Ключевые слова: pppoe, fedora, linux, vpn, dialup, radius, (найти похожие документы)
From: Evgeny Ruvinov <evgeny at i-p-hi.com>
Newsgroups: email
Date: Mon, 22 Sep 2004 14:31:37 +0000 (UTC)
Subject: Настройка PPPoE сервера на базе Fedora Core1-2 Linux
PPPoE Configuration on FC1/FC2 HOWTO
HOWTO - Configuration bundle: PPPoE + MySQL + FreeRADIUS + DialUp Admin
on Fedora Core1-2.
Author: Evgeny Ruvinov. (evgeny@i-p-hi.com), 2004
________________________________________
Table of Contents
1. Predefaults.
2. Installing and configure MySQL server.
3. PPPoE server configuration.
4. Installing DialUp-Admin.
Chapter 1. Predefault.
----------------------
We have a server with two network cards. Our settings for example:
WAN: 80.178.114.158
(Mask 255.255.255.252
Network 80.178.114.156
Router 80.178.114.157).
LAN: 192.168.10.1
(Mask 255.255.255.0)
This is only examples - put there your static WAN and LAN IPs, MASKs and GATEs
Our domain: yourdomain.com
Server DN your_DNS_server_IP
We want to install distributive Fedora Core 1 with next services:
- Radius: Freeradius-0.9.3-1.1
- SQL: MySQL-3.23.58-4
- PPPoE-Server: rp-pppoe-3.5-8
Chapter 2. Installing and configure MySQL server.
-------------------------------------------------
First of all you shell check what mysql packages you have install.
# rpm -qa | grep mysql
at list you have get 3 packages:
mysql-3.23.58-4
mysql-server-3.23.58-4
mysql-devel-3.23.58-4
freeradius-mysql-0.9.3-1.1
or newer.
Very important to secure mysql root account.
# mysqladmin password newpassword
(Sure, instead "newpassword" you have to insert YOUR new root password)
Open new database called radius.
# mysqladmin -uroot -pnewpassword create radius
Where "newpassword" - is password for root user of radius
Open new user for radius database administration called radiusadmin and
give appropriative privileges for this account.
# mysql -uroot -p
Enter password: ******
mysql> GRANT ALL PRIVILEGES ON radius.* TO "radiusadmin"@"localhost"
->IDENTIFIED BY "radiuspassword" WITH GRANT OPTION;
mysql> exit
Where "radiuspassword" is your password for user radiusadmin.
# /etc/rc.d/init.d/mysqld start
Chapter 3. FreeRadius server installation, and configuration to work through
MySQL DB.
----------------------------------------------------------------------------
First of all you shell check what freeradius packages you have install.
# rpm -qa | grep freeradius
at list you have get two packages:
freeradius-0.9.3-1.1
freeradius-mysql-0.9.3-1.1
or newer.
After that you have to do some changes in configuration files:
open /etc/raddb/clients.conf
At the end of this file add:
client 192.168.10.0/24 {
secret = mysecret #sure you have to change secret
shortname = mynetwork
}
open /etc/rcd/raddb/sql.
driver = "rlm_sql_mysql" #check that you point to this driver
login = "radiusadmin" #change to your sql root user
password = "radiuspassword" #change to your sql root password
open /etc/rcd/raddb/radiusd.conf
Change:
user: root
group: root
port = 1812
log_auth = yes
log_auth_badpass = yes
In authorize module add
sql between suffix and files
In accounting module add
sql between unix and radutemp
Now you have to get freeradius source from Freeradius download page:
ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz
Untarring freeradius:
# tar -xvpf freeradius-0.9.3.tar.gz -C /usr/src/
The files are extracted from tarball and moving to /usr/src/ source directory.
Now we have to change radius database:
# mysql -uradiusadmin -pradiuspassword radius < /usr/src/freeradius-0.9.3/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
Now we need to add and configure user group or groups in MySQL database
for radius requirements (for example we open group called dialup). Open
database radius and change a few tables:
In table radgroupcheck we add:
id GroupName Attribute Value op
12 dialup Auth-Type PAP :=
In table radgroupreply we add:
id GroupName Attribute Value op
5 dialup Service-Type Framed-User :=
6 dialup Framed-Protocol PPP :=
7 dialup Framed-MTU 1472 :=
8 dialup Framed-Compression Van-Jacobsen-TCP-IP :=
9 dialup Framed-IP-Address 255.255.255.254 :=
10 dialup Framed-IP-Netmask 255.255.255.255 :=
13 dialup Framed-Routing Broadcast-Listen :=
19 dialup Idle-Timeout 600 :=
20 dialup Session-Timeout 14400 :=
18 dialup Port-Limit 1 :=
Chapter 4. PPPoE server configuration.
--------------------------------------
First of all we have to upgrade the original ppp package, because of
this package don"t consist radiusclient and it have problem with
rp-pppoe.so plug-in.
# rpm -Uvh ppp-2.4.3-0.cvs_20040527.fc1.3.i386.rpm
And we"ll install a few packages:
# rpm - Uvh ppp-devel-2.4.3-0.cvs_20040527.fc1.3.i386.rpm
# rpm - Uvh ppp-radius-2.4.3-0.cvs_20040527.fc1.3.i386.rpm
# rpm - Uvh radiusclient-2.4.3-0.cvs_20040527.fc1.3.i386.rpm
# rpm - Uvh radiusclient-devel-2.4.3-0.cvs_20040527.fc1.3.i386.rpm
You can get it in:
http://www.i-p-hi.co.il:8080/files/
Open file /etc/radiusclient/servers
Insert next rows:
localhost mysecret
80.178.114.158 mysecret
yourserver.yourdomail.com mysecret
Pay attention that "mysecret" is your radius secret.
Open file /etc/radiusclient/radiusclient.conf
Change row:
authserver: 127.0.0.1
to
authserver 80.178.114.158
Now we have to configure ppp-pppoe service
Open file /etc/ppp/pppoe-server-options and write:
# PPP options for the PPPoE server
# LIC: GPL
debug
mtu 1472
mru 1472
require-pap
default-asyncmap
proxyarp
ktune
lcp-echo-interval 20
lcp-echo-failure 2
ms-dns your_first_dns_server_IP
ms-dns your_second_dns_server_IP
plugin radius.so
nobsdcomp
noccp
noendpoint
noipdefault
noipx
novj
receive-all
Create file /etc/rc.d/init.d/pppoed
---------------------------------
#!/bin/bash
# init file for rp-pppoe server
#
# description: PPPOE kernel mode server
#
# processname: pppoe-server
# chkconfig: - 45 45
# source function library
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo -n "Starting PPPOE server: "
daemon /usr/sbin/pppoe-server -k -s -I eth0 -L 192.168.10.1 -R 192.168.10.100
#Here eth0 - your pppoe server interface
#192.168.10.1 - IP of PPPoE server
#192.168.10.100 - First IP number of your client
touch /var/lock/subsys/pppoed
echo
;;
stop)
echo -n "Shutting down PPPOE server: "
killproc pppoe-server
rm -f /var/lock/subsys/pppoed
echo
;;
restart)
$0 stop
$0 start
;;
status)
status pppoe-server
;;
*)
echo "Usage: pppoed {start|stop|restart|status}"
exit 1
esac
exit 0
---------------------------------
Now change permission for pppoed:
# chmod +x pppoed
Start pppoed server:
# /etc/rc.d/init.d/pppoed start
Chapter 5. Installing DialUp-Admin.
-----------------------------------
First of all download last version of dialup_admin :
http://sourceforge.net/project/showfiles.php?group_id=24332&package_id=16572&release_id=136886
Packet dialup_admin-1.62.tar.gz :
http://prdownloads.sourceforge.net/dialup-admin/dialup_admin-1.62.tar.gz?download
Open:
# tar -xvzf dialup_admin-1.62.tar.gz -C /usr/local
Open file /etc/httpd/conf/httpd.conf
Add there next rows:
Alias /dialup_admin/ "/usr/local/dialup_admin/htdocs/"
<Directory "/usr/local/dialup_admin/htdocs">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
and restart Apache server:
# /etc/rc.d/init.d/httpd restart
To do some changes
Now we shell configure dialup_admin
Open file /usr/local/dialup_admin/conf/admin.conf and change next rows:
general_prefered_lang: default
general_prefered_lang_name: English
general_domain: yourdomain.com
general_test_account_login: test
general_test_account_password: testpass
sql_username: radiusadmin
sql_password: radiuspassword
Now we have to do some changes in MySQL database:
# mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/baduser.sql
# mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/mtotacct.sql
# mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/totacct.sql
# mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/userinfo.sql
So, now we"ve finished all our configurations.
For creation user go to:
http://yourserver.yourdomain/dialup_admin/
After creating pppoe user you can open pppoe connection on client computer.
PS: Thanks to Alex Savguira for help.