Server PPPoE+PPTP VPN+Radius+MySQL+WebNasAdmin for linux 全攻略

[psac]

Server PPPoE+PPTP VPN+Radius+MySQL+WebNasAdmin for linux 全攻略


一直想做個PPPoE Server來玩玩，但苦於資料太少，
前幾天看了dalefirst的那篇後，就迫不及待的開始實驗了，
但發現問題多多，又找了很多資料，終於成功了，
現總結全套安裝方法如下：

操作系統：Red Hat Linux 7.2
內核版本：Kernel 2.4.7-10
linux系統IP：192.168.1.9/24

需要的軟體：
http://temp.u5u5.com/linux/ppp-2.4.1...-mppe-patch.gz
http://temp.u5u5.com/linux/pppd-mppe...in-hooks.patch
http://temp.u5u5.com/linux/pptpd-1.1.3-20030409.tar.gz
http://temp.u5u5.com/linux/pppd-taca...ius-1.4.tar.gz
http://temp.u5u5.com/linux/freeradius-0.9.2.tar.gz
http://temp.u5u5.com/linux/rp-pppoe-3.5.tar.gz
http://temp.u5u5.com/linux/ppp-2.4.1.tar.gz


安裝程序：

1、安裝LINUX，裝的時候注意把下列元件選上：
主軟體包：
C devel
C++ devel
擴展包：
OpenSSL
mysql
mysql-server
mysql-devel
mysql-client9
Apache
php
mod-php
mod-mysql
kernel source
wget
等
一共大概需要800M空間

2、用ROOT登入系統，把需要的軟體用wget等下載到/home/temp/,或者其他目錄也可以，

3、安裝（昇級）PPPD服務
cd /home/temp
tar zxvf ppp-2.4.1.tar.gz
tar zxvf pppd-tacacs+radius-1.4.tar.gz
mv pppd-tacacs+radius ppp-2.4.1/pppd/plugins/
gunzip -d ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
cd ppp-2.4.1
patch -Np1 -i ../ppp-2.4.1-openssl-0.9.6-mppe-patch
patch -Np0 -i ../pppd-mppe-2.4.1-plugin-hooks.patch
./configure
make
make install
cd pppd/plugins/pppd-tacacs+radius/
make
make install
chmod u+s /usr/sbin/pppd

4、安裝PPTPD服務
cd /home/temp
tar zxvf pptpd-1.1.3-20030409.tar.gz
cd poptop
./configure
make
make install

5、安裝freeradius服務
cd /home/temp
tar zxvf freeradius-0.9.2.tar.gz
cd freeradius-0.9.2
./configure --with-experimental-modules \
--with-rlm-sql-lib-dir=/usr/lib/mysql/ \
--with-rlm-sql-include-dir=/usr/include/mysql/
make
make install

6、安裝pppoe服務
cd /home/temp
tar zxvf rp-pppoe-3.5.tar.gz
cd rp-pppoe-3.5/src
./configure
make
make install

配置程序：
1、配置載入的模組
vi etc/modules.conf
--------------------------
alias char-major-108 ppp_generic
alias /dev/ppp ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-13 n_hdlc
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 mppg
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
--------------------------
注意，如果文件前面有文字，請不要去掉，
因為那可能是你的網路卡驅動模組等

2、配置PPTPD服務
cd /etc
vi pptpd.conf
--------------------------
option /etc/ppp/options.pptpd
localip 172.16.10.254
--------------------------
cd /etc/ppp
vi options.pptpd
--------------------------
lock
proxyarp
asyncmap 0
nobsdcomp
nodeflate
-pap
-chap
-chapms
+chapms-v2
#require-mppe
mppe-40
mppe-128
mppe-stateless
ms-wins 192.168.1.1
ms-dns 202.97.224.68
ms-dns 202.102.224.68
plugin radius.so
radius-servers localhost:1812/1813
radius-auth-key testing123
radius-ip-pool 172.16.10.10:172.16.10.100
----------------------------

3、配置PPPOE服務
cd /etc/ppp
vi pppoe-server-options
----------------------------
proxyarp
auth
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
ms-dns 202.97.224.68
ms-dns 202.97.230.4
plugin /usr/lib/pppd/2.4.1/radius.so
plugin /usr/lib/pppd/2.4.1/tacacs.so
radius-servers localhost:1812/1813
radius-auth-key testing123
radius-ip-pool 172.16.10.20:172.16.20.100
--------------------------------

4、建立MYSQL表
safe_mysqld &
mysql -u root -p
mysql>create database radius;
mysql>quit;
mysql -u root -p radius < /home/temp/r.sql
mysql -u root -p radius < /home/temp/freeradius-0.9.2/dialup_admin/sql/badusers.sql
mysql -u root -p radius < /home/temp/freeradius-0.9.2/dialup_admin/sql/mtotacct.sql
mysql -u root -p radius < /home/temp/freeradius-0.9.2/dialup_admin/sql/totacct.sql
mysql -u root -p radius < /home/temp/freeradius-0.9.2/dialup_admin/sql/userinfo.sql

r.sql的內容如下：
---------------------------------
# phpMyAdmin SQL Dump
# version 2.5.3
# http://www.phpmyadmin.net
#
# 主機: localhost
# 產生日期: 2003 年 12 月 23 日 01:54
# 伺服器版本: 3.23.58
# PHP 版本: 4.0.6
#
# 資料庫 : `radius`
#

# --------------------------------------------------------

#
# 表的結構 `radacct`
#

DROP TABLE IF EXISTS `radacct`;
CREATE TABLE `radacct` (
`RadAcctId` bigint(21) NOT NULL auto_increment,
`AcctSessionId` varchar(32) NOT NULL default '',
`AcctUniqueId` varchar(32) NOT NULL default '',
`UserName` varchar(64) NOT NULL default '',
`Realm` varchar(64) default '',
`NASIPAddress` varchar(15) NOT NULL default '',
`NASPortId` int(12) default NULL,
`NASPortType` varchar(32) default NULL,
`AcctStartTime` datetime NOT NULL default '0000-00-00 00:00:00',
`AcctStopTime` datetime NOT NULL default '0000-00-00 00:00:00',
`AcctSessionTime` int(12) default NULL,
`AcctAuthentic` varchar(32) default NULL,
`ConnectInfo_start` varchar(32) default NULL,
`ConnectInfo_stop` varchar(32) default NULL,
`AcctInputOctets` bigint(12) default NULL,
`AcctOutputOctets` bigint(12) default NULL,
`CalledStationId` varchar(50) NOT NULL default '',
`CallingStationId` varchar(50) NOT NULL default '',
`AcctTerminateCause` varchar(32) NOT NULL default '',
`ServiceType` varchar(32) default NULL,
`FramedProtocol` varchar(32) default NULL,
`FramedIPAddress` varchar(15) NOT NULL default '',
`AcctStartDelay` int(12) default NULL,
`AcctStopDelay` int(12) default NULL,
PRIMARY KEY (`RadAcctId`),
KEY `UserName` (`UserName`),
KEY `FramedIPAddress` (`FramedIPAddress`),
KEY `AcctSessionId` (`AcctSessionId`),
KEY `AcctUniqueId` (`AcctUniqueId`),
KEY `AcctStartTime` (`AcctStartTime`),
KEY `AcctStopTime` (`AcctStopTime`),
KEY `NASIPAddress` (`NASIPAddress`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;

#
# 匯出表中的資料 `radacct`
#


# --------------------------------------------------------

#
# 表的結構 `radcheck`
#

DROP TABLE IF EXISTS `radcheck`;
CREATE TABLE `radcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default '',
`Attribute` varchar(32) NOT NULL default '',
`op` char(2) NOT NULL default '==',
`類型` varchar(253) NOT NULL default '',
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) TYPE=MyISAM AUTO_INCREMENT=4 ;

#
# 匯出表中的資料 `radcheck`
#

INSERT INTO `radcheck` (`id`, `UserName`, `Attribute`, `op`, `類型`) VALUES (2, 'pppoe', 'Password', '==', 'pppoe');
INSERT INTO `radcheck` (`id`, `UserName`, `Attribute`, `op`, `類型`) VALUES (3, 'test', 'Password', '==', 'test');

# --------------------------------------------------------

#
# 表的結構 `radgroupcheck`
#

DROP TABLE IF EXISTS `radgroupcheck`;
CREATE TABLE `radgroupcheck` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default '',
`Attribute` varchar(32) NOT NULL default '',
`op` char(2) NOT NULL default '==',
`類型` varchar(253) NOT NULL default '',
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) TYPE=MyISAM AUTO_INCREMENT=3 ;

#
# 匯出表中的資料 `radgroupcheck`
#

INSERT INTO `radgroupcheck` (`id`, `GroupName`, `Attribute`, `op`, `類型`) VALUES (1, 'dynamic', 'Auth-Type', ':=', 'Local');
INSERT INTO `radgroupcheck` (`id`, `GroupName`, `Attribute`, `op`, `類型`) VALUES (2, 'static', 'Auth-Type', ':=', 'Local');

# --------------------------------------------------------

#
# 表的結構 `radgroupreply`
#

DROP TABLE IF EXISTS `radgroupreply`;
CREATE TABLE `radgroupreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`GroupName` varchar(64) NOT NULL default '',
`Attribute` varchar(32) NOT NULL default '',
`op` char(2) NOT NULL default '=',
`類型` varchar(253) NOT NULL default '',
`prio` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`),
KEY `GroupName` (`GroupName`(32))
) TYPE=MyISAM AUTO_INCREMENT=6 ;

#
# 匯出表中的資料 `radgroupreply`
#

INSERT INTO `radgroupreply` (`id`, `GroupName`, `Attribute`, `op`, `類型`, `prio`) VALUES (1, 'dynamic', 'Service-Type', '=', 'Framed-User', 0);
INSERT INTO `radgroupreply` (`id`, `GroupName`, `Attribute`, `op`, `類型`, `prio`) VALUES (2, 'dynamic', 'Framed-Protocol', '=', 'PPP', 0);
INSERT INTO `radgroupreply` (`id`, `GroupName`, `Attribute`, `op`, `類型`, `prio`) VALUES (3, 'static', 'Framed-IP-Netmask', '=', '255.255.255.0', 0);
INSERT INTO `radgroupreply` (`id`, `GroupName`, `Attribute`, `op`, `類型`, `prio`) VALUES (4, 'static', 'Framed-Protocol', '=', 'PPP', 0);
INSERT INTO `radgroupreply` (`id`, `GroupName`, `Attribute`, `op`, `類型`, `prio`) VALUES (5, 'static', 'Service-Type', '=', 'Framed-User', 0);

# --------------------------------------------------------

#
# 表的結構 `radreply`
#

DROP TABLE IF EXISTS `radreply`;
CREATE TABLE `radreply` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default '',
`Attribute` varchar(32) NOT NULL default '',
`op` char(2) NOT NULL default '=',
`類型` varchar(253) NOT NULL default '',
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) TYPE=MyISAM AUTO_INCREMENT=2 ;

#
# 匯出表中的資料 `radreply`
#

INSERT INTO `radreply` (`id`, `UserName`, `Attribute`, `op`, `類型`) VALUES (1, 'test', 'Framed-IP-Address', '=', '172.16.15.10');

# --------------------------------------------------------

#
# 表的結構 `usergroup`
#

DROP TABLE IF EXISTS `usergroup`;
CREATE TABLE `usergroup` (
`id` int(11) unsigned NOT NULL auto_increment,
`UserName` varchar(64) NOT NULL default '',
`GroupName` varchar(64) NOT NULL default '',
PRIMARY KEY (`id`),
KEY `UserName` (`UserName`(32))
) TYPE=MyISAM AUTO_INCREMENT=4 ;

#
# 匯出表中的資料 `usergroup`
#

INSERT INTO `usergroup` (`id`, `UserName`, `GroupName`) VALUES (2, 'pppoe', 'dynamic');
INSERT INTO `usergroup` (`id`, `UserName`, `GroupName`) VALUES (3, 'test', 'static');
---------------------------------------
5、配置freeradius服務
cd /usr/local/etc/raddb/
vi sql.conf
把裡面的MYSQL密碼改成你的密碼
vi radius.conf
按照下面樣子修改你的文件，
就是在某些字串串前面加#，
然後在某些地方加入一行sql字串串即可
---------------------------------------
authorise {
preprocess
chap
mschap
#counter
#attr_filter
#eap
suffix
sql
#files
#etc_smbpasswd
}

authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP{
mschap
}
#pam
#unix
#authtype LDAP {
# ldap
#}
}

preacct {
preprocess
suffix
#files
}

accounting {
acct_unique
detail
#counter
unix
sql
radutmp
#sradutmp
}

session {
radutmp
}
----------------------------------

6、配置WebNasAdmin
cp -r /home/temp/freeradius-0.9.2/dialup_admin /usr/local/dialup_admin
ln -s /usr/local/dialup_admin/htdocs dialup_admin
vi /usr/local/dialup_admin/conf/admin.conf
把general_radiusd_base_dir: /usr/local/radiusd
改成general_radiusd_base_dir: /usr/local/etc/raddb

把general_test_account_password: testpass
改成general_test_account_password: test

把general_radius_server_auth_proto: pap
改成general_radius_server_auth_proto: chap

把general_radius_server_secret: XXXXXX
改成general_radius_server_secret: testing123

把general_encryption_method: crypt
改成general_encryption_method: clear

把下面文字前面加#
nas1_name: nas1.%{general_domain}
nas1_model: Cisco 2511 access server
nas1_ip: 147.122.122.121
nas1_port_num: 16
nas1_community: public
nas2_name: nas2.%{general_domain}
nas2_model: Cisco 2511 access server
nas2_ip: 147.122.122.123
nas2_port_num: 16
nas2_community: public
nas2_finger_type: database
nas3_name: nas3.%{general_domain}
nas3_model: Cisco 5300 access server
nas3_ip: 147.122.122.124
nas3_port_num: 210
nas3_community: public

然後加入下面文字
nas1_name: nas1.GetWall
nas1_model: PxSoft PPPoE Server
nas1_ip: 127.0.0.1
nas1_port_num: 64
nas1_community: public

把下面兩行
sql_username: dialup_admin
sql_password: XXXXXX
改成
sql_username: root
sql_password:

重新啟動系統進行測試：
1、測試freeradius
rc.radiusd start
radtest test test localhost 0 testing123
如果伺服器返回如下，說明freeradius工作正常
Sending Access-Request of id 137 to 127.0.0.1:1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = local6
# NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=137, length=44
# Framed-IP-Address = 172.16.15.10
# src/Framed-IP-Netmask = 255.255.255.0
# Framed-Protocol = PPP
# If yoService-Type = Framed-User
否則，請仔細檢查你的radius配置

2、測試pptpd
pptpd
然後用WIN2K等電腦建立個VPN連接，
用戶名和密碼都寫test，
能連上，說明正常

3、測試pppoe
pppoe-server -L 172.16.20.254 -N 10 -I eth0
然後找個機器裝個RASPPPOE或ENTERNET 300/500軟體，
用戶名和密碼都寫pppoe，
能連上，說明正常

4、測試WebNasAdmin
開啟瀏覽器輸入http://192.168.1.9/admin
各個選項都點下，能顯示，則正常

好了，一切OK，
最後建立個啟動檔案
cd /
vi pxsrv
-------------------------------
/usr/local/sbin/pptpd
/usr/local/sbin/radiusd
pppoe-server -L 172.16.10.254 -N 64 -I eth0
--------------------------------
chmod 700 pxsrv
之後執行pxsrv即可
如果想開機自動啟動，編輯下面文件
vi /etc/rc.d/rc.local
加入/pxsrv
儲存即可

---------------------------------
如果你想要使用內核PPPoE，方法如下：
cd /usr/src/linux-2.4
make menuconfig
進入network device support——>
把下面的選上
[ ] ppp over Ethernet (experimental)
讓其變成
[M] ppp over Ethernet (experimental)
然後退出
make dep
make bzImage
make modules
make modules_install
cd arch/i386/boot
cp bzImage /boot/kernelnew
cd /boot
mkinitrd initrdnew.img 2.4.7-10
vi grub/grub.conf
在下面加上
-----------------------------
title Red Hat new
root (hd0,0)
kernel /boot/kernelnew ro root=/dev/hda1
initrd /boot/initrd.img
-----------------------------
儲存，退出
然後重新啟動，選Red Hat new
然後重複安裝程序的6即可
啟動PPPOE-SERVER時，要加-k參數

歡迎轉載，轉載請著名作者信息

鳳凰