====== Accel-PPP — сборка и установка на Debian 12 / Debian 13 ======
==== 0) Переменные для Debian 12 / Debian 13 ====
# Debian 12:
export CPACK_TYPE=Debian12
# Debian 13:
export CPACK_TYPE=Debian13
==== 1) Зависимости ====
apt update
apt install -y build-essential cmake gcc kmod \
linux-headers-$(uname -r) git \
libpcre2-dev libssl-dev liblua5.1-0-dev
==== 2) Клонирование исходников ====
cd /opt
git clone https://github.com/accel-ppp/accel-ppp.git accel-ppp-code
cd accel-ppp-code
git checkout master
==== 3) Сборка и установка .deb ====
mkdir -p /opt/accel-ppp-code/build
cd /opt/accel-ppp-code/build
cmake
-DBUILD_IPOE_DRIVER=TRUE
-DBUILD_VLAN_MON_DRIVER=TRUE
-DRADIUS=TRUE
-DSHAPER=TRUE
-DLUA=TRUE
-DCMAKE_INSTALL_PREFIX=/usr
-DKDIR=/usr/src/linux-headers-$(uname -r)
-DCPACK_TYPE=${CPACK_TYPE}
..
make -j"$(nproc)"
cpack -G DEB
ls -1 .deb
apt install -y ./.deb
==== 4) Автозагрузка модулей (и сразу подгрузить их сейчас) ====
=== 4.1. Модули “на ребут” ===
cat >/etc/modules-load.d/accel-ppp.conf <<'EOF'
8021q
ifb
sch_htb
sch_sfq
sch_ingress
cls_u32
act_mirred
ipoe
vlan_mon
EOF
=== 4.2. Подгрузить модули ===
modprobe 8021q || true
modprobe ifb || true
modprobe sch_htb || true
modprobe sch_sfq || true
modprobe sch_ingress || true
modprobe cls_u32 || true
modprobe act_mirred || true
modprobe ipoe || true
modprobe vlan_mon || true
==== 5) IFB интерфейс (создать сейчас + автоматически при загрузке) ====
=== 5.1. Unit, который гарантирует ifb0 ===
cat >/etc/systemd/system/ifb.service <<'EOF'
[Unit]
Description=Create IFB device ifb0 for Accel-PPP shaper
After=systemd-modules-load.service
Before=accel-ppp.service
[Service]
Type=oneshot
ExecStart=/sbin/modprobe ifb
ExecStart=/bin/sh -c '/sbin/ip link show ifb0 >/dev/null 2>&1 || /sbin/ip link add ifb0 type ifb'
ExecStart=/sbin/ip link set ifb0 up
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
=== 5.2. Активировать ifb ===
systemctl daemon-reload systemctl enable --now ifb
==== 6) RADIUS словари ====
mkdir -p /etc/accel-ppp/radius
cat >/etc/accel-ppp/radius/dictionary.mikbill <<'EOF'
ATTRIBUTE DHCP-Router-IP-Address 241 ipaddr
ATTRIBUTE DHCP-Mask 242 integer
ATTRIBUTE L4-Redirect 243 integer
ATTRIBUTE L4-Redirect-ipset 244 string
ATTRIBUTE DHCP-Option82 245 octets
ATTRIBUTE AccelRemoteId 246 octets
ATTRIBUTE AccelCircuitId 247 octets
EOF
==== 7) Конфиг accel-ppp и lua ====
=== 7.1. Пример /etc/accel-ppp.conf ===
cat >/etc/accel-ppp.conf <<'EOF'
[modules]
log_file
radius
shaper
sigchld
ipoe
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=2
[ipoe]
username=lua:macuser
lua-file=/etc/accel-ppp.lua
lease-time=300
max-lease-time=302
attr-dhcp-client-ip=Framed-IP-Address
attr-dhcp-router-ip=DHCP-Router-IP-Address
attr-dhcp-mask=DHCP-Mask
attr-l4-redirect=L4-Redirect
attr-l4-redirect-ipset=L4-Redirect-ipset
l4-redirect-ipset=l4
shared=0
ifcfg=1
mode=L2
start=dhcpv4
proto=100
interface=enp0s8
verbose=1
[dns]
dns1=4.2.2.2
dns2=8.8.8.8
[radius]
dictionary=/usr/share/accel-ppp/radius/dictionary
dictionary=/etc/accel-ppp/radius/dictionary.mikbill
nas-identifier=Accel-IPoE
nas-ip-address=192.168.0.182
server=192.168.0.184,secret,auth-port=1812,acct-port=1813,req-limit=0,fail-time=5
dae-server=0.0.0.0:3799,secret
verbose=1
timeout=10
max-try=9
acct-timeout=5
acct-delay-time=0
log-file=/var/log/accel-ppp/radius.log
[shaper]
attr=Filter-Id
ifb=ifb0
up-limiter=htb
down-limiter=htb
cburst=1375000
r2q=10
quantum=1500
leaf-qdisc=sfq perturb 10
verbose=0
[client-ip-range]
disable
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/var/log/accel-ppp/debug.log
copy=1
level=4
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
EOF
=== 7.2. Пример /etc/accel-ppp.lua ===
cat >/etc/accel-ppp.lua <<'EOF'
function macuser(pkt)
return pkt:hdr('chaddr')
end
function opt82_v1(pkt)
v,b1,b2,b3,b4,b5,b6=string.unpack(pkt:agent_remote_id(),'bbbbbb')
return string.format("%02x:%02x:%02x:%02x:%02x:%02x", b1,b2,b3,b4,b5,b6)
end
function opt82_v2(pkt)
if pkt:agent_circuit_id() ~= nil then
if string.len(pkt:agent_remote_id()) ~= 0 then
v,b1,b2,b3,b4,b5,b6=string.unpack(pkt:agent_remote_id(),'bbbbbb')
return string.format("%02x:%02x:%02x:%02x:%02x:%02x", b1,b2,b3,b4,b5,b6)
elseif (string.len(pkt:agent_remote_id()) == 0 and string.len(pkt:agent_circuit_id()) ~= 0) then
m1=string.sub(pkt:agent_circuit_id(),'-15','-14')
m2=string.sub(pkt:agent_circuit_id(),'-13','-12')
m3=string.sub(pkt:agent_circuit_id(),'-11','-10')
m4=string.sub(pkt:agent_circuit_id(),'-9','-8')
m5=string.sub(pkt:agent_circuit_id(),'-7','-6')
m6=string.sub(pkt:agent_circuit_id(),'-5','-4')
local username=m1..':'..m2..':'..m3..':'..m4..':'..m5..':'..m6
return username
end
else
return pkt:hdr('chaddr')
end
end
==== 8) Старт accel-ppp ====
systemctl daemon-reload systemctl enable --now accel-ppp
Быстрая проверка
ip link show ifb0
journalctl -u ifb -n 50 --no-pager
journalctl -u accel-ppp -n 200 --no-pager
tail -n 50 /var/log/accel-ppp/emerg.log