Доброе время суток.На моем провайдере появился новый сервер с поддержкой протокола L2TP. Под виндой нормально к нему коннектит. Но под фряхой никак не могу настроить. Также есть и PPTP сервера, но к ним подключается без проблем.
ОС: FreeBSD-5.2.1-STABLE.
Клиент: MPD-4.3(компилился с портов без дополнительных пакетов)
Ядро перекомпилировал с поддержкой Netgraph l2tp
Подключиться необходимо именно к L2TP, т.к. на этом сервере скорость в 4!!! раза больше дает провайдер.
Вообщем конфиги вот какие mpd.conf:
default:
load l2tp
l2tp:
new -i ng0 l2tp l2tp
set iface idle 0
set iface up-script "/usr/local/etc/mpd4/io-up.sh"
set iface down-script "/usr/local/etc/mpd4/io-down.sh"
set bundle disable multilink
set auth authname "user"
set auth password "pass"
set link accept pap
set link no chap
set link keep-alive 10 60
set ipcp yes vjcomp
set link max-redial 5
set bundle disable noretry
set iface enable tcpmssfix
open
Файл с mpd.links таков:
l2tp:
set link type l2tp
set l2tp peer 10.128.4.3
set l2tp enable originate
логи пишут следующее:
#
# client_standard:
# set iface disable on-demand
# set iface enable proxy-arp
# set iface idle 1800
# set iface enable tcpmssfix
# set bundle enable multilink
# set link yes acfcomp protocomp
# set link no pap chap
# set link enable chap
# set link mtu 1460
# set link keep-alive 10 60
# set ipcp yes vjcomp
# set ipcp dns 192.168.1.3
# set ipcp nbns 192.168.1.4
# set bundle enable compression
# set ccp yes mppc
# set ccp yes mpp-e40
# set ccp yes mpp-e128
# set ccp yes mpp-stateless
#
#
# See also the 'pptp' link entry in mpd.links.sample.
#
# Note: If you cut & paste from the above example, be sure to left-justify
# the labels or else mpd won't parse them correctly.
#
pptp:
new pptp pptp
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
# Multilink adds some overhead, but gives full 1500 MTU.
set bundle enable multilink
# use RADIUS servers
# load radius
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.1.50/32
set ipcp dns 192.168.1.3
set ipcp nbns 192.168.1.4
#
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
#
# Mpd using PPTP for LAN to LAN VPN, always connected.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
# remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
# between these two private networks using a PPTP VPN over the Internet.
#
# You run mpd on dual-homed machines on either end. Say the local machine
# has internal address 192.168.1.1 and externally visible address 1.2.3.4,
# and the remote machine has internal address 192.168.2.1 and externally
# visible address 2.3.4.5.
#
# Note: mpd does not support the peer's "inside" IP address being the same
# as its "outside" IP address. In the above example, this means that
# 192.168.2.1 != 2.3.4.5.
#
# The "inside" IP addresses are configured by "set ipcp ranges ..."
# (in mpd.conf) while the "outside" IP addreses are configured by
# "set pptp self ..." and "set pptp peer ..." (in mpd.links).
#
# See also the 'vpn' link entry in mpd.links.sample.
#
vpn:
new vpn vpn
set iface disable on-demand
set iface idle 0
# disconnect the client after 8 hours
set iface session 28800
set iface route 192.168.2.0/24
set bundle disable multilink
set auth authname "VpnLogin"
set auth password "VpnPassword"
set link yes acfcomp protocomp
set link no pap
set link yes chap
set link mtu 1460
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.2.1/32
#
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
#
# mpd as pptp-vpn client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
pptp-client:
new pptp-cl pptp-cl
set iface route default
set bundle no noretry
set auth authname MyLogin
set auth password MyPass
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
open
#
# PPPoE client example (see also mpd.links.sample entry "PPPoE")
#
PPPoE:
new PPPoE PPPoE
set iface route default
set iface disable on-demand
set iface idle 0
set ipcp yes vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set bundle disable multilink
set auth authname MyLogin
set link no acfcomp protocomp
set link disable pap chap
set link accept chap
set link keep-alive 10 60
open
radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
set radius config /etc/radius.conf
# and/or specify the server directly here
set radius retries 3
set radius timeout 3
set radius server localhost testing123 1812 1813
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
set radius me 1.1.1.1
# send accounting updates every 5 minutes
set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
set auth enable radius-auth
# enable RADIUS accounting
set auth enable radius-acct
# activate MPPE and let the RADIUS server assign MPPE-types and MPPE-policies
set bundle enable compression
set ccp yes mppc
set ccp enable mppe-policy
# protect our requests with the message-authenticator
set radius enable message-authentic
# EAP stuff
eap:
set link enable eap
# enable CHAP-MD5 inside EAP frames
set eap enable md5
# if we are just a relay between the PEER and our RADIUS server, then set this
# set eap enable radius-proxy
# Advanced authentication options
advanced-auth:
# disable traditional mpd.secrets file
set auth disable internal
# enable RADIUS
set auth enable radius-auth
# enable OPIE
set auth enable opie
# enable master.passwd (only possible with MS-CHAP and PAP)
set link no chap-md5
set auth enable system
# enable accounting via UTMP/WTMP
set auth enable utmp-wtmp
# increase our timeout to 60 secs. for authentication requests
set auth timeout 60
# allow only one concurrent connection per username
set auth max-logins 1
# send accounting updates every 5 minutes
set auth acct-update 300
# we get our MPPE types and policy from the authentication backend
set auth enable mppc-pol
l2tp:
new -i ng1 l2tp l2tp
File: mpd.log Col 25 26002286 bytes 99%
mpd: Multi-link PPP daemon for FreeBSD
mpd:
mpd: process 1873 started, version 4.3 (root@Shmatrix 23:13 6-Feb-2008)
mpd: [l2tp] using interface ng0
mpd: [l2tp] link: OPEN event
mpd: [l2tp] LCP: Open event
mpd: [l2tp] LCP: state change Initial --> Starting
mpd: [l2tp] LCP: LayerStart
mpd: L2TP: Control connection 0x80f2e04 initiated
mpd: L2TP: Control connection 0x80f2e04 terminated: 6 (expecting reply; none rec
mpd: [l2tp] link: DOWN event
mpd: [l2tp] link: reconnection attempt 1
mpd: [l2tp] LCP: Down event
mpd: [l2tp] pausing 6 seconds before open
mpd: L2TP: Control connection 0x80f3304 initiated
mpd: L2TP: Control connection 0x80f2e04 destroyed
mpd: caught fatal signal term
mpd: [l2tp] IFACE: Close event
mpd: [l2tp] IPCP: Close event
mpd: process 1873 terminated
Народ подскажите куда рыть?. VPN сервер нормально этот пингуется. Но почемуто в логах ничего не пишется о подключении
Спасибо
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 07-Фев-08, 23:22 
