Есть машина с фриибсд5.3 в частной сети. ip машины 10.11.4.26/22, gate 10.11.4.1. Надо поднять на ней ВПН-клиента с помощью MPD. IP адрес ВПН-сервера 172.16.1.38, тип сервера PPP, проверка подлинности MS CHAP V2, шифрование MPPE 128, сжатия нет, адрес клиента который назначает мне сервер 192.168.94.7.
Я включил в ядро GENERIC следующие опции:
options NETGRAPH
options NETGRAPH_ASYNC
options NETGRAPH_BPF
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_HOLE
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_L2TP
options NETGRAPH_LMI
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_ONE2MANY
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_RFC1490
options NETGRAPH_SOCKET
options NETGRAPH_TEE
options NETGRAPH_TTY
options NETGRAPH_UI
options NETGRAPH_VJC
-----------mpd.conf-----------
default:
load vpn
vpn:
new -i ng0 vpn vpn
set bundle authname "user"
set bundle password "pass"
set bundle disable multilink
set link yes pap acfcomp protocomp
set link no pap
set link enable chap
set link enable no-orig-auth
set ipcp yes vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
set iface route default
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
open
-----------mpd.conf-----------
-----------mpd.links-----------
vpn:
set link type pptp
set pptp self "10.11.4.26"
set pptp peer "172.16.1.38"
set pptp enable originate outcall
-----------mpd.links-----------
перед запуском команды mpd я удалил route delete default
но перед этим прописав путь к ВПН серваку:
Internet:
Destination Gateway Flags Refs Use Netif Expire
172.16.1/24 10.11.4.1 UGS 0 3865 rl0
когда я даю команду mpd в таблицу роутинга прописывается:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.16.1.38 UGS 0 0 ng0
172.16.1/24 10.11.4.1 UGS 0 3961 rl0
172.16.1.38 192.168.94.7 UH 1 1 ng0
поднимается интерфейс
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1456
inet 192.168.94.7 --> 172.16.1.38 netmask 0xffffffff
inet6 fe80::20f
fedf:b9e4%ng0 prefixlen 64 scopeid 0x5в логи mpd выдает следующее
Multi-link PPP for FreeBSD, by Archie L. Cobbs.
Based on iij-ppp, by Toshiharu OHNO.
mpd: pid 2244, version 3.18 (root@server1 11:50 28-Nov-2004)
[vpn] ppp node is "mpd2244-vpn"
[vpn] using interface ng0
[vpn] IPCP: peer address cannot be zero
[vpn] IFACE: Open event
[vpn] IPCP: Open event
[vpn] IPCP: state change Initial --> Starting
[vpn] IPCP: LayerStart
[vpn:vpn] [vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Initial --> Starting
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
pptp0: connecting to 172.16.1.38:1723
[vpn] device is now in state OPENING
pptp0: connected to 172.16.1.38:1723
pptp0: attached to connection with 172.16.1.38:1723
pptp0-0: outgoing call connected at 64000 bps
[vpn] PPTP call successful
[vpn] device: UP event in state OPENING
[vpn] device is now in state UP
[vpn] link: UP event
[vpn] link: origination is local
[vpn] LCP: Up event
[vpn] LCP: state change Starting --> Req-Sent
[vpn] LCP: phase shift DEAD --> ESTABLISH
[vpn] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 4a803944
AUTHPROTO CHAP MSOFTv2
[vpn] LCP: rec'd Configure Request #141 link 0 (Req-Sent)
ACFCOMP
PROTOCOMP
MRU 1460
MAGICNUM 3b6b8b80
AUTHPROTO CHAP MSOFTv2
[vpn] LCP: SendConfigAck #141
ACFCOMP
PROTOCOMP
MRU 1460
MAGICNUM 3b6b8b80
AUTHPROTO CHAP MSOFTv2
[vpn] LCP: state change Req-Sent --> Ack-Sent
[vpn] LCP: rec'd Configure Reject #1 link 0 (Ack-Sent)
AUTHPROTO CHAP MSOFTv2
[vpn] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 4a803944
[vpn] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 4a803944
[vpn] LCP: state change Ack-Sent --> Opened
[vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
[vpn] LCP: auth: peer wants CHAP, I want nothing
[vpn] LCP: LayerUp
[vpn] CHAP: rec'd CHALLENGE #1
Name: ""
Using authname "user"
[vpn] CHAP: sending RESPONSE
[vpn] CHAP: rec'd SUCCESS #1
MESG: S=FD0732A7D0B218E2F8DD063BD1DBDBABB2B5A255
[vpn] LCP: authorization successful
[vpn] LCP: phase shift AUTHENTICATE --> NETWORK
[vpn] setting interface ng0 MTU to 1460 bytes
[vpn] up: 1 link, total bandwidth 64000 bps
[vpn] IPCP: Up event
[vpn] IPCP: state change Starting --> Req-Sent
[vpn] IPCP: SendConfigReq #1
IPADDR 0.0.0.0
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: Open event
[vpn] CCP: state change Initial --> Starting
[vpn] CCP: LayerStart
[vpn] CCP: Up event
[vpn] CCP: state change Starting --> Req-Sent
[vpn] CCP: SendConfigReq #1
[vpn] CCP: Checking whether 40 bits are enabled -> yes
[vpn] CCP: Checking whether 56 bits are enabled -> yes
[vpn] CCP: Checking whether 128 bits are enabled -> yes
MPPC
0x010000e0: MPPE, 40 bit, 56 bit, 128 bit, stateless
[vpn] IPCP: rec'd Configure Request #57 link 0 (Req-Sent)
IPADDR 172.16.1.38
172.16.1.38 is OK
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: SendConfigAck #57
IPADDR 172.16.1.38
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: state change Req-Sent --> Ack-Sent
[vpn] CCP: rec'd Configure Request #17 link 0 (Req-Sent)
MPPC
0x010000e0: MPPE, 40 bit, 56 bit, 128 bit, stateless
[vpn] CCP: Checking whether 40 bits are acceptable -> yes
[vpn] CCP: Checking whether 56 bits are acceptable -> yes
[vpn] CCP: Checking whether 128 bits are acceptable -> yes
[vpn] CCP: SendConfigNak #17
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] rec'd unexpected protocol ECP on link 0, rejecting
[vpn] IPCP: rec'd Configure Nak #1 link 0 (Ack-Sent)
IPADDR 192.168.94.7
192.168.94.7 is OK
[vpn] IPCP: SendConfigReq #2
IPADDR 192.168.94.7
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: rec'd Configure Nak #1 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] CCP: SendConfigReq #2
[vpn] CCP: Checking whether 40 bits are enabled -> no
[vpn] CCP: Checking whether 56 bits are enabled -> no
[vpn] CCP: Checking whether 128 bits are enabled -> yes
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] CCP: rec'd Configure Request #18 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] CCP: Checking whether 128 bits are acceptable -> yes
[vpn] CCP: SendConfigAck #18
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] CCP: state change Req-Sent --> Ack-Sent
[vpn] IPCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
IPADDR 192.168.94.7
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] IPCP: state change Ack-Sent --> Opened
[vpn] IPCP: LayerUp
192.168.94.7 -> 172.16.1.38
[vpn] IFACE: Up event
[vpn] setting interface ng0 MTU to 1456 bytes
[vpn] exec: /sbin/ifconfig ng0 192.168.94.7 172.16.1.38 netmask 0xffffffff -link0
[vpn] no interface to proxy arp on for 172.16.1.38
[vpn] exec: /sbin/route add 192.168.94.7 -iface lo0
[vpn] exec: /sbin/route add 0.0.0.0 172.16.1.38
[vpn] IFACE: Up event
[vpn] CCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
[vpn] CCP: state change Ack-Sent --> Opened
[vpn] CCP: LayerUp
Compress using: MPPE, 128 bit, stateless
Decompress using: MPPE, 128 bit, stateless
[vpn] setting interface ng0 MTU to 1456 bytes
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
[vpn] LCP: no reply to 1 echo request(s)
[vpn] error writing len 12 frame to bypass: Resource deadlock avoided
mpd: caught fatal signal int
mpd: fatal error, exiting
[vpn] IPCP: Down event
[vpn] IPCP: state change Opened --> Starting
[vpn] IPCP: LayerDown
[vpn] IFACE: Down event
[vpn] exec: /sbin/route delete 0.0.0.0 172.16.1.38
[vpn] exec: /sbin/route delete 192.168.94.7 -iface lo0
[vpn] exec: /sbin/ifconfig ng0 down delete -link0
[vpn] IFACE: Close event
[vpn] IPCP: Close event
[vpn] IPCP: state change Starting --> Initial
[vpn] IPCP: LayerFinish
mpd: process 2244 terminated
Пробую дать команду
ping 172.16.1.38
PING 172.16.1.38 (172.16.1.38): 56 data bytes
ping: sendto: Resource deadlock avoided
ping: sendto: Resource deadlock avoided
ping: sendto: No buffer space available
ping: sendto: No buffer space available
^C
--- 172.16.1.38 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
или так
traceroute www.ru
traceroute to www.ru (194.87.0.50), 64 hops max, 40 byte packets
traceroute: sendto: Resource deadlock avoided
1 traceroute: wrote www.ru 40 chars, ret=-1
Как видите, ничего не работает. Помогите советом!!!
