April 16, 2008 at 19:23Install and configure a VPN server with AbillS billing system on Ubuntu 7.10
Probably everyone knows that the situation with Internet prices in Moscow and Russia is strikingly different.
For comparison, in Tolyatti (Samara Region) unlimited access at a speed of 512 kbit / s per month costs $ 2300.
In the capital, for the same amount, you can probably take already 20Mbit.
So, no matter how wild it sounds, but I’m going to share this channel (512 kbit / s) with several people on the local home network to reduce costs =) The
provider gives you access to the Internet through your VPN server.
Users in LAN have access to intracity resources for free and without traffic control.
Outside, it was decided to release them through a VPN connection to a server on the local network.
The system has been tested and has been working for almost six months, no complaints have been received, everything is stable.
Server configuration: Pentium III 1000MHz, SDRAM 512Mb
To reduce the load on the server, it was decided not to use compression and encryption, in this connection, in clients, it was necessary to uncheck the box “require encryption” in the VPN settings in Windows
In this instruction, it was decided to collect all the experience to install and configure.
Initially, I wrote for myself, but I think the public can also be useful.
So, let's start installing a VPN server with abills billing .
Installing Ubuntu 7.10
There is no point in describing it, so let's move on to setting it up. =) Well, the only thing I can notice is that it’s worth installing the server version of Ubuntu without graphics.
Configuring the OS
So we need to configure NAT on the server in order to release local clients into the internal network of the provider.
In /etc/rc.local, write the following lines to automatically restore settings after failures.
Next, add the following lines to the / etc / modules file
Everything, now all users from LAN can go to the provider's internal network.
Do not forget to save the firewall settings
If you have a DVD disc or an Internet connection, you can simply give
We edit the file / etc / network / interfaces to get the following contents
If everything went well, you can check if the ppp0 interface appeared with the ifconfig command
!!! Attention, at this moment on your server NAT is configured and raise the Internet, i.e. all users from LAN have unlimited access to the Internet. !!!
Optimize vpn using poff aist command
Connect - pon aist
Install freeradius
Next, edit / etc / freeradius / acct_users append to the end
/etc/init.d/freeradius restart
Configure Radiusclient
Install Radiusclient
Install
Install Apache
Add mod_rewrite support.
Editing / etc / apache2 / sites-enabled / 000-default
* Here the habr eats some tags, you can take a portion from here
Now install the packages for perl
/etc/init.d/apache2 restart
Configuring abills
In the folder / usr / abills / libexec we execute cp config.pl.default config.pl, then we edit config.pl We
specify the correct details for access to the database, we also change
We execute apt-get install snmp
We edit the file /usr/abills/Abills/defs.conf
Editing / etc / ppp / options
Editing / etc / ppp / pptpd-options
Editing /etc/pptpd.conf
Restart pptpd /etc/init.d/pptpd restart
To add a speed limiter, add it to / etc / ppp / ip-up
3 Configuring AbillS
Open the admin web interface at yourhost / admin
Username / password abills / abills they can then be changed.
We go System configuration-> NAS
Ip we write 127.0.0.1
Choose the type pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now we add IP POOLs
we set 192.168.160.2-192.168.160.254
Then it remains to create tariffs and users, enjoy;)
Cross-post from my blog
For comparison, in Tolyatti (Samara Region) unlimited access at a speed of 512 kbit / s per month costs $ 2300.
In the capital, for the same amount, you can probably take already 20Mbit.
So, no matter how wild it sounds, but I’m going to share this channel (512 kbit / s) with several people on the local home network to reduce costs =) The
provider gives you access to the Internet through your VPN server.
Users in LAN have access to intracity resources for free and without traffic control.
Outside, it was decided to release them through a VPN connection to a server on the local network.
The system has been tested and has been working for almost six months, no complaints have been received, everything is stable.
Server configuration: Pentium III 1000MHz, SDRAM 512Mb
To reduce the load on the server, it was decided not to use compression and encryption, in this connection, in clients, it was necessary to uncheck the box “require encryption” in the VPN settings in Windows
In this instruction, it was decided to collect all the experience to install and configure.
Initially, I wrote for myself, but I think the public can also be useful.
So, let's start installing a VPN server with abills billing .
Installing Ubuntu 7.10
There is no point in describing it, so let's move on to setting it up. =) Well, the only thing I can notice is that it’s worth installing the server version of Ubuntu without graphics.
Configuring the OS
So we need to configure NAT on the server in order to release local clients into the internal network of the provider.
In /etc/rc.local, write the following lines to automatically restore settings after failures.
iptables settings will be stored in the /etc/iptables.conf file.echo "1"> / proc / sys / net / ipv4 / ip_dynaddr echo "1"> / proc / sys / net / ipv4 / ip_forward iptables-restore /etc/iptables.conf
Next, add the following lines to the / etc / modules file
To apply all these parameters, you can run the /etc/rc.local script and give commandsip_conntrack ip_gre ip_nat_pptp ip_conntrack_ftp ip_nat_ftp
After that, to raise NAT, it is enough to register the commandmodprobe ip_conntrack modprobe ip_gre modprobe ip_nat_pptp modprobe ip_conntrack_ftp modprobe ip_nat_ftp
Eth1 interface - looks into the LAN.iptables -t nat -A POSTROUTING -o! eth1 -j MASQUERADE
Everything, now all users from LAN can go to the provider's internal network.
Do not forget to save the firewall settings
Configure VPN (pptp) client for server access to the Internet.iptables-save> /etc/iptables.conf
If you have a DVD disc or an Internet connection, you can simply give
if there is no possibility of automatic installation, then you need to download the package to a folder and start the installation manually.apt-get install pptp-linux
Now let's set up the VPN, for this we go to the / etc / ppp / peers folder and create a file there for example aistdpkg -i pptp-linux_1.7.0-2ubuntu2_i386.deb
and we already write in itvim / etc / ppp / peers / aist
Now, before raising a VPN, it is necessary to prescribe routing for the provider's internal network, as through VPN there is no access to it.mtu 1400 mru 1500 persist maxfail 0 lcp-echo-interval 60 lcp-echo-failure 4 pty "pptp provider vpn server address --nolaunchpppd" name login password password remotename PPTP require-mppe-128 defaultroute replacedefaultroute
We edit the file / etc / network / interfaces to get the following contents
To check, you can use the commandauto lo eth1 eth0 iface lo inet loopback iface eth1 inet static address 192.168.110.1 netmask 255.255.255.0 iface eth0 inet dhcp up route add -net 172.16.0.0 netmask 255.240.0.0 dev eth0 up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0 up route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0 up pon aist pre-down poff aist
after that, all interfaces will be restarted. VPN will connect automatically./etc/init.d/networking restart
If everything went well, you can check if the ppp0 interface appeared with the ifconfig command
!!! Attention, at this moment on your server NAT is configured and raise the Internet, i.e. all users from LAN have unlimited access to the Internet. !!!
Optimize vpn using poff aist command
Connect - pon aist
Install freeradius
Editing / etc / freeradius / users we leave only the following linesapt-get install freeradius
We comment or delete the rest.DEFAULT Auth-Type = Accept Exec-Program-Wait = "/usr/abills/libexec/rauth.pl"
Next, edit / etc / freeradius / acct_users append to the end
Edit /etc/freeradius/clients.conf comment everything, add to the endDEFAULT Acct-Status-Type == Start Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Alive Exec-Program = "/usr/abills/libexec/racct.pl" DEFAULT Acct-Status-Type == Stop Exec-Program = "/usr/abills/libexec/racct.pl"
client localhost {
secret = radsecret
shortname = shortname
}client 172.16.102.72 {
secret = radsecret
shortname = shortname
}authorize {
preprocess
#chap
#counter
#attr_filter
#eap
suffix
files
#etc_smbpasswd
#sql
#mschap
}After that, restart the radius# Limit session traffic ATTRIBUTE Session-Octets-Limit 227 integer # What to assume as limit - 0 in + out, 1 in, 2 out, 3 max (in, out) ATTRIBUTE Octets-Direction 228 integer # Connection Speed Limit ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer ATTRIBUTE Acct-Interim-Interval 85 integer
/etc/init.d/freeradius restart
Configure Radiusclient
Install Radiusclient
Edit the file /etc/radiusclient/radiusclient.conf:apt-get install radiusclient1
Editing / etc / radiusclient / serversauthserver 127.0.0.1 acctserver 127.0.0.1
Add to / etc / radiusclient / dictionary127.0.0.1 radsecret
Download the AbillS billing system, unpack itATTRIBUTE Acct-Interim-Interval 85 integer ATTRIBUTE Session-Octets-Limit 227 integer ATTRIBUTE Octets-Direction 228 integer ATTRIBUTE PPPD-Upstream-Speed-Limit 230 integer ATTRIBUTE PPPD-Downstream-Speed-Limit 231 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-1 232 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-1 233 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-2 234 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-2 235 integer ATTRIBUTE PPPD-Upstream-Speed-Limit-3 236 integer ATTRIBUTE PPPD-Downstream-Speed-Limit-3 237 integer
Move it to the / usr / abills foldertar -xf abills-0.37.tgz
MySQL setupmv abills / usr /
Install
Next, you need to create a database for AbillSapt-get install mysql-server
Now the database dump from the catalog with abills needs to be entered into the databasemysql -u root -p CREATE DATABASE abills;
mysql -u root -p abills <abills.sql
Install Apache
apt-get install apache2
Add mod_rewrite support.
ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
Editing / etc / apache2 / sites-enabled / 000-default
<VirtualHost *>
DocumentRoot / usr / abills / cgi-bin /
Alias / abills "/ usr / abills / cgi-bin /"
<Directory "/ usr / abills / cgi-bin">
<IfModule mod_rewrite.c>
Rewriteengine on
RewriteCond% {HTTP: Authorization} ^ (. *)
RewriteRule ^ (. *) - [E = HTTP_CGI_AUTHORIZATION:% 1]
Options Indexes ExecCGI SymLinksIfOwnerMatch
</ IfModule>
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
#Options ExecCGI
<Files ~ "\. (Db | log) $">
Order allow, deny
Deny from all
</ Files>
</ Directory>
#Admin interface
<Directory "/ usr / abills / cgi-bin / admin">
AddHandler cgi-script .cgi
Options Indexes ExecCGI FollowSymLinks
AllowOverride none
DirectoryIndex index.cgi
order deny, allow
allow from all
</ Directory>
</ VirtualHost>
* Here the habr eats some tags, you can take a portion from here
Now install the packages for perl
We restart apacheapt-get install libdbi-perl libdbd-mysql-perl libdigest-md4-perl libdigest-sha1-perl libcrypt-des-perl
/etc/init.d/apache2 restart
Configuring abills
In the folder / usr / abills / libexec we execute cp config.pl.default config.pl, then we edit config.pl We
specify the correct details for access to the database, we also change
$ conf {MAX_SESSION_TRAFFIC} = 2047;
$ conf {periodic_check} = 'yes';
$ conf {ERROR_ALIVE_COUNT} = 10;In / etc / crontab we putwww-data ALL = NOPASSWD: / usr / abills / misc / pppd_kill
We set read and write permissions by the web server for web interface files* / 5 * * * * root / usr / abills / libexec / billd -all 1 0 * * * root / usr / abills / libexec / periodic daily 1 0 1 * * root / usr / abills / libexec / periodic monthly
Create the missing directories:chown -Rf www-data / usr / abills / cgi-bin
mkdir / usr / abills / backup chown www-data / usr / abills / backup
We execute apt-get install snmp
We edit the file /usr/abills/Abills/defs.conf
2.9 Install pptpd$ SNMPWALK = '/ usr / bin / snmpwalk'; $ Gzip = '/ bin / gzip'; $ MYSQLDUMP = '/ usr / bin / mysqldump';
apt-get install pptpd
Editing / etc / ppp / options
+ chap
Editing / etc / ppp / pptpd-options
# require-mppe-128 # require-mschap-v2 plugin radius.so plugin radattr.so debug ms-dns 192.168.160.1
Editing /etc/pptpd.conf
ppp / usr / sbin / pppd option / etc / ppp / pptpd-options debug localip 192.168.160.1
Restart pptpd /etc/init.d/pptpd restart
To add a speed limiter, add it to / etc / ppp / ip-up
if [-f /var/run/radattr.$1]
then
DOWNSPEED = `/ usr / bin / awk '/ PPPD-Downstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1`
UPSPEED = `/ usr / bin / awk '/ PPPD-Upstream-Speed-Limit / {print $ 2}' / var / run / radattr. $ 1`
FILTERS = `/ usr / bin / awk '/ Filter-Id / {print $ 2}' / var / run / radattr. $ 1`
#echo $ DOWNSPEED
#echo $ UPSPEED
#echo $ FILTERS
/ sbin / tc qdisc del dev $ 1 root> / dev / null
/ sbin / tc qdisc del dev $ 1 ingress> / dev / null
##### speed server-> client
if ["$ UPSPEED"! = "0"];
then
/ sbin / tc qdisc add dev $ 1 root handle 1: htb default 20 r2q 1
/ sbin / tc class add dev $ 1 parent 1: classid 1: 1 htb rate $ {UPSPEED} kbit burst 4k
/ sbin / tc class add dev $ 1 parent 1: 1 classid 1:10 htb rate $ {UPSPEED} kbit burst 4k prio 1
/ sbin / tc class add dev $ 1 parent 1: 1 classid 1:20 htb rate $ {UPSPEED} kbit burst 4k prio 2
/ sbin / tc qdisc add dev $ 1 parent 1:10 handle 10: sfq perturb 10 quantum 1500
/ sbin / tc qdisc add dev $ 1 parent 1:20 handle 20: sfq perturb 10 quantum 1500
/ sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
/ sbin / tc filter add dev $ 1 parent 1: 0 protocol ip prio 10 u32 match ip protocol 1 0xff flowid 1:10
/ sbin / tc filter add dev $ 1 parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u160x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:10
fi
##### speed client-> server
if ["$ DOWNSPEED"! = "0"];
then
/ sbin / tc qdisc add dev $ 1 handle ffff: ingress
/ sbin / tc filter add dev $ 1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate $ {DOWNSPEED} kbit burst 12k drop flowid: 1
fi
fi3 Configuring AbillS
Open the admin web interface at yourhost / admin
Username / password abills / abills they can then be changed.
We go System configuration-> NAS
Ip we write 127.0.0.1
Choose the type pppd: pppd + Radius
Alive (sec.): 120
RADIUS Parameters (,): Acct-Interim-Interval = 60
Now we add IP POOLs
we set 192.168.160.2-192.168.160.254
Then it remains to create tariffs and users, enjoy;)
Cross-post from my blog