源码包软件参考地址:
PopTop: http://poptop.sourceforge.net/
PPPd: http://ppp.samba.org/
FreeRADIUS: http://freeradius.org/
RADIUSClient: http://wiki.freeradius.org/Radiusclient
MySQL: http://www.mysql.com/
本文描述尽可能使用系统自带的软件发行包来搭建VPN,考虑到使用尽可能高版本的PPTP,freeRadius等,选择了CentOS的最新版6.2
1、安装CentOS6.5
为了简化系统,选择最下化安装,然后根据需要安装所需软件包
#yum install mysql mysql-server freeradius* pptp* gcc make
2、配置freeRadius
[root@vpn3-1 ~]# cd /etc/raddb/
[root@vpn3-1 raddb]# cp sites-available/default sites-available/default.sav
[root@vpn3-1 raddb]# vi sites-enabled/default
在所有的unix和files前面加上注释,并去掉所有sql前面的注释。如果要减少日志数量,把 detail注视掉
[root@vpn3-1 raddb]# vi radiusd.conf
去掉$include sql.conf前面的注释。
[root@vpn3-1 raddb]# vi clients.conf
添加NAS信息
#client some.host.org {
# secret = testing123
# shortname = somehost
#}
或
#client 10.10.2.3 {
# secret = testing123
# shortname = localhost2
#}
其中,每一个NAS对应一组,提供的信息有:NAS的IP或域名;加密字符串(Nas配置一致);accounting用的名字
对应localhost,已有缺省配置。
[root@vpn3-1 raddb]# vi sql.conf
# Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"
# Database table configuration for everything except Oracle
radius_db = "radius"
以上是缺省值,可根据实际需要修改的是 server、port、login、password。
[root@vpn3-1 raddb]# vi sql/mysql/dialup.conf
取消
前面的注释,把下一行注释掉。
同时如果需要打开simultanoues-use(控制同时在线用户数)的话需要把simul_query_check取消注释。
3、建立基本数据库:
[root@vpn3-1 raddb]# service mysqld start
初次启动,数据库初始化
并执行了
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h vpn3-1.xxx.com password 'new-password'
[root@vpn3-1 raddb]# mysql -u root -p
mysql> create database radius;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on radius.* to radius@localhost identified by "radpass";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
[root@vpn3-1 raddb]# mysql -uradius -p radius < /etc/raddb/sql/mysql/schema.sql
Enter password:
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Auth-Type',':=','Local');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Service-Type',':=','Framed-User');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-IP-Address',':=','255.255.255.255');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-IP-Netmask',':=','255.255.255.0');
Query OK, 1 row affected (0.00 sec)
#每60秒进行一次流量统计
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Acct-Interim-Interval',':=','60');
Query OK, 1 row affected (0.00 sec)
#最大每月5G流量
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Max-Monthly-Traffic',':=','5368709120');
Query OK, 1 row affected (0.00 sec)
#同一时刻只允许1个用户在线
mysql> INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ('user','Simultaneous-Use',':=','1');
Query OK, 1 row affected (0.00 sec)
#限制上传下载流量
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Mikrotik-Rate-Limit',':=','512k/512k');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-Protocol',':=','PPP');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-MTU',':=','1500');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ('user','Framed-Compression',':=','1');
Query OK, 1 row affected (0.00 sec)
mysql> select * from radgroupreply;
+----+-----------+-----------------------+----+-----------------+
| id | groupname | attribute | op | value |
+----+-----------+-----------------------+----+-----------------+
| 1 | user | Auth-Type | := | Local |
| 2 | user | Service-Type | := | Framed-User |
| 3 | user | Framed-IP-Address | := | 255.255.255.255 |
| 4 | user | Framed-IP-Netmask | := | 255.255.255.0 |
| 5 | user | Acct-Interim-Interval | := | 60 |
| 6 | user | Max-Monthly-Traffic | := | 5368709120 |
| 7 | user | Framed-Protocol | := | PPP |
| 8 | user | Framed-MTU | := | 1500 |
| 9 | user | Framed-Compression | := | 1 |
| 10 | user | Mikrotik-Rate-Limit | := | 512k/512k |
+----+-----------+-----------------------+----+-----------------+
10 rows in set (0.00 sec)
以上前四行是PPP用的参数,不用改动,acct-interim-interval是计算流量的间隔(600秒),意味着每隔10分钟记录当前流量。最后一行是每月最大流量,这里是5G(单位是字节)。
输入测试用户信息:
mysql> INSERT INTO radcheck (username,attribute,op,VALUE) VALUES ('test','Cleartext-Password',':=','test111');
Query OK, 1 row affected (0.00 sec)
mysql> INSERT INTO radusergroup (username,groupname) VALUES ('test','user');
Query OK, 1 row affected (0.00 sec)
mysql>
用户名与密码必须以明文/NTLM Crypt形式保存,因为MS-CHAPv2不支持MD5保存的密码。
4、测试freeRadius Server:
[root@vpn3-1 raddb]# radtest test test111 localhost 1649 testing123
radclient:: Failed to find IP address for vpn3-1.xxx.com
radclient: Nothing to send.
表明vpn3-1.xxx.com没有ip,编辑/etc/hosts
[root@vpn3-1 raddb]# vi /etc/hosts
添加vpn3-1.xxx.com对应项
[root@vpn3-1 raddb]# radtest test test111 localhost 1649 testing123
Sending Access-Request of id 171 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test111"
NAS-IP-Address = 22.19.16.250
NAS-Port = 1649
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=171, length=44
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
Acct-Interim-Interval = 600
[root@vpn3-1 raddb]#
测试成功。
5、添加在认证时检测流量的语句
打开/etc/raddb/sites-enabled/default,找到authorize一节末尾插入
update request {
Group-Name := "%{sql:SELECT groupname FROM radusergroup WHERE \
username='%{User-Name}' ORDER BY priority}"
}
if ("%{sql: SELECT SUM(acctinputoctets+acctoutputoctets)\
FROM radacct \
WHERE username='%{User-Name}' AND \
date_format(acctstarttime, '%Y-%m-%d') >= \
date_format(now(),'%Y-%m-01') AND \
date_format(acctstoptime, '%Y-%m-%d') <= \
last_day(now());}" >= \
"%{sql: SELECT value FROM radgroupreply \
WHERE groupname='%{Group-Name}' AND \
attribute='Max-Monthly-Traffic';}"\
) {
reject
}
由于第三节和本节中有非内置的attribute Max-Monthly-Traffic,所以需要在l/etc/raddb/dictionary里面定义:
ATTRIBUTE Max-Monthly-Traffic 3003 integer
**也可以通过修改/etc/raddb/sql/mysql/counter.conf 和/etc/raddb/sites-enabled/default实现相应功能
在 /etc/raddb/sql/mysql/counter.conf 文件末尾添加如下字段
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) DIV 1024 FROM radacct \
WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
启用流量统计
在 /etc/raddb/sites-enabled/default 文件的 authorize 区块中,添加 monthlytrafficcounter ,在 字典文件 /etc/raddb/dictionary 末尾添加如下两行
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
在数据库里面添加限制字段
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES \
('user','Max-Monthly-Traffic',':=','5368709120');
添加到 radgroupcheck 表示针对所有组的生效
由于 Max-Monthly-Traffic 3003 integer 整数型的最大长度为2G,如果限额超过2G,会导致认证失败,所以解决方法就是 对查询到的用户的流量,除以 1024,然后对用户的限额也除以1024,这样可以解决问题
6、设置radiusclient
centos(RHEL)上没有radiusclient包,为此,添加yum源dag
[root@vpn3-1 ~]#rpm -Uvh http://apt.sw.be/redhat/el6/en/x86_64/dag/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@vpn3-1 ~]# yum install radiusclient-ng*
[root@vpn3-1 etc]# cd /etc/radiusclient-ng/
[root@vpn3-1 radiusclient-ng]# vi radiusclient.conf
修改 authserver 和acctserver
authserver localhost:1812 #用户验证服务器(如果不是本机,请指定IP)(可以为多个,依次尝试)
acctserver localhost:1813 #用户账户记录服务器(如果不是本机,请指定IP)
*****注释掉bindaddr * (77行),pppd提示unrecognized keyword: bindaddr
[root@vpn3-1 radiusclient-ng]# vi /usr/share/radiusclient-ng/dictionary
添加
INCLUDE /usr/share/freeradius/dictionary.merit
INCLUDE /usr/share/freeradius/dictionary.microsoft
****本来想直接使用freeradius-server自带的dictionary,但是,server使用的和client用的不一致,还必须使用client自带的文件,因此上边两行要改写为
INCLUDE /usr/share/radiusclient-ng/dictionary.merit
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
其中dictionary.microsoft文件从https://dev.openwrt.org/browser/trunk/openwrt/package/ppp/files/etc/ppp/radius/dictionary.microsoft?rev=940下载
修改server:/etc/radiusclient-ng/servers
最后加上localhost secret(就是FreeRadius的/etc/raddb/clients.conf里面定义的secret )
7、安装配置pptp
[root@vpn3-1 ~]# rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
[root@vpn3-1 ~]# yum install pptpd
[root@vpn3-1 ~]# vi /etc/ppp/options.pptpd
将ms-dns设置为本地DNS或 8.8.8.8
ms-dns 8.8.8.8 #客户端首要DNS
ms-dns 8.8.4.4 #客户端次要DNS
末尾处添加
plugin /usr/lib64/pppd/2.4.5/radius.so
plugin /usr/lib64/pppd/2.4.5/radattr.so
radius-config-file /etc/radiusclient-ng/radiusclient.conf
[root@vpn3-1 ~]# vi /etc/pptpd.conf
修改pptpd.conf:
ppp路径改为/usr/sbin/pppd
option路径为/etc/options.pptpd
注释掉logwtmp避免619错误
最后的localip根据需要设置
示例:
localip 202.xxx.16.250 //vpn 服务器地址
remoteip 172.16.36.1-254 //分配给拨号PC的地址
8、测试记录
运行radiusd -X
1)连接测试,提示无法连接,/var/log/message无访问记录,关闭iptbles
2)连接测试,提示鉴定失败,/var/log/message有提示
Jan 22 13:05:19 vpn3-1 pppd[22537]: /etc/radiusclient-ng/radiusclient.conf: line 77: unrecognized keyword:
Jan 22 14:52:33 vpn3-1 pppd[1562]: rc_read_dictionary: invalid type on line 11 of dictionary /usr/share/freeradius/dictionary.microsoft
bindaddr
Jan 22 13:18:07 vpn3-1 pppd[22555]: rc_read_dictionary: couldn't open dictionary /usr/share/radiusclient-ng/dictionary: Permission denied
这是由于server使用的和client用的dictionary文件不一致,还必须使用client自带的文件
3)修改后,再次连接,radius server 反映正常,认证OK,可以建立VPN连接。但是,网络不通。
由于iptables没有启动,应该是该问题导致
4)在测试iptables时,出现了认证无法通过,radiusd -X的诊断信息有Reply-Message = "\r\nYou are already logged in - access denied\r\n\n",清空了radacct还是没有解决,最后发现:
将/etc/raddb/site-enabled/default中,session段内的radutmp注释
session {
# radutmp
#
# See "Simultaneous Use Checking Queries" in sql.conf
sql
}
9、iptables配置
编写/etc/rc.local
#
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F INPUT
iptables -F FORWARD
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -s 172.16.36.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.36.0/24 -j SNAT --to 22.xxx.16.250
iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
***注意22.xxx.16.250是服务器IP
或者编辑/etc/sysconfig/iptables
*filter
:INPUT ACCEPT [3603:650757]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -s 172.16.36.0/24 -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 172.16.36.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
-A OUTPUT -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [153:10779]
:POSTROUTING ACCEPT [4:493]
:OUTPUT ACCEPT [4:493]
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j SNAT --to-source 22.xxx.16.250
COMMIT
***注意22.xxx.16.250是服务器IP
如果要限制某些IP访问VPN服务器(一般限制内网的人访问VPN),可以在rc.local添加
iptables -A INPUT -s 10.0.0.0/8 -j DROP
或在/etc/sysconfig/iptables中插入对应项
*filter
:INPUT ACCEPT [170:34471]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 10.0.0.0/8 -j DROP
-A FORWARD -s 172.16.36.0/24 -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 172.16.36.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
-A OUTPUT -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [15:1443]
:POSTROUTING ACCEPT [3:377]
:OUTPUT ACCEPT [3:377]
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j SNAT --to-source 22.xxx.16.250
COMMIT
TroubleShooting
可能存在的错误
异常掉线的用户在daloRadius显示为在线用户
异常掉线的client无法在退出时更新radius.radacct表的acctstoptime,这些client在daloRadius里会被显示为在线用户。使用如下的命令可修复该问题,最好使用cron定期执行该任务。
mysql -uroot -p -e "UPDATE radius.radacct SET acctstoptime = acctstarttime + acctsessiontime WHERE ((UNIX_TIMESTAMP(acctstarttime) + acctsessiontime + 240 - UNIX_TIMESTAMP())<0) AND acctstoptime IS NULL;"
各表名的含义:
cat >>/usr/local/radius/etc/radiusclient/servers<<eof localhost="" testing123="" eof="" <="" pre=""><p>其中localhost可以写成服务器IP地址,testing123是认证服务器的连接密码。<br>
注:如果使用的是IP地址,记得同时修改下面设置。</p><pre class="brush:bash; first-line: 1;">sed -i 's/localhost/192.168.8.129/g' /usr/local/radius/etc/radiusclient/radiusclient.conf
</pre><h4>3.3、增加字典</h4><p>这一步很重要!否则windows客户端无法连接服务器。</p><pre class="brush:bash; first-line: 1;">wget -c http://small-script.googlecode.com/files/dictionary.microsoft
mv ./dictionary.microsoft /usr/local/radius/etc/radiusclient/
</pre><pre class="brush:bash; first-line: 1;">cat >>/usr/local/radius/etc/radiusclient/dictionary<<eof include="" usr="" local="" radius="" etc="" radiusclient="" dictionary.sip="" dictionary.ascend="" dictionary.merit="" dictionary.compat="" dictionary.microsoft="" eof="" <="" pre=""><h4>3.4、PPTP启用freeradius插件</h4><p>这一步网上一些教程没提,但很重要,否则会报错!</p><pre class="brush:bash; first-line: 1;">#sed -i 's/logwtmp/\#logwtmp/g' /etc/pptpd.conf
sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/radius/etc/radiusclient/radiusclient.conf
sed -i 's/bindaddr/\#bindaddr/g' /usr/local/radius/etc/radiusclient/radiusclient.conf
</pre><p>注:64位系统插件路径是 "/usr/lib64/pppd/2.4.5/radius.so"</p><pre class="brush:bash; first-line: 1;">cat >>/etc/ppp/options.pptpd<<eof plugin="" usr="" lib64="" pppd="" 2.4.5="" radius.so="" radius-config-file="" local="" radius="" etc="" radiusclient="" radiusclient.conf="" eof="" <="" pre=""><h4>3.5、L2TP启用freeradius插件</h4><p>L2TP 的道理也一样,你首先安装配置好L2TP/IPSec,并保证能正常使用。<br>
<a href="http://wangyan.org/blog/debian-l2tp-ipsec-vpn.html">《Debian/Ubuntu L2TP/IPSec VPN 安装笔记》</a><br>
<br>
注:64位系统插件路径是 "/usr/lib64/pppd/2.4.5/radius.so"</p><pre class="brush:bash; first-line: 1;">cat >>/etc/ppp/options.xl2tpd<<eof plugin="" usr="" lib64="" pppd="" 2.4.5="" radius.so="" radius-config-file="" local="" radius="" etc="" radiusclient="" radiusclient.conf="" eof="" <="" pre=""><h3>四、用户权限管理</h3><pre class="brush:sql; first-line: 1;">
#连接 MySQL 数据库
mysql -uroot -p123456;
# 使用 radius 数据库
USE radius;
# 添加用户test,密码test,注意是在radchec表
INSERT INTO radcheck (username,attribute,op,VALUE) VALUES ('test','Cleartext-Password',':=','test');
# 将用户test加入VIP1用户组
INSERT INTO radusergroup (username,groupname) VALUES ('test','VIP1');
# 限制同时登陆人数,注意是在radgroupcheck表
INSERT INTO radgroupcheck (groupname,attribute,op,value) VALUES ('VIP1','Simultaneous-Use',':=','3');
# 添加NAS
INSERT INTO radius.nas VALUES ('1','192.168.8.129','Toky', 'other', NULL ,'linodecn.net',NULL ,NULL ,'RADIUS Client');
# 其他(选做)
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('VIP1','Auth-Type',':=','Local');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('VIP1','Service-Type',':=','Framed-User');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('VIP1','Framed-Protocol',':=','PPP');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('VIP1','Framed-MTU',':=','1500');
INSERT INTO radgroupreply (groupname,attribute,op,value) VALUES ('VIP1','Framed-Compression',':=','Van-Jacobson-TCP-IP');
</pre><h3>五、自动启动</h3><pre class="brush:bash; first-line: 1;">#cp /usr/local/radius/sbin/rc.radiusd /etc/init.d/radiusd
#/usr/local/radius/sbin/radiusd -X
wget http://wangyan.org/download/conf/init.radiusd -P /etc/init.d/radiusd
chmod 755 /etc/init.d/radiusd
chkconfig radiusd on
/etc/init.d/radiusd start
</pre><p>参考资料:<br>
<br>
1. <a href="http://wiki.freeradius.org/SQL%20HOWTO" rel="nofollow">http://wiki.freeradius.org/SQL%20HOWTO</a><br>
2. <a href="https://tomem.info/blog/2011/04/562" rel="nofollow">https://tomem.info/blog/2011/04/562</a><br>
3. <a href="https://tomem.info/blog/2011/04/577" rel="nofollow">https://tomem.info/blog/2011/04/577</a><br>
4. <a href="http://www.xtgly.com/2011/01/05/pptpdfreeradiusmysql%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE.htm" rel="nofollow">http://www.xtgly.com/2011/01/05/...</a><br>
5. <a href="http://ichinihachi.blogspot.com/2011/02/ubuntufreeradius.html" rel="nofollow">http://ichinihachi.blogspot.com/2011/02/ubuntufreeradius.html</a><br>
<br>
更新历史:<br>
<br>
2011.08.23 ...<br>
2012.02.11 更改安装路径便于卸载、部分错误修正。</p> </eof></pre></eof></pre></eof></pre></eof>
修改配置文件/usr/local/etc/raddb/sql.conf
去掉 readclients = yes 前的#号去掉 (100行)
说明:开启数据库nas支持,否则无法限制同一用户登录数。
修改配置文件/usr/local/etc/raddb/sql/mysql/dialup.conf
找到以下内容,将前面的#号去掉(279-282行)
simul_count_query = "SELECT COUNT(*) \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
说明:开启在线人数查询支持
添加人数控制
编辑/etc/raddb/sql/mysql/dialup.conf
注释sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
并取消注释下一行
如果需要打开simultanoues-use(控制同时在线用户数)的话需要把simul_count_query取消注释
注意:我这里注释了simul_count_query,但在数据库radgroupcheck表里设定的用户数量限制仍然有效,原因未知
编辑/etc/raddb/dictionary,添加如下两行
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
编辑/etc/raddb/sites-enabled/default,找到authorize
在该区域的尾部(即“}”前一行)添加一行monthlytrafficcounter
编辑/etc/raddb/sql/mysql/counter.conf,在最后加入
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) DIV 1048576 FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) > '%b'"
}
- 微信扫码赞助
- 支付宝赞助