1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
Overview
--------
The ACCEL-PPTP v1.0 is completly new implementation of PPTP/PPPoE/L2TP which was written from null.
Userspace daemon has its own PPP implementation, so it does not uses pppd and one process (multi-threaded) manages all connections.
ACCEL-PPTP uses kernel module to increase performance and decrease system usage.
It is not fully tested yet so not recomended to use in production.
Also v1.0 is oriented for servers and does not containes client part, if you need client please use v0.8.x
Features
--------
1. Modular architecture
2. High-performance multi-threaded I/O core
3. Supported PPTP
4. Supported PPPoE
5. Supported L2TPv2 (without IPsec)
5. Radius authentication/accounting
6. Radius DM/CoA extention
7. Supported authentication types: PAP, CHAP (md5), Microsoft CHAP Extentions (including version 2), not supported - EAP
8. Supported MPPE
9. Compression is not supported
10. Extensible logging engine with per session logging support, implemented log to file, log to remote host and log to PostgreSQL targets
11. Extensible user/password database, implemented Radius, pppd compatible chap-secrets sources
12. Extensible IP pool, implemented Radius, chap-secrets and static pools
13. Supported pppd compatible ip-up/ip-down scripts
14. Builtin tbf shaper manager
15. Command line interface via telnet
Requirment
----------
1. modern linux distribution
2. kernel-2.6.25 or later
4. cmake-2.6 or later
5. libnl-2.0 or probably later (required for builtin shaper)
Compilation and instalation
-----------
Make sure you have configured kernel headers in /usr/src/linux,
or specify other location via KDIR.
1. cd /path/to/accel-pptp-1.3.1
2. mkdir build
3. cd build
4. cmake [-DBUILD_DRIVER=FALSE] [-DKDIR=/usr/src/linux] [-DCMAKE_INSTALL_PREFIX=/usr/local] [-DCMAKE_BUILD_TYPE=Release] [-DLOG_PGSQL=FALSE] [-DSHAPER=FALSE] [-DRADIUS=TRUE] ..
Please note that the double dot record in the end of the command is essential. You'll probably get error or misconfigured sources if you miss it.
BUILD_DRIVER, KDIR, CMAKE_INSTALL_PREFIX, CMAKE_BUILD_TYPE, LOG_PGSQL, SHAPER, RADIUS are optional,
But while pptp is not present in mainline kernel you probably need BUILD_DRIVER.
For example:
cmake -DBUILD_DRIVER=TRUE ..
will configure sources to build pptp driver, search kernel headers at /usr/src/linux, install to /usr/local,
build with no debug, pgsql and shaper support, build with radius support.
5. If you want to use chap-secrets for authentication purpose then you need to disable radius support, configure as following:
cmake -DBUILD_DRIVER=TRUE -DRADIUS=FALSE ..
of course you can include additional options if needed.
6. make
7. make install
Configuration
-------------
read man accel-pptp.conf
Built-in shaper
--------------
accel-pptp supports tbf based shaper manager.
To enable it uncomment shaper_tbf in [modules] section.
It accepts radius attrbutes in various formats: rate, down-rate/up-rate and cisco-like. Values have to be in kilobits except cisco-like.
For example:
Filter-Id=1000 (means 1000Kbit both up-stream and down-stream rate)
Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)
To change radius attribute which containes rate information use 'attr' option, for example:
[tbf]
attr=My-Custom-Rate-Attribute
of course this attribute have to be in radius dictionary.
To specify different attributes for down-stream and up-stream rates use 'attr-down' and 'attr-up' options, for example:
[tbf]
attr-down=PPPD-Downstream-Speed
attr-up=PPPD-Upstream-Speed
If you want to use cisco-like format configure accel-pptp as following:
[tbf]
vendor=Cisco
attr=Cisco-AVPair
and send two attributes:
Cisco-AVPair=lcp:interface-config#1=rate-limit input 2000000 8000 8000 conform-action transmit exceed-action drop (which means 2000Kbit up-stream rate and 8Kb burst)
Cisco-AVPair=lcp:interface-config#1=rate-limit output 2000000 8000 8000 conform-action transmit exceed-action drop (which means 2000Kbit down-stream rate and 8Kb burst)
Advanced shaper using
---------------------
1. Burst configuration.
If you not using cisco-format then burst calculates from rate and specified burst factors.
To specify burst factors use 'down-burst-factor' and 'up-burst-factor' options, for example:
[tbf]
down-burst-factor=1.0
up-burst-factor=10.0
which means that burst for tbf qdisc will be calculated as down-stream rate multiply to 1.0 and burst for policer will be calculated as up-stream rate multiply to 10.0.
2. Time ranges.
You can specify time ranges to authomatic rate reconfiguration.
To specify time ranges use following sample configuration:
[tbf]
time-range=1,1:00-3:00
time-range=2,3:00-5:00
time-range=3,5:00-7:00
first number is time range identifier.
To specify time range specific rates use following format of radius attributes: range-id,rate, range-id,down-rate/up-rate or cisco-like, for example:
Filter-Id=1000
Filter-Id=1,2000
Filter-Id=2,3000
Filter-Id=3,4000
which means: set 1000Kbit by default, set 2000Kbit in time range 1, set 3000Kbit in time range 2, set 4000Kbit in time range 3.
You have to pass multiple Filter-Id attributes to utilize this functionality.
Or cisco-like:
Cisco-AVPair=lcp:interface-config#1=rate-limit output access-group 1 1000000 8000 8000 conform-action transmit exceed-action drop
Cisco-AVPair=lcp:interface-config#1=rate-limit input access-group 1 1000000 8000 8000 conform-action transmit exceed-action drop
ans so on...
Warning !!!
-----------
1. The pptp driver conflicts with ip_gre driver (in kernel), so make sure that ip_gre is not built-in or loaded at run time
(don't matter if you have 2.6.37 or later kernel).
2. Never mix connections of accel-pptp and original pptpd, before starting accel-pptp make sure that no connections
of original pptpd exists.
Thanks
------
Thanks to Kirill Yushkov for debug support and donations.
Contacts
--------
http://accel-pptp.sourceforge.net/
mail: xeb@mail.ru
ICQ: 337258064
Jabber: xeb@xeb.homelinux.net
|