Geekly Articles each Day
⬆️ ⬇️

Opensource billing ABillS - installation on FreeBSD

0. Background

About two years ago, before a relatively small but developing network, in which I, by fate, turned out to be a system administrator, the task was to introduce a new billing. The requirements turned out to be simple and rather banal for those places where the Internet costs not a penny and far from everyone is willing to pay for unlimited money:





Out of a large number of candidates, there are only two abruptly left: NeTAMS and ABillS .

After a detailed review, NeTAMS was also dropped - his methods of work were certainly not suitable for me, and it was noticeably felt that billing was just a module for him. Moreover, the user web-interface, to put it mildly, did not work. Having no alternatives, I proceeded to install ABillS.

Perhaps I will refrain from telling all the twists and turns of learning a new software, and offer you the quintessence of my knowledge of installing the best, in my opinion, opensource billing.



1. Installation

In this post, I will consider installing exclusively for FreeBSD, moreover, version 7.0 (the installation on 6.x has minor, but different). If you are the lucky owner of Linux on the server - I advise you to refer to this article by the Glooom haber man .



1.1 Cooking the core

Since billing is still quite a serious system, I prefer to use all functions used in the work in the core rather than in the modules. Therefore, we add the following options to our kernel build configuration:

options NETGRAPH # NETGRAPH

options NETGRAPH_IPFW # ng_ipfw



options LIBALIAS # ng_nat

options NETGRAPH_NAT # ng_nat

options NETGRAPH_NETFLOW # ng_netflow

### MPD ###

options NETGRAPH_SPLIT

options NETGRAPH_KSOCKET



options NETGRAPH_SOCKET

options NETGRAPH_BPF

options NETGRAPH_IFACE

options NETGRAPH_MPPC_ENCRYPTION

options NETGRAPH_PPP

options NETGRAPH_PPTPGRE

options NETGRAPH_TCPMSS

options NETGRAPH_VJC

options NETGRAPH_TEE

options NETGRAPH_CAR

### --- ###



options IPFIREWALL #ipfw.

options IPFIREWALL_VERBOSE #

options IPFIREWALL_FORWARD # transparent-proxy

options IPFIREWALL_DEFAULT_TO_ACCEPT #



1.2 ng_nat and all-all-all

Unfortunately at the moment we can not provide each user with a real IP. Therefore, I had the task of organizing NAT. After reviewing the existing options, the choice fell on ng_nat + ng_ipfw.

To begin with, we add the following lines in /etc/rc.conf :

gateway_enable="YES" # :)

firewall_enable="YES" # ipfw

firewall_script="/usr/scripts/ipfw_load.sh" #



Create a file /usr/script/ipfw_load.sh with the following contents:

#!/bin/sh

fwcmd="/sbin/ipfw"

ngctl="/usr/sbin/ngctl"



ext_if="re0" #

ext_ip="1.2.3.4" # IP NAT'



# ng_nat

${ngctl} mkpeer ipfw: nat 60 out

${ngctl} name ipfw:60 nat

${ngctl} connect ipfw: nat: 61 in

${ngctl} msg nat: setaliasaddr ${ext_ip}



#

${fwcmd} -f flush #



# ( 127)

${fwcmd} table 127 flush #

${fwcmd} table 127 add 10.39.0.0/16 # ip



# loopback

${fwcmd} add 00001 allow ip from any to any via lo0

# NAT

${fwcmd} add 00003 netgraph 61 all from any to ${ext_ip} in via ${ext_if}

# - - NAT

${fwcmd} add 60021 netgraph 60 ip from "table(127)" to any



In this script, we organize NAT users with IP 10.39.0.0/16 to IP 1.2.3.4. All this is implemented on the tables, because sometimes it becomes necessary to NAT non-contiguous ranges.

')

1.3 Required software



For the normal operation of billing, I use the following software (all of the ports):





#Admin interface

<Directory "/ usr / local / abills / cgi-bin / admin">

AddHandler cgi-script .cgi

Options Indexes ExecCGI FollowSymLinks

AllowOverride none

DirectoryIndex index.cgi

order deny, allow

allow from all









In the case of receiving the 500th error, be sure to look at error.log - almost certainly either something with a database, or Perl is missing some module.



2.5 Configuring ABillS

Here we come to the most delicious. Nevertheless, I will allow myself not to dwell in detail on all the features. The resulted configs will allow to receive efficient system in the minimum time.

Download the billing files to the created database named abills

# mysql -D abills < abills.sql

# mysql -D abills < db/Ipn.sql



The second file activates the IPN extension, which we will use



First of all, we modify the config.pl

@MODULES = ('Dv',

'Abon',

# 'Docs',

'Sqlcmd',

'Ipn',

# 'Cards');

);



Ipn module is important for us to calculate traffic. The Cards module is paid ($ 60), so I left it commented out.

$conf{default_language}='russian'; # - :)

$conf{default_charset}='windows-1251';

$conf{periodic_check}='yes';

$conf{IPN_DEPOSIT_OPERATION}=1; # IPN

$conf{IPN_USERMENU}=1; #



Also note $conf{IPN_FW_START_RULE} and $conf{IPN_FW_STOP_RULE} . Here you can specify scripts that are executed when opening and closing the connection. You can ignore any $conf{IPN_FW_FIRST_RULE} - we will organize the cutting of speed with another method. After unsuccessful experiments, I personally refused to control the firewall from ABillS and therefore, in principle, I do not use the linkupdown script that linkupdown with ABillS.



One effective method for limiting the speed of clients when using MPD is to return the corresponding filters in the RADIUS Start packet. Thus, for example, to create a limit on the tariff plan 64, it is sufficient to include the following line in the RADIUS parameters of this tariff plan:

mpd-limit+=out#1=all shape 64000 pass,mpd-limit+=in#1=all shape 64000 pass



In this case, the speed limit will be performed via the ng_car node, which, as my practice has shown, is much more efficient than cutting with ipfw + dummynet.

Unfortunately, for unknown reasons, ABillS out of the box incorrectly handles the "+ =" operator in the tariff plans. To correct this annoying misunderstanding, find the following lines in Auth.pm:

$RAD_PAIRS->{"$left"} =~ s/\"//g;

$RAD_PAIRS->{"$left"}="\"". $RAD_PAIRS->{"$left"} .",$right\"";

}

else {

$RAD_PAIRS->{"$left"}="\"$right\"";

}



and replace with the following:



$RAD_PAIRS->{"$left"} =~ s/\"//g;

push( @ {$RAD_PAIRS->{"$left"} }, $right );

}

else {

$RAD_PAIRS->{"$left"}= [ $right ];

}



After this, ABillS will correctly transfer attributes in the "+ =" format.



It now remains to log in to the ABillS admin panel with the abills username and password and in the “System” - “NAS” section (aka “System -” Access Servers "in the Russian version) create a new NAS with the type“ mpd4 ”and address“ 127.0. 0.1: 5005 "



NAS will receive a number (most likely it will be "1"). Now open crontab and enter the following line into it:

*/5 * * * * /usr/local/abills/libexec/traffic2sql 1

flowdir=/usr/local/abills/var/log/ipn



Do not forget to replace 1 with the number of your NAS. Now all traffic data of your users will be taken into account by billing.

You can also add calls to periodic scripts in crontab:

1 0 * * * root /usr/abills/libexec/periodic daily

1 0 * * * root /usr/abills/libexec/periodic monthly



Do not make a billd -all to Cron as recommended by management. In our case, it is not needed — and moreover, harmful — it will disassociate users at the boundaries of the time intervals.



This completes the basic setup, and your VPM server should be ready to go.



3. Personal impressions - a barrel of honey

I have been using ABillS as a battle server for over 2 years now. During this time, not a single serious failure occurred, and the total downtime probably did not add up to 2 hours, of which an hour is the transition to new versions of billing. Only once, on New Year's Eve, due to a minor error, billing began to drop all users on time-limit. It took me 15 minutes to eliminate this error.

In general, the system provides very convenient reports on users, all the necessary information is stored in the database, a lot of different modules make life easier - only pleasant impressions. Our friends bought UTM and had more problems with it, even if they had paid support



4. Personal impressions - a spoon of tar

However, ABillS is not perfect. I don’t use a lot of functionality (linkupdown, periodic-scripts) at all, but rather I use my own “substitutes”, because the authors do not suit me for one reason or another.

Sometimes current makes stupid enough mistakes. So after one of the updates (on average, we update the billing every six months), users with a loan lost the ability to go online because of the wrong “>” sign when checking the credit limit of the tariff plan and the user. Traffic2sql itself works in its original form rather slowly ( patch on the ABillS forum ), and when dynamically issuing IP from the pool, traffic may not be considered correctly ( bugreport + patch on the ABillS forum ).

Also, once I turned on the Msgs module, which provides the basic functionality of “contacting technical support” from billing, two days later I was horrified to find that no tags are cut in messages at all, which allows for example using the IFRAME to change the tariff plan to the user as an administrator will look at his message.

This is especially sad for the reason that 95% of the modules that “appear” for ABillS are not cheap commercial orders, which are then issued “for everyone”.





DISCLAIMER instead of an epilogue Everything written above is my personal experience in using this system. My opinion is purely subjective, I do not guarantee the absolute correctness and smoothness of the proposed solutions. Also I, like any person, could be wrong. If you have something to supplement and improve this article - I am always glad to constructive criticism in the comments or email (there is a profile)

Source: https://habr.com/ru/post/30174/

More articles:



All Articles