POPTOP install (óñòàíîâêà â îñíîâíóþ ïàìÿòü)

**dfayruzov** · 15-04-2009, 15:11

Originally Posted by darkside40

Could please someone make an english HowTo to this topic.

I am very interested in this feature (using Poptop on my WL-500gP), but cant find a proper HowTo and my russian is so bad

And Google Translate doesn't provide a lot of help here, yeah?

À ïî òåìå: ÿ ïîïðîáîâàë òêíóòüñÿ ñíàðóæè è ñðåçàëñÿ -- íå êîííåêòèòñÿ. Ïðàâèë:

Code:

# poptop
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

ÿâíî íåäîñòàòî÷íî.

Áóäó êîâûðÿòüñÿ äàëüøå, âîò òîëüêî ñòàëêåðà ïðîéäó. : )

**Wolfgun** · 15-04-2009, 21:59

Originally Posted by dfayruzov

And Google Translate doesn't provide a lot of help here, yeah?

À ïî òåìå: ÿ ïîïðîáîâàë òêíóòüñÿ ñíàðóæè è ñðåçàëñÿ -- íå êîííåêòèòñÿ. Ïðàâèë:

Code:

# poptop
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

ÿâíî íåäîñòàòî÷íî.

Áóäó êîâûðÿòüñÿ äàëüøå, âîò òîëüêî ñòàëêåðà ïðîéäó. : )

ipatebles - I INPUT-p 47 -j ACCEPT
iptables -I INPUT -p tcp --syn --dport 1723 -j ACCEPT
ïðàâèëüíûé ôàéðâîë òàêîé
iptables -t nat -A PREROUTING -p tcp --dport 1723 -j ACCEPT
ipatebles - I INPUT-p 47 -j ACCEPT
iptables -I INPUT -p tcp --syn --dport 1723 -j ACCEPT
iptables -I INPUT -p 47 -j ACCEPT

Îáÿçàòåëüíî â íà÷àëî òàáëèöû-I!!!! èíà÷å íå ðàáîòàåò !!!

**darkside40** · 16-04-2009, 08:29

Nope Google doesent help anything here.

**Wolfgun** · 16-04-2009, 09:03

Originally Posted by darkside40

Nope Google doesent help anything here.

I don't speak English.
Later Translate comments script.

**Wolfgun** · 16-04-2009, 09:42

Originally Posted by Madmess

Íå ïîëó÷àåòñÿ ðàçäàòü èíòåðíåò ÷åðåç ïîäíÿòûé vpn =(

Äîáàâëÿþ ïðàâèëî:

Code:

iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o eth1 -j MASQUERADE

10.0.1.0/24 - àäðåñà êëèåíòîâ vpn
eth1 - wan èíòåðôåéñ... 192.168.199.19 íà íåì âèñèò... íà ýòîò ip ÿ è êîíåê÷óñü ñ äðóãîãî êîìïà ïî ãîðîäñêîé ñåòè.

Âåñü ôàéë /usr/local/sbin/post-firewall òàêîé:

Code:

#!/bin/sh
iptables -P INPUT DROP
iptables -t nat -A PREROUTING -p tcp --syn --dport 1723 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o eth1 -j MASQUERADE
iptables -I INPUT -p tcp --syn --dport 1723 -j ACCEPT
iptables -I INPUT -p 47 -j ACCEPT
iptables -I OUTPUT -p 47 -j ACCEPT
iptables -I INPUT -p tcp --syn --dport 22 -j ACCEPT

Äîëæåí áûòü òàê

Code:

iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o vlan1 -j MASQUERADE

Åñëè ó Âàñ äîñòóï ê èíòåðíåòó, ïðåäîñòàâëÿåòñÿ ïðîâàéäåðîì ïî VPN òîãäà ppp0

**dfayruzov** · 16-04-2009, 09:43

Originally Posted by darkside40

Nope Google doesent help anything here.

ÎÊ, we'll try to write something after make this stuff working.

**Madmess** · 17-04-2009, 13:55

Originally Posted by Wolfgun

Äîëæåí áûòü òàê

Code:

iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o vlan1 -j MASQUERADE

Åñëè ó Âàñ äîñòóï ê èíòåðíåòó, ïðåäîñòàâëÿåòñÿ ïðîâàéäåðîì ïî VPN òîãäà ppp0

äà... pvn ó ìåíÿ... ÿ ïðîáîâàë ppp0 åùå ðàíüøå... íå ðàáîòàëî =(

p.s. ïðè÷åì åñëè óñòàëîâèòü vpn ñîåäèíåíèå ÷åðåç poptop ðàíüøå ÷åì ìîå ñîåäèíåíèå... òî poptop áóäåò ppp0, à ìîå ñîåäèíåíèå ppp1

**Wolfgun** · 17-04-2009, 14:22

Originally Posted by Madmess

p.s. ïðè÷åì åñëè óñòàëîâèòü vpn ñîåäèíåíèå ÷åðåç poptop ðàíüøå ÷åì ìîå ñîåäèíåíèå... òî poptop áóäåò ppp0, à ìîå ñîåäèíåíèå ppp1

Åñòåñòâåíî òàê è áóäåò, êòî ïåðâûé âñòàë òîãî è òàïêè

Äîáîâëÿéòå ïðàâèëî â íà÷àëî òàáëèöû ò.å. I

Ïîïðîáóéòå òàê
iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o vlan1 -j MASQUERADE
iptables -t nat -I POSTROUTING -i vlan1 -d 10.0.1.0/24 -j MASQUERADE
Åñëè ïîäñåòè ðàçíûå òî MASQUERADE íå çíàåò êóäà ïðîïóñêàòü !!!

**karter** · 21-04-2009, 09:12

Ìóæèêè ... Î÷åíü íàäî)) ...

Êàê ñîáñòâåííî îãðàíè÷èòü ñêîðîñòü êëèåíòàì pptp. Æåëàòåëüíî êîíå÷íî ñ ïðèâÿçêîé ê ëîãèíó, Ìíå ýòî ïðåäñòàâëÿåòñÿ âîçìîæíûì ñëåäóþùèì îáðàçîì - â chap-secrets ïðèâÿçûâàåò ëîãèí ê IP è íà IP âåøàåì øåéïåð (áûëî áû íå ïëîõî íà êëèåíòà ïîâåñèòü èíäèâèäóàëüíûé èíòåðôåéñ ppp äëÿ ïîäñ÷¸òà òðàôèêà â vnstat). Èç âñòðîåííîãî îãðèíè÷èòåëÿ ñêîðîñòè Bandwidth Management îãðèíè÷èòü ìíå íå óäàëîñü. Ñîîòâåòñòâåííî ïðè ïîäíÿòèè íåêîãî èíòåðôåéñà pppX íóæíî ÷òî áû âûïîëíÿëñÿ ñêðèïò êîòîðûé è îãðàíè÷èò ñêîðîñòü êëèåíòó. Ó êîãî êàêèå ìûñëè?

**Wolfgun** · 21-04-2009, 13:38

Ìóæèêè ... Î÷åíü íàäî)) ...

Êàê ñîáñòâåííî îãðàíè÷èòü ñêîðîñòü êëèåíòàì pptp. Æåëàòåëüíî êîíå÷íî ñ ïðèâÿçêîé ê ëîãèíó, Ìíå ýòî ïðåäñòàâëÿåòñÿ âîçìîæíûì ñëåäóþùèì îáðàçîì - â chap-secrets ïðèâÿçûâàåò ëîãèí ê IP è íà IP âåøàåì øåéïåð (áûëî áû íå ïëîõî íà êëèåíòà ïîâåñèòü èíäèâèäóàëüíûé èíòåðôåéñ ppp äëÿ ïîäñ÷¸òà òðàôèêà â vnstat). Èç âñòðîåííîãî îãðèíè÷èòåëÿ ñêîðîñòè Bandwidth Management îãðèíè÷èòü ìíå íå óäàëîñü. Ñîîòâåòñòâåííî ïðè ïîäíÿòèè íåêîãî èíòåðôåéñà pppX íóæíî ÷òî áû âûïîëíÿëñÿ ñêðèïò êîòîðûé è îãðàíè÷èò ñêîðîñòü êëèåíòó. Ó êîãî êàêèå ìûñëè?

Ñ ÷àï-ñåêðåòîì ðàçîáðàëñÿ

Âîáùå ìîæíî îãðàíè÷èòü âñåõ êëèåíòîâ pptpd áåç òàêîé ñëîæíîé êîíñòðóêöèè.
åñòü ïàðåìåòð â pptpd.conf (íå ïîìíþ òî÷íî ñèíòàêñèñ) maxspeedconect, êîòîðîé ðåðóëèðóåòñÿ ìàêñèìàëüíàÿ ñêîðîñòü ïîäêëþ÷åíèÿ.

**karter** · 21-04-2009, 17:37

Originally Posted by Wolfgun

Ñ ÷àï-ñåêðåòîì ðàçîáðàëñÿ

Âîáùå ìîæíî îãðàíè÷èòü âñåõ êëèåíòîâ pptpd áåç òàêîé ñëîæíîé êîíñòðóêöèè.
åñòü ïàðåìåòð â pptpd.conf (íå ïîìíþ òî÷íî ñèíòàêñèñ) maxspeedconect, êîòîðîé ðåðóëèðóåòñÿ ìàêñèìàëüíàÿ ñêîðîñòü ïîäêëþ÷åíèÿ.

Èçâðàùåíñêèé ñïîñîá íî ðàáîòàåò .... íà âðåìÿ ïîéä¸ò

â êðîí 1 ìèíóòà ïîëîæèë òàêîé ñêðèïò

Code:

#!/bin/sh

DEV1=`ip address show |awk '{if($4=="192.168.40.251/32")print $7}'`
DEV2=`ip address show |awk '{if($4=="192.168.40.252/32")print $7}'`

[ ! -z "`ifconfig|grep $DEV1`" ] && [ -z "`wshaper status $DEV1|grep Kbit`" ] && wshaper start $DEV1 80 80 && logger "Shaper: shape for neters enabled"
[ ! -z "`ifconfig|grep $DEV2`" ] && [ -z "`wshaper status $DEV2|grep Kbit`" ] && wshaper start $DEV2 128 128 && logger "Shaper: shape for oo7 enabled"

êàê ýòî ðàáîòàåò .. íàäî ïðèñâîèòü â ÷àï ñåêðåò IP ëîãèíó è ïåðåìåííûìè DEV1 èëè 2 ìû èùåì íà êàêîì ppp èíòåðôåéñå êðóòèòñÿ íàø èñêîìûé IP. à äàëåå åñëè åù¸ ýòîò èíòåðôåéñ ñóùåñòâóåò è íà í¸ì íåò øåéïåðà òî øåéïåð íàäî ïîâåñèòü íà âåñü èíòåðôåéñ ñ ñîîáùåíèåì â ñèñ ëîã

âîò êàê áû ýòî ñäåëàòü òàê ÷òî áû ïðîèñõîäèëî íå êàæäóþ ìèíóòó à ïðè ïîäíÿòèè pppX èíòåðôåéñà POPTOP'îì ... ýõõ

**al37919** · 21-04-2009, 19:40

âîò êàê áû ýòî ñäåëàòü òàê ÷òî áû ïðîèñõîäèëî íå êàæäóþ ìèíóòó à ïðè ïîäíÿòèè pppX èíòåðôåéñà POPTOP'îì ...

âðîäå óæå ïèñàëîñü --- íàñòðàèâàòü ñêðèïò ip-up

**karter** · 21-04-2009, 20:15

Originally Posted by al37919

âðîäå óæå ïèñàëîñü --- íàñòðàèâàòü ñêðèïò ip-up

ê ñîæàëåíèþ ÿ íå çíàþ êàê íàñòðîèòü â POPTOP ip up ñêðèïò

**al37919** · 21-04-2009, 20:25

ïîëàãàþ, ýòî äîëæåí áûòü ñêðèïò /opt/etc/ppp/ip-up

**karter** · 21-04-2009, 20:42

Originally Posted by al37919

ïîëàãàþ, ýòî äîëæåí áûòü ñêðèïò /opt/etc/ppp/ip-up

ïîëîæèë òóäà ñêðèïò - íå ðàáîòàåò.

âî

äîáàâèë â /opt/etc/ppp/options.pptpd ñòðî÷êó ip-up-script /opt/etc/ppp/ip-up è çàðàáîòàëî êàê íàäî

Code:

pptpd[4496]: CTRL: Client 192.168.1.5 control connection started
pptpd[4496]: CTRL: Starting call (launching pppd, opening GRE)
pppd[4497]: pppd 2.4.5 started by karter, uid 0
pppd[4497]: Using interface ppp1
pppd[4497]: Connect: ppp1 <--> /dev/pts/1
pppd[4497]: Warning - secret file /tmp/ppp/chap-secrets has world and/or group access
pptpd[4496]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Apppd[4497]: Cannot determine ethernet address for proxy ARP
pppd[4497]: local  IP address 192.168.40.250
pppd[4497]: remote IP address 192.168.40.252
kernel: HTB init, kernel part version 3.17
karter: Shaper: shape for oo7 enabled

Îñòàëèñü "ìåëî÷è"

Thread: POPTOP install (óñòàíîâêà â îñíîâíóþ ïàìÿòü)

Thread Tools

Rate This Thread

Display

Similar Threads

Óñòàíîâêà VLC íà ðîóòåð ?

Ïðîáëåìû ñ óñòàíîâêîé è íàñòðîéêîé VPN ñåðâåðà poptop

Óñòàíîâêà OpenVPN â îñíîâíóþ ïàìÿòü äëÿ ÍÎÂÈ×ÊÎÂ

lighttp and php tutorial

Tags for this Thread

Posting Permissions