Ситуация такая , есть роутер FreeBSD 6.4 на нем поднят MPD5(как сервер VPN) + в другом городе есть роутер LinuxSuse 10 на нем поднят pptp клиент для MPD.
Все отлично коннектиться vpn канал создается принги от Linux до FreeBSD ходят. От клиентских машин за Linux до клиентских машин за FreeBSD ходят. А вот от клиентской тачки за FreeBSD до Линухового клиента НЕТ.
Ifconfig:linux
eth0 Link encap:Ethernet HWaddr 00:18:71:E3:40:31
inet addr:10.205.250.1 Bcast:10.205.250.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:179562394 errors:0 dropped:0 overruns:0 frame:0
TX packets:148058322 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2019135156 (1925.5 Mb) TX bytes:1454938935 (1387.5 Mb)
Interrupt:233eth1 Link encap:Ethernet HWaddr 00:18:71:E3:40:30
inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56957221 errors:0 dropped:0 overruns:0 frame:0
TX packets:54195159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1557769638 (1485.6 Mb) TX bytes:435429409 (415.2 Mb)
Interrupt:50lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11738708 errors:0 dropped:0 overruns:0 frame:0
TX packets:11738708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1804942600 (1721.3 Mb) TX bytes:1804942600 (1721.3 Mb)ppp0 Link encap:Point-to-Point Protocol
inet addr:10.50.4.210 P-t-P:10.50.4.201 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1574 errors:0 dropped:0 overruns:0 frame:0
TX packets:1240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:97156 (94.8 Kb) TX bytes:74278 (72.5 Kb)
Ifconfig:FreeBSD
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 10.50.0.251 netmask 0xffff0000 broadcast 10.50.255.255
ether 00:0c:29:d8:fc:73
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
ether 00:0c:29:d8:fc:7d
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1458
inet 10.50.4.201 --> 10.50.4.210 netmask 0xffffffffIPFW:linux
FW_DEV_EXT="any eth-id-00:11:75:e3:43:30"
FW_DEV_INT="eth-id-00:18:63:e3:34:39"
FW_DEV_DMZ=""FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
#FW_MASQ_NETS="0/0"
FW_MASQ_NETS="\
10.50.0.0/16,10.205.250.0/24,icmp \
10.205.250.252/32,0/0,tcp,25 \
10.205.250.196/32,0/0,tcp,443 \
10.205.250.0/24,X.X.X.X/24,tcp,53 \
10.205.250.0/24,X.X.X.X/24,udp,53 \
10.205.250.0/24,0/0,gre \
10.50.0.0/16,0/0,gre \
10.205.250.7/32,0/0,icmp \
10.205.250.157/32,0/0,icmp \
10.205.250.0/24,X.X.X.X/32,tcp,2226"
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="https smtp ssh 1723"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP="gre"
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP="gre"
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP="gre"
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""FW_SERVICES_DROP_EXT=""
#FW_SERVICES_REJECT_EXT="0/0,tcp,113"
FW_SERVICES_ACCEPT_EXT=""
FW_TRUSTED_NETS="\
10.205.250.0/24 \
10.50.0.0/16"FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD=""
FW_FORWARD_MASQ="X.X.X.X/32,10.205.250.5,tcp,3395,3389,X.X.X.X"
FW_REDIRECT="\
10.205.250.0/24,0/0,tcp,80,3128 \
10.205.250.0/24,0/0,tcp,8080,3128"FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="no"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"#-------------------------------------------------------------------------#
# EXPERT OPTIONS - all others please don't change these! #
#-------------------------------------------------------------------------#
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES=""
FW_FORWARD_ALWAYS_INOUT_DEV="xenbr0"
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_DMZ=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"IPFW:FreeBSD
00100 626948 191198486 allow ip from 10.26.0.0/16 to 10.16.0.0/16
00102 6346 388960 allow ip from 10.50.0.0/16 to 10.205.250.0/24
00102 5072 304320 allow ip from 10.205.250.0/24 to 10.50.0.0/16
00110 38822 2424246 allow ip from 10.50.0.0/16 to 10.205.0.0/16
00110 10972 658944 allow ip from 10.205.0.0/16 to 10.50.0.0/16
00200 531352 199797104 allow ip from 10.16.0.0/16 to 10.26.0.0/16
00300 2253764 742949504 allow ip from 10.50.0.0/16 to 10.16.0.0/16
00400 2655539 1297393740 allow ip from 10.16.0.0/16 to 10.50.0.0/16
00500 222852 198696902 allow ip from 10.58.0.0/16 to 10.16.0.0/16
00600 198040 93069028 allow ip from 10.16.0.0/16 to 10.58.0.0/16
00700 1108462 658486268 allow ip from 10.72.0.0/16 to 10.16.0.0/16
00800 1130958 677203022 allow ip from 10.16.0.0/16 to 10.72.0.0/16
00900 304608 272951682 allow ip from 10.77.0.0/16 to 10.16.0.0/16
01000 249172 108385266 allow ip from 10.16.0.0/16 to 10.77.0.0/16
05000 49424087 31152085218 divert 8668 ip from any to any via em1
05100 69600467 40742448809 allow ip from any to any via em0
05200 58583 3896487 allow icmp from any to any
05300 74828 5111996 allow udp from any to any dst-port 53
05400 74466 9836297 allow udp from any 53 to any
05500 28120301 27503205026 allow ip from any to 192.168.2.2
05600 23757387 4072072900 allow ip from 192.168.2.2 to any
05700 0 0 allow ip from 10.50.0.154 to any
05800 0 0 allow ip from any to 10.50.0.154
05900 0 0 allow ip from 10.50.0.152 to any
06000 0 0 allow ip from any to 10.50.0.152
06100 0 0 allow ip from 10.50.0.162 to any
06200 0 0 allow ip from any to 10.50.0.162
06300 0 0 allow ip from 10.50.0.2 to any
06400 0 0 allow ip from any to 10.50.0.2
06500 787206 84586892 allow ip from any to me
06600 0 0 allow ip from me to any
65535 79 9443 allow ip from any to any
Route : Linux
route add -net 10.50.0.0 netmask 255.255.0.0 gw 10.50.4.201Route : FreeBSD
route add 10.205.250.0/24 10.50.4.210Может есть какие нибуть ньансы что надо сделать , подсобите плиз.
а это случайно не из-за того, что адреса туннеля пересекаются с адресами локалки за freeBSD
Кому интересно выкладываю рабочии конфиги LinuxSuse, на стороне FreeBSD Все ОК.
# vi /etc/sysconfig/SuSEfirewall2
FW_DEV_EXT="any eth-id-00:18:71:e3:40:30"
FW_DEV_INT="eth-id-00:18:71:e3:40:31 ppp0"
FW_DEV_DMZ=""FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
#FW_MASQ_NETS="0/0"
FW_MASQ_NETS="\
10.50.0.0/16,10.205.250.0/24,icmp \
10.205.250.252/32,0/0,tcp,25 \
10.205.250.196/32,0/0,tcp,443 \
10.205.250.0/24,X.x.x.x/24,tcp,53 \
10.205.250.0/24,X.x.x.x/24,udp,53 \
10.205.250.0/24,X.x.x.x/24,tcp,25 \
10.205.250.0/24,X.x.x.x/24,tcp,110 \
10.205.250.0/24,X.x.x.x/32,tcp,25 \
10.205.250.0/24,X.x.x.x/32,tcp,110 \
10.205.250.0/24,0/0,gre \
10.50.0.0/16,0/0,icmp \
10.205.250.7/32,0/0,icmp \
10.205.250.157/32,0/0,icmp \
10.205.250.0/24,X.x.x.x/32,tcp,2226"FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP="https smtp ssh 1723"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT=""FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP="gre"
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""FW_SERVICES_DROP_EXT=""
#FW_SERVICES_REJECT_EXT="0/0,tcp,113"
FW_SERVICES_ACCEPT_EXT=""
FW_TRUSTED_NETS="\
10.205.250.0/24 \
10.50.0.0/16"FW_ALLOW_INCOMING_HIGHPORTS_UDP=""
FW_FORWARD="10.50.0.0/16,10.205.250.0/24 10.205.250.0/24,10.50.0.0/16"
FW_FORWARD_MASQ="x.x.x.x/32,10.205.250.5,tcp,3395,3389,212.119.218.74"
FW_REDIRECT="\
10.205.250.0/24,0/0,tcp,80,3128 \
10.205.250.0/24,0/0,tcp,8080,3128"FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"#-------------------------------------------------------------------------#
# EXPERT OPTIONS - all others please don't change these! #
#-------------------------------------------------------------------------#
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING="yes"
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT="yes"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES=""
FW_FORWARD_ALWAYS_INOUT_DEV="xenbr0"
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_DMZ=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"#vi /etc/ppp/peers/asad.ine
pty "pptp сервер-vpn --nolaunchpppd"
#name kia
user user
password "пароль"
noauth
nodeflate
nobsdcomp
lock
#remotename x
#defaultroute
#replacedefaulteroute
persist
debug
#nodetachИ наконец скрипт запуска
#vi /etc/ppp/ip-up.d/asad
#!/bin/bash
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin
#
#
#pppd call asad.inet
route add -net 10.50.0.0 netmask 255.255.0.0 gw 10.50.4.201
pppd call asad.inetЕсли кому надо будет вышлю конфиги сервера FreeBSD