搭建基于accel-ppp的VPN服务器

原版英文介绍如下

Welcome to the ACCEL-PPP Open Source Project

ACCEL-PPP is a high performance VPN server application for linux.
Its goal is aggregation of various popular VPN techniques to a single application.
There are many open source projects which provides VPN services,
but they are specialized to a specific VPN technique: only PPPoE, only PPtP, only L2TP.
And you have to learn, configure and manage each one separately to build multi-service VPN server.
With ACCEL-PPP you have all-in-one with single configuration, single management, single monitoring.

Core features are:

• PPTP server
• L2TPv2 server
• PPPoE server
• Radius including CoA/DM(PoD)
• Built-in shaper (tbf)
• Command line interface (telnet)
• SNMP agent
• IPv6 including builtin Neighbor Discovery and DHCPv6

来自http://sourceforge.net/apps/trac/accel-ppp/wiki

由于accel-ppp需要内核支持，并且内核版本在2.6.25以上

ubuntu 10.04 11.10内核版本都高于2.6.25

所需依赖软件如下

Requirements

• modern linux distribution
• kernel-2.6.25 or later
• cmake-2.6 or later
• libnl-2.0 or later (for builtin shaper)
• libcrypto-0.9.8 or later (openssl-0.9.8)
• libpcre
• net-snmp-5.x (for snmp)

以ubuntu 11.10 server为例，记录一下安装过程

一、安装依赖软件

写道

apt-get install cmake libnl2 libnl2-dev libssl0.9.8 libpcre3-dev snmpd

二、下载安装accel-ppp

写道

wget http://nchc.dl.sourceforge.net/project/accel-ppp/accel-ppp-1.6.1.tar.bz2

bzip2 -d accel-ppp-1.6.1.tar.bz2

tar xvf accel-ppp-1.6.1.tar

cd accel-ppp-1.6.1

mkdir build_flw521521

cd build_flw521521

cmake [-DBUILD_DRIVER=FALSE] [-DKDIR=/usr/src/linux-headers-3.0.0-12] [-DCMAKE_INSTALL_PREFIX=/usr/l ocal] [-DCMAKE_BUILD_TYPE=Release] [-DLOG_PGSQL=FALSE] [-DSHAPER=FALSE] [-DRADIUS=TRUE ] [-DNETSNMP=FALSE] ..

make

make install

源代码目录下有个README文件，里面有很详细的安装步骤

上述把radius模块是编译进去了，后期配置文件里可以直接利用radius模块进行radius验证功能

三、配置accel-ppp

安装完成后，在/etc目录下有个accel-ppp.conf.dist文件，复制一下

写道

cp /etc/accel-ppp.conf.dist /etc/accel-ppp.conf

去掉注释后，能够正常使用的配置如下

写道

[modules]
log_file
pptp
l2tp
auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap
#radius
chap-secrets
ippool

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
lcp-echo-interval=30
lcp-echo-failure=3

[auth]

[pptp]
verbose=1

[pppoe]
interface=eth0
verbose=1

[l2tp]
verbose=1

[dns]
dns1=218.108.248.200
dns2=8.8.4.4

[radius]
dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=192.168.4.134
gw-ip-address=172.20.0.1
auth-server=192.168.4.132:1812,testing123
acct-server=192.168.4.132:1813,testing123
verbose=1
timeout=3
max-try=3
acct-timeout=120
acct-delay-time=0

[client-ip-range]
disable

[ip-pool]
gw-ip-address=172.20.0.1
172.20.0.100-199

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=3

[log-pgsql]
conninfo=user=log
log-table=log

[pppd-compat]
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1

[chap-secrets]
chap-secrets=/etc/ppp/chap-secrets

[shaper]
up-limiter=police
down-limiter=tbf
verbose=1

[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001

[snmp]
master=0
agent-name=accel-ppp

[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
fc00:0:1::/48,64
delegate=fc00:1::/36,48

[ipv6-dns]

[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1

/etc/chap-secrets文件类容如下

写道

flw521521 * "flw521521" *

要使用/etc/chap-secrets验证还是radius验证，在一开始的[modules]选择响应的即可

四、启动accel-ppp

需要先加载内核模块，执行

写道

modprobe l2tp_ppp

需要内核编译l2tp_core和l2tp_ppp

开启转发，nat转换

写道

iptables -A POSTROUTING -t nat -s 172.20.0.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

 

命令行执行

写道

accel-pppd -d -c /etc/accel-ppp.conf

即可，-d是开在后台，去掉此参数即是开在前台，但是开前台也没什么log输出

启动后，分别监听在tcp 1723和udp 1701端口 （配置文件只开启pptp、l2tp）