile: default, ppp profile: default hello timeout: 60, retry timeout: 1, idle timeout: 0 rx window size: 10, tx window size: 10, max retries: 5 use udp checksums: OFF do pmtu discovery: OFF, mtu: 1460 framing capability: SYNC, bearer capability: DIGITAL use tiebreaker: OFF trace flags: NONE peer vendor name: Katalix Systems Ltd. Linux-2.4.27 (i386) peer protocol version: 1.0, firmware 1 peer framing capability: SYNC ASYNC peer bearer capability: DIGITAL ANALOG peer rx window size: 10

      l2tp> session list tunnel_name=one 2 sessions on tunnel one:-

      • 29680 4386

      l2tp> session show tunnel_name=one session_id=29680 Session 29680 on tunnel 20903:-

      • type: LAC Incoming Call, state: ESTABLISHED created at: Aug 31 11:04:59 2005 administrative name: one created by admin: YES, peer session id: 5 ppp user name: cisco ppp user password: cisco ppp profile name: one data sequencing required: OFF use data sequence numbers: OFF trace flags: NONE framing types: SYNC ASYNC bearer types: DIGITAL ANALOG call serial number: 4 use ppp proxy: NO Peer configuration data:-
        • data sequencing required: OFF framing types: bearer types: call serial number: 4
        data rx packets: 1582, rx bytes: 1094667, rx errors: 0 data tx packets: 1582, tx bytes: 1088350, tx errors: 0
      Display a brief list of incoming tunnels.

      l2tp> tunnel list remote_only

      • 53502
      This form of the tunnel list command can be useful in scripts to derive active incoming tunnel_ids to pass to another command. Display a brief list of outgoing tunnels.

      l2tp> tunnel list local_only

      • 20903
      This form of the tunnel list command can be useful in scripts to derive active outgoing tunnel_ids to pass to another command. Display a brief list of outgoing tunnels.

      l2tp> tunnel list names

      • one
      This form of the tunnel list command can be useful in scripts to derive active named tunnels to pass to another command. The names may be used in combination with local_only or remote_only to restrict the list to only named tunnels. The local_only, remote_only and names keywords may also be used with the session list command.

      l2tp> session list tunnel_name=one local_only names

      • one two
      Configure OpenL2TP for use only as a client. Do not accept any incoming tunnel setup requests from the network, regardless of other configuration.

      l2tp> system modify deny_remote_tunnel_creates=yes Configure OpenL2TP to use a fixed local UDP port. This is some- times necessary to pass through some firewalls and NAT implemen- tations. Cisco use a fixed local UDP port by default. OpenL2TP uses ephemeral ports by default, which allows multiple tunnels between the same L2TP peers.

      l2tp> tunnel profile modify profile_name=default our_udp_port=1701 Configure OpenL2TP to allocate IP addresses out of a local ad- dress pool called one. Start ippoold(8) and configure a pool called one. Then

      l2tp> ppp profile modify profile_name=default ip_pool_name=one Configure OpenL2TP to use RADIUS to do PPP authentication. Spec- ify a non-default RADIUS client configuration parameter file.

      l2tp> ppp profile modify profile_name=default \

      • use_radius=yes \ radius_hint=/etc/radiusclient/myradiusclient.conf

СМОТРИТЕ ТАКЖЕ

  • openl2tp(7), openl2tpd(8), readline(3).

OpenL2TP

13 August 2007

l2tpconfig(1)

Ссылки