--- l2tpns.h	2006-07-23 19:13:36.000000000 +1000
+++ l2tpns.h	2006-07-23 19:13:40.000000000 +1000
@@ -562,6 +562,8 @@
 
 	int		allow_duplicate_users;		// allow multiple logins with the same username
 
+	int		cli_trust_localhost;		// allow localhost to connect to telnet CLI without authenticating
+
 	in_addr_t	default_dns1, default_dns2;
 
 	unsigned long	rl_rate;			// default throttle rate
--- l2tpns.c	2006-07-23 19:14:13.000000000 +1000
+++ l2tpns.c	2006-07-23 19:15:15.000000000 +1000
@@ -127,6 +127,7 @@
 	CONFIG("radius_authtypes", radius_authtypes_s, STRING),
 	CONFIG("radius_dae_port", radius_dae_port, SHORT),
 	CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
+	CONFIG("cli_trust_localhost", cli_trust_localhost, BOOL),
 	CONFIG("bind_address", bind_address, IPv4),
 	CONFIG("peer_address", peer_address, IPv4),
 	CONFIG("send_garp", send_garp, BOOL),
--- etc/startup-config.default	2006-07-23 19:29:12.000000000 +1000
+++ etc/startup-config.default	2006-07-23 19:29:44.000000000 +1000
@@ -41,6 +41,9 @@
 # Allow multiple logins for the same username
 #set allow_duplicate_users no
 
+# Allow localhost to access the telnet CLI without authenticating
+#set cli_trust_localhost yes
+
 # Write usage accounting files into specified directory
 set accounting_dir "/var/run/l2tpns/acct"
 
--- cli.c	2006-07-23 23:00:27.000000000 +1000
+++ cli.c	2006-07-24 10:41:35.000000000 +1000
@@ -295,7 +295,17 @@
 	if (fork_and_close()) return;
 	if (getpeername(sockfd, (struct sockaddr *) &addr, &l) == 0)
 	{
-		require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
+		if (addr.sin_addr.s_addr == inet_addr("127.0.0.1"))
+		{
+			if (config->cli_trust_localhost)
+			{
+				require_auth = 0;
+			}
+			else
+			{
+				LOG(3, 0, 0, "Treating localhost as remote\n");
+			}
+		}
 		LOG(require_auth ? 3 : 4, 0, 0, "Accepted connection to CLI from %s\n",
 			fmtaddr(addr.sin_addr.s_addr, 0));
 	}