136 lines
4.5 KiB
Django/Jinja
136 lines
4.5 KiB
Django/Jinja
###############################################################################
|
|
# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
|
|
#
|
|
# Sample Poptop PPP options file /etc/ppp/options.pptpd
|
|
# Options used by PPP when a connection arrives from a client.
|
|
# This file is pointed to by /etc/pptpd.conf option keyword.
|
|
# Changes are effective on the next connection. See "man pppd".
|
|
#
|
|
# You are expected to change this file to suit your system. As
|
|
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
|
|
###############################################################################
|
|
|
|
|
|
# Authentication
|
|
|
|
# Name of the local system for authentication purposes
|
|
# (must match the second field in /etc/ppp/chap-secrets entries)
|
|
name pptpd
|
|
|
|
# Strip the domain prefix from the username before authentication.
|
|
# (applies if you use pppd with chapms-strip-domain patch)
|
|
#chapms-strip-domain
|
|
|
|
|
|
# Encryption
|
|
# (There have been multiple versions of PPP with encryption support,
|
|
# choose with of the following sections you will use.)
|
|
|
|
|
|
# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
|
|
# {-{-{
|
|
refuse-pap
|
|
refuse-chap
|
|
refuse-mschap
|
|
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
|
|
# Challenge Handshake Authentication Protocol, Version 2] authentication.
|
|
require-mschap-v2
|
|
# Require MPPE 128-bit encryption
|
|
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
|
|
require-mppe-128
|
|
# }-}-}
|
|
|
|
|
|
# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
|
|
# {-{-{
|
|
#-chap
|
|
#-chapms
|
|
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
|
|
# Challenge Handshake Authentication Protocol, Version 2] authentication.
|
|
#+chapms-v2
|
|
# Require MPPE encryption
|
|
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
|
|
#mppe-40 # enable either 40-bit or 128-bit, not both
|
|
#mppe-128
|
|
#mppe-stateless
|
|
# }-}-}
|
|
|
|
|
|
# Network and Routing
|
|
|
|
# If pppd is acting as a server for Microsoft Windows clients, this
|
|
# option allows pppd to supply one or two DNS (Domain Name Server)
|
|
# addresses to the clients. The first instance of this option
|
|
# specifies the primary DNS address; the second instance (if given)
|
|
# specifies the secondary DNS address.
|
|
#ms-dns 10.0.0.1
|
|
#ms-dns 10.0.0.2
|
|
ms-dns {{wannat_global.pptp.dns1}}
|
|
ms-dns {{wannat_global.pptp.dns2}}
|
|
|
|
# If pppd is acting as a server for Microsoft Windows or "Samba"
|
|
# clients, this option allows pppd to supply one or two WINS (Windows
|
|
# Internet Name Services) server addresses to the clients. The first
|
|
# instance of this option specifies the primary WINS address; the
|
|
# second instance (if given) specifies the secondary WINS address.
|
|
#ms-wins 10.0.0.3
|
|
#ms-wins 10.0.0.4
|
|
|
|
# Add an entry to this system's ARP [Address Resolution Protocol]
|
|
# table with the IP address of the peer and the Ethernet address of this
|
|
# system. This will have the effect of making the peer appear to other
|
|
# systems to be on the local ethernet.
|
|
# (you do not need this if your PPTP server is responsible for routing
|
|
# packets to the clients -- James Cameron)
|
|
proxyarp
|
|
|
|
# Normally pptpd passes the IP address to pppd, but if pptpd has been
|
|
# given the delegate option in pptpd.conf or the --delegate command line
|
|
# option, then pppd will use chap-secrets or radius to allocate the
|
|
# client IP address. The default local IP address used at the server
|
|
# end is often the same as the address of the server. To override this,
|
|
# specify the local IP address here.
|
|
# (you must not use this unless you have used the delegate option)
|
|
#10.8.0.100
|
|
|
|
|
|
# Logging
|
|
|
|
# Enable connection debugging facilities.
|
|
# (see your syslog configuration for where pppd sends to)
|
|
#debug
|
|
|
|
# Print out all the option values which have been set.
|
|
# (often requested by mailing list to verify options)
|
|
#dump
|
|
|
|
|
|
# Miscellaneous
|
|
|
|
# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
|
|
# access.
|
|
lock
|
|
|
|
# Disable BSD-Compress compression
|
|
nobsdcomp
|
|
|
|
# Disable Van Jacobson compression
|
|
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
|
|
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
|
|
# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
|
|
novj
|
|
novjccomp
|
|
|
|
# turn off logging to stderr, since this may be redirected to pptpd,
|
|
# which may trigger a loopback
|
|
nologfd
|
|
|
|
# put plugins here
|
|
# (putting them higher up may cause them to sent messages to the pty)
|
|
|
|
mtu {{wannat_global.pptp.mtu}}
|
|
|
|
plugin /usr/local/lib/pppd/2.4.9/radius.so
|
|
plugin /usr/local/lib/pppd/2.4.9/radattr.so
|
|
radius-config-file /etc/radiusclient-ng/radiusclient.conf
|