LINUX.ORG.RU
ФорумAdmin

Gentoo + stunnel +pppd

 , , , ,


0

0

Итак задача - сделать софтовый шлюз + прокся и чуть позже еще и днс. Собственно на этом шлюзе будут жить 2 тоннеля. Теперь к деталям: Все будет работать на виртуальной машине(хост esxi5 u1) с Gentoo (ядро 3.6.11) и тоннели будут подниматься средствами stunnel. Собственно проблема вот какая. Тоннель вроде как устанавливается, но устройство ppp0 не появляется и адреса концам тоннеля не назначаются. Спустя 5 минут таймаута тоннель рвется. В инете нашел кучу «манов» , документация https://www.stunnel.org/howto.html и тп зачитана до дыр. man pppd и /usr/share/doc/openrc*/net.example* тоже изучены, но както не сростается. Симлинк на ppp0 присутсвует Тоннель пока что в качестве теста запускаю между этой машиной и ее клоном( адрес ip и mac на клоне естественно изменены), находящиймся на том же хосте виртуализации. до запуска стуннеля все выглядит так

ifconfig -a

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.X.X.6  netmask 255.255.255.0  broadcast X.X.X.255
        ether a4:0c:29:7f:3c:d3  txqueuelen 1000  (Ethernet)
        RX packets 276  bytes 23276 (22.7 KiB)
        RX errors 0  dropped 12  overruns 0  frame 0
        TX packets 73  bytes 8034 (7.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



netstat 

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0    160 X.X.X.6:ssh            X.X.X.15:60009        ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  4      [ ]         DGRAM                    5079     /dev/log
unix  3      [ ]         DGRAM                    4432     
unix  2      [ ]         DGRAM                    5660     
unix  2      [ ]         DGRAM                    5702     
unix  3      [ ]         DGRAM                    4433  

После запуска

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet X.X.X.6  netmask 255.255.255.0  broadcast X.X.X.255
        ether a4:0c:29:7f:3c:d3  txqueuelen 1000  (Ethernet)
        RX packets 1326  bytes 102682 (100.2 KiB)
        RX errors 0  dropped 60  overruns 0  frame 0
        TX packets 181  bytes 24439 (23.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


netstat

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0    160 X.X.X.6:ssh            X.X.X.15:60009        ESTABLISHED
tcp        0      0 X.X.X.6:311            X.X.X.7:53279          ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  5      [ ]         DGRAM                    5079     /dev/log
unix  3      [ ]         STREAM     CONNECTED     8236     
unix  3      [ ]         DGRAM                    4432     
unix  3      [ ]         STREAM     CONNECTED     8232     
unix  3      [ ]         STREAM     CONNECTED     8234     
unix  3      [ ]         STREAM     CONNECTED     8237     
unix  2      [ ]         DGRAM                    8240     
unix  3      [ ]         STREAM     CONNECTED     8231     
unix  3      [ ]         STREAM     CONNECTED     8235     
unix  3      [ ]         STREAM     CONNECTED     8238     
unix  2      [ ]         DGRAM                    5660     
unix  2      [ ]         DGRAM                    5702     
unix  3      [ ]         STREAM     CONNECTED     8239     
unix  3      [ ]         DGRAM                    4433     
unix  3      [ ]         STREAM     CONNECTED     8233     
unix  3      [ ]         STREAM     CONNECTED     8230 

conf.d/net


config_eth0=( "X.X.X.6 netmask 255.255.255.0 brd X.X.X.255" )
routes_eth0=( "default gw X.X.X.1" )
dns_servers_eth0="8.8.8.8"

config_ppp0="ppp"
link_ppp0="pty 'чтототам --nolauchpppd'"      <-вот эта строчка мне кажестя самой интересной насколько я понял это какраз и связывает конкретный виртуальынй интерфейс с соответсвующим ему тоннелем 
pppd_ppp0="noauth"

stunnel.conf server side

cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
client = no

[ppp]
 client = no
 accept = 311
 exec = /usr/sbin/pppd
 execargs = pppd local ipcp-accept-local ipcp-accept-remote ktune
 pty = yes

stunnel.conf client side

cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
client = yes

[ppp]
 connect = X.X.X.6:311
 exec = /usr/sbin/pppd
 execargs = pppd local 192.168.6.6:192.168.6.5 ipcp-accept-local ipcp-accept-remote ktune
 pty = yes

Свою проблему с учетом прочитанной документации я бы истолковал так ( до конца не уверен что правильно интерпритировал проблему) : Система не понимает к какому интерфейсу биндить тоннель. Я так понимаю при установлении тоннеля в execargs = pppd local 192.168.6.6:192.168.6.5 ipcp-accept-local ipcp-accept-remote ktune

надо дописать имя виртуальной консоли ttyname <аргумент> , а в /etc/conf.d/net для ppp0 указать правильное имя виртуальной консоли. Но что-то не сростается

stunnel.log выглядит так

2013.04.16 10:41:22 LOG7[17408:140132914923264]: Dispatching signals from the signal pipe
2013.04.16 10:41:22 LOG5[17408:140132914923264]: Received signal 15; terminating
2013.04.16 10:41:22 LOG7[17408:140132914923264]: str_stats: 51 block(s), 3307 data byte(s), 2550 control byte(s)
2013.04.16 10:41:22 LOG7[17408:140132914923264]: removing pid file /var/run/stunnel.pid
2013.04.16 10:41:22 LOG7[17473:140419261986560]: No limit detected for the number of clients
2013.04.16 10:41:22 LOG7[17473:140419261986560]: signal_pipe: FD=3 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: signal_pipe: FD=4 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG5[17473:140419261986560]: stunnel 4.44 on x86_64-pc-linux-gnu platform
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv4
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Reading configuration from file /etc/stunnel/stunnel.conf
2013.04.16 10:41:22 LOG7[17473:140419261986560]: PRNG seeded successfully
2013.04.16 10:41:22 LOG6[17473:140419261986560]: Initializing SSL context for service ppp
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Certificate: /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Certificate loaded
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Key file: /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Private key loaded
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Could not load DH parameters from /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Using hardcoded DH parameters
2013.04.16 10:41:22 LOG7[17473:140419261986560]: DH initialized with 2048-bit key
2013.04.16 10:41:22 LOG7[17473:140419261986560]: ECDH initialized with curve prime256v1
2013.04.16 10:41:22 LOG7[17473:140419261986560]: SSL options set: 0x00000804
2013.04.16 10:41:22 LOG6[17473:140419261986560]: SSL context initialized
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Configuration successful
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=5 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=6 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=6 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=7 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=7 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=8 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=8 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=9 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=9 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=10 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: accept socket: FD=10 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Option SO_REUSEADDR set on accept socket
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Service ppp bound to 0.0.0.0:311
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Service ppp opened FD=10
2013.04.16 10:41:22 LOG7[17479:140419261986560]: Created pid file /var/run/stunnel.pid
2013.04.16 10:41:31 LOG7[17479:140419261986560]: local socket: FD=0 allocated (non-blocking mode)
2013.04.16 10:41:31 LOG7[17479:140419261986560]: Service ppp accepted FD=0 from X.X.X.5:53281
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Service ppp started
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Option TCP_NODELAY set on local socket
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Waiting for a libwrap process
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Acquired libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Releasing libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Released libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Service ppp permitted by libwrap from X.X.X.5:53281
2013.04.16 10:41:31 LOG5[17479:140419261978368]: Service ppp accepted connection from X.X.X.5:53281
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): before/accept initialization
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 read client hello A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write server hello A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write certificate A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write key exchange A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write certificate request A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 flush data
2013.04.16 10:46:31 LOG6[17479:140419261978368]: init_ssl: s_poll_wait: TIMEOUTbusy exceeded: sending reset
2013.04.16 10:46:31 LOG5[17479:140419261978368]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2013.04.16 10:46:31 LOG7[17479:140419261978368]: Service ppp finished (0 left)
2013.04.16 10:46:31 LOG7[17479:140419261978368]: str_stats: 0 block(s), 0 data byte(s), 0 control byte(s)

а это кусок sysloga

2013-04-16T10:52:59.205917+04:00 Rin kernel: kjournald starting.  Commit interval 5 seconds
2013-04-16T10:52:59.205918+04:00 Rin kernel: EXT3-fs (sda1): using internal journal
2013-04-16T10:52:59.205920+04:00 Rin kernel: EXT3-fs (sda1): mounted filesystem with ordered data mode
2013-04-16T10:52:59.205922+04:00 Rin kernel: e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
2013-04-16T10:52:59.594431+04:00 Rin sshd[14818]: Server listening on 0.0.0.0 port 22.
2013-04-16T10:54:03.288452+04:00 Rin sshd[14857]: SSH: Server;Ltype: Version;Remote: X.X.X.211-44747;Protocol: 2.0;Client: OpenSSH_5.5p1 Debian-4ubuntu4
2013-04-16T10:54:03.289025+04:00 Rin sshd[14857]: SSH: Server;Ltype: Kex;Remote: X.X.X.211-44747;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
2013-04-16T10:54:03.375327+04:00 Rin sshd[14857]: SSH: Server;Ltype: Authname;Remote: X.X.X.211-44747;Name: root [preauth]
2013-04-16T10:54:07.281373+04:00 Rin sshd[14857]: Accepted keyboard-interactive/pam for root from X.X.X.211 port 44747 ssh2
2013-04-16T10:54:19.092230+04:00 Rin stunnel: LOG5[14890:140623055394560]: stunnel 4.44 on x86_64-pc-linux-gnu platform
2013-04-16T10:54:19.092269+04:00 Rin stunnel: LOG5[14890:140623055394560]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2013-04-16T10:54:19.092294+04:00 Rin stunnel: LOG5[14890:140623055394560]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv4
2013-04-16T10:54:19.092317+04:00 Rin stunnel: LOG5[14890:140623055394560]: Reading configuration from file /etc/stunnel/stunnel.conf
2013-04-16T10:54:19.092355+04:00 Rin stunnel: LOG6[14890:140623055394560]: Initializing SSL context for service ppp
2013-04-16T10:54:19.092513+04:00 Rin stunnel: LOG6[14890:140623055394560]: SSL context initialized
2013-04-16T10:54:19.092540+04:00 Rin stunnel: LOG5[14890:140623055394560]: Configuration successful

на всякий случай

[ebuild   R    ] sys-fs/udev-197-r8  USE="acl hwdb kmod openrc -doc -gudev -introspection -keymap (-selinux) -static-libs"
[ebuild   R    ] virtual/udev-197-r2  USE="kmod -gudev -hwdb -introspection -keymap (-selinux) -static-libs"


Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.