|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Vadim Guchenko 2:5020/400 29 Sep 2004 07:55:45
To : Alexander Shevchenko
Subject : Re: mpd
--------------------------------------------------------------------------------
Hello, Alexander!
You wrote to Всем on Sun, 26 Sep 2004 14:34:42 +0400:
AS> Ситувина следущая: есть mpd Version 3.2 на FreeBSD 4.4R.
AS> Конектится к прову за инетом. Сам перезванивает и т.д.. Проблемма в
AS> следующем: периодически соединение подвисат, то есть инет замирает.
AS> В логах появляются вот такие строчки:
Ситуация аналогичная. Поставил mpd 3.18 с двух сторон, поднял шифрованный
туннель. Линк модемный (2 мегабита). С одной стороны 5.2.1, с другой - 4.10.
Hа обеих системах установил два патча для нетграфа - для решения проблемы с
двухбайтовыми полями протокола и для отключения алгоритма windowing. Без
второго патча при пинге через туннель периодически появлялось сообщение
sento: no buffer space available и терялась куча пакетов. В результате все
работает замечательно, но без видимых причин туннель подвисает. Hесмотря на
то, что включено set link keep-alive 5 30, пересоединения не происходит. Да
и не в этом дело, видимо, т.к. сам модемный линк живой. Что делать - не
знаю. Гребаный mpd. Ведь знал что глючный, но альтернатив для vpn-клиента у
него нет, а поптоп в качестве сервера поставить не могу, т.к. он уже
используется на сервере, где заканчивается один из концов туннеля. Сам с mpd
не первый год знаком. Вот конфиги:
Hа звонящей стороне:
===mpd.conf===
default:
load vpn
common:
log +echo
set pptp self 80.253.226.102
set pptp enable originate
set pptp disable incoming
set pptp disable delayed-ack
set bundle yes compression crypt-reqd
set bundle no encryption multilink
set iface idle 0
set iface disable on-demand
set iface enable tcpmssfix
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp yes vjcomp
set link mtu 1500
set link keep-alive 5 30
set link no pap chap
set link accept chap-msv2
set link yes acfcomp protocomp
set ccp yes mppc mpp-e128 mpp-stateless
set ccp no mpp-compress mpp-e40 mpp-e56
vpn:
new -i ng0 vpn0 vpn0
set pptp peer 80.253.226.162
set bundle authname "router-gvard"
set iface route 10.10.4.0/24
set iface route 192.168.4.0/24
set iface route 80.253.235.64/27
load common
open
new -i ng1 vpn1 vpn1
set pptp peer 80.253.230.86
set bundle authname "router-schorsa"
set iface route 10.10.3.0/24
set iface route 10.10.6.0/24
set iface route 192.168.3.0/24
set iface route 192.168.6.0/24
set iface route 80.253.235.96/27
load common
open
===mpd.links===
vpn0:
set link type pptp
vpn1:
set link type pptp
Hа одной из принимающих сторон:
===mpd.conf===
default:
load vpn
common:
log +echo
set pptp self 80.253.230.86
set pptp enable incoming
set pptp disable originate
set pptp disable delayed-ack
set bundle yes compression crypt-reqd
set bundle no encryption multilink
set bundle max-logins 1
set iface idle 0
set iface disable on-demand
set iface enable tcpmssfix
set ipcp ranges 80.253.235.98/32 0.0.0.0/0
set ipcp yes vjcomp
set link mtu 1500
set link keep-alive 5 30
set link no pap chap
set link enable chap-msv2
set link yes acfcomp protocomp
set ccp yes mppc mpp-e128 mpp-stateless
set ccp no mpp-compress mpp-e40 mpp-e56
vpn:
new -i ng0 vpn0 vpn0
set iface route default
load common
===mpd.links===
vpn0:
set link type pptp
Лог соединения с принимающей стороны:
Sep 29 11:19:10 access3 mpd: [vpn0] ppp node is "mpd30074-vpn0"
Sep 29 11:19:10 access3 mpd: [vpn0] using interface ng0
Sep 29 11:19:10 access3 mpd: mpd: local IP address for PPTP is 80.253.230.86
Sep 29 11:19:10 access3 mpd: [vpn0] IPCP: peer address cannot be zero
Sep 29 11:19:11 access3 mpd: mpd: PPTP connection from 80.253.226.102:50079
Sep 29 11:19:11 access3 mpd: pptp0: attached to connection with
80.253.226.102:50079
Sep 29 11:19:11 access3 mpd: [vpn0] IFACE: Open event
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: Open event
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: state change Initial --> Starting
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: LayerStart
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: Open event
Sep 29 11:19:11 access3 mpd: [vpn0] bundle: OPEN event in state CLOSED
Sep 29 11:19:11 access3 mpd: [vpn0] opening link "vpn0"...
Sep 29 11:19:11 access3 mpd: [vpn0] link: OPEN event
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: Open event
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: state change Initial --> Starting
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: LayerStart
Sep 29 11:19:11 access3 mpd: [vpn0] device: OPEN event in state DOWN
Sep 29 11:19:11 access3 mpd: [vpn0] attaching to peer's outgoing call
Sep 29 11:19:11 access3 mpd: [vpn0] device is now in state OPENING
Sep 29 11:19:11 access3 mpd: [vpn0] device: UP event in state OPENING
Sep 29 11:19:11 access3 mpd: [vpn0] device is now in state UP
Sep 29 11:19:11 access3 mpd: [vpn0] link: UP event
Sep 29 11:19:11 access3 mpd: [vpn0] link: origination is remote
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: Up event
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: state change Starting --> Req-Sent
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: phase shift DEAD --> ESTABLISH
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: SendConfigReq #1
Sep 29 11:19:11 access3 mpd: ACFCOMP
Sep 29 11:19:11 access3 mpd: PROTOCOMP
Sep 29 11:19:11 access3 mpd: MRU 1500
Sep 29 11:19:11 access3 mpd: MAGICNUM a98d95f2
Sep 29 11:19:11 access3 mpd: AUTHPROTO CHAP MSOFTv2
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: rec'd Configure Request #3 link 0
(Req-Sent)
Sep 29 11:19:11 access3 mpd: ACFCOMP
Sep 29 11:19:11 access3 mpd: PROTOCOMP
Sep 29 11:19:11 access3 mpd: MRU 1500
Sep 29 11:19:11 access3 mpd: MAGICNUM bb69b478
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: SendConfigAck #3
Sep 29 11:19:11 access3 mpd: ACFCOMP
Sep 29 11:19:11 access3 mpd: PROTOCOMP
Sep 29 11:19:11 access3 mpd: MRU 1500
Sep 29 11:19:11 access3 mpd: MAGICNUM bb69b478
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: state change Req-Sent --> Ack-Sent
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: rec'd Configure Ack #1 link 0
(Ack-Sent)
Sep 29 11:19:11 access3 mpd: ACFCOMP
Sep 29 11:19:11 access3 mpd: PROTOCOMP
Sep 29 11:19:11 access3 mpd: MRU 1500
Sep 29 11:19:11 access3 mpd: MAGICNUM a98d95f2
Sep 29 11:19:11 access3 mpd: AUTHPROTO CHAP MSOFTv2
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: state change Ack-Sent --> Opened
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: phase shift ESTABLISH -->
AUTHENTICATE
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: auth: peer wants nothing, I want
CHAP
Sep 29 11:19:11 access3 mpd: [vpn0] CHAP: sending CHALLENGE
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: LayerUp
Sep 29 11:19:11 access3 mpd: [vpn0] CHAP: rec'd RESPONSE #1
Sep 29 11:19:11 access3 mpd: Name: "router-schorsa"
Sep 29 11:19:11 access3 mpd: Peer name: "router-schorsa"
Sep 29 11:19:11 access3 mpd: Response is valid
Sep 29 11:19:11 access3 mpd: [vpn0] CHAP: sending SUCCESS
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: authorization successful
Sep 29 11:19:11 access3 mpd: [vpn0] LCP: phase shift AUTHENTICATE -->
NETWORK
Sep 29 11:19:11 access3 mpd: [vpn0] setting interface ng0 MTU to 1500 bytes
Sep 29 11:19:11 access3 mpd: [vpn0] up: 1 link, total bandwidth 64000 bps
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: Up event
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: state change Starting --> Req-Sent
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: SendConfigReq #1
Sep 29 11:19:11 access3 mpd: IPADDR 80.253.235.98
Sep 29 11:19:11 access3 mpd: COMPPROTO VJCOMP, 16 comp. channels, no
comp-cid
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Open event
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: state change Initial --> Starting
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: LayerStart
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Up event
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: state change Starting --> Req-Sent
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: SendConfigReq #1
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Checking whether 40 bits are
enabled -> no
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Checking whether 56 bits are
enabled -> no
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Checking whether 128 bits are
enabled -> yes
Sep 29 11:19:11 access3 mpd: MPPC
Sep 29 11:19:11 access3 mpd: 0x01000040: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: rec'd Configure Request #3 link 0
(Req-Sent)
Sep 29 11:19:11 access3 mpd: IPADDR 0.0.0.0
Sep 29 11:19:11 access3 mpd: NAKing with 80.253.235.97
Sep 29 11:19:11 access3 mpd: COMPPROTO VJCOMP, 16 comp. channels, no
comp-cid
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: SendConfigNak #3
Sep 29 11:19:11 access3 mpd: IPADDR 80.253.235.97
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: rec'd Configure Request #2 link 0
(Req-Sent)
Sep 29 11:19:11 access3 mpd: MPPC
Sep 29 11:19:11 access3 mpd: 0x01000040: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: Checking whether 128 bits are
acceptable -> yes
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: SendConfigAck #2
Sep 29 11:19:11 access3 mpd: MPPC
Sep 29 11:19:11 access3 mpd: 0x01000040: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: state change Req-Sent --> Ack-Sent
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: rec'd Configure Ack #1 link 0
(Req-Sent)
Sep 29 11:19:11 access3 mpd: IPADDR 80.253.235.98
Sep 29 11:19:11 access3 mpd: COMPPROTO VJCOMP, 16 comp. channels, no
comp-cid
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: state change Req-Sent --> Ack-Rcvd
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: rec'd Configure Ack #1 link 0
(Ack-Sent)
Sep 29 11:19:11 access3 mpd: MPPC
Sep 29 11:19:11 access3 mpd: 0x01000040: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: state change Ack-Sent --> Opened
Sep 29 11:19:11 access3 mpd: [vpn0] CCP: LayerUp
Sep 29 11:19:11 access3 mpd: Compress using: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: Decompress using: MPPE, 128 bit, stateless
Sep 29 11:19:11 access3 mpd: [vpn0] setting interface ng0 MTU to 1496 bytes
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: rec'd Configure Request #4 link 0
(Ack-Rcvd)
Sep 29 11:19:11 access3 mpd: IPADDR 80.253.235.97
Sep 29 11:19:11 access3 mpd: 80.253.235.97 is OK
Sep 29 11:19:11 access3 mpd: COMPPROTO VJCOMP, 16 comp. channels, no
comp-cid
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: SendConfigAck #4
Sep 29 11:19:11 access3 mpd: IPADDR 80.253.235.97
Sep 29 11:19:11 access3 mpd: COMPPROTO VJCOMP, 16 comp. channels, no
comp-cid
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: state change Ack-Rcvd --> Opened
Sep 29 11:19:11 access3 mpd: [vpn0] IPCP: LayerUp
Sep 29 11:19:11 access3 mpd: 80.253.235.98 -> 80.253.235.97
Sep 29 11:19:11 access3 mpd: [vpn0] IFACE: Up event
Sep 29 11:19:11 access3 mpd: [vpn0] setting interface ng0 MTU to 1496 bytes
Sep 29 11:19:11 access3 mpd: [vpn0] exec: /sbin/ifconfig ng0 80.253.235.98
80.253.235.97 netmask 0xffffffff -link0
Sep 29 11:19:11 access3 mpd: [vpn0] exec: /sbin/route add
80.253.235.98 -iface lo0
Sep 29 11:19:11 access3 mpd: [vpn0] exec: /sbin/route add 0.0.0.0
80.253.235.97
Sep 29 11:19:11 access3 mpd: [vpn0] IFACE: Up event
Когда начинаются проблемы с затыком туннеля, в логах появляется несколько
сообщений вида:
Sep 29 08:36:42 access3 mpd: [vpn0] LCP: no reply to 1 echo request(s)
Sep 29 08:36:47 access3 mpd: [vpn0] LCP: no reply to 2 echo request(s)
Sep 29 08:36:52 access3 mpd: [vpn0] LCP: no reply to 3 echo request(s)
Sep 29 08:47:17 access3 mpd: [vpn0] LCP: no reply to 1 echo request(s)
Sep 29 08:47:22 access3 mpd: [vpn0] LCP: no reply to 2 echo request(s)
Sep 29 08:47:27 access3 mpd: [vpn0] LCP: no reply to 3 echo request(s)
Sep 29 08:49:12 access3 mpd: [vpn0] LCP: no reply to 1 echo request(s)
Sep 29 08:49:17 access3 mpd: [vpn0] LCP: no reply to 2 echo request(s)
Sep 29 08:49:22 access3 mpd: [vpn0] LCP: no reply to 3 echo request(s)
Sep 29 10:46:53 access3 mpd: [vpn0] LCP: no reply to 1 echo request(s)
Sep 29 10:46:58 access3 mpd: [vpn0] LCP: no reply to 2 echo request(s)
Sep 29 10:47:03 access3 mpd: [vpn0] LCP: no reply to 3 echo request(s)
Sep 29 10:47:08 access3 mpd: [vpn0] LCP: no reply to 4 echo request(s)
Sep 29 10:49:03 access3 mpd: [vpn0] LCP: no reply to 1 echo request(s)
Sep 29 10:49:08 access3 mpd: [vpn0] LCP: no reply to 2 echo request(s)
Sep 29 10:49:13 access3 mpd: [vpn0] LCP: no reply to 3 echo request(s)
Sep 29 11:13:18 access3 mpd: [vpn0] LCP: rec'd Terminate Request #3 link 0
(Opened)
В 10:49 произошло залипание туннеля (трафик по нему не ходил). В 11:13 я
перезапустил mpd (не помню на какой из сторон, помогает на любой).
Пароли и выдаваемые адреса в файлах mpd.secret. У меня есть предположение,
что может патч ng_pptpgre.c для последних версий нетграфа другой нужен, т.к.
там кое-что незначительно изменилось в коде и патч я накатывал вручную. Hо
сам я это выяснить вряд ли смогу.
With best regards, Vadim Guchenko. E-mail: s0lver@kraslan.ru
--
Отправлено через сервер Форумы@mail.ru - http://talk.mail.ru
--- ifmail v.2.15dev5.3
* Origin: Talk.Mail.Ru (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Re: mpd |
Vadim Guchenko |
29 Sep 2004 07:55:45 |
|
|
