Итак задача - сделать софтовый шлюз + прокся и чуть позже еще и днс. Собственно на этом шлюзе будут жить 2 тоннеля. Теперь к деталям: Все будет работать на виртуальной машине(хост esxi5 u1) с Gentoo (ядро 3.6.11) и тоннели будут подниматься средствами stunnel. Собственно проблема вот какая. Тоннель вроде как устанавливается, но устройство ppp0 не появляется и адреса концам тоннеля не назначаются. Спустя 5 минут таймаута тоннель рвется. В инете нашел кучу «манов» , документация https://www.stunnel.org/howto.html и тп зачитана до дыр. man pppd и /usr/share/doc/openrc*/net.example* тоже изучены, но както не сростается. Симлинк на ppp0 присутсвует Тоннель пока что в качестве теста запускаю между этой машиной и ее клоном( адрес ip и mac на клоне естественно изменены), находящиймся на том же хосте виртуализации. до запуска стуннеля все выглядит так
ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet X.X.X.6 netmask 255.255.255.0 broadcast X.X.X.255
ether a4:0c:29:7f:3c:d3 txqueuelen 1000 (Ethernet)
RX packets 276 bytes 23276 (22.7 KiB)
RX errors 0 dropped 12 overruns 0 frame 0
TX packets 73 bytes 8034 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 160 X.X.X.6:ssh X.X.X.15:60009 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 4 [ ] DGRAM 5079 /dev/log
unix 3 [ ] DGRAM 4432
unix 2 [ ] DGRAM 5660
unix 2 [ ] DGRAM 5702
unix 3 [ ] DGRAM 4433
После запуска
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet X.X.X.6 netmask 255.255.255.0 broadcast X.X.X.255
ether a4:0c:29:7f:3c:d3 txqueuelen 1000 (Ethernet)
RX packets 1326 bytes 102682 (100.2 KiB)
RX errors 0 dropped 60 overruns 0 frame 0
TX packets 181 bytes 24439 (23.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 160 X.X.X.6:ssh X.X.X.15:60009 ESTABLISHED
tcp 0 0 X.X.X.6:311 X.X.X.7:53279 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 5 [ ] DGRAM 5079 /dev/log
unix 3 [ ] STREAM CONNECTED 8236
unix 3 [ ] DGRAM 4432
unix 3 [ ] STREAM CONNECTED 8232
unix 3 [ ] STREAM CONNECTED 8234
unix 3 [ ] STREAM CONNECTED 8237
unix 2 [ ] DGRAM 8240
unix 3 [ ] STREAM CONNECTED 8231
unix 3 [ ] STREAM CONNECTED 8235
unix 3 [ ] STREAM CONNECTED 8238
unix 2 [ ] DGRAM 5660
unix 2 [ ] DGRAM 5702
unix 3 [ ] STREAM CONNECTED 8239
unix 3 [ ] DGRAM 4433
unix 3 [ ] STREAM CONNECTED 8233
unix 3 [ ] STREAM CONNECTED 8230
conf.d/net
config_eth0=( "X.X.X.6 netmask 255.255.255.0 brd X.X.X.255" )
routes_eth0=( "default gw X.X.X.1" )
dns_servers_eth0="8.8.8.8"
config_ppp0="ppp"
link_ppp0="pty 'чтототам --nolauchpppd'" <-вот эта строчка мне кажестя самой интересной насколько я понял это какраз и связывает конкретный виртуальынй интерфейс с соответсвующим ему тоннелем
pppd_ppp0="noauth"
stunnel.conf server side
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
client = no
[ppp]
client = no
accept = 311
exec = /usr/sbin/pppd
execargs = pppd local ipcp-accept-local ipcp-accept-remote ktune
pty = yes
stunnel.conf client side
cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
client = yes
[ppp]
connect = X.X.X.6:311
exec = /usr/sbin/pppd
execargs = pppd local 192.168.6.6:192.168.6.5 ipcp-accept-local ipcp-accept-remote ktune
pty = yes
Свою проблему с учетом прочитанной документации я бы истолковал так ( до конца не уверен что правильно интерпритировал проблему) : Система не понимает к какому интерфейсу биндить тоннель. Я так понимаю при установлении тоннеля в execargs = pppd local 192.168.6.6:192.168.6.5 ipcp-accept-local ipcp-accept-remote ktune
надо дописать имя виртуальной консоли ttyname <аргумент> , а в /etc/conf.d/net для ppp0 указать правильное имя виртуальной консоли. Но что-то не сростается
stunnel.log выглядит так
2013.04.16 10:41:22 LOG7[17408:140132914923264]: Dispatching signals from the signal pipe
2013.04.16 10:41:22 LOG5[17408:140132914923264]: Received signal 15; terminating
2013.04.16 10:41:22 LOG7[17408:140132914923264]: str_stats: 51 block(s), 3307 data byte(s), 2550 control byte(s)
2013.04.16 10:41:22 LOG7[17408:140132914923264]: removing pid file /var/run/stunnel.pid
2013.04.16 10:41:22 LOG7[17473:140419261986560]: No limit detected for the number of clients
2013.04.16 10:41:22 LOG7[17473:140419261986560]: signal_pipe: FD=3 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: signal_pipe: FD=4 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG5[17473:140419261986560]: stunnel 4.44 on x86_64-pc-linux-gnu platform
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv4
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Reading configuration from file /etc/stunnel/stunnel.conf
2013.04.16 10:41:22 LOG7[17473:140419261986560]: PRNG seeded successfully
2013.04.16 10:41:22 LOG6[17473:140419261986560]: Initializing SSL context for service ppp
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Certificate: /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Certificate loaded
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Key file: /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Private key loaded
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Could not load DH parameters from /etc/stunnel/stunnel.pem
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Using hardcoded DH parameters
2013.04.16 10:41:22 LOG7[17473:140419261986560]: DH initialized with 2048-bit key
2013.04.16 10:41:22 LOG7[17473:140419261986560]: ECDH initialized with curve prime256v1
2013.04.16 10:41:22 LOG7[17473:140419261986560]: SSL options set: 0x00000804
2013.04.16 10:41:22 LOG6[17473:140419261986560]: SSL context initialized
2013.04.16 10:41:22 LOG5[17473:140419261986560]: Configuration successful
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=5 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=6 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=6 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=7 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=7 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=8 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=8 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=9 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=9 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: libwrap_init: FD=10 allocated (blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: accept socket: FD=10 allocated (non-blocking mode)
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Option SO_REUSEADDR set on accept socket
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Service ppp bound to 0.0.0.0:311
2013.04.16 10:41:22 LOG7[17473:140419261986560]: Service ppp opened FD=10
2013.04.16 10:41:22 LOG7[17479:140419261986560]: Created pid file /var/run/stunnel.pid
2013.04.16 10:41:31 LOG7[17479:140419261986560]: local socket: FD=0 allocated (non-blocking mode)
2013.04.16 10:41:31 LOG7[17479:140419261986560]: Service ppp accepted FD=0 from X.X.X.5:53281
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Service ppp started
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Option TCP_NODELAY set on local socket
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Waiting for a libwrap process
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Acquired libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Releasing libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Released libwrap process #0
2013.04.16 10:41:31 LOG7[17479:140419261978368]: Service ppp permitted by libwrap from X.X.X.5:53281
2013.04.16 10:41:31 LOG5[17479:140419261978368]: Service ppp accepted connection from X.X.X.5:53281
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): before/accept initialization
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 read client hello A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write server hello A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write certificate A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write key exchange A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 write certificate request A
2013.04.16 10:41:31 LOG7[17479:140419261978368]: SSL state (accept): SSLv3 flush data
2013.04.16 10:46:31 LOG6[17479:140419261978368]: init_ssl: s_poll_wait: TIMEOUTbusy exceeded: sending reset
2013.04.16 10:46:31 LOG5[17479:140419261978368]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2013.04.16 10:46:31 LOG7[17479:140419261978368]: Service ppp finished (0 left)
2013.04.16 10:46:31 LOG7[17479:140419261978368]: str_stats: 0 block(s), 0 data byte(s), 0 control byte(s)
а это кусок sysloga
2013-04-16T10:52:59.205917+04:00 Rin kernel: kjournald starting. Commit interval 5 seconds
2013-04-16T10:52:59.205918+04:00 Rin kernel: EXT3-fs (sda1): using internal journal
2013-04-16T10:52:59.205920+04:00 Rin kernel: EXT3-fs (sda1): mounted filesystem with ordered data mode
2013-04-16T10:52:59.205922+04:00 Rin kernel: e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
2013-04-16T10:52:59.594431+04:00 Rin sshd[14818]: Server listening on 0.0.0.0 port 22.
2013-04-16T10:54:03.288452+04:00 Rin sshd[14857]: SSH: Server;Ltype: Version;Remote: X.X.X.211-44747;Protocol: 2.0;Client: OpenSSH_5.5p1 Debian-4ubuntu4
2013-04-16T10:54:03.289025+04:00 Rin sshd[14857]: SSH: Server;Ltype: Kex;Remote: X.X.X.211-44747;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
2013-04-16T10:54:03.375327+04:00 Rin sshd[14857]: SSH: Server;Ltype: Authname;Remote: X.X.X.211-44747;Name: root [preauth]
2013-04-16T10:54:07.281373+04:00 Rin sshd[14857]: Accepted keyboard-interactive/pam for root from X.X.X.211 port 44747 ssh2
2013-04-16T10:54:19.092230+04:00 Rin stunnel: LOG5[14890:140623055394560]: stunnel 4.44 on x86_64-pc-linux-gnu platform
2013-04-16T10:54:19.092269+04:00 Rin stunnel: LOG5[14890:140623055394560]: Compiled/running with OpenSSL 1.0.1c 10 May 2012
2013-04-16T10:54:19.092294+04:00 Rin stunnel: LOG5[14890:140623055394560]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv4
2013-04-16T10:54:19.092317+04:00 Rin stunnel: LOG5[14890:140623055394560]: Reading configuration from file /etc/stunnel/stunnel.conf
2013-04-16T10:54:19.092355+04:00 Rin stunnel: LOG6[14890:140623055394560]: Initializing SSL context for service ppp
2013-04-16T10:54:19.092513+04:00 Rin stunnel: LOG6[14890:140623055394560]: SSL context initialized
2013-04-16T10:54:19.092540+04:00 Rin stunnel: LOG5[14890:140623055394560]: Configuration successful
на всякий случай
[ebuild R ] sys-fs/udev-197-r8 USE="acl hwdb kmod openrc -doc -gudev -introspection -keymap (-selinux) -static-libs"
[ebuild R ] virtual/udev-197-r2 USE="kmod -gudev -hwdb -introspection -keymap (-selinux) -static-libs"