In this article, I’ll give an example of how to build and install accel-ppp in Ubuntu Server.
The accel-ppp requirements are:
A modern Linux distribution
Kernel 2.6.25 or later
cmake is not younger than version 2.6
libcrypto-0.9.8+ (openssl-0.9.8)
libpcre
net-snmp-5.x (for snmp)
liblua5.1 (for IPoE DHCP option 82)
Let’s check the versions of the installed components:
sudo lsb_release -a sudo uname -r sudo openssl version sudo apt show libpcre3-dev libssl-dev snmp liblua5.1
We will update the system and install the necessary components:
sudo apt-get update sudo apt-get upgrade sudo apt-get install linux-headers-`uname -r` build-essential cmake libnl-3-dev libnl-utils libssl-dev libpcre3-dev libnet-snmp-perl libtritonus-bin lua5.1 liblua5.1-0-dev snmp
Download the fresh source code accel-ppp:
sudo apt-get install git cd /opt/ sudo git clone git://git.code.sf.net/p/accel-ppp/code accel-ppp-code
Or from here (but it’s better to download the link above):
sudo git clone https://github.com/xebd/accel-ppp.git
Here is an example of how to build and install accel-ppp (VLAN_MON_DRIVER can not be installed if the server does not use VLANs):
sudo mkdir /opt/accel-ppp-code/build cd /opt/accel-ppp-code/build sudo cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DKDIR=/usr/src/linux-headers-`uname -r` -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DNETSNMP=FALSE -DLUA=TRUE -DBUILD_IPOE_DRIVER=TRUE -DBUILD_VLAN_MON_DRIVER=TRUE -DCPACK_TYPE=ubuntu -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-g -O2" /opt/accel-ppp-code sudo make sudo make install
You can read about optimization here https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
After the installation command, I have the following information:
— Install configuration: “”
— Installing: /var/log/accel-ppp
— Installing: /usr/local/sbin/accel-pppd
— Set runtime path of “/usr/local/sbin/accel-pppd” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/man/man5/accel-ppp.conf.5
— Installing: /etc/accel-ppp.conf.dist
— Installing: /usr/local/lib64/accel-ppp/libluasupp.so
— Installing: /usr/local/lib64/accel-ppp/libradius.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libradius.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2869
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2867
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4372
— Installing: /usr/local/share/accel-ppp/radius/dictionary.alcatel
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3576
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2866
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4072
— Installing: /usr/local/share/accel-ppp/radius/dictionary.microsoft
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4675
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3580
— Installing: /usr/local/share/accel-ppp/radius/dictionary.dhcp
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4818
— Installing: /usr/local/share/accel-ppp/radius/dictionary
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc5176
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4679
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2868
— Installing: /usr/local/share/accel-ppp/radius/dictionary.cisco
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2865
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4849
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3162
— Installing: /usr/local/lib64/accel-ppp/libtriton.so
— Installing: /usr/local/lib64/accel-ppp/libvlan-mon.so
— Installing: /usr/local/lib64/accel-ppp/libpptp.so
— Installing: /usr/local/lib64/accel-ppp/libpppoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libl2tp.so
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc3931
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc2661
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary
— Installing: /usr/local/lib64/accel-ppp/libsstp.so
— Installing: /usr/local/lib64/accel-ppp/libipoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libipoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libauth_pap.so
— Installing: /usr/local/lib64/accel-ppp/libauth_chap_md5.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v1.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v2.so
— Installing: /usr/local/lib64/accel-ppp/liblog_file.so
— Installing: /usr/local/lib64/accel-ppp/liblog_tcp.so
— Installing: /usr/local/lib64/accel-ppp/liblog_syslog.so
— Installing: /usr/local/lib64/accel-ppp/libpppd_compat.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppd_compat.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libippool.so
— Installing: /usr/local/lib64/accel-ppp/libipv6pool.so
— Installing: /usr/local/lib64/accel-ppp/libsigchld.so
— Installing: /usr/local/lib64/accel-ppp/libchap-secrets.so
— Installing: /usr/local/lib64/accel-ppp/liblogwtmp.so
— Installing: /usr/local/lib64/accel-ppp/libconnlimit.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_dhcp.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_nd.so
— Installing: /usr/local/lib64/accel-ppp/libshaper.so
— Installing: /usr/local/bin/accel-cmd
— Installing: /usr/local/share/man/man1/accel-cmd.1
If necessary, load the modules:
lsmod | grep ipoe sudo modprobe ipoe sudo cp ./drivers/ipoe/driver/ipoe.ko /lib/modules/`uname -r`/kernel/net sudo depmod -a sudo cp ./drivers/vlan_mon/driver/vlan_mon.ko /lib/modules/`uname -r`/kernel/net sudo depmod -a sudo modprobe ipoe sudo modprobe vlan_mon lsmod | grep ipoe lsmod | grep vlan_mon
In order for the modules ipoe and vlan_mon to be loaded at system startup, open the /etc/modules file in the text editor:
sudo nano /etc/modules
And add:
ipoe vlan_mon
Copy the example of the accel-ppp configuration file and fill the content according to the needs:
sudo cp /etc/accel-ppp.conf.dist /etc/accel-ppp.conf sudo nano /etc/accel-ppp.conf sudo nano /etc/accel-ppp.lua sudo nano /usr/local/share/accel-ppp/radius/dictionary
Configuration help:
man accel-ppp.conf
Managed switch networks, etc. which Accel should skip when start=up, we specify in the “ipoe” section like this:
local-net=10.0.0.0/24
Networks for users we point out (for example, the gateway and mask is taken from here, IP from billing):
gw-ip-address=172.16.0.1/19
If you want to use req-limit only for auth, and remove the limit for acct so that there is no large queue, then you can specify the Radius server as follows:
server=127.0.0.1,pass,auth-port=0,req-limit=50,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1 server=127.0.0.1,pass,acct-port=0,req-limit=0,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1
DHCP lease time (renew-time=lease_time/2):
lease-time=600 renew-time=300
Example for L3 scheme:
interface=eth1,mode=L3,start=dhcpv4,shared=1,ifcfg=1,proxy-arp=1
If I use the L3 scheme, I wrote routes to the IP gateways (vlan interfaces) on the switch and specified them in /etc/network/interfaces so that they were after the system restart (where 10.0.0.2 L3 is the switch and 10.0.0.1 is the server with the accel-ppp):
post-up /bin/ip route add 172.16.0.1 via 10.0.0.2 post-up /bin/ip route add 172.18.0.1 via 10.0.0.2
An example of specifying VLAN interfaces from 200 to 1299 (if necessary, regular expressions can be checked on special sites, for example, regex101.com):
interface=re:^vlan[2-9][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1 interface=re:^vlan1[0-2][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1
proxy-arp=0 – disabled (default)
proxy-arp=1 – responds to arp requests if the requested IP does not belong to another session on the same interface (if shared=1)
proxy-arp=2 – responds to arp requests, if the requested IP belongs to a session on the same interface, it responds with the address of this session, otherwise the server address.
proxy-arp=3 – always responds to arp requests with the address of its interface (server), ie all traffic will go through accel-ppp.
Accel-ppp can start on DHCP and unclassified package, you can specify at the same time:
start=up,start=dhcp
If Abills billing is used, then Acct-Interim-Interval, usually transmitted from the access server’s Alive field, is 600 seconds by default.
If the start only on DHCP, and that after the Session-Timeout the client did not sit without the Internet until the session again rises, that is a very useful mode of soft end sessions:
soft-terminate=1
In the “core” section, let’s say thread-count is equal to the number of cores on one processor:
thread-count=8
If you need additional operations when starting and ending sessions, you can uncomment pppd_compat and write scripts:
sudo nano /etc/ppp/ip-up sudo nano /etc/ppp/ip-down
Run manually and finish accel-ppp as follows:
sudo /usr/local/sbin/accel-pppd -d -p /var/run/accel-pppd.pid -c /etc/accel-ppp.conf sudo netstat -tulpn | grep accel sudo ps ax|grep accel sudo killall accel-pppd
To run accel-ppp automatically, you can create a script:
sudo nano /etc/init.d/accel-ppp
And add content to it (in the directory with the code accel-ppp, namely in the contrib, you can also find script codes):
#!/bin/sh
# /etc/init.d/accel-ppp: set up the accel-ppp server
### BEGIN INIT INFO
# Provides: accel-ppp
# Required-Start: $networking
# Required-Stop: $networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin;
ACCEL_PPTPD=`which accel-pppd`
. /lib/lsb/init-functions
if test -f /etc/default/accel-ppp; then
. /etc/default/accel-ppp
fi
if [ -z $ACCEL_PPPTD_OPTS ]; then
ACCEL_PPTPD_OPTS="-c /etc/accel-ppp.conf"
fi
case "$1" in
start)
log_daemon_msg "Starting accel-ppp server" "accel-pppd"
# if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
# insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
# fi
if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
restart)
log_daemon_msg "Restarting accel-ppp server" "accel-pppd"
# if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
# insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
# fi
start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
stop)
log_daemon_msg "Stopping accel-ppp server" "accel-pppd"
start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
log_end_msg 0
;;
status)
do_status
;;
*)
log_success_msg "Usage: /etc/init.d/accel-ppp {start|stop|status|restart}"
exit 1
;;
esac
exit 0
Let’s make it executable and add an autorun:
sudo chmod +x /etc/init.d/accel-ppp sudo update-rc.d accel-ppp defaults
In the following, accel-ppp can be stopped or restarted:
sudo /etc/init.d/accel-ppp stop sudo /etc/init.d/accel-ppp start sudo /etc/init.d/accel-ppp restart sudo /etc/init.d/accel-ppp status
Let’s create a configuration for log rotation:
nano /etc/logrotate.d/accel-ppp
And add the content (after which, logs older than 3 days will be deleted automatically):
/var/log/accel-ppp/*.log {
daily
rotate 3
missingok
sharedscripts
postrotate
test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
endscript
}
If the log files are very large, then you can manually run logrotate:
logrotate --force /etc/logrotate.d/accel-ppp
If accel-ppp also works as a DHCP server, then you can check this, as well as cli and dae:
sudo netstat -tulpn | grep :67 sudo netstat -tulpn | grep :2000 sudo netstat -tulpn | grep :3799
An example of catching packets for analyzing problems via tcpdump:
sudo tcpdump port 67 or port 68 -e -n sudo tcpdump ether host e0:cb:4e:c3:7c:44
I will give several examples of viewing logs, including in real time:
tail -F /var/log/accel-ppp/accel-ppp.log tail -f /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5 tail -F /var/log/accel-ppp/accel-ppp.log | grep e0:00:4e:00:7c:44 less /var/log/accel-ppp/accel-ppp.log less /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5 tail -F /var/log/accel-ppp/auth-fail.log tail -F /var/log/accel-ppp/core.log tail -F /var/log/accel-ppp/emerg.log
You can count the number of sessions:
ifconfig | grep ipoe | wc -l tc class show dev ipoe0
You can connect to the accel-ppp console (when prompted for the password, enter the one specified in the configuration in the cli block):
telnet 127.0.0.1 2000
I will give an example of commands:
show sessions show stat help
If the configuration file has changed, some changes can be applied to new sessions without restarting accel-ppp by executing the command:
reload
You can get the result of a command from linux like this:
accel-cmd -P secret show sessions accel-cmd show sessions | grep 192.168.1.5
You can see the installed version of accel-ppp like this:
accel-cmd -V
We look at the command response and check on
https://sourceforge.net/p/accel-ppp/code/ci/6c514056471dfdf030d69fb9fda443047a8cc964/log/?path=
to understand for what number the code Accel-ppp, for example, I was shown (judging by Commit 890560, Accel-pp is collected from the code for 2018-03-06 10:09:36):
accel-cmd 89056070effd890afcefaefcd3ee257dc1a447ee
See also my articles:
How to update accel-ppp
Configuring the Network in Linux
Install and configure accel-ppp (IPoE) for ABillS
Loading and Unloading Modules in Linux
How to enable or disable Proxy ARP on Linux
Ip-up and ip-down scripts with ipset for Accel-ppp
Reason for messages “HTB: quantum of class 10001 is big. Consider r2q change”
Changing CPU Scaling Governor on Linux