HOW-TO pptpd + freeradius2 + mysql + abills 0.50b for a small office or small provider on Ubuntu 9.10 / 10.04
At the request of the respected Nesmit, I publish it HOW-TO, instead of my own, because I think that his instruction deserves more attention than mine, which was in this post, there were many flaws and mistakes in mine. And in vain his article was not allowed into the tape. Very good article. Here she is
ubuntu 9.10, in order to upgrade to 10.04, without touching anything.
pptpd 1.3.4-2
freeradius2.1.0
abills 0.5
dictionary.microsoft
The developer of billing is here: abills.net.ua
I would like to express my great gratitude to the developers of this billing!
')
Goals:
1. To provide the Internet with a local network.
2. Traffic accounting
3. Accounting finances
4. Creation of tariff plans.
5. Speed ​​Limit
6. 128bit encryption, a lot of reasons.
7. Without encryption, but using mschapv2.
8. Encryption of personal account (apache SSL)
9. Upgradeability: mail server integration with billing, etc. There are many modules paid and not.
Bibliography:
I found 2 useful articles on installing abills.
habrahabr.ru/blogs/linux/23650 - our foundation
silverghost.org.ua/2008/10/13/ustanovka-billinga-abills-na-ubuntu-804-lts-server-mikrotik-router-os-v-kachestve-servera-dostupa - our foundation number 2
still:
www.opennet.ru/base/net/abills_server.txt.html is no less useful, but we don’t have a microtik.
www.xakep.ru/magazine/xa/112/136/1.asp - pppoe
Description of parameters in pptpd
www.compress.ru/article.aspx?id=18183&iid=842
In principle, this setup is no different from using PPPoE or microtik as a NAS. The latter is more profitable if there are more than 100 customers and without a headache.
We will take information from the first 2 articles, they are closest to our topic. It turns out a revised 1st article with the addition of some of the details of the 2nd + my dorobotki.
ATTENTION! Before you start to put the system. Decide which network cards you use. I recommend using intel or 3com cards. PPTP on realtech is buggy and tunnels fail for no apparent reason.
1. Install the system:
My choice fell on the Ubuntu 9.10 distribution, this is a proven system in which a set of packages has been worked out. Upgrade to 10.04, which is 1.5 months left no problems. A good admin is a lazy admin. Why do we need a headache? The first server on LTS 8.04 stood for 1.5 years until the hard drive was covered. During this time nobody touched the billing.
After installation, update, put all the latest:
And reboot.
go under the root.
2. Install the necessary packages in one line:
During the installation of the MySQL server 2 times asks for the root password for the mysql server, it will be needed soon!
Run the installed modules for Apache:
Restart apache:
# a2enmod rewrite - MANDATORY, otherwise you will get an error when entering the admin area!
3. Download abills 0.50, from the site abills.net.ua, unpack it in / usr / abills or use cvs and download a stable release.
Link to files: sourceforge.net/projects/abills/files
4. Create the missing directories and change the rights:
Next, edit / etc / sudoers add the line. This command kills vpn tunnels.
5. Set up freeradius, information from the developer’s server with corrections for our distribution:
in /etc/freeradius/radiusd.conf in the modules section we describe the sections:
in the exec section, the file / etc / freeradius / modules / exec will result in the following form:
File / etc / freeradius / sites-enabled / default - go to sections authorize, preacct, post-auth. The rest of these sections are commented or deleted.
in / etc / freeradius / users
Editing /etc/freeradius/clients.conf, commenting everything, adding to the end (client / server on the local machine, if it’s better to change the code word)
Moving on to editing the / etc / freeradius / dictionary file, adding to the end
After this restart the radius:
If you write an error, then the freeradius -X command issues a log and serves to search for them.
6. Configure the radiusclient.
Editing / etc / radiusclient / servers
dictionary.microsoft put in / etc / radiusclient /
These files are responsible for the support of mschap v2 and mppe
You can take the file with cakebilling.googlecode.com/files/etc.tar.bz2 without it mschap2 and mppe refuses to work.
add the following lines to the file:
rule file / etc / hosts
vpn-server is the name of YOUR server, change at your discretion. Otherwise, the client will not be able to connect to the radius server.
7. Next, you need to create a database for AbillS
Option 2: You can do it easier, install the phpmyadmin package and do everything in 1 minute, including generating a strong password.
Further
ip address of your server / phpmyadmin
enter the root username and password to manage the server and
“Privileges” tab -> “Add new user”
Username: abills
Host: localhost
Password: press the button to generate, remember the password or write.
Put a check: Create a database with the name of the user in the name and grant it full privileges.
Click OK, the database is created.
Now the dump of the database from the directory with abills must be entered into the database
Configure the Abills configuration file
In the folder / usr / abills / libexec execute
then edit it.
Specify the correct details of access to the database, also change some parameters:
Disable extra modules:
8. Rules Conf /usr/abills/Abills/defs.conf
we change only the lines below
Now the backup will work, initially the config is sharpened under freeBSD.
8. Create a certificate for Apache
answer the questions of the following command:
Replace text from / etc / apache2 / sites-available / default-ssl to the one given.
WHEN COPYING, REMOVE SIGNS UNDERLINE BEFORE AND AFTER SLASH !!!
Change coding to cp1251 here /etc/apache2/conf.d/charset
Create a symlink:
Restart apache
Check the server, go to:
ip-address of your server / admin
If everything is completed successfully, gut. If not, read the logs. They have all the power!
9. Configure pptpd:
Editing /etc/pptpd.conf
Edit / etc / ppp / options, add the line
Edit / etc / ppp / pptpd-options, add the lines:
By default, config is configured for mschap-v2 + mppe.
We write the shaper script and give the launch rights.
There is another way to shape. Through the IPN module. This method can be read on the developer forum.
10. Optionally, install squid, make it transparent.
we change lines in the /etc/squid/squid.conf file
on
By default, all possible networks are registered in the config, we remove the comment:
restart service
11. Turn on the nat and prescribe the following lines in the file rc.local
firewall rules:
ip address 192.168.1.10, looks in the direction of adsl router.
The script is primitive, but enough for a start.
12. In / etc / crontab, enter the following.
13. Abills settings
Open the admin web interface at your server ip-address / admin
Username / password abills / abills can then be changed.
Default. NAS, user and tariff has already been created. We will change under our conditions.
Go System-> Access Server
Ip write 127.0.0.1
Select the type of pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now add IP POOLs:
we set 192.168.160.2-192.168.160.254
We get groups of tariffs:
/ System / Internet / Tariff plans / Groups /
added: unlimited, GID: 0
Go to / System / Internet / Tariff Plans /
#: one
Name: "unlimited"
Group: "1: unlimited"
Daily a / p: 10
add
Determine the speed:
/ System / Internet / Tariff plans /
click on the selected tariff "Intervals"
click the add button, then Traffic
enter the speed, add.
Now we get the user:
/ Clients / Logins / Internet / Users Add /
we create a client: password, login, name, credit. And you can immediately put money into the account.
The main thing here is first to create a group of tariffs, and then the tariffs themselves. In addition, read on WiKi in detail about all the options. Usually they start yelling before they realize what the options mean.
According to this instruction, I raised 4 servers and are working successfully.
No longer relevant, Abills pleases with its stability and flexibility, the rest is in your hands.
If you need to remove encryption, do this:
We remove the “require-mppe-128” line in the / etc / ppp / pptpd-options file. This will give more stability to VPN tunnels and will offload the CPU.
Screenshots of the result:
All thanks to Nesmit'y with forum.ubuntu.ru =) I have nothing to do with it. He did this article, I just told it to people, because on his behalf, stubbornly prevented this article from being published!))
Good luck! I am ready to listen to all questions, including malfunctions.
ubuntu 9.10, in order to upgrade to 10.04, without touching anything.
pptpd 1.3.4-2
freeradius2.1.0
abills 0.5
dictionary.microsoft
The developer of billing is here: abills.net.ua
I would like to express my great gratitude to the developers of this billing!
')
Goals:
1. To provide the Internet with a local network.
2. Traffic accounting
3. Accounting finances
4. Creation of tariff plans.
5. Speed ​​Limit
6. 128bit encryption, a lot of reasons.
7. Without encryption, but using mschapv2.
8. Encryption of personal account (apache SSL)
9. Upgradeability: mail server integration with billing, etc. There are many modules paid and not.
Bibliography:
I found 2 useful articles on installing abills.
habrahabr.ru/blogs/linux/23650 - our foundation
silverghost.org.ua/2008/10/13/ustanovka-billinga-abills-na-ubuntu-804-lts-server-mikrotik-router-os-v-kachestve-servera-dostupa - our foundation number 2
still:
www.opennet.ru/base/net/abills_server.txt.html is no less useful, but we don’t have a microtik.
www.xakep.ru/magazine/xa/112/136/1.asp - pppoe
Description of parameters in pptpd
www.compress.ru/article.aspx?id=18183&iid=842
In principle, this setup is no different from using PPPoE or microtik as a NAS. The latter is more profitable if there are more than 100 customers and without a headache.
We will take information from the first 2 articles, they are closest to our topic. It turns out a revised 1st article with the addition of some of the details of the 2nd + my dorobotki.
ATTENTION! Before you start to put the system. Decide which network cards you use. I recommend using intel or 3com cards. PPTP on realtech is buggy and tunnels fail for no apparent reason.
1. Install the system:
My choice fell on the Ubuntu 9.10 distribution, this is a proven system in which a set of packages has been worked out. Upgrade to 10.04, which is 1.5 months left no problems. A good admin is a lazy admin. Why do we need a headache? The first server on LTS 8.04 stood for 1.5 years until the hard drive was covered. During this time nobody touched the billing.
After installation, update, put all the latest:
#apt-get update
#apt-get dist-upgradeAnd reboot.
go under the root.
$ sudo -s -H2. Install the necessary packages in one line:
#apt-get install mysql-server mysql-client libmysqlclient15-dev apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt libdbi-perl libdbd-mysql-perl libdigest-md4-perl libdigest-sha1-perl libcrypt-des-perl freeradius radiusclient1 radiusclient1 pptpdDuring the installation of the MySQL server 2 times asks for the root password for the mysql server, it will be needed soon!
Run the installed modules for Apache:
#a2enmod ssl
#a2enmod rewrite
#a2enmod suexec
#a2enmod includeRestart apache:
#/etc/init.d/apache2 restart# a2enmod rewrite - MANDATORY, otherwise you will get an error when entering the admin area!
3. Download abills 0.50, from the site abills.net.ua, unpack it in / usr / abills or use cvs and download a stable release.
Link to files: sourceforge.net/projects/abills/files
4. Create the missing directories and change the rights:
# mkdir /usr/abills/backup
# chown -R www-data:www-data /usr/abills/backup
# mkdir /usr/abills/cgi-bin/admin/nets
# chown -R www-data:www-data /usr/abills/cgi-bin/
# mkdir /usr/abills/var
# mkdir /usr/abills/var/log
# chown -R freerad:freerad /usr/abills/varNext, edit / etc / sudoers add the line. This command kills vpn tunnels.
www-data ALL=NOPASSWD: /usr/abills/misc/pppd_kill5. Set up freeradius, information from the developer’s server with corrections for our distribution:
in /etc/freeradius/radiusd.conf in the modules section we describe the sections:
#abills_preauth
exec abills_preauth {
program = "/usr/abills/libexec/rauth.pl pre_auth"
wait = yes
input_pairs = request
shell_escape = yes
#output = no
output_pairs = config
}
#abills_postauth
exec abills_postauth {
program = "/usr/abills/libexec/rauth.pl post_auth"
wait = yes
input_pairs = request
shell_escape = yes
#output = no
output_pairs = config
}
#abills_auth
exec abills_auth {
program = "/usr/abills/libexec/rauth.pl"
wait = yes
input_pairs = request
shell_escape = yes
output = no
output_pairs = reply
}
#abills_acc
exec abills_acc {
program = "/usr/abills/libexec/racct.pl"
wait = yes
input_pairs = request
shell_escape = yes
output = no
output_pairs = reply
}in the exec section, the file / etc / freeradius / modules / exec will result in the following form:
exec {
wait = yes
input_pairs = request
shell_escape = yes
output = none
output_pairs = reply
}File / etc / freeradius / sites-enabled / default - go to sections authorize, preacct, post-auth. The rest of these sections are commented or deleted.
authorize {
preprocess
abills_preauth
mschap
files
abills_auth
}
preacct {
preprocess
abills_acc
}
post-auth {
Post-Auth-Type REJECT {
abills_postauth
}
}
in / etc / freeradius / users
DEFAULT Auth-Type = AcceptEditing /etc/freeradius/clients.conf, commenting everything, adding to the end (client / server on the local machine, if it’s better to change the code word)
client localhost {
ipaddr = 127.0.0.1
secret = radsecret
shortname = shortname
}Moving on to editing the / etc / freeradius / dictionary file, adding to the end
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integerAfter this restart the radius:
#/etc/init.d/freeradius restartIf you write an error, then the freeradius -X command issues a log and serves to search for them.
6. Configure the radiusclient.
Editing / etc / radiusclient / servers
127.0.0.1 radsecretdictionary.microsoft put in / etc / radiusclient /
These files are responsible for the support of mschap v2 and mppe
You can take the file with cakebilling.googlecode.com/files/etc.tar.bz2 without it mschap2 and mppe refuses to work.
add the following lines to the file:
INCLUDE /etc/radiusclient/dictionary.microsoft
# Limit session traffic
ATTRIBUTE Session-Octets-Limit 227 integer
# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out)
ATTRIBUTE Octets-Direction 228 integer
# Connection Speed Limit
ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer
ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer
ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
ATTRIBUTE Acct-Interim-Interval 85 integerrule file / etc / hosts
127.0.0.1 localhost vpn-server
127.0.1.1 localhost vpn-servervpn-server is the name of YOUR server, change at your discretion. Otherwise, the client will not be able to connect to the radius server.
7. Next, you need to create a database for AbillS
#mysql -u root -pGRANT ALL ON abills.* TO abills@localhost IDENTIFIED BY "yourpassword";
CREATE DATABASE abills;Option 2: You can do it easier, install the phpmyadmin package and do everything in 1 minute, including generating a strong password.
sudo apt-get install phpmyadminFurther
ip address of your server / phpmyadmin
enter the root username and password to manage the server and
“Privileges” tab -> “Add new user”
Username: abills
Host: localhost
Password: press the button to generate, remember the password or write.
Put a check: Create a database with the name of the user in the name and grant it full privileges.
Click OK, the database is created.
Now the dump of the database from the directory with abills must be entered into the database
#mysql -u root -p abills < abills.sqlConfigure the Abills configuration file
In the folder / usr / abills / libexec execute
#cd /usr/abills/libexec
#cp config.pl.default config.plthen edit it.
Specify the correct details of access to the database, also change some parameters:
$conf{dbhost}='localhost';
$conf{dbname}='abills';
$conf{dbuser}='abills';
$conf{dbpasswd}='SxTcBAx7dYfR7cG7';
$conf{dbcharset}='utf-8';
$conf{default_language}='russian';
$conf{periodic_check}='yes';
$conf{ERROR_ALIVE_COUNT} = 10;
$conf{RADIUS2}=1;
Disable extra modules:
@MODULES = ('Dv',
# 'Voip',
# 'Docs',
# 'Mail',
'Sqlcmd');
8. Rules Conf /usr/abills/Abills/defs.conf
we change only the lines below
$SNMPWALK = '/usr/bin/snmpwalk';
$SNMPSET = '/usr/bin/snmpset';
$GZIP = '/bin/gzip';
$TAR='/bin/tar';
$MYSQLDUMP = '/usr/bin/mysqldump';
$IFCONFIG='/sbin/ifconfig';Now the backup will work, initially the config is sharpened under freeBSD.
8. Create a certificate for Apache
#mkdir /etc/apache2/sslanswer the questions of the following command:
#make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
#a2enmod ssl
Replace text from / etc / apache2 / sites-available / default-ssl to the one given.
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /usr/abills/cgi-bin/
Alias /abills "/usr/abills/cgi-bin/"
<Directory "/usr/abills/cgi-bin">
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_CGI_AUTHORIZATION:%1]
Options Indexes ExecCGI SymLinksIfOwnerMatch
<_/_IfModule>
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
#Options ExecCGI
<Files ~ ".(db|log)$">
Order allow,deny
Deny from all
<_/_Files>
<_/_Directory>
#Admin interface
<Directory "/usr/abills/cgi-bin/admin">
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
order deny,allow
allow from all
<_/_Directory>
ErrorLog /var/log/apache2/error-abills.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access-abills.log combined
<_/_virtualhost>
WHEN COPYING, REMOVE SIGNS UNDERLINE BEFORE AND AFTER SLASH !!!
Change coding to cp1251 here /etc/apache2/conf.d/charset
AddDefaultCharset cp1251Create a symlink:
#ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/default-ssl
Restart apache
#/etc/init.d/apache2 restartCheck the server, go to:
ip-address of your server / admin
If everything is completed successfully, gut. If not, read the logs. They have all the power!
9. Configure pptpd:
Editing /etc/pptpd.conf
ppp /usr/sbin/pppd
option /etc/ppp/pptpd-options
connections 500
localip 192.168.160.1
Edit / etc / ppp / options, add the line
+mschap-v2Edit / etc / ppp / pptpd-options, add the lines:
ms-dns 192.168.160.1 #
asyncmap 0
lcp-echo-failure 30
lcp-echo-interval 5
ipcp-accept-local
ipcp-accept-remote
plugin radius.so
plugin radattr.so
By default, config is configured for mschap-v2 + mppe.
We write the shaper script and give the launch rights.
#touch /etc/ppp/ip-up.d/shaper
#chmod 744 /etc/ppp/ip-up.d/shaper
#nano /etc/ppp/ip-up.d/shaper
#!/bin/sh
if [ -f /var/run/radattr.$1 ]
then
DOWNSPEED=`/usr/bin/awk '/PPPD-Downstream-Speed-Limit/ {print $2}' /var/run/radattr.$1`
UPSPEED=`/usr/bin/awk '/PPPD-Upstream-Speed-Limit/ {print $2}' /var/run/radattr.$1`
# echo $DOWNSPEED
# echo $UPSPEED >
/sbin/tc qdisc del dev $1 root > /dev/null
/sbin/tc qdisc del dev $1 ingress > /dev/null
##### speed server->client
if [ "$UPSPEED" != "0" ] ;
then
# /sbin/tc qdisc add dev $1 root handle 1: htb default 20 r2q 1
/sbin/tc qdisc add dev $1 root handle 1: htb default 20
/sbin/tc class add dev $1 parent 1: classid 1:1 htb rate ${UPSPEED}kbit burst 4k
/sbin/tc class add dev $1 parent 1:1 classid 1:10 htb rate ${UPSPEED}kbit burst 4k prio 1
/sbin/tc class add dev $1 parent 1:1 classid 1:20 htb rate ${UPSPEED}kbit burst 4k prio 2
/sbin/tc qdisc add dev $1 parent 1:10 handle 10: sfq perturb 10 quantum 1500
/sbin/tc qdisc add dev $1 parent 1:20 handle 20: sfq perturb 10 quantum 1500
/sbin/tc filter add dev $1 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
/sbin/tc filter add dev $1 parent 1:0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
/sbin/tc filter add dev $1 parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u160x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:10
fi
##### speed client->server
if [ "$DOWNSPEED" != "0" ] ;
then
/sbin/tc qdisc add dev $1 handle ffff: ingress
/sbin/tc filter add dev $1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${DOWNSPEED}kbit burst 12k drop flowid :1
fi
fiThere is another way to shape. Through the IPN module. This method can be read on the developer forum.
10. Optionally, install squid, make it transparent.
#apt-get install squidwe change lines in the /etc/squid/squid.conf file
http_port 3128
on
http_port 3128 transparentBy default, all possible networks are registered in the config, we remove the comment:
http_access allow localnetrestart service
# /etc/init.d/squid restart11. Turn on the nat and prescribe the following lines in the file rc.local
firewall rules:
ip address 192.168.1.10, looks in the direction of adsl router.
# .
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
# NAT
iptables -t nat -A POSTROUTING -s 192.168.160.0/255.255.255.0 -j SNAT --to-source 192.168.1.10
# , .
iptables -t nat -A PREROUTING -p tcp -s 192.168.160.0/24 --dport 80 -j REDIRECT --to-port 3128
#
iptables -A INPUT -p TCP -i eth0 --dport 3128 -j DROP # proxy
iptables -A INPUT -p TCP -i eth1 --dport 3128 -j DROP
iptables -A INPUT -p TCP -i eth0 --dport 3306 -j DROP #mysql
iptables -A INPUT -p TCP -i eth1 --dport 3306 -j DROP
#
echo "1" > /proc/sys/net/ipv4/ip_forward
exit 0The script is primitive, but enough for a start.
12. In / etc / crontab, enter the following.
*/5 * * * * root /usr/abills/libexec/billd -all
1 0 * * * root /usr/abills/libexec/periodic daily
1 0 1 * * root /usr/abills/libexec/periodic monthly
#backup
1 3 * * * root /usr/abills/libexec/periodic backup
13. Abills settings
Open the admin web interface at your server ip-address / admin
Username / password abills / abills can then be changed.
Default. NAS, user and tariff has already been created. We will change under our conditions.
Go System-> Access Server
Ip write 127.0.0.1
Select the type of pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now add IP POOLs:
we set 192.168.160.2-192.168.160.254
We get groups of tariffs:
/ System / Internet / Tariff plans / Groups /
added: unlimited, GID: 0
Go to / System / Internet / Tariff Plans /
#: one
Name: "unlimited"
Group: "1: unlimited"
Daily a / p: 10
add
Determine the speed:
/ System / Internet / Tariff plans /
click on the selected tariff "Intervals"
click the add button, then Traffic
enter the speed, add.
Now we get the user:
/ Clients / Logins / Internet / Users Add /
we create a client: password, login, name, credit. And you can immediately put money into the account.
The main thing here is first to create a group of tariffs, and then the tariffs themselves. In addition, read on WiKi in detail about all the options. Usually they start yelling before they realize what the options mean.
No longer relevant, Abills pleases with its stability and flexibility, the rest is in your hands.
If you need to remove encryption, do this:
We remove the “require-mppe-128” line in the / etc / ppp / pptpd-options file. This will give more stability to VPN tunnels and will offload the CPU.
Screenshots of the result:
All thanks to Nesmit'y with forum.ubuntu.ru =) I have nothing to do with it. He did this article, I just told it to people, because on his behalf, stubbornly prevented this article from being published!))
Good luck! I am ready to listen to all questions, including malfunctions.
Source: https://habr.com/ru/post/87421/
All Articles