We are pumping a PPTP server or replacing Poptop

Introduction

On the access server, as a pptp server, there was a proven Poptop of the latest stable version (1.3.4). And everything would be fine, but now only after increasing the speeds on the tariffs, the performance of the server began to sink under the increased load. And it is very significant, since this pptp-server works in user mode, not in the kernel. Constant copying of packets and directly related context switching operations, which also consumes computational resources, have caused a serious degradation of server performance with increased traffic. It was necessary to act.

Installation

I have already heard about accel-pptp and read positive reviews about it, but now it’s time to try it out.

All actions will be performed in OC CentOS 5.7 x86_64.
')
Distributed by accel-pptp in source code. The project itself is hosted on SourceForge, so we go to the project site and download the latest version (at the time of writing these lines - 0.8.5). In the OS, where we will deploy a pptp server, ppp should already be installed, as well as everything needed to build from source, including the source code and the kernel header files:

yum install kernel-headers kernel-devel 

Do not forget to check the correspondence between the versions of the installed kernel and the installed packages. They must match; otherwise, they must update the kernel or search for and install package versions for the installed kernel. This happens when the OS has not been updated for a long time, and in the repositories are packages of newer versions.
After this, go to the directory with the archive of source codes and unpack it:

 tar xjf accel-pptp-0.8.5.tar.bz 

Then go to the unpacked directory:

 cd accel-pptp-0.8.5 

The README file contains, in principle, sufficient information on system requirements as well as installation. You can look at the Makefile itself and see what exactly will be built and installed. To compile the pptp server, execute the following command:

 make server 

To install the server perform:

 make server_install 

The executable file is placed by default in the / usr / local / sbin directory
Checking how to assemble and install:

 /usr/local/sbin/pptpd -v 

A line like this should appear:

 accel-pptpd v0.8.5 compiled for pppd-2.4.4, linux-2.6.18-308.4.1.el5 

Your pppd and kernel version should be listed here. But that's not all. In 64-bit versions of the OS, the pppd shared libraries are located in /usr/lib64/pppd/2.4.4 , and when the pptp server is installed, the library for pppd is copied to /usr/lib/pppd/2.4.4 . Copy the contents of / usr / lib / pppd to / usr / lib64 / pppd and create a symbolic link to / usr / lib64 / pppd (otherwise the connection will not be established and the logs will be cursed for the lack of the pptp.so library):

 ln -s /usr/lib64/pppd /usr/lib/pppd 

Customization

After that, you can adjust the configs.
/etc/pptpd.conf :

 option /etc/ppp/options debug connections 498 localip 172.16.190.1 remoteip 172.16.190.2-250,172.16.191.2-250 

/ etc / ppp / options :

 auth refuse-pap refuse-chap require-mschap require-mschap-v2 ms-dns 82.179.90.1 mtu 1400 mru 1400 nobsdcomp novj novjccomp logfile /var/log/ppp/ppp.log #plugin radius.so #plugin radattr.so 

Add the user to / etc / ppp / chap-secrets to verify server operation:

 test * password * 

(We look at the meaning of various options and parameters in man`s - everything is described in sufficient detail and clearly)
Since this pptp server performs almost all the work in kernel mode, the main functionality is enclosed in a module that needs to be loaded:

 depmod; modprobe pptp 

So that each time you restart, the module was connected independently, we will create an executable file /etc/sysconfig/modules/pptp.modules and enter there

 modprobe pptp 

It remains to enable packet forwarding between network interfaces on the server, configure the firewall to accept connections to port 1723, as well as the routing and nat rules.

Results (instead of totals)

In Production, the pptp server is connected to the RADIUS server of the billing system for user authorization. For clarity, here is the CPU load schedule:


This graph clearly shows how since the beginning of April, the CPU utilization rates have increased due to the increase in speed on tariffs twice. The number of users almost did not change:


Reducing the number of context switching operations per second - from 15000-25000 to 1000-2000

PS

Waiting for your comments and additions.