Сразу начну.
Решил на freebsd настроить pptp.
Но есть проблема..
При разрешении в firewall gre трафика за пару минут
Код: Выделить всё
00013 20024614 29941119720 allow gre from any to any :shock:
Код: Выделить всё
tcpdump -i ng0
Код: Выделить всё
Мой внешний IP > VPN шлюз провайдера IP-truncated-ip - 36 bytes missing GREv6 error unknown-version
Код: Выделить всё
[B1] Bundle: Interface ng0 created
[L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] Link: origination is local
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM c526729c
[L1] LCP: rec'd Configure Reject #1 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] LCP: SendConfigReq #2
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM c526729c
[L1] LCP: rec'd Configure Ack #2 (Req-Sent)
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM c526729c
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #2 (Ack-Rcvd)
[L1] MRU 1500
[L1] MAGICNUM b8dcd93a
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigAck #2
[L1] MRU 1500
[L1] MAGICNUM b8dcd93a
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #1 len: 21
[L1] Name: ""
[L1] CHAP: Using authname "1/5845"
[L1] CHAP: sending RESPONSE #1 len: 60
[L1] CHAP: rec'd SUCCESS #1 len: 46
[L1] MESG: S=B121720EF2F2F48B66C37B91D77AAFA797C34904
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1] IPADDR 0.0.0.0
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Request #1 (Req-Sent)
[B1] IPADDR 217.78.176.70
[B1] 217.78.176.70 is OK
[B1] IPCP: SendConfigAck #1
[B1] IPADDR 217.78.176.70
[B1] IPCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: SendConfigReq #2
[B1] IPADDR 0.0.0.0
[B1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
[B1] IPADDR 217.78.182.8
[B1] 217.78.182.8 is OK
[B1] IPCP: SendConfigReq #3
[B1] IPADDR 217.78.182.8
[B1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
[B1] IPADDR 217.78.182.8
[B1] IPCP: state change Ack-Sent --> Opened
[B1] IPCP: LayerUp
[B1] my ip -> vpn gateway
[B1] IFACE: Add route 0.0.0.0/0 vpn gateway failed: File exists //Тут знаю // route delete default //route add 0.0.0.0/0 VPN GATEWAY
[B1] IFACE: Up event
mpd5.conf
Код: Выделить всё
startup:
set user admin admin
set console self 127.0.0.1 5005
set console open
set web self 127.0.0.1 5006
set web open
default:
load dialup
dialup:
create bundle static B1
set iface idle 0
set iface enable tcpmssfix
set ipcp no vjcomp
set bundle disable compression
set ccp yes mppc
set mppc yes e40
set mppc no e128
set mppc no stateless
set mppc no compress
set iface route default // Здесь исправляю тем что при запуске mpd удаляется default gateway и все встает нормально
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static L1 pptp
set link action bundle B1
set auth authname "admin"
set auth password "admin"
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer vpn.gateway
set pptp disable windowing
open
Код: Выделить всё
options NETGRAPH
options NETGRAPH_ASYNC
options NETGRAPH_BPF
options NETGRAPH_BRIDGE
options NETGRAPH_CISCO
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_GIF
options NETGRAPH_GIF_DEMUX
options NETGRAPH_HOLE
options NETGRAPH_IFACE
options NETGRAPH_IP_INPUT
options NETGRAPH_L2TP
options NETGRAPH_LMI
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_ONE2MANY
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_RFC1490
options NETGRAPH_SOCKET
options NETGRAPH_TCPMSS
options NETGRAPH_TEE
options NETGRAPH_TTY
options NETGRAPH_UI
options NETGRAPH_VJC
Маршруты
-i ng0
1.1.1.1 vpn провайдера
1.1.1.2 мой внешний VPN
-i rl0
10.10.10.1 локальный шлюз провайдера
10.10.10.2 на интерфейсе
12.12.12.10 dns провайдера
12.12.13.11 2 dns провадера
Код: Выделить всё
default 1.1.1.1 UGS 0 286 ng0
10.10.10.0/24 link#2 UC 0 0 rl0
10.10.10.1 00:14:f2:57:e8:bf UHLW 3 0 rl0 920
12.12.0.0/16 10.10.10.1 UGS 0 0 rl0
127.0.0.1 127.0.0.1 UH 0 47 lo0
1.1.1.0/24 10.122.21.1 UGS 0 882 rl0 //?
При подключении встает еще маршрут
1.1.1.1 [color=#FF4000] 1.1.1.2 [/color] ng0 Может в нем проблема
ifconfig
Код: Выделить всё
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:1d:60:27:46:b2
inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
media: Ethernet autoselect (none)
status: no carrier
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:e0:4c:b0:94:6e
inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:90:27:57:2f:4b
inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet 127.0.0.1 netmask 0xff000000
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
freebsd подключается 2 двум провайдерам:
на ней крутится почта и web, она же раздает инет для внутренней сети,
первое подключение идет через ethernet, настроен natd и pipe.
Пытаюсь настроить второе через pptp не получается/
Пробовал уже pptpclient, mpd4, вот теперь mpd5
Везде ошибка одна и та же, везде как я понимаю заворачивается gre трафик(
Пробовал отключал все лишние интерфейсы, оставлял только rl0 на vpn провайдера, все равно таже хрень.
Может я туплю просто и надо включить на ng0 nat???