How to Create a PPPOE server in Linux

Source: Internet
Author: User
Tags freeradius
Article Title: How to Create a PPPOE server in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
How to Create a PPPOE server in Linux
Environment creation:
Operating System: Upgrade DEBIAN 2.2 to 3.0
Inner Core: 2.4.18
Hardware environment: Sai Yang 3 1.1G, memory 128 M, hard disk 40G, Motherboard chipset 694 T
Card: ati rage iic (4 M)
PPPOE server: RP-PPPOE 3.4.1
RADIUS server: FREERADIUS 0.8
Data Base: MYSQL 3.23.56
The establishment of PPPOE server authentication is divided into three authentication methods, the first method is the text authentication method based on the RP-PPPOE, the second method is the text authentication method based on the RADIUS Authentication Server, the third method is MYSQL-based database authentication.
  
   I. Compile the kernel
To create a PPPOE server, in addition to supporting PPP, the kernel also needs to support PPPOE. However, in 2.4.18, You need to enable the immature code of the kernel. The Kernel configuration is as follows:
Code maturity level options -->
[*] Prompt for development and/or incomplete code/drivers
Networking options -->
[*] Packet socket
[*] Packet socket: mmapped io
Network device support -->
[*] Ppp (point-to-point protocol) support
[*] Ppp multilink support (experimental)
[*] Ppp filtering
[*] Ppp support for async serial ports
[*] Ppp support for sync tty ports
[*] Ppp deflate compression
[*] Ppp bsd-compress compression
[*] Ppp over Ethernet (experimental)
Character devices -->
[*] Non-standard serial port support
[*] Hdlc line discipline support
Edit/etc/modules. conf (redhat is like conf. modules). Add the following lines if not:
• Alias char-major-108 ppp_generic
• Alias/dev/ppp ppp_generic
• Alibaba tty-ldisc-3 ppp_async
• Alias tty-ldisc-13 n_hdlc
• Alias tty-ldisc-14 ppp_synctty
• Alias ppp-compress-21 bsd_comp
• Alibaba ppp-compress-24 ppp_deflate
• Alibaba ppp-compress-26 ppp_deflate
After that, you can create a PPP dial-up server.
  
   2. Create a PPP Server
Before creating a dial-up server, make sure that you have enabled the IP forwarding function in the kernel:
Echo "1">/proc/sys/net/ipv4/ip_forward
It is easy to compile the PPP server by taking the following steps:
• Use configure
• Use make to compile PPPD. The following parameters are important. To support windows clients, add the option USE_MS_DNS = 1 during compilation. If your system shadow is used, you should use make HAS-SHADOW = 1 to indicate that the shadow password is supported.
• After compilation, pppd, pppdump, chat, and pppstats files will be generated and installed using make install.
• Modify the pppd access permission to allow the root user to start the service process
Chmod u + s/usr/sbin/pppd
  
   3. Create a PPPOE Server
Cd/rp-pppoe-3.4/src
./Configure
Make
Make install
Start the PPPOE process:
Pppoe-server? L 10.0.0.1? R 10.0.0.2? N 64? K-u
-L: IP address of the PPPOE Server
-R: Specifies the IP address range allocated to the client by the PPPOE dial-in server.
-N: Number of allowed clients to dial in simultaneously (the default value is 64, and the maximum value is 65534)
-K: Kernel Mode (but it seems that it cannot be used)
Modify/etc/ppp/options to see if there are any of the following lines. If not, add them:
Local
Repaire-pap
Login
Auth
Defaultroute
Hide-password
Ipcp-accept-local
Ipcp-accept-remote
10.0.0.1: 10.0.0.255
Netmask 255.255.255.0
Ms-dns 10.0.0.1
Modify/etc/ppp/pppoe-server-options and comment out all rows.
Add a user to/etc/ppp/pap-secrets. For example, add a user luo with a password of 123456. you can dial in from any location:
# Client server secret ip addresses
Luo * "123456 "*
Set windows User name: luo password: 123456. If the connection is successful, proceed to the next step.
  
   4. Create a RADIUS Authentication Server
Freeradius-0.81/cd
./Configure
Make
Make install
Edit/usr/local/etc/raddb/clients and enter the IP address and serect of your NAS (Network Authentication Server). In this example, NAS is the local server and serect is linux, which looks as follows:
Localhost linux
Edit/usr/local/etc/raddb/clients. conf and add the following lines:
Client 127.0.0.1 {
Secret = linux
Shortname = localhost
}
Nastype = other
Edit/usr/local/etc/raddb/naslist and add:
Localhost local
Edit/usr/local/etc/raddb/users, add the user: luo, password: 123456, and display as follows:
Luo Auth-Type: = local, User-Password = "123456"
Service-Type: = Framed-User,
Framed-Protocol = PPP
Framed-IP-Address: = 10.0.0.2
Framed-IP-Netmask: = 255.255.255.0
Start the RADIUS service and test the account
Start debugging mode
RADIUS? X
Test the account
Radtest luo 123456 localhost 0 linux
If you can see the response, the RADIUS is set successfully.
To enable the PPPD process to use RADIUS for authentication, add the RADIUS Authentication plug-in.
Cp radius. so/usr/lib
Edit/etc/ppp/options and add the following to the file:
Plugin/usr/lib/radius. so
Radius-servers localhost: 1812/1813
Radius-auth-key linux
Radius-ip-pool 10.0.0.2: 10.0.0.255
Run the client to log on. If the authentication succeeds
  
   V. Create a MYSQL Server
Tar zxvf mysql-3.23.56.tar.gz
Cd mysql-3.23.56
./Configure
Make
Make install
Cd script
./Mysql_install_db
/Usr/local/bin/safe_mysqld &
Install the RADIUS Database
Cd freeradius-0.81/src/modules/rlm_ SQL/drivers/rlm_ SQL _mysql
Mysql? U root? P password radius Edit/usr/local/etc/raddb/radius. conf to support SQL statements. The modification is as follows:
Authorize {
Preprocess
Chap
Mschap
Suffix
SQL
}
Accounting {
......
SQL
......
}
Modify SQL. conf as follows:
Server = "loclahost" login = "root" password = "mysql root password"
  
Join group account
Mysql? U root? P password radius
Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'auth-type', ': =', 'local ');
Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'service-type', ': =', 'framed-user ');
Insert into radgroupreply (groupname, attribute, op, value) values
('User', 'framed-IP-netmask', ': =', '2017. 255.255.0 ');
# Set the mask of the dial-in user. In this example, only the PPPOE service is available, so it can be set the same as that in options.
Add a user account:
Insert into radcheck (username, attribute, op, value) values
('Luo', 'user-password', ': =', '000000 ');
Add a user account to a group account
Insert into usergroup (username, groupname) values ('luo', 'user ');
If you are prompted that the rlm_ SQL _mysql file cannot be found, then:
Cp/usr/local/lib/usr/lib
Test:
Radtest luo 123456 localhost 0 linux
OK when you see the response!
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.