Различия
Здесь показаны различия между двумя версиями данной страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
abills:docs:mpd:ru [2014/11/13 15:51] sinner |
abills:docs:mpd:ru [2017/02/24 20:07] (текущий) anton [PPTP] |
||
|---|---|---|---|
| Строка 5: | Строка 5: | ||
| Установка | Установка | ||
| - | # cd /usr/ports/net/mpd[5] && make && make install | + | # cd /usr/ports/net/mpd5 && make && make install |
| - | Создать конфигурационный файл для подключения к радиусу **/etc/radius.conf** | ||
| - | |||
| - | auth 127.0.0.1:1812 radsecret 4 4 | ||
| - | acct 127.0.0.1:1813 radsecret 4 4 | ||
| - | |||
| - | 127.0.0.1 - адрес Radius сервера\\ | ||
| Функции шейпера осуществляет программа: | Функции шейпера осуществляет программа: | ||
| /usr/abills/libexec/linkupdown | /usr/abills/libexec/linkupdown | ||
| + | | ||
| + | [[abills:docs:manual:shaper_start|Дополнительная информация по шейперу]] | ||
| - | Обязательно включите следующие опции в ядро | + | Обязательно [[abills:docs:Freebsd_Core|включите следующие опции в ядро]] |
| options IPFIREWALL | options IPFIREWALL | ||
| Строка 67: | Строка 63: | ||
| client 127.0.0.1 { | client 127.0.0.1 { | ||
| - | secret = radsecret | + | secret = secretpass |
| shortname = shortname | shortname = shortname | ||
| } | } | ||
| Строка 83: | Строка 79: | ||
| # touch /var/log/mpd.log | # touch /var/log/mpd.log | ||
| + | Перезагружаем syslog | ||
| # killall -1 syslogd | # killall -1 syslogd | ||
| + | | ||
| - | [[abills:docs:mpd:old_versions|abills:docs:mpd:old_versions]] | ||
| Строка 93: | Строка 90: | ||
| Конфигурация демона | Конфигурация демона | ||
| - | ====PPTP==== | + | ====PPTP/PPPoE==== |
| **/usr/local/etc/mpd5/mpd.conf** | **/usr/local/etc/mpd5/mpd.conf** | ||
| startup: | startup: | ||
| - | # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients | + | # enable TCP-Wrapper (hosts_access(5)) to block unfriend |
| - | set global enable tcp-wrapper | + | set global enable tcp-wrapper |
| - | # configure the console old way | + | # configure the console |
| - | #set console self %MPD_CONSOLE_IP% %MPD_CONSOLE_PORT% | + | #set console self %MPD_CONSOLE_IP% %MPD_CONSOLE_PORT% |
| - | #set user %MPD_CONSOLE_USER% %MPD_CONSOLE_PASSWORD% admin | + | #set user %MPD_CONSOLE_USER% %MPD_CONSOLE_PASSWORD% admi |
| - | #set console open | + | #set console open |
| - | # Radius CoA/PoD | + | set radsrv peer %BILLING_IP% %POD_PASSWORD% |
| - | set radsrv peer %BILLING_IP% %POD_PASSWORD% | + | # set radsrv self %NAS_IP% %POD_PORT% |
| - | # set radsrv self %NAS_IP% %POD_PORT% | + | set radsrv open |
| - | set radsrv open | + | #set web self 0.0.0.0 5006 |
| - | #WEB managment | + | #set web open |
| - | #set web self 0.0.0.0 5006 | + | #Netflow options |
| - | #set web open | + | set netflow peer %MPD_NETFLOW_IP% %MPD_NETFLOW_PORT% |
| - | #Netflow options | + | set netflow self %MPD_NETFLOW_SOURCE_IP% %MPD_NETFLOW_SO |
| - | set netflow peer %MPD_NETFLOW_IP% %MPD_NETFLOW_PORT% | + | set netflow timeouts 15 15 |
| - | set netflow self %MPD_NETFLOW_SOURCE_IP% %MPD_NETFLOW_SOURCE_PORT% | + | set netflow hook 9000 |
| - | set netflow timeouts 15 15 | + | #set netflow node netflow |
| - | set netflow hook 9000 | + | log -echo -radius -rep |
| - | # Calling-Station-Id = "10.0.4.16 / 00:18:f3:5a:9f:6a / em0" | + | |
| - | set link enable report-mac | + | |
| - | #set netflow node netflow | + | |
| - | + | ||
| - | + | ||
| default: | default: | ||
| load pptp_server | load pptp_server | ||
| - | # load pppoe_server | + | load pppoe_server |
| + | |||
| Для сервере PPTP следующая секция | Для сервере PPTP следующая секция | ||
| pptp_server: | pptp_server: | ||
| - | # Define dynamic IP address pool. | + | # Define dynamic IP address pool. |
| - | # Диапазон IP адрессов, | + | set ippool add pool1 %MPD_IPPOOL_FIRST% %MPD_IPPOOL_LAST |
| - | # который присвоется VPN девайсу. | + | # Create clonable bundle template named B |
| - | set ippool add pool1 %MPD_IPPOOL_FIRST% %MPD_IPPOOL_LAST% | + | create bundle template B |
| - | | + | set iface enable proxy-arp |
| - | # Create clonable bundle template named B | + | set iface idle 1800 |
| - | create bundle template B | + | set iface enable tcpmssfix |
| - | set iface enable proxy-arp | + | set iface up-script "/usr/abills/libexec/linkupdown mpd |
| - | set iface idle 1800 | + | set iface down-script "/usr/abills/libexec/linkupdown mp |
| - | set iface enable tcpmssfix | + | set ipcp yes vjcomp |
| - | set iface up-script "/usr/abills/libexec/linkupdown mpd up" | + | # Specify IP address pool for dynamic assigment. |
| - | set iface down-script "/usr/abills/libexec/linkupdown mpd down" | + | set ipcp ranges 192.168.100.1/32 ippool pool1 |
| - | set ipcp yes vjcomp | + | set ipcp dns %DNS_SERVER% |
| - | # Specify IP address pool for dynamic assigment. | + | # The five lines below enable Microsoft Point-to-Point encryptio |
| - | set ipcp ranges 192.168.100.1/32 ippool pool1 | + | # (MPPE) using the ng_mppc(8) netgraph node type. |
| - | set ipcp dns %DNS_SERVER% | + | set bundle enable compression |
| - | # The five lines below enable Microsoft Point-to-Point encryption | + | set ccp yes mppc |
| - | # (MPPE) using the ng_mppc(8) netgraph node type. | + | set mppc yes e40 |
| - | set bundle enable compression | + | set mppc yes e128 |
| - | set ccp yes mppc | + | set mppc yes stateless |
| - | set mppc yes e40 | + | # Create clonable link template named L |
| - | set mppc yes e128 | + | create link template L pptp |
| - | set mppc yes stateless | + | # Set bundle template to use |
| - | # Create clonable link template named L | + | set link action bundle B |
| - | create link template L pptp | + | set link enable peer-as-calling |
| - | set link enable peer-as-calling | + | # Calling-Station-Id = "10.0.4.16 / 00:18:f3:5a:9f:6a / em |
| - | # Set bundle template to use | + | # set link enable report-mac |
| - | set link action bundle B | + | # Multilink adds some overhead, but gives full 1500 MTU. |
| - | # Multilink adds some overhead, but gives full 1500 MTU. | + | set link enable multilink |
| - | set link enable multilink | + | set link yes acfcomp protocomp |
| - | set link yes acfcomp protocomp | + | set link no pap chap |
| - | set link no pap chap | + | set link enable chap |
| - | set link enable chap | + | set link keep-alive 10 60 |
| - | set link keep-alive 10 60 | + | # We reducing link mtu to avoid GRE packet fragmentation |
| - | # We reducing link mtu to avoid GRE packet fragmentation | + | set link mtu 1460 |
| - | set link mtu 1460 | + | # Configure PPTP |
| - | # Configure PPTP | + | # set pptp self %VPN_SERVER_IP% |
| - | # Внешний IP на котором будет прослушиватся соединение | + | # Allow to accept calls |
| - | set pptp self %VPN_SERVER_IP% | + | set link enable incoming |
| - | load server_common | + | #load server_common |
| + | load radius | ||
| + | |||
| ===PPPOE=== | ===PPPOE=== | ||
| Для сервере PPTP следующая секция: | Для сервере PPTP следующая секция: | ||
| pppoe_server: | pppoe_server: | ||
| - | create bundle template B | + | create link template P pppoe |
| - | set iface idle 0 | + | set link disable multilink |
| - | set iface enable tcpmssfix proxy-arp | + | set link disable pap eap chap |
| - | set ipcp no vjcomp | + | set link enable chap-md5 |
| - | set iface up-script "/usr/abills/libexec/linkupdown mpd up" | + | load radius |
| - | set iface down-script "/usr/abills/libexec/linkupdown mpd down" | + | set pppoe service * |
| - | set ipcp ranges 10.10.0.1 ippool pool1 | + | set link enable peer-as-calling |
| - | set ipcp dns %DNS% | + | set ippool add pool12 192.168.16.2 192.168.19.254 |
| - | + | ##MULTI_SECTION:PPPOE_INTERFACES | |
| - | create link template L pppoe | + | #%PPPOE_INTERFACE% %DESCRIBE% |
| - | set link action bundle B | + | create bundle template %PPPOE_INTERFACE% |
| - | set pppoe acname "bras1" | + | set iface idle 1800 |
| - | set pppoe iface %PPPOE_INTERFACE% | + | set iface enable tcpmssfix |
| - | set pppoe service "*" | + | set iface up-script "/usr/abills/libexec/linkupdown mpd |
| - | load server_common | + | set iface down-script "/usr/abills/libexec/linkupdown mpd |
| + | set ipcp dns %DNS_SERVER% | ||
| + | set ipcp ranges 10.10.0.1 ippool pool1 | ||
| + | create link template %PPPOE_INTERFACE% P | ||
| + | set link action bundle %PPPOE_INTERFACE% | ||
| + | set pppoe iface %PPPOE_INTERFACE% | ||
| + | set link enable incoming | ||
| + | ##END_MULTI_SECTION | ||
| # Секции server_common, radius | # Секции server_common, radius | ||
| server_common: | server_common: | ||
| - | set link no pap eap | + | set link no pap eap |
| - | set link yes chap-md5 | + | set link yes chap-md5 |
| - | set link keep-alive 20 60 | + | set link keep-alive 20 60 |
| - | set link enable incoming | + | set link enable incoming |
| - | set link no acfcomp protocomp | + | set link no acfcomp protocomp |
| - | + | load radius | |
| - | + | ||
| - | load radius | + | |
| - | | + | |
| radius: | radius: | ||
| - | #IP, пароль и порты RADIUS-сервера | + | #IP, ▒▒▒▒▒▒ ▒ ▒▒▒▒▒ RADIUS-▒▒▒▒▒▒▒ |
| - | #set radius server 127.0.0.1 radsecret 1812 1813 | + | set radius server %RADIUS_AUTH_SERVER% %RADIUS_SECRET% %RAD |
| - | set radius config /etc/radius.conf | + | #set radius config /etc/radius.conf |
| - | set radius retries 3 | + | set radius retries 3 |
| - | set radius timeout 10 | + | set radius timeout 10 |
| - | set auth acct-update 300 | + | set auth acct-update 300 |
| - | set auth enable radius-auth | + | set auth enable radius-auth |
| - | set auth enable radius-acct | + | set auth enable radius-acct |
| - | set auth disable internal | + | set auth disable internal |
| + | |||
| Строка 256: | Строка 263: | ||
| radius: | radius: | ||
| #set radius config /etc/radius.conf | #set radius config /etc/radius.conf | ||
| - | set radius server localhost radsecret 1812 1813 | + | set radius server 127.0.0.1 secretpass 1812 1813 |
| set radius retries 3 | set radius retries 3 | ||
| set radius timeout 3 | set radius timeout 3 | ||
| Строка 317: | Строка 324: | ||
| ====Дополнительно==== | ====Дополнительно==== | ||
| - | Контроль активных сессий MPD. Программа сравнивает поднятые mpd интерфейсы и те которые прописаны в биллинге. Данную программу следует запускать на сервере доступа. | + | * Контроль активных сессий MPD. Программа сравнивает поднятые mpd интерфейсы и те которые прописаны в биллинге. Данную программу следует запускать на сервере доступа. |
| # /usr/abills/libexec/billd checkmpd NAS_IDS=... | # /usr/abills/libexec/billd checkmpd NAS_IDS=... | ||
| + | * [[http://wiki.lissyara.su/wiki/%D0%9F%D0%B5%D1%80%D0%B5%D0%B2%D0%BE%D0%B4_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D0%B0%D1%86%D0%B8%D0%B8_%D0%BF%D0%BE_mpd5|Перевод документации по mpd5]] | ||
| + | * [[abills:docs:mpd:old_versions|Старые версии MPD (не используются)]] | ||
| ====Ошибки настройки==== | ====Ошибки настройки==== | ||
| * [[abills:docs:faq:ru?&#kazhetsja_nastroil_no_nikto_ne_mozhet_podkljuchitsja|Настроил но никто не подключается]] | * [[abills:docs:faq:ru?&#kazhetsja_nastroil_no_nikto_ne_mozhet_podkljuchitsja|Настроил но никто не подключается]] | ||
| * [[http://abills.net.ua/forum/viewforum.php?f=5|Форум]] | * [[http://abills.net.ua/forum/viewforum.php?f=5|Форум]] | ||