Accel-ppp installation

Posted byVyacheslav Leave a comment on Accel-ppp installation

In this article, I’ll give an example of how to build and install accel-ppp in Ubuntu Server.

The accel-ppp requirements are:
A modern Linux distribution
Kernel 2.6.25 or later
cmake is not younger than version 2.6
libcrypto-0.9.8+ (openssl-0.9.8)
libpcre
net-snmp-5.x (for snmp)
liblua5.1 (for IPoE DHCP option 82)

Let’s check the versions of the installed components:

sudo lsb_release -a
sudo uname -r
sudo openssl version
sudo apt show libpcre3-dev libssl-dev snmp liblua5.1

We will update the system and install the necessary components:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-headers-`uname -r` build-essential cmake libnl-3-dev libnl-utils libssl-dev libpcre3-dev libnet-snmp-perl libtritonus-bin lua5.1 liblua5.1-0-dev snmp

Download the fresh source code accel-ppp:

sudo apt-get install git
cd /opt/
sudo git clone git://git.code.sf.net/p/accel-ppp/code accel-ppp-code

Or from here (but it’s better to download the link above):

sudo git clone https://github.com/xebd/accel-ppp.git

An example of adding a patch:

cd /opt/accel-ppp-code/
wget https://ixnfo.com/example_patch.diff
patch -p1 < example_patch.diff

Here is an example of how to build and install accel-ppp (VLAN_MON_DRIVER can not be installed if the server does not use VLANs):

sudo mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build
sudo cmake -DCMAKE_INSTALL_PREFIX=/usr -DKDIR=/usr/src/linux-headers-`uname -r` -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DNETSNMP=FALSE -DLUA=TRUE -DBUILD_IPOE_DRIVER=TRUE -DBUILD_VLAN_MON_DRIVER=TRUE -DCPACK_TYPE=Ubuntu18 -DCMAKE_BUILD_TYPE=Release /opt/accel-ppp-code
sudo make
sudo make install

I would like to note that new versions of acel-ppp use new versions of libraries, which, for example, are newer than those in Ubuntu 16, which can cause problems, so I recommend installing acel-ppp on new operating systems.
For example, in Ubuntu 16, a new accel-ppp is not installed with an error:

dpkg: package dependencies do not allow to configure the accel-ppp package:
accel-ppp depends on libc6 (> = 2.24), however:
The libc6 version: amd64 in the system is 2.23-0ubuntu11.
accel-ppp depends on libssl1.0.0 (> = 1.0.2t), however:
The libssl1.0.0 version: amd64 in the system is 1.0.2g-1ubuntu4.15.

If the LUA is not version 5.1, then we indicate the version instead of “TRUE”, for example:

-DLUA=5.3

You can add optimization (you can read about optimization here https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html):

-DCMAKE_C_FLAGS="-g -O2"

After the installation command to /usr/local/, I have the following information:

Install the project…
— Install configuration: “Debug”
— Installing: /lib/modules/4.4.0-116-generic/extra/ipoe.ko
— Installing: /lib/modules/4.4.0-116-generic/extra/vlan_mon.ko
— Installing: /etc/accel-ppp.conf.dist
— Installing: /etc/init.d/accel-ppp
— Installing: /etc/default/accel-ppp
— Installing: /usr/lib/systemd/system/accel-ppp.service
— Installing: /var/log/accel-ppp
— Installing: /usr/local/sbin/accel-pppd
— Set runtime path of “/usr/local/sbin/accel-pppd” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/man/man5/accel-ppp.conf.5
— Installing: /usr/local/lib64/accel-ppp/libluasupp.so
— Installing: /usr/local/lib64/accel-ppp/libradius.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libradius.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/accel-ppp/radius/dictionary.alcatel
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4818
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2868
— Installing: /usr/local/share/accel-ppp/radius/dictionary.dhcp
— Installing: /usr/local/share/accel-ppp/radius/dictionary
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3580
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2867
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2865
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2866
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4675
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4679
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3576
— Installing: /usr/local/share/accel-ppp/radius/dictionary.cisco
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4072
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc5176
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2869
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4849
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3162
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4372
— Installing: /usr/local/share/accel-ppp/radius/dictionary.microsoft
— Installing: /usr/local/lib64/accel-ppp/libtriton.so
— Installing: /usr/local/lib64/accel-ppp/libvlan-mon.so
— Installing: /usr/local/lib64/accel-ppp/libpptp.so
— Installing: /usr/local/lib64/accel-ppp/libpppoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libl2tp.so
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc2661
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc3931
— Installing: /usr/local/lib64/accel-ppp/libsstp.so
— Installing: /usr/local/lib64/accel-ppp/libipoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libipoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libauth_pap.so
— Installing: /usr/local/lib64/accel-ppp/libauth_chap_md5.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v1.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v2.so
— Installing: /usr/local/lib64/accel-ppp/liblog_file.so
— Installing: /usr/local/lib64/accel-ppp/liblog_tcp.so
— Installing: /usr/local/lib64/accel-ppp/liblog_syslog.so
— Installing: /usr/local/lib64/accel-ppp/libpppd_compat.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppd_compat.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libippool.so
— Installing: /usr/local/lib64/accel-ppp/libipv6pool.so
— Installing: /usr/local/lib64/accel-ppp/libsigchld.so
— Installing: /usr/local/lib64/accel-ppp/libchap-secrets.so
— Installing: /usr/local/lib64/accel-ppp/liblogwtmp.so
— Installing: /usr/local/lib64/accel-ppp/libconnlimit.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_dhcp.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_nd.so
— Installing: /usr/local/lib64/accel-ppp/libshaper.so
— Installing: /usr/local/bin/accel-cmd
— Installing: /usr/local/share/man/man1/accel-cmd.1

If necessary, load the modules:

lsmod | grep ipoe
sudo modprobe ipoe
sudo cp ./drivers/ipoe/driver/ipoe.ko /lib/modules/`uname -r`/kernel/net
sudo depmod -a
sudo cp ./drivers/vlan_mon/driver/vlan_mon.ko /lib/modules/`uname -r`/kernel/net
sudo depmod -a
sudo modprobe ipoe
sudo modprobe vlan_mon
lsmod | grep ipoe
lsmod | grep vlan_mon

In order for the modules ipoe and vlan_mon to be loaded at system startup, open the /etc/modules file in the text editor:

sudo nano /etc/modules

And add:

ipoe
vlan_mon

Copy the example of the accel-ppp configuration file and fill the content according to the needs:

sudo cp /etc/accel-ppp.conf.dist /etc/accel-ppp.conf
sudo nano /etc/accel-ppp.conf
sudo nano /etc/accel-ppp.lua
sudo nano /usr/share/accel-ppp/radius/dictionary

Configuration help:

man accel-ppp.conf

Managed switch networks, etc. which Accel should skip when start=up, we specify in the “ipoe” section like this:

local-net=10.0.0.0/24

Networks for users we point out (for example, the gateway and mask is taken from here, IP from billing):

gw-ip-address=172.16.0.1/19

If you want to use req-limit only for auth, and remove the limit for acct so that there is no large queue, then you can specify the Radius server as follows:

server=127.0.0.1,pass,auth-port=0,req-limit=50,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1
server=127.0.0.1,pass,acct-port=0,req-limit=0,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1

DHCP lease time (renew-time=lease_time/2):

lease-time=600
renew-time=300

Example for L3 scheme:

interface=eth1,mode=L3,start=dhcpv4,shared=1,ifcfg=1,proxy-arp=1

If I use the L3 scheme, I wrote routes to the IP gateways (vlan interfaces) on the switch and specified them in /etc/network/interfaces so that they were after the system restart (where 10.0.0.2 L3 is the switch and 10.0.0.1 is the server with the accel-ppp):

post-up /bin/ip route add 172.16.0.1 via 10.0.0.2
post-up /bin/ip route add 172.18.0.1 via 10.0.0.2

An example of specifying VLAN interfaces from 200 to 1299 (if necessary, regular expressions can be checked on special sites, for example, regex101.com):

interface=re:^vlan[2-9][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1
interface=re:^vlan1[0-2][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1

proxy-arp=0 – disabled (default)
proxy-arp=1 – responds to arp requests if the requested IP does not belong to another session on the same interface (if shared=1)
proxy-arp=2 – responds to arp requests, if the requested IP belongs to a session on the same interface, it responds with the address of this session, otherwise the server address.
proxy-arp=3 – always responds to arp requests with the address of its interface (server), ie all traffic will go through accel-ppp.

Accel-ppp can start on DHCP and unclassified package, you can specify at the same time:

start=up,start=dhcp

If Abills billing is used, then Acct-Interim-Interval, usually transmitted from the access server’s Alive field, is 600 seconds by default.

If the start only on DHCP, and that after the Session-Timeout the client did not sit without the Internet until the session again rises, that is a very useful mode of soft end sessions:

soft-terminate=1

In the “core” section, let’s say thread-count is equal to the number of cores on one processor:

thread-count=8

If you need additional operations when starting and ending sessions, you can uncomment pppd_compat and write scripts:

sudo nano /etc/ppp/ip-up
sudo nano /etc/ppp/ip-down

Run manually and finish accel-ppp as follows:

sudo /usr/sbin/accel-pppd -d -p /var/run/accel-pppd.pid -c /etc/accel-ppp.conf
sudo netstat -tulpn | grep accel
sudo ps ax|grep accel
sudo killall accel-pppd

When accel-ppp is installed, autorun scripts are created in /etc/init.d/accel-ppp and /usr/lib/systemdsystem/accel-ppp.service, in order to activate autorun at system startup, run:

sudo chmod +x /etc/init.d/accel-ppp
sudo systemctl is-enabled accel-ppp.service
sudo systemctl enable accel-ppp.service

In the following, accel-ppp can be stopped or restarted:

sudo /etc/init.d/accel-ppp stop
sudo /etc/init.d/accel-ppp start
sudo /etc/init.d/accel-ppp restart
sudo /etc/init.d/accel-ppp status

sudo systemctl stop accel-ppp.service
sudo systemctl start accel-ppp.service
sudo systemctl restart accel-ppp.service
sudo systemctl status accel-ppp.service

Let’s create a configuration for log rotation:

nano /etc/logrotate.d/accel-ppp

And add the content (after which, logs older than 3 days will be deleted automatically):

/var/log/accel-ppp/*.log {
daily
rotate 3
missingok
sharedscripts
postrotate
test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
endscript
}

If the log files are very large, then you can manually run logrotate:

logrotate --force /etc/logrotate.d/accel-ppp

If accel-ppp also works as a DHCP server, then you can check this, as well as cli and dae:

sudo netstat -tulpn | grep :67
sudo netstat -tulpn | grep :2000
sudo netstat -tulpn | grep :2001
sudo netstat -tulpn | grep :3799

An example of catching packets for analyzing problems via tcpdump:

sudo tcpdump port 67 or port 68 -e -n
sudo tcpdump ether host e0:cb:4e:c3:7c:44

I will give several examples of viewing logs, including in real time:

tail -F /var/log/accel-ppp/accel-ppp.log
tail -f /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5
tail -F /var/log/accel-ppp/accel-ppp.log | grep e0:00:4e:00:7c:44
less /var/log/accel-ppp/accel-ppp.log
less /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5
tail -F /var/log/accel-ppp/auth-fail.log
tail -F /var/log/accel-ppp/core.log
tail -F /var/log/accel-ppp/emerg.log

You can count the number of sessions:

ifconfig | grep ipoe | wc -l
tc class show dev ipoe0

You can connect to the accel-ppp console (when prompted for the password, enter the one specified in the configuration in the cli block):

telnet 127.0.0.1 2000

I will give an example of commands:

show sessions
show stat
help

If the configuration file has changed, some changes can be applied to new sessions without restarting accel-ppp by executing the command:

reload

You can get the result of a command from linux like this:

accel-cmd -P secret show sessions
accel-cmd show sessions | grep 192.168.1.5

You can see the installed version of accel-ppp like this:

accel-cmd -V

We look at the command response and check on
https://sourceforge.net/p/accel-ppp/code/ci/6c514056471dfdf030d69fb9fda443047a8cc964/log/?path=
to understand for what number the code Accel-ppp, for example, I was shown (judging by Commit 890560, Accel-pp is collected from the code for 2018-03-06 10:09:36):

accel-cmd 89056070effd890afcefaefcd3ee257dc1a447ee

See also my articles:
How to update accel-ppp
Accel-ppp debug
Installing Accel-ppp on Ubuntu 18
Configuring the Network in Linux
Install and configure accel-ppp (IPoE) for ABillS
Loading and Unloading Modules in Linux
How to enable or disable Proxy ARP on Linux
Ip-up and ip-down scripts with ipset for Accel-ppp
Suppression of DHCP servers (dhcdrop)
Reason for messages “HTB: quantum of class 10001 is big. Consider r2q change”
Changing CPU Scaling Governor on Linux
How to roll back the kernel version on Ubuntu
Monitoring system processes using htop

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply