Reply
SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Accel-PPP for EdgeOS, Debian package

I'm working on a EdgeOS/MIPS debian package for Accel-PPP.

 

Link to: Accel-ppp main site

Link to: Accel-PPP on github and on sourceforge

Link to : Vyatta CLI (by forum user 'fgrep') on github

Link to : UBNT Community Thread on the subject

 

It is far superior to current implement and features : 

  • Extensible modular architecture
  • High-performance multi-threaded I/O core
  • Supported PPTP
  • Supported PPPoE (including TR-101 extension)
  • Supported L2TPv2
  • Supported SSTP (incl. via unix sockets and proxy protocol)
  • Supported IPoE (start session by DHCPv4 or unclassified packet)
  • Radius authentication/accounting
  • Radius DM/CoA extention
  • Supported authentication types: PAP, CHAP (md5), Microsoft CHAP Extentions (including version 2), not supported - EAP
  • Supported MPPE
  • Compression is not supported
  • Extensible logging engine with per session logging support, implemented log to file, log to remote host and log to PostgreSQL targets
  • Extensible user/password database, implemented Radius, pppd compatible chap-secrets sources
  • Extensible IP pool, implemented Radius, chap-secrets and static pools
  • Supported pppd compatible ip-up/ip-down scripts
  • Builtin shaper manager
  • Command line interface via telnet
  • SNMP support (master or subagent via AgentX)
  • IPv6 support including builtin Neighbor Discovery and DHCPv6
  • All PPTP, PPPoE, L2TP tunnels are kernel-mode so don't produce system overhead like user-space mode tunnels.

 

When all the automation work is done, I'll host the packages. For now I'll put it on dropbox.

 

Complete:

  • Debian Wheezy VM with MIPS cross-compile enviorment using 'debootstrap'.
  • Scripts to streamline/automate all steps from git pull/clone to .deb package build.
  • Build Prefix: -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release -DRADIUS=TRUE -DSHAPER=TRUE -DLOG_PGSQL=FALSE -DNETSNMP=FALSE -DLIB_SUFFIX=""
  • MIPS Big Endian compatible

 

Roadmap:

  • Automate snapshots build and host on webserver
  • UBNT/OCTEON version specific kernel build
  • VYATTA CLI
  • MIPS Little Endian

Build based on this github branch

Compatible with : ERPoE-5, ER(PRO)-8, ER-4, ER-6P, EP-R8

Download link (dropbox) : accel-ppp_7370247_mips.deb

 

Install method:

  • Copy to /tmp on EdgeOS device, using scp or similar
  • sudo dpkg -i /tmp/accel-ppp_7370247_mips.deb

Configuration sample : '/etc/accel-ppp.conf.dist'

Configuration file: '/etc/accel-ppp/accel-ppp.conf'

 

  • Changes since 1.11.2
    Spoiler
    * Merge branch 'master' of ssh://git.code.sf.net/p/accel-ppp/code
    * ipoe: use vendor option for attr_dhcp_opt82_xxx too
    * Merge branch 'master' of https://github.com/xebd/accel-ppp
    * Merge pull request #50 from themiron/sstp
    * sstp: fix proxy proto v1 over ipv6
    * ipoe: lua: introduced ipaddr field to session object
    * sstp: implement configurable http error response incl. redirect
    * sstp: http: add verbose response logging
    * ipoe: use lua function to generate username for UP sessions too
    * ipoe: lua: introduced hwaddr field to session object
    * triton: fixed improper locking
    * ipoe: do not bring interface down on session termination in shared=0 mode
    * man: fixed typo
    * ipoe: introduced ip-unnumbered per-interface option
    * ipoe: do not remove address on session finish if ifcfg=1
    * ifcfg: assign p-t-p address if mask=32 and regular address in other cases
    * ipoe: small fix for previous commit
    * ipoe: improved mac change detection
    * ipoe: do not wait packet from ipoe kernel module in "shared=0,start=up" mode ipoe: pass mask to ifcfg in ip unnumbered mode
    * ifcfg: assign address using ipaddr_add_peer instead SIOCSIFADDR/SIOCSIFDSTADDR
    * move contrib/centos/centos.cmake -> cmake/centos/centos.cmake
    * shaper: "change" command: consider value to be in simple format
    * Merge pull request #48 from themiron/sstp
    * sstp: fix connection drop with global mppe=required option
    * sstp: fix coexistance of host-name= & port= options
    * radius: initialize rad_attr_t::raw field on newly inserted attributes
    * radius: allow CoA/DM by single username attribute
    * ipoe: assign default values to verbose and unit-cache if not specified on config reload
    * ppp: move call connect_ppp_channel to appropriate place (when noauth=1)
    * auth: fix re-authentication of peer in all chap modules
    * auth: avoid sending duplicate CHAP Failure messages in mschap-v1 and mschap-v2
    * auth: fix missing CHAP Success message in chap-md5
    * ipoe_mod: fixed ipv6 from non-shared mode (v2)
    * Merge branch 'master' of https://github.com/xebd/accel-ppp
    * Merge pull request #46 from nuclearcat/master
    * Compiling fix for 4.15+ kernels
    * ipoe_mod: fixed ipv6 from non-shared mode
    * ipoe_mod: accept ipv6 packets from link-local address if session does not exists
    * terminate program gracefully by SIGINT
    * Merge pull request #43 from themiron/sstp
    * triton: prevent alloc_context function to be inlined (fixes improper stack size calculation)
    * pppoe: fixed invalid behaviour after changing pado-delay
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * Merge pull request #45 from themiron/cppcheck-fixes
    * fix build error with VALGRIND defined
    * fix possible null pointer dereferences
    * removed accel-dp mentioning from config file
    * Merge pull request #44 from themiron/alloca-crash
    * ppp: fix use-after-free in ppp_auth_failed()
    * pppoe: fixed PADO delaying function
    * triton: more general fix of thread wake up crash
    * sstp: http: improve http detection
    * sstp: http: change method error from 501 to 405
    * sstp: fix proxy-protocol support in ssl mode
    * sstp: allow access to unix socket to anyone
    * sstp: fix crash with no any accept option specified
    * sstp: unlink stray unix socket on init/bind error
    * sstp: implement proxy-protocol 1 & 2 support
    * sstp: implement ipv6 & unix socket support
    * sstp: implement accept list option
    * removed accel-dp mentioning from config file
    * radius: add support for route priority (metric) in Framed-Route
    * Merge pull request #40 from themiron/accel-cmd-password
    * accel-cmd: add -P/--password support
    * radius: fixed invalid behaviour when route to radius server is not existing
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * Merge pull request #39 from themiron/pptp-max-mtu
    * Merge pull request #38 from themiron/ipoe-pd-gateway
    * pptp: add the ppp-max-mtu option to match l2tp & sstp
    * ipv6: dhcpv6: fix PD linklocal route for ipoe clients
    * pppd_compat: call ip-down even if ip-up is not specified
    * Merge pull request #37 from themiron/ppp-mru-fixes
    * ppp: fix mtu/mru negotiation in preallocate/unit-cache modes
    * ipoe: use DHCP-Server-Identifier attribute as siaddr if DHCP-Server-IP-Address is not supplied
    * ipoe: improved handling of DHCP Request for nonexistent sessions
    * ppp: fixed bug in ppp_terminate
    * ipoe: ipv6: generate intf_id only if not set by upper layer
    * cmake: add error messages if postgresql or snmp libraries not found
    * Merge branch 'master' of https://github.com/xebd/accel-ppp
    * Merge pull request #35 from themiron/ipv6-pool-fixes
    * updated default config file
    * cli: show sessions: added uptime-raw columnt to print uptime in seconds
    * ipv6: dhcpv6: route all PD via one linklocal gateway
    * ipv6: dhcpv6: fix iaid logging
    * ipv6: dhcpv6: fix serverid overflow lead do dhcpv6 malfunction
    * ipv6: consolidate and fix interface-id address generation for non-/128
    * ipv6: use macro for unspecified address ckecking
    * ipv6: fix host scope routes
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * Merge pull request #34 from themiron/sstp
    * sstp: drop unnecessary ssl reinitialization
    * Merge branch 'master' of ssh://git.code.sf.net/p/accel-ppp/code
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * Merge pull request #31 from themiron/sstp
    * ipoe: do not create ipoe interface with server's ifindex
    * Merge branch 'master' of /home/dima/git/accel-ppp
    * cmake: added CPACK_TYPE=Debian9
    * cmake: reworked debian related package generation rules
    * ipoe_mod: use least byte of hwaddr as hash key
    * sstp: reuse general logging framework
    * sstp: add man & readme records
    * sstp: possible sync ppp mode fix
    * sstp: fix default max mtu to fit standard 1500 media
    * ipoe: implemented ipv6 in shared mode
    * sstp: add generic base for parsing http header values, improve host-name checking
    * sstp: log current SSL mode for reference
    * sstp: optimize SSL context & config reload handling
    * sstp: fix obsolete contexts leak
    * sstp: rework certificate load, fix build issue with some openssl version
    * sstp: fix va_start/va_end usage on x64 platforms
    * sstp: http: protect against oversized headers and improve parsing
    * sstp: implement HTTP host header and TLS SNI checking
    * sstp: drop ssl_mode_auto_retry, not required afer 7945857927b4cedab365ba86934d771281eeb213
    * sstp: use HTTP status code 510 for HTTP method errors
    * sstp: http: get rid of static reply buffer
    * sstp: fix eof result of ssl read/write ops although no harm was really happened
    * sstp: allow colons in cert-hash-* hex values
    * sstp: use ssl-keyfile option for certificate private key
    * sstp: treat SSL errors as EIO
    * sstp: keep default ssl ciphers for better compatibility
    * sstp: allow to prefer server ciphers with ssl-prefer-server-ciphers option
    * sstp: implement Crypto Binding's Certificate hash & proto checking per 3.3.5.2.3
    * sstp: implement Crypto Binding attr & nonce checking per 3.3.5.2.3
    * sstp: fix thread crash on certificate-error diconnect
    * sstp: zero allocated packets, fix non-zero reserved fields
    * sstp: make sstp great again. simplify ssl handlers, fix crashes, move to async ppp
    * sstp: implement ifname option support
    * sstp: allow 3 nak replies per 3.3.5.2.2
    * sstp: implement preliminar sstp protocol support
    * ipv6: ignore "unspecified address" (::/128)
    * ipoe: check noauth option in [auth] section too
    * Merge pull request #30 from themiron/alloca-crash
    * triton: fix crash due gcc mis-optimization of alloca()
    * ipoe,vlan_mon: updated up to kernel 4.14
    * ipoe: include server's mac into weight notify packet to be used as additional key when weights are equal
    * ipoe: implemented new load balancing mechanism
    * triton: fixed bugs introduced by previous commit
    * shaper: install ifb filter for all protocols
    * move version message to top
    * get rid of deprecated readdir_r
    * reworked context priorities
    * shaper: install skbedit filter for all protocols
    * ipv6: implemented special handling of /128 prefixes
    * ipv6pool: added gw-ip6-address option and special handling for /128 prefixes
    * libnetlink: added ip6addr_add_peer function
    * radius: allocate memory for string attributes
    * shaper: define UINT16_MAX if not set
    * ippool: fixed parsing /32 ranges
    * ipoe: arp: do not reply on requests from 0.0.0.0
    * ipoe: fixed memory leak
    * ipoe: rename HASH_BITS -> IPOE_HASH_BITS
    * ipoe,vlan_mon: define RHEL_MAJOR=0 if not set
    * cmake: added centos support
    * ipoe, vlan_mon: implemented support for centos 3.10 kernel
    * Merge pull request #27 from themiron/ppp-ifname
    * ppp: fix interface wildcard rename if kernel returns not zero, but picked index
    * ippool: implemented next pool support
    * radius: fixed memory leak
    * pppd_compat: mark session started if ip-up handler called
    * pppd_compat: fixed bug caused fork queue to stall
    * cmake: set INSTALL_RPATH for radius module
    * Merge pull request #26 from themiron/chap-ippool
    * chap-secrets: assume 4th field as pool name
    * Merge pull request #25 from themiron/ppp-ifname
    * chap-secrets: allow to use pool name instead of address to specify ipv4 pool
    * ppp: implement per-ctrl ppp interface rename support, may be overrided by radius
    * net-snmp: fixed crash on table request
    * ippool: rewrited parsers
    * fixed compilation error with -DRADIUS=FALSE
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * ipoe: fixed mutex deadlock
    * Merge pull request #23 from themiron/echo-fixes
    * Merge pull request #22 from themiron/l2tp-closing
    * l2tp: implement adaptive l2tp hello
    * pptp: implement adaptive pptp echo
    * pptp: fix and allow to disable echo failures counting
    * l2tp: skip obsolete session data packets from logging
    * Merge pull request #8 from scamp/master
    * Merge pull request #20 from themiron/ipv6-nd-fixes
    * Merge pull request #21 from themiron/ipv6-dhcpv6-fixes
    * Merge pull request #18 from themiron/crypto-internal-fixes
    * ipv6: dhcpv6: fix Relay-Forward message typo
    * ipv6: dhcpv6: fix Vendor-Class, Vendor-Specific and Interface-ID options print parsing
    * ipv6: nd: add non-/64 prefixes support
    * ipv6: nd: fix interface id addresses generation for prefixes > /64
    * ipv6: nd: add AdvOnLinkFlag option support
    * crypto: internal: add missed header and fix x64 build
    * ipoe: check connlimit for UP sessions
    * ipoe: fixed handling DHCP vendor-specific attributes
    * ipoe: fixed bug
    * cmake: initialize lua before radius
    * radius: implemented lua support
    * lua: implemented interface to extend session object by modules
    * Merge branch 'master' of ssh://git.code.sf.net/p/accel-ppp/code
    * lua: implemented "session" module that provides session object to be passed to lua scripts
    * move build_ip6_addr function to ipdb.c
    * Merge branch 'master' of ssh://git.code.sf.net/p/accel-ppp/code
    * wait for previous session to finish when single-session=replace
    * pppd_compat: do not call ip-down if session was not started
    * improved lua support
    * pppd_compat: fixed typo
    * pppd-compat: implemented fork-limit
    * triton: rewrited context sleeping implementation
    * pppd_compat: various improvemments
    * radius: split request queue to 2 subqueues
    * ppp: changed behaviour of lcp-echo-timeout
    * ipoe: more verbose netlink errors
    * ppp_lcp: fixed missing braces (possible bug)
    * cli: introduced ip6 and ip6-dp fields in "show sessions" command
    * ipoe: introduced interface option mtu=N
    * libnetlink: added function iplink_set_mtu
    * dhcpv6: check if prefix_len equals 0, if so do not start dhcpv6 for this sessions
    * updated contact information
    * Merge branch 'master' of github.com:xebd/accel-ppp
    * Merge pull request #11 from rsabhilash/nomru_option
    * ipoe: add client ip (second ip) as route when nat=1 (make quagga happy)
    * fix: connection problem with clients having nomru option Fixed problem while connecting with clients in which mru not negotiating lcp option is set
    * improved SIGSEGV handler
    * support for openssl-1.1
    * ipoe: implemented support for vendor specific attrbiutes
    * implemented session count limiting
    * Revert "implemented session count limiting"
    * implemented session count limiting
    * Revert "implemented session count limiting"
    * implemented session count limiting
    * Revert "implemented session count limiting"
    * shaper: fixed bug in class id allocation procedure
    * implemented session count limiting
    * ipoe: included lua bitop library
    * ipoe: implemented ability to change ipset by CoA
    * Revert "ipoe: fix lua 5.3 support"
    * ipoe: fixed bug (unexpected session start in UP mode)
    * cmake: check for pcre and openssl headers are present
    * ipoe: fix lua 5.3 support
    * net-snmp: add definition for U64 (if not set)
  • 1.11.2 release
    Spoiler
    * ipoe: assign point-to-point addresses to non-shared physical interface (prevents route cleaning by interface renaming)
    * ipoe: lua: add "vlan" field to session object
    * ipoe: fixed prefix calculation from ipaddr
    * ipoe: implemented ability to change ipset by CoA
    * ipoe: included lua bitop library
    * ipoe: implemented support for vendor specific attrbiutes
    * ipoe: add client ip as route when nat=1
    * shaper: fixed conditions to install limiter (may install only up or only down limiter)
    * shaper: fixed bug in class id allocation procedure
    * cmake: check for pcre and openssl headers are present
    * implemented session count limiting
    * support for openssl-1.1
    * fixed connection problem with clients having nomru option
  • 1.11.1 release
    Spoiler
    * ipoe: bug fix
  • 1.11.0 release
    Spoiler
    * general rewrite and improve ipoe/vlan_mon drivers
    * ipoe: generate EUI-64 interface identifier for ipv6 addresses
    * ipoe: log warning if interface was not started by vlan_mon notification
    * ipoe: introduced option "start=auto"
    * ipoe: translate UP session to dhcp session when dhcp request received (for shared=0 interfaces)
    * ipoe: implemented starting UP session by arp request
    * ipoe: log interface renaming
    * pppoe: add interface name to log messages
    * pppoe: implemented vlan_mon support
    * pppd_compat: change mode of radattr files to 0644
    * pppd_compat: check for script existance before fork
    * radius: implemented handling of Framed-Route attribute
    * radius: do not send NAS-Port and NAS-Port-Id if they are undefined
    * radius: add Delegated-IPv6-Prefix to accounting packets
    * radius: update Session-Timeout by CoA
    * shaper: implemented internal class id map
    * ppp: introduced unit-preallocate option
    * ipv6: remove ipv6 address and routes on session termination
    * vlan_mon: introduced autoclean module parameter
    * iprange: implement config reload
    * make termination caused by SIGTERM soft
    * remove pid file on exit
    * for single-session=deny make early check for duplicate username (before calling radius)
    * fixed broken "noauth" mode
  • 1.10.0 release
    Spoiler
    * ipoe: fixed mask calculation from ipaddr radius attribute
    * ipoe: fixed authentication with chap-secrets
    * ipoe: set Calling-Station-Id to client mac address for UP sessions
    * ipoe: introduced idle-timeout and session-timeout options
    * ipoe: for option password implemented special value csid
    * ipoe: change l4-redirect-ipset/l4-redirect-table by CoA
    * ipoe: don't block lua script if it raises error
    * ipoe: implemented soft session termination
    * ipoe: implemneted passing DHCP Option 82 to Radius as two separated attributes
    * ipoe: changed behavior of agent-remote-id option
    * ipoe: introduced option check-mac-change
    * ipoe: disabled udp checksum validation
    * ipoe: introduced 'calling-sid' option
    * ipoe: send client IP address in Framed-IP-Address for UP sessions
    * ipoe: implemented username=ifname for UP sessions
    * ipoe: use single socket for arp processing
    * ipoe: implemented dhcp option 58
    * ipoe: for vlan name pattern implemented %P argument - VID of parent interface
    * ipoe: implemented ability to use lua to make vlan name
    * ipoe: show sessions: intoduced new field ipoe-type to display type of session (up or dhcp)
    * ipoe: implemented interface renaming by NAS-Port-Id
    * pppoe: use single discovery socket
    * pppoe: check for tag length in print_packet function (fixes sigsegv)
    * ppp: fixed send double ConfAck when LCP is started
    * ppp: fix mtu/mru set if not negotiated on any end plus cleanup
    * ppp: set mtu and mru after unit creation
    * ppp: create ppp units after authentication
    * ppp: set unit index from NAS_Port attribute if present
    * cli: show sesisons: introduced rx-bytes,rx-pkts,tx-bytes,tx-pkts fields
    * cli: show sesisons: introduced rx-bytes-raw,tx-bytes-raw fields
    * session: implemented idle and timeout timers
    * radius: override session's idle and timeout timers values by Idle-Timeout and Session-Timeout attributes
    * shaper: fixed parsing ecn/noecn for fq_codel
    * replace mktemp with mkstemp
    * properly handle Cisco-AVPair
    * consider only rx interface counter for idle timeout calculation
    * net-snmp: export interface counters in the sessionTable

/Paetur

 

Emerging Member
Posts: 58
Registered: ‎01-07-2014
Kudos: 7

Re: Accel-PPP for EdgeOS, Debian package

Have you considered using qemu-mips inside docker containers for building (I did smth like that for bird package)? Then you can put it all in repo and prepare drone pipeline. I could provide you with my drone + gitea setup (my email - lukasz@jarosz.in ).

Ubiquiti Employee
Posts: 1,228
Registered: ‎07-20-2015
Kudos: 1444
Solutions: 81

Re: Accel-PPP for EdgeOS, Debian package

@Paetur:

It looks like this accel-ppp is swith-army-knife for PPP as it could replace existing PPP/PPPoE/PPTP/L2TP implementation.

 

Some questions:

  1. What's the benfit of using this accel-ppp comparing with current implementation? Is it faster?
  2. Is there a PPPoE/L2TP/PPTP client inside or it's server-only distribution?
New Member
Posts: 1
Registered: ‎07-17-2018

Re: Accel-PPP for EdgeOS, Debian package

Hi @Paetur

 

I'm trying to install via the .deb provided, however I get this on both Edgerouter Lite and Edgerouter 4:

 

error: genl: error talking to kernel
warn: vlan_mon: kernel module is not loaded

 

Version:      v1.10.5

 

Any suggestions? Thank you.

Emerging Member
Posts: 58
Registered: ‎01-07-2014
Kudos: 7

Re: Accel-PPP for EdgeOS, Debian package

@ubnt-afomin 

1. Did some benchmarking few years back and it was quite fast, but it wasn't exactly well designed test. As far as I remember walking through source, its core (library called triton) is built around threaded data handling, so it should scale well. Neverthless, investigation how it performs in multi processor environment is needed (because that is the direction of the EdgeMax platform?).

2. I only know that cli allows to create l2tp tunnels. I took quick look at source and it seems that routines to create and manage pppoe and pptp tunnels are here, but there is no userspace tools written for. 

 

IMHO, there is more than pure performance that drags people towards accel-ppp. First of all, rich RADIUS support (personally I require my NAS to be able to configure client connection with RADIUS attributes). Secondly, built-in shaper (sadly, unlimited internet connections are only google's thing). Thirdly, working IP pools. 

 

There is one downside that I found today, it is strongly tighted with glibc. 

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package


@broonie wrote:

Hi @Paetur

 

I'm trying to install via the .deb provided, however I get this on both Edgerouter Lite and Edgerouter 4:

 

error: genl: error talking to kernel
warn: vlan_mon: kernel module is not loaded

 

Version:      v1.10.5

 

Any suggestions? Thank you.


Hi @broonie, I did notice this as well on one of my routers.

 

I have installed it on several others without problems, also v1.10.5, but it might be from a different build, during my testing, I'll have to investigate this further.

 

I'll report back. Thanks for trying.

 

/Paetur

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package


@UBNT-afomins wrote:

@Paetur:

It looks like this accel-ppp is swith-army-knife for PPP as it could replace existing PPP/PPPoE/PPTP/L2TP implementation.

 

Some questions:

  1. What's the benfit of using this accel-ppp comparing with current implementation? Is it faster?
  2. Is there a PPPoE/L2TP/PPTP client inside or it's server-only distribution?

The current implementation on EdgeOS is useless for PPP deployments, whereas accel-ppp is even better than Tik's.

 

As @ljarosz mentioned it does have alot of benefits and is very vertasile.

 

I do however use it first and foremost as a 'PPP server application' on our POP routers, that used to be Tik routers, so I haven't check the client side of things.

 

 

I use RADIUS authentication/accounting, DM/CoA extention, IP address, 'framed-route' and PPP interface shaper, non of which current implement can do. Accel-PPP even allows several RADIUS servers.

 

It's extremly light weight, running 30+ ppp sessions with 0% CPU load on ER.

Here are a few 'accel-cmd' examples on a EP-R8 (with sensetive values masked ofcourse):

accel-showstat.pngaccel-showsessions.png

 

The configuration file the most vertasile I've seen, and can be reloaded live. Here's a config example:

Spoiler

[modules]

log_file

#log_syslog

#log_tcp

#log_pgsql

 

pptp

l2tp

#sstp

#pppoe

#ipoe

 

auth_mschap_v2

auth_mschap_v1

auth_chap_md5

auth_pap

 

radius

#chap-secrets

 

ippool

 

pppd_compat

 

#shaper

#net-snmp

#logwtmp

#connlimit

 

#ipv6_nd

#ipv6_dhcp

#ipv6pool

 

[core]

log-error=/var/log/accel-ppp/core.log

thread-count=4

 

[common]

#single-session=replace

#sid-case=upper

#sid-source=seq

#max-sessions=1000

 

[ppp]

verbose=1

min-mtu=1280

mtu=1400

mru=1400

#accomp=deny

#pcomp=deny

#ccp=0

#check-ip=0

#mppe=require

ipv4=require

ipv6=deny

ipv6-intf-id=0:0:0:1

ipv6-peer-intf-id=0:0:0:2

ipv6-accept-peer-intf-id=1

lcp-echo-interval=20

#lcp-echo-failure=3

lcp-echo-timeout=120

unit-cache=1

#unit-preallocate=1

 

[auth]

#any-login=0

#noauth=0

 

[pptp]

verbose=1

#echo-interval=30

#ifname=pptp%d

 

[pppoe]

verbose=1

#ac-name=xxx

#service-name=yyy

#pado-delay=0

#pado-delay=0,100:100,200:200,-1:500

called-sid=mac

#tr101=1

#padi-limit=0

#ip-pool=pppoe

#ifname=pppoe%d

#sid-uppercase=0

#vlan-mon=eth0,10-200

#vlan-timeout=60

#vlan-name=%I.%N

#interface=eth1,padi-limit=1000

interface=eth0

 

[l2tp]

verbose=1

#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary

#hello-interval=60

#timeout=60

#rtimeout=1

#rtimeout-cap=16

#retransmit=5

#recv-window=16

#host-name=accel-ppp

#dir300_quirk=0

#secret=

#dataseq=allow

#reorder-timeout=0

#ip-pool=l2tp

#ifname=l2tp%d

 

[sstp]

verbose=1

#cert-hash-proto=sha1,sha256

#cert-hash-sha1=

#cert-hash-sha256=

#accept=ssl,proxy

#ssl-ciphers=DEFAULT

#ssl-prefer-server-ciphers=0

#ssl-ca-file=/etc/ssl/sstp-ca.crt

#ssl-pemfile=/etc/ssl/sstp-cert.pem

#ssl-keyfile=/etc/ssl/sstp-key.pem

#host-name=domain.tld

#http-error=allow

#timeout=60

#hello-interval=60

#ip-pool=sstp

#ifname=sstp%d

 

[ipoe]

verbose=1

username=ifname

#password=username

lease-time=600

renew-time=300

max-lease-time=3600

#unit-cache=1000

#l4-redirect-table=4

#l4-redirect-ipset=l4

#l4-redirect-on-reject=300

#l4-redirect-ip-pool=pool1

shared=0

ifcfg=1

mode=L2

start=dhcpv4

#start=UP

#ip-unnumbered=1

#proxy-arp=0

#nat=0

#proto=100

#relay=10.10.10.10

#vendor=Custom

#weight=0

#attr-dhcp-client-ip=DHCP-Client-IP-Address

#attr-dhcp-router-ip=DHCP-Router-IP-Address

#attr-dhcp-mask=DHCP-Mask

#attr-dhcp-lease-time=DHCP-Lease-Time

#attr-dhcp-opt82=DHCP-Option82

#attr-dhcp-opt82-remote-id=DHCP-Agent-Remote-Id

#attr-dhcp-opt82-circuit-id=DHCP-Agent-Circuit-Id

#attr-l4-redirect=L4-Redirect

#attr-l4-redirect-table=4

#attr-l4-redirect-ipset=l4-redirect

#lua-file=/etc/accel-ppp.lua

#offer-delay=0,100:100,200:200,-1:1000

#vlan-mon=eth0,10-200

#vlan-timeout=60

#vlan-name=%I.%N

#ip-pool=ipoe

#idle-timeout=0

#session-timeout=0

#soft-terminate=0

#check-mac-change=1

#calling-sid=mac

#local-net=192.168.0.0/16

interface=eth0

 

 

[dns]

#dns1=172.16.0.1

#dns2=172.16.1.1

 

[wins]

#wins1=172.16.0.1

#wins2=172.16.1.1

 

[radius]

#dictionary=/usr/local/share/accel-ppp/radius/dictionary

nas-identifier=accel-ppp

nas-ip-address=127.0.0.1

gw-ip-address=192.168.100.1

server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=50,fail-timeout=0,max-fail=10,weight=1

dae-server=127.0.0.1:3799,testing123

verbose=1

#timeout=3

#max-try=3

#acct-timeout=120

#acct-delay-time=0

#acct-on=0

#attr-tunnel-type=My-Tunnel-Type

 

[client-ip-range]

10.0.0.0/8

 

[ip-pool]

gw-ip-address=192.168.0.1

#vendor=Cisco

#attr=Cisco-AVPair

attr=Framed-Pool

192.168.0.2-255

192.168.1.1-255,name=pool1

192.168.2.1-255,name=pool2

192.168.3.1-255,name=pool3

192.168.4.1-255,name=pool4,next=pool1

192.168.4.0/24

 

[log]

log-file=/var/log/accel-ppp/accel-ppp.log

log-emerg=/var/log/accel-ppp/emerg.log

log-fail-file=/var/log/accel-ppp/auth-fail.log

#log-debug=/dev/stdout

#syslog=accel-pppd,daemon

#log-tcp=127.0.0.1:3000

copy=1

#color=1

#per-user-dir=per_user

#per-session-dir=per_session

#per-session=1

level=3

 

[log-pgsql]

conninfo=user=log

log-table=log

 

[pppd-compat]

verbose=1

#ip-pre-up=/etc/ppp/ip-pre-up

ip-up=/etc/ppp/ip-up

ip-down=/etc/ppp/ip-down

#ip-change=/etc/ppp/ip-change

radattr-prefix=/var/run/radattr

#fork-limit=16

 

[chap-secrets]

gw-ip-address=192.168.100.1

#chap-secrets=/etc/ppp/chap-secrets

#encrypted=0

#username-hash=md5

 

[shaper]

#attr=Filter-Id

#down-burst-factor=0.1

#up-burst-factor=1.0

#latency=50

#mpu=0

#mtu=0

#r2q=10

#quantum=1500

#moderate-quantum=1

#cburst=1534

#ifb=ifb0

up-limiter=police

down-limiter=tbf

#leaf-qdisc=sfq perturb 10

#leaf-qdisc=fq_codel [limit PACKETS] [flows NUMBER] [target TIME] [interval TIME] [quantum BYTES] [[no]ecn]

#rate-multiplier=1

#fwmark=1

verbose=1

 

[cli]

verbose=1

telnet=127.0.0.1:2000

tcp=127.0.0.1:2001

#password=123

#sessions-columns=ifname,username,ip,ip6,ip6-dp,type,state,uptime,uptime-raw,calling-sid,called-sid,sid,comp,rx-bytes,tx-bytes,rx-bytes-raw,tx-bytes-raw,rx-pkts,tx-pkts

 

[snmp]

master=0

agent-name=accel-ppp

 

[connlimit]

limit=10/min

burst=3

timeout=60

 

[ipv6-pool]

#gw-ip6-address=fc00:0:1::1

fc00:0:1::/48,64

delegate=fc00:1::/36,48

 

[ipv6-dns]

#fc00:1::1

#fc00:1::2

#fc00:1::3

#dnssl=suffix1.local.net

#dnssl=suffix2.local.net.

 

[ipv6-dhcp]

verbose=1

pref-lifetime=604800

valid-lifetime=2592000

route-via-gw=1

And the list goes on... 

 

/Paetur

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package

@UBNT-afomins It also supports CLI, TCP/API, telnet and SNMP for very easy integration into any 'ecosystem' like EdgeOS Vyatta CLI and WebUI.

 

/Paetur

New Member
Posts: 36
Registered: ‎04-27-2014

Re: Accel-PPP for EdgeOS, Debian package


@UBNT-afomins wrote:

@Paetur:

It looks like this accel-ppp is swith-army-knife for PPP as it could replace existing PPP/PPPoE/PPTP/L2TP implementation.

 

Some questions:

  1. What's the benfit of using this accel-ppp comparing with current implementation? Is it faster?
  2. Is there a PPPoE/L2TP/PPTP client inside or it's server-only distribution?

@UBNT-afomins 

It really is an amazing tool, I use it here. Are you going to take a look at this? It would be amazing to have this at Edgerouter

Emerging Member
Posts: 58
Registered: ‎01-07-2014
Kudos: 7

Re: Accel-PPP for EdgeOS, Debian package

@Paetur @gustavoghpf @UBNT-afomins Maybe ubnt should consider sponsoring development of user space tools for creating clients?

New Member
Posts: 2
Registered: ‎03-22-2014

Re: Accel-PPP for EdgeOS, Debian package

[ Edited ]

 

@PaeturMaybe it can run on ER Infinity ?

 

I have one free to make some tests!

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package


@jfabiopd wrote:

 

@PaeturMaybe it can run on ER Infinity ?

 

I have one free to make some tests!


ER Infinity is also mips64, Big Endian architecture, so that should work, though I haven't tested it.

 

@don't know your topology, but I would not recommend running PPPoE server on your core router @ your NOC.

This method of PPPoE deployment is very inefficent and obselete.

 

If you however run ER XG's at your POP's (Point of presence/site's/tower's), I'm all for it.

 

/Paetur

New Member
Posts: 2
Registered: ‎03-22-2014

Re: Accel-PPP for EdgeOS, Debian package

[ Edited ]

@Paetur wrote:

@jfabiopd wrote:

 

@PaeturMaybe it can run on ER Infinity ?

 

I have one free to make some tests!


ER Infinity is also mips64, Big Endian architecture, so that should work, though I haven't tested it.

 

@don't know your topology, but I would not recommend running PPPoE server on your core router @ your NOC.

This method of PPPoE deployment is very inefficent and obselete.

 

If you however run ER XG's at your POP's (Point of presence/site's/tower's), I'm all for it.

 

/Paetur


This ER XG was our border router for a half-year or so, and went into a kernel panic after a firmware upgrade.

Since this episode this ER XG  cannot boot until tried to recover it.

 

We have a few boxes working as access concentrator, some with Mikrotik's RouterOS and one with accel-ppp over a fedora server. Here the topology is with centralized pppoe servers.

 

Back to accel-ppp!

Before you answer to my question i downloaded and installed the package. The box is in my desk now, and tonigth will make some tests in this XG with over 2 thounsand sessions and over gigabit bandwidth. Will keep this thread updated with performance and stability. If the result be good, maybe will buy another ER XG to take place of the ROS boxes and the X86 servers.

 

May you are asking why we are so confident to use a XG in this mission. I can tell you based on this x86 server stability and performance.

 

 

New Member
Posts: 36
Registered: ‎04-27-2014

Re: Accel-PPP for EdgeOS, Debian package

[ Edited ]

Does it work on EdgeOs 2.0 @Paetur ? Another question, does he accept band control in mikrotik style? I use it with X86 server here and had to apply a patch to accept the rate limit for bandwidth control in mikrotik style (because it's like the radius delivery) before compiling. Anyway, I'll test it on my ER8-Pro

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package

[ Edited ]

@broonie wrote:

Hi @Paetur

 

I'm trying to install via the .deb provided, however I get this on both Edgerouter Lite and Edgerouter 4:

 

error: genl: error talking to kernel
warn: vlan_mon: kernel module is not loaded

 

Version:      v1.10.5

 

Any suggestions? Thank you.


Hi ... Sorry for the long wait.

 

error: genl: error talking to kernel
warn: vlan_mon: kernel module is not loaded

 

Accel-ppp works without 'genl' just fine. It's just for 'vlan_mon' which isn't nessasary unless you plan to use 'ipoe'

 

You can ignore that.

 

/Paetur

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package

[ Edited ]

@gustavoghpf wrote:

Does it work on EdgeOs 2.0 @Paetur ? Another question, does he accept band control in mikrotik style? I use it with X86 server here and had to apply a patch to accept the rate limit for bandwidth control in mikrotik style (because it's like the radius delivery) before compiling. Anyway, I'll test it on my ER8-Pro


It does 'Cisco style' bandwidth control.

I use 'Radius Manager' by DMAsoftlab, that is a neat thin WebUI that sits on top of RADIUS server, and when adding NAS list, using 'Cisco' works great for 'Rate Limit', DM and CoA.

 

p.s. I also run one of my accel-ppp's on a x86 VM, very straight forward to compile and keep updated from git.

 

/Paetur

SuperUser
Posts: 4,016
Registered: ‎06-30-2010
Kudos: 1830
Solutions: 173
Contributions: 9

Re: Accel-PPP for EdgeOS, Debian package

@jfabiopd How did your massive testing go, on the XG ? Very courious.

 

/Paetur

Emerging Member
Posts: 42
Registered: ‎06-29-2018
Kudos: 6

Re: Accel-PPP for EdgeOS, Debian package

Hello @Paetur, Do you happen to know when the next release of accel-ppp might be? Right now the .deb version you have linked of Accel-PPP cannot connect to a radius server over IPv6. I see that in the current accel-ppp master branch there have been some commits to allow the required nas-ip6-address setting to be read in passed to the radius server. This would be helpful to continue to drive down IPv4 dependencies within network infrastructure. Beyond that I have accel-ppp up and running on my EdgePoint R8's doing both IPv4, IPv6 and IPv6-PD without any issues and it was relatively simple.

Thanks again for working on this and bringing it to the community. My next effort is to figure out how to get the Vyatta CLI to work as I have not figured out how to install it quite yet.
Highlighted
New Member
Posts: 36
Registered: ‎04-27-2014

Re: Accel-PPP for EdgeOS, Debian package

Any update on this?
Reply