Toughradius and Linux PPTP docking

Take UBUNTU14 as an example, talk about PPTP docking Toughradius

Installing the PPTPD Service

sudo apt-get update-ysudo apt-get install-y pptpd iptables libfreeradius-client2 Libfreeradius-client-dev

If the/etc/radiusclient directory does not exist, establish a RADIUS configuration directory link

Ln-s/usr/local/etc/radiusclient/etc/radiusclient

Configuring PPTPD and Radius

Modifying a configuration file/etc/pptpd.conf

Option/etc/ppp/pptpd-options#debug#stimeout 10logwtmp#bcrelay eth1#delegate#connections 100localip 10.79.97.1remoteip 10.79.97.10-200

Modify the configuration file/etc/ppp/pptpd-options, note that the Maschapv2 authentication method is used, and the mppe128 bit encryption mode is used.

Name pptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128# Network and Routingms-dns 8.8.8.8ms-dns 8.8.4.4proxyarpnodefaultroute#logging#debug#dump#logfile/var/log/pptpd.log# miscellaneouslocknobsdcompnovjnovjccomp#nologfdplugin/usr/lib/pppd/2.4.5/radius.soplugin/usr/lib/pppd/2.4.5/ Radattr.soradius-config-file/etc/radiusclient/radiusclient.conf

To configure/etc/radiusclient/radiusclient.conf, note Configure Authserver,acctserver as your actual RADIUS server address and port.

Auth_order radiuslogin_tries 4login_timeout 60nologin/etc/nologinauthserver radius.toughctruc.net:1812acctserver radius.toughctruc.net:1813servers/etc/radiusclient/serversdictionary/etc/radiusclient/dictionaryseqfile/var/ Run/radius.seqmapfile/etc/radiusclient/port-id-mapdefault_realmradius_timeout 10radius_retries 3login_local/bin/ Login

If/etc/radiusclient/port-id-map does not exist, create an empty file

echo "" >/etc/radiusclient/port-id-map

Configure the RADIUS server and shared key/etc/radiusclient/servers

Radius.toughstruct.net testing123

In order to support MSCHAPv2 certification, you need to add Dictionary.microsoft dictionary, modify the dictionary file/etc/radiusclient/dictionary, at the end must add:

Include/etc/radiusclient/dictionary.microsoft

If the directory does not have this dictionary, you can download: Https://raw.githubusercontent.com/talkincode/ToughVPN/master/radius/dictionary/dictionary.microsoft

Modify firewall configuration and modify kernel forwarding support

Note that the IP address is consistent with the configuration in the/etc/pptpd.conf

Iptables-t nat-a postrouting-s 10.79.97.0/24-o eth0-j masqueradeiptables-a forward-s 10.79.97.0/24-p tcp-m TCP-- Tcp-flags fin,syn,rst,ack syn-j Tcpmss--SET-MSS 1356

Set up kernel forwarding support

Sysctl-w net.ipv4.ip_forward=1

Start the PPTPD service

Service PPTPD Start

Configure Toughradius

In the Toughradius system, PPTP needs to be added as an access device, and a standard configuration can be added to the BAS information management.

Increase the tariff, add user information, then you can dial test.

During the dialing process, you can debug through user message tracking or system log viewing, and when using MSCHAPv2 authentication, the user message must have two specific properties: Ms-chap-challenge and Ms-chap2-response, if the user does not have this attribute in the message, The possible causes are:

• PPTP service is not configured for REQUIRE-MSCHAP-V2 and require-mppe-128

• System kernel does not support MPPE

• did not join Dictionary.microsoft

• If there is no problem above, try to modify require-mppe-128 to Require-mppe

Precautions

To support MSCHAPv2, the system kernel is required to support MPPE and input instructions:

Modprobe ppp-compress-18 && Echo OK

If the output is OK, the system kernel supports it.

During the test, you can turn on the Debug collection log for diagnostics, and with the RADIUS server logs.

For more help, please refer to http://poptop.sourceforge.net/dox/

Alternatively, you can focus on our Open source project: Https://github.com/talkincode/ToughVPN, a project that plans to achieve a simpler one-click installation and common sense Docker mode deployment.

This article is from the "toughstruct" blog, make sure to keep this source http://jamiesun.blog.51cto.com/7142358/1767644

Toughradius and Linux PPTP docking