prol2tpd(8)                     ProL2TP Manual                     prol2tpd(8)



NAME
       prol2tpd - L2TP protocol daemon

SYNOPSIS
       prol2tpd [-h] [-v] [-f] [-c config-file] [-o log-file] [-n] [-d]

DESCRIPTION
       prol2tpd is an L2TP daemon supporting L2TPv2 (RFC 2661) and L2TPv3 (RFC
       3931).

       prol2tpd is a part of the  ProL2TP  suite  of  programs.   For  general
       information on the features of the ProL2TP suite refer to prol2tp(7).

OPTIONS
       -h, --help
              Displays brief usage information.

       -v, --version
              Prints  software version and copyright information to stdout and
              exits.

       -f, --foreground
              Forces prol2tpd to run in the foreground.  Default behaviour  is
              to  fork  and  run in the background.  Running in the foreground
              can be useful for  debugging,  especially  for  trouble-shooting
              failures early on in the startup process.

       -c, --config-file
              Read  configuration  from  the  specified  file  rather than the
              default path.

       -o, --log-file
              Send logging output to  the  specified  file.   By  default  log
              messages go to syslog.

       -n, --dry-run
              Start  up  and  read the config file, but do nothing more.  This
              option is useful for validating  config  file  syntax  prior  to
              deployment.

       -d, --debug
              Increment  debug level, causing prol2tpd to produce more verbose
              output.  Specifying this option multiple times  on  the  command
              line  will  make prol2tpd log output progressively more verbose.
              This can be useful when provisioning and testing prol2tpd  since
              it  provides  a  convenient  way  of enabling more debug without
              having to modify the config file prol2tpd.conf.

CONFIGURATION
       prol2tpd is configured  using  a  config  file  which  is  read  during
       startup, and re-read on receipt of SIGHUP.

       The configuration file format is documented in prol2tpd.conf(5).

LICENSE FILE
       prol2tpd reads a node-locked license file on startup which controls the
       enabled features, and tunnel and session counts.

       If no license file is present, the daemon starts  up  in  demonstration
       mode,  which is fully working but will automatically shut down after 30
       minutes.

       On purchase of a license for prol2tpd your  sales  representative  will
       provide instructions for initial installation of the license file.

INTERACTIVE MANAGEMENT AND MONITORING
       Once  prol2tpd  is  running  it  can  be interactively queried from the
       command line using the prol2tp(1) utility.

       The state of tunnel and session instances may also  be  monitored  via.
       prol2tpd events, which can be tracked using the prol2tpwatch(1).

USER SCRIPTS
       prol2tpd  can execute optional user-provided scripts or applications on
       specific events.  These scripts are executed as root (with the real and
       effective user-id set to 0), and with standard input, output, and error
       streams redirected  to  /dev/null.   Information  about  the  event  is
       provided  in  the  script  environment and command line arguments.  The
       script's exit code is ignored.

       The script filenames are:

       * /etc/prol2tp/tunnel-created : executed when an L2TP  tunnel  instance
         is created

       * /etc/prol2tp/tunnel-up  : executed when an L2TP tunnel instance comes
         up

       * /etc/prol2tp/tunnel-down : executed when an L2TP tunnel instance goes
         down

       * /etc/prol2tp/tunnel-deleted  :  executed when an L2TP tunnel instance
         is deleted

       * /etc/prol2tp/session-created : executed when an L2TP session instance
         is created

       * /etc/prol2tp/session-up  :  executed  when  an  L2TP session instance
         comes up

       * /etc/prol2tp/session-down : executed when an  L2TP  session  instance
         goes down

       * /etc/prol2tp/session-deleted : executed when an L2TP session instance
         is deleted

       The scripts are passed the following command line arguments:

       P1 Numeric tunnel ID
              The L2TP tunnel ID of the tunnel instance.  This is set for  all
              scripts.

       P2 Numeric session ID
              The  L2TP  session  ID of the session instance.  This is set for
              the session-specific scripts.

       P3 Session type.
              The pseudowire type  of  the  session.   This  is  set  for  the
              session-specific  up,  down,  and deleted scripts.  The possible
              values are:

              * PPP for a PPP session,

              * ETH for an Ethernet session,

              * ETH_VLAN for a VLAN session,

              * ...  or numeric pseudowire ID for any other session type.

       The script environment contains the following variables:

       TUNNEL_NAME
              The administrative name of the tunnel, if any.  Locally  created
              tunnels  will  always  have  this  variable  set,  while tunnels
              created by network request will not.

              Valid for all event types.

       SESSION_NAME
              The administrative name of the session, if any.  Locally created
              sessions  will  always  have  this  variable set, while sessions
              created by network request will not.

              Valid for all session events.

       SESSION_PROFILE_NAME
              The name of the configuration profile used by  the  session,  if
              any.

              Valid for all session events.

       PSEUDOWIRE_PROFILE_NAME
              The  name  of  the  pseudowire configuration profile used by the
              session.

              Valid for all session events.

       USER_DATA
              Where the session configuration  sets  the  user_data  parameter
              (see  prol2tpd.conf(5)  for  details) this variable contains the
              contents of the configuration parameter.

              Valid for all session events.

       INTERFACE_NAME
              The name of the network interface corresponding to the session.

              Valid for session up and down events.

       MTU    The MTU of the network interface corresponding to  the  session,
              if  that  value is set by the configuration and not left for the
              data plane to derive.

              Valid for session up and down events.

       LOCAL_IP
              The local IP address of the network interface  corresponding  to
              the session, if that value is set by the configuration.

              Valid for session up and down events.

       PEER_IP
              The  peer  IP  address of the network interface corresponding to
              the session, if that value is set by the configuration.

              Valid for session up and down events.

       NETMASK
              The netmask of the local IP address  of  the  network  interface
              corresponding to the session.

              Valid for session up and down events.

       BRIDGE The  name  of  the  bridge  interface to add the session network
              interface to, if that value has been set by the configuration.

              Valid for all session events.

       REMOTE_END_ID or REMOTE_END_ID_BIN
              The session remote end ID as per the RFC 3931 Remote End ID AVP,
              if  that value has been set by the configuration.  If the remote
              end  ID  has  been  set  and  consists  entirely  of   printable
              characters,  it will be presented in the REMOTE_END_ID variable.
              If the remote end ID has been set but is not printable, it  will
              be  converted  to  a hexadecimal representation and presented in
              the REMOTE_END_ID_BIN variable.

IPSEC
       prol2tpd may be used with any Linux IPSec software  (e.g.   Strongswan)
       for  L2TP/IPSec  VPN scenarios.  For information about how to configure
       IPSec, refer to documentation of the IPSec software being used.

       When used with l2tp-nfqd, prol2tpd can be used  as  an  L2TP/IPSec  VPN
       server which supports multiple L2TP/IPSec clients connecting behind the
       same NAT gateway.  prol2tpd listens  for  messages  from  l2tp-nfqd  on
       /var/run/prol2tp/nfq.    For  more  information  about  l2tp-nfqd,  see
       https://github.com/katalix/l2tp-nfqd/.  l2tp-nfqd  is  needed  only  in
       server  configurations  where  support  for multiple L2TP/IPSec clients
       behind a NAT gateway is required.

SEE ALSO
       prol2tp(1), prol2tp(7), prol2tpd.conf(5), prol2tpwatch(1),  propppd(8),
       proacd(8)

AUTHORS
       Katalix Systems, Ltd.



ProL2TP 2.1.0                     August 2020                      prol2tpd(8)