Компьютерный форум OSzone.net  

Компьютерный форум OSzone.net (http://forum.oszone.net/index.php)
-   Общий по FreeBSD (http://forum.oszone.net/forumdisplay.php?f=10)
-   -   vpn client mpd5 freebsd 7.1 (http://forum.oszone.net/showthread.php?t=136750)

legion_ 04-04-2009 00:44 1083624
vpn client mpd5 freebsd 7.1
 
доброго времени суток, мне нужна помощь в настройке vpn, я новичок в freebsd
хочу установить фри как десктоп, в будущем буду устанавливать на сервер, вообщем мне нужно создать vpn подключение

мой внутренний ip: 10.10.16.81
шлюз: 10.10.0.1
днс: 195.149.200.230
ip vpn серверва: 91.196.244.250

вообщем что я делаю:

подключаю netgraph в конфиге ядра (хотя где-то читал что это не обязательно)

# grep NETGRAPH /usr/src/sys/conf/NOTES
options NETGRAPH
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE

компилю и устанавливаю

в /etc/resolve.conf добавляю:
nameserver 195.149.200.230

прописываю роуты:
/sbin/route add -host 195.149.200.230 10.10.0.1
/sbin/route add -host 91.196.244.250 10.10.0.1

устанавливаю mpd5, скаченный с фтп freebsd.org pkg_add mpd5...
добавляю в rc.conf:
mpd_enable="YES"
mpd_mode="-b"

пока все ок, днс пингуется

лезу в mpd.conf, из sample'a беру пример

default: load pptp_client

pptp_client:

create bundle static B1
set iface up-script /usr/local/etc/mpd5/if-up.sh
set iface down-script /urs/local/etc/mpd5/if-down.sh
create link static L1 pptp
set link action bundle B1
set auth authname MY_LOGIN
set auth password MY_PASSWORD
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer vpn.mbit.ru #это 91.196.244.250 на всякий случай написал домен
set pptp disable windowing
open

создаю if-up.sh, if-down.sh исполняемыми chmod +x

содержимое if-up.sh:

#!/bin/sh
gateway_ip="10.10.0.1"

route delete $4
route add $4 $gateway_ip
route add default $4

echo $4 > /tmp/dr

содержимое if-down.sh

#!/bin/sh
gateway_ip="10.10.0.1"

dr='cat /tmp/dr'
route delete $dr
route delete default
rm -f /var/dr

вообщем интерфейс ng0 поднимается

ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
inet 195.149.202.167 --> 82.137.137.228 netmask 0xffffffff

#195.149.202.167 - мой внешний ip
однако ничего не пингуется


mpd.log:

Apr 4 10:57:20 bsd_desktop mpd: Multi-link PPP daemon for FreeBSD
Apr 4 10:57:20 bsd_desktop mpd:
Apr 4 10:57:20 bsd_desktop mpd: process 1031 started, version 5.1 (root@freebsd.org 18:20 9-Sep-2008)
Apr 4 10:57:20 bsd_desktop mpd: CONSOLE: listening on 127.0.0.1 5005
Apr 4 10:57:20 bsd_desktop mpd: web: listening on 0.0.0.0 5006
Apr 4 10:57:20 bsd_desktop mpd: [B1] Bundle: Interface ng0 created
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: OPEN event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: Open event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Initial --> Starting
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: LayerStart
Apr 4 10:57:20 bsd_desktop mpd: [L1] PPTP call successful
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: UP event
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: origination is local
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: Up event
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Starting --> Req-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: SendConfigReq #1
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0x000a0000
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM cf323781
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: rec'd Configure Request #1 (Req-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0xffffffff
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM 54957460
Apr 4 10:57:20 bsd_desktop mpd: [L1] AUTHPROTO CHAP MD5
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: SendConfigAck #1
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0xffffffff
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM 54957460
Apr 4 10:57:20 bsd_desktop mpd: [L1] AUTHPROTO CHAP MD5
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Req-Sent --> Ack-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: rec'd Configure Ack #1 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACFCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] PROTOCOMP
Apr 4 10:57:20 bsd_desktop mpd: [L1] ACCMAP 0x000a0000
Apr 4 10:57:20 bsd_desktop mpd: [L1] MRU 1500
Apr 4 10:57:20 bsd_desktop mpd: [L1] MAGICNUM cf323781
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: state change Ack-Sent --> Opened
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: auth: peer wants CHAP, I want nothing
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: LayerUp
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: rec'd CHALLENGE #1 len: 43
Apr 4 10:57:20 bsd_desktop mpd: [L1] Name: ""
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: Using authname "MY_LOGIN"
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: sending RESPONSE #1 len: 30
Apr 4 10:57:20 bsd_desktop mpd: [L1] CHAP: rec'd SUCCESS #1 len: 13
Apr 4 10:57:20 bsd_desktop mpd: [L1] MESG: Welcome!!
Apr 4 10:57:20 bsd_desktop mpd: [L1] LCP: authorization successful
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: Matched action 'bundle "B1" ""'
Apr 4 10:57:20 bsd_desktop mpd: [L1] Link: Join bundle "B1"
Apr 4 10:57:20 bsd_desktop mpd: [B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: Open event
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Initial --> Starting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: LayerStart
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: Up event
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Starting --> Req-Sent
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #1
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 10.10.16.81
Apr 4 10:57:20 bsd_desktop mpd: [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol CCP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Request #1 (Req-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 82.137.137.228
Apr 4 10:57:20 bsd_desktop mpd: [B1] 82.137.137.228 is OK
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigAck #1
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 82.137.137.228
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: state change Req-Sent --> Ack-Sent
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #2
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 10.10.16.81
Apr 4 10:57:20 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:20 bsd_desktop mpd: [B1] 195.149.202.167 is OK
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPCP: SendConfigReq #3
Apr 4 10:57:20 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPADDR 195.149.202.167
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: state change Ack-Sent --> Opened
Apr 4 10:57:21 bsd_desktop mpd: [B1] IPCP: LayerUp
Apr 4 10:57:21 bsd_desktop mpd: [B1] 195.149.202.167 -> 82.137.137.228
Apr 4 10:57:21 bsd_desktop mpd: [B1] IFACE: Up event
Apr 4 10:57:23 bsd_desktop mpd: [L1] rec'd unexpected protocol IPV6CP, rejecting


заранее спасибо

legion_ 04-04-2009 21:43 1084260
пытаюсь разобраться сам, но ничего по прежнему не выходит
в лог видно что авторизуюсь на сервере, но пинг никуда не идет даже до 82.137.137.228

вот что в роутах после подключения:

Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 82.137.137.228 UGS 0 0 ng0
10.10.0.0/17 link#1 UC 0 0 re0
10.10.0.1 00:13:46:3d:d5:64 UHLW 4 1 re0 1200
82.137.137.228 10.10.0.1 UGHS 1 0 re0
91.196.244.250 10.10.0.1 UGHS 0 1567 re0
127.0.0.1 127.0.0.1 UH 0 44 lo0
195.149.200.230 10.10.0.1 UGHS 0 339 re0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#3 UHL lo0
ff01:3::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0

что-то не так с роутами, подскажите новичку :)

leonty 08-04-2009 00:57 1087423
Цитата:
Цитата legion_
подключаю netgraph в конфиге ядра (хотя где-то читал что это не обязательно) »
для клиента netgraph действительно не нужен.

Цитата:
Цитата legion_
82.137.137.228 10.10.0.1 UGHS 1 0 re0 »
чорт! как такое возможно? может я и ошибаюсь, но вот как у меня

Код:
[0:52] [leonty] /usr/ports/x11/rxvt-unicode>ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:80:48:4b:ce:51
        inet 10.26.13.120 netmask 0xffffff00 broadcast 10.26.13.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:a0:c9:39:21:26
        inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
        media: Ethernet autoselect (none)
        status: no carrier
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1400
        inet 217.149.188.243 --> 213.234.18.200 netmask 0xffffffff
 [0:52] [leonty] /usr/ports/x11/rxvt-unicode>
Код:
[0:56] [leonty] /usr/ports/x11/rxvt-unicode>netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            213.234.18.200    UGS        0  246166    ng0
10.0.0.0/8        10.26.13.1        UGS        0  295708    rl0
10.26.13.0/24      link#1            UC          0        0    rl0
10.26.13.1        00:04:80:77:a4:00  UHLW        9        0    rl0  1195
10.26.13.11        00:19:66:6a:d8:45  UHLW        1      13    rl0    198
10.26.13.41        00:80:48:28:1f:72  UHLW        1        3    rl0    653
10.26.13.95        00:18:f3:6f:b0:75  UHLW        1        3    rl0  1196
77.87.64.0/21      10.26.13.1        UGS        0        0    rl0
80.69.155.0/24    10.26.13.1        UGS        0        0    rl0
85.159.224.0/24    10.26.13.1        UGS        0        0    rl0
127.0.0.1          127.0.0.1          UH          0        2    lo0
192.168.16.0/20    10.26.13.1        UGS        0        0    rl0
192.168.32.0/19    10.26.13.1        UGS        0        0    rl0
192.168.100.0/24  link#2            UC          0        0  fxp0
195.160.244.0/22  10.26.13.1        UGS        0        0    rl0
195.245.211.0/24  10.26.13.1        UGS        0        0    rl0
213.234.18.200    217.149.188.243    UH          1        0    ng0

Internet6:
Destination                      Gateway                      Flags      Netif Expire
::1                              ::1                          UHL        lo0
fe80::%lo0/64                    fe80::1%lo0                  U          lo0
fe80::1%lo0                      link#4                        UHL        lo0
ff01:4::/32                      fe80::1%lo0                  UC          lo0
ff02::%lo0/32                    fe80::1%lo0                  UC          lo0
 [0:56] [leonty] /usr/ports/x11/rxvt-unicode>
это я к тому, что у Вас 82.137.137.228 является противоположным концом виртуального тунеля. Так почемуже путь к нему лежит через шлюз? Повторяюсь, что могу ошибаца, потому прошу поправить если что. (:

Telepuzik 08-04-2009 09:54 1087595
Цитата:
Цитата legion_
#!/bin/sh
gateway_ip="10.10.0.1"
route delete $4
route add $4 $gateway_ip
route add default $4
echo $4 > /tmp/dr
содержимое if-down.sh »
Я правильно понял что после поднятия интерфейса ng0 Вы прописываете default gateway 10.10.0.1 ?
Попробуйте не использовать скрипт if-up.sh и установить VPN соединение.

leonty 08-04-2009 11:14 1087706
у меня так

up
Код:
#!/bin/sh
# Adds new default gateway. If it exists then it'll be saved in /var/tmp/default_route_old
default_route_old=`route -n get default 2>&1 | grep gateway | awk '{print $2}'`
if [ $default_route_old ]; then
    echo $default_route_old > /var/tmp/default_route_old
    route -nq change default $4
else
    rm -f /var/tmp/default_route_old
    route -nq add default $4
fi
down
Код:
#!/bin/sh
# Returning old default gateway from file /var/tmp/default_route_old
if [ -r /var/tmp/default_route_old ]; then
    default_route_old=`cat /var/tmp/default_route_old`
    rm -f /var/tmp/default_route_old
    route -nq change default $default_route_old
else
    route -nq delete default
fi


Время: 15:00.

Время: 15:00.
© OSzone.net 2001-