Install and configure accel-ppp (IPoE) for ABillS

On the test, I’ll run accel-ppp in Ubuntu Server 16.04 LTS for ABillS.

If necessary, we create vlan interfaces as I wrote here – Adding vlan to Ubuntu for ABillS

Switch to the root user:

sudo su

Install the necessary components:

apt-get update
cd /usr/src
apt-get install make cmake libcrypto++-dev libssl-dev libpcre3 libpcre3-dev git lua5.1 liblua5.1-0-dev
apt-get install linux-headers-`uname -r`

See what is the latest version of accel-ppp and download it from https://sourceforge.net/projects/accel-ppp/files/
You can download the latest source code from git in which bugs may occur or vice versa correcting critical errors, you can ask about it on the official Telegram channel, I only put the latest code.
See my article:
Accel-ppp installation

Unpack the downloaded archive:

tar -xvf accel-ppp-1.11.2.tar.bz2

Install accel-ppp (VLAN_MON_DRIVER can not be installed if the server does not use VLAN):

mkdir accel-ppp-build
cd accel-ppp-build
cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DKDIR=/usr/src/linux-headers-`uname -r` -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DLUA=TRUE -DBUILD_IPOE_DRIVER=TRUE -DBUILD_VLAN_MON_DRIVER=TRUE ../accel-ppp-1.11.2
make
make install

We connect the module and check:

insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
lsmod | grep ipoe

Let’s proceed to manual configuration.
Let’s create an autorun script:

nano /etc/init.d/accel-ppp

Add the following content to it:

#!/bin/sh
# /etc/init.d/accel-ppp: set up the accel-ppp server
### BEGIN INIT INFO
# Provides:          accel-ppp
# Required-Start:    $networking
# Required-Stop:     $networking
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO
 
set -e
 
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin;
ACCEL_PPTPD=`which accel-pppd`
. /lib/lsb/init-functions
 
if test -f /etc/default/accel-ppp; then
    . /etc/default/accel-ppp
fi
 
if [ -z $ACCEL_PPPTD_OPTS ]; then
  ACCEL_PPTPD_OPTS="-c /etc/accel-ppp.conf"
fi
 
case "$1" in
  start)
        log_daemon_msg "Starting accel-ppp server" "accel-pppd"
#        if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
#          insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
#        fi
        if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
  ;;
  restart)
        log_daemon_msg "Restarting accel-ppp server" "accel-pppd"
#        if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
#          insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
#        fi
        start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
        if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
  ;;
 
  stop)
        log_daemon_msg "Stopping accel-ppp server" "accel-pppd"
        start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
        log_end_msg 0
  ;;
 
  status)
    do_status
  ;;
  *)
    log_success_msg "Usage: /etc/init.d/accel-ppp {start|stop|status|restart}"
    exit 1
    ;;
esac
 
exit 0

Let’s make it executable and add an autorun:

chmod +x /etc/init.d/accel-ppp
update-rc.d accel-ppp defaults

Create the lua file:

nano /etc/accel-ppp.lua

Add to it:

function username(pkt)
return pkt:hdr('chaddr')
end

If the start of the session is DHCP Discover and unclassified packet (so that the error “ipoe: lua: function ‘username’ must return a string” is not displayed), then:

function username(pkt)
  if pkt:ipaddr() == "0.0.0.0" then
    return pkt:hdr('chaddr')
  else return pkt:ipaddr()
  end
end

Create log rotation file:

nano /etc/logrotate.d/accel-ppp

Add to it:

/var/log/accel-ppp/*.log {
      rotate 7
      daily
      size=200M
      compress
      missingok
      sharedscripts
      postrotate
              test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
      endscript
}

Open the dictionaries in the editor:

nano /usr/local/share/accel-ppp/radius/dictionary
nano /usr/local/freeradius/etc/raddb/dictionary

Add at the end:

ATTRIBUTE DHCP-Router-IP-Address 241 ipaddr
ATTRIBUTE DHCP-Mask              242 integer
ATTRIBUTE L4-Redirect      243 integer
ATTRIBUTE L4-Redirect-ipset      244 string
ATTRIBUTE DHCP-Option82          245 octets
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Acct-Input-Gigawords    52      integer
ATTRIBUTE Acct-Output-Gigawords   53      integer

Open the configuration file accel-ppp:

nano /etc/accel-ppp.conf

And add the content (we will adjust to our needs, change the names of the network interfaces, IP nas, radius secret, for each distributed pool in the ipoe section, the gateway and mask are specified, for example gw-ip-address=10.0.0.1/24, but if attr-dhcp-router-ip and attr-dhcp-mask are passed from radius, then they will be in priority):

[modules]
log_file
radius
ipoe
ippool
shaper
sigchld
#connlimit
#vlan_mon
#pppd_compat
 
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[common]
check-ip=1
 
[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
#nas-identifier=accel-ipoe
nas-ip-address=127.0.0.1
#server=127.0.0.1,radsecret,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1
server=127.0.0.1,radsecret,auth-port=0,req-limit=50,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1
server=127.0.0.1,radsecret,acct-port=0,req-limit=0,fail-timeout=0,max-fail=0,acct-timeout=0,weight=1
dae-server=127.0.0.1:3799,radsecret
verbose=0
timeout=5
#interim-verbose=1
#acct-interim-interval=300
attr-tunnel-type=NAS-Identifier

[ipoe]
verbose=0
unit-cache=0
username=lua:username
lua-file=/etc/accel-ppp.lua
lease-time=600
max-lease-time=660
renew-time=300
attr-dhcp-client-ip=Framed-IP-Address
attr-dhcp-router-ip=DHCP-Router-IP-Address
attr-dhcp-mask=Framed-IP-Netmask
attr-l4-redirect=L4-Redirect
attr-l4-redirect-ipset=L4-Redirect-ipset
l4-redirect-ipset=l4-redirect
gw-ip-address=10.0.0.1/24
proxy-arp=1
shared=1
ifcfg=1
mode=L2
start=dhcpv4
interface=eth0
#agent-remote-id=accel-ppp
attr-dhcp-opt82=DHCP-Option82
soft-terminate=1
 
#[ip-pool]
#gw-ip-address=192.168.0.1/24
#attr=Framed-Pool
#192.168.0.2-254,name=pool1
 
[client-ip-range]
#10.0.0.0/8
 
[dns]
dns1=1.1.1.1
dns2=8.8.4.4
 
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/var/log/accel-ppp/debug.log
copy=1
color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3
#level=5
 
[shaper]
#default rate-limit for guest clients, rate-limit will be overwritten by RADIUS filter attributes
rate-limit=2048/1024
attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
quantum=1500
#moderate-quantum=1
#hightspeed shaper
ifb=ifb0
cburst=1534
#up-limiter=htb
down-limiter=htb
#low speed shaper
up-limiter=police
#down-limiter=tbf
#leaf-qdisc=sfq perturb 10
#leaf-qdisc=fq_codel [limit PACKETS] [flows NUMBER] [target TIME] [interval TIME] [quantum BYTES] [[no]ecn]
#rate-multiplier=1
#fwmark=1
attr-down=PPPD-Downstream-Speed-Limit
attr-up=PPPD-Upstream-Speed-Limit
verbose=10
 
[pppd-compat]
#ip-up=/etc/ppp/ip-up
#ip-down=/etc/ppp/ip-down
#radattr-prefix=/var/run/radattr
verbose=1
 
[cli]
verbose=100
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
password=radsecret
 
[snmp]
master=0
agent-name=accel-ppp
 
[connlimit]
limit=10/min
burst=3
timeout=60

Run accel-ppp:

sudo /etc/init.d/accel-ppp restart

You can also use the quick setup script:

cd /usr/abills/misc/
./autoconf PROGRAMS=accel_ppp

Check whether accel_ppp is running like this:

/etc/init.d/accel-ppp status
netstat -tulpn | grep accel-ppp
netstat -tulpn | grep :67

It remains to add an access server to ABills (“Settings” – “Access Server”).
For example:

IP: 127.0.0.1
Name (a-zA-Z0-9_): NAME
Type: accel-ipoe Linux accel-ipoe
Alive (sec.): 600
Control
IP: 127.0.0.1
SSH: 2001
POD/COA: 3799
User: admin
Password (PoD,RADIUS Secret,SNMP): radsecret (also specified in /etc/accel-ppp.conf)

NAS Alive should be equal to DHCP Lease Time.

If you need additional operations when starting and ending sessions, you can uncomment pppd_compat and write scripts:

sudo nano /etc/ppp/ip-up
sudo nano /etc/ppp/ip-down

If you need the functions of the script shaper_start.sh, then make the file executable and add it to the autorun:

chmod +x /etc/init.d/shaper_start.sh
update-rc.d shaper_start.sh defaults
/etc/init.d/shaper_start.sh status
/etc/init.d/shaper_start.sh start

And write the parameters in the /etc/rc.conf file, for example:

abills_shaper_enable="YES"
#abills_ipn_if="ens2f1"
abills_shaper_if="ens2f1"
abills_nat_enable="172.16.11.11:192.168.2.0/24"
abills_nas_id="1"
abills_ipn_nas_id="1"
...

See also my articles:
Ip-up and ip-down scripts with ipset for Accel-ppp
How to enable or disable Proxy ARP on Linux
Accel-ppp installation
Packet capturing with tcpdump

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply