Accel-ppp installation

In this article, I’ll give an example of how to build and install accel-ppp in Ubuntu Server.

The accel-ppp requirements are:
A modern Linux distribution
Kernel 2.6.25 or later
cmake is not younger than version 2.6
libcrypto-0.9.8+ (openssl-0.9.8)
libpcre
net-snmp-5.x (for snmp)
liblua5.1 (for IPoE DHCP option 82)

Let’s check the versions of the installed components:

sudo lsb_release -a
sudo uname -r
sudo openssl version
sudo apt show libpcre3-dev libssl-dev snmp liblua5.1

We will update the system and install the necessary components:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-headers-`uname -r` build-essential cmake libnl-3-dev libnl-utils libssl-dev libpcre3-dev libnet-snmp-perl libtritonus-bin lua5.1 liblua5.1-0-dev snmp

Download the fresh source code accel-ppp:

sudo apt-get install git
cd /opt/
sudo git clone git://git.code.sf.net/p/accel-ppp/code accel-ppp-code

Or from here (but it’s better to download the link above):

sudo git clone https://github.com/xebd/accel-ppp.git

Here is an example of how to build and install accel-ppp (VLAN_MON_DRIVER can not be installed if the server does not use VLANs):

sudo mkdir /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build
sudo cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DKDIR=/usr/src/linux-headers-`uname -r` -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DNETSNMP=FALSE -DLUA=TRUE -DBUILD_IPOE_DRIVER=TRUE -DBUILD_VLAN_MON_DRIVER=TRUE -DCPACK_TYPE=ubuntu -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-g -O2" /opt/accel-ppp-code
sudo make
sudo make install

You can read about optimization here https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html

After the installation command, I have the following information:

— Install configuration: “”
— Installing: /var/log/accel-ppp
— Installing: /usr/local/sbin/accel-pppd
— Set runtime path of “/usr/local/sbin/accel-pppd” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/man/man5/accel-ppp.conf.5
— Installing: /etc/accel-ppp.conf.dist
— Installing: /usr/local/lib64/accel-ppp/libluasupp.so
— Installing: /usr/local/lib64/accel-ppp/libradius.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libradius.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2869
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2867
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4372
— Installing: /usr/local/share/accel-ppp/radius/dictionary.alcatel
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3576
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2866
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4072
— Installing: /usr/local/share/accel-ppp/radius/dictionary.microsoft
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4675
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3580
— Installing: /usr/local/share/accel-ppp/radius/dictionary.dhcp
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4818
— Installing: /usr/local/share/accel-ppp/radius/dictionary
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc5176
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4679
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2868
— Installing: /usr/local/share/accel-ppp/radius/dictionary.cisco
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc2865
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc4849
— Installing: /usr/local/share/accel-ppp/radius/dictionary.rfc3162
— Installing: /usr/local/lib64/accel-ppp/libtriton.so
— Installing: /usr/local/lib64/accel-ppp/libvlan-mon.so
— Installing: /usr/local/lib64/accel-ppp/libpptp.so
— Installing: /usr/local/lib64/accel-ppp/libpppoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libl2tp.so
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc3931
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary.rfc2661
— Installing: /usr/local/share/accel-ppp/l2tp/dictionary
— Installing: /usr/local/lib64/accel-ppp/libsstp.so
— Installing: /usr/local/lib64/accel-ppp/libipoe.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libipoe.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libauth_pap.so
— Installing: /usr/local/lib64/accel-ppp/libauth_chap_md5.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v1.so
— Installing: /usr/local/lib64/accel-ppp/libauth_mschap_v2.so
— Installing: /usr/local/lib64/accel-ppp/liblog_file.so
— Installing: /usr/local/lib64/accel-ppp/liblog_tcp.so
— Installing: /usr/local/lib64/accel-ppp/liblog_syslog.so
— Installing: /usr/local/lib64/accel-ppp/libpppd_compat.so
— Set runtime path of “/usr/local/lib64/accel-ppp/libpppd_compat.so” to “/usr/local/lib64/accel-ppp”
— Installing: /usr/local/lib64/accel-ppp/libippool.so
— Installing: /usr/local/lib64/accel-ppp/libipv6pool.so
— Installing: /usr/local/lib64/accel-ppp/libsigchld.so
— Installing: /usr/local/lib64/accel-ppp/libchap-secrets.so
— Installing: /usr/local/lib64/accel-ppp/liblogwtmp.so
— Installing: /usr/local/lib64/accel-ppp/libconnlimit.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_dhcp.so
— Installing: /usr/local/lib64/accel-ppp/libipv6_nd.so
— Installing: /usr/local/lib64/accel-ppp/libshaper.so
— Installing: /usr/local/bin/accel-cmd
— Installing: /usr/local/share/man/man1/accel-cmd.1

If necessary, load the modules:

lsmod | grep ipoe
sudo modprobe ipoe
sudo cp ./drivers/ipoe/driver/ipoe.ko /lib/modules/`uname -r`/kernel/net
sudo depmod -a
sudo cp ./drivers/vlan_mon/driver/vlan_mon.ko /lib/modules/`uname -r`/kernel/net
sudo depmod -a
sudo modprobe ipoe
sudo modprobe vlan_mon
lsmod | grep ipoe
lsmod | grep vlan_mon

In order for the modules ipoe and vlan_mon to be loaded at system startup, open the /etc/modules file in the text editor:

sudo nano /etc/modules

And add:

ipoe
vlan_mon

Copy the example of the accel-ppp configuration file and fill the content according to the needs:

sudo cp /etc/accel-ppp.conf.dist /etc/accel-ppp.conf
sudo nano /etc/accel-ppp.conf
sudo nano /etc/accel-ppp.lua
sudo nano /usr/local/share/accel-ppp/radius/dictionary

Configuration help:

man accel-ppp.conf

Managed switch networks, etc. which Accel should skip when start=up, we specify in the “ipoe” section like this:

local-net=10.0.0.0/24

Networks for users we point out (for example, the gateway and mask is taken from here, IP from billing):

gw-ip-address=172.16.0.1/19

If you want to use req-limit only for auth, and remove the limit for acct so that there is no large queue, then you can specify the Radius server as follows:

server=127.0.0.1,pass,auth-port=0,req-limit=50,fail-timeout=0,max-fail=10,acct-timeout=10,weight=1
server=127.0.0.1,pass,acct-port=0,req-limit=0,fail-timeout=0,max-fail=10,acct-timeout=10,weight=1

DHCP lease time (renew-time=lease_time/2):

lease-time=600
renew-time=300

Example for L3 scheme:

interface=eth1,mode=L3,start=dhcpv4,shared=1,ifcfg=1,proxy-arp=1

If I use the L3 scheme, I wrote routes to the IP gateways (vlan interfaces) on the switch and specified them in /etc/network/interfaces so that they were after the system restart (where 10.0.0.2 L3 is the switch and 10.0.0.1 is the server with the accel-ppp):

post-up /bin/ip route add 172.16.0.1 via 10.0.0.2
post-up /bin/ip route add 172.18.0.1 via 10.0.0.2

An example of specifying VLAN interfaces from 200 to 1299 (if necessary, regular expressions can be checked on special sites, for example, regex101.com):

interface=re:^vlan[2-9][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1
interface=re:^vlan1[0-2][0-9][0-9]$,mode=L2,start=dhcpv4,shared=1,ifcfg=1,ip-unnumbered=1,proxy-arp=1

proxy-arp=0 – disabled (default)
proxy-arp=1 – responds to arp requests if the requested IP does not belong to another session on the same interface (if shared=1)
proxy-arp=2 – responds to arp requests, if the requested IP belongs to a session on the same interface, it responds with the address of this session, otherwise the server address.
proxy-arp=3 – always responds to arp requests with the address of its interface (server), ie all traffic will go through accel-ppp.

Accel-ppp can start on DHCP and unclassified package, you can specify at the same time:

start=up,start=dhcp

If Abills billing is used, then Acct-Interim-Interval, usually transmitted from the access server’s Alive field, is 600 seconds by default.

If the start only on DHCP, and that after the Session-Timeout the client did not sit without the Internet until the session again rises, that is a very useful mode of soft end sessions:

soft-terminate=1

In the “core” section, let’s say thread-count is equal to the number of cores on one processor:

thread-count=8

If you need additional operations when starting and ending sessions, you can uncomment pppd_compat and write scripts:

sudo nano /etc/ppp/ip-up
sudo nano /etc/ppp/ip-down

Run manually and finish accel-ppp as follows:

sudo /usr/local/sbin/accel-pppd -d -p /var/run/accel-pppd.pid -c /etc/accel-ppp.conf
sudo netstat -tulpn | grep accel
sudo ps ax|grep accel
sudo killall accel-pppd

To run accel-ppp automatically, you can create a script:

sudo nano /etc/init.d/accel-ppp

And add content to it:

#!/bin/sh
# /etc/init.d/accel-ppp: set up the accel-ppp server
### BEGIN INIT INFO
# Provides:          accel-ppp
# Required-Start:    $networking
# Required-Stop:     $networking
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO

set -e

PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin;
ACCEL_PPTPD=`which accel-pppd`
. /lib/lsb/init-functions

if test -f /etc/default/accel-ppp; then
    . /etc/default/accel-ppp
fi

if [ -z $ACCEL_PPPTD_OPTS ]; then
  ACCEL_PPTPD_OPTS="-c /etc/accel-ppp.conf"
fi

case "$1" in
  start)
        log_daemon_msg "Starting accel-ppp server" "accel-pppd"
#        if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
#          insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
#        fi
        if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
  ;;
  restart)
        log_daemon_msg "Restarting accel-ppp server" "accel-pppd"
 #       if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
 #         insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
 #       fi
        start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
        if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
  ;;

  stop)
        log_daemon_msg "Stopping accel-ppp server" "accel-pppd"
        start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
        log_end_msg 0
  ;;

  status)
    do_status
  ;;
  *)
    log_success_msg "Usage: /etc/init.d/accel-ppp {start|stop|status|restart}"
    exit 1
    ;;
esac

exit 0

Let’s make it executable and add an autorun:

sudo chmod +x /etc/init.d/accel-ppp
sudo update-rc.d accel-ppp defaults

In the following, accel-ppp can be stopped or restarted:

sudo /etc/init.d/accel-ppp stop
sudo /etc/init.d/accel-ppp start
sudo /etc/init.d/accel-ppp restart
sudo /etc/init.d/accel-ppp status

Let’s create a configuration for log rotation:

nano /etc/logrotate.d/accel-ppp

And add the content (after which, logs older than 3 days will be deleted automatically):

/var/log/accel-ppp/*.log {
        daily
        rotate 3
        missingok
        sharedscripts
        postrotate
                test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
        endscript
}

If the log files are very large, then you can manually run logrotate:

logrotate --force /etc/logrotate.d/accel-ppp

If accel-ppp also works as a DHCP server, then you can check this:

sudo netstat -tulpn | grep :67

An example of catching packets for analyzing problems via tcpdump:

sudo tcpdump port 67 or port 68 -e -n
sudo tcpdump ether host e0:cb:4e:c3:7c:44

I will give several examples of viewing logs, including in real time:

tail -F /var/log/accel-ppp/accel-ppp.log
tail -f /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5
tail -F /var/log/accel-ppp/accel-ppp.log | grep e0:00:4e:00:7c:44
less /var/log/accel-ppp/accel-ppp.log
less /var/log/accel-ppp/accel-ppp.log | grep 192.168.1.5
tail -F /var/log/accel-ppp/auth-fail.log
tail -F /var/log/accel-ppp/core.log
tail -F /var/log/accel-ppp/emerg.log

You can count the number of sessions:

ifconfig | grep ipoe | wc -l
tc class show dev ipoe0

You can connect to the accel-ppp console (when prompted for the password, enter the one specified in the configuration in the cli block):

telnet 127.0.0.1 2000

I will give an example of commands:

show sessions
show stat
help

If the configuration file has changed, some changes can be applied to new sessions without restarting accel-ppp by executing the command:

reload

You can get the result of a command from linux like this:

accel-cmd -P secret show sessions
accel-cmd show sessions | grep 192.168.1.5

You can see the installed version of accel-ppp like this:

accel-cmd -V

We look at the command response and check on Commit to understand for what number the code Accel-ppp, for example, I was shown (judging by Commit 890560, Accel-pp is collected from the code for 2018-03-06 10:09:36):

accel-cmd 89056070effd890afcefaefcd3ee257dc1a447ee

See also my articles:
How to update accel-ppp
Configuring the Network in Linux
Install and configure accel-ppp (IPoE) for ABillS
Loading and Unloading Modules in Linux
How to enable or disable Proxy ARP on Linux
Ip-up and ip-down scripts with ipset for Accel-ppp
Reason for messages “HTB: quantum of class 10001 is big. Consider r2q change”

Подписаться на IT Blog (RU) по Email
Subscribe to IT Blog (EN) by Email

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a Reply