User Tools

Site Tools

Translations of this page:

Sidebar

Table of contents

Contacts

  • contact@accel-ppp.org
  • accel-ppp-users@lists.sourceforge.net
configfile

Format

Configuration file consists of sections in form:

[section1]
name1=val1
name2=val2
name3

[section2]
name1=val1
name2=val2
name3

and so on

Sections

[modules]

This section contains list of modules to load.
Logging modules:

log_file
This module logs messages to files. It support per-session/per-user features.
log_tcp
This module logs messages to remote host over TCP/IP.
log_pgsql
This module logs messages to PostgreSQL.
log_syslog
This module logs messages to system logger.

Control modules:

pptp
PPTP control connection handling module.
l2tp
L2TP control connection handling module.
pppoe
PPPoE discovery stage handling module.
ipoe
IPoE module.

Authentication modules for PPP:

auth_pap
PAP authentication module.
auth_chap
CHAP (md5) authentication module.
auth_mschap_v1
Microsoft CHAP (version 1) authentication module.
auth_mschap_v2
Microsoft CHAP (version 2) authentication module.

IPv6 support modules:

ipv6pool
IPv6 address assigning from static pool.
ipv6_nd
Neighbor Discovery module.
ipv6_dhcp
DHCPv6 module.

Other modules:

radius
Radius interaction module.
chap-secrets
PPPD compatible chap-secrets file support module.
ippool
IPv4 address assigning from static pool.
pppd_compat
This module starts pppd compatible ip-up/ip-down scripts and ip-change to handle RADIUS CoA request.
shaper
Shaper management module.
net-snmp
SNMP support module.
logwtmp
Logs sessions to utmp/wtmp.
connlimit
Connection rate limiting module.

[core]

Configuration of core module.

log-error=path
Path to file for core module error logging.
thread-count=n
Number of working threads, optimal - number of processors/cores.

[ppp]

PPP handshake module configuration.

verbose=n
If n is not zero ppp module will produce verbose logging.
min-mtu=n
Minimum acceptable MTU. If client will try to negotiate less than specified then it will be NAKed or disconnected if rejects greater MTU.
mtu=n
MTU which will be negotiated if client's MRU will be not acceptable.
mru=n
Preferred MRU.
ccp=n
Disable CCP negotiation if n is zero.
sid-case=upper|lower
Specifies which case to generate session identifier (default lower).
check-ip=0|1
Specifies whether to check if IP already assigned to other ppp interface (default 0).
single-session=replace|deny
Specifies whether to control sessions count.
If this option is absent session count control is turned off.
If this option is replace then accel-ppp will terminate first session when second is authorized.
If this option is deny then accel-ppp will deny second session authorization.
mppe=require|prefer|deny
Specifies mppe negotiation preference:
require – ask client for mppe, if it rejects drop connection
prefer – ask client for mppe, if it rejects don't fail
deny – deny mppe.
Default behavior – don't ask client for mppe, but allow it if client requests.
Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute.
ipv4=deny|allow|prefer|require
Specifies IPv4 (IPCP) negotioation algorithm:
deny – don't negotiate IPv4
allow – negotiate IPv4 only if client requests
prefer – ask client for IPv4 negotiation, don't fail if he rejects
require – require IPv4 negotiation
ipv6=deny|allow|prefer|require
Parameters are same as above.
ipv6-intf-id=x:x:x:x|random
Specifies fixed or random interface identifier for IPv6.
ipv6-peer-intf-id=x:x:x:x|random|ipv4|calling-sid
Specifies peer interface identifier for IPv6:
x:x:x:x – fixed interface identifier
random – random interface identifier
ipv4 – calculate interface identifier from IPv4 address, for example `192:168:0:1`
calling-sid – calculate interface identifier from Calling-Station-Id
ipv6-accept-peer-intf-id=0|1
Specifies whether to accept peer's value of interface identifier.
lcp-echo-interval=n
If this option is given and greater then 0 then ppp module will send LCP Echo-Request packets every n seconds.
lcp-echo-failure=n
Specifies maximum number of Echo-Requests may be sent without valid reply, if exceeds connection will be terminated.

[dns]

dns1=x.x.x.x
Specifies primary IPv4 DNS to be sent to peer.
dns2==x.x.x.x
Specifies secondary IPv4 DNS to be sent to peer.

[dnsv6]

dns=IPv6_address
Specifies IPv6 DNS to be sent to peer. You may specify up to 3 dns options.
dnssl=name
Specifies DNS Search List. You may specify multiple dnssl options.

[client-ip-range]

You have to explicitly specify range of ip address from which clients can connect to server in form: x.x.x.x/mask (for example 10.0.0.0/8)
x.x.x.x-y (for example 10.0.0.1-254)
or disable to disable client ip address check.

[pptp]

Configuration of PPTP module.

bind=x.x.x.x
If this option is given then pptp server will bind to specified IP address.
verbose=0|1
Specifies whether pptp module should produce verbose logging.
echo-interval=n
If this option is given and greater then zero then pptp module will send PPTP Echo-Request packets every n seconds.
echo-failure=n
Specifies maximum number of Echo-Requests may be sent without valid reply, if exceeds connection will be terminated.
timeout=n
Timeout waiting reply from client in seconds (default 5).

[pppoe]

Configuration of PPPoE module.

interface=ethX[,padi-limit=n]
Specifies interface name to listen/send discovery packets. You may specify multiple interface options.
Optional padi-limit parameter specifies limit of PADI packets to reply on this interface in 1 second period.
ac-name=name
Specifies AC-Name tag value. If absent tag will not be sent.
service-name=service-name
Specifies Service-Name to respond. If absent any Service-Name is acceptable and client's Service-Name will be sent back.
pado-delay=delay[,delay1:count1[,delay2:count2[,…]]]
Specifies delays (also in condition of connection count) to send PADO (ms).
Last delay in list may be -1 which means don't accept new connections.
List have to be sorted by count key.
mac-filter=filename,type
Specifies mac-filter filename and type, type may be allow or deny.
ifname-in-sid=called-sid|calling-sid|both
Specifies that interface name should be present in Called-Station-ID or in Calling-Station-ID or in both attributes.
verbose=0|1
Specifies whether to produce verbose logging.
tr101=0|1
Specifies whether to handle TR101 tags.
padi-limit=n
Specifies overall limit of PADI packets to reply in 1 second period (default 0 - unlimited).
Rate of per-mac PADI packets is limited to no more than 1 packet per second.

[l2tp]

Configuration of L2TP module.

bind=x.x.x.x
Specifies IP address to bind to.
host-name=name
This name will be sent to clients in Host-Name attribute.
hello-interval=n
Specifies interval (in seconds) to send Hello control message. Its used for keep alive connection. If peer will not respond to Hello connection will be terminated.
timeout=n
Specifies timeout (in seconds) to wait peer completes tunnel and session negotiation.
rtimeout=n
Specifies timeout (in seconds) to wait message acknowledge, if elapsed message retransmition will be performed.
retransmit=n
Specifies maximum number of message retransmission, if exceeds connection will be terminated.
verbose=0|1
Specifies whether to produce verbose logging.

[radius]

Configuration of RADIUS module.

nas-identifier=identifier
Specifies value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.
nas-ip-address=x.x.x.x
Specifies value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests.
Also DM/CoA server will bind to that address.
gw-ip-address=x.x.x.x
Specifies IPv4 address to use as local address of ppp interface if Radius is used for IPv4 address assignment.
server=`address,secret[,auth-port=1812][,acct-port=1813][,req-limit=0][,fail-time=0]`
Specifies IP address, secret, ports of RADIUS server.
req-limit – maximum number of simultaneous requests to server (0 - unlimited)
fail-time – if server doesn't responds mark it as unavailable for this time (sec)
If you want to specify only authentication or accounting server then set auth-port/acct-port to zero.
You may specify multiple server options.
dae-server=x.x.x.x:port,secret
Specifies IP address, port to bind and secret for Dynamic Authorization Extension server (DM/CoA).
acct-interim-interval=n
Specifies interval in seconds to send accounting information (may be overridden by Acct-Interim-Interval attribute).
verbose=0|1
Specifies whether to produce verbose logging.
interim-verbose=0|1
Specifies whether to produce logging of Interim-Update packets.
timeout=n
Timeout to wait response from server (sec).
max-try=n
Specifies maximum number of tries to send Access-Request/Accounting-Request queries.
acct-timeout=n
Specifies timeout to wait reply for Interim-Update packets.
If n is greater than zero then session will be terminated after timeout exceeds. If n is zero then don't retransmit Interim-Update packets and don't terminate session.
acct-delay-time=0|1
Specifies whether to include Acct-Delay-Time attribute to accounting requests (default 0).

[log]

Configuration of log modules.

log-file=file
Path to file to write general log.
log-emerg=file
Path to file to write emergency messages.
log-fail-file=file
Path to file to write authentication failed session logs.
log-tcp=x.x.x.x:port
Specifies IPv4 address and port to send logs to (for log_tcp module).
You may specify multiple log-tcp options.
syslog=ident[,facility]
Send logs to system logger.
facility may be: daemon, local0-local7 or numeric value.
copy=0|1
Specifies whether to duplicate session log to general log.
(Useful when per-session/per-user logs are not used)
per-session-dir=path
Directory for session logs. If specified each session will be logged separately to file which name is unique session identifier.
per-user-dir=dir
Directory for user logs. If specified all sessions of same user will be logged to file which name is user name.
per-session=0|1
Specifies whether each session of same user will be logger separately to directory specified by per-user-dir and subdirectory which name is user name and to file which name os unique session identifier.
level=n
Specifies log level which values are:
0 – turn off any logging
1 – log only error messages
2 – log error and warning messages
3 – log error, warning and minimum information messages (use this level in conjuction with verbose option of other modules if you need verbose logging)
4 – log error, warning and full information messages
5 – log all messages including debug messages

[log-pgsql]

Configuration of log_pgsql module.

conninfo=conninfo
Conninfo to connect to PostgreSQL server.
log-table=table
Table to send log messages. Table must contain following field:
timestamp - timestamp
username - text
sessionid - text
msg - text

[pppd_compat]

Configuration of pppd_compat module.

ip-pre-up=file
Path to ip-pre-up script which is executed before ppp interface comes up, useful to setup firewall rules before any traffic can pass through the interface.
ip-up=file
Path to ip-up script which is executed when ppp interfaces is completely configured and started.
ip-down=file
Path to ip-down script which is executed when session is about to terminate.
ip-change=file
Path to ip-change script which is executed for RADIUS CoA handling.
radattr=prefix
Prefix of radattr files (for example /var/run/radattr, resulting files will be /var/run/radattr.pppX).
verbose=0|1
Specifies whether to produce verbose logging.

[chap-secrets]

Configuration of chap-secrets module.

gw-ip-address=x.x.x.x
Specifies address to use as local address of ppp interfaces if chap-secrets is used for IPv4 address assignment.
chap-secrets=file
Specifies alternate chap-secrets file location (default is /etc/ppp/chap-secrets).

[ip-pool]

Configuration of ippool module.

gw-ip-address=x.x.x.x
Specifies single IP address to be used as local address of ppp interfaces.
gw=range
Specifies range of local address of ppp interfaces if form:
x.x.x.x/mask[,pool_name] (for example 10.0.0.0/8)
x.x.x.x-y[,pool_name] (for example 10.0.0.1-254)
tunnel=range
Specifies range of remote address of ppp interfaces, format is same as above.
x.x.x.x/mask[,pool_name] :
x.x.x.x-y[,pool_name]
Also specifies range of remote address of ppp interfaces.

[ipv6-pool]

Configuration of ipv6pool module.
Format of each row is ipv6prefix/mask,prefix_len
for example:
`fc00:0:1::/48,64` - specifies pool of address by dividing prefix fc00:0:1::/48 to subnetworks with 64 prefix len, e.g:
`fc00:0:1:0::/64`
`fc00:0:1:1::/64`

`fc00:0:1:ffff::/64`

delegate=ipv6prefix/mask,prefix_len
Specifies range of prefixes to delegate to clients through DHCPv6 prefix delegation (rfc3633).
Format is same as described above.

[connlimit]

This module limits connection rate from single source.

limit=count/time
Specifies acceptable rate of connections, for example limit=1/s or limit=10/3m.
burst=count
timeout=n
Specifies timeout in seconds after which module doesn't check rate until burst number of connections will be arrived.
configfile.txt · Last modified: 2014/10/12 16:36 by dmitry