Тут показані розбіжності між вибраною ревізією та поточною версією сторінки.
Порівняння попередніх версій Попередня ревізія | |||
accelppp [2023/06/15 21:01] nightfly знищено |
— (поточний) | ||
---|---|---|---|
Рядок 1: | Рядок 1: | ||
- | ====== accel-ppp на Ubuntu Server pptp & pppoe ====== | ||
- | Исходные данные примера: | ||
- | * Ubilling с настроенным FrerRADIUS находится относительно NAS-а на IP 192.168.56.94 | ||
- | * NAS имеет интерфейсы: | ||
- | * eth0 - 172.16.0.254/ | ||
- | * eth1 - 10.0.3.15/ | ||
- | * eth2 - 192.168.56.14 (для коммуникации с биллингом) | ||
- | |||
- | 1. Добиваемся работы [[freeradius|FreeRADIUS]] \\ | ||
- | 2. Добавляем для сети с " | ||
- | {{: | ||
- | |||
- | 3. Ставим accel-ppp: | ||
- | < | ||
- | # apt-get -y install cmake libssl-dev pptp-linux build-essential gawk libpcre3-dev libnl-dev | ||
- | # wget http:// | ||
- | # tar jxvf accel-ppp-1.7.4.tar.bz2 | ||
- | # mkdir accel-ppp | ||
- | # cd accel-ppp | ||
- | # cmake -DCMAKE_INSTALL_PREFIX=/ | ||
- | # make && make install | ||
- | </ | ||
- | |||
- | 4. Врихтовываем конфиг **/ | ||
- | |||
- | <file bash accel-ppp.conf> | ||
- | [modules] | ||
- | path=/ | ||
- | log_file | ||
- | pptp | ||
- | pppoe | ||
- | auth_mschap_v2 | ||
- | radius | ||
- | sigchld | ||
- | pppd_compat | ||
- | shaper_tbf | ||
- | shaper | ||
- | |||
- | [core] | ||
- | log-error=/ | ||
- | thread-count=4 | ||
- | |||
- | [ppp] | ||
- | verbose=1 | ||
- | min-mtu=1000 | ||
- | mtu=1400 | ||
- | mru=1400 | ||
- | |||
- | [lcp] | ||
- | echo-interval=30 | ||
- | echo-failure=3 | ||
- | |||
- | [pptp] | ||
- | echo-interval=30 | ||
- | verbose=1 | ||
- | |||
- | [pppoe] | ||
- | interface=eth0 | ||
- | verbose=1 | ||
- | |||
- | |||
- | [dns] | ||
- | dns1=8.8.8.8 | ||
- | |||
- | [radius] | ||
- | dictionary=/ | ||
- | nas-identifier=accel-ppp | ||
- | nas-ip-address=192.168.56.14 | ||
- | gw-ip-address=10.0.0.1 | ||
- | auth-server=192.168.56.94: | ||
- | acct-server=192.168.56.94: | ||
- | dae-server=192.168.56.94: | ||
- | verbose=1 | ||
- | | ||
- | #network which can do auth via pptp. NOT users IP-s. | ||
- | [client-ip-range] | ||
- | 10.0.0.0/24 | ||
- | |||
- | |||
- | [log] | ||
- | log-file=/ | ||
- | log-emerg=/ | ||
- | log-fail-file=/ | ||
- | copy=1 | ||
- | level=3 | ||
- | |||
- | |||
- | [pppd-compat] | ||
- | radattr-prefix=/ | ||
- | verbose=1 | ||
- | |||
- | |||
- | #[tbf] (obsolete - use shaper insted) | ||
- | # | ||
- | # | ||
- | | ||
- | [shaper] | ||
- | #may need: ethtool -K eth0 tso off ufo off gso off gro off lro off | ||
- | up-limiter=police | ||
- | down-limiter=tbf | ||
- | attr-down=PPPD-Downstream-Speed-Limit | ||
- | attr-up=PPPD-Upstream-Speed-Limit | ||
- | verbose=1 | ||
- | |||
- | |||
- | [cli] | ||
- | telnet=127.0.0.1: | ||
- | |||
- | </ | ||
- | |||
- | 5. Выгружаем блеклистим модуль ip_gre который конфликтует с accel-ppp | ||
- | # rmmod ip_gre | ||
- | # echo " | ||
- | |||
- | 6. Загружаем и добавляем в автозагрузку модули pptp и pppoe | ||
- | # modprobe pppoe | ||
- | # modprobe pptp | ||
- | # echo pppoe >> / | ||
- | # echo pptp >> / | ||
- | |||
- | 7. Создаем скрипт автозапуска в **/ | ||
- | <file bash accel-ppp> | ||
- | #!/bin/sh | ||
- | # / | ||
- | ### BEGIN INIT INFO | ||
- | # Provides: | ||
- | # Required-Start: | ||
- | # Required-Stop: | ||
- | # Default-Start: | ||
- | # Default-Stop: | ||
- | ### END INIT INFO | ||
- | |||
- | set -e | ||
- | |||
- | PATH=/ | ||
- | ACCEL_PPTPD=`which accel-pppd` | ||
- | . / | ||
- | |||
- | if test -f / | ||
- | . / | ||
- | fi | ||
- | |||
- | if [ -z $ACCEL_PPPTD_OPTS ]; then | ||
- | ACCEL_PPTPD_OPTS=" | ||
- | fi | ||
- | |||
- | case " | ||
- | start) | ||
- | log_daemon_msg " | ||
- | if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p / | ||
- | log_end_msg 0 | ||
- | else | ||
- | log_end_msg 1 | ||
- | fi | ||
- | ;; | ||
- | restart) | ||
- | log_daemon_msg " | ||
- | start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile / | ||
- | if start-stop-daemon --start --quiet --oknodo --exec $ACCEL_PPTPD -- -d -p / | ||
- | log_end_msg 0 | ||
- | else | ||
- | log_end_msg 1 | ||
- | fi | ||
- | ;; | ||
- | |||
- | stop) | ||
- | log_daemon_msg " | ||
- | start-stop-daemon --stop --quiet --oknodo --retry 180 --pidfile / | ||
- | log_end_msg 0 | ||
- | ;; | ||
- | |||
- | status) | ||
- | do_status | ||
- | ;; | ||
- | *) | ||
- | log_success_msg " | ||
- | exit 1 | ||
- | ;; | ||
- | esac | ||
- | |||
- | exit 0 | ||
- | </ | ||
- | |||
- | а также добавим его в автозапуск: | ||
- | # chmod a+x / | ||
- | # update-rc.d accel-ppp defaults | ||
- | | ||
- | 8. В **/ | ||
- | <file bash sysctl.conf> | ||
- | |||
- | net.ipv4.ip_forward=1 | ||
- | net.ipv4.neigh.default.gc_thresh1 = 1024 | ||
- | net.ipv4.neigh.default.gc_thresh2 = 2048 | ||
- | net.ipv4.neigh.default.gc_thresh3 = 4096 | ||
- | |||
- | net.ipv4.netfilter.ip_conntrack_max=9548576 | ||
- | net.netfilter.nf_conntrack_max=9548576 | ||
- | </ | ||
- | | ||
- | 9. В словарь **/ | ||
- | < | ||
- | # Limit session traffic | ||
- | ATTRIBUTE Session-Octets-Limit 227 integer | ||
- | # What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out) | ||
- | ATTRIBUTE Octets-Direction 228 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer | ||
- | ATTRIBUTE Acct-Interim-Interval 85 integer | ||
- | ATTRIBUTE Acct-Input-Gigawords | ||
- | ATTRIBUTE Acct-Output-Gigawords | ||
- | </ | ||
- | |||
- | 10. В **/ | ||
- | |||
- | <file bash rc.local> | ||
- | iptables -t nat --flush | ||
- | iptables -t nat -A POSTROUTING -s 172.16.0.0/ | ||
- | </ | ||
- | |||
- | 11. Со стороны Ubilling добавляем нужные нам аттрибуты в словарь FreeRADIUS-а который **/ | ||
- | <file ini dictionary> | ||
- | # Limit session traffic | ||
- | ATTRIBUTE Session-Octets-Limit 227 integer | ||
- | # What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out) | ||
- | ATTRIBUTE Octets-Direction 228 integer | ||
- | # Connection Speed Limit | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer | ||
- | ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer | ||
- | ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer | ||
- | ATTRIBUTE Acct-Interim-Interval 85 integer | ||
- | ATTRIBUTE Acct-Input-Gigawords | ||
- | ATTRIBUTE Acct-Output-Gigawords | ||
- | </ | ||
- | |||
- | |||
- | |||
- | 12. А что с настройками сетей самого Ubilling-a? А как-то так в минимальном варианте: | ||
- | {{: | ||
- | |||
- | 13. Нет, мы все равно ничего не понимаем в этих ваших линуксах, |