Installation du serveur PPPoE avec le plugin Radius
Article librement inspiré des sites suivants :
http://blog.webdir.bg/linux-pppoe-server-with-radius-suuport/
http://lists.roaringpenguin.com/pipermail/rp-pppoe/2014q4/000478.html
Installation du serveur PPPoE
apt-get install ppp ppp-dev gcc binutils wget http://www.roaringpenguin.com/files/download/rp-pppoe-3.11.tar.gz tar xvzf rp-pppoe-3.11.tar.gz cd rp-pppoe-3.11/src/ ./configure --enable-plugin make && make install
Don’t forget “–enable-plugin” – this will build pppd plugin.
Installation du plugin radius :
apt-get install radiusclient1
Le packet radiusclient est disponible uniquement sous wheezy. Pour les versions de debian ultérieures, télécharger et installer le paquet .deb en manuel (urls ci-dessous à adapter en fonction de votre architecture)
wget http://ftp.fr.debian.org/debian/pool/main/r/radiusclient/radiusclient1_0.3.2-14_armel.deb wget http://ftp.fr.debian.org/debian/pool/main/r/radiusclient/libradius1_0.3.2-14_armel.deb dpkg -i libradius1_0.3.2-14_armel.deb dpkg -i radiusclient1_0.3.2-14_armel.deb
On édite ensuite le fichier d’options du serveur PPPoE :
vim /etc/ppp/pppoe-server-options
# PPP options for the PPPoE server # LIC: GPL logfile /var/log/ppp.log require-chap #refuse-pap #auth debug #login netmask 255.255.255.0 lcp-echo-interval 10 lcp-echo-failure 6 lcp-max-configure 10 ms-dns 208.67.222.222 ms-dns 208.67.220.220 #defaultroute #noipdefault #usepeerdns #proxyarp nobsdcomp novj novjccomp nologfd mtu 1492 mru 1492 plugin radius.so plugin radattr.so
On edite fichier de conf du client radius :
vim /etc/radiusclient/radiusclient.conf
# General settings auth_order radius login_tries 4 # maximum login tries a user has login_timeout 60 # timeout for all login tries, if this time is exceeded the user is kicked out nologin /etc/nologin issue /etc/radiusclient/issue authserver xxx.xxx.xxx.xxx # set IP address of RADIUS authentication server acctserver xxx.xxx.xxx.xxx # set IP address of RADIUS accounting server servers /etc/radiusclient/servers # file holding shared secrets used for the communicationclient and server dictionary /etc/radiusclient/dictionary login_radius /usr/sbin/login.radius seqfile /var/run/radius.seq mapfile /etc/radiusclient/port-id-map default_realm radius_timeout 10 # time to wait for a reply from the RADIUS server radius_retries 3 login_local /bin/login # program to execute for local login nas_identifier nas100 # set NAS indentifier name
On edite aussi la configuration des serveurs radius :
vim /etc/radiusclient/servers
# Make sure that this file is mode 600 (readable only to owner)! # #Server Name or Client/Server pair Key #---------------- --------------- xxx.xxx.xxx.xxx RADIUS_server_secret thisissecret
On laisse le reste de la configuration par défaut.
Pour finir, on démarre le serveur PPPoE:
pppoe-server -L 10.90.226.86 -I zeoip0 -I zeoip1 -N 1200 -C epsilon-ppp -S epsilon-ppp -T 300 -k -m 1492
Loading tweets...