* [Sysadmins] pptp over pptp
@ 2008-06-06 8:41 Ilis
0 siblings, 1 reply; 3+ messages in thread
From: Ilis @ 2008-06-06 8:41 UTC (permalink / raw)
To: ALT Linux sysadmin discuss
Пытаюсь настроить pptp через существующий pptp
После серии наводящих вопросов меня послали из desktop@ в sysadmins@
Есть подключение к провайдеру с авторизацией через VPN (eth0+ppp0)
Надо поднять ещё один VPN (pptp) для доступа в корпоративную сеть.
[root@altus ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:80:48:53:E0:27
inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13785018 errors:0 dropped:0 overruns:0 frame:0
TX packets:7024790 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1205455111 (1.1 GiB) TX bytes:3852340608 (3.5 GiB)
Interrupt:201 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:17428 errors:0 dropped:0 overruns:0 frame:0
TX packets:17428 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:876370 (855.8 KiB) TX bytes:876370 (855.8 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:87.224.170.26 P-t-P:172.30.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2190566 errors:0 dropped:0 overruns:0 frame:0
TX packets:3259729 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:174651239 (166.5 MiB) TX bytes:3590369504 (3.3 GiB)
Сделал настройки по аналогии с ppp0
[root@altus ~]# cat /etc/net/ifaces/ppp1/*
ONBOOT=no
PPPTYPE=pptp
PPTP_SERVER=217.148.52.5
REQUIRES=ppp0
user ilis
nomppe
nodefaultroute
noreplacedefaultroute
nopersist
[root@altus ~]# ifup ppp1
[root@altus ~]# cat /var/log/messages | egrep '7236|7241|7242'
Jun 2 08:11:12 altus sshd[9542]: Failed password for UNKNOWN USER
from 218.234.21.151 port 57242 ssh2
Jun 2 20:18:40 altus pppd[7236]: pppd 2.4.4 started by root, uid 0
Jun 2 20:18:40 altus pppd[7236]: Using interface ppp1
Jun 2 20:18:40 altus pppd[7236]: Connect: ppp1 <--> /dev/pts/4
Jun 2 20:18:40 altus pptp[7241]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 1 'Start-Control-Connection-Request'
Jun 2 20:18:40 altus pptp[7241]: anon
log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection
Reply
Jun 2 20:18:40 altus pptp[7241]: anon
log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
Jun 2 20:18:41 altus pptp[7241]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 7 'Outgoing-Call-Request'
Jun 2 20:18:41 altus pptp[7241]: anon
log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
Jun 2 20:18:41 altus pptp[7241]: anon
log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0,
peer's call ID 2597).
Jun 2 20:18:41 altus pppd[7236]: CHAP authentication succeeded
Jun 2 20:18:41 altus pppd[7236]: CHAP authentication succeeded
Jun 2 20:18:42 altus pppd[7236]: local IP address 192.168.254.218
Jun 2 20:18:42 altus pppd[7236]: remote IP address 217.148.52.5
Jun 2 20:18:54 altus pppd[7242]: Script /etc/ppp/ip-up finished (pid
7243), status = 0x0
Jun 2 20:20:38 altus pptp[7241]: anon log[logecho:pptp_ctrl.c:676]:
Echo Request received.
Jun 2 20:20:38 altus pptp[7241]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 6 'Echo-Reply'
Jun 2 20:21:36 altus pppd[7242]: LCP terminated by peer (Peer Terminated)
Jun 2 20:21:36 altus pppd[7242]: Connect time 2.9 minutes.
Jun 2 20:21:36 altus pppd[7242]: Sent 1748727312 bytes, received 0 bytes.
Jun 2 20:21:37 altus pppd[7242]: Script /etc/ppp/ip-down finished
(pid 8819), status = 0x1
Jun 2 20:21:38 altus pptp[7241]: anon
log[pptp_handle_timer:pptp_ctrl.c:1049]: closing control connection
due to missing echo reply
Jun 2 20:21:38 altus pptp[7241]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 12 'Call-Clear-Request'
Jun 2 20:21:38 altus pptp[7241]: anon
log[pptp_conn_close:pptp_ctrl.c:430]: Closing PPTP connection
Jun 2 20:21:38 altus pptp[7241]: anon log[ctrlp_rep:pptp_ctrl.c:251]:
Sent control packet type is 3 'Stop-Control-Connection-Request'
Jun 2 20:21:38 altus pptp[7241]: anon
log[call_callback:pptp_callmgr.c:78]: Closing connection (call state)
Jun 2 20:21:38 altus pppd[7242]: Modem hangup
Jun 2 20:21:38 altus pppd[7242]: Connection terminated.
Jun 2 20:21:43 altus pppd[7242]: Exit.
Сразу после авторизации через интерфейс пролетает безответно куча
трафика на всю ширину канала (за три минуты 1,5Г) интерфейс
отключается...
ppp1 Link encap:Point-to-Point Protocol
inet addr:192.168.254.218 P-t-P:217.148.52.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:4433815 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:73 (73.0 b) TX bytes:1623110547 (1.5 GiB)
[root@altus ~]# tcpdump -ni ppp1
22:14:35.071130 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67779, length 108: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67765, length 72: IP [|ip]
22:14:35.071714 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67780, length 144: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67766, length 108: IP [|ip]
22:14:35.072296 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67781, length 180: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67767, length 144: IP [|ip]
22:14:35.072884 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67782, length 396: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67770, length 360: IP [|ip]
22:14:35.073689 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67783, length 1480: IP truncated-ip - 36 byte! 87.224.170.26 >
217.148.52.5: GREv1, call 2599, seq 67771, length 1480: IP [|ip]
22:14:35.073731 IP 87.224.170.26 > 217.148.52.5: ip-proto-47
22:14:35.074479 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67784, length 72: IP 87.224.170.26 > 217.148.proto-47
22:14:35.075084 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67785, length 108: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67772, length 72: IP [|ip]
22:14:35.075669 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67786, length 144: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67773, length 108: IP [|ip]
22:14:35.076251 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67787, length 180: IP 87.224.170.26 > 217.148Ev1, call 2599, seq
67774, length 144: IP [|ip]
22:14:35.076866 IP 87.224.170.26 > 217.148.52.5: GREv1, call 2599, seq
67788, length 1480: IP truncated-ip - 36 byte! 87.224.170.26 >
217.148.52.5: GREv1, call 2599, seq 67777, length 1480: IP [|ip]
22:14:35.076891 IP 87.224.170.26 > 217.148.52.5: ip-proto-47
13509 packets captured
19277 packets received by filter
5591 packets dropped by kernel
> Таблицу маршрутизации ДО и ВО ВРЕМЯ покажите тож.
До:
[root@altus ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.30.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
Во время:
[root@altus ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
217.148.52.5 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1
172.30.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
Что можно сделать?
--
Кругликов Илья
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Sysadmins] pptp over pptp
@ 2008-06-07 4:56 ` Ilis
2008-06-09 9:15 ` Ilis
0 siblings, 1 reply; 3+ messages in thread
From: Ilis @ 2008-06-07 4:56 UTC (permalink / raw)
To: ALT Linux sysadmin discuss
06.06.08, Dmitry Afanasov<afanasovdmitry@gmail.com> написал(а):
> 06.06.08, Ilis <ilis.krou@gmail.com> написал(а):
> > Пытаюсь настроить pptp через существующий pptp
> >
> >
> есть у меня подозрения на MTU.
> в случаях pptp подключений через любой vpn я всегда в ppp опциях ставлю
>
> mtu 1436
> mru 1436
>
Добавил, не помогло... Всё ровным счётом так же. Куча исходящего
трафика и закрытие соединения...
Jun 7 10:50:02 altus pppd[32057]: LCP terminated by peer (Peer Terminated)
Jun 7 10:50:02 altus pppd[32057]: Connect time 2.9 minutes.
Jun 7 10:50:02 altus pppd[32057]: Sent 1733308616 bytes, received 0 bytes.
--
Кругликов Илья
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Sysadmins] pptp over pptp
2008-06-07 4:56 ` Ilis
@ 2008-06-09 9:15 ` Ilis
0 siblings, 0 replies; 3+ messages in thread
From: Ilis @ 2008-06-09 9:15 UTC (permalink / raw)
To: ALT Linux sysadmin discuss
07.06.08, Ilis<ilis.krou@gmail.com> написал(а):
> 06.06.08, Dmitry Afanasov<afanasovdmitry@gmail.com> написал(а):
> > 06.06.08, Ilis <ilis.krou@gmail.com> написал(а):
> > > Пытаюсь настроить pptp через существующий pptp
> > >
Часть проблемы решилась следующим образом:
7 июня 2008 г. 21:52 пользователь Vitaly Kuznetsov <vitty@altlinux.ru> написал:
>
> после поднятия первого pptp написать в консоли от рута:
> route add -host 217.148.52.5 ppp0
> и после этого запустить поднятие второго. Результат писать сюда ;)
>
ppp1 поднялся и живёт, трафик в огромных количествах не шлёт.
Но появилась проблема с маршрутами:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
217.148.52.5 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
217.148.52.5 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1
172.30.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
Первый из них добавлен вручную, второй появляется в момент ifup ppp1.
Как сделать, чтобы он не появлялся? А в идеале чтобы ifup создавал
правильный маршрут, без создания его вручную...
--
Кругликов Илья
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-06-09 9:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-06-06 8:41 [Sysadmins] pptp over pptp Ilis
2008-06-07 4:56 ` Ilis
2008-06-09 9:15 ` Ilis
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git