On the test, I’ll run accel-ppp in Ubuntu Server 16.04 LTS for ABillS.
If necessary, we create vlan interfaces as I wrote here – Adding vlan to Ubuntu for ABillS
Switch to the root user:
sudo -i
Install the necessary components:
apt-get update
cd /usr/src
apt-get install make cmake libcrypto++-dev libssl-dev libpcre3 libpcre3-dev git lua5.1 liblua5.1-0-dev
apt-get install linux-headers-`uname -r`
See what is the latest version of accel-ppp and download it from https://sourceforge.net/projects/accel-ppp/files/
You can download the latest source code from git in which bugs may occur or vice versa correcting critical errors, you can ask about it on the official Telegram channel, I only put the latest code.
See my article:
Accel-ppp installation
Unpack the downloaded archive:
tar -xvf accel-ppp-1.11.2.tar.bz2
Install accel-ppp (VLAN_MON_DRIVER can not be installed if the server does not use VLAN):
mkdir accel-ppp-build
cd accel-ppp-build
cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DKDIR=/usr/src/linux-headers-`uname -r` -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DLUA=TRUE -DBUILD_IPOE_DRIVER=TRUE -DBUILD_VLAN_MON_DRIVER=TRUE ../accel-ppp-1.11.2
make
make install
We connect the module and check:
insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
lsmod | grep ipoe
Let’s proceed to manual configuration.
Let’s create an autorun script:
nano /etc/init.d/accel-ppp
Add the following content to it:
#!/bin/sh
# /etc/init.d/accel-ppp: set up the accel-ppp server
### BEGIN INIT INFO
# Provides: accel-ppp
# Required-Start: $networking
# Required-Stop: $networking
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin;
ACCEL_PPTPD=`which accel-pppd`
. /lib/lsb/init-functions
if test -f /etc/default/accel-ppp; then
. /etc/default/accel-ppp
fi
if [ -z $ACCEL_PPPTD_OPTS ]; then
ACCEL_PPTPD_OPTS="-c /etc/accel-ppp.conf"
fi
case "$1" in
start)
log_daemon_msg "Starting accel-ppp server" "accel-pppd"
# if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
# insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
# fi
if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
restart)
log_daemon_msg "Restarting accel-ppp server" "accel-pppd"
# if [ x`lsmod |awk /ipoe/'{print $1}'` = x ]; then
# insmod /usr/src/accel-ppp-build/drivers/ipoe/driver/ipoe.ko
# fi
start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p /var/run/accel-pppd.pid $ACCEL_PPTPD_OPTS; then
log_end_msg 0
else
log_end_msg 1
fi
;;
stop)
log_daemon_msg "Stopping accel-ppp server" "accel-pppd"
start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile /var/run/accel-pppd.pid
log_end_msg 0
;;
status)
do_status
;;
*)
log_success_msg "Usage: /etc/init.d/accel-ppp {start|stop|status|restart}"
exit 1
;;
esac
exit 0
Let’s make it executable and add an autorun:
chmod +x /etc/init.d/accel-ppp
update-rc.d accel-ppp defaults
Create the lua file:
nano /etc/accel-ppp.lua
Add to it:
function username(pkt)
return pkt:hdr('chaddr')
end
If the start of the session is DHCP Discover and unclassified packet (so that the error “ipoe: lua: function ‘username’ must return a string” is not displayed), then:
function username(pkt)
if pkt:ipaddr() == "0.0.0.0" then
return pkt:hdr('chaddr')
else return pkt:ipaddr()
end
end
Create log rotation file:
nano /etc/logrotate.d/accel-ppp
Add to it:
/var/log/accel-ppp/*.log {
rotate 7
daily
size=200M
compress
missingok
sharedscripts
postrotate
test -r /var/run/accel-pppd.pid && kill -HUP `cat /var/run/accel-pppd.pid`
endscript
}
Open the dictionaries in the editor:
nano /usr/local/share/accel-ppp/radius/dictionary
nano /usr/local/freeradius/etc/raddb/dictionary
find /usr -name dictionary
Add at the end:
ATTRIBUTE DHCP-Router-IP-Address 241 ipaddr
ATTRIBUTE DHCP-Mask 242 integer
ATTRIBUTE L4-Redirect 243 integer
ATTRIBUTE L4-Redirect-ipset 244 string
ATTRIBUTE DHCP-Option82 245 octets
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Acct-Input-Gigawords 52 integer
ATTRIBUTE Acct-Output-Gigawords 53 integer
Open the configuration file accel-ppp:
nano /etc/accel-ppp.conf
And add the content (we will adjust to our needs, change the names of the network interfaces, IP nas, radius secret, for each distributed pool in the ipoe section, the gateway and mask are specified, for example gw-ip-address=10.0.0.1/24, but if attr-dhcp-router-ip and attr-dhcp-mask are passed from radius, then they will be in priority):
[modules]
log_file
radius
ipoe
ippool
shaper
sigchld
#connlimit
#vlan_mon
#pppd_compat
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[common]
check-ip=1
[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ipoe1
nas-ip-address=127.0.0.1
#server=127.0.0.1,radsecret,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=0,weight=1
server=127.0.0.1,radsecret,auth-port=1812,acct-port=0,req-limit=50,fail-timeout=0,max-fail=0,weight=1
server=127.0.0.1,radsecret,acct-port=1813,auth-port=0,req-limit=0,fail-timeout=0,max-fail=0,weight=1
dae-server=127.0.0.1:3799,radsecret
acct-timeout=0
verbose=0
timeout=5
#interim-verbose=1
#acct-interim-interval=300
#attr-tunnel-type=NAS-Identifier
#acct-interim-jitter=60
[ipoe]
verbose=0
unit-cache=0
username=lua:username
lua-file=/etc/accel-ppp.lua
lease-time=600
max-lease-time=660
renew-time=300
attr-dhcp-client-ip=Framed-IP-Address
attr-dhcp-router-ip=DHCP-Router-IP-Address
attr-dhcp-mask=Framed-IP-Netmask
attr-l4-redirect=L4-Redirect
attr-l4-redirect-ipset=L4-Redirect-ipset
l4-redirect-ipset=l4-redirect
gw-ip-address=10.0.0.1/24
proxy-arp=1
shared=1
ifcfg=1
mode=L2
start=dhcpv4
interface=eth0
#agent-remote-id=accel-ppp
attr-dhcp-opt82=DHCP-Option82
soft-terminate=1
#[ip-pool]
#gw-ip-address=192.168.0.1/24
#attr=Framed-Pool
#192.168.0.2-254,name=pool1
[client-ip-range]
#10.0.0.0/8
[dns]
dns1=1.1.1.1
dns2=8.8.4.4
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/var/log/accel-ppp/debug.log
copy=1
color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3
#level=5
[shaper]
#default rate-limit for guest clients, rate-limit will be overwritten by RADIUS filter attributes
rate-limit=2048/1024
attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
quantum=1500
#moderate-quantum=1
#hightspeed shaper
ifb=ifb0
cburst=1534
#up-limiter=htb
#down-limiter=htb
down-limiter=tbf
up-limiter=police
#leaf-qdisc=sfq perturb 10
#leaf-qdisc=fq_codel [limit PACKETS] [flows NUMBER] [target TIME] [interval TIME] [quantum BYTES] [[no]ecn]
#rate-multiplier=1
#fwmark=1
attr-down=PPPD-Downstream-Speed-Limit
attr-up=PPPD-Upstream-Speed-Limit
verbose=10
[pppd-compat]
#ip-up=/etc/ppp/ip-up
#ip-down=/etc/ppp/ip-down
#radattr-prefix=/var/run/radattr
verbose=1
[cli]
verbose=100
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
password=radsecret
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
acct-timeout=0 allows you not to end sessions when radius is not available, otherwise sessions with messages in the logs will end:
radius: server(2) not responding, terminating session…
Run accel-ppp:
sudo /etc/init.d/accel-ppp restart
You can also use the quick setup script:
cd /usr/abills/misc/
./autoconf PROGRAMS=accel_ppp
Check whether accel_ppp is running like this:
/etc/init.d/accel-ppp status
netstat -tulpn | grep accel-ppp
netstat -tulpn | grep :67
It remains to add an access server to ABills (“Settings” – “Access Server”).
For example:
IP: 127.0.0.1
Name (a-zA-Z0-9_): NAME
Type: accel-ipoe Linux accel-ipoe
Alive (sec.): 600
Control
IP: 127.0.0.1
SSH: 2001
POD/COA: 3799
User: admin
Password (PoD,RADIUS Secret,SNMP): radsecret (also specified in /etc/accel-ppp.conf)
Radius NAS-Identifier: accel-ipoe1
NAS Alive should be equal to DHCP Lease Time.
If you need additional operations when starting and ending sessions, you can uncomment pppd_compat and write scripts:
sudo nano /etc/ppp/ip-up
sudo nano /etc/ppp/ip-down
If you need the functions of the script shaper_start.sh, then make the file executable and add it to the autorun:
chmod +x /etc/init.d/shaper_start.sh
update-rc.d shaper_start.sh defaults
/etc/init.d/shaper_start.sh status
/etc/init.d/shaper_start.sh start
And write the parameters in the /etc/rc.conf file, for example:
abills_shaper_enable="YES"
#abills_ipn_if="ens2f1"
abills_shaper_if="ens2f1"
abills_nat_enable="172.16.11.11:192.168.2.0/24"
abills_nas_id="1"
abills_ipn_nas_id="1"
...
The following script can see the list of sessions, their speed and reconfigure the shaper:
/usr/abills/libexec/billd checkspeed accel_ppp=1 NAS_ID="11" SHOW_SPEED=1
/usr/abills/libexec/billd checkspeed accel_ppp=1 NAS_ID="11"
Session synchronization between billing and accel-ppp, unnecessary sessions will be hungup (I noticed that in ABillS 0.81.86 the script does not verify sessions for the specified NAS_ID, but for each access server with the accel-ppp type):
/usr/abills/libexec/billd check_accel_ppp=1 NAS_ID="11" SHOW=1
/usr/abills/libexec/billd check_accel_ppp=1 NAS_ID="11"
See also my articles:
Ip-up and ip-down scripts with ipset for Accel-ppp
How to enable or disable Proxy ARP on Linux
Accel-ppp installation
Packet capturing with tcpdump