Войти

Показать полную графическую версию : vpn client mpd5 freebsd 7.1


legion_
04-04-2009, 00:44
доброго времени суток, мне нужна помощь в настройке vpn, я новичок в freebsd
хочу установить фри как десктоп, в будущем буду устанавливать на сервер, вообщем мне нужно создать vpn подключение

мой внутренний ip: 10.10.16.81
шлюз: 10.10.0.1
днс: 195.149.200.230
ip vpn серверва: 91.196.244.250

вообщем что я делаю:

подключаю netgraph в конфиге ядра (хотя где-то читал что это не обязательно)

# grep NETGRAPH /usr/src/sys/conf/NOTES
options NETGRAPH
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE

компилю и устанавливаю

в /etc/resolve.conf добавляю:
nameserver 195.149.200.230

прописываю роуты:
/sbin/route add -host 195.149.200.230 10.10.0.1
/sbin/route add -host 91.196.244.250 10.10.0.1

устанавливаю mpd5, скаченный с фтп freebsd.org pkg_add mpd5...
добавляю в rc.conf:
mpd_enable="YES"
mpd_mode="-b"

пока все ок, днс пингуется

лезу в mpd.conf, из sample'a беру пример

default: load pptp_client

pptp_client:

create bundle static B1
set iface up-script /usr/local/etc/mpd5/if-up.sh
set iface down-script /urs/local/etc/mpd5/if-down.sh
create link static L1 pptp
set link action bundle B1
set auth authname MY_LOGIN
set auth password MY_PASSWORD
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer vpn.mbit.ru #это 91.196.244.250 на всякий случай написал домен
set pptp disable windowing
open

создаю if-up.sh, if-down.sh исполняемыми chmod +x

содержимое if-up.sh:

#!/bin/sh
gateway_ip="10.10.0.1"

route delete $4
route add $4 $gateway_ip
route add default $4

echo $4 > /tmp/dr

содержимое if-down.sh

#!/bin/sh
gateway_ip="10.10.0.1"

dr='cat /tmp/dr'
route delete $dr
route delete default
rm -f /var/dr

вообщем интерфейс ng0 поднимается

ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
inet 195.149.202.167 --> 82.137.137.228 netmask 0xffffffff

#195.149.202.167 - мой внешний ip
однако ничего не пингуется


mpd.log:

Apr 4 10:57:20 bsd_desktop mpd: Multi-link PPP daemon for FreeBSD
Apr 4 10:57:20 bsd_desktop mpd:
Apr 4 10:57:20 bsd_desktop mpd: process 1031 started, version 5.1 (root@freebsd.org 18:20 9-Sep-2008)
Apr 4 10:57:20 bsd_desktop mpd: CONSOLE: listening on 127.0.0.1 5005
Apr 4 10:57:20 bsd_desktop mpd: web: listening on 0.0.0.0 5006
Apr 4 10:57:20 bsd_desktop mpd: [B1] Bundle: Interface ng0 created
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: OPEN event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: Open event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Initial --> Starting
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: LayerStart
Apr 4 10:57:20 bsd_desktop mpd: [L1] PPTP call successful
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: UP event
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: origination is local
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: Up event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Starting --> Req-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: SendConfigReq #1
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0x000a0000
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM cf323781
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: rec'd Configure Request #1 (Req-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0xffffffff
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM 54957460
Apr 4 10:57:20 bsd_desktop mpd: [L1] AUTHPROTO CHAP MD5
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: SendConfigAck #1
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0xffffffff
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM 54957460
Apr 4 10:57:20 bsd_desktop mpd: [L1] AUTHPROTO CHAP MD5
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Req-Sent --> Ack-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: rec'd Configure Ack #1 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0x000a0000
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM cf323781
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Ack-Sent --> Opened
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: auth: peer wants CHAP, I want nothing
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: LayerUp
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: rec'd CHALLENGE #1 len: 43
Apr 4 10:57:20 bsd_desktop mpd: [L1] Name: ""
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: Using authname "MY_LOGIN"
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: sending RESPONSE #1 len: 30
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: rec'd SUCCESS #1 len: 13
Apr 4 10:57:20 bsd_desktop mpd: [L1] MESG: Welcome!!
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: authorization successful
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: Matched action 'bundle "B1" ""'
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: Join bundle "B1"
Apr 4 10:57:20 bsd_desktop mpd: [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: Open event
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Initial --> Starting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: LayerStart
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: Up event
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Starting --> Req-Sent
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #1
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 10.10.16.81
Apr 4 10:57:20 bsd_desktop mpd: [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol CCP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Request #1 (Req-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 82.137.137.228
Apr 4 10:57:20 bsd_desktop mpd: [B1] 82.137.137.228 is OK
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigAck #1
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 82.137.137.228
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Req-Sent --> Ack-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #2
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 10.10.16.81
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:20 bsd_desktop mpd: [B1] 195.149.202.167 is OK
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #3
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: state change Ack-Sent --> Opened
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: LayerUp
Apr 4 10:57:21 bsd_desktop mpd: [B1] 195.149.202.167 -> 82.137.137.228
Apr 4 10:57:21 bsd_desktop mpd: [B1] IFACE: Up event
Apr 4 10:57:23 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting


заранее спасибо

legion_
04-04-2009, 21:43
пытаюсь разобраться сам, но ничего по прежнему не выходит
в лог видно что авторизуюсь на сервере, но пинг никуда не идет даже до 82.137.137.228

вот что в роутах после подключения:

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 82.137.137.228 UGS 0 0 ng0
10.10.0.0/17 link#1 UC 0 0 re0
10.10.0.1 00:13:46:3d:d5:64 UHLW 4 1 re0 1200
82.137.137.228 10.10.0.1 UGHS 1 0 re0
91.196.244.250 10.10.0.1 UGHS 0 1567 re0
127.0.0.1 127.0.0.1 UH 0 44 lo0
195.149.200.230 10.10.0.1 UGHS 0 339 re0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#3 UHL lo0
ff01:3::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0

что-то не так с роутами, подскажите новичку :)

leonty
08-04-2009, 00:57
подключаю netgraph в конфиге ядра (хотя где-то читал что это не обязательно) »
для клиента netgraph действительно не нужен.

82.137.137.228 10.10.0.1 UGHS 1 0 re0 »
чорт! как такое возможно? может я и ошибаюсь, но вот как у меня

[0:52] [leonty] /usr/ports/x11/rxvt-unicode>ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:80:48:4b:ce:51
inet 10.26.13.120 netmask 0xffffff00 broadcast 10.26.13.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:a0:c9:39:21:26
inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (none)
status: no carrier
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1400
inet 217.149.188.243 --> 213.234.18.200 netmask 0xffffffff
[0:52] [leonty] /usr/ports/x11/rxvt-unicode>



[0:56] [leonty] /usr/ports/x11/rxvt-unicode>netstat -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 213.234.18.200 UGS 0 246166 ng0
10.0.0.0/8 10.26.13.1 UGS 0 295708 rl0
10.26.13.0/24 link#1 UC 0 0 rl0
10.26.13.1 00:04:80:77:a4:00 UHLW 9 0 rl0 1195
10.26.13.11 00:19:66:6a:d8:45 UHLW 1 13 rl0 198
10.26.13.41 00:80:48:28:1f:72 UHLW 1 3 rl0 653
10.26.13.95 00:18:f3:6f:b0:75 UHLW 1 3 rl0 1196
77.87.64.0/21 10.26.13.1 UGS 0 0 rl0
80.69.155.0/24 10.26.13.1 UGS 0 0 rl0
85.159.224.0/24 10.26.13.1 UGS 0 0 rl0
127.0.0.1 127.0.0.1 UH 0 2 lo0
192.168.16.0/20 10.26.13.1 UGS 0 0 rl0
192.168.32.0/19 10.26.13.1 UGS 0 0 rl0
192.168.100.0/24 link#2 UC 0 0 fxp0
195.160.244.0/22 10.26.13.1 UGS 0 0 rl0
195.245.211.0/24 10.26.13.1 UGS 0 0 rl0
213.234.18.200 217.149.188.243 UH 1 0 ng0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#4 UHL lo0
ff01:4::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
[0:56] [leonty] /usr/ports/x11/rxvt-unicode>

это я к тому, что у Вас 82.137.137.228 является противоположным концом виртуального тунеля. Так почемуже путь к нему лежит через шлюз? Повторяюсь, что могу ошибаца, потому прошу поправить если что. (:

Telepuzik
08-04-2009, 09:54
#!/bin/sh
gateway_ip="10.10.0.1"
route delete $4
route add $4 $gateway_ip
route add default $4
echo $4 > /tmp/dr
содержимое if-down.sh »
Я правильно понял что после поднятия интерфейса ng0 Вы прописываете default gateway 10.10.0.1 ?
Попробуйте не использовать скрипт if-up.sh и установить VPN соединение.

leonty
08-04-2009, 11:14
у меня так

up
#!/bin/sh
# Adds new default gateway. If it exists then it'll be saved in /var/tmp/default_route_old
default_route_old=`route -n get default 2>&1 | grep gateway | awk '{print $2}'`
if [ $default_route_old ]; then
echo $default_route_old > /var/tmp/default_route_old
route -nq change default $4
else
rm -f /var/tmp/default_route_old
route -nq add default $4
fi

down
#!/bin/sh
# Returning old default gateway from file /var/tmp/default_route_old
if [ -r /var/tmp/default_route_old ]; then
default_route_old=`cat /var/tmp/default_route_old`
rm -f /var/tmp/default_route_old
route -nq change default $default_route_old
else
route -nq delete default
fi




© OSzone.net 2001-2012