Здравствуйте, помогите пожалуйста разобраться с mpd5.
Собрал mpd5 c таким конфигом:
default:
load pptp_server
pptp_server:
# Define dynamic IP address pool.
set ippool add pool1 10.0.0.200 10.0.0.205
# Create clonable bundle template named B
create bundle template B
# set iface enable proxy-arp
set iface disable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.1.1/32 ippool pool1
set ipcp dns 10.0.0.11
# set ipcp nbns 192.168.1.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link enable chap-msv1
set link enable chap-msv2
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 75
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
set pptp self xxx.xxx.xxx.xxx
# Allow to accept calls
set link enable incoming
Если в директиве set pptp self указать внутренний интерфейс 10.0.0.1, то из локальной сети клиент подключается. А если указать серверу слушать на внешнем интерфейсе, то при подключении на клиенте выдает "ошибка 732: Этот компьютер и удаленный компьютер не смогли согласовать протоколы управления PPP".
В логе mpd5.log видно, что идут LCP запросы конфигурации, и после 10 попыток соединение закрывается.
Apr 9 21:39:00 ftps2 mpd: [L-1] Accepting PPTP connection
Apr 9 21:39:01 ftps2 mpd: [L-1] Link: OPEN event
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: Open event
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: state change Initial --> Starting
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: LayerStart
Apr 9 21:39:01 ftps2 mpd: [L-1] PPTP: attaching to peer's outgoing call
Apr 9 21:39:01 ftps2 mpd: [L-1] Link: UP event
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: Up event
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: state change Starting --> Req-Sent
Apr 9 21:39:01 ftps2 mpd: [L-1] LCP: SendConfigReq #1
Apr 9 21:39:01 ftps2 mpd: [L-1] ACFCOMP
Apr 9 21:39:01 ftps2 mpd: [L-1] PROTOCOMP
Apr 9 21:39:01 ftps2 mpd: [L-1] MRU 1500
Apr 9 21:39:01 ftps2 mpd: [L-1] MAGICNUM c3632974
Apr 9 21:39:01 ftps2 mpd: [L-1] AUTHPROTO CHAP MSOFTv2
Apr 9 21:39:01 ftps2 mpd: [L-1] MP MRRU 2048
Apr 9 21:39:01 ftps2 mpd: [L-1] MP SHORTSEQ
Apr 9 21:39:01 ftps2 mpd: [L-1] ENDPOINTDISC [802.1] 00 c1 28 01 e7 8a
Apr 9 21:39:03 ftps2 mpd: [L-1] LCP: SendConfigReq #2
-//-//-//-//-//-
-//-//-//-//-//-
Apr 9 21:39:19 ftps2 mpd: [L-1] LCP: SendConfigReq #10
Apr 9 21:39:19 ftps2 mpd: [L-1] ACFCOMP
Apr 9 21:39:19 ftps2 mpd: [L-1] PROTOCOMP
Apr 9 21:39:19 ftps2 mpd: [L-1] MRU 1500
Apr 9 21:39:19 ftps2 mpd: [L-1] MAGICNUM c3632974
Apr 9 21:39:19 ftps2 mpd: [L-1] AUTHPROTO CHAP MSOFTv2
Apr 9 21:39:19 ftps2 mpd: [L-1] MP MRRU 2048
Apr 9 21:39:19 ftps2 mpd: [L-1] MP SHORTSEQ
Apr 9 21:39:19 ftps2 mpd: [L-1] ENDPOINTDISC [802.1] 00 c1 28 01 e7 8a
Apr 9 21:39:20 ftps2 mpd: [L-1] PPTP call terminated
Apr 9 21:39:20 ftps2 mpd: [L-1] Link: DOWN event
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: Close event
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: state change Req-Sent --> Closing
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: SendTerminateReq #11
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: Down event
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: LayerFinish
Apr 9 21:39:20 ftps2 mpd: [L-1] LCP: state change Closing --> Initial
Apr 9 21:39:20 ftps2 mpd: [L-1] Link: SHUTDOWN event
Apr 9 21:39:20 ftps2 mpd: [L-1] Link: Shutdown
Логично было бы предположить, что дело в правилах firewall-а. Но в rc.firewall вроде все верно:
# MPD
${FwCMD} add 5040 pass log all from any to ${IpOut} 1723 in via ${LanOut} setup
${FwCMD} add 5050 pass log all from ${IpOut} 1723 to any out via ${LanOut} established
${FwCMD} add 5070 pass gre from any to ${IpOut} in via ${LanOut}
${FwCMD} add 5080 pass gre from ${IpOut} to any out via ${LanOut}
${FwCMD} add 5090 pass all from any to any via ng0
# ${IpOut} – внешний ip-адрес
# ${LanOut} - внешний интерфейс.
Помогите пожалуйста.