Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

[AndreyPopov]

à â OpenVPN íåò òàêèõ ôóíêöèé?

ìîæåò òîãäà òàêîé âàðèàíò - äîáàâèòü èíòðåðôåéñ tun0 â ìîñòó br0 è âàøåé ñåòêå ïîìåíÿòü àäðåñàöèþ íà 192.168.161.0 èëè íàîáîðîò â OpenVPN ñìåíèòü íà 192.168.1.0

brctl addif br0 tun0

????????????????

[petras]

$ brctl addif br0 tun0
br_add_interface: Invalid argument

ñòðàííî


âîîáùå, ïîõîæå, ÷òî âñ¸ íå òàê ïðîñòî, êàê êàæåòñÿ

[AndreyPopov]

$ brctl addif br0 tun0
br_add_interface: Invalid argument

ñòðàííî

ïîïðîáóéòå
ifconfig tun0 up
brctl addif br0 tun0

ýòî íå 100%, ÷òî ïîìîæåò. ïðîñòî ïî àíàëîãèè ïðèêðó÷èâàíèÿ bluetooth è ïîäíÿòèÿ èíòåðôåéñà òàì - ÿ âàì è ñîâåòóþ.

è êñòàòè, âû íà ñåðâåðå VPN ïðîïèñàëè ìàðøðóòèçàöèþ ñâîåé ñåòè, êàê ñêàçàíî çäåñü:
First, you must advertise the 10.66.0.0/24 subnet to VPN clients as being accessible through the VPN. This can easily be done with the following server-side config file directive:

â ýòîì æå HOWTO ñêàçàíî, ÷òî íàäî ïðîñëåäèòü çà IP forwarding è TUN/TAP íà VPN ñåðâåðå - òàê ÷òî èçó÷àéòå!

íî äóìàþ âàì ëó÷øå íå routed VPN íàñòðîèòü, à bridging VPN - â HOWTO åñòü ðåêîìåíäàöèè è ïîýòîìó ïîâîäó.

[petras]

íåò, ýòîò âàðèàíò òîæå íå ïðîøåë.

â ïðèíöèïå, â howto âñ¸ ëîãè÷íî è ïîíÿòíî ðàñïèñàíî, ïðîñòî òóò óæå ðåøåíèå çàäà÷è âûõîäèò çà ïðåäåëû ìîåé ëè÷íîé äîñÿãàåìîñòè. ïîñìîòðèì, åñëè àäìèíó ñ ñåðâåðíîé ñòîðîíû áóäåò íå ëåíü è áóäåò íà ýòî âðåìÿ, ìîæåò è ñäåëàåì. âèäèìî, ðåøåíèÿ ÷èñòî ñ êëèåíòñêîé ñòîðîíû íåò. íó äà è ëàäíî

ñïàñèáî çà ïîìîùü!
åñëè óäàñòñÿ ñäåëàòü, îáÿçàòåëüíî íàïèøó ïîäðîáíî.

[Romeo9128]

Äîáðîé íî÷è, óâàæàåìûå ôîðóì÷àíå!
Çàäàëñÿ âîïðîñîì î ïîäíÿòèè OenVPN-ñåðâåðà â ðåæèìå tap (ïðåñëåäîâàë öåëü ïîäêëþ÷èòü íåñêîëüêèõ ïîëüçîâàòåëåé èç èíåòà ê ðåñóðñàì âíóòðåííèåé ëîêàëêè). Ðàíüøå äîáëñÿ ðàáîòû ñåé ñîôòèíû â ðåæèìå tun - ò.å. â ðæèìå "ðîóòåðà" (ðàáîòàëî íî òîëüêî ñ îäíèì ïîäêëþ÷¸ííûì êëèåíòîì.)
Äåëàë âñ¸ èçó÷èâ ñëåäóþùèå ìàíóàëû:
Íåñêîëüêî êëèåíòîâ ïî OpenVPN - http://wl500g.info/showthread.php?t=9784
Ïîìîãèòå îáúÿñíèòü ïîâåäåíèå OpenVPN - http://wl500g.info/showthread.php?t=...hlight=openvpn
Óñòàíîâêà openvpn â îñíîâíóþ ïàìÿòü äëÿ ÍÎÂÈ×ÊΠ- http://wl500g.info/showthread.php?t=8880&page=6
FAQ: OpenVPN (áûëî - Ïîìîãèòå íàñòðîèòü OpenVPN) ! - http://forum.ixbt.com/topic.cgi?id=14:40906

Ïîñëå äîëãèõ ìó÷åíèé è ñåðâåð è êëèåíò ïåðåñòàëè ðóãàòüñÿ íà êîíôèãè, ñåðâåð çàïóñòèëñÿ.
Êîíôèãè ñëåäóþùèå:
server.conf

Code:

dev tap0
proto tcp-server
server-bridge 10.0.0.1 255.255.255.0 10.0.0.50 10.0.0.60
client-to-client
tls-server
dh /opt/etc/openvpn/keys/dh1024.pem
ca /opt/etc/openvpn/keys/ca.crt
cert /opt/etc/openvpn/keys/server.crt
key /opt/etc/openvpn/keys/server.key
port 1194
keepalive 10 120
persist-tun
persist-key
verb 3

client.ovpn

Code:

ca ca.crt
cert client.crt
key client.key
dev tap0
tls-client
remote 192.168.1.1:1194
port 1194
proto udp
persist-tun
persist-key
verb 3

route-delay 10
route-gateway 10.8.0.2

ÍÎ!!
Ïðè çàïóñêå êëèåíòñêîãî ñîåäèíåèÿ ëîã ïîñòåïåííî çàïîëíÿåòñÿ ñîîáùåíèÿìè ñëåäóþùåãî õàðàêòåðà:
Thu May 08 00:15:17 2008 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Ïîãóãëèâ âîïðîñ íàø¸ë èíôó ÷òî ýòè îøèáêè - îøèáêè ðàáîòû ñ ñîêåòîì - è âûäà¸ò èõ âèíäà.

Ëåçåì â ôàåðâîë:

Code:

[admin@(none) /]$ iptables -L -nv --line-numbers
Chain INPUT (policy ACCEPT 860 packets, 111K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0
2       84  3528 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:1194
3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1194
4        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
5     5122  745K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
6      293 17580 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          state NEW
7     2454  766K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0          state NEW
8        3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:80
9        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:8081
10       4   244 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
11       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:81
12       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80
13       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22000
14       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:23
15       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:21
16       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:59970
17       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:64255
18       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:39309

Chain FORWARD (policy ACCEPT 52 packets, 2664 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  *      *       192.168.210.10       192.168.1.10
4        0     0 ACCEPT     all  --  *      *       192.168.213.76       192.168.1.10
5        0     0 ACCEPT     all  --  *      *       192.168.211.14       192.168.1.10
6        0     0 ACCEPT     all  --  *      *       192.168.217.3        192.168.1.10
7        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
9       80  3992 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 TCPMSS clamp to PMTU
10    2351 1438K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
11      51  2624 MAC_IP     all  --  *      !br0    0.0.0.0/0            0.0.0.0/0
12       0     0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0
13       0     0 DROP       all  --  !br0   vlan1   0.0.0.0/0            0.0.0.0/0
14      31  1488 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          ctstate DNAT
15       0     0 DROP       all  --  *      br0     0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 7723 packets, 1428K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0

Chain MACS (0 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain MAC_IP (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        9   432 RETURN     all  --  *      *       192.168.1.3          0.0.0.0/0          MAC 00:80:48:3F:7A:9F
2        0     0 RETURN     all  --  *      *       192.168.1.4          0.0.0.0/0          MAC 00:E0:4C:DD:0D:90
3       39  2036 RETURN     all  --  *      *       192.168.1.5          0.0.0.0/0          MAC 00:1C:23:0B:1C:A4
4        0     0 RETURN     all  --  *      *       192.168.1.10         0.0.0.0/0          MAC 00:17:31:96:6E:F4
5        0     0 RETURN     all  --  *      *       192.168.1.124        0.0.0.0/0          MAC 00:02:78:89:82:13
6        3   156 RETURN     all  --  *      *       192.168.1.190        0.0.0.0/0          MAC 00:1B:77:B6:55:BB
7        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain SECURITY (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 limit: avg 1/sec burst 5
2        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x17/0x04 limit: avg 1/sec burst 5
3        0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 5
4        0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 5
5        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logaccept (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `ACCEPT '
2        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `DROP '
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Íà ìîé âçãëÿä áëîêèðîâàòü íè÷åãî íå äîëæíî. Ïðè÷¸ì ïðè ïîïûòêå ïîäêëþ÷åíèÿ â òàáëèöå INPUT óâåëè÷èâàþòñÿ êîë-âî ïàêåòîâ è îáú¸ì äàííûõ â ïðàâèëå ¹2

Ìîæåò êòî ñòàëêèâàëñÿ ñ ïîäîáíîé ñèòóàöèåé? Ïîäñêàæèò ïîæàëóéñòî, ãäå íàêîñÿ÷èëè ìîè êðèâûå ðó÷¸íêè!

Ïðîáîâàë è ñ âîò ýòèìè ïðàâèëàìè èç îäíîãî ìàíóàëà

Code:

#!/bin/sh
iptables -D INPUT -j DROP

# enable access from WAN

iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT
iptables        -I INPUT      -p udp --dport 1194 -j ACCEPT

iptables -I INPUT   -i tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -j ACCEPT

È ñ âîò ýòèìè ïðàâèëàìè èç äðóãîãî ìàíóàëà:

Code:

iptables -A INPUT -i tap0 -j ACCEPT

P.S. Íà êîìïå ñ êîòîðîãî ïûòàþñü ïîäêëþ÷èòüñÿ ôàåðâîëîâ íåò. Âèíäîâûé áðàíäìàóýð îòêëþ÷¸í. Âèíäà -XP SP2.
Çàðàíèå áëàãîäàðåí âñåì îòêëèêíóâøèìñÿ!

[Romeo9128]

Ïîìåíÿë â ïîñò-ôàåðâîëë ïðàâèëà:

Code:

iptables -D INPUT -j DROP
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 1194 -j DNAT --to-destination $4:1194
echo "post-firewall: TCP/UDP ports for OpenVPN OPENED OK ! " >> /tmp/syslog.log

iptables -I INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -I OUTPUT -o tun0 -j ACCEPT
echo "post-firewall: Connections from tap0 OPENED OK ! " >> /tmp/syslog.log

íà

Code:

iptables -D INPUT -j DROP
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination $4:1194
iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 1194 -j DNAT --to-destination $4:1194
echo "post-firewall: TCP/UDP ports for OpenVPN OPENED OK ! " >> /tmp/syslog.log

iptables -I INPUT -i tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -j ACCEPT
iptables -I FORWARD -o tap0 -j ACCEPT
iptables -I OUTPUT -o tap0 -j ACCEPT
echo "post-firewall: Connections from tap0 OPENED OK ! " >> /tmp/syslog.log

Îøèáêè ñ â òàêîì áåøåíîì êîëè÷åñòâå (WSAECONNRESET) (code=10054) ïðåêðàòèëèñü. Òåïåðü ëîã ñîåäèíåíèÿ âûãëÿäèò òàê:

Code:

Thu May 08 00:51:17 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Thu May 08 00:51:17 2008 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu May 08 00:51:17 2008 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 08 00:51:17 2008 TAP-WIN32 device [Ïîäêëþ÷åíèå ïî ëîêàëüíîé ñåòè 4] opened: \\.\Global\{3801AE01-AD71-435A-9B1C-62E3F802F5C8}.tap
Thu May 08 00:51:17 2008 TAP-Win32 Driver Version 8.4 
Thu May 08 00:51:17 2008 TAP-Win32 MTU=1500
Thu May 08 00:51:17 2008 Successful ARP Flush on interface [19] {3801AE01-AD71-435A-9B1C-62E3F802F5C8}
Thu May 08 00:51:17 2008 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Thu May 08 00:51:17 2008 Local Options hash (VER=V4): '2c50bd2c'
Thu May 08 00:51:17 2008 Expected Remote Options hash (VER=V4): '0ddbb6e3'
Thu May 08 00:51:17 2008 UDPv4 link local (bound): [undef]:1194
Thu May 08 00:51:17 2008 UDPv4 link remote: 62.140.252.29:1194

òóò ñîåäèåíèå êàê-áû ïîäâèñàåò íà 60 ñåêóíä è âûäà¸òñÿ ñëåäóþùàÿ îøèáêà:

Thu May 08 00:51:21 2008 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Thu May 08 00:52:18 2008 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 08 00:52:18 2008 TLS Error: TLS handshake failed
Thu May 08 00:52:18 2008 TCP/UDP: Closing socket
Thu May 08 00:52:18 2008 SIGUSR1[soft,tls-error] received, process restarting
Thu May 08 00:52:18 2008 Restart pause, 2 second(s)

â ÷¸ì ÿ íàêîñÿ÷èë? ïîäñêàæèòå ïîäàëóéñòî!

[Romeo9128]

Ñäåëàë ïî âàøèì êîíôèãàì. Èï ïîëó÷àåòñÿ èç òîé ïîäñåòè, êîòîðóþ çàäàëè â êîíôèãå ñåðâåðà.  äàííîì ñëó÷àå - 10.8.0.50 - 10.8.0.60...
Òàê ÷òî íå âïîëíå ÿñíî ïî÷åìó ó Âàñ ip áûë âûäàí DHCP-ðîóòåðà..
Êñòàòè, ñ Âàøåãî ïîçâîëåíèÿ îäèí íåáîëüøîé âîïðîñèê: êàê Âû ãåíåðèðîâàëè ñåðòèôèêàòû è êëþ÷è? íà ðîóòåðå èëè íà ÏÊ, è êàêîé ñîôò èñïîëüçîâàëè äëÿ ýòîãî?

[svu]

Ïûòàþñü ïîäíÿòü äîìà ïðîñòåéøèé openvpn íà asus wl500w. Ïî âîò ýòîé ðàññêàçêå: http://wl500g.info/showthread.php?t=5312 Âñå çàïóñêàåòñÿ, îøèáîê íåò. Äàëåå, ïûòàþñü òåñòèðîâàòü.  êà÷åñòâå êëèåíòà - openvpn íà n810, êîòîðàÿ ÷åðåç ñèíåçóá âÿæåòñÿ ñ ìàáèëîé è âûõîäèò â èíòåðíåò. Èíòåðôåéñ tun0 ïîäûìàåòñÿ êàê ðîäíîé (òî÷íåå, 2 èíòåðôåéñà - íà ðîóòåðå è íà òàáëåòêå ñîîòâ.). Íî ïèíã ñ 10.8.0.1 íà 10.8.0.2 íå ïðîõîäèò âàùå. È îáðàòíî, ÷òî õàðàêòåðíî, òîæå. Ãäå á ïîêîïàòü?  ëîãàõ ðàïîðòóþò îá óäà÷íî óñòàíîâëåííîì ñîåäèíåíèè...

Ñïàñèáî.

[eone]

Ïðèâåòñòâóþ!

WL520GC + AKADO (áûâøûé ïðîâàéäåð TC-EXE â Ìàðüèíî). Äëÿ èñïîëüçîâàíèÿ âíåøíåãî àäðåñà íåîáõîäèìî óñòàíîâèòü PPTP ñîåäèíåíèå. Êîðî÷å, âñå ðàáîàåò ïðåêðàñíî, íî äî ïåðåçàãðóçêè óñòðîéñòâà - PPTP îí ñðàçó íå âñåãäà ïîäíèìàåò, ìîæåò ìíîãî ðàç ïûòàòüñÿ, à ìîæåò è ñðàçó óñòàíîâèòü. Ñòîèò íàæàòü â â ñòàòóñå Disconnect - ñíîâà áóäåò ñîåäèíÿòüñÿ íåîïðåäåëåííîå âðåìÿ. Íî êîãäà ñîåäèíèëñÿ - äåðæèò ïî íåñêîëüêî äíåé áåç ïðîáëåì. Ò.å. èìååì êàêóþ-òî íåñòàáèëüíóþ ðàáîòó pppd. Ïðîøèâêà ðîäíàÿ 2011. Âêëþ÷åíèå äåáàãà è ò.ä. ïîíèìàíèÿ íå äîáàâëÿåò - Modem Hangup èñå òóò. Ïðè ýòîì åñëè óñòàíàâëèâàòü VPN ñ âèíäû - âñåãäà ìãíîâåííî.

Ëàäíî, ìîæíî ñïèñàòü íà êðèâèçó ðîäíîé ïðîøèâêè, íî êîñÿê â òîì, ÷òî çàìåíèòü ÿ åå íå ìîãó. Íèêàê. Íè ñòàíäàðòíûìè ñðåäñòâàìè ÷åðåç çàêëàäêó Firmware Update, íè c èñïîëüçîâàíèåì Firmware Restoration Utility - íå íàõîäèò óñòðîéñòâî (èíòåðôåéñ ìàðøðóòèçàòîðà âîîáùå íå ïèíãóåòñÿ). Ò.å. ïðîñòî íèêàê, õîòÿ îäèí ðàç ýòî áûëî óñïåøíî ïðîäåëàíî - êóïëåí îí áûë ñ 2010, ÿ çàìåíèë íà 2010 ÷åðåç âåáìîðäó.

×òî äåëàòü? Íó ìîæíî çàáèòü, êîíå÷íî - âåäü ÷åðåç ñêîëüêî-òî âðåìåíè îí ïîäíèìàåò pptp è äàëåå ñòàáèëüíî ðàáîòàåò, íî ÿ òàê íå ïðèâûê. Àëòåðíàòèâà - ïîäíÿòü pptp äî ïðîâàéäåðà íà rrase âèíäîâîì, âñå ðàâíî ñåðâåð ñòîèò äîìà, íî òîæå ëèøíåå ýòî...

Ïîýòîìó îñíîâíîé âîïðîñ - êàê ïðîøèòü 0016 ïðîøèâêó?

Ñïàñèáî.

[Serge_K]

Ïîýòîìó îñíîâíîé âîïðîñ - êàê ïðîøèòü 0016 ïðîøèâêó?Ñïàñèáî.

Òàê íå ïðîáîâàëè?
http://wl500g.info/showpost.php?p=33445&postcount=16

[eone]

Íå, òàê íå ïðîáîâàë - ìåíÿ îñòàíàâëèâàåò òîò øàã, ÷òî èíòåðôåéñ íå ïèãóåòñÿ. Ò.å. òôòï ìîæíî óæå è íå ïðîáîâàòü. ß äîïóñêàþ êîíå÷íî, ÷òî â ñòàíäàðòíîì çàãðóç÷èêå çàïðåùåí ICMP è ðàçðåøåí òîëüêî tftp, íî ñîìíèòåëüíî. Äà è â òîé òåìå èíòåðôåéñ ïèíãóåòñÿ. Õîòÿ ýòî ìíîãî âðåìåíè íå òðåáóåò - âå÷åðîì ïðîâåðþ, êîíå÷íî - ùàñ ðåàëüíûé àäðåñ ïîêà íóæåí

Äà, áåç óñòàíîâêè VPN (êîãäà íà WAN èíòåðôåéñå àäðåñ èç âíóòðåííåãî äèàïàçîíà ïðîâàéäåð) âñå ëåòàåò è âñåãäà. Ò.å. ïðîáëåìà òîëüêî ñ PPTP.

[xHawKx]

Åñòü åùå îäèí ìîìåíò ñ PoPToP.
Åñëè ïðîâàéäåð èñïîëüçóåò raduis-ñåðâåð â àóòåíòèôèêàöèè (à òàê ñêîðåå âñåãî è åñòü), ìîæåò áûòü íåáîëüøîé íüþàíñ.
 ñëó÷àå íåïðåäâèäåííîãî ðàçðûâà âàøåãî ñîåäèíåíèÿ ñåðâåð äîñòóïà (vpn-ñåðâåð) íå âñåãäà ìîæåò ïîíÿòü ÷òî ñåññèÿ ðàçîðâàëàñü, íó íåò ïàêåòîâ â òóííåëå è íåò, ìîæ âû ïîêóðèòü âûøëè. Ñîîòâåòñòâåííî, êîãäà âû òóò æå ïûòàåòåñü çàöåïèòüñÿ ñíîâà, ñåðâåð äîñòóïà ñïðàøèâàåò ó raduis-ñåðâåðà, ìîæíî ëè âàì öåïëÿòüñÿ. raduis â ñâîþ î÷åðåäü âèäèò, ÷òî âû óæå åäèíîæäû ïîäêëþ÷åíû, à âòîðîé ðàç - ôèã, î ÷åì è ãîâîðèò âïí ñåðâåðó. Ïðè ýòîì, ñåðâåð äîñòóïà íà òðàíñïîðòíîì äëÿ âïí óðîâíå (íà óðîâíå ip ñåòåâûõ êàðò) âèäèò ÷òî îò âàñ âñåòêè èäóò ïàêåòû, âûæ íà âïí-ïîðò ñòó÷èòåñü, gre ïàêåòû õîäÿò, à ïîòîìó, êîãäà èäåò ïðîìåæóòî÷íûé ýêêàóíòèíã (êîòîðûé è ïðèçâàí ëîæèòü íåíîðìàëüíî çàâåðøåííûå ñåññèè) íå âèäèò ïðè÷èí ëîæèòü çàâèñøóþ vpn ñåññèþ - è ãîâîðèò ðàäèóñó ÷òî âñå â ýòîì òóííåëå â íîðìå, þçåð ðàáîòàåò. Ïîëó÷àåòñÿ çàìêíóòûé êðóã - òâîÿ æåëåçÿêà ïûòàåòñÿ ñ óïîðñòâîì ìàíüÿêà äîçâîíèòüñÿ ðàç â 30 ñåê, ÷åì è ëèøàåò âñÿêîãî øàíñà ñîåäèíèòüñÿ. È êàê òîëüêî âû ïåðåòêíóëè êàáåëü èç wan-ïîðòà æåëåçêè â êîìï, äðóãóþ æåëåçêó, èëè âûäåðíóâ êàáåëü èç wan ìèíóò 5 îáæèìàëè åãî îòâåðòêîé çàíîâî - âñå ìàãè÷åñêèì îáðàçîì ïðîõîäèò...
Ïî èäåå âñå, ÷òî íóæíî - ìèíóò îò 1 äî 10 ïðîñòî íå ïûòàòüñÿ ñîåäèíÿòüñÿ, â çàâèñèìîñòè îò ïðîâà.
Áûâøèé ïðîâ.

[eone]

Î! Ýòî ïîëíîñòüþ ïîäâåðæäàåò ìîè ïîäîçðåíèÿ. Âîò ñìîòðþ ïî ëîãó - â÷åðà âå÷åðîì îí ÷àñ ñîåäèíÿëñÿ. Íî, îïÿòü æå - êîãäà ãîâîðèøü åìó disconnect, òî ïî ëîãó îí çàâåðøåò ñîåäèíåíèå êîððåêòíî (íè ðàçó íå î÷åâèäíî, ÷òî ñ òî÷êè çðåíèÿ vpn ñåðâåðà ýòî òàê). Äà è çàïóñê vpn ñ âèíäû âñåãäà ïðîõîäèò óñïåøíî.

ß äëÿ ñåáÿ âîò ÷òî çàìåòèë - åñëè îí ïîñëå ïåðåçàïóñêà íîðìàëüíî ñîåäèíÿåòñÿ, òî â ëîãå ñðâçó âñå õîðîøî. À âîò åñëè ñðàçó íå ñîåäèíÿëñÿ. òî ëîã íà÷èíàåòñÿ òàê:

Jan 1 03:00:03 pppd[57]: pppd 2.4.2 started by (unknown), uid 0
Jan 1 03:00:04 pppd[57]: Serial connection established.
Jan 1 03:00:04 pppd[57]: Using interface ppp0
Jan 1 03:00:04 pppd[57]: Connect: ppp0 <--> /dev/pts/0
Jan 1 03:00:07 pptp[69]: connect: No route to host
Jan 1 03:00:07 pptp[69]: Could not open control connection to 10.10.10.10
Jan 1 03:00:07 pptp[63]: Call manager exited with error 256
Jan 1 03:00:07 pppd[57]: Modem hangup
Jan 1 03:00:07 pppd[57]: Connection terminated.
Sep 21 22:56:57 ntp client: time is synchronized to time.nist.gov pool.ntp.org

Äàëüøå ïîñòîÿííî ïîâòîðÿåòñÿ:

Sep 21 22:57:00 pppd[57]: Serial connection established.
Sep 21 22:57:00 pppd[57]: Using interface ppp0
Sep 21 22:57:00 pppd[57]: Connect: ppp0 <--> /dev/pts/0
Sep 21 22:57:03 pppd[57]: Modem hangup
Sep 21 22:57:03 pppd[57]: Connection terminated.

Íó è êîãäà íàêîíåö ñîåäèíèëñÿ:

Sep 22 00:03:54 pppd[57]: Serial connection established.
Sep 22 00:03:54 pppd[57]: Using interface ppp0
Sep 22 00:03:54 pppd[57]: Connect: ppp0 <--> /dev/pts/0
Sep 22 00:03:55 pppd[57]: CHAP authentication succeeded
Sep 22 00:03:55 pppd[57]: local IP address 89.19.171.68
Sep 22 00:03:55 pppd[57]: remote IP address 89.19.162.1
Sep 22 00:03:56 PPTP: connect to ISP

Îñòàëîñü ïîíÿòü äëÿ ïðîâåðêè, êàê áû ìèíóò íà 5 îòëîæèòü ñòàðò pppd ïîñëå ñòàðòàïà ìàðøðóòèçàòîðà.

[eone]

Ïî ïîâîäó íåâîçìîæíîñòè ïðîøèâêè ÷åðåç âåá-èíòåðôåéñ íà ñàéòå openwrt íàøåë âîò ÷òî:

Web interface from ASUS Firmware 2.0.1.0 and newer doesn't allow to upload DD-WRT firmware, it reports corrupted file. You have to downgrade to 2.0.0.8 ASUS firmware in order to flash DD-WRT firmware.
There also could be unable to downgrade to 2.0.0.8 ASUS firmware from newer version through web interface, easily soulution could be rename in order to flash DD-WRT firmware. Easy solution could be to rename a old firmware file (up to 2.0.0.8) for example to "newer" WL520gc_2.0.1.2_EN.trx

Ïðèêîëüíî. Âå÷åðîì ïðîøüþ 0016 ïðîøèâêîé è áóäåì ïîñìîòðåòü. Êñòàòè, ãäå-íèáóäü îïóáëèêîâàí ïîëíûé ñïèñîê îòëè÷èé äàííîé ïðîøèâêè îò ðîäíîé è âíîñèëèñü ëè êàêè-íèáóäü èçìåíåíèÿ â ÷àñòè pppd?

[xHawKx]

pppd, êàê è poptop - âåñüìà êîíñåðâàòèâíûå ïðîåêòû, ââèäó âîçðàñòà è îòëàæåííîñòè. Âðÿä ëè ñòîèò æäàòü ÷åãî-òî íîâîãî.