Jump to content
Калькуляторы

dummy

Пользователи
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by dummy


  1. приветствую знатоков, может вопрос не в тему но: 1. настроил /etc/xl2tpd/xl2tpd.conf [global] port = 1701 [lns default] ip range = 10.5.1.220-10.5.1.230 local ip = 10.5.1.1 require chap = yes refuse pap = yes require authentication = yes name = AltNetVPNserver ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes exclusive = no 2. /etc/ppp/options.xl2tpd ipcp-accept-local ipcp-accept-remote ms-dns 10.1.1.3 ms-wins 10.1.1.1 #ms-wins 192.168.1.4 noccp auth crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock proxyarp connect-delay 5000 3. /etc/ppp/chap-secrets: test * test * 4. firewall: echo "1" > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t filter -F iptables -t filter -X iptables -t nat -F iptables -t nat -X iptables -t filter -P INPUT ACCEPT iptables -t filter -P FORWARD ACCEPT iptables -t filter -P OUTPUT ACCEPT. 5. поднят основной интерфейс и виртуальный eth0 10.1.1.3/24 eth0:1 10.1.48.253/24 Вопрос: когда с клиента с адресом 10,1,48,115 (шлюз 10,1,48,253) подключаюсь до 10,1,48,253 - все нормально, а если пытаюсь до 10,1,1,3 то не подключается. в логах: xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 13098, entropy_buf = 332a xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 13098, call 0 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 4, call is 0. packet dump: HEX: { C8 02 00 69 00 04 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 0E 00 00 00 07 73 65 72 76 2E 6C 61 6E 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 33 2A 80 08 00 00 00 0A 00 04 } ASCII: { i serv.lan xelerance.com 3* } xl2tpd[7166]: control_finish: sending SCCRP xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 30365, entropy_buf = 769d xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 30365, call 0 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 4, call is 0. xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one. xl2tpd[7166]: build_fdset: closing down tunnel 30365 xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 19333, entropy_buf = 4b85 xl2tpd[7166]: ourcid = 50948, entropy_buf = c704 xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 19333, call 50948 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 4, call is 0. xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one. xl2tpd[7166]: build_fdset: closing down tunnel 19333 xl2tpd[7166]: network_thread: select timeout xl2tpd[7166]: network_thread: select timeout xl2tpd[7166]: network_thread: select timeout xl2tpd[7166]: network_thread: select timeout xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 04 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 8873, entropy_buf = 22a9 xl2tpd[7166]: ourcid = 55207, entropy_buf = d7a7 xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 8873, call 55207 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 4 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 4, call is 0. xl2tpd[7166]: control_finish: Peer requested tunnel 4 twice, ignoring second one. xl2tpd[7166]: build_fdset: closing down tunnel 8873 xl2tpd[7166]: Maximum retries exceeded for tunnel 13098. Closing. при нормальном подключении (10,1,48,115 -> 10,1,48,253): xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 05 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 56853, entropy_buf = de15 xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 5 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 5, call is 0. packet dump: HEX: { C8 02 00 69 00 05 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 00 00 00 04 00 00 00 00 80 08 00 00 00 06 06 90 80 0E 00 00 00 07 73 65 72 76 2E 6C 61 6E 80 13 00 00 00 08 78 65 6C 65 72 61 6E 63 65 2E 63 6F 6D 80 08 00 00 00 09 DE 15 80 08 00 00 00 0A 00 04 } ASCII: { i serv.lan xelerance.com } xl2tpd[7166]: control_finish: sending SCCRP xl2tpd[7166]: build_fdset: closing down tunnel 13098 packet dump: HEX: { C8 02 00 2D 00 04 00 00 00 01 00 01 80 08 00 00 00 00 00 04 80 08 00 00 00 09 33 2A 80 11 00 00 00 01 00 01 00 00 54 69 6D 65 6F 75 74 } ASCII: { - 3* Timeout} xl2tpd[7166]: Connection 4 closed to 10.1.48.115, port 1701 (Timeout) xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 94, tunnel = 0, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 5E 00 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 01 80 0A 00 00 00 04 00 00 00 00 00 08 00 00 00 06 05 00 80 07 00 00 00 07 78 00 0F 00 00 00 08 4D 69 63 72 6F 73 6F 66 74 80 08 00 00 00 09 00 05 80 08 00 00 00 0A 00 08 } ASCII: { ^ x Microsoft } xl2tpd[7166]: get_call: allocating new tunnel for host 10.1.48.115, port 1701. xl2tpd[7166]: ourtid = 24420, entropy_buf = 5f64 xl2tpd[7166]: check_control: control, cid = 0, Ns = 0, Nr = 0 xl2tpd[7166]: handle_avps: handling avp's for tunnel 24420, call 0 xl2tpd[7166]: message_type_avp: message type 1 (Start-Control-Connection-Request) xl2tpd[7166]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[7166]: framing_caps_avp: supported peer frames: sync xl2tpd[7166]: bearer_caps_avp: supported peer bearers: xl2tpd[7166]: firmware_rev_avp: peer reports firmware version 1280 (0x0500) xl2tpd[7166]: hostname_avp: peer reports hostname 'x' xl2tpd[7166]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[7166]: assigned_tunnel_avp: using peer's tunnel 5 xl2tpd[7166]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 5, call is 0. xl2tpd[7166]: control_finish: Peer requested tunnel 5 twice, ignoring second one. xl2tpd[7166]: build_fdset: closing down tunnel 24420 xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 20, tunnel = 56853, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 14 00 15 DE 00 00 01 00 01 00 80 08 00 00 00 00 00 03 } ASCII: { } xl2tpd[7166]: check_control: control, cid = 0, Ns = 1, Nr = 1 xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0 xl2tpd[7166]: message_type_avp: message type 3 (Start-Control-Connection-Connected) xl2tpd[7166]: control_finish: message type is Start-Control-Connection-Connected(3). Tunnel is 5, call is 0. xl2tpd[7166]: Connection established to 10.1.48.115, 1701. Local: 56853, Remote: 5 (ref=0/0). LNS session is 'default' xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 48, tunnel = 56853, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 30 00 15 DE 00 00 02 00 01 00 80 08 00 00 00 00 00 0A 80 08 00 00 00 0E 00 01 80 0A 00 00 00 0F 00 00 00 00 80 0A 00 00 00 12 00 00 00 02 } ASCII: { 0 } xl2tpd[7166]: check_control: control, cid = 0, Ns = 2, Nr = 1 xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 0 xl2tpd[7166]: message_type_avp: message type 10 (Incoming-Call-Request) xl2tpd[7166]: message_type_avp: new incoming call xl2tpd[7166]: ourcid = 54391, entropy_buf = d477 xl2tpd[7166]: assigned_call_avp: using peer's call 1 xl2tpd[7166]: call_serno_avp: serial number is 0 xl2tpd[7166]: bearer_type_avp: peer bears: analog xl2tpd[7166]: control_finish: message type is Incoming-Call-Request(10). Tunnel is 5, call is 0. packet dump: HEX: { C8 02 00 1C 00 05 00 01 00 01 00 03 80 08 00 00 00 00 00 0B 80 08 00 00 00 0E D4 77 } ASCII: { w} xl2tpd[7166]: control_finish: Sending ICRP xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 12, tunnel = 56853, call = 0 ref=0 refhim=0 packet dump: HEX: { 02 C8 0C 00 15 DE 00 00 03 00 01 00 } ASCII: { } xl2tpd[7166]: check_control: control, cid = 0, Ns = 3, Nr = 1 xl2tpd[7166]: network_thread: recv packet from 10.1.48.115, size = 48, tunnel = 56853, call = 54391 ref=0 refhim=0 packet dump: HEX: { 02 C8 30 00 15 DE 77 D4 03 00 02 00 80 08 00 00 00 00 00 0C 80 0A 00 00 00 18 05 F5 E1 00 80 0A 00 00 00 13 00 00 00 01 00 08 00 00 00 1D 00 04 } ASCII: { 0 w } xl2tpd[7166]: check_control: control, cid = 1, Ns = 3, Nr = 2 xl2tpd[7166]: handle_avps: handling avp's for tunnel 56853, call 54391 xl2tpd[7166]: message_type_avp: message type 12 (Incoming-Call-Connected) xl2tpd[7166]: tx_speed_avp: transmit baud rate is 100000000 xl2tpd[7166]: frame_type_avp: peer uses:sync frames xl2tpd[7166]: ignore_avp : Ignoring AVP xl2tpd[7166]: control_finish: message type is Incoming-Call-Connected(12). Tunnel is 5, call is 1. xl2tpd[7166]: start_pppd: I'm running: xl2tpd[7166]: "/usr/sbin/pppd" xl2tpd[7166]: "passive" xl2tpd[7166]: "nodetach" xl2tpd[7166]: "10.5.1.1:10.5.1.220" xl2tpd[7166]: "refuse-pap" xl2tpd[7166]: "auth" ..... в чем проблема ? можно ли чтото сделать ? мне надо как раз, чтобы подключение было до 10,1,1,3 ЗЫ: на виндовой машине брандмауэр отключен
  2. с sasl авторизацией все понятно, как можно сделать, чтобы авторизация проходила не только по имени и паролю, но и проверялась группа пользователей. т.е. например: если пользователь входит в группу mail - то отправка разрешена, иначе - нет или может существует другой способ: чтобы для некоторых пользователей почта работала, а для некоторых нет ЗЫ: пользователи в LDAP
  3. есть локальная сеть, для разных клиентов установлены разные скорости: когда я ставлю чтото на закачку, получаю: tc -s class show dev eth1 т.е. вместо минимальной скорости 2457кбит я имею только 1293кбит и все. почему ??? что означает ctokens: -53780 ? ЗЫ канал свободен, с отключенным шейпингом, качаю на всю ширину канала
  4. а burst - вообще не использовать, оставить по умолчанию ? в tc можно сделать типа такого :/sbin/iptables -t mangle -A FORWARD ! -s $lan -d $IP -j MARK --set-mark $mark ? т.е. от источника всюду, кроме локальной сети