Chap-secret is the module of authentication which works with user authentication data and other data (username, password, ip address, speed etc.) stored as local file. Currently accel-ppp may works only with one of the authentication method, chap-secrets or RADIUS. RADIUS has more priority if set in [modules] section. Remove or #comment radius from section [modules] if you want use chap-secrets. Example:




By default is chap-secrets=/etc/ppp/chap-secrets

Specifies alternate chap-secrets file location.


By default is not defined.

Specifies hash chain to calculate username hash. hash1, hash2 are openssl known digest names (md5, sha1, etc). For example, username-hash=md5,sha1 means hash username through md5 and then binary result hash through sha1. Username have to be specified as hexadecimal dump of digest result.Password field have to be encrypted using smbencrypt (NT Hash part).


By default is disabled: encrypted=0

Specifies either chap-secrets is encrypted.


Encryption is incompatible with auth_chap_md5 module.

To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default).


By default is not defined.

Specifies address to use as local address of ppp interfaces if chap-secrets is used for IP address assignment. Mask is used for IPoE.

Chap-secrets file example

#client     server      secret      ip-address      speed
user001     *           password1    20480/10240
user002     *           passowrd2   *               10240/10240
user003     *           passowrd3   ip_pool1        10240
eth0.101    *           eth0.101    ipoe_pool       20480  *   *
  • The first column contain username.

  • The second column is only keep for support chap secrets files standard.

  • The third column contain secret or password.

  • The fourth column may contain allocated ip address or pool name which configured in [ip-pool] section.

  • The fifth column contain rate-limit.