Постоянно рвется VPN соединения у клиентов.

[Cramac]

Сеть поделена на несколько сегментов.

Падения впн хаотично перемещается по сегментам, т.е. в каком либо сегменте может месяц быть все норм, а то неделю начинается падения. 10-15минут работает, потом обрывается.

Сервер впн на линуксе (4гб памяти)

память использована почти вся, остается 150-300мб (до этого было 2гб, память так же вся использовалась и так же было свободно 150-300мб)

 

одновременно около 200пптп соединений.

 

top - 20:48:02 up 31 days, 6:11, 1 user, load average: 1.85, 1.77, 2.14

Tasks: 549 total, 7 running, 541 sleeping, 0 stopped, 1 zombie

Cpu(s): 7.3% us, 4.7% sy, 0.0% ni, 75.9% id, 0.3% wa, 1.2% hi, 10.4% si

Mem: 3631852k total, 3482332k used, 149520k free, 98656k buffers

Swap: 3911788k total, 92928k used, 3818860k free, 2873672k cached

 

 

Что может быть?

Edited March 6, 2010 by Cramac

[Negator]

проблемы в локалке наверняка

[Cramac]

а что в ней может быть?

Пакеты ходят нормально до сервера, без потерь

 

в логах радиуса только такое:

 

NAS found. Data size <O>

Acct packet with session ID: 4B923Bl257C9Ol

NAS found. Data size <O>

Acct-Stop packet

Session erase ... login type <l>

login type login_pool or login_named_pool

RADIUS Stream[plugin]: finish log id <72659>

39 AcctServer: Reply packet dump: RPacket:

Edited March 6, 2010 by Cramac

[2bit]

Переключаются без проблем?

И как рвется с ошибкой, какой? Или просто бац и пропадает?

[Cramac]

переподключается без проблем, через минуту-две когда на сервере освободится их адрес (у нас при подключении фиксированный адрес дается)

Пропадает просто, бац, и нет коннекта....

[2bit]

Че то хз надо думать. Завтро поспрашиваю у людей.

[Cramac]

уже всю голову сломал, не нашел причину...

в логах пптп есть такое:

Using interface ppp25

Connect: ppp25 <--> /dev/pts/41

local IP address 10.10.10.1

remote IP address 192.168.0.20

No response to 30 echo-requests

Serial link appears to be disconnected.

Connect time 36.1 minutes.

Sent 229907 bytes, received 111726 bytes.

Connection terminated.

Connect: ppp6 <--> /dev/pts/10

local IP address 10.10.10.1

remote IP address 192.168.2.199

CCP: timeout sending Config-Requests

LCP terminated by peer (v^Q^\M-^D^@<M-Mt^@^@^@^@)

Connect time 23.0 minutes.

Sent 676504 bytes, received 228077 bytes.

Modem hangup

Connection terminated.

LCP terminated by peer (^WM-oiM-N^@<M-Mt^@^@^@^@)

Connect time 18.8 minutes.

Sent 8632354 bytes, received 1308882 bytes.

Using interface ppp49

Connect: ppp49 <--> /dev/pts/46

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

local IP address 10.10.10.1

remote IP address 192.168.0.133

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

CCP: timeout sending Config-Requests

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

CCP: timeout sending Config-Requests

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Received bad configure-rej: 12 06 00 00 00 01

Edited March 7, 2010 by Cramac

[Cramac]

может версию pptpd обновить надо?

[2bit]

ИМХО однозначно надо с сервером что нибудь делать.

[Cramac]

давно хотел на микротик перейти, видимо пришло время...

Если микротик ставить то какой ПК выбрать под него или Маршрутизатор RB/1000U хватит для 1000 коннектов ?

[anim]

Cramac

 

Какая ОС у VPN клиентов?

[Cramac]

разные, ХП, Виста, 7

[2bit]

давно хотел на микротик перейти, видимо пришло время...

Если микротик ставить то какой ПК выбрать под него или Маршрутизатор RB/1000U хватит для 1000 коннектов ?

Переходите на Микротик, не пожалеете.

РБ1000 не хватит на 1000 клиентов, максимум с лагами 700.

Берите два штуки и сбалансируйте. Или просто сервер.

[vadimus]

Как где-то здесь уже писалось, нормально настроенная машина с Linux/FreeBSD потянет 3000 клиентов. Правда, это если PPPoE, если ВПН на accel-pptp, то думаю столько же. Микротик - унылое платное говно.

Edited March 7, 2010 by vadimus

[Cramac]

vadimus а не подскажите, как правильно настроить?

 

И как всетаки мне сейчас выявить причину обрывов VPN соединения?

[mikevlz]

bsd 7.2/mpd4 тянет без всяких тюнингов 1200-1300 pptp с шифрованием. Памяти жрет при этом дай бог 150-200МБ из 2 гигов установленных

[anim]

No response to 30 echo-requests

В этот момент связь до клиента (не VPN туннель) не обрывается?

Так как это свидетельствует о том, что клиент не отвечает на LCP Echo Request

 

Относительно ОС клиента, я не спроста задал вопрос:

 

http://forum.ru-board.com/topic.cgi?forum=...542&start=0

 

но это касается только Windows Vista и Windows 7

[Cramac]

видил 1 разрыв только своими глазами, пропадает пинг до сервера. при этом без подключения если сидеть просто в сети, то все норм со связью.

[2bit]

Микротик - унылое платное говно.

а-ха-ха-ха. На вкус и цвет карандашей нет =).

[Cramac]

anim пробовал прописать в реестре, с 1 на 0 параметр что там пишут, не помогает. Рвется не только на Виндовс, но еще и на роутерах (интернет маршрутизаторах)

 

И самое странное что если забить другой ИП адрес (с другого сегмента который прописан основным на роуторе ES4612) то все работает норм.

Edited March 8, 2010 by Cramac

[Cramac]

Еще частые записи в логах:

 

Mar 8 15:35:20 localhost pptpd[7010]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:35:23 localhost pptpd[7017]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:35:23 localhost pptpd[7017]: CTRL: Client 192.168.1.86 control connection finished

Mar 8 15:35:42 localhost pptpd[7104]: CTRL: Client 192.168.5.40 control connection started

Mar 8 15:35:42 localhost pptpd[7104]: CTRL: Starting call (launching pppd, opening GRE)

Mar 8 15:35:42 localhost pppd[7105]: logfile /var/log/pptpd.log^I^I# (from /etc/ppp/options)

Mar 8 15:35:42 localhost pppd[7105]: name pptpd^I^I# (from /etc/ppp/options)

Mar 8 15:35:44 localhost pptpd[6364]: CTRL: Client 192.168.5.37 control connection finished

Mar 8 15:35:45 localhost pptpd[7104]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:35:46 localhost pptpd[18519]: CTRL: Client 192.168.2.35 control connection finished

Mar 8 15:35:48 localhost pptpd[26808]: GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

Mar 8 15:35:48 localhost pptpd[26808]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

Mar 8 15:35:48 localhost pptpd[26808]: CTRL: Client 192.168.1.83 control connection finished

Mar 8 15:35:49 localhost pptpd[29418]: GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

Mar 8 15:35:49 localhost pptpd[29418]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

Mar 8 15:35:49 localhost pptpd[29418]: CTRL: Client 192.168.1.121 control connection finished

Mar 8 15:35:49 localhost pptpd[28030]: GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

Mar 8 15:35:49 localhost pptpd[28030]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

Mar 8 15:35:49 localhost pptpd[28030]: CTRL: Client 192.168.1.19 control connection finished

Mar 8 15:35:52 localhost pptpd[32427]: GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

Mar 8 15:35:52 localhost pptpd[32427]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

Mar 8 15:35:52 localhost pptpd[32427]: CTRL: Client 192.168.1.129 control connection finished

Mar 8 15:35:53 localhost pptpd[27978]: GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

Mar 8 15:35:53 localhost pptpd[27978]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)

Mar 8 15:35:53 localhost pptpd[27978]: CTRL: Client 192.168.1.26 control connection finished

Mar 8 15:35:56 localhost pptpd[7336]: CTRL: Client 192.168.1.86 control connection started

Mar 8 15:36:12 localhost pptpd[7336]: CTRL: Starting call (launching pppd, opening GRE)

Mar 8 15:36:12 localhost pppd[7347]: logfile /var/log/pptpd.log^I^I# (from /etc/ppp/options)

Mar 8 15:36:12 localhost pppd[7347]: name pptpd^I^I# (from /etc/ppp/options)

Mar 8 15:36:12 localhost pptpd[7336]: CTRL: Request to close control connection when call is open, closing

Mar 8 15:36:12 localhost pptpd[7336]: CTRL: Client 192.168.1.86 control connection finished

Mar 8 15:36:18 localhost pptpd[7353]: CTRL: Client 192.168.5.22 control connection started

Mar 8 15:36:18 localhost pptpd[7353]: CTRL: Starting call (launching pppd, opening GRE)

Mar 8 15:36:18 localhost pppd[7354]: logfile /var/log/pptpd.log^I^I# (from /etc/ppp/options)

Mar 8 15:36:18 localhost pppd[7354]: name pptpd^I^I# (from /etc/ppp/options)

Mar 8 15:36:21 localhost pptpd[7353]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:36:31 localhost pptpd[7410]: CTRL: Client 192.168.1.86 control connection started

Mar 8 15:36:31 localhost pptpd[7410]: CTRL: Starting call (launching pppd, opening GRE)

Mar 8 15:36:31 localhost pppd[7411]: logfile /var/log/pptpd.log^I^I# (from /etc/ppp/options)

Mar 8 15:36:31 localhost pppd[7411]: name pptpd^I^I# (from /etc/ppp/options)

Mar 8 15:36:33 localhost pptpd[7415]: CTRL: Client 192.168.1.19 control connection started

Mar 8 15:36:33 localhost pptpd[7415]: CTRL: Starting call (launching pppd, opening GRE)

Mar 8 15:36:33 localhost pppd[7416]: logfile /var/log/pptpd.log^I^I# (from /etc/ppp/options)

Mar 8 15:36:33 localhost pppd[7416]: name pptpd^I^I# (from /etc/ppp/options)

Mar 8 15:36:34 localhost pptpd[7410]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:36:34 localhost pptpd[7410]: CTRL: Client 192.168.1.86 control connection finished

Mar 8 15:36:36 localhost pptpd[7415]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Mar 8 15:36:40 localhost pptpd[7467]: CTRL: Client 192.168.1.86 control connection started

Mar 8 15:36:49 localhost pptpd[7469]: CTRL: Client 192.168.1.86 control connection started

ar 8 16:00:16 localhost pppd[9744]: local IP address 10.10.10.1

Mar 8 16:00:16 localhost pppd[9744]: remote IP address 192.168.0.85

Mar 8 16:00:17 localhost pppd[6603]: Modem hangup

Mar 8 16:00:17 localhost pppd[6603]: Connect time 27.0 minutes.

Mar 8 16:00:17 localhost pppd[6603]: Sent 1544202 bytes, received 344486 bytes.

Mar 8 16:00:17 localhost pppd[6603]: Connection terminated.

Mar 8 16:00:18 localhost pppd[6603]: Exit.

Mar 8 16:00:18 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:18 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:19 localhost pppd[15470]: CCP: timeout sending Config-Requests

Mar 8 16:00:19 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01

Mar 8 16:00:21 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:21 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:22 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:22 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01

Mar 8 16:00:24 localhost pppd[29173]: CCP: timeout sending Config-Requests

Mar 8 16:00:24 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:25 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:25 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01

Mar 8 16:00:27 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:27 localhost pppd[8987]: CCP: timeout sending Config-Requests

Mar 8 16:00:28 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:28 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01

Mar 8 16:00:30 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:30 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:31 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:31 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01

Mar 8 16:00:33 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:33 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:34 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:34 localhost pppd[18722]: CCP: timeout sending Config-Requests

Mar 8 16:00:36 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:36 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:37 localhost pppd[18722]: Received bad configure-rej: 12 06 00 00 00 01 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:37 localhost pppd[15470]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:39 localhost pppd[29173]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:39 localhost pppd[8987]: Received bad configure-rej: 12 06 00 00 00 00 1a 04 78 00 18 04 78 00 15 03 2f

Mar 8 16:00:40 localhost pptpd[9821]: CTRL: Starting call (launching pppd, opening GRE)

Edited March 8, 2010 by Cramac

[terrible]

И самое странное что если забить другой ИП адрес (с другого сегмента который прописан основным на роуторе ES4612) то все работает норм.

а что у вас стоит на доступе в каких конфигурациях?

[Cramac]

у нас нас и биллинг на 1 машине (Linux Server1 2.6.17-5mdv #1 SMP Wed Sep 13 14:32:31 EDT 2006 i686 Intel® Core™2 Duo CPU E6550 @ 2.33GHz GNU/Linux)

а сегменты маршрутизирует edge-core ES4612

[UncleDen]

Ищите гогно на клиенте. Чаще всего проблема в зараженной клиентской системе.

[Cramac]

да вот и подозреваю зараженные ПК, но что только не делали на ПК (антивирус, фаервол, блокировали порты 135-139, 445) не помогает.