Jump to content

VPN FreeBSD -Mikrotik

loki

By loki,
in Wi-Fi

 Share Followers 1

Recommended Posts

loki

loki 86

Posted
Posted

Бьюсь не могу решить проблему. 

Есть VPN сервер Mikrotik (pptp), с Windows машины по данным из Secret я благополучно авторизуюсь.

Есть FreeBSD pptpclient который напрочь не хочет законекчитватся.

 

Настройки ppp.conf

 













lan:
set authname lan
set authkey lan
set timeout 0
set ifaddr 0 0
 

 

 

Логи:

 













Feb 11 10:39:38 ppp[4880]: Phase: Using interface: tun0
Feb 11 10:39:38 ppp[4880]: Phase: deflink: Created in closed state
Feb 11 10:39:38 ppp[4880]: Phase: PPP Started (direct mode).
Feb 11 10:39:38 ppp[4880]: Phase: bundle: Establish
Feb 11 10:39:38 ppp[4880]: Phase: deflink: closed -> opening
Feb 11 10:39:38 ppp[4880]: Phase: deflink: Connected!
Feb 11 10:39:38 ppp[4880]: Phase: deflink: opening -> carrier
Feb 11 10:39:39 ppp[4880]: Phase: deflink: /dev/pts/1: CD detected
Feb 11 10:39:39 ppp[4880]: Phase: deflink: carrier -> lcp
Feb 11 10:39:44 ppp[4880]: Phase: Signal 15, terminate.
 

 

Link to post
Share on other sites
...sirius

...sirius 3

Posted
Posted

у меня pptpclient не мог раскачать канал, были дропы пакетов, с параметром --nobuffer заработало, но решил перейти на mpd и было это еще в бородатый век), понравилось, настройка легкая и все с пол пинка заводится, на нем и остался.

Link to post
Share on other sites
loki

loki 86

Posted
  • Author
Posted

Пробую через MPD5 с конфигом:

 

startup:

default:
load pptp_client

pptp_client:

create bundle static B1
set ipcp ranges 0.0.0.0/0 0.0.0.0/0

create link static L1 pptp
set link action bundle B1
set link disable pap eap
set link accept chap

set auth authname up
set auth password up
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer 91.*.*.93
set pptp enable outcall
set pptp disable windowing

open

... тишина... 

 

Машина стоит за NAT-ом.

Link to post
Share on other sites
loki

loki 86

Posted
  • Author
Posted

В общем дозванивается, на некоторое время выдает IP, но проработав несколько секунд - обрывается.

 

Лог mpd5:

 

 

 

# mpd5 -d /usr/local/etc/mpd5/
Multi-link PPP daemon for FreeBSD

process 7254 started, version 5.6 (root@ 17:12 5-Feb-2013)
[b1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial --> Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting --> Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] MRU 1500
[L1] MAGICNUM b1dba9b6
[L1] LCP: rec'd Configure Request #1 (Req-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MRU 1460
[L1] MAGICNUM 356a3ba3
[L1] LCP: SendConfigAck #1
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MRU 1460
[L1] MAGICNUM 356a3ba3
[L1] LCP: state change Req-Sent --> Ack-Sent
[L1] LCP: rec'd Configure Reject #1 (Ack-Sent)
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a0000
[L1] LCP: SendConfigReq #2
[L1] MRU 1500
[L1] MAGICNUM b1dba9b6
[L1] rec'd proto CHAP during establishment phase
[L1] LCP: SendConfigReq #3
[L1] MRU 1500
[L1] MAGICNUM b1dba9b6
[L1] LCP: rec'd Configure Request #2 (Ack-Sent)
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MRU 1460
[L1] MAGICNUM 07954bcb
[L1] LCP: SendConfigAck #2
[L1] AUTHPROTO CHAP MSOFTv2
[L1] MRU 1460
[L1] MAGICNUM 07954bcb
[L1] LCP: rec'd Configure Ack #3 (Ack-Sent)
[L1] MRU 1500
[L1] MAGICNUM b1dba9b6
[L1] LCP: state change Ack-Sent --> Opened
[L1] LCP: auth: peer wants CHAP, I want nothing
[L1] LCP: LayerUp
[L1] CHAP: rec'd CHALLENGE #2 len: 29
[L1] Name: "MikroTik"
[L1] CHAP: Using authname "ub"
[L1] CHAP: sending RESPONSE #2 len: 56
[L1] CHAP: rec'd SUCCESS #2 len: 46
[L1] MESG: S=975A5A6F11D6605DF86860CF3869B5B636752247
[L1] LCP: authorization successful
[L1] Link: Matched action 'bundle "B1" ""'
[L1] Link: Join bundle "B1"
[b1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
[b1] IPCP: Open event
[b1] IPCP: state change Initial --> Starting
[b1] IPCP: LayerStart
[b1] IPCP: Up event
[b1] IPCP: state change Starting --> Req-Sent
[b1] IPCP: SendConfigReq #1
[b1] IPADDR 0.0.0.0
[b1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[b1] IPCP: rec'd Configure Request #1 (Req-Sent)
[b1] IPADDR 91.214.176.93
[b1] 91.214.176.93 is OK
[b1] IPCP: SendConfigAck #1
[b1] IPADDR 91.214.176.93
[b1] IPCP: state change Req-Sent --> Ack-Sent
[L1] rec'd unexpected protocol CCP, rejecting
[b1] IPCP: rec'd Configure Reject #1 (Ack-Sent)
[b1] COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[b1] IPCP: SendConfigReq #2
[b1] IPADDR 0.0.0.0
[b1] IPCP: rec'd Configure Nak #2 (Ack-Sent)
[b1] IPADDR 91.214.176.88
[b1] 91.214.176.88 is OK
[b1] IPCP: SendConfigReq #3
[b1] IPADDR 91.214.176.88
[b1] IPCP: rec'd Configure Ack #3 (Ack-Sent)
[b1] IPADDR 91.214.176.88
[b1] IPCP: state change Ack-Sent --> Opened
[b1] IPCP: LayerUp
[b1] 91.214.176.88 -> 91.214.176.93
[b1] IFACE: Up event
[L1] PPTP call terminated
[L1] Link: DOWN event
[L1] LCP: Close event
[L1] LCP: state change Opened --> Closing
[L1] Link: Leave bundle "B1"
[b1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
[b1] IPCP: Close event
[b1] IPCP: state change Opened --> Closing
[b1] IPCP: SendTerminateReq #4
[b1] IPCP: LayerDown
[b1] IFACE: Down event
[b1] IPCP: Down event
[b1] IPCP: LayerFinish
[b1] Bundle: No NCPs left. Closing links...
[b1] IPCP: state change Closing --> Initial
[L1] LCP: SendTerminateReq #4
[L1] LCP: LayerDown
[L1] LCP: Down event
[L1] LCP: LayerFinish
[L1] LCP: state change Closing --> Initial

Link to post
Share on other sites
...sirius

...sirius 3

Posted
Posted (edited)

Догадка, обрывается, потому что роут 0.0.0.0/0 в том числе и на ваш сервер 91.214.176.93 заворачивается в туннель.

Edited by ...sirius
Link to post
Share on other sites
loki

loki 86

Posted
  • Author
Posted

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.19.1 UGS 0 3143 rl1
91.214.176.88 link#10 UHS 0 1 lo0
91.214.176.93 link#10 UH 0 2 ng0
127.0.0.1 link#9 UH 0 1182 lo0
192.168.9.0/24 link#5 U 0 2523 rl0
192.168.9.10 link#5 UHS 0 0 lo0
192.168.19.0/24 link#6 U 0 13163 rl1

Вот рутинг таблица, после поднятия туннеля.

 

Где я торможу ? :(

Link to post
Share on other sites
mr.Scamp

mr.Scamp 43

Posted
Posted

Вообще-то, нат очень часто мешает работе пптп подключения. Далеко не во всех его реализациях есть хелпер для этого протокола.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...