forum.lissyara.su

Добавлено: **2009-02-15 21:13:20**

Здравствуйте.

FreeBSD 7.0-RELEASE FreeBSD 7.0-RELEASE #6: Sun Nov 23 14:32:31 EET 2008     root@ddd:/usr/src/sys/i386/compile/blabla70  i386

В качестве ВПН-сервера для предоставления услуги доступа в Интернет используется mpd4.

Конфиги:

Код: Выделить всё

    set ipcp ranges 10.2.0.1/32 10.2.0.0/16
    set pptp self *.*.*.*
    set iface disable on-demand
    set bundle disable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link keep-alive 60 180
    set ipcp yes vjcomp
    set ipcp dns *.*.*.*
    set iface disable proxy-arp
    set bundle enable compression
    set iface enable tcpmssfix
    set ccp yes mppc
    set ccp yes mpp-e40
    set ccp yes mpp-e128
    set ccp yes mpp-stateless
    set bundle yes crypt-reqd
    set pptp enable incoming
    set pptp disable originate
    set radius timeout 10
    set radius config /usr/local/etc/mpd4/radius.conf
    set radius retries 3
    set auth acct-update 300
    set auth enable radius-auth
    set iface up-script /usr/local/etc/mpd4/if-up
    set iface down-script /usr/local/etc/mpd4/if-down

Всё работает нормально, но раз в неделю возникает ситуация:
У абонентов рвётся впн-соединение (причём не у всех сразу, а рандомно). При попытке подключиться пишет "Ошибка 742 при попытке установки соединения", с пятой-десятой попытки проходит.

Со стороны сервера в логах следующее:

Feb 15 19:31:14 servername mpd: [pptp65] LCP: SendConfigReq #139
Feb 15 19:31:14 servername mpd: ACFCOMP
Feb 15 19:31:14 servername mpd: PROTOCOMP
Feb 15 19:31:14 servername mpd: MRU 1500
Feb 15 19:31:14 servername mpd: MAGICNUM 3f60bcf1
Feb 15 19:31:14 servername mpd: AUTHPROTO CHAP MSOFTv2
Feb 15 19:31:14 servername mpd: [pptp65] LCP: rec'd Configure Ack #139 (Ack-Sent)
Feb 15 19:31:14 servername mpd: ACFCOMP
Feb 15 19:31:14 servername mpd: PROTOCOMP
Feb 15 19:31:14 servername mpd: MRU 1500
Feb 15 19:31:14 servername mpd: MAGICNUM 3f60bcf1
Feb 15 19:31:14 servername mpd: AUTHPROTO CHAP MSOFTv2
Feb 15 19:31:14 servername mpd: [pptp65] LCP: state change Ack-Sent --> Opened
Feb 15 19:31:14 servername mpd: [pptp65] LCP: auth: peer wants nothing, I want CHAP
Feb 15 19:31:14 servername mpd: [pptp65] CHAP: sending CHALLENGE len:17
Feb 15 19:31:14 servername mpd: [pptp65] LCP: LayerUp
Feb 15 19:31:14 servername mpd: [pptp65] LCP: rec'd Ident #2 (Opened)
Feb 15 19:31:14 servername mpd: [pptp65] LCP: rec'd Ident #3 (Opened)
Feb 15 19:31:14 servername mpd: [pptp65] CHAP: rec'd RESPONSE #1
Feb 15 19:31:14 servername mpd: Name: "login_abonenta"
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: Auth-Thread started
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: Trying RADIUS
Feb 15 19:31:14 servername mpd: [pptp65] RADIUS: RadiusAuthenticate for: login_abonenta
Feb 15 19:31:14 servername mpd: [pptp65] RADIUS: rec'd RAD_ACCESS_ACCEPT for user login_abonenta
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: RADIUS returned authenticated
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: Auth-Thread finished normally
Feb 15 19:31:14 servername mpd: [pptp65] CHAP: ChapInputFinish: status authenticated
Feb 15 19:31:14 servername mpd: Reply message: S=47B110C17FD32207D4C1F02E69CE36D4E14E0725
Feb 15 19:31:14 servername mpd: [pptp65] CHAP: sending SUCCESS len:42
Feb 15 19:31:14 servername mpd: [pptp65] LCP: authorization successful
Feb 15 19:31:14 servername mpd: [pptp65] Bundle up: 1 link, total bandwidth 64000 bps
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: Open event
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Initial --> Starting
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: LayerStart
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Open event
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Initial --> Starting
Feb 15 19:31:14 servername mpd: [pptp65] CCP: LayerStart
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: Up event
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Starting --> Req-Sent
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigReq #48
Feb 15 19:31:14 servername mpd: IPADDR 10.2.0.1
Feb 15 19:31:14 servername mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Up event
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Starting --> Req-Sent
Feb 15 19:31:14 servername mpd: [pptp65] CCP: SendConfigReq #203
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000060:MPPE(40, 128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: rec'd Configure Request #4 (Req-Sent)
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: SendConfigNak #4
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: rec'd Configure Request #5 (Req-Sent)
Feb 15 19:31:14 servername mpd: IPADDR 0.0.0.0
Feb 15 19:31:14 servername mpd: NAKing with 10.3.2.39
Feb 15 19:31:14 servername mpd: PRIDNS 0.0.0.0
Feb 15 19:31:14 servername mpd: NAKing with 10.*.*.130
Feb 15 19:31:14 servername mpd: PRINBNS 0.0.0.0
Feb 15 19:31:14 servername mpd: SECDNS 0.0.0.0
Feb 15 19:31:14 servername mpd: SECNBNS 0.0.0.0
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigRej #5
Feb 15 19:31:14 servername mpd: PRINBNS 0.0.0.0
Feb 15 19:31:14 servername mpd: SECDNS 0.0.0.0
Feb 15 19:31:14 servername mpd: SECNBNS 0.0.0.0
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: rec'd Configure Reject #48 (Req-Sent)
Feb 15 19:31:14 servername mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigReq #49
Feb 15 19:31:14 servername mpd: IPADDR 10.2.0.1
Feb 15 19:31:14 servername mpd: [pptp65] CCP: rec'd Configure Nak #203 (Req-Sent)
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: SendConfigReq #204
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: rec'd Configure Request #6 (Req-Sent)
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: SendConfigAck #6
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Req-Sent --> Ack-Sent
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: rec'd Configure Request #7 (Req-Sent)
Feb 15 19:31:14 servername mpd: IPADDR 0.0.0.0
Feb 15 19:31:14 servername mpd: NAKing with 10.3.2.39
Feb 15 19:31:14 servername mpd: PRIDNS 0.0.0.0
Feb 15 19:31:14 servername mpd: NAKing with 10.*.*.130
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigNak #7
Feb 15 19:31:14 servername mpd: IPADDR 10.3.2.39
Feb 15 19:31:14 servername mpd: PRIDNS 10.*.*.130
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: rec'd Configure Ack #49 (Req-Sent)
Feb 15 19:31:14 servername mpd: IPADDR 10.2.0.1
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Req-Sent --> Ack-Rcvd
Feb 15 19:31:14 servername mpd: [pptp65] CCP: rec'd Configure Ack #204 (Ack-Sent)
Feb 15 19:31:14 servername mpd: MPPC
Feb 15 19:31:14 servername mpd: 0x01000040:MPPE(128 bits), stateless
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Ack-Sent --> Opened
Feb 15 19:31:14 servername mpd: [pptp65] CCP: LayerUp
Feb 15 19:31:14 servername mpd: [pptp65] can't create mppc node: File exists
Feb 15 19:31:14 servername mpd: [pptp65] CCP: compression init failed
Feb 15 19:31:14 servername mpd: [pptp65] CCP: parameter negotiation failed
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Opened --> Closing
Feb 15 19:31:14 servername mpd: [pptp65] CCP: SendTerminateReq #205
Feb 15 19:31:14 servername mpd: [pptp65] CCP: LayerDown
Feb 15 19:31:14 servername mpd: [pptp65] CCP: encryption required, but MPPE was not negotiated in both directions
Feb 15 19:31:14 servername mpd: [pptp65] CCP: failed to negotiate required encryption
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Closing --> Closed
Feb 15 19:31:14 servername mpd: [pptp65] CCP: LayerFinish
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: failed to negotiate required encryption
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Ack-Rcvd --> Stopped
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: LayerFinish
Feb 15 19:31:14 servername mpd: [pptp65] No NCPs left. Closing links...
Feb 15 19:31:14 servername mpd: [pptp65] closing link "pptp65"...
Feb 15 19:31:14 servername mpd: [pptp65] IPV6CP: failed to negotiate required encryption
Feb 15 19:31:14 servername mpd: [pptp65] CCP: LayerFinish
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: rec'd Configure Request #8 (Stopped)
Feb 15 19:31:14 servername mpd: IPADDR 10.3.2.39
Feb 15 19:31:14 servername mpd: 10.3.2.39 is OK
Feb 15 19:31:14 servername mpd: PRIDNS 10.*.*.130
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: LayerStart
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigReq #50
Feb 15 19:31:14 servername mpd: IPADDR 10.2.0.1
Feb 15 19:31:14 servername mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendConfigAck #8
Feb 15 19:31:14 servername mpd: IPADDR 10.3.2.39
Feb 15 19:31:14 servername mpd: PRIDNS 10.*.*.130
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Stopped --> Ack-Sent
Feb 15 19:31:14 servername mpd: [pptp65] link: CLOSE event
Feb 15 19:31:14 servername mpd: [pptp65] LCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] LCP: state change Opened --> Closing
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: Accounting data for user login_abonenta: 2 seconds, 362 octets in, 320 octets out
Feb 15 19:31:14 servername mpd: [pptp65] Bundle up: 0 links, total bandwidth 9600 bps
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Ack-Sent --> Closing
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: SendTerminateReq #51
Feb 15 19:31:14 servername mpd: [pptp65] error writing len 8 frame to bypass: Network is down
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: Down event
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: LayerFinish
Feb 15 19:31:14 servername mpd: [pptp65] No NCPs left. Closing links...
Feb 15 19:31:14 servername mpd: [pptp65] closing link "pptp65"...
Feb 15 19:31:14 servername mpd: [pptp65] IPCP: state change Closing --> Initial
Feb 15 19:31:14 servername mpd: [pptp65] CCP: Down event
Feb 15 19:31:14 servername mpd: [pptp65] CCP: state change Closed --> Initial
Feb 15 19:31:14 servername mpd: [pptp65] AUTH: Cleanup
Feb 15 19:31:14 servername mpd: [pptp65] LCP: SendTerminateReq #140
Feb 15 19:31:14 servername mpd: [pptp65] LCP: LayerDown
Feb 15 19:31:14 servername mpd: [pptp65] link: CLOSE event
Feb 15 19:31:14 servername mpd: [pptp65] LCP: Close event
Feb 15 19:31:14 servername mpd: [pptp65] rec'd proto CCP during terminate phase
Feb 15 19:31:14 servername mpd: [pptp65] LCP: rec'd Terminate Request #9 (Closing)
Feb 15 19:31:14 servername mpd: [pptp65] LCP: SendTerminateAck #141
Feb 15 19:31:14 servername mpd: [pptp65] LCP: rec'd Terminate Ack #140 (Closing)
Feb 15 19:31:14 servername mpd: [pptp65] LCP: state change Closing --> Closed
Feb 15 19:31:14 servername mpd: [pptp65] LCP: LayerFinish
Feb 15 19:31:14 servername mpd: pptp56-0: clearing call
Feb 15 19:31:14 servername mpd: pptp56-0: killing channel
Feb 15 19:31:14 servername mpd: [pptp65] PPTP call terminated
Feb 15 19:31:14 servername mpd: [pptp65] link: DOWN event
Feb 15 19:31:14 servername mpd: [pptp65] LCP: Down event
Feb 15 19:31:14 servername mpd: [pptp65] LCP: state change Closed --> Initial
Feb 15 19:31:14 servername mpd: pptp56: closing connection with 10.0.2.39 2668
Feb 15 19:31:14 servername mpd: pptp56: CID 0x9c92 in SetLinkInfo not found
Feb 15 19:31:14 servername mpd: pptp56: killing connection with 10.0.2.39 2668

После /usr/local/etc/rc.d/mpd4 restart всё нормализуется.

У кого-нибудь есть предположения, как исправить ситуацию?

Может ещё какую-нибудь информацию предоставить?

Добавлено: **2009-02-15 21:23:42**

ядро тюнте
нехватает памяти для такого количества интерфейсов
вот и сбоит

Добавлено: **2009-02-15 21:25:47**

paradox писал(а):ядро тюнте
нехватает памяти для такого количества интерфейсов
вот и сбоит

Можете более точно натолкнуть на опции, на которые следует обратить внимание?

Добавлено: **2009-02-15 21:44:22**

я уже не помню
ищите
проблема поднималась и сдесь на форуме и на бсдпортале

Добавлено: **2009-02-15 22:43:11**

Для начала необходимо попробовать обновиться до 7.1 STABLE.
Для чего включен MPPE? Попробуй отключить MPPE тоже.
На счет тюнинга - вопрос спорный. mpd может спокойно терминировать и более 1к одновременных коннектов без особых плясок с бубном.
Когда у меня возникли подобные проблемы с mpd я отключил всякие шифрования, сжатия и т.п. Это лишняя дополнительная нагрузка.
В твоем случае мне кажется поможет обновление системы, с выхода 7.0 очень много поменялось. И если клиентов много и это тривиальная раздача интернета - то сразу отключи лишние фичи в mpd.

Добавлено: **2009-02-15 23:22:46**

Feb 15 19:31:14 servername mpd: [pptp65] can't create mppc node: File exists

точно помню что такую проблему рассматривали
нехватка системных ресурсов
может конечно и пофиксили в какойто версии mpd незнаю
но лучше поискать в гугле

Добавлено: **2009-02-16 10:07:29**

Код: Выделить всё

kern.ipc.nmbclusters=16384
kern.ipc.maxsockets=16384
net.graph.maxalloc=2048
net.graph.maxdgram=128000
net.graph.recvspace=128000
kern.maxusers=512
kern.ipc.maxpipekva=32000000
net.graph.maxalloc=2048

Добавлено: **2009-02-16 14:16:34**

zingel писал(а):

Код: Выделить всё

kern.ipc.nmbclusters=16384
kern.ipc.maxsockets=16384
net.graph.maxalloc=2048
net.graph.maxdgram=128000
net.graph.recvspace=128000
kern.maxusers=512
kern.ipc.maxpipekva=32000000
net.graph.maxalloc=2048

Эммм... В текущих 6 и 7й ветках, например net.graph.maxalloc = 4096. Подняли его еще полгода назад.

Добавлено: **2009-02-16 15:04:59**

ну не пользуйте тогда...поэксперементируйте

forum.lissyara.su

MPD4: can't create mppc node: File exists

MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists

Re: MPD4: can't create mppc node: File exists