Slackware 13.1 - POPTOP 1.3.4 / FreeRADIUS 2.1.12 / MySQL / PPPOE server ======================================================================== Public domain ******************************************************************************** NAS Server ---------- ******************************************************************************** ******************************************************************************** ### Installation cd /usr/src wget "http://downloads.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/pptpd-1.3.4.tar.gz?use_mirror=garr" tar zxf pptpd-1.3.4.tar.gz cd pptpd-1.3.4 ./configure && make && make install ******************************************************************************** ### /etc/pptpd.conf ppp /usr/sbin/pppd option /etc/ppp/options.pptpd #debug localip 10.1.1.1 remoteip 10.1.1.2-20 ******************************************************************************** ### /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 proxyarp ms-dns 8.8.8.8 lock nobsdcomp novj novjccomp nologfd ******************************************************************************** ### /etc/ppp/chap-secrets pejman pptpd 123456 * ******************************************************************************** ### /etc/rc.d/rc.pptpd #!/bin/sh # # /etc/rc.d/rc.pptpd # case "$1" in 'start') echo 'Starting pptpd ...' PID=$(pgrep '^pptpd$') if [ "$PID" == "" ] ; then /usr/local/sbin/pptpd else echo "pptpd is already running (PID: $PID) !!!" fi ;; 'stop') echo 'Stoping pptpd ...' killall pptpd ;; 'restart') echo 'Restarting pptpd ...' killall pptpd sleep 2 /usr/local/sbin/pptpd ;; *) echo "Usage: $0 [start|stop|restart]" ;; esac ******************************************************************************** ### Launch ln -sfn /usr/local/lib/pptpd/ /usr/lib/pptpd chmod +x /etc/rc.d/rc.pptpd /etc/rc.d/rc.pptpd start ******************************************************************************** Client Machine -------------- ******************************************************************************** ******************************************************************************** ### pptpclient cd /usr/src wget "http://pmoghadam.com/homepage/Pages/Deposit/Source-packages/pptp-1.7.2.tar.gz" tar zxf pptp-1.7.2.tar.gz cd /usr/src/pptp-1.7.2 make && make install mv /etc/ppp/options.pptp{,.bak} mkdir -p /etc/ppp/peers ******************************************************************************** ### /etc/ppp/options.pptp lock noauth nobsdcomp nodeflate refuse-eap proxyarp #persist maxfail 0 #debug dump logfd 2 nodetach ******************************************************************************** ### /etc/ppp/chap-secrets pejman pptp 123456 * ******************************************************************************** ### /etc/ppp/peers/pptp-peer pty "pptp 172.16.20.1 --nolaunchpppd" name pejman remotename pptp file /etc/ppp/options.pptp ******************************************************************************** ### Connection pppd call pptp-peer kill -TERM $(cat /var/run/ppp0.pid) ******************************************************************************** Radius Server ------------- ******************************************************************************** ******************************************************************************** ### FreeRADIUS cd /usr/src wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz tar zxf freeradius-server-2.1.12.tar.gz cd freeradius-server-2.1.12 ./configure --prefix=/usr/local/freeradius && make && make install if ! grep -q freeradius /etc/ld.so.conf ; then echo "/usr/local/freeradius/lib" >> /etc/ld.so.conf fi ldconfig cp /usr/local/freeradius/etc/raddb/users{,.bak-$(date +%F)} ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users pejman User-Password := "123456" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### Launch /usr/local/freeradius/sbin/radiusd -X ******************************************************************************** ### /etc/rc.d/rc.radiusd #!/bin/sh # # /etc/rc.d/rc.radiusd # case "$1" in 'start') echo 'Starting radiusd ...' PID=$(pgrep '^radiusd$') if [ "$PID" == "" ] ; then /usr/local/freeradius/sbin/radiusd else echo "radiusd is already running (PID: $PID) !!!" fi ;; 'stop') echo 'Stoping radiusd ...' killall radiusd ;; 'restart') echo 'Restarting radiusd ...' killall radiusd sleep 2 /usr/local/freeradius/sbin/radiusd ;; *) echo "Usage: $0 [start|stop|restart]" ;; esac ******************************************************************************** ### Launch chmod +x /etc/rc.d/rc.radiusd /etc/rc.d/rc.radiusd start ******************************************************************************** ### Test sed -e 's,\t, ,g' -e 's,#.*,,g' /usr/local/freeradius/etc/raddb/clients.conf | egrep -v '^#|^ *$' echo User-Name = "pejman", User-Password = "123456" | /usr/local/freeradius/bin/radclient 127.0.0.1 auth testing123 /usr/local/freeradius/bin/radtest pejman 123456 127.0.0.1 10 testing123 ******************************************************************************** NAS Server ---------- ******************************************************************************** ******************************************************************************** ### /etc/ppp/options.pptpd . . plugin /usr/lib/pppd/2.4.5/radius.so . . ******************************************************************************** ### /etc/radiusclient/servers 127.0.0.1 testing123 ******************************************************************************** ### /etc/radiusclient/dictionary . . ATTRIBUTE CHAP-Challenge 60 string INCLUDE /etc/radiusclient/dictionary.microsoft ******************************************************************************** ### /etc/ppp/chap-secrets #pejman pptpd 123456 * ******************************************************************************** ### Restart /etc/rc.d/rc.pptpd restart ******************************************************************************** Database Server --------------- ******************************************************************************** ******************************************************************************** ### MySQL Initialize mysql_install_db --user=mysql chmod +x /etc/rc.d/rc.mysqld /etc/rc.d/rc.mysqld start ******************************************************************************** ### MySQL Cleanup mysql show databases; drop database test; use mysql; show tables; select * from user; delete from mysql.user where user=''; set password for 'root'@'localhost' = password ('new-password'); set password for 'root'@'127.0.0.1' = password ('new-password'); set password for 'root'@'HOSTNAME' = password ('new-password'); exit mysql -p ******************************************************************************** ### /etc/rc.d/rc.mysqld #SKIP="--skip-networking" ******************************************************************************** ### Restart /etc/rc.d/rc.mysqld restart nmap 127.0.0.1 netstat -tunapo | grep mysql ******************************************************************************** ### radius database create database radius; use radius; source /usr/local/freeradius/etc/raddb/sql/mysql/schema.sql; show tables; ******************************************************************************** ### new group use radius; INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Compression','Van-Jacobson-TCP-IP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Protocol', 'PPP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Service-Type', 'Framed-User' ); ******************************************************************************** ### new user use radius; INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('pejman', 'normalusers', 1); INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('pejman', 'Password', '123456'); INSERT INTO radreply (UserName, Attribute, Value) VALUES ('pejman', 'Framed-IP-Address', '172.16.3.33'); ******************************************************************************** ### Check tables; use radius; select * from radgroupreply; select * from radusergroup; select * from radcheck; select * from radreply; ******************************************************************************** Radius Server ------------- ******************************************************************************** ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users # pejman Cleartext-Password := "123456" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### /usr/local/freeradius/etc/raddb/radiusd.conf . . $INCLUDE sql.conf . . ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sql.conf . . sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" #port = 3306 login = "root" password = "123456" radius_db = "radius" . . ******************************************************************************** ### Backup cp /usr/local/freeradius/etc/raddb/sites-available/default{,.bak} ******************************************************************************** ### check config expand /usr/local/freeradius/etc/raddb/sites-available/default | egrep -v '^#|^ *$|^ *#' ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sites-available/default authorize { preprocess chap mschap suffix sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } preacct { preprocess acct_unique suffix } accounting { detail unix radutmp sql attr_filter.accounting_response } session { radutmp sql } post-auth { sql exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } ******************************************************************************** ### Restart /etc/rc.d/rc.radiusd restart ******************************************************************************** PPPOE Server ------------ ******************************************************************************** ******************************************************************************** ### Commands mv /etc/ppp/options{,.bak} mv /etc/ppp/pppoe-server-options{,.bak} ******************************************************************************** ### /etc/ppp/options lock ******************************************************************************** ### /etc/ppp/pppoe-server-options require-chap noipdefault mru 1492 mtu 1492 lcp-max-configure 60 lcp-restart 2 lcp-echo-interval 30 lcp-echo-failure 4 idle 0 noipx proxyarp ms-dns 8.8.8.8 plugin radius.so plugin radattr.so #debug dump logfd 2 nodetach ******************************************************************************** ### /etc/ppp/pppoe.conf LINUX_PLUGIN=/usr/lib/pppd/2.4.5/rp-pppoe.so ******************************************************************************** ### /etc/rc.d/rc.pppoe-server #!/bin/bash # # /etc/rc.d/rc.pppoe-server # # Configuration SRVNAME="Linux-PPPOE-Server" MAXCON=250 LOCALIP=10.0.0.1 STARTIP=10.0.0.10 USRIF=eth1 HOSTNAME=$(hostname) start () { modprobe pppoe ifconfig $USRIF up /usr/sbin/pppoe-server -k -I $USRIF -N $MAXCON -C $HOSTNAME -S $SRVNAME -L $LOCALIP -R $STARTIP } case "$1" in 'start') echo 'Starting pppoe-server ...' PID=$(pgrep '^pppoe-server$') if [ "$PID" == "" ] ; then start else echo 'pppoe-server is already running !!!' fi ;; 'stop') echo 'Stoping pppoe-server ...' killall pppoe-server ;; 'restart') echo 'Restarting pppoe-server ...' killall pppoe-server sleep 2 start ;; *) echo "Usage: $0 {start|stop|restart}" ;; esac ******************************************************************************** ### /etc/rc.d/rc.local # Start FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd start fi # Start VPN server: if [ -x /etc/rc.d/rc.pptpd ]; then /etc/rc.d/rc.pptpd start fi # Start PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server start fi ******************************************************************************** ### /etc/rc.d/rc.local_shutdown #!/bin/bash # Stop PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server stop fi # Stop VPN server: if [ -x /etc/rc.d/rc.pptpd ]; then /etc/rc.d/rc.pptpd stop fi # Stop FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd stop fi ******************************************************************************** ### Commands chmod +x /etc/rc.d/rc.local_shutdown chmod +x /etc/rc.d/rc.pppoe-server /etc/rc.d/rc.pppoe-server start ******************************************************************************** _BY: Pejman Moghadam_ _TAG: poptop, pptpclient, vpn-server, vpn-client, freeradius, mysql, pppoe-server, radiusclient, radius_ _DATE: 2012-08-26 14:02:15_