原版英文介绍如下
Welcome to the ACCEL-PPP Open Source Project
ACCEL-PPP is a high performance VPN server application for linux.
Its goal is aggregation of various popular VPN techniques to a single application.
There are many open source projects which provides VPN services,
but they are specialized to a specific VPN technique: only PPPoE, only PPtP, only L2TP.
And you have to learn, configure and manage each one separately to build multi-service VPN server.
With ACCEL-PPP you have all-in-one with single configuration, single management, single monitoring.
Core features are:
- PPTP server
- L2TPv2 server
- PPPoE server
- Radius including CoA/DM(PoD)
- Built-in shaper (tbf)
- Command line interface (telnet)
- SNMP agent
- IPv6 including builtin Neighbor Discovery and DHCPv6
来自http://sourceforge.net/apps/trac/accel-ppp/wiki
由于accel-ppp需要内核支持,并且内核版本在2.6.25以上
ubuntu 10.04 11.10内核版本都高于2.6.25
所需依赖软件如下
Requirements
- modern linux distribution
- kernel-2.6.25 or later
- cmake-2.6 or later
- libnl-2.0 or later (for builtin shaper)
- libcrypto-0.9.8 or later (openssl-0.9.8)
- libpcre
- net-snmp-5.x (for snmp)
以ubuntu 11.10 server为例,记录一下安装过程
一、安装依赖软件
二、下载安装accel-ppp
bzip2 -d accel-ppp-1.6.1.tar.bz2
tar xvf accel-ppp-1.6.1.tar
cd accel-ppp-1.6.1
mkdir build_flw521521
cd build_flw521521
cmake [-DBUILD_DRIVER=FALSE] [-DKDIR=/usr/src/linux-headers-3.0.0-12] [-DCMAKE_INSTALL_PREFIX=/usr/l ocal] [-DCMAKE_BUILD_TYPE=Release] [-DLOG_PGSQL=FALSE] [-DSHAPER=FALSE] [-DRADIUS=TRUE ] [-DNETSNMP=FALSE] ..
make
make install
源代码目录下有个README文件,里面有很详细的安装步骤
上述把radius模块是编译进去了,后期配置文件里可以直接利用radius模块进行radius验证功能
三、配置accel-ppp
安装完成后,在/etc目录下有个accel-ppp.conf.dist文件,复制一下
去掉注释后,能够正常使用的配置如下
log_file
pptp
l2tp
auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap
#radius
chap-secrets
ippool
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
lcp-echo-interval=30
lcp-echo-failure=3
[auth]
[pptp]
verbose=1
[pppoe]
interface=eth0
verbose=1
[l2tp]
verbose=1
[dns]
dns1=218.108.248.200
dns2=8.8.4.4
[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=192.168.4.134
gw-ip-address=172.20.0.1
auth-server=192.168.4.132:1812,testing123
acct-server=192.168.4.132:1813,testing123
verbose=1
timeout=3
max-try=3
acct-timeout=120
acct-delay-time=0
[client-ip-range]
disable
[ip-pool]
gw-ip-address=172.20.0.1
172.20.0.100-199
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=3
[log-pgsql]
conninfo=user=log
log-table=log
[pppd-compat]
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1
[chap-secrets]
chap-secrets=/etc/ppp/chap-secrets
[shaper]
up-limiter=police
down-limiter=tbf
verbose=1
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
fc00:0:1::/48,64
delegate=fc00:1::/36,48
[ipv6-dns]
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1
/etc/chap-secrets文件类容如下
要使用/etc/chap-secrets验证还是radius验证,在一开始的[modules]选择响应的即可
四、启动accel-ppp
需要先加载内核模块,执行
需要内核编译l2tp_core和l2tp_ppp
开启转发,nat转换
echo 1 > /proc/sys/net/ipv4/ip_forward
命令行执行
即可,-d是开在后台,去掉此参数即是开在前台,但是开前台也没什么log输出
启动后,分别监听在tcp 1723和udp 1701端口 (配置文件只开启pptp、l2tp)