Slackware 12.2 - POPTOP / FreeRADIUS 2.1.8 / MySQL / PPPOE server ================================================================= Public domain ******************************************************************************** NAS Server ---------- ******************************************************************************** ******************************************************************************** ### Installation cd /usr/src wget "http://downloads.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/pptpd-1.3.4.tar.gz?use_mirror=garr" tar zxf pptpd-1.3.4.tar.gz cd pptpd-1.3.4 ./configure && make && make install ******************************************************************************** ### /etc/pptpd.conf ppp /usr/sbin/pppd option /etc/ppp/options.pptpd #debug localip 10.1.1.1 remoteip 10.1.1.2-20 ******************************************************************************** ### /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 proxyarp ms-dns 8.8.8.8 lock nobsdcomp novj novjccomp nologfd ******************************************************************************** ### /etc/ppp/chap-secrets pejman pptpd 123456 * ******************************************************************************** ### /etc/rc.d/rc.pptpd #!/bin/sh # # /etc/rc.d/rc.pptpd # case "$1" in 'start') echo 'Starting pptpd ...' PID=$(pgrep '^pptpd$') if [ "$PID" == "" ] ; then /usr/local/sbin/pptpd else echo "pptpd is already running (PID: $PID) !!!" fi ;; 'stop') echo 'Stoping pptpd ...' killall pptpd ;; 'restart') echo 'Restarting pptpd ...' killall pptpd sleep 2 /usr/local/sbin/pptpd ;; *) echo "Usage: $0 [start|stop|restart]" ;; esac ******************************************************************************** ### Launch ln -sfn /usr/local/lib/pptpd/ /usr/lib/pptpd chmod +x /etc/rc.d/rc.pptpd /etc/rc.d/rc.pptpd start ******************************************************************************** Client Machine -------------- ******************************************************************************** ******************************************************************************** ### pptpclient cd /usr/src wget "http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/pptp-1.7.2.tar.gz" tar zxf pptp-1.7.2.tar.gz cd /usr/src/pptp-1.7.2 make && make install mv /etc/ppp/options.pptp{,.bak} mkdir -p /etc/ppp/peers ******************************************************************************** ### /etc/ppp/options.pptp lock noauth nobsdcomp nodeflate refuse-eap proxyarp #persist maxfail 0 #debug dump logfd 2 nodetach ******************************************************************************** ### /etc/ppp/chap-secrets pejman pptp 123456 * ******************************************************************************** ### /etc/ppp/peers/pptp-peer pty "pptp 172.16.20.1 --nolaunchpppd" name pejman remotename pptp file /etc/ppp/options.pptp ******************************************************************************** ### Connection pppd call pptp-peer kill -TERM $(cat /var/run/ppp0.pid) ******************************************************************************** Radius Server ------------- ******************************************************************************** ******************************************************************************** ### FreeRADIUS cd /usr/src wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.8.tar.gz tar zxf freeradius-server-2.1.8.tar.gz cd freeradius-server-2.1.8 ./configure --prefix=/usr/local/freeradius && make && make install if ! grep -q freeradius /etc/ld.so.conf ; then echo "/usr/local/freeradius/lib" >> /etc/ld.so.conf fi ldconfig cp /usr/local/freeradius/etc/raddb/users{,.bak-$(date +%F)} ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users pejman User-Password := "123456" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### Launch /usr/local/freeradius/sbin/radiusd -X ******************************************************************************** ### /etc/rc.d/rc.radiusd #!/bin/sh # # /etc/rc.d/rc.radiusd # case "$1" in 'start') echo 'Starting radiusd ...' PID=$(pgrep '^radiusd$') if [ "$PID" == "" ] ; then /usr/local/freeradius/sbin/radiusd else echo "radiusd is already running (PID: $PID) !!!" fi ;; 'stop') echo 'Stoping radiusd ...' killall radiusd ;; 'restart') echo 'Restarting radiusd ...' killall radiusd sleep 2 /usr/local/freeradius/sbin/radiusd ;; *) echo "Usage: $0 [start|stop|restart]" ;; esac ******************************************************************************** ### Launch chmod +x /etc/rc.d/rc.radiusd /etc/rc.d/rc.radiusd start ******************************************************************************** ### Test sed -e 's,\t, ,g' -e 's,#.*,,g' /usr/local/freeradius/etc/raddb/clients.conf | egrep -v '^#|^ *$' echo User-Name = "pejman", User-Password = "123456" | /usr/local/freeradius/bin/radclient 127.0.0.1 auth testing123 /usr/local/freeradius/bin/radtest pejman 123456 127.0.0.1 10 testing123 ******************************************************************************** NAS Server ---------- ******************************************************************************** ******************************************************************************** ### /etc/ppp/options.pptpd . . plugin /usr/lib/pppd/2.4.4/radius.so . . ******************************************************************************** ### /etc/radiusclient/servers 127.0.0.1 testing123 ******************************************************************************** ### /etc/radiusclient/dictionary . . ATTRIBUTE CHAP-Challenge 60 string INCLUDE /etc/radiusclient/dictionary.microsoft ******************************************************************************** ### /etc/ppp/chap-secrets #pejman pptpd 123456 * ******************************************************************************** ### Restart /etc/rc.d/rc.pptpd restart ******************************************************************************** Database Server --------------- ******************************************************************************** ******************************************************************************** ### MySQL Initialize mysql_install_db --user=mysql chmod +x /etc/rc.d/rc.mysqld /etc/rc.d/rc.mysqld start ******************************************************************************** ### MySQL Cleanup mysql show databases; drop database test; use mysql; show tables; select * from user; delete from mysql.user where user=''; set password for 'root'@'localhost' = password ('new-password'); set password for 'root'@'127.0.0.1' = password ('new-password'); set password for 'root'@'HOSTNAME' = password ('new-password'); exit mysql -p ******************************************************************************** ### /etc/rc.d/rc.mysqld #SKIP="--skip-networking" ******************************************************************************** ### Restart /etc/rc.d/rc.mysqld restart nmap 127.0.0.1 netstat -tunapo | grep mysql ******************************************************************************** ### radius database create database radius; use radius; source /usr/local/freeradius/etc/raddb/sql/mysql/schema.sql; show tables; ******************************************************************************** ### new group use radius; INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Compression','Van-Jacobson-TCP-IP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Protocol', 'PPP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Service-Type', 'Framed-User' ); ******************************************************************************** ### new user use radius; INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('pejman', 'normalusers', 1); INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('pejman', 'Password', '123456'); INSERT INTO radreply (UserName, Attribute, Value) VALUES ('pejman', 'Framed-IP-Address', '172.16.3.33'); ******************************************************************************** Radius Server ------------- ******************************************************************************** ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users # pejman Cleartext-Password := "123456" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### /usr/local/freeradius/etc/raddb/radiusd.conf ~~ . . $INCLUDE sql.conf . . ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sql.conf . . sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" #port = 3306 login = "root" password = "123456" radius_db = "radius" . . ******************************************************************************** ### Backup cp /usr/local/freeradius/etc/raddb/sites-available/default{,.bak} ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sites-available/default authorize { preprocess chap mschap suffix sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } preacct { preprocess acct_unique suffix } accounting { detail unix radutmp sql attr_filter.accounting_response } session { radutmp sql } post-auth { sql exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } ******************************************************************************** ### Restart /etc/rc.d/rc.radiusd restart ******************************************************************************** PPPOE Server ------------ ******************************************************************************** ******************************************************************************** ### Commands mv /etc/ppp/options{,.bak} mv /etc/ppp/pppoe-server-options{,.bak} ******************************************************************************** ### /etc/ppp/options lock ******************************************************************************** ### /etc/ppp/pppoe-server-options require-chap noipdefault mru 1492 mtu 1492 lcp-max-configure 60 lcp-restart 2 lcp-echo-interval 30 lcp-echo-failure 4 idle 0 noipx proxyarp ms-dns 8.8.8.8 plugin radius.so plugin radattr.so #debug dump logfd 2 nodetach ******************************************************************************** ### /etc/ppp/pppoe.conf LINUX_PLUGIN=/usr/lib/pppd/2.4.4/rp-pppoe.so ******************************************************************************** ### /etc/rc.d/rc.pppoe-server #!/bin/bash # # /etc/rc.d/rc.pppoe-server # # Configuration SRVNAME="Linux-PPPOE-Server" MAXCON=250 LOCALIP=10.0.0.1 STARTIP=10.0.0.10 USRIF=eth1 HOSTNAME=$(hostname) start () { modprobe pppoe ifconfig $USRIF up /usr/sbin/pppoe-server -k -I $USRIF -N $MAXCON -C $HOSTNAME -S $SRVNAME -L $LOCALIP -R $STARTIP } case "$1" in 'start') echo 'Starting pppoe-server ...' PID=$(pgrep '^pppoe-server$') if [ "$PID" == "" ] ; then start else echo 'pppoe-server is already running !!!' fi ;; 'stop') echo 'Stoping pppoe-server ...' killall pppoe-server ;; 'restart') echo 'Restarting pppoe-server ...' killall pppoe-server sleep 2 start ;; *) echo "Usage: $0 {start|stop|restart}" ;; esac ******************************************************************************** ### /etc/rc.d/rc.local # Start FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd start fi # Start VPN server: if [ -x /etc/rc.d/rc.pptpd ]; then /etc/rc.d/rc.pptpd start fi # Start PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server start fi ******************************************************************************** ### /etc/rc.d/rc.local_shutdown #!/bin/bash # Stop PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server stop fi # Stop VPN server: if [ -x /etc/rc.d/rc.pptpd ]; then /etc/rc.d/rc.pptpd stop fi # Stop FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd stop fi ******************************************************************************** ### Commands chmod +x /etc/rc.d/rc.local_shutdown chmod +x /etc/rc.d/rc.pppoe-server /etc/rc.d/rc.pppoe-server start ******************************************************************************** Old Stuff : POPTOP Server ------------------------- ******************************************************************************** ******************************************************************************** ### Checking kernel # uname -r 2.6.19 # modprobe ppp-compress-18 && echo ok ok ******************************************************************************** ### PPPD 2.4.3 # removepkg ppp # cd /usr/src/ # wget http://samba.org/ftp/ppp/ppp-2.4.3.tar.gz # tar -zxf ppp-2.4.3.tar.gz # cd /usr/src/ppp-2.4.3 # wget http://mppe-mppc.alphacron.de/ppp-2.4.3-mppe-mppc-1.1.patch.gz # zcat ppp-2.4.3-mppe-mppc-1.1.patch.gz | patch -p1 # ./configure # make # make install # strings `which pppd` | grep -i mppe | wc --lines # mkdir /usr/local/etc/radiusclient # cp -r /usr/src/ppp-2.4.3/pppd/plugins/radius/etc/* /usr/local/etc/radiusclient/ # mv /etc/radiusclient /etc/radiusclient.bak # ln -sfn /usr/local/etc/radiusclient /etc/ # vi /etc/profile . . . export MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/local/share/man . . . ******************************************************************************** ### PPTPD 1.3.0 cd /usr/src/ wget http://heanet.dl.sourceforge.net/sourceforge/poptop/pptpd-1.3.0.tar.gz tar -zxf pptpd-1.3.0.tar.gz cd /usr/src/pptpd-1.3.0 ./configure make install # vi /etc/pptpd.conf ppp /usr/local/sbin/pppd option /etc/ppp/options.pptpd debug logwtmp localip 190.190.190.1 remoteip 190.190.190.10-20 # vi /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 #require-mppe-128 proxyarp ms-dns 12.12.12.1 lock nobsdcomp novj novjccomp nologfd # vi /etc/ppp/chap-secrets pejman pptpd 123456 * # echo "/usr/local/sbin/pptpd" >> /etc/rc.d/rc.local # ln -sfn /usr/local/lib/pptpd/ /usr/lib/pptpd ******************************************************************************** Old Stuff : FreeRadius 1.1.7 / MySQL ------------------------------------ ******************************************************************************** # mysql -p123456 -e "create database radius" # mysql -p123456 radius < /usr/local/freeradius/share/doc/freeradius/examples/mysql.sql # cat /usr/local/freeradius/etc/raddb/sql.conf sql { driver = "rlm_sql_mysql" server = "localhost" login = "root" password = "123456" radius_db = "radius" . . . # mysql -p123456 use radius; INSERT INTO radgroupcheck (GroupName, Attribute, Value) VALUES('normalusers', 'Auth-Type', 'SQL' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Framed-Compression', 'Van-Jacobson-TCP-IP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Framed-MTU', '1500' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Filter-Id', 'std.ppp' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Framed-Routing', 'Broadcast-Listen' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Framed-IP-Netmask', '255.255.255.0' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Framed-Protocol', 'PPP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES('normalusers', 'Service-Type', 'Framed-User' ); INSERT INTO usergroup (UserName, GroupName, priority) VALUES('pejman', 'normalusers', 1 ); INSERT INTO radcheck (UserName, Attribute, Value) VALUES('pejman', 'Password', '123456'); INSERT INTO radreply (UserName, Attribute, Value) VALUES('pejman', 'Framed-IP-Address', '172.16.3.33' ); exit # cat /usr/local/freeradius/etc/raddb/radiusd.conf authorize { preprocess chap mschap suffix #eap #files sql pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } #unix #eap } preacct { preprocess acct_unique suffix #files } accounting { detail unix radutmp sql } session { radutmp sql } post-auth { sql } pre-proxy { } post-proxy { eap } # cat /usr/local/freeradius/etc/raddb/users DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # /usr/local/freeradius/sbin/radiusd # echo User-Name = "pejman", User-Password = "123456" | /usr/local/freeradius/bin/radclient 127.0.0.1 auth testing123 Received response ID 120, code 2, length = 71 Framed-IP-Address = 172.16.3.33 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Filter-Id = "std.ppp" Framed-Routing = Broadcast-Listen Framed-IP-Netmask = 255.255.255.0 Framed-Protocol = PPP Service-Type = Framed-User # /usr/local/freeradius/bin/radtest pejman 123456 127.0.0.1 10 testing123 Sending Access-Request of id 118 to 127.0.0.1 port 1812 User-Name = "pejman" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=118, length=71 Framed-IP-Address = 172.16.3.33 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Filter-Id = "std.ppp" Framed-Routing = Broadcast-Listen Framed-IP-Netmask = 255.255.255.0 Framed-Protocol = PPP Service-Type = Framed-User [http://www.frontios.com/freeradius.html](http://www.frontios.com/freeradius.html) ******************************************************************************** _BY: Pejman Moghadam_ _TAG: poptop, pptpclient, vpn-server, vpn-client, freeradius, mysql, pppoe-server, radiusclient, radius_ _DATE: 2010-07-21 14:19:29_