Install FreeRadius on CentOS 5 or 6 in just 3 commands!

Inspired by my previous post here: How to install a PPTPD VPN server on Centos 6.X in just 4 commands I wanted to make an installer for FreeRadius that could be achieved in as little steps as PPTPD.

And here we go, FreeRadius in 3 steps (or 5 if you’re using CentOS 5).

What you will need for this tutorial

  1. A VPS with Centos 5.x or 6.x (32 or 64 bit is ok)
  2. About 2 minutes of free time! (yes it’s that quick!)
  3. Putty terminal already connected to your server, ready to go!

Need a VPS? I highly recommend DigitalOcean if you are shopping around, pretty quick support and their entire website is perfectly automated. It’s a very impressive place to hang out!

Let’s begin, and finish in one step!

Simply copy and paste the appropriate set of commands below for your OS version into your putty session:

CentOS 6:

yum install -y git
cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git
cd FreeRadiusQuickScript && bash install.centos6.sh

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum install -y git
cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git
cd FreeRadiusQuickScript && bash install.centos5.sh

Once the final command from the lists above is input, my installer will start. It will ask you for two new passwords at the beginning, these are (in order of appearance):

Radius SQL User Password – this is the password that FreeRadius will use to connect to MySQL to verify logins sent to it for authorization.

Localhost Auth Request Secret – This is the secret that applications running on localhost will pass to FreeRadius to verify they are allowed to query.

Both of these have a default password set in the installer, so if you aren’t to bothered about security you can just hit enter for both of these without entering a thing.

Why does CentOS5 have a couple extra steps?

CentOS 5 was released back when Git was still a lil baby, and so it wasn’t in the repos for CentOS5. However we can add it in by using the few extra commands above our quick install script.

Ok I am done, what should I do now?

I recommend that if you’re actually doing to use this application for something other than fun you read the tutorial here:  Installing FreeRadius on CentOS 5/6 or Ubuntu 11 for a more in depth explination about FreeRadius and it’s configuration files.

However if you already know all this or don’t care here are the next steps you should take (and with links on how to do them!)

  1. Secure your MySQL installation!
    We didn’t set a password for root in MySQL during this install, which means anyone can gain access to MySQL using root with no password. MySQL comes with a utility to help us with that called “mysql_secure_installation”, you can execute it by running this in your terminal “/usr/bin/mysql_secure_installation“, or you can read the tutorial on this here: Securing your new MySQL installation with /usr/bin/mysql_secure_installation
  2. Authorize additional servers to use your new FreeRadius server!
    At the moment only applications on the same server as FreeRadius only have access to FreeRadius’s authorization abilities, wouldn’t it be nice to only maintain one configuration of logins across multiple servers and applications? You need to add a few entries to your /etc/raddb/clients.conf (CentOS6) or /etc/freeradius/clients.conf (CentOS5) to do this, or you can read my tutorial on this here: Authorzing External Servers to use your FreeRadius Server
  3. Add additional user accounts to your FreeRadius server!
    If you only needed the one login for your purposes then FreeRadius is severely overkill, so you need to add more user accounts to the MySQL database we created during the script called ‘radius’, within that database is a table called ‘radcheck’ and that’s were you need to add more accounts. If you like however I have an tutorial on how to do this here: Adding and removing users from the FreeRadius Database (MySQL)

How to install a PPTPD VPN server on Centos 6.X in just 4 commands

First off, a big special thanks goes out to “Drew Moris” for the script we will use today. You can view the original post on his website for this script here: http://drewsymo.com/2013/11/how-to-install-pptp-vpn-server-on-centos-6-x/

Today we’re going to install a PPTPD VPN Server in just a few commands – Setting up a PPTPD server can be a little fiddly and can sometimes be tricky, however thanks to a bit of ingenuity of Drew’s, we can knock over a fully working installation of PPTPD in just a few moves, let’s get started!

What you will need to do this tutorial:

  1. A VPS or Dedicated server that is running CentOS 6.x, don’t worry this script is architecture independent, x86 or 64 will be fine.
  2. About 5 minutes of time and an already primed session of Putty ready to go
  3. OpenVZ users only: There is always that one special kid in the class isn’t there? You will need to do 2 more things which are:
    1. Please make sure you enable both TUN/TAP and PPP in your VPN Control Panel
    2. There is an extra IPTables rule you will need to add that is at the end of this tutorial, please make sure you do!

Need a VPS? I highly recommend DigitalOcean if you are shopping around, pretty quick support and their entire website is perfectly automated. It’s a very impressive place to hang out!

Okay, let’s begin!

In your ready to go putty session run the following commands:

yum install -y git
cd /opt && git clone git://github.com/drewsymo/VPN.git
cd VPN && bash vpn-setup-vanilla.sh

OpenVZ Users (One last thing)

You need to also run an additional command for IPTables so your data is routed correctly:

iptables -t nat -A POSTROUTING -j SNAT --to-source x.x.x.x

Just replace the x.x.x.x with the IP address of your venet0 IP.

Final Thoughts

The best test to perform after a script job is to make sure that if the server reboots that everything comes back online automatically and without you having to do anything to help it.

As great as this script from Drew is, a security concern is that you’re blindly installing a script from the internet that may have been altered maliciously since Drew made it or I wrote about it (without anyone knowing of course). So I wouldn’t recommend this as a script to use in a serious application, unless you download it yourself first and eyeball it from beginning to end. However if you’re just doing this for fun or research and you’re not a hacker, filthy rich or Julian Assange then you should be pretty fine using it however you wish! 🙂

Enjoy!

Xavier.