URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 12136
[ Назад ]

Исходное сообщение
"Cisco PPTP Server"

Отправлено Remy , 01-Дек-06 17:53 
Easy Server поднять не получилось, решил помучать PPTP.
Нашел Cisco 2621:
IOS (tm) C2600 Software (C2600-IK8O3S-M), Version 12.2(16), RELEASE SOFTWARE (fc3)
Делаю все как: http://www.parkansky.com/tutorials/pptp.htm
Конфиг:
Building configuration...

Current configuration : 1768 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c2621
!
logging buffered 51200 warnings
aaa new-model
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
enable secret 5 *********.
!
username cisco privilege 15 password 0 cisco
ip subnet-zero
!
!
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
async-bootp dns-server 172.16.0.3
async-bootp nbns-server 172.16.0.5
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.0.23 255.255.0.0
duplex auto
speed auto
!
interface Serial0/0
ip address 10.0.1.2 255.255.255.252
shutdown
no fair-queue
!
interface FastEthernet0/1
ip address 192.168.51.254 255.255.255.0
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
ip mroute-cache
peer default ip address pool DIAL-IN
ppp authentication ms-chap ms-chap-v2
!
ip local pool DIAL-IN 192.168.51.210 192.168.51.220
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.254
no ip http server
ip http authentication local
!
no snmp-server enable traps tty
radius-server host 172.16.0.245 auth-port 1645 acct-port 1646
radius-server key cisco_key
radius-server authorization permit missing Service-Type
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
transport input telnet ssh
transport output telnet ssh
line vty 5 15
password cisco
!
scheduler max-task-time 5000
end

DEBUGS:

02:09:58: Vi1 VPDN: Virtual interface created
02:09:58: Vi1 VPDN: Clone from Vtemplate 1
02:09:58: Vi1 VPDN: Bind interface direction=2
02:09:58: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
02:09:58: Vi1 PPP: Using default call direction
02:09:58: Vi1 PPP: Treating connection as a dedicated line
02:09:58: Vi1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]
02:09:58: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
02:09:58: Vi1 LCP: O CONFREQ [Closed] id 4 len 15
02:09:58: Vi1 LCP:    AuthProto MS-CHAP (0x0305C22380)
02:09:58: Vi1 LCP:    MagicNumber 0x04C43F51 (0x050604C43F51)
02:10:00: Vi1 LCP: TIMEout: State REQsent
02:10:00: Vi1 LCP: O CONFREQ [REQsent] id 5 len 15
02:10:00: Vi1 LCP:    AuthProto MS-CHAP (0x0305C22380)
02:10:00: Vi1 LCP:    MagicNumber 0x04C43F51 (0x050604C43F51)
02:10:00: Vi1 LCP: I CONFACK [REQsent] id 5 len 15
02:10:00: Vi1 LCP:    AuthProto MS-CHAP (0x0305C22380)
02:10:00: Vi1 LCP:    MagicNumber 0x04C43F51 (0x050604C43F51)
02:10:00: Vi1 LCP: I CONFREQ [ACKrcvd] id 1 len 21
02:10:00: Vi1 LCP:    MRU 1400 (0x01040578)
02:10:00: Vi1 LCP:    MagicNumber 0x74BF78EA (0x050674BF78EA)
02:10:00: Vi1 LCP:    PFC (0x0702)
02:10:00: Vi1 LCP:    ACFC (0x0802)
02:10:00: Vi1 LCP:    Callback 6  (0x0D0306)
02:10:00: Vi1 LCP: O CONFREJ [ACKrcvd] id 1 len 7
02:10:00: Vi1 LCP:    Callback 6  (0x0D0306)
02:10:00: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
02:10:00: Vi1 LCP:    MRU 1400 (0x01040578)
02:10:00: Vi1 LCP:    MagicNumber 0x74BF78EA (0x050674BF78EA)
02:10:00: Vi1 LCP:    PFC (0x0702)
02:10:00: Vi1 LCP:    ACFC (0x0802)
02:10:00: Vi1 LCP: O CONFNAK [ACKrcvd] id 2 len 8
02:10:00: Vi1 LCP:    MRU 1500 (0x010405DC)
02:10:00: Vi1 LCP: I CONFREQ [ACKrcvd] id 3 len 18
02:10:00: Vi1 LCP:    MRU 1400 (0x01040578)
02:10:00: Vi1 LCP:    MagicNumber 0x74BF78EA (0x050674BF78EA)
02:10:00: Vi1 LCP:    PFC (0x0702)
02:10:00: Vi1 LCP:    ACFC (0x0802)
02:10:00: Vi1 LCP: O CONFNAK [ACKrcvd] id 3 len 8
02:10:00: Vi1 LCP:    MRU 1500 (0x010405DC)
02:10:00: Vi1 LCP: I CONFREQ [ACKrcvd] id 4 len 18
02:10:00: Vi1 LCP:    MRU 1500 (0x010405DC)
02:10:00: Vi1 LCP:    MagicNumber 0x74BF78EA (0x050674BF78EA)
02:10:00: Vi1 LCP:    PFC (0x0702)
02:10:00: Vi1 LCP:    ACFC (0x0802)
02:10:00: Vi1 LCP: O CONFACK [ACKrcvd] id 4 len 18
02:10:00: Vi1 LCP:    MRU 1500 (0x010405DC)
02:10:00: Vi1 LCP:    MagicNumber 0x74BF78EA (0x050674BF78EA)
02:10:00: Vi1 LCP:    PFC (0x0702)
02:10:00: Vi1 LCP:    ACFC (0x0802)
02:10:00: Vi1 LCP: State is Open
02:10:00: Vi1 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]
02:10:00: Vi1 MS-CHAP: O CHALLENGE id 2 len 22 from "okp-2621"
02:10:00: Vi1 LCP: I IDENTIFY [Open] id 5 len 18 magic 0x74BF78EA MSRASV5.20
02:10:00: Vi1 LCP: I IDENTIFY [Open] id 6 len 21 magic 0x74BF78EA MSRAS-0-NEWEX
02:10:00: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:00: AAA: parse name=Virtual-Access1 idb type=21 tty=-1
02:10:00: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
02:10:00: AAA/MEMORY: create_user (0x822BF5B4) user='Domain\User' ruser='NULL' ds0=0 port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 initial_task_id='0'
02:10:00: AAA/AUTHEN/START (2735847673): port='Virtual-Access1' list='ms-chap-v2' action=LOGIN service=PPP
02:10:00: AAA/AUTHEN/START (2735847673): using "default" list
02:10:00: AAA/AUTHEN/START (2735847673): Method=radius (radius)
02:10:00: RADIUS: ustruct sharecount=1
02:10:00: Radius: radius_port_info() success=1 radius_nas_port=1
02:10:00: RADIUS: Initial Transmit Virtual-Access1 id 1 172.16.30.245:1645, Access-Request, len 140
02:10:00:         Attribute 4 6 AC100017
02:10:00:         Attribute 5 6 00000001
02:10:00:         Attribute 61 6 00000005
02:10:00:         Attribute 1 16 44494744
02:10:00:         Attribute 26 16 000001370B0A4783
02:10:00:         Attribute 26 58 0000013701340201
02:10:00:         Attribute 6 6 00000002
02:10:00:         Attribute 7 6 00000001
02:10:03: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:03: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:05: RADIUS: Retransmit id 1
02:10:06: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:06: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:09: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:09: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:10: RADIUS: Retransmit id 1
02:10:12: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:12: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:15: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:15: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:15: RADIUS: Retransmit id 1
02:10:18: Vi1 MS-CHAP: I RESPONSE id 2 len 68 from "Domain\User"
02:10:18: Vi1 AUTH: Duplicate authentication request id=2 already in progress
02:10:20: RADIUS: Tried all servers.
02:10:20: RADIUS: No valid server found. Trying any viable server
02:10:20: RADIUS: Tried all servers.
02:10:20: RADIUS: No response for id 1
02:10:20: Radius: No response from server
02:10:20: AAA/AUTHEN (2735847673): status = ERROR
02:10:20: AAA/AUTHEN/START (2735847673): Method=LOCAL
02:10:20: AAA/AUTHEN (2735847673): User not found, end of method list
02:10:20: AAA/AUTHEN (2735847673): status = FAIL
02:10:20: Vi1 CHAP: Unable to validate Response.  Username Domain\User: Authentication failure
02:10:20: Vi1 MS-CHAP: O FAILURE id 2 len 13 msg is "E=691 R=0"
02:10:20: Vi1 PPP: Phase is TERMINATING [0 sess, 1 load]
02:10:20: Vi1 LCP: O TERMREQ [Open] id 6 len 4
02:10:20: AAA/MEMORY: free_user (0x822BF5B4) user='Domain\User' ruser='NULL' port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1
02:10:20: Vi1 LCP: I TERMACK [TERMsent] id 6 len 4
02:10:20: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
02:10:20: Vi1 LCP: State is Closed
02:10:20: Vi1 PPP: Phase is DOWN [0 sess, 1 load]
02:10:20: Vi1 VPDN: Cleanup
02:10:20: Vi1 VPDN: Reset
02:10:20: Vi1 VPDN: Reset
02:10:20: Vi1 VPDN: Unbind interface
02:10:20: Vi1 VPDN: Unbind interface
02:10:20: Vi1 VPDN: Reset
02:10:20: Vi1 VPDN: Unbind interface
02:10:20: Vi1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 1 load]
02:10:20: Vi1 LCP: State is Listen
02:10:20: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
02:10:20: Vi1 LCP: State is Closed
02:10:20: Vi1 PPP: Phase is DOWN [0 sess, 0 load]
02:10:20: Vi1 VPDN: Reset
02:10:20: Vi1 VPDN: Unbind interface


Содержание

Сообщения в этом обсуждении
"Cisco PPTP Server"
Отправлено AlexDv , 01-Дек-06 23:18 
>02:10:20: RADIUS: Tried all servers.
>02:10:20: RADIUS: No valid server found. Trying any viable server
>02:10:20: RADIUS: Tried all servers.
>02:10:20: RADIUS: No response for id 1
>02:10:20: Radius: No response from server


"Cisco PPTP Server"
Отправлено Remy , 04-Дек-06 09:24 
>>02:10:20: RADIUS: Tried all servers.
>>02:10:20: RADIUS: No valid server found. Trying any viable server
>>02:10:20: RADIUS: Tried all servers.
>>02:10:20: RADIUS: No response for id 1
>>02:10:20: Radius: No response from server

И правда, пропустил эти строки, но дело в том, что на ISA(RADIUS) авторизирует и говорит все ОК.


"Cisco PPTP Server"
Отправлено Remy , 04-Дек-06 09:26 
>>02:10:20: RADIUS: Tried all servers.
>>02:10:20: RADIUS: No valid server found. Trying any viable server
>>02:10:20: RADIUS: Tried all servers.
>>02:10:20: RADIUS: No response for id 1
>>02:10:20: Radius: No response from server

Да, не заметил этих строк, странно то что на IAS (RADIUS) пишет, что пользователь авторизован!