VPN (xl2tpd) и разные подсети

[dummy 6]

приветствую знатоков, может вопрос не в тему но:

1. настроил /etc/xl2tpd/xl2tpd.conf

[global]
port = 1701

[lns default]
ip range = 10.5.1.220-10.5.1.230
local ip = 10.5.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = AltNetVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
exclusive = no

2. /etc/ppp/options.xl2tpd

ipcp-accept-local
ipcp-accept-remote
ms-dns  10.1.1.3
ms-wins 10.1.1.1
#ms-wins 192.168.1.4
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000

3. /etc/ppp/chap-secrets:

test * test *

4. firewall:

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT.

5. поднят основной интерфейс и виртуальный

eth0 10.1.1.3/24

eth0:1 10.1.48.253/24

 

Вопрос:

когда с клиента с адресом 10,1,48,115 (шлюз 10,1,48,253) подключаюсь до 10,1,48,253 - все нормально, а если пытаюсь до 10,1,1,3 то не подключается.

в логах:

xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 13098, entropy_buf = 332a
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 13098, call 0
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 4, call is 0.
packet dump:
HEX: { C8 02 00 69 00 04 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 0E 00 00 00 07 73 65 72 76 2E 6C 61 6E 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 33 2A 80 08 00 00 00 0A 00 04 }
ASCII: {    i                                                          serv.lan      xelerance.com      3*        }
xl2tpd[7166]: control_finish: sending SCCRP
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 30365, entropy_buf = 769d
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 30365, call 0
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 4, call is 0.
xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one.
xl2tpd[7166]: build_fdset: closing down tunnel 30365
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 19333, entropy_buf = 4b85
xl2tpd[7166]: ourcid = 50948, entropy_buf = c704
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 19333, call 50948
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 4, call is 0.
xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one.
xl2tpd[7166]: build_fdset: closing down tunnel 19333
xl2tpd[7166]: network_thread: select timeout
xl2tpd[7166]: network_thread: select timeout
xl2tpd[7166]: network_thread: select timeout
xl2tpd[7166]: network_thread: select timeout
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 8873, entropy_buf = 22a9
xl2tpd[7166]: ourcid = 55207, entropy_buf = d7a7
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 8873, call 55207
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 4, call is 0.
xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one.
xl2tpd[7166]: build_fdset: closing down tunnel 8873
xl2tpd[7166]: Maximum retries exceeded for tunnel 13098.  Closing.

 

при нормальном подключении (10,1,48,115 -> 10,1,48,253):

xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 05 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 56853, entropy_buf = de15
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 5
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 5, call is 0.
packet dump:
HEX: { C8 02 00 69 00 05 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 0E 00 00 00 07 73 65 72 76 2E 6C 61 6E 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 DE 15 80 08 00 00 00 0A 00 04 }
ASCII: {    i                                                          serv.lan      xelerance.com                }
xl2tpd[7166]: control_finish: sending SCCRP
xl2tpd[7166]: build_fdset: closing down tunnel 13098
packet dump:
HEX: { C8 02 00 2D 00 04 00 00 00 01 00 01 80 08 00 00 00 00 00 04 80 08 00 00 00 09 33 2A 80 11 00 00 00 01 00 01 00 00 54 69 6D 65 6F 75 74 }
ASCII: {    -                      3*          Timeout}
xl2tpd[7166]: Connection 4 closed to 10.1.48.115, port 1701 (Timeout)
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 05 80 08 00 00 00 0A 00 08 }
ASCII: {   ^                                                           x      Microsoft                }
xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701.
xl2tpd[7166]: ourtid = 24420, entropy_buf = 5f64
xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0
xl2tpd[7166]: handle_avps: handling avp's for tunnel 24420, call 0
xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request)
xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[7166]: framing_caps_avp: supported peer frames: sync
xl2tpd[7166]: bearer_caps_avp: supported peer bearers:
xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500)
xl2tpd[7166]: hostname_avp: peer reports hostname 'x'
xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft'
xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 5
xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1).  Tunnel is 5, call is 0.
xl2tpd[7166]: control_finish: Peer requested tunnel 5 twice, ignoring second one.
xl2tpd[7166]: build_fdset: closing down tunnel 24420
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 20, tunnel = 56853, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 14 00 15 DE 00 00 01 00 01 00 80 08 00 00 00 00 00 03 }
ASCII: {                     }
xl2tpd[7166]: check_control: control, cid = 0, Ns = 1, Nr = 1
xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0
xl2tpd[7166]: message_type_avp: message type 3 (Start-Control-Connection-Connected)
xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Connected(3).  Tunnel is 5, call is 0.
xl2tpd[7166]: Connection established to 10.1.48.115, 1701.  Local: 56853, Remote: 5 (ref=0/0).  LNS session is 'default'
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 48, tunnel = 56853, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 30 00 15 DE 00 00 02 00 01 00 80 08 00 00 00 00 00 0A 80 08 00 00 00 0E 00 01 80 0A 00 00 00 0F 00 00 00 00 80 0A 00 00 00 12 00 00 00 02 }
ASCII: {   0                                             }
xl2tpd[7166]: check_control: control, cid = 0, Ns = 2, Nr = 1
xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0
xl2tpd[7166]: message_type_avp: message type 10 (Incoming-Call-Request)
xl2tpd[7166]: message_type_avp: new incoming call
xl2tpd[7166]: ourcid = 54391, entropy_buf = d477
xl2tpd[7166]: assigned_call_avp: using peer's call 1
xl2tpd[7166]: call_serno_avp: serial number is 0
xl2tpd[7166]: bearer_type_avp: peer bears: analog
xl2tpd[7166]: control_finish: message type is Incoming-Call-Request(10).  Tunnel is 5, call is 0.
packet dump:
HEX: { C8 02 00 1C 00 05 00 01 00 01 00 03 80 08 00 00 00 00 00 0B 80 08 00 00 00 0E D4 77 }
ASCII: {                            w}
xl2tpd[7166]: control_finish: Sending ICRP
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 12, tunnel = 56853, call = 0 ref=0 refhim=0
packet dump:
HEX: { 02 C8 0C 00 15 DE 00 00 03 00 01 00 }
ASCII: {             }
xl2tpd[7166]: check_control: control, cid = 0, Ns = 3, Nr = 1
xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 48, tunnel = 56853, call = 54391 ref=0 refhim=0
packet dump:
HEX: { 02 C8 30 00 15 DE 77 D4 03 00 02 00 80 08 00 00 00 00 00 0C 80 0A 00 00 00 18 05 F5 E1 00 80 0A 00 00 00 13 00 00 00 01 00 08 00 00 00 1D 00 04 }
ASCII: {   0   w                                         }
xl2tpd[7166]: check_control: control, cid = 1, Ns = 3, Nr = 2
xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 54391
xl2tpd[7166]: message_type_avp: message type 12 (Incoming-Call-Connected)
xl2tpd[7166]: tx_speed_avp: transmit baud rate is 100000000
xl2tpd[7166]: frame_type_avp: peer uses:sync frames
xl2tpd[7166]: ignore_avp : Ignoring AVP
xl2tpd[7166]: control_finish: message type is Incoming-Call-Connected(12).  Tunnel is 5, call is 1.
xl2tpd[7166]: start_pppd: I'm running:
xl2tpd[7166]: "/usr/sbin/pppd"
xl2tpd[7166]: "passive"
xl2tpd[7166]: "nodetach"
xl2tpd[7166]: "10.5.1.1:10.5.1.220"
xl2tpd[7166]: "refuse-pap"
xl2tpd[7166]: "auth"
.....

 

в чем проблема ? можно ли чтото сделать ?

мне надо как раз, чтобы подключение было до 10,1,1,3

ЗЫ: на виндовой машине брандмауэр отключен

[aike 60]

eth0 10.1.1.3/24

eth0:1 10.1.48.253/24

заменить на

eth0 10.1.1.3/16

eth0:1 10.1.48.253/16

или натить

ps imho

[dummy 6]

eth0 10.1.1.3/24

eth0:1 10.1.48.253/24

заменить на

eth0 10.1.1.3/16

eth0:1 10.1.48.253/16

или натить

ps imho

нет, делать подсети /16 - не буду, только ушел от такого чуда

а натить - это что ? из 10,1,48,0 на 10,1,1,3 ? а простой маршрутизацией нет возможности ?

[dummy 6]

неужели никто не сталкивался с такой проблемой ?