Про mpd уже жевано пережевано, но все равно приходится обращаться за помощью.
Задача: удаленная работа пользователей из дома в локальной сети офиса. Раньше на FreeBSD 6.0 с этим прекрасно справлялся poptop, дешево и сердито. Но вот после установки FreeBSD 8.0 и установке отлично показавшего poptop выяснилось, что удаленные пользователи подключаются к серверу нормально, но вот дальше дело не шло- пингов внутрь локалки не было, интернет не работал.
Как-то закралось сомнение в поддержке новым ядром устройства pseudo-device ppp. Посморел в ядре, да, этого устройства не было, допсал в ядро. начал собирать и сразу вывалилась ошибка синтаксиса в строке с дописанным устройством. Как я его не переписывал, пробовал по разному, ошибка оставалась.
Плюнул. Установил FreeBSD 8.0 и MPD5.4. Все сразу подключилось, но! Выход в локалку так и не появился, но интернет у удаленных юзеров через рабочий сервер заработал. В логах ошибка:
Код: Выделить всё
system: command "/usr/sbin/arp" returned 256
Уже замучился ей Богу.
Помогите плиз.
Выкладываю конфиги:
mpd.conf
Код: Выделить всё
default:
load pptp0
load pptp1
load pptp2
load pptp3
load pptp4
#--- skip ---#
#
pptp0:
new -i ng0 pptp0 pptp0
load pptp_all
#
pptp1:
new -i ng1 pptp1 pptp1
load pptp_all
#
pptp2:
new -i ng2 pptp2 pptp2
load pptp_all
#
pptp3:
new -i ng3 pptp3 pptp3
load pptp_all
#
pptp4:
new -i ng4 pptp4 pptp4
load pptp_all
#--- skip ---#
#
pptp_all:
set ipcp ranges 192.168.0.110/32 192.168.0.130/32
set iface disable on-demand
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link mtu 1490
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp dns 192.168.0.4 193.111.8.193
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set bundle enable compression
set ccp yes mpp-stateless
set bundle yes crypt-reqd
set pptp enable incoming
set pptp disable originate
set iface enable tcpmssfix
set auth acct-update 300
Код: Выделить всё
pptp0:
set link type pptp
set pptp disable delayed-ack
set pptp disable windowing
pptp1:
set link type pptp
set pptp disable delayed-ack
set pptp disable windowing
pptp2:
set link type pptp
set pptp disable delayed-ack
set pptp disable windowing
pptp3:
set link type pptp
set pptp disable delayed-ack
set pptp disable windowing
pptp4:
set link type pptp
set pptp disable delayed-ack
set pptp disable windowing
Код: Выделить всё
/usr/local/etc/rc.d/>./mpd4 start
Код: Выделить всё
Mar 13 20:58:26 mail mpd: Multi-link PPP daemon for FreeBSD
Mar 13 20:58:26 mail mpd:
Mar 13 20:58:26 mail mpd: process 6040 started, version 4.4.1 (root@mail.firma.net.ua 17:59 13-Mar-2010)
Mar 13 20:58:26 mail mpd: Label 'startup' not found
Mar 13 20:58:26 mail mpd: [pptp0] using interface ng0
Mar 13 20:58:26 mail mpd: PPTP: waiting for connection on 0.0.0.0
Mar 13 20:58:26 mail mpd: [pptp1] using interface ng1
Mar 13 20:58:26 mail mpd: PPTP: waiting for connection on 0.0.0.0
Mar 13 20:58:26 mail mpd: [pptp2] using interface ng2
Mar 13 20:58:26 mail mpd: PPTP: waiting for connection on 0.0.0.0
Mar 13 20:58:26 mail mpd: [pptp3] using interface ng3
Mar 13 20:58:26 mail mpd: PPTP: waiting for connection on 0.0.0.0
Mar 13 20:58:26 mail mpd: [pptp4] using interface ng4
Mar 13 20:58:26 mail mpd: PPTP: waiting for connection on 0.0.0.0
Код: Выделить всё
Mar 13 21:08:47 mail mpd: PPTP: Incoming control connection from 195.69.87.222 63928 to 193.111.8.3 1723
Mar 13 21:08:47 mail mpd: pptp0: attached to connection with 195.69.87.222 63928
Mar 13 21:08:47 mail mpd: [pptp0] Accepting PPTP connection
Mar 13 21:08:47 mail mpd: [pptp0] opening link "pptp0"...
Mar 13 21:08:47 mail mpd: [pptp0] link: OPEN event
Mar 13 21:08:47 mail mpd: [pptp0] LCP: Open event
Mar 13 21:08:47 mail mpd: [pptp0] LCP: state change Initial --> Starting
Mar 13 21:08:47 mail mpd: [pptp0] LCP: LayerStart
Mar 13 21:08:47 mail mpd: [pptp0] PPTP: attaching to peer's outgoing call
Mar 13 21:08:47 mail mpd: [pptp0] link: UP event
Mar 13 21:08:47 mail mpd: [pptp0] link: origination is remote
Mar 13 21:08:47 mail mpd: [pptp0] LCP: Up event
Mar 13 21:08:47 mail mpd: [pptp0] LCP: state change Starting --> Req-Sent
Mar 13 21:08:47 mail mpd: [pptp0] LCP: SendConfigReq #1
Mar 13 21:08:47 mail mpd: ACFCOMP
Mar 13 21:08:47 mail mpd: PROTOCOMP
Mar 13 21:08:47 mail mpd: MRU 1500
Mar 13 21:08:47 mail mpd: MAGICNUM 44fdae40
Mar 13 21:08:47 mail mpd: AUTHPROTO CHAP MSOFTv2
Mar 13 21:08:47 mail mpd: MP MRRU 1600
Mar 13 21:08:47 mail mpd: MP SHORTSEQ
Mar 13 21:08:47 mail mpd: ENDPOINTDISC [802.1] 00 c0 26 2e 99 55
Mar 13 21:08:47 mail mpd: [pptp0] LCP: rec'd Configure Request #0 (Req-Sent)
Mar 13 21:08:47 mail mpd: MRU 1400
Mar 13 21:08:47 mail mpd: MAGICNUM 77c83fbb
Mar 13 21:08:47 mail mpd: PROTOCOMP
Mar 13 21:08:47 mail mpd: ACFCOMP
Mar 13 21:08:47 mail mpd: CALLBACK 6
Mar 13 21:08:47 mail mpd: [pptp0] LCP: SendConfigRej #0
Mar 13 21:08:47 mail mpd: CALLBACK 6
Mar 13 21:08:47 mail mpd: [pptp0] LCP: rec'd Configure Request #1 (Req-Sent)
Mar 13 21:08:47 mail mpd: MRU 1400
Mar 13 21:08:47 mail mpd: MAGICNUM 77c83fbb
Mar 13 21:08:47 mail mpd: PROTOCOMP
Mar 13 21:08:47 mail mpd: ACFCOMP
Mar 13 21:08:47 mail mpd: [pptp0] LCP: SendConfigAck #1
Mar 13 21:08:47 mail mpd: MRU 1400
Mar 13 21:08:47 mail mpd: MAGICNUM 77c83fbb
Mar 13 21:08:47 mail mpd: PROTOCOMP
Mar 13 21:08:47 mail mpd: ACFCOMP
Mar 13 21:08:47 mail mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent
Mar 13 21:08:49 mail mpd: [pptp0] LCP: SendConfigReq #2
Mar 13 21:08:49 mail mpd: ACFCOMP
Mar 13 21:08:49 mail mpd: PROTOCOMP
Mar 13 21:08:49 mail mpd: MRU 1500
Mar 13 21:08:49 mail mpd: MAGICNUM 44fdae40
Mar 13 21:08:49 mail mpd: AUTHPROTO CHAP MSOFTv2
Mar 13 21:08:49 mail mpd: MP MRRU 1600
Mar 13 21:08:49 mail mpd: MP SHORTSEQ
Mar 13 21:08:49 mail mpd: ENDPOINTDISC [802.1] 00 c0 26 2e 99 55
Mar 13 21:08:49 mail mpd: [pptp0] LCP: rec'd Configure Reject #2 (Ack-Sent)
Mar 13 21:08:49 mail mpd: MP MRRU 1600
Mar 13 21:08:49 mail mpd: MP SHORTSEQ
Mar 13 21:08:49 mail mpd: ENDPOINTDISC [802.1] 00 c0 26 2e 99 55
Mar 13 21:08:49 mail mpd: [pptp0] LCP: SendConfigReq #3
Mar 13 21:08:49 mail mpd: ACFCOMP
Mar 13 21:08:49 mail mpd: PROTOCOMP
Mar 13 21:08:49 mail mpd: MRU 1500
Mar 13 21:08:49 mail mpd: MAGICNUM 44fdae40
Mar 13 21:08:49 mail mpd: AUTHPROTO CHAP MSOFTv2
Mar 13 21:08:49 mail mpd: [pptp0] LCP: rec'd Configure Ack #3 (Ack-Sent)
Mar 13 21:08:49 mail mpd: ACFCOMP
Mar 13 21:08:49 mail mpd: PROTOCOMP
Mar 13 21:08:49 mail mpd: MRU 1500
Mar 13 21:08:49 mail mpd: MAGICNUM 44fdae40
Mar 13 21:08:49 mail mpd: AUTHPROTO CHAP MSOFTv2
Mar 13 21:08:49 mail mpd: [pptp0] LCP: state change Ack-Sent --> Opened
Mar 13 21:08:49 mail mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP
Mar 13 21:08:49 mail mpd: [pptp0] CHAP: sending CHALLENGE len:17
Mar 13 21:08:49 mail mpd: [pptp0] LCP: LayerUp
Mar 13 21:08:49 mail mpd: [pptp0] LCP: rec'd Ident #2 (Opened)
Mar 13 21:08:49 mail mpd: MESG: MSRASV5.10
Mar 13 21:08:49 mail mpd: [pptp0] LCP: rec'd Ident #3 (Opened)
Mar 13 21:08:49 mail mpd: MESG: MSRAS-0-OLYA
Mar 13 21:08:51 mail mpd: [pptp0] CHAP: sending CHALLENGE len:17
Mar 13 21:08:51 mail mpd: [pptp0] CHAP: rec'd RESPONSE #2
Mar 13 21:08:51 mail mpd: Name: "vovka"
Mar 13 21:08:51 mail mpd: [pptp0] AUTH: Auth-Thread started
Mar 13 21:08:51 mail mpd: [pptp0] AUTH: Trying INTERNAL
Mar 13 21:08:51 mail mpd: [pptp0] AUTH: INTERNAL returned undefined
Mar 13 21:08:51 mail mpd: [pptp0] AUTH: Auth-Thread finished normally
Mar 13 21:08:51 mail mpd: [pptp0] CHAP: ChapInputFinish: status undefined
Mar 13 21:08:51 mail mpd: Response is valid
Mar 13 21:08:51 mail mpd: Reply message: S=197E9C27134DE4F57C6DEC00CC3512E018932B51
Mar 13 21:08:51 mail mpd: [pptp0] CHAP: sending SUCCESS len:42
Mar 13 21:08:51 mail mpd: [pptp0] LCP: authorization successful
Mar 13 21:08:51 mail mpd: [pptp0] Bundle up: 1 link, total bandwidth 64000 bps
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: Open event
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: state change Initial --> Starting
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: LayerStart
Mar 13 21:08:51 mail mpd: [pptp0] CCP: Open event
Mar 13 21:08:51 mail mpd: [pptp0] CCP: state change Initial --> Starting
Mar 13 21:08:51 mail mpd: [pptp0] CCP: LayerStart
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: Up event
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: state change Starting --> Req-Sent
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: SendConfigReq #1
Mar 13 21:08:51 mail mpd: IPADDR 192.168.0.110
Mar 13 21:08:51 mail mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Mar 13 21:08:51 mail mpd: [pptp0] CCP: Up event
Mar 13 21:08:51 mail mpd: [pptp0] CCP: state change Starting --> Req-Sent
Mar 13 21:08:51 mail mpd: [pptp0] CCP: SendConfigReq #1
Mar 13 21:08:51 mail mpd: MPPC
Mar 13 21:08:51 mail mpd: 0x010000e0:MPPE(40, 56, 128 bits), stateless
Mar 13 21:08:51 mail mpd: [pptp0] CCP: rec'd Configure Request #4 (Req-Sent)
Mar 13 21:08:51 mail mpd: MPPC
Mar 13 21:08:51 mail mpd: 0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Mar 13 21:08:51 mail mpd: [pptp0] CCP: SendConfigNak #4
Mar 13 21:08:51 mail mpd: MPPC
Mar 13 21:08:51 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: rec'd Configure Request #5 (Req-Sent)
Mar 13 21:08:51 mail mpd: IPADDR 0.0.0.0
Mar 13 21:08:51 mail mpd: NAKing with 192.168.0.130
Mar 13 21:08:51 mail mpd: PRIDNS 0.0.0.0
Mar 13 21:08:51 mail mpd: NAKing with 192.168.0.4
Mar 13 21:08:51 mail mpd: PRINBNS 0.0.0.0
Mar 13 21:08:51 mail mpd: SECDNS 0.0.0.0
Mar 13 21:08:51 mail mpd: NAKing with 193.111.8.193
Mar 13 21:08:51 mail mpd: SECNBNS 0.0.0.0
Mar 13 21:08:51 mail mpd: [pptp0] IPCP: SendConfigRej #5
Mar 13 21:08:51 mail mpd: PRINBNS 0.0.0.0
Mar 13 21:08:51 mail mpd: SECNBNS 0.0.0.0
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: rec'd Configure Request #6 (Req-Sent)
Mar 13 21:08:53 mail mpd: IPADDR 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 192.168.0.130
Mar 13 21:08:53 mail mpd: PRIDNS 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 192.168.0.4
Mar 13 21:08:53 mail mpd: PRINBNS 0.0.0.0
Mar 13 21:08:53 mail mpd: SECDNS 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 193.111.8.193
Mar 13 21:08:53 mail mpd: SECNBNS 0.0.0.0
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: SendConfigRej #6
Mar 13 21:08:53 mail mpd: PRINBNS 0.0.0.0
Mar 13 21:08:53 mail mpd: SECNBNS 0.0.0.0
Mar 13 21:08:53 mail mpd: [pptp0] CCP: rec'd Configure Request #7 (Req-Sent)
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] CCP: SendConfigNak #7
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: rec'd Configure Request #8 (Req-Sent)
Mar 13 21:08:53 mail mpd: IPADDR 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 192.168.0.130
Mar 13 21:08:53 mail mpd: PRIDNS 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 192.168.0.4
Mar 13 21:08:53 mail mpd: SECDNS 0.0.0.0
Mar 13 21:08:53 mail mpd: NAKing with 193.111.8.193
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: SendConfigNak #8
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.130
Mar 13 21:08:53 mail mpd: PRIDNS 192.168.0.4
Mar 13 21:08:53 mail mpd: SECDNS 193.111.8.193
Mar 13 21:08:53 mail mpd: [pptp0] CCP: rec'd Configure Request #9 (Req-Sent)
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] CCP: SendConfigAck #9
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] CCP: state change Req-Sent --> Ack-Sent
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: rec'd Configure Request #10 (Req-Sent)
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.130
Mar 13 21:08:53 mail mpd: 192.168.0.130 is OK
Mar 13 21:08:53 mail mpd: PRIDNS 192.168.0.4
Mar 13 21:08:53 mail mpd: SECDNS 193.111.8.193
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: SendConfigAck #10
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.130
Mar 13 21:08:53 mail mpd: PRIDNS 192.168.0.4
Mar 13 21:08:53 mail mpd: SECDNS 193.111.8.193
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: state change Req-Sent --> Ack-Sent
Mar 13 21:08:53 mail mpd: [pptp0] CCP: SendConfigReq #2
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x010000e0:MPPE(40, 56, 128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: SendConfigReq #2
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.110
Mar 13 21:08:53 mail mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Mar 13 21:08:53 mail mpd: [pptp0] CCP: rec'd Configure Nak #2 (Ack-Sent)
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] CCP: SendConfigReq #3
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: rec'd Configure Reject #2 (Ack-Sent)
Mar 13 21:08:53 mail mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: SendConfigReq #3
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.110
Mar 13 21:08:53 mail mpd: [pptp0] CCP: rec'd Configure Ack #3 (Ack-Sent)
Mar 13 21:08:53 mail mpd: MPPC
Mar 13 21:08:53 mail mpd: 0x01000040:MPPE(128 bits), stateless
Mar 13 21:08:53 mail mpd: [pptp0] CCP: state change Ack-Sent --> Opened
Mar 13 21:08:53 mail mpd: [pptp0] CCP: LayerUp
Mar 13 21:08:53 mail mpd: Compress using: mppc (MPPE(128 bits), stateless)
Mar 13 21:08:53 mail mpd: Decompress using: mppc (MPPE(128 bits), stateless)
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: rec'd Configure Ack #3 (Ack-Sent)
Mar 13 21:08:53 mail mpd: IPADDR 192.168.0.110
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: state change Ack-Sent --> Opened
Mar 13 21:08:53 mail mpd: [pptp0] IPCP: LayerUp
Mar 13 21:08:53 mail mpd: 192.168.0.110 -> 192.168.0.130
Mar 13 21:08:53 mail mpd: [pptp0] IFACE: Up event
Код: Выделить всё
#разрешаем порт 1723
${FwCMD} add allow tcp from any to me 1723
#разрешаем протокол GRE
${FwCMD} add allow gre from any to any
#разрешаем трафик по интерфейсу ng0
${FwCMD} add allow ip from any to any via ng0
Код: Выделить всё
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:c0:26:2e:99:55
inet 193.111.8.3 netmask 0xffffff00 broadcast 193.111.8.255
media: Ethernet autoselect (10baseT/UTP)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:c0:26:2e:b3:86
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1396
inet 192.168.0.110 --> 192.168.0.130 netmask 0xffffffff
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ng3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ng4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
После упорной борьбы выяснилось:
1. При изменении в mpd.conf ip адресации, на отличную от адресации сети офиса
Код: Выделить всё
set ipcp ranges 10.11.0.1/32 10.11.0.2/24
2. После натирования файерволом всей сети 10.11.0.0/24 на внешнюю сетевую сервера, интернет появился, но мимо сквида.
3. После форвардинга файерволом пакетов с сети 10.11.0.0/24 на порт сквида и прописывания в сквиде дополнительной обслуживаемой сети, интернет с удаленного компа стал идти через сквид.
Осталось сделать одно, чтобы можно было с рабочей машины зайти на удаленную.
Раньше, при poptop таких танцев не надо было делать. Удаленный клиент получал сразу адрес локальной сети и он видел сеть, интернет и сам нормально был виден из сети.
Помогите решить последнюю проблему плиз