Пытаюсь организовать доступ юзерам из дому в офис через интернет.
Для этого использую сервер на FreeBSD 5.4 + mpd
Вот mpd.conf:
---------------
default:
load pptp0
pptp0:
new -i ng0 pptp0 pptp0
set ipcp ranges 10.x.x.1/32 10.x.x.11/32
load pptp_standart
pptp_standart:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp dns 10.x.x.10
set ipcp nbns 10.x.x.10
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
set pptp self 212.x.x.x
set pptp enable incoming
set pptp disable originate
--------------------
Проблема заключается в том, что подключиться то удается, то не удается. И закономерности никакой пока не вижу. Но всегда когда не удается то MTU интерфейса на который подключается юзер =1500. И соответствеено не может работать GRE. При удачных попытках MTU=1396.
Почему так может быть?
>Пытаюсь организовать доступ юзерам из дому в офис через интернет.
>Для этого использую сервер на FreeBSD 5.4 + mpd
>Вот mpd.conf:
>---------------
>default:
> load pptp0
>pptp0:
> new -i ng0 pptp0
>pptp0
> set ipcp ranges 10.x.x.1/32
>10.x.x.11/32
> load pptp_standart
>pptp_standart:
> set iface disable on-demand
>
> set iface enable proxy-arp
>
> set iface idle 1800
>
> set bundle disable multilink
>
> set link yes acfcomp
>protocomp
> set link no pap
>chap
> set link enable chap
>
> set link keep-alive 10
>60
> set link mtu 1460
>
> set ipcp yes vjcomp
>
> set ipcp dns 10.x.x.10
>
> set ipcp nbns 10.x.x.10
>
> set bundle enable compression
>
> set ccp yes mppc
>
> set ccp yes mpp-e40
>
> set ccp yes mpp-e128
>
> set ccp yes mpp-stateless
>
> set bundle yes crypt-reqd
>
> set pptp self 212.x.x.x
>
> set pptp enable incoming
>
> set pptp disable originate
>
>--------------------
>Проблема заключается в том, что подключиться то удается, то не удается.
>И закономерности никакой пока не вижу. Но всегда когда не удается
>то MTU интерфейса на который подключается юзер =1500. И соответствеено не
>может работать GRE. При удачных попытках MTU=1396.
>Почему так может быть?Наверное у вас все пользователи используют winxp. Если да то вот выдержка из документации.
Windows XP insists on a very low MTU (usualy 1396 Bytes), this needs fragmentation, if bigger packets should be transmited over the link. Fragmentation is negotiated at ICMP level, if there is a bad router somewhere in the network, who drops such packets, then the connection seems to hang. The first thing what you can try is reducing mpd's MTU value, by setting: set link mtu 1300 and set bundle disable multilink, this should help in most cases. For TCP connections it's possible enabling the TCP-MSS-Fix: set iface enable tcpmssfix (available since mpd-3.15).
>Наверное у вас все пользователи используют winxp. Если да то вот выдержка
>из документации.
>Windows XP insists on a very low MTU (usualy 1396 Bytes), this
>needs fragmentation, if bigger packets should be transmited over the link.
>Fragmentation is negotiated at ICMP level, if there is a bad
>router somewhere in the network, who drops such packets, then the
>connection seems to hang. The first thing what you can try
>is reducing mpd's MTU value, by setting: set link mtu 1300
>and set bundle disable multilink, this should help in most cases.
>For TCP connections it's possible enabling the TCP-MSS-Fix: set iface enable
>tcpmssfix (available since mpd-3.15).Попробовал различные комбинации set link mtu 1300; set iface enable tcpmssfix. Не помогает это.
Nov 23 12:35:46 gatehq mpd: [pptp0] IFACE: Open event
Nov 23 12:35:46 gatehq mpd: [pptp0] IPCP: Open event
Nov 23 12:35:46 gatehq mpd: [pptp0] IPCP: state change Initial --> Starting
Nov 23 12:35:46 gatehq mpd: [pptp0] IPCP: LayerStart
Nov 23 12:35:46 gatehq mpd: [pptp0] IPCP: Open event
Nov 23 12:35:46 gatehq mpd: [pptp0] bundle: OPEN event in state CLOSED
Nov 23 12:35:46 gatehq mpd: [pptp0] opening link "pptp0"...
Nov 23 12:35:46 gatehq mpd: [pptp0] link: OPEN event
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: Open event
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: state change Initial --> Starting
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: LayerStart
Nov 23 12:35:46 gatehq mpd: [pptp0] device: OPEN event in state DOWN
Nov 23 12:35:46 gatehq mpd: [pptp0] attaching to peer's outgoing call
Nov 23 12:35:46 gatehq mpd: [pptp0] device is now in state OPENING
Nov 23 12:35:46 gatehq mpd: [pptp0] device: UP event in state OPENING
Nov 23 12:35:46 gatehq mpd: [pptp0] device is now in state UP
Nov 23 12:35:46 gatehq mpd: [pptp0] link: UP event
Nov 23 12:35:46 gatehq mpd: [pptp0] link: origination is remote
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: Up event
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: state change Starting --> Req-Sent
Nov 23 12:35:46 gatehq mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISHNov 23 12:35:46 gatehq mpd: [pptp0] LCP: SendConfigReq #1
Nov 23 12:35:46 gatehq mpd: ACFCOMP
Nov 23 12:35:46 gatehq mpd: PROTOCOMP
Nov 23 12:35:46 gatehq mpd: MRU 1500
Nov 23 12:35:46 gatehq mpd: MAGICNUM 0d40d920
Nov 23 12:35:46 gatehq mpd: AUTHPROTO CHAP MSOFTv2
Nov 23 12:35:46 gatehq mpd: pptp0-0: ignoring SetLinkInfo
...............
Nov 23 12:36:04 gatehq mpd: [pptp0] LCP: SendConfigReq #10
Nov 23 12:36:04 gatehq mpd: ACFCOMP
Nov 23 12:36:04 gatehq mpd: PROTOCOMP
Nov 23 12:36:04 gatehq mpd: MRU 1500
Nov 23 12:36:04 gatehq mpd: MAGICNUM 0d40d920
Nov 23 12:36:04 gatehq mpd: AUTHPROTO CHAP MSOFTv2Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: state change Req-Sent --> Stopped
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: LayerFinish
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: parameter negotiation failed
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: LayerFinish
Nov 23 12:36:06 gatehq mpd: [pptp0] device: CLOSE event in state UP
Nov 23 12:36:06 gatehq mpd: pptp0-0: clearing call
Nov 23 12:36:06 gatehq mpd: pptp0-0: killing channel
Nov 23 12:36:06 gatehq mpd: [pptp0] PPTP call terminated
Nov 23 12:36:06 gatehq mpd: [pptp0] IFACE: Close event
Nov 23 12:36:06 gatehq mpd: [pptp0] IPCP: Close event
Nov 23 12:36:06 gatehq mpd: [pptp0] IPCP: state change Starting --> Initial
Nov 23 12:36:06 gatehq mpd: [pptp0] IPCP: LayerFinish
Nov 23 12:36:06 gatehq mpd: [pptp0] IFACE: Close event
Nov 23 12:36:06 gatehq mpd: pptp0: closing connection with 195.137.193.150:2004
Nov 23 12:36:06 gatehq mpd: [pptp0] IFACE: Close event
Nov 23 12:36:06 gatehq mpd: [pptp0] device is now in state CLOSING
Nov 23 12:36:06 gatehq mpd: [pptp0] bundle: CLOSE event in state OPENED
Nov 23 12:36:06 gatehq mpd: [pptp0] closing link "pptp0"...
Nov 23 12:36:06 gatehq mpd: [pptp0] device: CLOSE event in state CLOSING
Nov 23 12:36:06 gatehq mpd: [pptp0] device is now in state CLOSING
Nov 23 12:36:06 gatehq mpd: [pptp0] link: CLOSE event
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: Close event
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: state change Stopped --> Closed
Nov 23 12:36:06 gatehq mpd: [pptp0] device: DOWN event in state CLOSING
Nov 23 12:36:06 gatehq mpd: [pptp0] device is now in state DOWN
Nov 23 12:36:06 gatehq mpd: [pptp0] link: DOWN event
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: Down event
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: state change Closed --> Initial
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: phase shift ESTABLISH --> DEAD
Nov 23 12:36:06 gatehq mpd: [pptp0] device: DOWN event in state DOWN
Nov 23 12:36:06 gatehq mpd: [pptp0] device is now in state DOWN
Nov 23 12:36:06 gatehq mpd: [pptp0] link: DOWN event
Nov 23 12:36:06 gatehq mpd: [pptp0] LCP: Down event
Nov 23 12:36:06 gatehq mpd: pptp0: killing connection with 195.х.х.х:2004