FreeBSD 8 mpd5 pptp

[Niki]

OS FreeBSD 8
MPD 5.3

Структура сети:

LAN1 -> FreeBSD(PF)router->Internet->ADSL(bridge)- FreeBSD(PF, MPD Server ) -> LAN2

Пытаюсь подключиться из LAN1 к LAN2

Конфиг MPD
Код:

Код: Выделить всё

startup:
        # configure mpd users
        set user user password admin
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open

default:
        load pppoe_client
        load pptp_server

pppoe_client:

        create bundle static avangard
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
        set iface enable tcpmssfix

        create link static L1_avangard pppoe
        set link action bundle avangard
        set auth authname ptn
        set auth password ptn
        set link max-redial 0
        set link mtu 1460
        set link disable chap pap
        set link accept pap
        set link keep-alive 10 60
        set pppoe iface xl0
        set pppoe service ""
        open


pptp_server:
        set ippool add pool1 192.168.4.200 192.168.4.220
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 91.122.53.xxx/32 ippool pool1
        set ipcp dns 192.168.4.5
        set ipcp nbns 192.168.4.5
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
        create link template L pptp
        set link action bundle B
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 91.122.53.xxx
        set link enable incoming

tcpdump на стороне клиента(из LAN1):
Код:

Код: Выделить всё

ns# tcpdump -enttti pflog0 proto gre
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
00:00:00.000000 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 0, proto PPP (0x880b), length 54: [|ppp]
00:00:00.031557 rule 5/0(match): pass in on em1: 192.168.1.31 > 91.122.53.xxx: GREv1, call 37791, seq 0, proto PPP (0x880b), length 37: [|ppp]
00:00:01.965972 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 1, proto PPP (0x880b), length 54: [|ppp]
00:00:00.032592 rule 5/0(match): pass in on em1: 192.168.1.31 > 91.122.53.xxx: GREv1, call 37791, seq 1, proto PPP (0x880b), length 37: [|ppp]
00:00:02.055508 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 2, proto PPP (0x880b), length 54: [|ppp]

на стороне сервера:
Код:

Код: Выделить всё

[root@guardian /usr/home/Blackie]# tcpdump -enttti pflog0 proto gre
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
00:00:00.000000 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 0, proto PPP (0x880b), length 54: [|ppp]
00:00:02.000590 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 1, proto PPP (0x880b), length 54: [|ppp]
00:00:02.000955 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 2, proto PPP (0x880b), length 54: [|ppp]
00:00:02.001032 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 3, proto PPP (0x880b), length 54: [|ppp]

лог mpd
Код:

Код: Выделить всё

Oct  6 11:12:01 guardian mpd: [L-2] Accepting PPTP connection
Oct  6 11:12:01 guardian mpd: [L-2] Link: OPEN event
Oct  6 11:12:01 guardian mpd: [L-2] LCP: Open event
Oct  6 11:12:01 guardian mpd: [L-2] LCP: state change Initial --> Starting
Oct  6 11:12:01 guardian mpd: [L-2] LCP: LayerStart
Oct  6 11:12:01 guardian mpd: [L-2] PPTP: attaching to peer's outgoing call
Oct  6 11:12:01 guardian mpd: [L-2] Link: UP event
Oct  6 11:12:01 guardian mpd: [L-2] LCP: Up event
Oct  6 11:12:01 guardian mpd: [L-2] LCP: state change Starting --> Req-Sent
Oct  6 11:12:01 guardian mpd: [L-2] LCP: SendConfigReq #1
Oct  6 11:12:01 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:01 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:01 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:01 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:01 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:01 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:01 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:01 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:03 guardian mpd: [L-2] LCP: SendConfigReq #2
Oct  6 11:12:03 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:03 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:03 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:03 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:03 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:03 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:03 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:03 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:05 guardian mpd: [L-2] LCP: SendConfigReq #3
Oct  6 11:12:05 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:05 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:05 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:05 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:05 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:05 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:05 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:05 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:07 guardian mpd: [L-2] LCP: SendConfigReq #4
Oct  6 11:12:07 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:07 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:07 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:07 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:07 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:07 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:07 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:07 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:09 guardian mpd: [L-2] LCP: SendConfigReq #5
Oct  6 11:12:09 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:09 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:09 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:09 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:09 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:09 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:09 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:09 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:11 guardian mpd: [L-2] LCP: SendConfigReq #6
Oct  6 11:12:11 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:11 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:11 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:11 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:11 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:11 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:11 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:11 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:13 guardian mpd: [L-2] LCP: SendConfigReq #7
Oct  6 11:12:13 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:13 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:13 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:13 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:13 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:13 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:13 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:13 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:15 guardian mpd: [L-2] LCP: SendConfigReq #8
Oct  6 11:12:15 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:15 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:15 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:15 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:15 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:15 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:15 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:15 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:17 guardian mpd: [L-2] LCP: SendConfigReq #9
Oct  6 11:12:17 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:17 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:17 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:17 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:17 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:17 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:17 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:17 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:19 guardian mpd: [L-2] LCP: SendConfigReq #10
Oct  6 11:12:19 guardian mpd: [L-2]   ACFCOMP
Oct  6 11:12:19 guardian mpd: [L-2]   PROTOCOMP
Oct  6 11:12:19 guardian mpd: [L-2]   MRU 1500
Oct  6 11:12:19 guardian mpd: [L-2]   MAGICNUM cbf3f66c
Oct  6 11:12:19 guardian mpd: [L-2]   AUTHPROTO CHAP MSOFTv2
Oct  6 11:12:19 guardian mpd: [L-2]   MP MRRU 2048
Oct  6 11:12:19 guardian mpd: [L-2]   MP SHORTSEQ
Oct  6 11:12:19 guardian mpd: [L-2]   ENDPOINTDISC [802.1] 00 0a 5e 49 5a 1d
Oct  6 11:12:21 guardian mpd: [L-2] LCP: parameter negotiation failed
Oct  6 11:12:21 guardian mpd: [L-2] LCP: state change Req-Sent --> Stopped
Oct  6 11:12:21 guardian mpd: [L-2] LCP: LayerFinish
Oct  6 11:12:21 guardian mpd: [L-2] PPTP call terminated
Oct  6 11:12:21 guardian mpd: [L-2] Link: DOWN event
Oct  6 11:12:21 guardian mpd: [L-2] LCP: Close event
Oct  6 11:12:21 guardian mpd: [L-2] LCP: state change Stopped --> Closed
Oct  6 11:12:21 guardian mpd: [L-2] LCP: Down event
Oct  6 11:12:21 guardian mpd: [L-2] LCP: state change Closed --> Initial
Oct  6 11:12:21 guardian mpd: [L-2] Link: SHUTDOWN event
Oct  6 11:12:21 guardian mpd: [L-2] Link: Shutdown

При этом если настраиваю MPD на прослушивание на внутреннем интерфейсе LAN2 то и из LAN2 (внутри локалки) полключение удается.

Посчему не удается создать подключение? Может неверно выставлены алгоритмы шифрования? Что еще может не нравиться mpd?

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[Гость]

gre не проходит
уже мульен раз на форуме обсуждали
вы даже не потрудились поискать
вечно считаете что ваши проблемы уникальны

[Niki]

После отключения PF подключится удалось, видимо проблема действительно в GRE. Не совсем понятно что делать если PF действительно нужен, м.б. использовать совместно с ipfw, и пропускать gre через него
http://www.opennet.ru/tips/info/2245.shtml

gre не проходит
уже мульен раз на форуме обсуждали
вы даже не потрудились поискать
вечно считаете что ваши проблемы уникальны

форум читал, только непонятно что тогда означает вывод tcpdump

tcpdump на стороне клиента(из LAN1):
Код:

Код: Выделить всё • Развернуть

ns# tcpdump -enttti pflog0 proto gre
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
00:00:00.000000 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 0, proto PPP (0x880b), length 54: [|ppp]
00:00:00.031557 rule 5/0(match): pass in on em1: 192.168.1.31 > 91.122.53.xxx: GREv1, call 37791, seq 0, proto PPP (0x880b), length 37: [|ppp]
00:00:01.965972 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 1, proto PPP (0x880b), length 54: [|ppp]
00:00:00.032592 rule 5/0(match): pass in on em1: 192.168.1.31 > 91.122.53.xxx: GREv1, call 37791, seq 1, proto PPP (0x880b), length 37: [|ppp]
00:00:02.055508 rule 5/0(match): pass in on em3: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 0, seq 2, proto PPP (0x880b), length 54: [|ppp]



на стороне сервера:
Код:

Код: Выделить всё • Развернуть

[root@guardian /usr/home/Blackie]# tcpdump -enttti pflog0 proto gre
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
00:00:00.000000 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 0, proto PPP (0x880b), length 54: [|ppp]
00:00:02.000590 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 1, proto PPP (0x880b), length 54: [|ppp]
00:00:02.000955 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 2, proto PPP (0x880b), length 54: [|ppp]
00:00:02.001032 rule 121/0(match): pass out on ng0: 91.122.53.xxx > 81.23.121.yyy: GREv1, call 49152, seq 3, proto PPP (0x880b), length 54: [|ppp]

судя по нему gre ходлит, или я ошибаюсь?