LINUX.ORG.RU
ФорумAdmin

l2tp Funtoo


0

1

Решил рискнуть настроить l2tp на Funtoo. И так имеем до поднятия vpn:

ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:8d:91:74:32  
          inet addr:10.64.117.112  Bcast:10.64.117.255  Mask:255.255.254.0
          inet6 addr: fe80::250:8dff:fe91:7432/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:36858 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33151 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:32806268 (31.2 MiB)  TX bytes:5055129 (4.8 MiB)
          Interrupt:44 Base address:0x4000
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        10.64.117.254   255.0.0.0       UG    202    0        0 eth0
10.64.116.0     0.0.0.0         255.255.254.0   U     202    0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
172.16.0.0      10.64.117.254   255.240.0.0     UG    202    0        0 eth0
192.168.0.0     10.64.117.254   255.255.0.0     UG    202    0        0 eth0

Затем ставлю пакет: net-dialup/xl2tpd Ну и конфиги: 

cat /etc/xl2tpd/xl2tpd.conf 
[global]
access control = yes
port=1701
[lac garanta]
lns = 172.31.1.246
redial = yes
redial timeout = 5
require chap = yes
require authentication = no
name = chipset_bak
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
require pap = no
autodial = yes
cat /etc/ppp/options.xl2tpd 
unit 0
name chipset_bak
remotename l2tp
ipparam vpn
#connect /bin/true
mru 1460
mtu 1460
#lcp-echo-interval 3
#lcp-echo-failure 8
#logfile /var/log/pppd
nodeflate
nobsdcomp
persist
#maxfail 0
nopcomp
noaccomp
defaultroute
#replacedefaultroute

Поднимаю vpn /etc/init.d/xl2tpd start В логах вижу следующее: 

Feb 29 16:06:03 [xl2tpd] setsockopt recvref[22]: Protocol not available_
Feb 29 16:06:03 [xl2tpd] This binary does not support kernel L2TP._
Feb 29 16:06:03 [xl2tpd] xl2tpd version xl2tpd-1.3.0 started on chipset.*-rzn.ru PID:2931_
Feb 29 16:06:03 [xl2tpd] Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc._
Feb 29 16:06:03 [xl2tpd] Forked by Scott Balmos and David Stipp, (C) 2001_
Feb 29 16:06:03 [xl2tpd] Inherited by Jeff McAdams, (C) 2002_
Feb 29 16:06:03 [xl2tpd] Forked again by Xelerance (www.xelerance.com) (C) 2006_
Feb 29 16:06:03 [xl2tpd] Listening on IP address 0.0.0.0, port 1701_
Feb 29 16:06:03 [xl2tpd] Connecting to host 172.31.1.246, port 1701_
Feb 29 16:06:03 [xl2tpd] Connection established to 172.31.1.246, 1701.  Local: 49493, Remote: 10356 (ref=0/0)._
Feb 29 16:06:03 [xl2tpd] Calling on tunnel 49493_
Feb 29 16:06:03 [xl2tpd] Call established with 172.31.1.246, Local: 10953, Remote: 36252, Serial: 1 (ref=0/0)_
Feb 29 16:06:03 [pppd] pppd 2.4.5 started by root, uid 0
Feb 29 16:06:03 [pppd] Using interface ppp0
Feb 29 16:06:03 [pppd] Connect: ppp0 <--> /dev/pts/2
Feb 29 16:06:03 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Feb 29 16:06:03 [dhcpcd] ppp0: sendmsg: Network is unreachable
Feb 29 16:06:03 [dhcpcd] ppp0: waiting for 3rd party to configure IP address
Feb 29 16:06:04 [pppd] CHAP authentication succeeded
                - Last output repeated twice -
Feb 29 16:06:04 [pppd] local  IP address 91.203.66.*
Feb 29 16:06:04 [pppd] remote IP address 10.100.0.*
Feb 29 16:06:04 [dhcpcd] ppp0: removing IP address 0.0.0.0/0
Feb 29 16:06:07 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Feb 29 16:06:07 [dhcpcd] ppp0: sendmsg: Network is unreachable
Feb 29 16:06:11 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Feb 29 16:06:11 [dhcpcd] ppp0: sendmsg: Network is unreachable
Feb 29 16:06:15 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Feb 29 16:06:15 [dhcpcd] ppp0: sendmsg: Network is unreachable
Feb 29 16:06:15 [dhcpcd] ppp0: no IPv6 Routers available

ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:8d:91:74:32  
          inet addr:10.64.117.112  Bcast:10.64.117.255  Mask:255.255.254.0
          inet6 addr: fe80::250:8dff:fe91:7432/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44327 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:33294650 (31.7 MiB)  TX bytes:5057050 (4.8 MiB)
          Interrupt:44 Base address:0x4000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2400 (2.3 KiB)  TX bytes:2400 (2.3 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:91.203.66.*  P-t-P:10.100.0.*  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:40 (40.0 B)  TX bytes:46 (46.0 B)

Вижу vpn поднялась. Проверяю маршруты: 

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.100.0.*      0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         10.64.117.254   0.0.0.0         UG    202    0        0 eth0
10.64.116.0     0.0.0.0         255.255.254.0   U     202    0        0 eth0
10.100.0.*      0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

cat /etc/resolv.conf 
# Generated by resolvconf
search garanta.ru
nameserver 91.203.64.*

Все вроде наместе. Однако не пингуется 

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

ping 91.203.64.*
PING 91.203.64.2 (91.203.64.2) 56(84) bytes of data.

Bacula TLS создание самоподписаного CA openssl
Системы учета заявок.
Ответ на: комментарий от uniqwert

0.0.0.0 10.100.0.* 0.0.0.0 UG 0 0 0 ppp0 Так вот же он поидее. Или я что то не понимаю

micro-chipset
() автор топика
Ответ на: комментарий от uniqwert

Там было на генту и pptp А тут это:

 route add default gw <IP шлюза>
не помогает.

Да и вот он собственно: 

0.0.0.0         10.100.0.*      0.0.0.0         UG    0      0        0 ppp0

micro-chipset
() автор топика
Ответ на: комментарий от micro-chipset

Генту или фунту и пптп или л2тп это абсолютно по барабану. В итоге-то балом правит PPPD, который везде одинаковый.

Сделай /etc/ppp/ip-up типа: 

#!/bin/sh

IP="/sbin/ip"

GW=$5
IFACE=$1
IPPARAM=$6

$IP route del $GW dev $IFACE
$IP route add default dev $IFACE

blind_oracle ★★★★★
()
Ответ на: комментарий от blind_oracle

Это решило проблему. А что еще придумать чтобы соединение переподключалось если инет пропал к примеру.

micro-chipset
() автор топика
Ответ на: комментарий от micro-chipset

У меня в конфиге: 

redial = yes
redial timeout = 60
autodial = yes
И этого достаточно.

blind_oracle ★★★★★
()
Ответ на: комментарий от micro-chipset

добавить ppp debug = yes и читать логи на предмет запуска ip-up, ну и проверять таблицу маршрутизации.

blind_oracle ★★★★★
()
Ответ на: комментарий от blind_oracle

Ошибся я что это помогло. Подключен я через роутер где поднята одна vpn. А на компе я запускаяю вторую vpn. Косяк полюбому с маршрутами. Но не пойму как сделать их правильно. 

traceroute ya.ru
traceroute to ya.ru (213.180.204.3), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.473 ms  1.220 ms  1.463 ms
 2  www.yandex.ru (213.180.204.3)  6.937 ms  7.033 ms  7.114 ms
 3  82.96.194.189 (82.96.194.189)  7.199 ms  7.278 ms  7.360 ms
 4  82.96.194.145 (82.96.194.145)  34.609 ms  10.755 ms  13.844 ms
 5  82.96.194.146 (82.96.194.146)  15.379 ms  15.463 ms  15.551 ms
 6  popovich-vlan120.yandex.net (87.250.233.126)  100.464 ms  93.185 ms  90.530 ms
 7  fol2c1-s400.yandex.net (213.180.213.63)  8.503 ms  8.811 ms  9.513 ms
 8  87.250.239.40 (87.250.239.40)  15.126 ms  15.448 ms  16.078 ms
 9  www.yandex.ru (213.180.204.3)  9.105 ms  8.745 ms  9.007 ms

Тоесть пакеты пошли через роутер. 

 
 ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:8d:91:74:32  
          inet addr:10.64.116.112  Bcast:10.64.117.255  Mask:255.255.254.0
          inet6 addr: fe80::250:8dff:fe91:7432/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:28951 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8737 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7935079 (7.5 MiB)  TX bytes:1266700 (1.2 MiB)
          Interrupt:44 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1088 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1088 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:178838 (174.6 KiB)  TX bytes:178838 (174.6 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:109.94.176.125  P-t-P:10.100.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:260 (260.0 B)  TX bytes:374 (374.0 B)

Vpn то подключилась.

 
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 
10.100.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Тут я не вижу дефлоитного маршрута для ppp0 потому добавляю: 

 route add default gw 10.100.0.1

Получаю:

route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.100.0.1 0.0.0.0 UG 0 0 0 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 10.100.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Всеравно: 

traceroute ya.ru
traceroute to ya.ru (213.180.204.3), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.473 ms  1.220 ms  1.463 ms
 2  www.yandex.ru (213.180.204.3)  6.937 ms  7.033 ms  7.114 ms
 3  82.96.194.189 (82.96.194.189)  7.199 ms  7.278 ms  7.360 ms
 4  82.96.194.145 (82.96.194.145)  34.609 ms  10.755 ms  13.844 ms
 5  82.96.194.146 (82.96.194.146)  15.379 ms  15.463 ms  15.551 ms
 6  popovich-vlan120.yandex.net (87.250.233.126)  100.464 ms  93.185 ms  90.530 ms
 7  fol2c1-s400.yandex.net (213.180.213.63)  8.503 ms  8.811 ms  9.513 ms
 8  87.250.239.40 (87.250.239.40)  15.126 ms  15.448 ms  16.078 ms
 9  www.yandex.ru (213.180.204.3)  9.105 ms  8.745 ms  9.007 ms

micro-chipset
() автор топика
Ответ на: комментарий от blind_oracle

А напрямую вот: 

ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:8d:91:74:32  
          inet addr:10.64.116.112  Bcast:10.64.117.255  Mask:255.255.254.0
          inet6 addr: fe80::250:8dff:fe91:7432/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45472 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18912 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16871900 (16.0 MiB)  TX bytes:2679155 (2.5 MiB)
          Interrupt:44 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1889 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1889 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:331050 (323.2 KiB)  TX bytes:331050 (323.2 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:91.203.66.125  P-t-P:10.100.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1460  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8524503 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:40 (40.0 B)  TX bytes:3784639530 (3.5 GiB)

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.100.0.1      0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         10.64.117.254   0.0.0.0         UG    202    0        0 eth0
10.64.116.0     0.0.0.0         255.255.254.0   U     202    0        0 eth0
10.100.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

Логи:

[xl2tpd] Connecting to host 172.31.1.246, port 1701_
Mar 12 13:51:13 [xl2tpd] Connection established to 172.31.1.246, 1701.  Local: 25894, Remote: 52139 (ref=0/0)._
Mar 12 13:51:13 [xl2tpd] Calling on tunnel 25894_
Mar 12 13:51:13 [xl2tpd] Call established with 172.31.1.246, Local: 32867, Remote: 3394, Serial: 1 (ref=0/0)_
Mar 12 13:51:13 [pppd] pppd 2.4.5 started by chipset, uid 0
Mar 12 13:51:13 [pppd] Using interface ppp0
Mar 12 13:51:13 [pppd] Connect: ppp0 <--> /dev/pts/4
Mar 12 13:51:13 [pppd] CHAP authentication succeeded
                - Last output repeated twice -
Mar 12 13:51:13 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Mar 12 13:51:13 [dhcpcd] ppp0: sendmsg: Network is unreachable
Mar 12 13:51:13 [dhcpcd] ppp0: waiting for 3rd party to configure IP address
Mar 12 13:51:13 [pppd] local  IP address 91.203.66.125
Mar 12 13:51:13 [pppd] remote IP address 10.100.0.1
Mar 12 13:51:13 [dhcpcd] ppp0: removing IP address 0.0.0.0/0
Mar 12 13:51:13 [bcrelay] Active interface set changed to: eth0(0/2/5) ppp0(1/43/6) 
Mar 12 13:51:16 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
                - Last output repeated twice -
Mar 12 13:51:17 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Mar 12 13:51:17 [dhcpcd] ppp0: sendmsg: Network is unreachable
Mar 12 13:51:21 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Mar 12 13:51:21 [dhcpcd] ppp0: sendmsg: Network is unreachable
Mar 12 13:51:25 [dhcpcd] ppp0: sending IPv6 Router Solicitation
Mar 12 13:51:25 [dhcpcd] ppp0: sendmsg: Network is unreachable
Mar 12 13:51:25 [dhcpcd] ppp0: no IPv6 Routers available
Mar 12 13:51:26 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
Mar 12 13:51:30 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
                - Last output repeated twice -
Mar 12 13:51:30 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:51:30 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:51:30 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:51:30 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:51:34 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:51:34 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:51:34 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:51:34 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:51:41 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
Mar 12 13:51:41 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
                - Last output repeated twice -
Mar 12 13:51:45 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
                - Last output repeated twice -
Mar 12 13:51:53 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:51:57 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
                - Last output repeated twice -
Mar 12 13:52:12 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:52:26 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:52:26 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
Mar 12 13:52:30 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
Mar 12 13:52:42 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0 
                - Last output repeated 2 times -
Mar 12 13:53:35 [bcrelay] UDP_BroadCast(sp=68,dp=67) from: eth0 relayed to: ppp0 
Mar 12 13:53:52 [bcrelay] ignored ENOBUFS from sendto(), temporary shortage of buffer memory
Mar 12 13:53:52 [bcrelay] UDP_BroadCast(sp=67,dp=68) from: eth0 relayed to: ppp0
micro-chipset
() автор топика
Ответ на: комментарий от blind_oracle

И что самое не понятное что по pptp работает vpn pptp gentoo там добавляю дефлоитный маршрут и работает. l2tp отказывается

micro-chipset
() автор топика
Ответ на: комментарий от micro-chipset

Тут я не вижу дефлоитного маршрута для ppp0 потому добавляю:

Как это? А первая строчка - что тогда? Ты просто добавляешь второй дефолтный маршрут, нужно сделать ip route replace default via ...

Но при этом тебе нужен отдельный статический маршрут до ВПН сервера, к которому ты подключаешься, т.к. при замене дефолтного маршрута пакеты могут перестать ходить до VPN-сервера.

blind_oracle ★★★★★
()
Ответ на: комментарий от micro-chipset

Семён семёныч... как обычно:

ip route add 172.31.1.246 via x.x.x.x

blind_oracle ★★★★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Bacula TLS создание самоподписаного CA openssl
Admin
Системы учета заявок.