Всем привет, не знаю, что уже делать. Подскажите, плз. У меня прошивка: DD-WRT v24-sp2 (04/07/12) big Интернет поднят через Установка / Основные установки/ Тип соединения: PPTP. С этим проблем нет, имею доступ как к внешним ресурсам, так и к внутренним ресурсам провайдера, торренты и DC++ работают без проблем.
Пытаюсь поднять Vpn с Windows 7 ( firewall - окл.) из локальной сети через внутренний IP - ошибка 619.
cat /tmp/var/log/messages | egrep 'pptp|vpn|pppd'
Jan 1 00:00:11 DD-WRT daemon.info pptpd[880]: MGR: Maximum of 100 connections reduced to 12, not enough IP addresses given
Jan 1 00:00:11 DD-WRT daemon.info pptpd[905]: MGR: Manager process started
Jan 1 00:00:11 DD-WRT daemon.info pptpd[905]: MGR: Maximum of 12 connections available
Jan 1 00:00:11 DD-WRT user.info syslog: pptpd : pptp daemon successfully started
Jan 1 00:00:11 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:12 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:13 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:13 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:13 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:14 DD-WRT daemon.notice pppd[1106]: pppd 2.4.4 started by root, uid 0
Jan 1 00:00:17 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:17 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:17 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:17 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jan 1 00:00:25 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jan 1 00:00:26 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jan 1 00:00:26 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jan 1 00:00:26 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jan 1 00:00:26 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jun 7 13:32:18 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jun 7 13:32:19 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jun 7 13:32:19 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jun 7 13:32:19 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jun 7 13:32:19 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jun 7 13:32:20 DD-WRT user.info syslog: vpn modules : vpn modules successfully unloaded
Jun 7 13:32:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_proto_gre successfully loaded
Jun 7 13:32:20 DD-WRT user.info syslog: vpn modules : nf_nat_proto_gre successfully loaded
Jun 7 13:32:20 DD-WRT user.info syslog: vpn modules : nf_conntrack_pptp successfully loaded
Jun 7 13:32:20 DD-WRT user.info syslog: vpn modules : nf_nat_pptp successfully loaded
Jun 7 13:41:24 DD-WRT daemon.info pptpd[2505]: CTRL: Client 192.168.1.105 control connection started
Jun 7 13:41:24 DD-WRT daemon.info pptpd[2505]: CTRL: Starting call (launching pppd, opening GRE)
Jun 7 13:41:24 DD-WRT daemon.notice pppd[2507]: pppd 2.4.4 started by root, uid 0
Jun 7 13:41:24 DD-WRT daemon.err pptpd[2505]: GRE: read(fd=8,buffer=41fe30,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 7 13:41:24 DD-WRT daemon.err pptpd[2505]: CTRL: PTY read or GRE write failed (pty,gre)=(8,9)
Jun 7 13:41:24 DD-WRT daemon.debug pptpd[2505]: CTRL: Reaping child PPP[2506]
Jun 7 13:41:24 DD-WRT daemon.info pptpd[2505]: CTRL: Client 192.168.1.105 control connection finished
Jun 7 13:41:24 DD-WRT daemon.info pppd[2507]: Exit.
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2514]: CTRL: Client 192.168.1.105 control connection started
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2514]: CTRL: Starting call (launching pppd, opening GRE)
Jun 7 13:41:26 DD-WRT daemon.err pptpd[2514]: GRE: read(fd=8,buffer=41fe30,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 7 13:41:26 DD-WRT daemon.err pptpd[2514]: CTRL: PTY read or GRE write failed (pty,gre)=(8,9)
Jun 7 13:41:26 DD-WRT daemon.debug pptpd[2514]: CTRL: Reaping child PPP[2515]
Jun 7 13:41:26 DD-WRT daemon.notice pppd[2516]: pppd 2.4.4 started by root, uid 0
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2514]: CTRL: Client 192.168.1.105 control connection finished
Jun 7 13:41:26 DD-WRT daemon.info pppd[2516]: Exit.
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2523]: CTRL: Client 192.168.1.105 control connection started
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2523]: CTRL: Starting call (launching pppd, opening GRE)
Jun 7 13:41:26 DD-WRT daemon.err pptpd[2523]: GRE: read(fd=8,buffer=41fe30,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 7 13:41:26 DD-WRT daemon.err pptpd[2523]: CTRL: PTY read or GRE write failed (pty,gre)=(8,9)
Jun 7 13:41:26 DD-WRT daemon.debug pptpd[2523]: CTRL: Reaping child PPP[2524]
Jun 7 13:41:26 DD-WRT daemon.info pptpd[2523]: CTRL: Client 192.168.1.105 control connection finished
Jun 7 13:41:26 DD-WRT daemon.notice pppd[2525]: pppd 2.4.4 started by root, uid 0
Jun 7 13:41:27 DD-WRT daemon.info pppd[2525]: Exit.
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2532]: CTRL: Client 192.168.1.105 control connection started
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2532]: CTRL: Starting call (launching pppd, opening GRE)
Jun 7 13:41:27 DD-WRT daemon.err pptpd[2532]: GRE: read(fd=8,buffer=41fe30,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 7 13:41:27 DD-WRT daemon.err pptpd[2532]: CTRL: PTY read or GRE write failed (pty,gre)=(8,9)
Jun 7 13:41:27 DD-WRT daemon.debug pptpd[2532]: CTRL: Reaping child PPP[2533]
Jun 7 13:41:27 DD-WRT daemon.notice pppd[2534]: pppd 2.4.4 started by root, uid 0
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2532]: CTRL: Client 192.168.1.105 control connection finished
Jun 7 13:41:27 DD-WRT daemon.info pppd[2534]: Exit.
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2541]: CTRL: Client 192.168.1.105 control connection started
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2541]: CTRL: Starting call (launching pppd, opening GRE)
Jun 7 13:41:27 DD-WRT daemon.err pptpd[2541]: GRE: read(fd=8,buffer=41fe30,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 7 13:41:27 DD-WRT daemon.err pptpd[2541]: CTRL: PTY read or GRE write failed (pty,gre)=(8,9)
Jun 7 13:41:27 DD-WRT daemon.notice pppd[2543]: pppd 2.4.4 started by root, uid 0
Jun 7 13:41:27 DD-WRT daemon.debug pptpd[2541]: CTRL: Reaping child PPP[2542]
Jun 7 13:41:27 DD-WRT daemon.info pptpd[2541]: CTRL: Client 192.168.1.105 control connection finished
Jun 7 13:41:27 DD-WRT daemon.info pppd[2543]: Exit.
cat /tmp/pptpd/options.pptpd
lock
name *
nobsdcomp
nodeflate
auth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
require-mschap-v2
mppe required,stateless
mppc
debug
logfd 2
ms-ignore-domain
chap-secrets /tmp/pptpd/chap-secrets
ip-up-script /tmp/pptpd/ip-up
ip-down-script /tmp/pptpd/ip-down
proxyarp
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 10
lcp-echo-interval 6
mtu 1450
mru 1450
ms-dns 192.168.1.1
cat /tmp/pptpd/pptpd.conf
bcrelay br0
localip 192.168.1.1
remoteip 192.168.1.50-60
cat /tmp/pptpd/chap-secrets
mcka * mcka *
cat /tmp/pptpd/ip-up
#!/bin/sh
startservice set_routes
echo $PPPD_PID $1 $5 $6 $PEERNAME >> /tmp/pptp_connected
iptables -I FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I INPUT -i $1 -j ACCEPT
iptables -I FORWARD -i $1 -j ACCEPT
iptables -t nat -I PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination 192.168.1.255
IN=`grep -i RP-Upstream-Speed-Limit /var/run/radattr.$1 | awk '{print $2}'`
OUT=`grep -i RP-Downstream-Speed-Limit /var/run/radattr.$1 | awk '{print $2}'`
if [ ! -z $IN ] && [ ! -z $OUT ] && [ $IN -gt 0 ] && [ $OUT -gt 0 ]
then tc qdisc del root dev $1
tc qdisc del dev $1 ingress
tc qdisc add dev $1 root tbf rate "$OUT"kbit latency 50ms burst "$OUT"kbit
tc qdisc add dev $1 handle ffff: ingress
tc filter add dev $1 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate "$IN"kbit burst "$IN"kbit drop flowid :1
fi
cat /tmp/pptpd/ip-down
#!/bin/sh
grep -v $PPPD_PID /tmp/pptp_connected > /tmp/pptp_connected.tmp
mv /tmp/pptp_connected.tmp /tmp/pptp_connected
CONTIME=$(($CONNECT_TIME+`grep $PEERNAME /tmp/pptp_peer.db | awk '{print $3}'`))
SENT=$(($BYTES_SENT+`grep $PEERNAME /tmp/pptp_peer.db | awk '{print $4}'`))
RCVD=$(($BYTES_RCVD+`grep $PEERNAME /tmp/pptp_peer.db | awk '{print $5}'`))
grep -v $PEERNAME /tmp/ppp_peer.db > /tmp/pptp_peer.db.tmp
mv /tmp/pptp_peer.db.tmp /tmp/pptp_peer.db
echo "$PEERNAME $CONTIME $SENT $RCVD" >> /tmp/pptp_peer.db
iptables -D FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -D INPUT -i $1 -j ACCEPT
iptables -D FORWARD -i $1 -j ACCEPT
iptables -t nat -D PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination 192.168.1.255
tc qdisc del root dev $1
tc qdisc del ingress dev $1
разрешены GRE запросы в iptables (Сохранено в брандмауэре)
#VPN
iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -F FORWARD
iptables -A FORWARD -j ACCEPT
iptables -A POSTROUTING -t nat -o br0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o eth+ -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
#Torrents
iptables -t nat -i ppp0 -I PREROUTING -p tcp --dport 50847 -j DNAT --to 192.168.1.2:50847
iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 50847 -j ACCEPT
iptables -t nat -i ppp0 -I PREROUTING -p udp --dport 50847 -j DNAT --to 192.168.1.2:50847
iptables -I FORWARD -p udp -d 192.168.1.2 --dport 50847 -j ACCEPT
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
logdrop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
logdrop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
logdrop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
logdrop tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:69
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 192.168.1.2 udp dpt:50847
ACCEPT tcp -- 0.0.0.0/0 192.168.1.2 tcp dpt:50847
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (0 references)
target prot opt source destination
Chain logaccept (0 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logbrute (0 references)
target prot opt source destination
0 -- 0.0.0.0/0 0.0.0.0/0 recent: SET name: BRUTEFORCE side: source
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 !recent: UPDATE seconds: 60 hit_count: 4 name: BRUTEFORCE side: source
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 1
logdrop 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logdrop (5 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain trigger_out (0 references)
target prot opt source destination
Security -> VPN Passthrough: IPSec Passthrough Disable PPTP Passthrough Enabled L2TP Passthrough Disable
cat /proc/sys/net/ipv4/ip_forward
1