freebsd + mpd5 + radius

Настройка сетевых служб, маршрутизации, фаерволлов. Проблемы с сетевым оборудованием.
Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Ответить
logles
рядовой
Сообщения: 24
Зарегистрирован: 2008-12-24 20:36:31

freebsd + mpd5 + radius

Непрочитанное сообщение logles » 2010-11-12 14:46:52

Здравствуйте, господа.
На днях нужно было сделать дополнительный впн сервер к уже давно существующему радиусу (идет с биллингом)
Биллинг с радиусом и впн сервер находятся на разных машинах
mpd.conf

Код: Выделить всё

startup:
        # configure the console
        set console self 127.0.0.1 510
        set console disable logging
        set console open
        set user mpd mpd admin

        # configure the web server
        set web self 127.0.0.1 8080
        set web disable auth
        set web open

        # configure netflow
        set netflow node netflow
        set netflow hook 2
        log +PHYS2

default:
        set ippool add pool1 192.168.1.2 192.168.1.254

        create bundle template b
        set bundle no compression encryption
        set iface idle 10800
        set iface enable tcpmssfix
        set iface enable netflow-in
        set iface up-script /usr/local/libexec/mpd/upiface.sh
#       set iface down-script /usr/local/libexec/mpd/downiface.sh
        set ipcp ranges 192.168.1.1/32 ippool pool1
        set ipcp no vjcomp
        set ipcp dns 192.168.1.1

        create link template l pptp
        set link action bundle b
        set link max-children 2000
        #set pptp self 1.2.3.4
        set link no acfcomp protocomp multilink pap chap-msv1 chap-msv2 eap
        set link yes chap-md5
        set link mtu 1460
        set link mru 1460
        set link keep-alive 30 180
        set link enable incoming peer-as-calling
        set radius retries 2
        set radius timeout 10
        set radius server _ip_radius_ passrad 1812 1813
        set radius me le0
        set auth enable radius-auth radius-acct
        set auth disable internal
        set auth acct-update 600
При подключении соединение рвется через 3-4 секунды. Вот лог:

Код: Выделить всё

Nov 12 13:23:11  mpd: Multi-link PPP daemon for FreeBSD
Nov 12 13:23:11  mpd:
Nov 12 13:23:11  mpd: process 992 started, version 5.3 (root@ 19:49 11-Nov-2010)
Nov 12 13:23:11  mpd: CONSOLE: listening on 127.0.0.1 510
Nov 12 13:23:11  mpd: web: listening on 127.0.0.1 8080
Nov 12 13:23:11  mpd: PPTP: waiting for connection on 0.0.0.0 1723
Nov 12 13:23:56  mpd: PPTP: Incoming control connection from 10.0.0.1 1191 to 192.168.1.1 1723
Nov 12 13:23:56  mpd: pptp0: attached to connection with 10.0.0.1 1191
Nov 12 13:23:56  mpd: [l-1] Accepting PPTP connection
Nov 12 13:23:56  mpd: [l-1] Link: OPEN event
Nov 12 13:23:56  mpd: [l-1] LCP: Open event
Nov 12 13:23:56  mpd: [l-1] LCP: state change Initial --> Starting
Nov 12 13:23:56  mpd: [l-1] LCP: LayerStart
Nov 12 13:23:56  mpd: [l-1] device: OPEN event
Nov 12 13:23:56  mpd: [l-1] PPTP: attaching to peer's outgoing call
Nov 12 13:23:56  mpd: [l-1] device: UP event
Nov 12 13:23:56  mpd: [l-1] Link: UP event
Nov 12 13:23:56  mpd: [l-1] Link: origination is remote
Nov 12 13:23:56  mpd: [l-1] LCP: Up event
Nov 12 13:23:56  mpd: [l-1] LCP: state change Starting --> Req-Sent
Nov 12 13:23:56  mpd: [l-1] LCP: SendConfigReq #1
Nov 12 13:23:56  mpd: [l-1]   MRU 1460
Nov 12 13:23:56  mpd: [l-1]   MAGICNUM 9ba19e40
Nov 12 13:23:56  mpd: [l-1]   AUTHPROTO CHAP MD5
Nov 12 13:23:56  mpd: [l-1] LCP: rec'd Configure Request #0 (Req-Sent)
Nov 12 13:23:56  mpd: [l-1]   MRU 1400
Nov 12 13:23:56  mpd: [l-1]   MAGICNUM 31a4546a
Nov 12 13:23:56  mpd: [l-1]   PROTOCOMP
Nov 12 13:23:56  mpd: [l-1]   ACFCOMP
Nov 12 13:23:56  mpd: [l-1]   CALLBACK 6
Nov 12 13:23:56  mpd: [l-1] LCP: SendConfigRej #0
Nov 12 13:23:56  mpd: [l-1]   PROTOCOMP
Nov 12 13:23:56  mpd: [l-1]   ACFCOMP
Nov 12 13:23:56  mpd: [l-1]   CALLBACK 6
Nov 12 13:23:56  mpd: [l-1] LCP: rec'd Configure Request #1 (Req-Sent)
Nov 12 13:23:56  mpd: [l-1]   MRU 1400
Nov 12 13:23:56  mpd: [l-1]   MAGICNUM 31a4546a
Nov 12 13:23:56  mpd: [l-1] LCP: SendConfigAck #1
Nov 12 13:23:56  mpd: [l-1]   MRU 1400
Nov 12 13:23:56  mpd: [l-1]   MAGICNUM 31a4546a
Nov 12 13:23:56  mpd: [l-1] LCP: state change Req-Sent --> Ack-Sent
Nov 12 13:23:58  mpd: [l-1] LCP: SendConfigReq #2
Nov 12 13:23:58  mpd: [l-1]   MRU 1460
Nov 12 13:23:58  mpd: [l-1]   MAGICNUM 9ba19e40
Nov 12 13:23:58  mpd: [l-1]   AUTHPROTO CHAP MD5
Nov 12 13:23:58  mpd: [l-1] LCP: rec'd Configure Ack #2 (Ack-Sent)
Nov 12 13:23:58  mpd: [l-1]   MRU 1460
Nov 12 13:23:58  mpd: [l-1]   MAGICNUM 9ba19e40
Nov 12 13:23:58  mpd: [l-1]   AUTHPROTO CHAP MD5
Nov 12 13:23:58  mpd: [l-1] LCP: state change Ack-Sent --> Opened
Nov 12 13:23:58  mpd: [l-1] LCP: auth: peer wants nothing, I want CHAP
Nov 12 13:23:58  mpd: [l-1] CHAP: sending CHALLENGE #1 len: 33
Nov 12 13:23:58  mpd: [l-1] LCP: LayerUp
Nov 12 13:23:58  mpd: [l-1] LCP: rec'd Ident #2 (Opened)
Nov 12 13:23:58  mpd: [l-1]   MESG: MSRASV5.10
Nov 12 13:23:58  mpd: [l-1] LCP: rec'd Ident #3 (Opened)
Nov 12 13:23:58  mpd: [l-1]   MESG: MSRAS-0-TEST
Nov 12 13:23:58  mpd: [l-1] CHAP: rec'd RESPONSE #1 len: 32
Nov 12 13:23:58  mpd: [l-1]   Name: "test"
Nov 12 13:23:58  mpd: [l-1] AUTH: Trying RADIUS
Nov 12 13:23:58  mpd: [l-1] RADIUS: Authenticating user 'test'
Nov 12 13:23:58  mpd: [l-1] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'test'
Nov 12 13:23:58  mpd: [l-1] AUTH: RADIUS returned: authenticated
Nov 12 13:23:58  mpd: [l-1] CHAP: Auth return status: authenticated
Nov 12 13:23:58  mpd: [l-1] CHAP: Reply message: Welcome
Nov 12 13:23:58  mpd: [l-1] CHAP: sending SUCCESS #1 len: 11
Nov 12 13:23:58  mpd: [l-1] LCP: authorization successful
Nov 12 13:23:58  mpd: [l-1] Link: Matched action 'bundle "b" ""'
Nov 12 13:23:58  mpd: [l-1] Creating new bundle using template "b".
Nov 12 13:23:58  mpd: [b-1] Bundle: Interface ng0 created
Nov 12 13:23:58  mpd: [l-1] Link: Join bundle "b-1"
Nov 12 13:23:58  mpd: [b-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
Nov 12 13:23:58  mpd: [b-1] IPCP: Open event
Nov 12 13:23:58  mpd: [b-1] IPCP: state change Initial --> Starting
Nov 12 13:23:58  mpd: [b-1] IPCP: LayerStart
Nov 12 13:23:58  mpd: [b-1] IPCP: Up event
Nov 12 13:23:58  mpd: [b-1] IPCP: state change Starting --> Req-Sent
Nov 12 13:23:58  mpd: [b-1] IPCP: SendConfigReq #1
Nov 12 13:23:58  mpd: [b-1]   IPADDR 192.168.1.1
Nov 12 13:23:58  mpd: [l-1] rec'd unexpected protocol CCP, rejecting
Nov 12 13:23:58  mpd: [b-1] IPCP: rec'd Configure Request #5 (Req-Sent)
Nov 12 13:23:58  mpd: [b-1]   IPADDR 0.0.0.0
Nov 12 13:23:58  mpd: [b-1]     NAKing with 192.168.1.60
Nov 12 13:23:58  mpd: [b-1]   PRIDNS 0.0.0.0
Nov 12 13:23:58  mpd: [b-1]     NAKing with 192.168.1.1
Nov 12 13:23:58  mpd: [b-1]   PRINBNS 0.0.0.0
Nov 12 13:23:58  mpd: [b-1] IPCP: SendConfigRej #5
Nov 12 13:23:58  mpd: [b-1]   PRINBNS 0.0.0.0
Nov 12 13:23:58  mpd: [b-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
Nov 12 13:23:58  mpd: [b-1]   IPADDR 192.168.1.1
Nov 12 13:23:58  mpd: [b-1] IPCP: state change Req-Sent --> Ack-Rcvd
Nov 12 13:23:58  mpd: [l-1] RADIUS: Accounting user 'test' (Type: 1)
Nov 12 13:23:58  mpd: [l-1] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'test'
Nov 12 13:23:58  mpd: [b-1] IPCP: rec'd Configure Request #6 (Ack-Rcvd)
Nov 12 13:23:58  mpd: [b-1]   IPADDR 0.0.0.0
Nov 12 13:23:58  mpd: [b-1]     NAKing with 192.168.1.60
Nov 12 13:23:58  mpd: [b-1]   PRIDNS 0.0.0.0
Nov 12 13:23:58  mpd: [b-1]     NAKing with 192.168.1.1
Nov 12 13:23:58  mpd: [b-1] IPCP: SendConfigNak #6
Nov 12 13:23:58  mpd: [b-1]   IPADDR 192.168.1.60
Nov 12 13:23:58  mpd: [b-1]   PRIDNS 192.168.1.1
Nov 12 13:23:58  mpd: [b-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Nov 12 13:23:58  mpd: [b-1]   IPADDR 192.168.1.60
Nov 12 13:23:58  mpd: [b-1]     192.168.1.60 is OK
Nov 12 13:23:58  mpd: [b-1]   PRIDNS 192.168.1.1
Nov 12 13:23:58  mpd: [b-1] IPCP: SendConfigAck #7
Nov 12 13:23:58  mpd: [b-1]   IPADDR 192.168.1.60
Nov 12 13:23:58  mpd: [b-1]   PRIDNS 192.168.1.1
Nov 12 13:23:58  mpd: [b-1] IPCP: state change Ack-Rcvd --> Opened
Nov 12 13:23:58  mpd: [b-1] IPCP: LayerUp
Nov 12 13:23:58  mpd: [b-1]   192.168.1.1 -> 192.168.1.60
[b]Nov 12 13:23:58  mpd: [b-1] can't connect "[11]:"->"inet" and "[0]:"->"iface2": No such file or directory[/b]
Nov 12 13:23:58  mpd: [b-1] IFACE: IfaceNgIpInit() error, closing IPCP
Nov 12 13:23:58  mpd: [b-1] IPCP: parameter negotiation failed
Nov 12 13:23:58  mpd: [b-1] IPCP: state change Opened --> Stopping
Nov 12 13:23:58  mpd: [b-1] IPCP: SendTerminateReq #2
Nov 12 13:23:58  mpd: [b-1] IPCP: LayerDown
[b]Nov 12 13:23:58  mpd: [b-1] IFACE: Removing IPv4 address from ng0 failed: Can't assign requested address
Nov 12 13:23:59  mpd: [l-1] rec'd unexpected protocol IP[/b]
Nov 12 13:23:59  mpd: last message repeated 2 times
Nov 12 13:23:59  mpd: [b-1] IPCP: rec'd Terminate Ack #2 (Stopping)
Nov 12 13:23:59  mpd: [b-1] IPCP: state change Stopping --> Stopped
Nov 12 13:23:59  mpd: [b-1] IPCP: LayerFinish
Nov 12 13:23:59  mpd: [b-1] Bundle: No NCPs left. Closing links...
Nov 12 13:23:59  mpd: [b-1] Bundle: closing link "l-1"...
Nov 12 13:23:59  mpd: [l-1] rec'd unexpected protocol IP
Nov 12 13:23:59  mpd: [l-1] Link: CLOSE event
Nov 12 13:23:59  mpd: [l-1] LCP: Close event
Nov 12 13:23:59  mpd: [l-1] LCP: state change Opened --> Closing
Nov 12 13:23:59  mpd: [l-1] Link: Leave bundle "b-1"
Nov 12 13:23:59  mpd: [l-1] RADIUS: Accounting user 'test' (Type: 2)
Nov 12 13:23:59  mpd: [b-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
Nov 12 13:23:59  mpd: [b-1] IPCP: Close event
Nov 12 13:23:59  mpd: [b-1] IPCP: state change Stopped --> Closed
Nov 12 13:23:59  mpd: [b-1] IPCP: Down event
Nov 12 13:23:59  mpd: [b-1] IPCP: state change Closed --> Initial
Nov 12 13:23:59  mpd: [b-1] Bundle: Shutdown
Nov 12 13:23:59  mpd: [l-1] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'test'
Nov 12 13:23:59  mpd: [l-1] LCP: SendTerminateReq #3
Nov 12 13:23:59  mpd: [l-1] LCP: LayerDown
Nov 12 13:23:59  mpd: pptp0-0: call cleared by peer
Nov 12 13:23:59  mpd: pptp0-0: killing channel
Nov 12 13:23:59  mpd: [l-1] PPTP call terminated
Nov 12 13:23:59  mpd: [l-1] device: DOWN event
Nov 12 13:23:59  mpd: [l-1] Link: DOWN event
Nov 12 13:23:59  mpd: [l-1] LCP: Down event
Nov 12 13:23:59  mpd: [l-1] LCP: LayerFinish
Nov 12 13:23:59  mpd: [l-1] LCP: state change Closing --> Initial
Nov 12 13:23:59  mpd: [l-1] device: CLOSE event
Nov 12 13:23:59  mpd: pptp0: got StopCtrlConnRequest: reason=none
Nov 12 13:23:59  mpd: pptp0: killing connection with 10.0.0.1 1191
Nov 12 13:23:59  mpd: [l-1] Link: SHUTDOWN event
Nov 12 13:23:59  mpd: [l-1] Link: Shutdown

Код: Выделить всё

# ifconfig
le0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:0c:29:64:4a:23
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect
        status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
Собственно, настораживают выделенные строки. Гугл так мне и не помог.
Слышал, что нужно как-то генерировать интерфейсы для mpd4.
Может кто поможет?
Вернуться к началу
Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/
Вернуться к началу
Аватара пользователя
schizoid
подполковник
Сообщения: 3228
Зарегистрирован: 2007-03-03 17:32:31
Откуда: Украина, Чернигов
Контактная информация:
Контактная информация пользователя schizoid

Re: freebsd + mpd5 + radius

Непрочитанное сообщение schizoid » 2010-11-16 11:25:42

Код: Выделить всё

kldload ng_iface
или

Код: Выделить всё

kldload ng_ether
?
ядерный взрыв...смертельно красиво...жаль, что не вечно...
Вернуться к началу
logles
рядовой
Сообщения: 24
Зарегистрирован: 2008-12-24 20:36:31

Re: freebsd + mpd5 + radius

Непрочитанное сообщение logles » 2010-11-30 23:02:32

Код: Выделить всё

# kldload ng_iface
kldload: can't load ng_iface: File exists
# kldload ng_ether
kldload: can't load ng_ether: File exists
Вернуться к началу
logles
рядовой
Сообщения: 24
Зарегистрирован: 2008-12-24 20:36:31

Re: freebsd + mpd5 + radius

Непрочитанное сообщение logles » 2010-12-16 2:35:29

в общем, разобрался. обновил до 8.1-релайз и поставил в mpd.conf

Код: Выделить всё

set iface enable proxy-arp
Вернуться к началу