MPD5 и IPFW

[frost17]

Привет народ, помогите мне решить проблему с VPN соединением, есть сервак FREEBSD 9 и на нем стоит MPD5 с IPFW, никак не могу создать подключение ВПН с удаленного компа, уже голову сломал, что не так с серваком? надеюсь с вашей помощью разберусь с этой проблемой!

Код: Выделить всё

options         IPFIREWALL
options         IPDIVERT
options         IPFIREWALL_FORWARD
options         NETGRAPH
options         NETGRAPH_ASYNC
options         NETGRAPH_BPF
options         NETGRAPH_ECHO
options         NETGRAPH_ETHER
options         NETGRAPH_HOLE
options         NETGRAPH_IFACE
options         NETGRAPH_KSOCKET
options         NETGRAPH_L2TP
options         NETGRAPH_LMI
options         NETGRAPH_MPPC_ENCRYPTION
options         NETGRAPH_ONE2MANY
options         NETGRAPH_PPP
options         NETGRAPH_PPTPGRE
options         NETGRAPH_RFC1490
options         NETGRAPH_SOCKET
options         NETGRAPH_TEE
options         NETGRAPH_TTY
options         NETGRAPH_UI
options         NETGRAPH_VJC

rc.conf

Код: Выделить всё

ifconfig_ste0="inet *.*.*.*  netmask 255.255.255.248"
ifconfig_vr0="inet 192.168.10.5  netmask 255.255.255.0"
gateway_enable="YES"
defaultrouter="84.253.98.57"
hostname="***.***"
mpd_enable="YES"
firewall_enable="YES"
firewall_script="etc/ipfw.conf"
natd_enable="YES"

mpd.conf

Код: Выделить всё

startup:
        # configure mpd users
        set user foo bar admin
        set user foo1 bar1
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open
# Default configuration is "dialup"
default:
        load pptp_server
# Define dynamic IP address pool.
        set ippool add pool1 192.168.10.50 192.168.10.60

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.10.5/24 ippool pool1
        set ipcp dns 192.168.10.5
        #set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 84.253.98.60
# Allow to accept calls
        set link enable incoming

Код: Выделить всё

fw="/sbin/ipfw -q"
vpn="192.168.10.50"
${fw} -f flush

${fw} add allow all from any to any via lo0
${fw} add allow all from any to any via vr0
${fw} add allow tcp from any to any 445
${fw} add allow tcp from any 445 to any
${fw} add allow all from any to any 1723
${fw} add allow all from any 1723 to any
${fw} add allow gre from me to any
${fw} add allow all from $vpn to any via ng
${fw} add allow all from any to $vpn via ng

ipfw show

Код: Выделить всё

00100   0     0 allow ip from any to any via lo0
00200  85  8939 allow ip from any to any via vr0
00300 850 68824 allow tcp from any to any dst-port 445
00400 678 99337 allow tcp from any 445 to any
00500  30  3060 allow ip from any to any dst-port 1723
00600  40  3400 allow ip from any 1723 to any
00700  50  3700 allow gre from me to any
00800   0     0 allow ip from 192.168.10.50 to any via ng
00900   0     0 allow ip from any to 192.168.10.50 via ng
65535 135 12924 deny ip from any to any

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[rayder]

что мпд в логах пишет при подключении?

[frost17]

что мпд в логах пишет при подключении?

Немного изменил правила фаера, где точно должно все работать, но ничего не изменилось. удаленный комп не может подключится, кстати код ошибки 619, а когда подключаешься по внешнему интерфейсу из локальной сети где сервак, то подключается но показывает маску 255.255.255.255.


ipfw.conf

Код: Выделить всё

${fw} -f flush
${fw} add allow all from any to any via lo0
${fw} add deny ip from 127.0.0.0/8 to any
${fw} add deny ip from any to 127.0.0.0/8
${fw} add allow all from any to any via vr0
${fw} add allow tcp from any to any 445
${fw} add allow tcp from any 445 to any
${fw} add allow all from me to any via ste0
${fw} add allow all from any to me 1723
${fw} add allow all from me 1723 to any
${fw} add allow gre from me to any
${fw} add allow gre from any to me
${fw} add allow tcp from any to any via ng
${fw} add allow udp from any to any via ng
${fw} add allow all from $vpn to any via ng
${fw} add allow all from any to $vpn via ng

ipfw show

Код: Выделить всё

00100   0     0 allow ip from any to any via lo0
00200   0     0 deny ip from 127.0.0.0/8 to any
00300   0     0 deny ip from any to 127.0.0.0/8
00400 535 59848 allow ip from any to any via vr0
00500   0     0 allow tcp from any to any dst-port 445
00600   0     0 allow tcp from any 445 to any
00700 101  7115 allow ip from me to any via ste0
00800  27  2632 allow ip from any to me dst-port 1723
00900   0     0 allow ip from me 1723 to any
01000   0     0 allow gre from me to any
01100  25  1405 allow gre from any to me
01200   0     0 allow tcp from any to any via ng
01300   0     0 allow udp from any to any via ng
01400   0     0 allow ip from 192.168.10.50 to any via ng
01500   0     0 allow ip from any to 192.168.10.50 via ng
65535  15  1883 deny ip from any to any

mpd.log

Код: Выделить всё

Apr  3 12:48:54 Best mpd: [L-1] Accepting PPTP connection
Apr  3 12:48:54 Best mpd: [L-1] Link: OPEN event
Apr  3 12:48:54 Best mpd: [L-1] LCP: Open event
Apr  3 12:48:54 Best mpd: [L-1] LCP: state change Initial --> Starting
Apr  3 12:48:54 Best mpd: [L-1] LCP: LayerStart
Apr  3 12:48:54 Best mpd: [L-1] PPTP: attaching to peer's outgoing call
Apr  3 12:48:54 Best mpd: [L-1] Link: UP event
Apr  3 12:48:54 Best mpd: [L-1] LCP: Up event
Apr  3 12:48:54 Best mpd: [L-1] LCP: state change Starting --> Req-Sent
Apr  3 12:48:54 Best mpd: [L-1] LCP: SendConfigReq #1
Apr  3 12:48:54 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:54 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:54 Best mpd: [L-1]   MRU 1500
Apr  3 12:48:54 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:48:54 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:48:54 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:48:54 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:48:54 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:48:54 Best mpd: [L-1] LCP: rec'd Configure Request #0 (Req-Sent)
Apr  3 12:48:54 Best mpd: [L-1]   MRU 1400
Apr  3 12:48:54 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:48:54 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:54 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:54 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:48:54 Best mpd: [L-1] LCP: SendConfigRej #0
Apr  3 12:48:54 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:48:56 Best mpd: [L-1] LCP: SendConfigReq #2
Apr  3 12:48:56 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:56 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:56 Best mpd: [L-1]   MRU 1500
Apr  3 12:48:56 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:48:56 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:48:56 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:48:56 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:48:56 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:48:56 Best mpd: [L-1] LCP: rec'd Configure Request #1 (Req-Sent)
Apr  3 12:48:56 Best mpd: [L-1]   MRU 1400
Apr  3 12:48:56 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:48:56 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:56 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:56 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:48:56 Best mpd: [L-1] LCP: SendConfigRej #1
Apr  3 12:48:56 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:48:58 Best mpd: [L-1] LCP: SendConfigReq #3
Apr  3 12:48:58 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:58 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:58 Best mpd: [L-1]   MRU 1500
Apr  3 12:48:58 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:48:58 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:48:58 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:48:58 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:48:58 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:48:59 Best mpd: [L-1] LCP: rec'd Configure Request #2 (Req-Sent)
Apr  3 12:48:59 Best mpd: [L-1]   MRU 1400
Apr  3 12:48:59 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:48:59 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:48:59 Best mpd: [L-1]   ACFCOMP
Apr  3 12:48:59 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:48:59 Best mpd: [L-1] LCP: SendConfigRej #2
Apr  3 12:48:59 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:00 Best mpd: [L-1] LCP: SendConfigReq #4
Apr  3 12:49:00 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:00 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:00 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:00 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:00 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:00 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:00 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:00 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:02 Best mpd: [L-1] LCP: SendConfigReq #5
Apr  3 12:49:02 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:02 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:02 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:02 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:02 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:02 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:02 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:02 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:03 Best mpd: [L-1] LCP: rec'd Configure Request #3 (Req-Sent)
Apr  3 12:49:03 Best mpd: [L-1]   MRU 1400
Apr  3 12:49:03 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:49:03 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:03 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:03 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:03 Best mpd: [L-1] LCP: SendConfigRej #3
Apr  3 12:49:03 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:04 Best mpd: [L-1] LCP: SendConfigReq #6
Apr  3 12:49:04 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:04 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:04 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:04 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:04 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:04 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:04 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:04 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:06 Best mpd: [L-1] LCP: SendConfigReq #7
Apr  3 12:49:06 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:06 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:06 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:06 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:06 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:06 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:06 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:06 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:07 Best mpd: [L-1] LCP: rec'd Configure Request #4 (Req-Sent)
Apr  3 12:49:07 Best mpd: [L-1]   MRU 1400
Apr  3 12:49:07 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:49:07 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:07 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:07 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:07 Best mpd: [L-1] LCP: SendConfigRej #4
Apr  3 12:49:07 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:08 Best mpd: [L-1] LCP: SendConfigReq #8
Apr  3 12:49:08 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:08 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:08 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:08 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:08 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:08 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:08 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:08 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:10 Best mpd: [L-1] LCP: SendConfigReq #9
Apr  3 12:49:10 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:10 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:10 Best mpd: [L-1]   MRU 1500
Apr  3 12:49:10 Best mpd: [L-1]   MAGICNUM 4d598bc8
Apr  3 12:49:10 Best mpd: [L-1]   AUTHPROTO CHAP MSOFTv2
Apr  3 12:49:10 Best mpd: [L-1]   MP MRRU 2048
Apr  3 12:49:10 Best mpd: [L-1]   MP SHORTSEQ
Apr  3 12:49:10 Best mpd: [L-1]   ENDPOINTDISC [802.1] 00 0d 88 6d 3a d9
Apr  3 12:49:11 Best mpd: [L-1] LCP: rec'd Configure Request #5 (Req-Sent)
Apr  3 12:49:11 Best mpd: [L-1]   MRU 1400
Apr  3 12:49:11 Best mpd: [L-1]   MAGICNUM 7746259f
Apr  3 12:49:11 Best mpd: [L-1]   PROTOCOMP
Apr  3 12:49:11 Best mpd: [L-1]   ACFCOMP
Apr  3 12:49:11 Best mpd: [L-1]   CALLBACK 6
Apr  3 12:49:11 Best mpd: [L-1] LCP: not converging
Apr  3 12:49:11 Best mpd: [L-1] LCP: parameter negotiation failed
Apr  3 12:49:11 Best mpd: [L-1] LCP: state change Req-Sent --> Stopped
Apr  3 12:49:11 Best mpd: [L-1] LCP: LayerFinish
Apr  3 12:49:11 Best mpd: [L-1] PPTP call terminated
Apr  3 12:49:11 Best mpd: [L-1] Link: DOWN event
Apr  3 12:49:11 Best mpd: [L-1] LCP: Close event
Apr  3 12:49:11 Best mpd: [L-1] LCP: state change Stopped --> Closed
Apr  3 12:49:11 Best mpd: [L-1] LCP: Down event
Apr  3 12:49:11 Best mpd: [L-1] LCP: state change Closed --> Initial
Apr  3 12:49:11 Best mpd: [L-1] Link: SHUTDOWN event
Apr  3 12:49:11 Best mpd: [L-1] Link: Shutdown
Apr  3 12:50:00 Best /usr/sbin/cron[1602]: (root) CMD (/usr/libexec/atrun)
Apr  3 12:50:06 Best sshd[1597]: error: PAM: authentication error for frost from                                                                              192.168.10.110
Apr  3 12:50:06 Best kernel: Apr  3 12:50:06 Best sshd[1597]: error: PAM: authen                                                                             tication error for frost from 192.168.10.110
Apr  3 12:50:08 Best sshd[1597]: Accepted keyboard-interactive/pam for frost fro                                                                             m 192.168.10.110 port 4308 ssh2
Apr  3 12:50:12 Best su: frost to root on /dev/pts/0
Apr  3 12:50:12 Best kernel: Apr  3 12:50:12 Best su: frost to root on /dev/pts/                                                                             0

[frost17]

Вот ipconfig компа из локалки. DHCP не включен это нормально?

Код: Выделить всё

 DNS-суффикс этого подключения . . :
 Описание  . . . . . . . . . . . . : WAN (PPP/SLIP) Interface
 Физический адрес. . . . . . . . . : 00-53-45-00-00-00
 Dhcp включен. . . . . . . . . . . : нет
 IP-адрес  . . . . . . . . . . . . : 192.168.10.50
 Маска подсети . . . . . . . . . . : 255.255.255.255
 Основной шлюз . . . . . . . . . . :
 DNS-серверы . . . . . . . . . . . : 192.168.10.5

[frost17]

Короче все заработало вот с такими настройками.

Код: Выделить всё

${fw} add allow all from any to any 1723
${fw} add allow all from any 1723 to any
${fw} add allow gre from any to any
${fw} add allow tcp from any to any via ng
${fw} add allow udp from any to any via ng
${fw} add allow ip from $vpn to any via ng
${fw} add allow ip from any to $vpn via ng

Но выдает маску 32 битную, и РДП не работает.