Всем привет.
Помогите понять проблему.
При настройке использовал эту статью
http://www.opennet.dev/base/net/mpd_pptp_vpn.txt.htmlНастроил mpd.
Все по порядку...
В ядре:
------
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT="100"
options IPDIVERT
options DUMMYNET
options NETGRAPH #netgraph(4) system
options NETGRAPH_ASYNC
options NETGRAPH_BPF
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_HOLE
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_L2TP
options NETGRAPH_LMI
# MPPC compression requires proprietary files (not included)
#options NETGRAPH_MPPC_COMPRESSION
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_ONE2MANY
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_RFC1490
options NETGRAPH_SOCKET
options NETGRAPH_TEE
options NETGRAPH_TTY
options NETGRAPH_UI
mpd.conf
---------
default:
load pptp0
load pptp1
pptp0:
new -i ng0 pptp0 pptp0
set ipcp ranges 192.168.100.1/32 192.168.100.100/32
load vpn_standart
pptp1:
new -i ng1 pptp1 pptp1
set ipcp ranges 192.168.100.1/32 192.168.100.101/32
load vpn_standart
vpn_standart:
set iface disable on-demand
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp dns 192.168.50.250 #мой внутренний DNS сервер
set iface enable proxy-arp
set bundle enable compression
#Включаем компрессию данных, совсестимую с Microsoft-клиентами
set ccp yes mppc
#Включаем шифрование, совместимое с Microsoft-клиентами
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
#Разрешаем входящие соединения
set pptp enable incoming
set pptp disable originate
set iface mtu 1500
set link mtu 1500
# set link mru 1396
# set iface mtu 1396
# set link mtu 1396
# set link mru 1396
mpd.links
---------
pptp0:
set link type pptp
pptp1:
set link type pptp
mpd.secret
----------
vpn vpn *
vpnuser 12345678 192.168.100.200
Файервол на время настройки пока:
--------------------------------
freebsd# ipfw -a list
00100 41816 5989257 allow ip from any to any
65535 0 0 deny ip from any to any
С запущенным mpd
----------------
freebsd# ifconfig
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet 192.168.50.204 netmask 0xffffff00 broadcast 192.168.50.255
ether 00:50:da:3b:65:cb
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether 00:30:4f:14:26:b4
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 195.248.184.154 --> 195.248.197.166 netmask 0xffffffff
Opened by PID 841
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500
При прослушивании tun0
----------------------
freebsd# tcpdump -i tun0 -n port 1723
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes
11:55:07.442590 IP 213.154.220.198.61801 > 195.248.184.154.1723: S 2071506467:2071506467(0) win 65535 <mss 1440,nop,wscale 1,nop,nop,timestamp 8109307 0>
11:55:07.442749 IP 195.248.184.154.1723 > 213.154.220.198.61801: S 3341967836:3341967836(0) ack 2071506468 win 65535 <mss 1452,nop,wscale 1,nop,nop,timestamp 8559955 8109307>
11:55:07.479329 IP 213.154.220.198.61801 > 195.248.184.154.1723: . ack 1 win 32844 <nop,nop,timestamp 8109310 8559955>
11:55:08.585287 IP 213.154.220.198.61801 > 195.248.184.154.1723: P 1:3(2) ack 1 win 32844 <nop,nop,timestamp 8109421 8559955>: pptp [|pptp]
11:55:08.684777 IP 195.248.167.249.1723 > 213.154.220.198.61801: . ack 3 win 32844 <nop,nop,timestamp 8561198 8109421>
11:55:15.039152 IP 213.154.220.198.3417 195.248.184.154.1723: S 2596372321:2596372321(0) win 65535 <mss 1440,nop,nop,sackOK>
11:55:15.039241 IP 195.248.184.154.1723 > 213.154.220.198.3417: S 3545903566:3545903566(0) ack 2596372322 win 65535 <mss 1452,sackOK,eol>
11:55:15.109180 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 1:157(156) ack 1 win 65535: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp]
11:55:15.109754 IP 195.248.184.154.1723 > 213.154.220.198.3417: P 1:157(156) ack 157 win 65535: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(257) [|pptp]
11:55:15.249179 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 157:325(168) ack 157 win 65379: pptp CTRL_MSGTYPE=OCRQ CALL_ID(16384) CALL_SER_NUM(35020) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|pptp]
11:55:15.251555 IP 195.248.184.154.1723 > 213.154.220.198.3417: P 157:189(32) ack 325 win 65535: pptp CTRL_MSGTYPE=OCRP CALL_ID(44971) PEER_CALL_ID(16384) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(64000) RECV_WIN(16) PROC_DELAY(1) PHY_CHAN_ID(65536)
11:55:15.419831 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 325:349(24) ack 189 win 65347: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(44971) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
11:55:15.519732 IP 195.248.184.154.1723 > 213.154.220.198.3417: . ack 349 win 65535
11:55:17.392174 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 349:373(24) ack 189 win 65347: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(44971) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
11:55:17.491447 IP 195.248.184.154.1723 > 213.154.220.198.3417: . ack 373 win 65535
11:55:50.706035 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 373:397(24) ack 189 win 65347: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(44971) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
11:55:50.805362 IP 195.248.184.154.1723 > 213.154.220.198.3417: . ack 397 win 65535
11:55:52.715425 IP 195.248.184.154.1723 > 213.154.220.198.3417: P 189:205(16) ack 397 win 65535: pptp CTRL_MSGTYPE=StopCCRQ REASON(3)
11:55:52.715464 IP 195.248.184.154.1723 > 213.154.220.198.3417: P 205:353(148) ack 397 win 65535: pptp CTRL_MSGTYPE=CDN CALL_ID(44971) RESULT_CODE(3) ERR_CODE(0) CAUSE_CODE(0) [|pptp]
11:55:52.769196 IP 213.154.220.198.3417 > 195.248.184.154.1723: P 397:413(16) ack 205 win 65331: pptp CTRL_MSGTYPE=StopCCRP RESULT_CODE(1) ERR_CODE(0)
11:55:52.769524 IP 195.248.184.154.1723 > 213.154.220.198.3417: F 353:353(0) ack 413 win 65535
11:55:52.933172 IP 213.154.220.198.3417 > 195.248.184.154.1723: F 413:413(0) ack 354 win 65183
11:55:52.933243 IP 195.248.184.154.1723 > 213.154.220.198.3417: . ack 414 win 65534
11:56:07.481053 IP 195.248.184.154.1723 > 213.154.220.198.61801: F 1:1(0) ack 3 win 32844 <nop,nop,timestamp 8620003 8109421>
11:56:07.520528 IP 213.154.220.198.61801 > 195.248.184.154.1723: . ack 2 win 32844 <nop,nop,timestamp 8115315 8620003>
11:56:07.526394 IP 213.154.220.198.61801 > 195.248.184.154.1723: F 3:3(0) ack 2 win 32844 <nop,nop,timestamp 8115315 8620003>
11:56:07.526444 IP 195.248.184.154.1723 > 213.154.220.198.61801: . ack 4 win 32843 <nop,nop,timestamp 8620048 8115315>
-------------------------------------------------
Т.е. порт 1723 как бы провайдером и не закрыт!!!
-------------------------------------------------
А теперь сама история...
При подключении стандартного VPNклиента WindowsXP SP2
- к локальному интерфейсу - xl0 (192.168.50.204) - подключение влетает без проблем.
Т.е. как бы MPD работает.
- при подключении к внешнему интерфейсу tun0(195.248.184.154) -
в винде на этапе проверки пользователя и пароля машина отрубается
а в логе MPD
-------------
Apr 27 18:14:13 freebsd mpd: mpd: PPTP connection from 212.66.35.114:12374
Apr 27 18:14:13 freebsd mpd: pptp0: attached to connection with 212.66.35.114:1$
Apr 27 18:14:14 freebsd mpd: [pptp0] IFACE: Open event
Apr 27 18:14:14 freebsd mpd: [pptp0] IPCP: Open event
Apr 27 18:14:14 freebsd mpd: [pptp0] IPCP: state change Initial --> Starting
Apr 27 18:14:14 freebsd mpd: [pptp0] IPCP: LayerStart
Apr 27 18:14:14 freebsd mpd: [pptp0] IPCP: Open event
Apr 27 18:14:14 freebsd mpd: [pptp0] bundle: OPEN event in state CLOSED
Apr 27 18:14:14 freebsd mpd: [pptp0] opening link "pptp0"...
Apr 27 18:14:14 freebsd mpd: [pptp0] link: OPEN event
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: Open event
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: state change Initial --> Starting
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: LayerStart
Apr 27 18:14:14 freebsd mpd: [pptp0] device: OPEN event in state DOWN
Apr 27 18:14:14 freebsd mpd: [pptp0] attaching to peer's outgoing call
Apr 27 18:14:14 freebsd mpd: [pptp0] device is now in state OPENING
Apr 27 18:14:14 freebsd mpd: [pptp0] device: UP event in state OPENING
Apr 27 18:14:14 freebsd mpd: [pptp0] device is now in state UP
Apr 27 18:14:14 freebsd mpd: [pptp0] link: UP event
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: state change Starting --> Req-Sent
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH
Apr 27 18:14:14 freebsd mpd: [pptp0] LCP: SendConfigReq #1
Apr 27 18:14:14 freebsd mpd: ACFCOMP
Apr 27 18:14:14 freebsd mpd: PROTOCOMP
Apr 27 18:14:14 freebsd mpd: MRU 1500
Apr 27 18:14:14 freebsd mpd: MAGICNUM f0f87570
Apr 27 18:14:14 freebsd mpd: AUTHPROTO CHAP MSOFTv2
Apr 27 18:14:15 freebsd mpd: pptp0-0: ignoring SetLinkInfo
Apr 27 18:14:16 freebsd mpd: [pptp0] LCP: SendConfigReq #2
Apr 27 18:14:16 freebsd mpd: ACFCOMP
Apr 27 18:14:16 freebsd mpd: PROTOCOMP
Apr 27 18:14:16 freebsd mpd: MRU 1500
Apr 27 18:14:16 freebsd mpd: MAGICNUM f0f87570
Apr 27 18:14:16 freebsd mpd: AUTHPROTO CHAP MSOFTv2
...............
Apr 27 18:14:32 freebsd mpd: [pptp0] LCP: SendConfigReq #10
Apr 27 18:14:32 freebsd mpd: ACFCOMP
Apr 27 18:14:32 freebsd mpd: PROTOCOMP
Apr 27 18:14:32 freebsd mpd: MRU 1500
Apr 27 18:14:32 freebsd mpd: MAGICNUM f0f87570
Apr 27 18:14:32 freebsd mpd: AUTHPROTO CHAP MSOFTv2
Apr 27 18:14:33 freebsd mpd: pptp0-0: call cleared by peer
Apr 27 18:14:33 freebsd mpd: pptp0-0: killing channel
Apr 27 18:14:33 freebsd mpd: [pptp0] PPTP call terminated
Apr 27 18:14:33 freebsd mpd: [pptp0] IFACE: Close event
Apr 27 18:14:33 freebsd mpd: [pptp0] IPCP: Close event
Apr 27 18:14:33 freebsd mpd: [pptp0] IPCP: state change Starting --> Initial
Apr 27 18:14:33 freebsd mpd: [pptp0] IPCP: LayerFinish
Apr 27 18:14:33 freebsd mpd: [pptp0] IFACE: Close event
Apr 27 18:14:33 freebsd mpd: pptp0: closing connection with 212.66.35.114:12374
Apr 27 18:14:33 freebsd mpd: [pptp0] bundle: CLOSE event in state OPENED
Apr 27 18:14:33 freebsd mpd: [pptp0] closing link "pptp0"...
Apr 27 18:14:33 freebsd mpd: [pptp0] device: DOWN event in state UP
Apr 27 18:14:33 freebsd mpd: [pptp0] device is now in state DOWN
Apr 27 18:14:33 freebsd mpd: [pptp0] link: CLOSE event
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: Close event
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: state change Req-Sent --> Closing
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: phase shift ESTABLISH --> TERMINATE
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: SendTerminateReq #11
Apr 27 18:14:33 freebsd mpd: [pptp0] error writing len 8 frame to bypass: Network is down
Apr 27 18:14:33 freebsd mpd: [pptp0] link: DOWN event
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: Down event
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: LayerFinish
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: state change Closing --> Initial
Apr 27 18:14:33 freebsd mpd: [pptp0] LCP: phase shift TERMINATE --> DEAD
Apr 27 18:14:33 freebsd mpd: [pptp0] device: CLOSE event in state DOWN
Apr 27 18:14:33 freebsd mpd: [pptp0] device is now in state DOWN
Apr 27 18:14:33 freebsd mpd: pptp0: killing connection with 212.66.35.114:12374
И коннекта нету...
Помогите разобраться в чем причина?
На MPD грешить как бы не приходиться - изнутри ведь коннектиться?
Может в файере но в скрипте сейчас
${fwcmd} add allow ip from any to any
Пробовал даже по совету
${fwcmd} add allow gre ip from any to any
Но не катит...
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 03-Май-07, 18:50 
