Ïðîáëåìû ñ óñòàíîâêîé è íàñòðîéêîé VPN ñåðâåðà poptop

[ncat]

à âòîðîé ðàç ïðè ïåðåçàãðóçêå ñëó÷àåì íå ìîíòèðóþòñÿ?

[evkaz]

Êàê îêàçàëîñü, êîãäà ÿ ñòàâèë poptop, ÿ ïîëíîñòüþ äîâåðèâøèñü èíñòðóêöèè èçìåíèë ôàéë .files , ïî÷åìó òî â íåì íå ñòàëî ñòðî÷êè /etc/fstab, äà è êàê îêàçàëîñü ñàìîãî ôàéëà íå ñòàëî íà áûâøåì ìåñòå. Ñîçäàë /etc/fstab, ïðîïèñàë òàì òî÷êè ìîíòèðîâàíèÿ, ïëþñîì äîáàâèë â .files ñòðî÷êó /etc/fstab. Ïåðåçàãðóæàþ ðîóòåð, ñìîòðþ íà àêòèâíîñòü hdd, âèæó ïî÷òè íà ïîñòîÿííêó ãîðèò êðàñíûì, ñìîòðþ - ñìîíòèðîâàëñÿ swap, óæå õîðîøî, à äàëüøå íè÷åãî íå ìîíòèðîâàëîñü, íå æäàâ îòêëþ÷èë hdd, ïîñìîòðåë dmesg, îêàçàëîñü, ÷òî ïðåâûøåí ñ÷åò ïàðêîâîê, ïëþñîì äî ýòîãî âèíò áûë ïðèìîíòèðîâàí ñ îøèáêîé, â ðåçóëüòàòå øëà ïðîâåðêè äèñêà íà îøèáêè ïðîãðàììîé e2fsck. Óáèâàþ ýòó ïðîãðàììó, è î ýâðèêà çàãðóçêà ïîøëà äàëüøå, âñå ðàçäåëû ïðèìîíòèðîâàëèñü, ïðîãðàììû çàïóñòèëèñü. ÍÎ ïî÷åìó òî íå çàïóñòèëñÿ rtorrent. Ñòàë êîïàòü, ïîñìîòðåë ëîã ðòîððåíòà, òàì áûëî cannot find readable session directory /tmp/harddisk/torrent/session .Ïîïðîáîâàë çàïóñòèòü âðó÷íóþ îò þçåðà p2p, îêàçàëîñü, ÷òî è îí òîæå ïðîïàë. ñíîâà ñîçäàë, çàäàë åìó äîìàøíþþ ïàïêó, óñòàíîâèë ïðàâà. Ïåðåçàãðóçèë, ðàáîòàåò Îñòàëàñü åùå îäíà ïðîáëåìà, ïî÷åìó òî íå ðàáîòàåò êîìàíäà ps, [root@WL-002401B0F2F6 root]$ ps
ps: invalid option -- a
BusyBox v1.15.3 (2010-04-23 19:45:58 MSD) multi-call binary

Usage: ps

Report process status

Options:
w Wide output
upd: ýòà ïðîáëåìà òîæå ðåøèëàñü)) òåïåðü îñòàëîñü òîëüêî ïîäíÿòü vpn ñåðâåð ñ ðàçäà÷åé èíòåðíåòà

[mkisel]

Íå çíàþ, àêòóàëüíî, èëè íåò, ÿ ñòîëêíóëñÿ ñ òàêîé æå ïðîáëåìîé - íàø¸ë ðåøåíèå.

Ïðè ïîäíÿòèè PPTP ñîåäèíåíèÿ ñðàáàòûâàåò ip-up ïî óìîë÷àíèþ (òàê â ïðîøèâêå ñäåëàíî), êîòîðûé äîáàâëÿåò ìàðøðóò ïî óìîë÷àíèþ - àäðåñ ñåðâåðà.  íàøåì ñëó÷àå àäðåñ ñåðâåðà - ýòî íàø ñîáñòâåííûé ðîóòåð, ïîëó÷àåòñÿ ïåòëÿ.

Äëÿ ðåøåíèÿ ýòîé ñèòóàöèè íàäî ïðîïèñàòü ñâîè ip-up, ip-down â /opt/etc/ppp/options.pptpd:

# Change if-up script
ip-up-script /opt/etc/ppp/ip-up

# Change if-down script
ip-down-script /opt/etc/ppp/ip-down

äàëüøå äåëàåì ñàìè ýòè ñêðèïòû, ïîìåíÿâ èíòåðôåéñ íà íóæíûé, â ìî¸ì ñëó÷àå (RT-N16) ÿ ïîìåíÿë íà vlan2

/opt/etc/ppp/ip-up:

#!/bin/sh

REMOTE_IP_ADDRESS=$5

date > /var/run/ppp-${REMOTE_IP_ADDRESS}.up
arp --use-device --set $REMOTE_IP_ADDRESS vlan2 pub >> /var/run/ppp-${REMOTE_IP_ADDRESS}.up

exit 0

/opt/etc/ppp/ip-down:

#!/bin/sh

REMOTE_IP_ADDRESS=$5

arp --delete $REMOTE_IP_ADDRESS --device vlan2 pub
rm -f /var/run/ppp-${REMOTE_IP_ADDRESS}.up

exit 0

Ïîñëå ñîçäàíèÿ ñêðèïòîâ íå çàáûâàåì chmod +x

[h1Nt]

Äîáðûé äåíü.
Ðàáîòàë ìîé ðîóòåð ñòàáèëüíî è ÷¸òêî äî òîãî, ïîêà ÿ íå çàõîòåë óñòàíîâèòü poptop ïî ýòîé èíñòðóêöèè.
Èñïðàâèë ñêðèïò ïîä ñåáÿ, êàê ñîâåòîâàë òîïèêñòàðòåð.
Ïîñëå ïåðåçàãðóçêè ïåðåñòàë çàïóñêàòüñÿ óñòàíîâëåííûé ñîôò. ß òàê ïîíèìàþ, ÷òî ïåðåñòàëà ìîíòèðîâàòüñÿ ïðàâèëüíî ïàïêà opt.
íà ïîïûòêó çàïóñòèòü, íàïðèìåð, mc âûäà¸ò:

Code:

[root@N16]$ mc
-sh: mc: not found

Òî æå ñàìîå îòîáðàæàåòñÿ ïðè ïîïûòêå ðó÷íîãî çàïóñêà îñòàëüíûõ ïðîãðàìì.
Ïîäñêàæèòå, êàê âîññòàíîâèòü íàñòðîåííûé ñîôò? Ïåðåóñòàíàâëèâàòü è êîíôèãóðèðîâàòü âñ¸ çàíîâî íå õî÷åòñÿ. Óæ î÷åíü ìíîãî èçìåíåíèé áûëî âíåñåíî.
Èçâèíèòå, íå íàø¸ë êàê ñïðÿòàòü ïîä êàò:

Äèàãíîñòè÷åñêàÿ èíôîðìàöèÿ:
[PHP]

Status & Log - Diagnostic Information
Status Information


Linux version 2.6.22.19 (root@localhost) (gcc version 4.3.5 (GCC) ) #1 Sun May 15 14:38:52 MSD 2011
1.9.2.7-rtn-r2972

Mon Jun 6 19:04:18 GMT 2011
19:04:18 up 37 min, load average: 0.00, 0.00, 0.00

IP Tables


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
37 1576 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
1876 292K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1 122 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
3341 501K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:80
770 75120 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 231 packets, 14760 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.224 udp dpt:56339
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DROP all -- !br0 vlan2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
0 0 DROP all -- * br0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 4887 packets, 1134K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0

Chain BRUTE (0 references)
pkts bytes target prot opt in out source destination

Chain MACS (0 references)
pkts bytes target prot opt in out source destination

Chain SECURITY (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW LOG flags 39 level 4 prefix `ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW LOG flags 39 level 4 prefix `DROP '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


Mount points


rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devfs on /dev type tmpfs (rw,noatime)
devpts on /dev/pts type devpts (rw)
tmpfs on /tmp type tmpfs (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/discs/discb/part3 on /tmp/mnt/discb_3 type ext3 (rw,noatime,data=ordered)
/dev/discs/discb/part2 on /tmp/mnt/discb_2 type ext3 (rw,noatime,data=ordered)
/dev/discs/disca/part1 on /tmp/mnt/disca_1 type ext3 (rw,noatime,data=ordered)
/dev/discs/discc/part3 on /tmp/mnt/discc_3 type ext3 (rw,noatime,data=ordered)
/dev/discs/discc/part2 on /tmp/mnt/discc_2 type ext3 (rw,noatime,data=ordered)


Filesystem info


Filesystem 1K-blocks Used Available Use% Mounted on
/dev/root 4608 4608 0 100% /
devfs 63364 0 63364 0% /dev
tmpfs 63364 220 63144 0% /tmp
/dev/discs/discb/part3
716988 17864 662704 3% /tmp/mnt/discb_3
/dev/discs/discb/part2
986104 281656 654356 30% /tmp/mnt/discb_2
/dev/discs/disca/part1
961432072 46023984 866570088 5% /tmp/mnt/disca_1
/dev/discs/discc/part3
716988 17864 662704 3% /tmp/mnt/discc_3
/dev/discs/discc/part2
986104 281656 654356 30% /tmp/mnt/discc_2


Partitions


major minor #blocks name

31 0 256 mtdblock0
31 1 32384 mtdblock1
31 2 31359 mtdblock2
31 3 128 mtdblock3
31 4 26624 mtdblock4
8 0 976762584 sda
8 1 976760001 sda1
8 32 1982464 sdc
8 33 251906 sdc1
8 34 1001889 sdc2
8 35 728469 sdc3


USB HDD info


Attached devices:

Host: scsi1 Channel: 00 Id: 00 Lun: 00
Vendor: WDC WD10 Model: EARS-00Y5B1 Rev: 0100
Type: Direct-Access ANSI SCSI revision: 02

Host: scsi2 Channel: 00 Id: 00 Lun: 00
Vendor: USB 2.0 Model: Flash Disk Rev: 1.00
Type: Direct-Access ANSI SCSI revision: 02

[max2007]

Ïåðåóñòàíàâëèâàòü è êîíôèãóðèðîâàòü âñ¸ çàíîâî íå õî÷åòñÿ

À ïðèéä¸òñÿ ,ýòî íàêàçàíèå çà áåçäóìíîå ïðèìåíåíèå ñêðèïòîâ

[h1Nt]

À ïðèéä¸òñÿ ,ýòî íàêàçàíèå çà áåçäóìíîå ïðèìåíåíèå ñêðèïòîâ

Ïîäñêàæèòå õîòÿ áû â ÷¸ì èìåííî ïðîáëåìà? ×òî áû èçáåæàòü ïîäîáíîãî â áóäóùåì.
Íåóæåëè âîññòàíîâèòü âîîáùå íåëüçÿ?

[aNGEl0]

×åñòíî ïîëüçîâàëñÿ ïîèñêîì. Íàøåë òîëüêî òàêèå æå âîïðîñû áåç îòâåòîâ.
Ïðèâîæó êóñîê ëîãà:

Code:

00:06:26 07-06-2011 (info|daemon|pptpd) pptpd[4380]: CTRL: Client 93.178.80.80 control connection started
00:06:27 07-06-2011 (info|daemon|pptpd) pptpd[4380]: CTRL: Starting call (launching pppd, opening GRE)
00:06:27 07-06-2011 (notice|daemon|pppd) pppd[4381]: pppd 2.4.5 started by root, uid 0
00:06:27 07-06-2011 (info|daemon|pppd) pppd[4381]: Using interface ppp1
00:06:27 07-06-2011 (notice|daemon|pppd) pppd[4381]: Connect: ppp1 <--> /dev/pts/0
00:06:27 07-06-2011 (err|daemon|pptpd) pptpd[4380]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
00:06:28 07-06-2011 (notice|daemon|pppd) pppd[4381]: MPPC/MPPE 128-bit stateful compression enabled
00:06:28 07-06-2011 (notice|daemon|pppd) pppd[4381]: local  IP address 10.0.0.1
00:06:28 07-06-2011 (notice|daemon|pppd) pppd[4381]: remote IP address 10.0.0.10
00:07:07 07-06-2011 (emerg|user|client) client: Synchronizing time with ntp1.vniiftri.ru...
00:09:41 07-06-2011 (notice|authpriv|dropbear) dropbear[4464]: password auth succeeded for \'root\' from 93.178.80.80:4688
00:16:20 07-06-2011 (info|daemon|pppd) pppd[4381]: LCP terminated by peer (H&g2^@ vlan1
Jan  1 03:00:25 pppd[308]: PAP authentication succeeded

Îïèñûâàþ ñóòü ïðîáëåìû: ïîäêëþ÷àþñü ïî VPN ê ðîóòåðó - âñå íîðìàëüíî, äî ëîêàëêè äîáèðàþñü, êîðî÷å - âñå ðàáîòàåò.
Îòêëþ÷àþñü (ïîä÷åðêíóòàÿ çàïèñü â ëîãå). Ïîòîì ñíîâà ïîäêëþ÷àþñü, îòêëþ÷àþñü - ñêîëüêî óãîäíî ðàç. Ïðè ýòîì âñå îñòàëüíûå ñåðâèñû ðàáîòàþò (http, ftp è ïðî÷åå). Ïîäêëþ÷àþñü ÷åðåç ïóòòè è ñìîòðþ ëîã - À òàì ïîñëåäíåé ñòðî÷êîé çíà÷èòñÿ òà ñàìàÿ

Code:

00:16:20 07-06-2011 (info|daemon|pppd) pppd[4381]: LCP terminated by peer (H&g2^@ vlan1

. Âñå. Ìîæåò ïðîéòè ÷àñ, äâà, òðè.. À íîâûõ çàïèñåé íå äîáàâèòñÿ. Äàëåå - äåëàþ ðåáóò, è ïîñëå ðåáóòà â ëîãå ïîÿâëÿåòñÿ çàïèñü

Code:

Jan  1 03:00:25 pppd[308]: PAP authentication succeeded

è âñå ïîåõàëî çàãðóæàòüñÿ.
 ïðèíöèïå, ïîâòîðþñü - âñå ðàáîòàåò, íàðåêàíèé íåò. Íî âîò òîò ôàêò, ÷òî ïîñëå îòêëþ÷åíèÿ îò âïí â ëîã íè÷åãî íå ïèøåòñÿ - î÷åíü íàïðÿãàåò. Êàêèå èäåè ïî ýòîìó ïîâîäó?

ç.û. åñëè ìíå íå èçìåíÿåò ïàìÿòü, â ðåäêèõ ñëó÷àÿõ, ïîñëå äèñêîííåêòà çàïèñü â ëîã âåäåòñÿ. Íî ýòî â î÷åíü ðåäêèõ ñëó÷àÿõ.

pptpd.conf

Code:

option /opt/etc/ppp/options.pptpd

localip 10.0.0.1
remoteip 10.0.0.10-20

options.pptpd

Code:

name pptpd

refuse-pap
refuse-chap
refuse-mschap
refuse-eap

require-mschap-v2
require-mppe-128

ms-dns 10.0.0.1
ms-dns 192.168.111.1

lock

nobsdcomp 

novj
novjccomp

nodefaultroute

===============================
Ïðîáëåìà îêàçàëàñü íå â poptop èëè syslog-ng à.. â âûâîäå ëîãà â âåá (íå ðîäíîé âåá-èíòåðôåéñ, à äîïîëíèòåëüíûé)
Òàê âîò, âûâîä áûë îðãàíèçîâàí òàê:

Code:

<br><pre>`tail -n 5000 /tmp/syslog.log`</pre>

à â ëîã ïèñàëàñü òàêàÿ ñòðîêà:

Code:

10:37:08 09-06-2011 (info|daemon|pppd) pppd[12139]: LCP terminated by peer (*/XM-x^@<M-Mt^@^@^@^@)

È HTML, åñòåñòâåííî, âîñïðèíèìàë ñèìâîë '<' êàê îòêðûòèå êàêîãî-òî òåãà, â ðåçóëüòàòå ÷åãî, âñÿ ïîñëåäóþùàÿ èíôîðìàöèÿ ÍÅ âûâîäèëàñü â îæèäàíèè çàêðûòèÿ òåãà ñèìâîëîì '>'.
Èñïðàâèë îðãàíèçàöèåé âûâîäà ÷åðåç sed ñ çàìåíîé ñèìâîëà '<' íà '&lt;'

[aNGEl0]

Ïîäñêàæèòå õîòÿ áû â ÷¸ì èìåííî ïðîáëåìà? ×òî áû èçáåæàòü ïîäîáíîãî â áóäóùåì.
Íåóæåëè âîññòàíîâèòü âîîáùå íåëüçÿ?

http://tinyurl.com/6gr46yz

[sasha502]

PopTop Installation IMHO
Ïðåäûñòîðèÿ
Âñå íà÷àëîñü ñ òîãî ÷òî òðåáîâàëîñü îðãàíèçîâàòü äîñòóï ê âíóòðåííåé ñåòè, ñòàíäàðòíûìè ñðåäñòâàìè windows ( 98 % ó ìåíÿ ñ ñîáîé íîóò ) íàïðèìåð èç èíòåðíåò-êàôå, OpenVPN ìíå íå ïîäõîäèë(êîíå÷íî ìîæíî òàñêàòü ôëåøêó ñ äèñòðèáóòèâîì è ñåðòèôèêàòîì ÍÎ!!)
Òàê êàê âíÿòíî îòâåòèòü êàê ïîñòàâèòü äàííîå ÷óäî(POPTOP) íà Asus Wl500gp íå êòî íå ìîã, à â ðóññêîì ôîðóìå áîëüøå âîïðîñîâ, ÷åì îòâåòîâ, ïðèøëîñü ðàçáèðàåòñÿ ñàìîìó (à â Linux ÿ ïðàêòè÷åñêè íîëü).
Ñðàçó ïðåäóïðåæäàþ ÷òî ðàáîòàåò POPTOP íà ïðîøèâêè Îëåãà 1.9.2.7.-10 è ×åøñêîé íå ñòàáèëüíî, âåðíåå ñòàáèëüíî ñ 4-5 ïîïûòêå, íî íå îòâàëèâàåòñÿ. Ïðè÷èíà òàêîãî íå ñòàáèëüíîãî ïîâåäåíèÿ ñòàðûé ìîäóëè IPTABLES.
Íà ïðîøèâêè lly & TheMiron âñå ïðåêðàñíî ðàáîòàåò ïðîâåðÿëîñü íà R160 è R191, çà ÷òî èì îãðîìíîå ñïàñèáî.
Èñõîäíûå äàííûå
Ëîêàëüíàÿ ñåòü-192.168.40.240/28
Íàñòðîéêè DHCP- 192.168.40.242-247
Ñåðâåð (wl500gp)-192.168.40.241
Íàñòðîéêè VPN
VPN ñåðâåð -192.168.40.250
VPN êëèåíòû-192.168.40.251-253
Äëÿ îáëåã÷åíèÿ âñåãî ïðîöåññà óñòàíîâêè íàïèñàë ñêðèïò êîòîðûé ïðèâîæó íèæå, òå êòî õî÷åò, ìîæåò ââîäèòü ðóêàìè ( ïåðâûé ðàç äàæå æåëàòåëüíî!!!). Äëÿ óñòàíîâêè íàì ïîíàäîáèòñÿ ÷èñòàÿ ôëåøêà. Ñêîïèðóéòå ôàéëû íà ÷èñòóþ ôëåøêó è â òåëíåòå âûïîëíèòå ñëåäóþùóþ êîìàíäó

Code:

chmod +x /tmp/mnt/disc0/install-poptop
/tmp/mnt/disc0/install-poptop

Âîò ñàì ñêðèïò

Code:

#!/bin/sh

# Èçìåíèòå êðàñíûé òåêñ íà ñâîè ïàðàìåòðû
# Change the red text in your settings

# Ñîçäàåì äèðåêòîðèþ êóäà âñå áóäåì ñòàâèòü
# Create istall directory
mkdir /tmp/local/opt

# Ìîíòèðóåì åå â /opt
# Mount it in / opt
mount /tmp/local/opt /opt

# Îáíîâëÿåì ñïèñîê äîñòóïíûõ äëÿ óñòàíîâêè ïàêåòîâ
# update a list of available packages for installation
ipkg.sh update

# Óñòàíàâëèâàåì óñòàíîâùèê ïàêåòîâ ipkg
# Install the installer package ipkg
ipkg.sh install ipkg-opt

# Îáíîâëÿåì ñïèñîê äîñòóïíûõ äëÿ óñòàíîâêè ïàêåòîâ
# Refreshes the list of available packages for installation
ipkg update

# ñòàâèì poptop
# install poptop
ipkg install poptop

# ñîçäàåì äèðåêòîðèþ Var, ÷òîá â ëîãàõ íå ðóãàëñÿ íà åå îòñóòñòâèå
# Make a directory Var
mkdir /opt/var/
mkdir /opt/var/run/

# Êîììåíòèðóåì íå íóæíîå
# Comment is not correct
sed -i 's/logwtmp/# logwtmp/g' /opt/etc/pptpd.conf
# Äîáàâëÿåì IP VPN ñåðâåðà è ñåòè
# Add IP VPN server, and  VPN network
echo "localip 192.168.40.250
remoteip 192.168.40.251-253" >> /opt/etc/pptpd.conf

# Äîáàâëÿåì äàííûå â options.pptpd
# Add  data in the options.pptpd
sed -i '67 a\ms-dns 192.168.40.241' /opt/etc/ppp/options.pptpd
echo "
novj
novjccomp

# Disable change default route
nodefaultroute" >> /opt/etc/ppp/options.pptpd


# Äîáàâëÿåì äàííûå /tmp/ppp/chap-secrets
# * îçíà÷àåò ïðèñâàåíèå äîñòóïíîãî IP àäðåñà èç äîñòóïíîãî äèàïîçîíà
# add data / tmp / ppp / chap-secrets
# * Available from the VPN IP address range
echo "# PPP CHAP secrets file.
# See pppd(1) for file format.

# Secrets for authentication using CHAP
# client        server  secret      IP addresses
test            pptpd   "test"       *

# For ppp patched with smbauth you use
# *     pptpd   &/etc/samba/smbpasswd" > /tmp/ppp/chap-secrets
chmod go-rw /tmp/ppp/chap-secrets


# Ñîçäàåì äèðåêòîðèþ äëÿ ïîëüçîâàòåëüñêèõ ñêðèïòîâ
# Create a directory for user scripts
mkdir /usr/local/sbin

# Ñîçäàåì ôàéë post-boot äëÿ çàïóñêà poptop ñåðâåðà
# Äåëàåì ñèìëèíê íà chap-secret
# Create a file post-boot to start the poptop server
# Make symlink to the chap-secret
echo "#!/bin/sh
mount /tmp/local/opt /opt
/opt/etc/init.d/S20poptop start
ln -s /tmp/ppp/chap-secrets /opt/etc/ppp/" > /usr/local/sbin/post-boot

# Ñîçäàåì post-firewall ñ ïàðàìåòðàìè poptop
# Create a post-firewall, with settings poptop
echo "#!/bin/sh
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 1723 -j ACCEPT
iptables -I OUTPUT -p 47 -j ACCEPT
iptables -I INPUT -p 47 -j ACCEPT
iptables -I INPUT -i ppp+ -j ACCEPT
iptables -I FORWARD -i ppp+ -j ACCEPT
iptables -I FORWARD -o ppp+ -j ACCEPT
iptables -I OUTPUT -o ppp+ -j ACCEPT" > /usr/local/sbin/post-firewall

# Äåëàåì ôàéëû /usr/local/sbin/ èñïîëíÿåìûìè
# Do the all scrips executable
chmod +x /usr/local/sbin/*


# Cîõðàíÿòü âî ôëýø ñêðèïòû
# Saves in flash scripts
echo "/usr/local/sbin/post-firewall
/usr/local/sbin/post-boot
/tmp/ppp/chap-secrets" > /usr/local/.files


# ñîõðàíÿåì âñå
# Seved all
flashfs save
flashfs commit
flashfs enable
reboot

Ïðîøó íå ãëÿäÿ íå óñòàíàâëèâàòü ïî äàíîìó ñêðèïòó íå èçìåíèâ íàñòðîéêè ïîä Âàøè ïàðàìåòðû. ÄÀ åùå â ñêðèïòå åñòü ÎØÈÁÊÈ ÊÒÎ ÍÀÉÄÅÒ !!!???

íàñ÷¸ò îøèáêè ppp+ ïîìåíÿòü íà ppp1

[melnikdima]

Óñòàíîâèë ïî âàøåé èíñòðóêöèè.

Òàêàÿ ïðîáëåìà.
åñëè ïîäêëþ÷àòüñÿ èç âíåøíåé ñåòè òî ñîåäèíåíèå íå óñòàíàâëèâàåòñÿ, çàâèñàåò íà ïðîâåðêå ëîãèíà è ïàðîëÿ

Åñëè ïîäëþ÷àòüñÿ èç ëîêàëüíîé ñåòè òî ïîäêëþ÷àåòñÿ, íî
PPP èíòåðôåéñ ñòàíîâèòñÿ íà ðîóòåðå èíòåðôåéñîì ïî óìîë÷àíèþ!!!!!!! õåëë



ïðè÷åì

Code:

[admin@ROUT root]$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.40.252  *               255.255.255.255 UH    0      0        0 ppp0
192.168.40.252  *               255.255.255.255 UH    0      0        0 ppp0
95.84.204.1     *               255.255.255.255 UH    0      0        0 vlan2
192.168.5.0     *               255.255.255.0   U     0      0        0 br0
95.84.204.0     *               255.255.252.0   U     0      0        0 vlan2
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.40.252  0.0.0.0         UG    0      0        0 ppp0
default         95.84.204.1     0.0.0.0         UG    0      0        0 vlan2

ïðè÷åì nodefaultroute ïðîïèñàí!!!

[elav]

Õî÷ó âåðíóòñÿ ê òåìå çàïðåòà êîìïðåññèè è øèôðîâàíèÿ, ÷òîáû óâåëè÷èòü ñêîðîñòü è óìåíüøèòü íàãðóçêó íà ïðîöåññîð ðîóòåðà. Ðàíüøå ÿ óæå ïðîáîâàë ýêñïåðèìåíòèðîâàòü ñ ïàðàìåòðàìè â options.pptpd, íî áåçðåçóëüòàòíî, ìàêñèìóì äîáèëñÿ òîãî ÷òî äîáàâèë
nomppc
nomppe
Ïðè ýòîì êëèåíò â âèäå dir-320 ñ ïðîøèâêîé àäàïòèðîâàííîé âàìïèêîì íåñîåäèíèÿåòñÿ à âëîãå èäóò îøèáêè
Oct 31 13:55:35 pppd[411]: found interface br0 for proxy arp
Oct 31 13:55:35 pppd[411]: local IP address 192.168.10.1
Oct 31 13:55:35 pppd[411]: remote IP address 192.168.10.240
Oct 31 13:55:35 pppd[411]: Received bad configure-ack:
Oct 31 13:55:38 kernel: mppe_decomp_alloc: options rejected: o[0]=12, o[1]=06, o[2]=00, o[3]=00, o[4]=00, o[5]=00
Oct 31 13:55:38 pppd[411]: Received bad configure-ack:

Âðîäå êàê ìîæíî åãî çàñòàâèòü ñîåäèíÿòñÿ ïðîïèñàâ Additional pppd options ñëîâà "nomppe nomppc" íî êàê áûòü ñ êëèåíòàìè windows?

Ñåé÷àñ ó ìåíÿ ñåêöèÿ êîíôèãà âûãëÿäèò êàê
# Disable BSD-Compress compression
nobsdcomp
novj
novjccomp
nodefaultroute
ip-up-script /opt/etc/ppp/ip-up
ip-down-script /opt/etc/ppp/ip-down

Íî ïðè ñîåäèíåíèè êëèåíòà â ëîãå ïèøåòñÿ MPPC/MPPE 128-bit stateful compression enabled
Ïðè ýòîì poptop çàïóùåí íà wnr3500l, â ðåçóëüòàòå êëèåíò dir-320 ìàêñèìóì êà÷àåò 5mbit çàãðóçêà ïðîöà íà íåì ïîä 100% íà ñåðâåðå çàãðóçêà ïðîöà 60%. Êëèåíò ïîä âèíäîâñ êà÷àåò 10mbit, íî çàãðóçêà íà ñåðâåðå 100%, ïîäñêàæèòå êàê îòêëþ÷èòü êîìïðåññèþ è ïîäíÿòü ñêîðîñòü? Æåëòåëüíî ÷òîáû íåïðèøëîñü ïåðåíàñòðàèâàòü êëèåíòû.

[chekalin]

À ìîæåò ðó÷êàìè ìîæíî ñìåíèòü ìàê ó âïí êëèåíòà ? Ýòî âîçìîæíî? Åñëè äà òî êàê?

Êòî-íèáóäü ìîæåò îòâåòèòü ìîæíî ëè êëèåíòîâ ïîïòîïà âûïóñêàòü ñî ñâîèìè ìàêàìè ?
À ìîæåò êàêíèáóäü çàñòàâèòü ïðè ïîäêëþ÷åíèè êàêòî ïîëó÷àòü àäðåñ îò äõöï ðîóòåðà ? Ýòî áûëîáû øèêàðíî

[someoneelse]

Õî÷ó âåðíóòñÿ ê òåìå çàïðåòà êîìïðåññèè è øèôðîâàíèÿ, ÷òîáû óâåëè÷èòü ñêîðîñòü è óìåíüøèòü íàãðóçêó íà ïðîöåññîð ðîóòåðà. Ðàíüøå ÿ óæå ïðîáîâàë ýêñïåðèìåíòèðîâàòü ñ ïàðàìåòðàìè â options.pptpd, íî áåçðåçóëüòàòíî, ìàêñèìóì äîáèëñÿ òîãî ÷òî äîáàâèë
nomppc
nomppe
<...>
Ïðè ýòîì poptop çàïóùåí íà wnr3500l, â ðåçóëüòàòå êëèåíò dir-320 ìàêñèìóì êà÷àåò 5mbit çàãðóçêà ïðîöà íà íåì ïîä 100% íà ñåðâåðå çàãðóçêà ïðîöà 60%. Êëèåíò ïîä âèíäîâñ êà÷àåò 10mbit, íî çàãðóçêà íà ñåðâåðå 100%, ïîäñêàæèòå êàê îòêëþ÷èòü êîìïðåññèþ è ïîäíÿòü ñêîðîñòü? Æåëòåëüíî ÷òîáû íåïðèøëîñü ïåðåíàñòðàèâàòü êëèåíòû.

Äîáðûé äåíü!!
Âîò ìîè íàáëþäåíèÿ ïî ïîâîäó ñíèçèòü íàãðóçêó íà ïðîöåññîð è îòêëþ÷èòü êîìïðåññèþ â pptp poptop

Äàíî:
ðîóòåð asus RT-N16
Firmware Release 1.9.2.7-rtn-r2775
poptop - 1.2.1-1

Ó ìåíÿ ñèòóàöèÿ òàêàÿ - ðîóòåð ïîäêëþ÷åí ê èíòåðíåòó ïî òóííåëþ pppoe, êàê êëèåíò. Äàëüøå íà ðîóòåðå óñòàíîâëåí ñåðâåð pptp, è ê íåìó ïîäêëþ÷åí êëèåíò èç winxp, êîòîðûé ÷åðåç ýòîò òóíåëü ïîëüçóåò èíòåðíåò(web + òîððåíò). Òî åñòü ïðîöåññîð, êàê ÿ ïîíèìàþ, ñíà÷àëà îáðàáàòûâàåò âõîäÿùèé ïàêåò îò ïðîâàéäåðà, âûíèìàåò åãî èç pppoe òóíåëÿ, ïîòîì àíàëèçèðóåò åãî, è ïîòîì øèôðóåò è çàâàðà÷èâàåò åãî â òóíåëü pptp äëÿ êëèåíòà. Ðåçóëüòàòû ñêîðîñòè ÿ ñìîòðåë íà êëèåíòå pptp. Âåñü òðàôèê ôèçè÷åñêè øåë ÷åðåç wan èíòåðôåéñ, ó ìåíÿ îí íàçûâàåòñÿ vlan2, êàê îò ïðàâàéäåðà â ðîóòåð(÷åðåç ppp0), òàê è îò ðîóòåðà ê êëèåíòó (÷åðåç ppp1). Çàÿâëåííàÿ ñêîðîñòü îò ïðîâàéäåðà - 4ÌÁ/Ñ.


Èçíà÷àëüíî âîò êàêèå áûëè ðåçóëüòàòû(äî îòêëþ÷åíèÿ êîìïðåññèè) - ñëåâà íà ðèñóíêå - ñêà÷èâàíèå ôèëüìà èç ìåñòíîé ëîêàëüíîé ñåòè íà ñêîðîñòè 1350-1500êá/ñ(îäíî ñîåäèíåíèå), ñïðàâîé ñòîðîíû ãðàôèêè ïîêàçûâàåò ðàáîòó òîððåíò ïðè ñêà÷êå ôèëüìà íà ñêîðîñòè îêîëî 624 êá/ñ(íåñêîëüêî ñîåäèíåíèé ñ ðàçíûìè êîìïüþòåðàìè).


Ïîñëå îòêëþ÷åíèÿ êîìïðåññèè ïî ñðåäñòâàì âîò òàêîé çàïèñè â /opt/etc/ppp/options.pptpd

Code:

# Disable BSD-Compress compression
nobsdcomp
novj
novjccomp
nomppe
nomppc

Ñòàëî(ñëåâà ôèëüì 1560 êá/ñ-îäíî ñîåäèíåíèå, ñïðàâà òîððåíò 624êá/ñ-íåñêîëüêî ñîåäèíåíèé)




Ïîñëå òîãî êàê ïîäñîåíèÿåòñÿ êëèåíò â ëîãàõ íè÷åãî íåò ïðî "MPPC/MPPE 128-bit stateful compression enabled". Êëèåíò ïîäñîåäèíÿåòñÿ èç winxp, êîíå÷íî æå â íåàñòðîéêàõ ñîåäèíåíèÿ pptp â winxp ó ìåíÿ íåò ôëàãà - îòêëþ÷àòüñÿ åñëè íå øèôðîâàíèÿ.

Âîò ÷òî íàïèñàíî ó ìåíÿ â /usr/local/sbin/post-firewal, áåç ïîñëåäíèõ 4 ñòðîê î÷åíü ñòðàäàë - ó êëèåíòà íå áûëî èíòåðíåòà. Äóìàþ, 2 ïîñëåäíèå íå îáÿçàòåëüíû, íî ëó÷øå ïðîâåðèòü ñàìèì.

Code:

iptables -t nat -A  PREROUTING -p tcp --dport 1723 -j ACCEPT 
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT 
iptables -I OUTPUT -p 47 -j ACCEPT 
iptables -I INPUT -p 47 -j ACCEPT
iptables -I FORWARD -i ppp+ -j ACCEPT
iptables -I FORWARD -o ppp+ -j ACCEPT
iptables -I INPUT -i ppp+ -j ACCEPT
iptables -I OUTPUT -o ppp+ -j ACCEPT

Íî ïîòîì, âêëþ÷èâ èíòóèöèþ, ìåíÿ îñåíèëî - õâàòèò èñïîëüçîâàòü òîííåëü!! È ïîïðîñèë iptables, ñäåëàòü ðîóòåð øëþçîì. Ïîñëå ýòîãî ñêîðîñòè ñòàëè âîò òàêèå - ñêà÷êà ôèëüìà ïî ëîêàëêå ìåñòíîé - 2500 êá/ñ, òîððåíò â ìîìåíòå äî 3500 êá/ñ(èç èíòåðíåòà). Ïîëó÷èëñÿ - øëþç ÷åðåç wan, èëè äîñòóï â èíòåðíåò ÷åðåç wan, gateway via wan.

êîììàíäà äëÿ iptables âîò òàêàÿ

Code:

iptables -I FORWARD -i vlan2 -o ppp0 -j ACCEPT
# âñå ðàáîòàåò è áåç âòîðîé ñòðî÷êè, íî â èíòåðíåòå òàê íàïèñàíî áûëî
iptables -I FORWARD -i ppp0 -o vlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT

Ïîòîì íà êëèåíòå óêàçûâàåì â íàñòðîéêàõ IPv4 øëþç - ip ðîóòåðà, ñâîé ip(ïîìíèì ïðî òî, ÷òîáû ðîóòåð è êëèåíò áûëè â îäíîé ïîäñåòè), ìàñêó è îáÿçàòåëüíî dns îáùåäîñòóïíûå èç èíòåðíåòà. Ìîè ëþáèìûå äíñ 208.67.222.222, 8.8.8.8.

p.s. ïîòîì åùå ðàç îñåíèëî - ÿ âòèõîðÿ íàñòðîèë íà ðàáîòó â ðåæèìå øëþç ðîóòåð ñîñåäà - zyxel keenetic. Ñëàâà áîãó keenetic òîæå íà ëèíóêñå, è ó ñîñåäà êàíàë èíòåðíåòà ïîòîëùå â 2 ðàçà - ìîæíî çà ñâîé èíòåðíåò è íå ïëàòèòü. Íî ýòî ýòî óæå ñîâñåì äðóãàÿ èñòîðèÿ, äðóçüÿ

[skuwakin]

Äîáðîãî âðåìåíè ñóòîê. Íåäàâíî êóïèë huawei 353, ïðèöåïèë åãî ó ñâîåìó ñòàðè÷êó wl-500w. Ê ìîåìó áîëüøîìó è åò-íî ïðèÿòíîìó óäèâëåíèþ, ìîäåì çàðàáîòàë ñðàçó áåç êàêèõ áû òî íå áûëî áóáíîâ. Çà ÷òî îãðîìíîå ñïàñèáî ýíòóçèàñòàì! È âñå áûëî áû õîðîøî, åñëè áû íå vpn... Ýòîò ìîäå íå õî÷åò êîííåêòèòñÿ ê ìîåìó poptop vpn ñåðâåðó íà rt-n66u èç ïîä win xp sp3. (êîä îøèáêè 619, áûâàåò åùå 778) Íî ïðè ýòîì ñ òîé æå ñàìîé âèíäû è òîãî æå ñàìîãî vpn ñîåäèíåíèÿ ÷åðåç ñìàðòôîí âñå êîííåêòèòñÿ íà óðà.  èíåòå ïðî÷èòàë ÷òî, ÷òî íå ëþáèò ndis vpn, âûêëþ÷èìë åãî, è âñå ðàâíî íåò êîííåêòà ïî vpn. Ïîäñêàæèòå ïëèç êóäà åùå ïîêîïàòü.

upd. ëîãèêó ìîäåðàòîðà ÿ íå ïîíÿë... ïðè ÷åì òóò óñòàíîâêà poptop... Íè÷åãî óñòàíàâëèâàòü íå íàäî, âñå óæå óñòàíîâëåíî..."äî íàñ..." è âñå ðàáîòàåò, êðîìå êàê ïî õó.âåþ 353...

upd2 äîáàâèë äâà ëîãà. îäèí õîðîøèé, ïðè êîííåêòå ñ nokia e72, äðóãîé îøèáî÷íûé - ñ huawei 353

[skuwakin]

Ñàì ñåáå è îòâå÷ó. Ìîæåò åùå êîìó ñãîäèòñÿ. Ïðè÷èíó íåðàáîòû poprop ìíå âûÿñíèòü òàê è íà óäàëîñü. Íèêàêèå ìàíèïóëÿöèè íå ïîìîãëè. Íî íåò õóäà áåç äîáðà...  ðåçóëüòàòå áûëè ïîëó÷èíû ïîëåçíûå ñâåäåíèÿ:

1. wl-500w îêàçûâàåòñÿ óìååò ðàáîòàòü äàæå ñî ñìàðòôîíàìè íîêèÿ, â ÷àñòíîñòè ñ nokia e72.
2. òîìàòíàÿ ïðîøèâêà âåñüìà íåïëîõî ðàáîòàåò ñ openvp.

â èòîãå ïðîáëåìà çàõîäà ïî vpn â äîìàøíþþ ñåòü áûëà ðåøåíà ïðè ïîìîùèè ñëåä.ñõåìû

íîóò->win xp->openvpn client->wl-500w-huawei353->rt-n66u->openvpn serv-home network