mpd5 как L2TP клиент
Добавлено: 2009-05-31 9:31:42
http://www.lissyara.su/?id=1942 накатал маленькую заметку. жду замечаний/предложений
Добрым словом и кулаком, добьёшься больше чем одним добрым словом.
https://forum.lissyara.su/
Код: Выделить всё
cd /usr/local/etc/mpd5
-cp mpd.conf.sample mpd.conf
+touch mpd.conf
cp mpd.script.sample mpd.script
-cp mpd.secret.sample mpd.secret
+touch mpd.secret
Код: Выделить всё
It doesn't work, and there are strange netgraph-related errors in the log.
Make sure you have all the required netgraph KLD's loaded. You can check them
by doing kldstat -v | grep ng_ .
Usually these are loaded on demand. If not, you can load them manually using kldload(8).
The following node types are or may be needed:
ng_async
ng_bpf
ng_car
ng_deflate
ng_ether
ng_iface
ng_ksocket
ng_l2tp
ng_mppc
ng_ppp
ng_pppoe
ng_pptpgre
ng_nat
ng_netflow
ng_pred1
ng_socket
ng_tcpmss
ng_tee
ng_tty
ng_vjc
Код: Выделить всё
cd /usr/local/etc
cp -R mpd5 mpd5r2
cp rc.d/mpd5 rc.d/mpd5r2.sh
Код: Выделить всё
mpd_enable=YES
mpd5r2_enable=YES
Код: Выделить всё
...
# PROVIDE: mpd5r2
...
name="mpd5r2"
rcvar=`set_rcvar mpd5r2`
...
command="/usr/local/sbin/mpd5"
mpd_flags="-b -d /usr/local/etc/${name} -p ${pidfile} -s ${name}"
Привожу часть конфига, которая отвечает за L2TP клиент
Не забываем отступы отбивать табом, а не пробелами
http://mpd.sourceforge.net/doc5/mpd13.html#13An entry consists of a label followed by a sequence of mpd commands. A label begins at the first column and ends with a colon character. Commands are indented with a tab character and follow the label on the next and subsequent lines.
Код: Выделить всё
startup:
set user weblogin webpassword
set console self 127.0.0.1 5005
set console open
set web self 127.0.0.1 5006
set web open
default:
load vpn-l2tp
vpn-l2tp:
create bundle static L2TP
set iface up-script '/usr/local/etc/mpd5/io-up.sh L2TP'
set iface down-script /usr/local/etc/mpd5/io-down.sh
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp no vjcomp
create link static L2 l2tp
set link action bundle L2TP
set link accept chap
set link latency 0
set link max-redial 0
set link mtu 1460
set link keep-alive 60 180
set l2tp peer tp.corbina.net
set auth authname user
set auth password pwd
open
Код: Выделить всё
l2tp:
set link type l2tp
set l2tp peer tp.corbina.net
set l2tp enable originate
set l2tp disable incoming
Код: Выделить всё
#!/bin/sh
gate=`netstat -rn | grep default | awk '{print $2}'`
vpn=`echo $5 | awk 'sub(/.[0-9]*$/,"")'`
time=`date "+%H:%M:%S"`
echo "$vpn.0/24" > /tmp/vpn_gw
/sbin/route -q delete $5
/sbin/route -nq add "$vpn.0/24" $gate
/sbin/route change default $5 -ifp $2
netstat=`netstat -rnf inet`
ifconfig=`ifconfig ng0`
echo "*************************************************************************
$time -$1- \$2->$2 \$3->$3 WAN(\$4)->$4 GW(\$5)->$5
interface = $2
gate = $gate
vpn_lan = $vpn/24
--------------------------------------------------------------------------
$ifconfig
--------------------------------------------------------------------------
$netstat
--------------------------------------------------------------------------
" >> /var/log/mpd.log
Код: Выделить всё
#!/bin/sh
gate=`netstat -rn | grep 10.0.0.0 | awk '{print $2}'`
vpn=`cat /tmp/vpn_gw`
/sbin/route -q delete $vpn
/sbin/route delete default
/sbin/route -nq add default $gate
netstat=`netstat -rnf inet`
echo "*************************************************************************
gate = $gate -> UP
vpn_lan = $vpn -> DOWN
$time -$1- DOWN
--------------------------------------------------------------------------
$netstat
--------------------------------------------------------------------------
" >> /var/log/mpd.log
Код: Выделить всё
-rwxr-xr-x 1 root wheel 542 Sep 18 18:48 io-down.sh*
-rwxr-xr-x 1 root wheel 784 Sep 18 18:48 io-up.sh*
Код: Выделить всё
set iface up-script '/usr/local/etc/mpd5/io-up.sh L2TP'
set iface down-script /usr/local/etc/mpd5/io-down.sh
Код: Выделить всё
set iface up-script /usr/local/etc/mpd5/io-up.sh
set iface down-script /usr/local/etc/mpd5/io-down.sh
Код: Выделить всё
#mpd5 -f /usr/local/etc/mpd5/mpd.conf -p /var/run/mympd.pid
Код: Выделить всё
FreeBSD 7.2-RELEASE-p2 i386
Код: Выделить всё
startup:
set user <*****> <*****> admin
set user <guest> <guest>
set console self 127.0.0.1 5005
set console open
set web self 0.0.0.0 5006
set web open
default:
load l2tp_client
l2tp_client:
create bundle static B1
set bundle disable crypt-reqd
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface up-script /usr/local/etc/mpd5/l2tp-up.sh
set iface down-script /usr/local/etc/mpd5/l2tp-down.sh
set iface enable tcpmssfix
create link static L1 l2tp
set link action bundle B1
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set link accept chap
set link no pap
set auth authname ***
set auth password ***
set l2tp peer tp.corbina.net
open
Код: Выделить всё
mpd_enable="YES"
mpd_flags="-f /usr/local/etc/mpd5/l2tp.cli.conf -b "
Код: Выделить всё
#!/bin/sh
LocalGW="10.72.128.1" #`cat /tmp/Current_Local_GW`
Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`
route delete $4
route add $4 $LocalGW
route delete default
route add default $4
echo $4 > /tmp/vpn_GW
# echo $4 > /var/log/Corbina/pptp_GW.$Today
echo $Today $TimeNow -L2TP-Up- GW = $4 WAN-IP = $3 >> /var/log/vpn.log
Код: Выделить всё
#!/bin/sh
LocalGW="10.72.128.1" #`cat /tmp/Current_Local_GW`
vpnGW=`cat /tmp/vpn_GW`
route delete $vpnGW
route delete default
route add default $LocalGW
Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`
echo $Today $TimeNow -L2TP-Down- >> /var/log/vpn.log
Код: Выделить всё
# grep -n mpd /etc/syslog.conf
33:!mpd
34:*.* /var/log/mpd.log
# touch /var/log/mpd.log
# chmod 600 /var/log/mpd.log
# /etc/rc.d/syslogd restart
Тут еще приватизируйFreeBSP писал(а):..
скрипты кстати прикольные... приватизирую)
Решил проблему, так отпиши... кросспостер ты наш....KillerHT писал(а):..
Имеется проблема с mpd5 - соединение пересоединяется каждую 1минуту 00секунд, провайдер корбина, в течении этой минуты все работает!
..
Код: Выделить всё
set iface up-script script
set iface down-script script
Mpd can optionally run a user program every time one of network protocols (IPCP/IPv6CP) at the interface is brought up or down. The up-script is called like this:
script interface proto local-ip remote-ip authname [ dns1 server-ip ] [ dns2 server-ip ] peer-address
If up-script exit status is not 0, mpd will kill respective protocol.
The down-script is called like this:
script interface proto local-ip remote-ip authname peer-address
Спасибо, понял. А $dr ?FreeBSP писал(а):в $4 соответственно будет remote-ip
Код: Выделить всё
# cat /usr/local/etc/mpd5/pptp-up.sh
Код: Выделить всё
#!/bin/sh
LocalGW="10.72.128.1" #`cat /tmp/Current_Local_GW`
Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`
route delete $4
route add $4 $LocalGW
route delete default
route add default $4
echo $4 > /tmp/vpn_GW
# echo $4 > /var/log/Corbina/pptp_GW.$Today
echo $Today $TimeNow -PPTP-Up- GW = $4 WAN-IP = $3 >> /var/log/vpn.log
Код: Выделить всё
# cat /usr/local/etc/mpd5/pptp-down.sh
Код: Выделить всё
#!/bin/sh
LocalGW="10.72.128.1" #`cat /tmp/Current_Local_GW`
vpnGW=`cat /tmp/vpn_GW`
route delete $vpnGW
route delete default
route add default $LocalGW
Today=`date "+%Y-%m-%d"`
TimeNow=`date "+%H:%M:%S"`
echo $Today $TimeNow -PPTP-Down- >> /var/log/vpn.log