prol2tpd(8) ProL2TP Manual prol2tpd(8)
NAME
prol2tpd - L2TP protocol daemon
SYNOPSIS
prol2tpd [-h] [-v] [-f] [-c config-file] [-o log-file] [-n] [-d]
DESCRIPTION
prol2tpd is an L2TP daemon supporting L2TPv2 (RFC 2661) and L2TPv3 (RFC
3931).
prol2tpd is a part of the ProL2TP suite of programs. For general
information on the features of the ProL2TP suite refer to prol2tp(7).
OPTIONS
-h, --help
Displays brief usage information.
-v, --version
Prints software version and copyright information to stdout and
exits.
-f, --foreground
Forces prol2tpd to run in the foreground. Default behaviour is
to fork and run in the background. Running in the foreground
can be useful for debugging, especially for trouble-shooting
failures early on in the startup process.
-c, --config-file
Read configuration from the specified file rather than the
default path.
-o, --log-file
Send logging output to the specified file. By default log
messages go to syslog.
-n, --dry-run
Start up and read the config file, but do nothing more. This
option is useful for validating config file syntax prior to
deployment.
-d, --debug
Increment debug level, causing prol2tpd to produce more verbose
output. Specifying this option multiple times on the command
line will make prol2tpd log output progressively more verbose.
This can be useful when provisioning and testing prol2tpd since
it provides a convenient way of enabling more debug without
having to modify the config file prol2tpd.conf.
CONFIGURATION
prol2tpd is configured using a config file which is read during
startup, and re-read on receipt of SIGHUP.
The configuration file format is documented in prol2tpd.conf(5).
LICENSE FILE
prol2tpd reads a node-locked license file on startup which controls the
enabled features, and tunnel and session counts.
If no license file is present, the daemon starts up in demonstration
mode, which is fully working but will automatically shut down after 30
minutes.
On purchase of a license for prol2tpd your sales representative will
provide instructions for initial installation of the license file.
INTERACTIVE MANAGEMENT AND MONITORING
Once prol2tpd is running it can be interactively queried from the
command line using the prol2tp(1) utility.
The state of tunnel and session instances may also be monitored via.
prol2tpd events, which can be tracked using the prol2tpwatch(1).
USER SCRIPTS
prol2tpd can execute optional user-provided scripts or applications on
specific events. These scripts are executed as root (with the real and
effective user-id set to 0), and with standard input, output, and error
streams redirected to /dev/null. Information about the event is
provided in the script environment and command line arguments. The
script's exit code is ignored.
The script filenames are:
* /etc/prol2tp/tunnel-created : executed when an L2TP tunnel instance
is created
* /etc/prol2tp/tunnel-up : executed when an L2TP tunnel instance comes
up
* /etc/prol2tp/tunnel-down : executed when an L2TP tunnel instance goes
down
* /etc/prol2tp/tunnel-deleted : executed when an L2TP tunnel instance
is deleted
* /etc/prol2tp/session-created : executed when an L2TP session instance
is created
* /etc/prol2tp/session-up : executed when an L2TP session instance
comes up
* /etc/prol2tp/session-down : executed when an L2TP session instance
goes down
* /etc/prol2tp/session-deleted : executed when an L2TP session instance
is deleted
The scripts are passed the following command line arguments:
P1 Numeric tunnel ID
The L2TP tunnel ID of the tunnel instance. This is set for all
scripts.
P2 Numeric session ID
The L2TP session ID of the session instance. This is set for
the session-specific scripts.
P3 Session type.
The pseudowire type of the session. This is set for the
session-specific up, down, and deleted scripts. The possible
values are:
* PPP for a PPP session,
* ETH for an Ethernet session,
* ETH_VLAN for a VLAN session,
* ... or numeric pseudowire ID for any other session type.
The script environment contains the following variables:
TUNNEL_NAME
The administrative name of the tunnel, if any. Locally created
tunnels will always have this variable set, while tunnels
created by network request will not.
Valid for all event types.
SESSION_NAME
The administrative name of the session, if any. Locally created
sessions will always have this variable set, while sessions
created by network request will not.
Valid for all session events.
SESSION_PROFILE_NAME
The name of the configuration profile used by the session, if
any.
Valid for all session events.
PSEUDOWIRE_PROFILE_NAME
The name of the pseudowire configuration profile used by the
session.
Valid for all session events.
USER_DATA
Where the session configuration sets the user_data parameter
(see prol2tpd.conf(5) for details) this variable contains the
contents of the configuration parameter.
Valid for all session events.
INTERFACE_NAME
The name of the network interface corresponding to the session.
Valid for session up and down events.
MTU The MTU of the network interface corresponding to the session,
if that value is set by the configuration and not left for the
data plane to derive.
Valid for session up and down events.
LOCAL_IP
The local IP address of the network interface corresponding to
the session, if that value is set by the configuration.
Valid for session up and down events.
PEER_IP
The peer IP address of the network interface corresponding to
the session, if that value is set by the configuration.
Valid for session up and down events.
NETMASK
The netmask of the local IP address of the network interface
corresponding to the session.
Valid for session up and down events.
BRIDGE The name of the bridge interface to add the session network
interface to, if that value has been set by the configuration.
Valid for all session events.
REMOTE_END_ID or REMOTE_END_ID_BIN
The session remote end ID as per the RFC 3931 Remote End ID AVP,
if that value has been set by the configuration. If the remote
end ID has been set and consists entirely of printable
characters, it will be presented in the REMOTE_END_ID variable.
If the remote end ID has been set but is not printable, it will
be converted to a hexadecimal representation and presented in
the REMOTE_END_ID_BIN variable.
IPSEC
prol2tpd may be used with any Linux IPSec software (e.g. Strongswan)
for L2TP/IPSec VPN scenarios. For information about how to configure
IPSec, refer to documentation of the IPSec software being used.
When used with l2tp-nfqd, prol2tpd can be used as an L2TP/IPSec VPN
server which supports multiple L2TP/IPSec clients connecting behind the
same NAT gateway. prol2tpd listens for messages from l2tp-nfqd on
/var/run/prol2tp/nfq. For more information about l2tp-nfqd, see
https://github.com/katalix/l2tp-nfqd/. l2tp-nfqd is needed only in
server configurations where support for multiple L2TP/IPSec clients
behind a NAT gateway is required.
SEE ALSO
prol2tp(1), prol2tp(7), prol2tpd.conf(5), prol2tpwatch(1), propppd(8),
proacd(8)
AUTHORS
Katalix Systems, Ltd.
ProL2TP 2.6.4 October 2024 prol2tpd(8)