Installing and configuring a VPN server with AbillS billing system on Ubuntu 7.10
Probably everyone knows that the situation with the prices of the Internet in Moscow and in Russia is strikingly different.
For comparison, in Tolyatti (Samara region), unlimited access at a speed of 512kbit / s for a month costs 2300 rubles.
In the capital for the same amount you can probably take already 20Mbps.
So, no matter how wild it may sound, but I'm going to, to reduce costs, share this channel (512kbit / s) with several more people in the local home network =)
The provider gives access to the Internet through its VPN server.
')
Users in LAN have access to urban resources for free and without traffic control.
Vneshka was decided to release them through a VPN connection to a server on the local network.
The system was tested and has been working for almost half a year, no complaints have been received in the work, everything is stable.
Server configuration: Pentium III 1000MHz, SDRAM 512Mb
To reduce the load on the server, it was decided not to use compression and encryption, therefore, the clients need to additionally uncheck the “require encryption” option in the VPN settings in Windows
In this manual, it was decided to collect all the experience of installation and configuration.
Initially I wrote for myself, but I think the public can also be useful.
So let's proceed to installing a VPN server with abills billing
Installing Ubuntu 7.10
It makes no sense to describe it, so go to the setting. =) Well, the only thing I can see is that you should install the server version of Ubuntu without graphics.
OS Setup
So, we need to configure NAT on the server in order to release local clients to the insider network.
In /etc/rc.local we set the following lines for automatic restoration of settings after failures.
Next, we add the following lines to the / etc / modules file.
Everything, now all users from LAN can go to the internal network of the provider.
Do not forget to save the firewall settings
If you have a DVD or internet connection, you can simply give the command
We edit the / etc / network / interfaces file to get something like the following
If everything went well, then you can check with the ifconfig command whether the ppp0 interface appeared.
!!! Attention, at this moment you have configured NAT on your server and raise the Internet, i.e. All users from LAN have unlimited access to the Internet. !!!
Vpn can be disabled using the poff aist command
Connect - pon aist
Freeradius installation
Next, edit / etc / freeradius / acct_users append to the end
/etc/init.d/freeradius restart
Radiusclient setting
Install Radiusclient
Install
Install Apache
Add support for mod_rewrite.
Edit / etc / apache2 / sites-enabled / 000-default
* Here habr eats some tags, you can take a plot from here
Now install the packages for perl
/etc/init.d/apache2 restart
Setting abills
In the / usr / abills / libexec folder, run cp config.pl.default config.pl, then edit config.pl
Specify the correct details of access to the database, also change
Run apt-get install snmp
Edit the file /usr/abills/Abills/defs.conf
Editing / etc / ppp / options
Editing / etc / ppp / pptpd-options
Editing /etc/pptpd.conf
Restart pptpd /etc/init.d/pptpd restart
For speed limiter operation, add to / etc / ppp / ip-up
3 AbillS Settings
Open the admin web interface at your host / admin
Username / password abills / abills can then be changed.
Go to System configuration-> NAS
Ip write 127.0.0.1
Select the type of pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now add IP POOLs
we set 192.168.160.2-192.168.160.254
It remains to create tariffs and users, enjoy;)
Crosspost from my blog
For comparison, in Tolyatti (Samara region), unlimited access at a speed of 512kbit / s for a month costs 2300 rubles.
In the capital for the same amount you can probably take already 20Mbps.
So, no matter how wild it may sound, but I'm going to, to reduce costs, share this channel (512kbit / s) with several more people in the local home network =)
The provider gives access to the Internet through its VPN server.
')
Users in LAN have access to urban resources for free and without traffic control.
Vneshka was decided to release them through a VPN connection to a server on the local network.
The system was tested and has been working for almost half a year, no complaints have been received in the work, everything is stable.
Server configuration: Pentium III 1000MHz, SDRAM 512Mb
To reduce the load on the server, it was decided not to use compression and encryption, therefore, the clients need to additionally uncheck the “require encryption” option in the VPN settings in Windows
In this manual, it was decided to collect all the experience of installation and configuration.
Initially I wrote for myself, but I think the public can also be useful.
So let's proceed to installing a VPN server with abills billing
Installing Ubuntu 7.10
It makes no sense to describe it, so go to the setting. =) Well, the only thing I can see is that you should install the server version of Ubuntu without graphics.
OS Setup
So, we need to configure NAT on the server in order to release local clients to the insider network.
In /etc/rc.local we set the following lines for automatic restoration of settings after failures.
The iptables settings will be stored in the /etc/iptables.conf fileecho "1"> / proc / sys / net / ipv4 / ip_dynaddr echo "1"> / proc / sys / net / ipv4 / ip_forward iptables-restore /etc/iptables.conf
Next, we add the following lines to the / etc / modules file.
To apply all these parameters, you can run the /etc/rc.local script and give the commandsip_conntrack ip_gre ip_nat_pptp ip_conntrack_ftp ip_nat_ftp
After that, to raise the NAT is enough to register the commandmodprobe ip_conntrack modprobe ip_gre modprobe ip_nat_pptp modprobe ip_conntrack_ftp modprobe ip_nat_ftp
Interface eth1 - looking to LANiptables -t nat -A POSTROUTING -o! eth1 -j MASQUERADE
Everything, now all users from LAN can go to the internal network of the provider.
Do not forget to save the firewall settings
Configuring VPN (pptp) client for server access to the Internet.iptables-save> /etc/iptables.conf
If you have a DVD or internet connection, you can simply give the command
if there is no possibility of automatic installation, then you need to download the package to the folder and start the installation manually.apt-get install pptp-linux
Now let's start setting up the VPN, for this we go to the / etc / ppp / peers folder and create a file for example aist theredpkg -i pptp-linux_1.7.0-2ubuntu2_i386.deb
and we are already writing in itvim / etc / ppp / peers / aist
Now, before raising the VPN, it is necessary to prescribe the routing for the provider's internal network, since through VPN there is no access to it.mtu 1400 mru 1500 persist maxfail 0 lcp-echo-interval 60 lcp-echo-failure 4 pty "pptp address of the provider's vpn server --nolaunchpppd" name login password password remotename PPTP require-mppe-128 defaultroute replacedefaultroute
We edit the / etc / network / interfaces file to get something like the following
auto lo eth1 eth0
iface lo inet loopback
iface eth1 inet static
address 192.168.110.1
netmask 255.255.255.0
iface eth0 inet dhcp
up route add-net 172.16.0.0 netmask 255.240.0.0 dev eth0
up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
up route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0
up pon aist
pre-down poff aist after that, all interfaces will be restarted. VPN will connect automatically./etc/init.d/networking restart
If everything went well, then you can check with the ifconfig command whether the ppp0 interface appeared.
!!! Attention, at this moment you have configured NAT on your server and raise the Internet, i.e. All users from LAN have unlimited access to the Internet. !!!
Vpn can be disabled using the poff aist command
Connect - pon aist
Freeradius installation
Editing / etc / freeradius / users leaving only the following linesapt-get install freeradius
The rest is commented out or deleted.DEFAULT Auth-Type = Accept Exec-Program-Wait = "/usr/abills/libexec/rauth.pl"
Next, edit / etc / freeradius / acct_users append to the end
Edit /etc/freeradius/clients.conf, comment everything, add to the endDEFAULT Acct-Status-Type == Start Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Alive Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Stop Exec-Program = "/usr/abills/libexec/racct.pl"
client localhost {
secret = radsecret
shortname = shortname
} client 172.16.102.72 {
secret = radsecret
shortname = shortname
} authorize {
preprocess
#chap
#counter
#attr_filter
#eap
suffix
files
#etc_smbpasswd
#sql
#mschap
} After this restart the radius# Limit session traffic ATTRIBUTE Session-Octets-Limit 227 integer # What to assume as limit - 0 in + out, 1 in, 2 out, 3 max (in, out) ATTRIBUTE Octets-Direction 228 integer # Connection Speed ​​Limit ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer ATTRIBUTE Acct-Interim-Interval 85 integer
/etc/init.d/freeradius restart
Radiusclient setting
Install Radiusclient
Edit the /etc/radiusclient/radiusclient.conf file:apt-get install radiusclient1
Editing / etc / radiusclient / serversauthserver 127.0.0.1 acctserver 127.0.0.1
Add to / etc / radiusclient / dictionary127.0.0.1 radsecret
Download the billing system AbillS unpack itATTRIBUTE Acct-Interim-Interval 85 integer ATTRIBUTE Session-Octets-Limit 227 integer ATTRIBUTE Octets-Direction 228 integer ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
Transfer it to the / usr / abills foldertar -xf abills-0.37.tgz
MySQL setupmv abills / usr /
Install
Next, you need to create a database for AbillSapt-get install mysql-server
Now the dump of the database from the directory with abills must be entered into the databasemysql -u root -p CREATE DATABASE abills;
mysql -u root -p abills <abills.sql
Install Apache
apt-get install apache2
Add support for mod_rewrite.
ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
Edit / etc / apache2 / sites-enabled / 000-default
<VirtualHost *>
DocumentRoot / usr / abills / cgi-bin /
Alias ​​/ abills "/ usr / abills / cgi-bin /"
<Directory "/ usr / abills / cgi-bin">
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond% {HTTP: Authorization} ^ (. *)
RewriteRule ^ (. *) - [E = HTTP_CGI_AUTHORIZATION:% 1]
Options Indexes ExecCGI SymLinksIfOwnerMatch
</ IfModule>
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
#Options ExecCGI
<Files ~ "\. (Db | log) $">
Order allow, deny
Deny from all
</ Files>
</ Directory>
#Admin interface
<Directory "/ usr / abills / cgi-bin / admin">
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
order deny, allow
allow from all
</ Directory>
</ Virtualhost>
* Here habr eats some tags, you can take a plot from here
Now install the packages for perl
Restart apacheapt-get install libdbi-perl libdbd-mysql-perl libdigest-md4-perl libdigest-sha1-perl libcrypt-des-perl
/etc/init.d/apache2 restart
Setting abills
In the / usr / abills / libexec folder, run cp config.pl.default config.pl, then edit config.pl
Specify the correct details of access to the database, also change
$ conf {MAX_SESSION_TRAFFIC} = 2047;
$ conf {periodic_check} = 'yes';
$ conf {ERROR_ALIVE_COUNT} = 10; In / etc / crontab we bringwww-data ALL = NOPASSWD: / usr / abills / misc / pppd_kill
Set read and write permissions by webserver for web interface files* / 5 * * * * root / usr / abills / libexec / billd -all 1 0 * * * root / usr / abills / libexec / periodic daily 1 0 1 * * root / usr / abills / libexec / periodic monthly
Create the missing directories:chown -Rf www-data / usr / abills / cgi-bin
mkdir / usr / abills / backup chown www-data / usr / abills / backup
Run apt-get install snmp
Edit the file /usr/abills/Abills/defs.conf
2.9 Installing pptpd$ SNMPWALK = '/ usr / bin / snmpwalk'; $ Gzip = '/ bin / gzip'; $ MYSQLDUMP = '/ usr / bin / mysqldump';
apt-get install pptpd
Editing / etc / ppp / options
+ chap
Editing / etc / ppp / pptpd-options
# require-mppe-128 # require-mschap-v2 plugin radius.so plugin radattr.so debug ms-dns 192.168.160.1
Editing /etc/pptpd.conf
ppp / usr / sbin / pppd option / etc / ppp / pptpd-options debug localip 192.168.160.1
Restart pptpd /etc/init.d/pptpd restart
For speed limiter operation, add to / etc / ppp / ip-up
if [-f /var/run/radattr.$1]
then
DOWNSPEED = `/ usr / bin / awk '/ PPPD-Downstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1`
UPSPEED = `/ usr / bin / awk '/ PPPD-Upstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1`
FILTERS = `/ usr / bin / awk '/ Filter-Id / {print $ 2}' / var / run / radattr. $ 1`
#echo $ DOWNSPEED
#echo $ UPSPEED
#echo $ FILTERS
/ sbin / tc qdisc del dev $ 1 root> / dev / null
/ sbin / tc qdisc del dev $ 1 ingress> / dev / null
##### speed server-> client
if ["$ UPSPEED"! = "0"];
then
/ sbin / tc qdisc add dev $ 1 root handle 1: htb default 20 r2q 1
/ sbin / tc class add dev $ 1 parent 1: classid 1: 1 htb rate $ {UPSPEED} kbit burst 4k
/ sbin / tc class add dev $ 1 parent 1: 1 classid 1:10 htb rate $ {UPSPEED} kbit burst 4k prio 1
/ sbin / tc class add dev $ 1 parent 1: 1 classid 1:20 htb rate $ {UPSPEED} kbit burst 4k prio 2
/ sbin / tc qdisc add dev $ 1 parent 1:10 handle 10: sfq perturb 10 quantum 1500
/ sbin / tc qdisc add dev $ 1 parent 1:20 handle 20: sfq perturb 10 quantum 1500
/ sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
/ sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
/ sbin / tc filter add dev $ 1 parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u160x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:10
fi
##### speed client-> server
if ["$ DOWNSPEED"! = "0"];
then
/ sbin / tc qdisc add dev $ 1 handle ffff: ingress
/ sbin / tc filter add dev $ 1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate $ {DOWNSPEED} kbit burst 12k drop flowid: 1
fi
fi 3 AbillS Settings
Open the admin web interface at your host / admin
Username / password abills / abills can then be changed.
Go to System configuration-> NAS
Ip write 127.0.0.1
Select the type of pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now add IP POOLs
we set 192.168.160.2-192.168.160.254
It remains to create tariffs and users, enjoy;)
Crosspost from my blog
Source: https://habr.com/ru/post/23650/
All Articles