Package: accel-ppp Version: 1.14.0-0 Architecture: amd64 Maintainer: Luigi Baldoni Installed-Size: 1202 Depends: libc6 (>= 2.38), libpcre2-8-0 (>= 10.22), libssl3t64 (>= 3.0.0) Filename: amd64/accel-ppp_1.14.0-0_amd64.deb Size: 323956 MD5sum: 166f574360abb952938f894422c5d983 SHA1: 7b88c7d011942d2b7c8bcc3df6db025ecf1bbaf7 SHA256: bf067048c9224fd405eb3a34eb162b9498ffdac43fde7bfba9c62a120bb2482d Section: misc Priority: optional Description: PPtP/L2TP/PPPoE/SSTP server for Linux Overview -------- The ACCEL-PPP v1.0 is completly new implementation of PPTP/PPPoE/L2TP/SSTP which was written from scratch. Userspace daemon has its own PPP implementation, so it does not uses pppd and one process (multi-threaded) manages all connections. ACCEL-PPP uses kernel-mode implementations of pptp/l2tp/pppoe and user-mode of sstp. . . Features -------- 1. Modular architecture 2. High-performance multi-threaded I/O core 3. Supported PPTP 4. Supported PPPoE (including TR-101 extension) 5. Supported L2TPv2 (without IPsec) 5. Radius authentication/accounting 6. Radius DM/CoA extention 7. Supported authentication types: PAP, CHAP (md5), Microsoft CHAP Extentions (including version 2), not supported - EAP 8. Supported MPPE 9. Compression is not supported 10. Extensible logging engine with per session logging support, implemented log to file, log to remote host and log to PostgreSQL targets 11. Extensible user/password database, implemented Radius, pppd compatible chap-secrets sources 12. Extensible IP pool, implemented Radius, chap-secrets and static pools 13. Supported pppd compatible ip-up/ip-down scripts 14. Builtin tbf/htb shaper and clsact policer manager 15. Command line interface via telnet 16. SNMP support (master or subagent via AgentX) 17. Supported SSTP . . Requirment ---------- 1. modern linux distribution 2. kernel-2.6.25 or later 4. cmake-3.5 or later 5. libnl-2.0 or probably later (required for builtin shaper) 6. libcrypto-0.9.8 or probably later (openssl-0.9.8) 7. libpcre2 8. net-snmp-5.x 9. libssl-0.9.8 or probably later (openssl-0.9.8) . . Compilation and instalation ----------- Make sure you have configured kernel headers in /usr/src/linux, or specify other location via KDIR. 1. cd /path/to/accel-ppp-1.3.5 2. mkdir build 3. cd build 4. cmake [-DBUILD_DRIVER=FALSE] [-DKDIR=/usr/src/linux] [-DCMAKE_INSTALL_PREFIX=/usr/local] [-DCMAKE_BUILD_TYPE=Release] [-DLOG_PGSQL=FALSE] [-DSHAPER=FALSE] [-DRADIUS=TRUE] [-DNETSNMP=FALSE] .. Please note that the double dot record in the end of the command is essential. You'll probably get error or misconfigured sources if you miss it. BUILD_DRIVER, KDIR, CMAKE_INSTALL_PREFIX, CMAKE_BUILD_TYPE, LOG_PGSQL, SHAPER, RADIUS are optional, But while pptp is not present in mainline kernel you probably need BUILD_DRIVER. For example: cmake -DBUILD_DRIVER=TRUE .. will configure sources to build pptp driver, search kernel headers at /usr/src/linux, install to /usr/local, build with no debug, pgsql and shaper support, build with radius support. 5. If you want to use chap-secrets for authentication purpose then you need to disable radius support, configure as following: cmake -DBUILD_DRIVER=TRUE -DRADIUS=FALSE .. of course you can include additional options if needed. 6. make 7. make install . . Configuration ------------- read man accel-ppp.conf For DM/CoA deployments, use the `dae-allowed` option to restrict source IPs. . . Built-in shaper -------------- accel-ppp supports tbf and htb based shaper manager. It also supports clsact policer manager. To enable it uncomment shaper in [modules] section. It accepts radius attributes in various formats: rate, down-rate/up-rate and cisco-like. Values have to be in kilobits except cisco-like. For example: Filter-Id=1000 (means 1000Kbit both up-stream and down-stream rate) Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate) To change radius attribute which containes rate information use 'attr' option, for example: [shaper] attr=My-Custom-Rate-Attribute of course this attribute have to be in radius dictionary. To specify different attributes for down-stream and up-stream rates use 'attr-down' and 'attr-up' options, for example: [shaper] attr-down=PPPD-Downstream-Speed attr-up=PPPD-Upstream-Speed . If you want to use cisco-like format configure accel-ppp as following: [shaper] vendor=Cisco attr=Cisco-AVPair and send two attributes: Cisco-AVPair=lcp:interface-config#1=rate-limit input 2000000 8000 8000 conform-action transmit exceed-action drop (which means 2000Kbit up-stream rate and 8Kb burst) Cisco-AVPair=lcp:interface-config#1=rate-limit output 2000000 8000 8000 conform-action transmit exceed-action drop (which means 2000Kbit down-stream rate and 8Kb burst) . . Advanced shaper using --------------------- 1. Burst configuration. If you not using cisco-like format then burst calculates from rate and specified burst factors. To specify burst factors use 'down-burst-factor' and 'up-burst-factor' options, for example: [shaper] down-burst-factor=1.0 up-burst-factor=10.0 which means that burst for tbf/htb qdisc will be calculated as down-stream rate multiply to 1.0 and burst for policer/htb will be calculated as up-stream rate multiply to 10.0. . 2. Time ranges. You can specify time ranges to authomatic rate reconfiguration. To specify time ranges use following sample configuration: [shaper] time-range=1,1:00-3:00 time-range=2,3:00-5:00 time-range=3,5:00-7:00 first number is time range identifier. To specify time range specific rates use following format of radius attributes: range-id,rate, range-id,down-rate/up-rate or cisco-like, for example: Filter-Id=1000 Filter-Id=1,2000 Filter-Id=2,3000 Filter-Id=3,4000 which means: set 1000Kbit by default, set 2000Kbit in time range 1, set 3000Kbit in time range 2, set 4000Kbit in time range 3. You have to pass multiple Filter-Id attributes to utilize this functionality. Or cisco-like: Cisco-AVPair=lcp:interface-config#1=rate-limit output access-group 1 1000000 8000 8000 conform-action transmit exceed-action drop Cisco-AVPair=lcp:interface-config#1=rate-limit input access-group 1 1000000 8000 8000 conform-action transmit exceed-action drop and so on... . 3. chap-secrets. If you use chap-secrets instead of radius then there is way to utilize built-in shaper too. The optional fifth column in chap-secrets file is used to pass rate information to shaper. Its format is same as for radius attributes, except you cann't utilize time ranges functionality. . . SNMP ---- SNMP is implemented using net-snmp libraries. By default accel-ppp starts in subagent mode, so make sure that net-snmp configured with subagent control turned on (read net-snmp's README.agentx for more details). Also you can start accel-ppp as master agent using following configuration: [snmp] master=1 . Usage: Place accel-pppd/extra/net-snmp/ACCEL-PPP-MIB.txt to your mibs directory. Also you can find used numerical oids in this file. 1. Requesting statistics: snmpwalk -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::accelPPPStat 2. Requesting sessions: snmptable -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::sessionsTable 3. Terminate session by session identifier (Acct-Session-ID): snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termBySID.0 = 0000000000000001 4. Terminate session by interface name: snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termByIfName.0 = ppp2 5. Terminaten session by IP address (Framed-IP-Address): snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termByIP.0 = 192.168.10.10 6. Terminate session by username: snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termByUsername.0 = user1 7. Execute cli command: snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::cli.0 = "shaper change all 1024 temp" . . chap-secrets encryption ----------------------- To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default). Username field may be kept as cleartext or hashed through some hash chain. To specify hash chain use username-hash option. For example, username-hash=md5,sha1 means hash username through md5 and then binary result hash through sha1. Username have to be specified as hexadecimal dump of digest result. Password field have to be encrypted using smbencrypt (NT Hash part). Encryption is incompatible with auth_chap_md5 module. . . Warning !!! ----------- 1. The pptp driver conflicts with ip_gre driver (in kernel), so make sure that ip_gre is not built-in or loaded at run time (don't matter if you have 2.6.37 or later kernel). 2. Don't mix connections of accel-ppp and poptop's pptpd, before starting accel-ppp make sure that no connections of pptpd exists. . . Contacts -------- http://accel-ppp.org/ mail: contact@accel-ppp.org ICQ: 337258064 Jabber: dima@accel-ppp.org Package: accel-ppp-dbgsym Source: accel-ppp Version: 1.14.0-0 Auto-Built-Package: debug-symbols Architecture: amd64 Maintainer: Luigi Baldoni Installed-Size: 1252 Depends: accel-ppp (= 1.14.0-0) Filename: amd64/accel-ppp-dbgsym_1.14.0-0_amd64.deb Size: 952728 MD5sum: 68518f8283787799fbebf3eb410b9224 SHA1: 7b6573acd4276bab9357ecd4d0a0df0c4aac0c16 SHA256: d35e45d250988dfe99bde0066545fd009890888baf2a65c1673e5c9edb647c97 Section: debug Priority: optional Description: debug symbols for accel-ppp Build-Ids: 0d29921b4053829835158508ae3dc94aad26fbf5 1418c3f68ef1df5965fb934fb2b81cedf67c445b 17a165a7a14b2b9166a612e8d877b5412031f1f6 204d54a933f6f704f99f1db3b0597e4418d62ee5 2d2f455b697309a93e29df4755d238f610f86b5f 4518ff594e653c6e1d808c5922d7909a9b8aa8b8 4815c07779cbfd6af572c4a05e0c6d91ecc63d85 52ca0cb744a5dcb553820181cd4d0e57cc88c2f4 5a48ddcfe4d6c94da9658da0346e0956599e8b97 73d2ec96f39c196800d9770fe4cf2afc9657edf7 76a564f3a795243d3227f91d7b05d8202ee2f2a3 7775cf1bdcd11e7d428756eab85909a54c87e4e2 809fa566cab10d1c52a526bd7c65392433140652 84aa374d5d33822b0f5a99fdace2f8297ceba031 9b3d9b5e3376bcb75c5b751d28a08c965ea61e10 9f6c30ce13d30a4cab2ab11eee264721b2f5fa94 a0dfeb476b5c9fe9721deeaced866d76c4c2e0bf a9eddd366b9fe29924fb641d7bb36886f477066f af060edf84d2e499ba79d3def3dda1fb4316fee2 c63544fef5d7de2435e9be7d9cc4ea91dd3c3d0d c73148dc49837ccd89bc076878b801ee42504220 d0870e663ca255347f5c4b7cbb3906940d14eeba d0dbb2da61ba524da7e8d4d2ea2fa91fdc163871 d28320b0090467b878fa62b310afebee8c835333 dd3b4b4a86aa324b804cc32add5358c256532e8a dec5efc9df5a675e34a61d16ec98fef7b0e6845e f4b515963c78348641b1fbbd269ee9d95a004e3f