Всё установлено, и настроино.
МПД настроин как vpn-client + vpn-server
На сервере интернет есть но подключившийся клиент не видет внешнего мира (интернета)
Код: Выделить всё
uname -a
FreeBSD server_.ua 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
Код: Выделить всё
startup:
set global enable tcp-wrapper
set console self 127.0.0.1 5005
set user xxx yyy admin
set console open
set web self 0.0.0.0 5006
set web open
set netflow peer 127.0.0.1 9996
set netflow self 127.0.0.1 9990
set netflow timeouts 15 15
set netflow hook 9000
default:
load pptp_client
load pptp_server
pptp_client:
create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static L1 pptp
set link action bundle B1
set auth authname xxx
set auth password yyy
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer 10.49.6.2
set pptp disable windowing
open
pptp_server:
set ippool add pool1 192.168.200.1 192.168.200.255
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface up-script "/usr/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/abills/libexec/linkupdown mpd down"
set ipcp yes vjcomp
set ipcp ranges 192.168.100.1/32 ippool pool1
set ipcp dns 192.168.100.1
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pptp
set link action bundle B
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set pptp self 0.0.0.0
load server_common
server_common:
set link no pap eap
set link yes chap-md5
set link keep-alive 20 60
set link enable incoming
set link no acfcomp protocomp
load radius
radius:
set radius config /usr/local/etc/mpd5/radius.conf
set radius retries 3
set radius timeout 10
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
Код: Выделить всё
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006
[B1] Bundle: Interface ng0 created
PPTP: waiting for connection on 0.0.0.0 1723
[L] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 3b17071d
[L1] LCP: rec'd Configure Request #1 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] MRU 1500
[L1] MAGICNUM 2f975d10
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MP MRRU 1600
[L1] MP SHORTSEQ
[L1] ENDPOINTDISC [802.1] 00 80 5f f7 8c 55
[L1] LCP: SendConfigRej #1
[L1] MP MRRU 1600
[L1] MP SHORTSEQ
[L1] LCP: rec'd Configure Ack #1 (Req-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM 3b17071d
[L1] LCP: state change Req-Sent --> Ack-Rcvd
[L1] LCP: rec'd Configure Request #2 (Ack-Rcvd)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] MRU 1500
[L1] MAGICNUM 2f975d10
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: SendConfigAck #2
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] MRU 1500
[L1] MAGICNUM 2f975d10
[L1] AUTHPROTO CHAP MSOFTv2
[L1] LCP: state change Ack-Rcvd --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #1 len: 21
[L1] Name: ""
[L1] CHAP: Using authname "admin1"
[L1] CHAP: sending RESPONSE #1 len: 60
[L1] CHAP: rec'd SUCCESS #1 len: 46
[L1] MESG: S=2973FF28BDB977708FB0770C8776E7FE1239CD87
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[B1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B1] IPCP: Open event
[B1] IPCP: state change Initial --> Starting
[B1] IPCP: LayerStart
[B1] IPCP: Up event
[B1] IPCP: state change Starting --> Req-Sent
[B1] IPCP: SendConfigReq #1
[B1] IPADDR 0.0.0.0
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Request #1 (Req-Sent)
[B1] IPADDR 192.168.254.1
[B1] 192.168.254.1 is OK
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: SendConfigAck #1
[B1] IPADDR 192.168.254.1
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: state change Req-Sent --> Ack-Sent
[B1] IPCP: rec'd Configure Nak #1 (Ack-Sent)
[B1] IPADDR 192.168.253.50
[B1] 192.168.253.50 is OK
[B1] IPCP: SendConfigReq #2
[B1] IPADDR 192.168.253.50
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: rec'd Configure Ack #2 (Ack-Sent)
[B1] IPADDR 192.168.253.50
[B1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B1] IPCP: state change Ack-Sent --> Opened
[B1] IPCP: LayerUp
[B1] 192.168.253.50 -> 192.168.254.1
[B1] IFACE: Up event
Код: Выделить всё
[L-2] Accepting PPTP connection
[L-2] Link: OPEN event
[L-2] LCP: Open event
[L-2] LCP: state change Initial --> Starting
[L-2] LCP: LayerStart
[L-2] PPTP: attaching to peer's outgoing call
[L-2] Link: UP event
[L-2] LCP: Up event
[L-2] LCP: state change Starting --> Req-Sent
[L-2] LCP: SendConfigReq #1
[L-2] MRU 1500
[L-2] MAGICNUM 87de47cb
[L-2] AUTHPROTO CHAP MSOFTv2
[L-2] MP MRRU 2048
[L-2] MP SHORTSEQ
[L-2] ENDPOINTDISC [802.1] 00 1e 8c 64 3c 81
[L-2] LCP: rec'd Configure Request #0 (Req-Sent)
[L-2] MRU 1400
[L-2] MAGICNUM 6ba934bf
[L-2] PROTOCOMP
[L-2] ACFCOMP
[L-2] CALLBACK 6
[L-2] MP MRRU 1614
[L-2] ENDPOINTDISC [LOCAL] c9 4a a4 40 2e aa 45 7c 8c 62 77 5c f5 a7 c9 2d 00 00 0
[L-2] LCP: SendConfigRej #0
[L-2] PROTOCOMP
[L-2] ACFCOMP
[L-2] CALLBACK 6
[L-2] LCP: rec'd Configure Request #1 (Req-Sent)
[L-2] MRU 1400
[L-2] MAGICNUM 6ba934bf
[L-2] MP MRRU 1614
[L-2] ENDPOINTDISC [LOCAL] c9 4a a4 40 2e aa 45 7c 8c 62 77 5c f5 a7 c9 2d 00 00 0
[L-2] LCP: SendConfigAck #1
[L-2] MRU 1400
[L-2] MAGICNUM 6ba934bf
[L-2] MP MRRU 1614
[L-2] ENDPOINTDISC [LOCAL] c9 4a a4 40 2e aa 45 7c 8c 62 77 5c f5 a7 c9 2d 00 00 0
[L-2] LCP: state change Req-Sent --> Ack-Sent
[L-2] LCP: SendConfigReq #2
[L-2] MRU 1500
[L-2] MAGICNUM 87de47cb
[L-2] AUTHPROTO CHAP MSOFTv2
[L-2] MP MRRU 2048
[L-2] MP SHORTSEQ
[L-2] ENDPOINTDISC [802.1] 00 1e 8c 64 3c 81
[L-2] LCP: rec'd Configure Reject #2 (Ack-Sent)
[L-2] MP SHORTSEQ
[L-2] LCP: SendConfigReq #3
[L-2] MRU 1500
[L-2] MAGICNUM 87de47cb
[L-2] AUTHPROTO CHAP MSOFTv2
[L-2] MP MRRU 2048
[L-2] ENDPOINTDISC [802.1] 00 1e 8c 64 3c 81
[L-2] LCP: rec'd Configure Ack #3 (Ack-Sent)
[L-2] MRU 1500
[L-2] MAGICNUM 87de47cb
[L-2] AUTHPROTO CHAP MSOFTv2
[L-2] MP MRRU 2048
[L-2] ENDPOINTDISC [802.1] 00 1e 8c 64 3c 81
[L-2] LCP: state change Ack-Sent --> Opened
[L-2] LCP: auth: peer wants nothing, I want CHAP
[L-2] CHAP: sending CHALLENGE #1 len: 21
[L-2] LCP: LayerUp
[L-2] LCP: rec'd Ident #2 (Opened)
[L-2] MESG: MSRASV5.10
[L-2] LCP: rec'd Ident #3 (Opened)
[L-2] MESG: MSRAS-0-MICROSOF-FE4AE1
[L-2] CHAP: rec'd RESPONSE #1 len: 58
[L-2] Name: "test"
[L-2] AUTH: Trying RADIUS
[L-2] RADIUS: Authenticating user 'test'
[L-2] RADIUS: Rec'd RAD_ACCESS_ACCEPT for user 'test'
[L-2] AUTH: RADIUS returned: authenticated
[L-2] CHAP: Auth return status: authenticated
[L-2] CHAP: Reply message: S=B20D2F29BE9990A3587D813171FD6CD08B4BD520
[L-2] CHAP: sending SUCCESS #1 len: 46
[L-2] LCP: authorization successful
[L-2] Link: Matched action 'bundle "B" ""'
[L-2] Creating new bundle using template "B".
[B-2] Bundle: Interface ng1 created
[L-2] Link: Join bundle "B-2"
[B-2] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[B-2] IPCP: Open event
[B-2] IPCP: state change Initial --> Starting
[B-2] IPCP: LayerStart
[B-2] CCP: Open event
[B-2] CCP: state change Initial --> Starting
[B-2] CCP: LayerStart
[B-2] IPCP: Up event
[B-2] IPCP: state change Starting --> Req-Sent
[B-2] IPCP: SendConfigReq #1
[B-2] IPADDR 192.168.100.1
[B-2] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-2] CCP: Up event
[B-2] CCP: state change Starting --> Req-Sent
[B-2] CCP: SendConfigReq #1
[B-2] MPPC
[B-2] 0x01000060:MPPE(40, 128 bits), stateless
[L-2] RADIUS: Accounting user 'test' (Type: 1)
[L-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'test'
[B-2] CCP: rec'd Configure Request #4 (Req-Sent)
[B-2] MPPC
[B-2] 0x01000000:stateless
[B-2] CCP: SendConfigNak #4
[B-2] MPPC
[B-2] 0x01000060:MPPE(40, 128 bits), stateless
[B-2] IPCP: rec'd Configure Request #5 (Req-Sent)
[B-2] IPADDR 0.0.0.0
[B-2] NAKing with 192.168.200.157
[B-2] PRIDNS 0.0.0.0
[B-2] NAKing with 192.168.100.1
[B-2] PRINBNS 0.0.0.0
[B-2] SECDNS 0.0.0.0
[B-2] SECNBNS 0.0.0.0
[B-2] IPCP: SendConfigRej #5
[B-2] PRINBNS 0.0.0.0
[B-2] SECDNS 0.0.0.0
[B-2] SECNBNS 0.0.0.0
[B-2] IPCP: rec'd Configure Reject #1 (Req-Sent)
[B-2] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[B-2] IPCP: SendConfigReq #2
[B-2] IPADDR 192.168.100.1
[B-2] CCP: rec'd Configure Nak #1 (Req-Sent)
[B-2] MPPC
[B-2] 0x01000040:MPPE(128 bits), stateless
[B-2] CCP: SendConfigReq #2
[B-2] MPPC
[B-2] 0x01000040:MPPE(128 bits), stateless
[B-2] CCP: rec'd Configure Request #6 (Req-Sent)
[B-2] MPPC
[B-2] 0x01000040:MPPE(128 bits), stateless
[B-2] CCP: SendConfigAck #6
[B-2] MPPC
[B-2] 0x01000040:MPPE(128 bits), stateless
[B-2] CCP: state change Req-Sent --> Ack-Sent
[B-2] IPCP: rec'd Configure Request #7 (Req-Sent)
[B-2] IPADDR 0.0.0.0
[B-2] NAKing with 192.168.200.157
[B-2] PRIDNS 0.0.0.0
[B-2] NAKing with 192.168.100.1
[B-2] IPCP: SendConfigNak #7
[B-2] IPADDR 192.168.200.157
[B-2] PRIDNS 192.168.100.1
[B-2] IPCP: rec'd Configure Ack #2 (Req-Sent)
[B-2] IPADDR 192.168.100.1
[B-2] IPCP: state change Req-Sent --> Ack-Rcvd
[B-2] CCP: rec'd Configure Ack #2 (Ack-Sent)
[B-2] MPPC
[B-2] 0x01000040:MPPE(128 bits), stateless
[B-2] CCP: state change Ack-Sent --> Opened
[B-2] CCP: LayerUp
[B-2] CCP: Compress using: mppc (MPPE(128 bits), stateless)
[B-2] CCP: Decompress using: mppc (MPPE(128 bits), stateless)
[B-2] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
[B-2] IPADDR 192.168.200.157
[B-2] 192.168.200.157 is OK
[B-2] PRIDNS 192.168.100.1
[B-2] IPCP: SendConfigAck #8
[B-2] IPADDR 192.168.200.157
[B-2] PRIDNS 192.168.100.1
[B-2] IPCP: state change Ack-Rcvd --> Opened
[B-2] IPCP: LayerUp
[B-2] 192.168.100.1 -> 192.168.200.157
[B-2] IFACE: No interface to proxy arp on for 192.168.200.157
[B-2] IFACE: Up event
[B-2] IFACE: session-timeout limited to 1952257 seconds
Код: Выделить всё
00100 32 5988 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
03002 29 2344 pipe 3002 ip from any to any via ng1 in
03003 1 56 pipe 3003 ip from any to any via ng1 out
65000 4919 565760 allow ip from any to any
65100 0 0 divert 8668 ip from any to any via nfe0
65200 0 0 allow ip from any to any
65535 0 0 deny ip from any to any
Код: Выделить всё
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.254.1 UGS 0 106 ng0
10.0.0.0/8 10.53.51.1 UGS 0 650 nfe0
10.53.51.0/24 link#2 UC 0 0 nfe0
10.53.51.1 00:06:5b:00:a1:a0 UHLW 2 0 nfe0 1199
10.53.51.8 00:17:9a:09:97:13 UHLW 2 1394 nfe0 743
10.53.51.134 00:18:37:03:26:11 UHLW 1 1 nfe0 757
127.0.0.1 127.0.0.1 UH 0 16 lo0
192.168.200.192 192.168.100.1 UH 0 2 ng1
192.168.254.1 192.168.253.50 UH 1 0 ng0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#4 UHL lo0
ff01:4::/32 fe80::1%lo0 UC lo0
ff02::%lo0/32 fe80::1%lo0 UC lo0
Код: Выделить всё
ed0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:02:44:23:5f:e2
media: Ethernet autoselect (10base2/BNC)
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:1e:8c:64:3c:81
inet 10.53.51.10 netmask 0xffffff00 broadcast 10.53.51.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1460
inet 192.168.253.50 --> 192.168.254.1 netmask 0xffffffff
ng1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 192.168.100.1 --> 192.168.200.192 netmask 0xffffffff
