LINUX.ORG.RU
ФорумAdmin

Опять про VPN. Маршрутизация


0

0

Помогите с маршрутами. Плиз.

Настроил подключение. Соединение происходит, вроде правильно.
Лог соединения:
pptpconfig: debug information dump begins
WARNING: security sensitive information follows
pptpconfig 1.8 2006/04/06 06:22:26
# pppd --version
pppd version 2.4.3
# uname -a
Linux localhost.localdomain 2.6.17-1.2157_FC5 #1 Tue Jul 11 22:55:46 EDT 2006 i686 athlon i386 GNU/Linux
# modinfo ppp_mppe || modinfo ppp_mppe_mppc
filename:       /lib/modules/2.6.17-1.2157_FC5/kernel/drivers/net/ppp_mppe.ko
author:         Frank Cusack <fcusack@fcusack.com>
description:    Point-to-Point Protocol Microsoft Point-to-Point Encryption support
license:        Dual BSD/GPL
alias:          ppp-compress-18
version:        1.0.2
vermagic:       2.6.17-1.2157_FC5 mod_unload 686 REGPARM 4KSTACKS gcc-4.1
depends:        ppp_generic
srcversion:     6B88E623CA7C4D7FE2F11FA
# grep mppe /proc/modules
ppp_mppe 7109 0 - Live 0xe0b9a000
ppp_generic 29397 3 ppp_mppe,ppp_deflate,ppp_async, Live 0xe0b91000
Array
(
    [name] => garanta
    [server] => 80.72.112.118
    [domain] => (hidden by pptpconfig)
    [username] => 00082
    [password] => (hidden by pptpconfig)
    [pppd-options] =>
    [pptp-options] =>
    [resolv] =>
    [dns-options] =>
    [routing] => routing_interface_only
    [usepeerdns] => 1
    [require-mppe] => 1
    [nomppe-40] => 1
    [nomppe-128] => 1
    [refuse-eap] => 1
    [mppe-stateful] => 1
    [autostart] =>
    [iconify] =>
    [persist] =>
    [debug] => 1
    [client-to-lan] =>
)
# route -n (before pppd)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0
pptpconfig: debug information dump ends, starting pppd
pppd options in effect:
debug        # (from /etc/ppp/peers/garanta)
updetach        # (from command line)
logfd 1        # (from command line)
linkname garanta        # (from /etc/ppp/peers/garanta)
dump        # (from /etc/ppp/peers/garanta)
noauth        # (from /etc/ppp/options.pptp)
refuse-chap        # (from /etc/ppp/options.pptp)
refuse-mschap        # (from /etc/ppp/options.pptp)
refuse-eap        # (from /etc/ppp/options.pptp)
name garanta.ru\\00082        # (from /etc/ppp/peers/garanta)
remotename garanta        # (from /etc/ppp/peers/garanta)
        # (from /etc/ppp/options.pptp)
pty pptp 80.72.112.118 --nolaunchpppd         # (from /etc/ppp/peers/garanta)
ipparam garanta        # (from /etc/ppp/peers/garanta)
usepeerdns        # (from /etc/ppp/peers/garanta)
nobsdcomp        # (from /etc/ppp/options.pptp)
nodeflate        # (from /etc/ppp/options.pptp)
        # (from /etc/ppp/peers/garanta)
        # (from /etc/ppp/peers/garanta)
require-mppe-128        # (from /etc/ppp/options.pptp)
nomppe-128        # (from /etc/ppp/peers/garanta)
mppe-stateful        # (from /etc/ppp/peers/garanta)
using channel 13
Using interface ppp0pptpconfig: monitoring interface ppp0

Connect: ppp0 <--> /dev/pts/3
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x73f30fe5> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x3ceed1fd> <quality lqr 00 00 0b b8> <auth chap MD5>]
sent [LCP ConfRej id=0x1 <quality lqr 00 00 0b b8>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x73f30fe5> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x3ceed1fd> <auth chap MD5>]
sent [LCP ConfNak id=0x2 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x3 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x3ceed1fd> <auth chap MS-v2>]
sent [LCP ConfAck id=0x3 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x3ceed1fd> <auth chap MS-v2>]
rcvd [CHAP Challenge id=0x1 <e83601593c7e89c51eeb78362147ddb5>, name = ""]
sent [CHAP Response id=0x1 & #60;4364852e1e2025fbfe97177fcf06f51500000000000000008f2df40af2658560c377a463f0cf

45076a62287678dc8ccb00>, name = "garanta.ru\\00082"]
rcvd [CHAP Success id=0x1 "S=68FE14C75170FC99E0B3D2E231CEFB0CAD001787"]
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe -H +M +S +L -D -C>]
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x1 <addr 2.2.2.2> <compress VJ 0f 01>]
sent [IPCP TermAck id=0x1]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x2 <mppe -H -M +S -L -D -C>]
sent [CCP ConfAck id=0x2 <mppe -H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [IPCP ConfNak id=0x1 <addr 10.100.0.82> <ms-dns1 80.72.123.2> <ms-dns3 80.72.114.2>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.100.0.82> <ms-dns1 80.72.123.2> <ms-dns3 80.72.114.2>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.100.0.82> <ms-dns1 80.72.123.2> <ms-dns3 80.72.114.2>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 10.100.0.82> <ms-dns1 80.72.123.2> <ms-dns3 80.72.114.2>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 10.100.0.82> <ms-dns1 80.72.123.2> <ms-dns3 80.72.114.2>]
rcvd [IPCP ConfReq id=0x2 <addr 2.2.2.2> <compress VJ 0f 01>]
sent [IPCP ConfAck id=0x2 <addr 2.2.2.2> <compress VJ 0f 01>]
local  IP address 10.100.0.82
remote IP address 2.2.2.2
primary   DNS address 80.72.123.2
secondary DNS address 80.72.114.2
# route -n (after pppd exit)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
2.2.2.2         0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0
pptpconfig: pppd process exit status 0 (started)
ip route replace 80.72.112.118 via 172.16.0.1 dev eth0  src 172.16.0.82
pptpconfig: DNS changes made to /etc/resolv.conf
pptpconfig: connected
# route -n (after completion)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
80.72.112.118   172.16.0.1      255.255.255.255 UGH   0      0        0 eth0
2.2.2.2         0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0

А ping не проходит.
# ping www.ya.ru
PING ya.ru (213.180.204.8) 56(84) bytes of data.

--- ya.ru ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5000ms


VPN сервер - 80.72.112.118
шлюз - 172.16.0.1 (наверно)
Таблица маршрутизации в конце лога соединения. Какие маршруты надо добавить/изменить подскажите плиз. Я в маршрутизации не шарю. :)

Заранее спасибо.

Re: Опять про VPN. Маршрутизация

у вас не создается дефолтный маршрут через туннель.

в pptpconfig добавте дополнительные опции defaultroute replacedefaultroute

lester_dev ★★★★★ ()
Ответ на: Re: Опять про VPN. Маршрутизация от lester_dev

Re: Опять про VPN. Маршрутизация

Сделал до поднятия соединения:

#route add 80.72.112.118 gw 172.16.0.1 #route del default

Поднял соединение, таблица маршруцизации после поднятия соединения:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
80.72.112.118 172.16.0.1 255.255.255.255 UGH 0 0 0 eth0
2.2.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 2.2.2.2 0.0.0.0 UG 0 0 0 ppp0

[root@localhost ~]# ping -c 5 2.2.2.2
PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data.

--- 2.2.2.2 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 3999ms

Пинги также не проходят.

Что еще можно попробывать

burlaka ()
Ответ на: Re: Опять про VPN. Маршрутизация от burlaka

Re: Опять про VPN. Маршрутизация

Решено.

Вот с таким конфигом заработало.

# cat  /etc/ppp/peers/nlink 
linkname nlink
pty "/usr/sbin/pptp 192.168.10.1 --nolaunchpppd"

usepeerdns

name n_maus
remotename vpn
asyncmap 0

lcp-echo-interval 30
lcp-echo-failure 4

persist

remotename vpn
defaultroute
noauth
asyncmap 0
crtscts
lock
hide-password
local
noproxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx

burlaka ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.