This article shows how to setup VPNs with freeradius and daloradius web UI.

Step 1:  setup connection between daloradius and mysql

Daloradius is an open source web UI for radius.  Its project webpage is:

http://sourceforge.net/projects/daloradius/

The INSTALL guide could be found in the root folder of daloradius.  In a brief, you should setup a new database uses the schema in contrib/db/ and provides database information to library/daloradius.conf.php.  If you uses freeradius 2.X versions, make sure you set the radius version as ’2′ in daloradius.conf.php.  The usergroup table name was misconfigured as “usergroup”.  Make sure you change it to “radusergroup” in daloradius.conf.php.

After setup, you can login daloradius as administrator.

Notice:

The latest version in SVN is highly recommend.  The stable version 0.9.8 is not compatible with Freeradius 2.X versions.

Now the 0.9.9 is highly recommended.  It is compatible with Freeradius 2.X versions.

The daloradius needs php pear db module.  Make sure the module is installed in your php environment and the path to the module is included in the php.ini configuration file.

Step 2: setup connect between freeradius and mysql

Almost all the configuration file now is provided in daloradius SVN contrib/configs/.  Replace the configuration file in freeradius with ones in daloradius, counter.conf, sql.conf, radiusd.conf and the default site configuration in site-enabled folder.

Then setup the database access in sql.conf.

Step 3: Setup first user and test

If you uses the configuration file provided by daloradius, the NAS information is set to find in database, not file.

Therefore first, add a new NAS in daloradius NAS section, the IP address could be 127.0.0.1  Then add a new user in daloradius.

Start freeradius, it could be “freeradius -X”

Test the user connectivity in daloradius.  If everything is OK, it should return “Accepted”.

Notice:

If you want to use simultaneous session count only by database, by the default site file in daloradius config schema, the session is counted both in radutmp and database.  In the session section of the site file, I commented radutmp.  In the sql.conf, I enabled the simultaneous count.  This would make the radius only count the simultaneous session in database, without file written.

Step 4: Setup PPP radius plugin

Usually ppp radius plugin is not included in Debian, or other distributions.  To get ppp radius plugin, you can download pppd source and run “./configure” and “make”. radattr.so and radius.so are the two plugin I use, which can be found in /pppd/plugins/radius/.  On my server, the IP pool is handled by file, not database.

Copy radiusclient folder out from pppd source, to someplace, such as /etc/, and configure the server and shared secrets in radiusclient/servers, if the radius server is the same server where PPP runs, the IP should be 127.0.0.1

Step 5: Setup PPTP/L2TP with radius authorization

setup PPTP/L2TP as normal, add plugin and radiusclient path in the pptpd options file.  On my server, it is

plugin /etc/radiusclient/radius.so
plugin /etc/radiusclient/radattr.so
radius-config-file /etc/radiusclient/radiusclient.conf

Till now, everything is fine.

I am not very good at writing instructions, if you have any questions, feel free to contact me.