|
Ключевые слова: pppoe, fedora, linux, vpn, dialup, radius, (найти похожие документы)
From: Evgeny Ruvinov <evgeny at i-p-hi.com> Newsgroups: email Date: Mon, 22 Sep 2004 14:31:37 +0000 (UTC) Subject: Настройка PPPoE сервера на базе Fedora Core1-2 Linux PPPoE Configuration on FC1/FC2 HOWTO HOWTO - Configuration bundle: PPPoE + MySQL + FreeRADIUS + DialUp Admin on Fedora Core1-2. Author: Evgeny Ruvinov. ([email protected]), 2004 ________________________________________ Table of Contents 1. Predefaults. 2. Installing and configure MySQL server. 3. PPPoE server configuration. 4. Installing DialUp-Admin. Chapter 1. Predefault. ---------------------- We have a server with two network cards. Our settings for example: WAN: 80.178.114.158 (Mask 255.255.255.252 Network 80.178.114.156 Router 80.178.114.157). LAN: 192.168.10.1 (Mask 255.255.255.0) This is only examples - put there your static WAN and LAN IPs, MASKs and GATEs Our domain: yourdomain.com Server DN your_DNS_server_IP We want to install distributive Fedora Core 1 with next services: - Radius: Freeradius-0.9.3-1.1 - SQL: MySQL-3.23.58-4 - PPPoE-Server: rp-pppoe-3.5-8 Chapter 2. Installing and configure MySQL server. ------------------------------------------------- First of all you shell check what mysql packages you have install. # rpm -qa | grep mysql at list you have get 3 packages: mysql-3.23.58-4 mysql-server-3.23.58-4 mysql-devel-3.23.58-4 freeradius-mysql-0.9.3-1.1 or newer. Very important to secure mysql root account. # mysqladmin password newpassword (Sure, instead "newpassword" you have to insert YOUR new root password) Open new database called radius. # mysqladmin -uroot -pnewpassword create radius Where "newpassword" - is password for root user of radius Open new user for radius database administration called radiusadmin and give appropriative privileges for this account. # mysql -uroot -p Enter password: ****** mysql> GRANT ALL PRIVILEGES ON radius.* TO "radiusadmin"@"localhost" ->IDENTIFIED BY "radiuspassword" WITH GRANT OPTION; mysql> exit Where "radiuspassword" is your password for user radiusadmin. # /etc/rc.d/init.d/mysqld start Chapter 3. FreeRadius server installation, and configuration to work through MySQL DB. ---------------------------------------------------------------------------- First of all you shell check what freeradius packages you have install. # rpm -qa | grep freeradius at list you have get two packages: freeradius-0.9.3-1.1 freeradius-mysql-0.9.3-1.1 or newer. After that you have to do some changes in configuration files: open /etc/raddb/clients.conf At the end of this file add: client 192.168.10.0/24 { secret = mysecret #sure you have to change secret shortname = mynetwork } open /etc/rcd/raddb/sql. driver = "rlm_sql_mysql" #check that you point to this driver login = "radiusadmin" #change to your sql root user password = "radiuspassword" #change to your sql root password open /etc/rcd/raddb/radiusd.conf Change: user: root group: root port = 1812 log_auth = yes log_auth_badpass = yes In authorize module add sql between suffix and files In accounting module add sql between unix and radutemp Now you have to get freeradius source from Freeradius download page: ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz Untarring freeradius: # tar -xvpf freeradius-0.9.3.tar.gz -C /usr/src/ The files are extracted from tarball and moving to /usr/src/ source directory. Now we have to change radius database: # mysql -uradiusadmin -pradiuspassword radius < /usr/src/freeradius-0.9.3/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql Now we need to add and configure user group or groups in MySQL database for radius requirements (for example we open group called dialup). Open database radius and change a few tables: In table radgroupcheck we add: id GroupName Attribute Value op 12 dialup Auth-Type PAP := In table radgroupreply we add: id GroupName Attribute Value op 5 dialup Service-Type Framed-User := 6 dialup Framed-Protocol PPP := 7 dialup Framed-MTU 1472 := 8 dialup Framed-Compression Van-Jacobsen-TCP-IP := 9 dialup Framed-IP-Address 255.255.255.254 := 10 dialup Framed-IP-Netmask 255.255.255.255 := 13 dialup Framed-Routing Broadcast-Listen := 19 dialup Idle-Timeout 600 := 20 dialup Session-Timeout 14400 := 18 dialup Port-Limit 1 := Chapter 4. PPPoE server configuration. -------------------------------------- First of all we have to upgrade the original ppp package, because of this package don"t consist radiusclient and it have problem with rp-pppoe.so plug-in. # rpm -Uvh ppp-2.4.3-0.cvs_20040527.fc1.3.i386.rpm And we"ll install a few packages: # rpm - Uvh ppp-devel-2.4.3-0.cvs_20040527.fc1.3.i386.rpm # rpm - Uvh ppp-radius-2.4.3-0.cvs_20040527.fc1.3.i386.rpm # rpm - Uvh radiusclient-2.4.3-0.cvs_20040527.fc1.3.i386.rpm # rpm - Uvh radiusclient-devel-2.4.3-0.cvs_20040527.fc1.3.i386.rpm You can get it in: http://www.i-p-hi.co.il:8080/files/ Open file /etc/radiusclient/servers Insert next rows: localhost mysecret 80.178.114.158 mysecret yourserver.yourdomail.com mysecret Pay attention that "mysecret" is your radius secret. Open file /etc/radiusclient/radiusclient.conf Change row: authserver: 127.0.0.1 to authserver 80.178.114.158 Now we have to configure ppp-pppoe service Open file /etc/ppp/pppoe-server-options and write: # PPP options for the PPPoE server # LIC: GPL debug mtu 1472 mru 1472 require-pap default-asyncmap proxyarp ktune lcp-echo-interval 20 lcp-echo-failure 2 ms-dns your_first_dns_server_IP ms-dns your_second_dns_server_IP plugin radius.so nobsdcomp noccp noendpoint noipdefault noipx novj receive-all Create file /etc/rc.d/init.d/pppoed --------------------------------- #!/bin/bash # init file for rp-pppoe server # # description: PPPOE kernel mode server # # processname: pppoe-server # chkconfig: - 45 45 # source function library . /etc/rc.d/init.d/functions case "$1" in start) echo -n "Starting PPPOE server: " daemon /usr/sbin/pppoe-server -k -s -I eth0 -L 192.168.10.1 -R 192.168.10.100 #Here eth0 - your pppoe server interface #192.168.10.1 - IP of PPPoE server #192.168.10.100 - First IP number of your client touch /var/lock/subsys/pppoed echo ;; stop) echo -n "Shutting down PPPOE server: " killproc pppoe-server rm -f /var/lock/subsys/pppoed echo ;; restart) $0 stop $0 start ;; status) status pppoe-server ;; *) echo "Usage: pppoed {start|stop|restart|status}" exit 1 esac exit 0 --------------------------------- Now change permission for pppoed: # chmod +x pppoed Start pppoed server: # /etc/rc.d/init.d/pppoed start Chapter 5. Installing DialUp-Admin. ----------------------------------- First of all download last version of dialup_admin : http://sourceforge.net/project/showfiles.php?group_id=24332&package_id=16572&release_id=136886 Packet dialup_admin-1.62.tar.gz : http://prdownloads.sourceforge.net/dialup-admin/dialup_admin-1.62.tar.gz?download Open: # tar -xvzf dialup_admin-1.62.tar.gz -C /usr/local Open file /etc/httpd/conf/httpd.conf Add there next rows: Alias /dialup_admin/ "/usr/local/dialup_admin/htdocs/" <Directory "/usr/local/dialup_admin/htdocs"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> and restart Apache server: # /etc/rc.d/init.d/httpd restart To do some changes Now we shell configure dialup_admin Open file /usr/local/dialup_admin/conf/admin.conf and change next rows: general_prefered_lang: default general_prefered_lang_name: English general_domain: yourdomain.com general_test_account_login: test general_test_account_password: testpass sql_username: radiusadmin sql_password: radiuspassword Now we have to do some changes in MySQL database: # mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/baduser.sql # mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/mtotacct.sql # mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/totacct.sql # mysql -uradiusadmin -pradiuspassword radius < /usr/local/dialup_admin/sql/userinfo.sql So, now we"ve finished all our configurations. For creation user go to: http://yourserver.yourdomain/dialup_admin/ After creating pppoe user you can open pppoe connection on client computer. PS: Thanks to Alex Savguira for help.
|
Обсуждение | [ RSS ] |
|
Добавить комментарий |
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |