LINUX.ORG.RU

Сообщения wmlex

 

Низкая скорость передачи данных WiFi (hostapd).

Форум — Linux-hardware

Здравствуйте! Есть домашний роутер/сервер на базе тонкого клиента HP t5550. В качестве ОС используется CentOS 6.6. На сервере поднята программная точка доступа при помощи hostapd и Mini PCI Express адаптера Intel® Centrino® Advanced-N 6230. Все в общем работает, но скорость соответствует стандарту «g» а не «n». Iperf показывает пропускную способность порядка 40-50 Мбит/с, а хочется больше :). Много всего перепробовал: собирал последний hostapd, накатывал другое ядро из ELRepo, утаннавливал CentOS 7.1, менял даптер на Atheros AR5B95, но результат остался прежнем. Подскажите, может быть я что-то упускаю.

hostapd.conf 

interface=wlan0
bridge=br0
driver=nl80211

logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

##### IEEE 802.11 related configuration #######################################

ssid=Home
country_code=US
hw_mode=g
channel=6
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
preamble=0
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1

##### IEEE 802.11n related configuration ######################################

ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]

##### WPA/IEEE 802.11i configuration ##########################################

wpa=2
wpa_passphrase=*********
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa_group_rekey=600

CentOS 6.6 

# uname -r
2.6.32-504.12.2.el6.i686

# lspci
00:00.0 Host bridge: VIA Technologies, Inc. VX900 Host Bridge: Host Control (rev 80)
00:00.1 Host bridge: VIA Technologies, Inc. VX900 Error Reporting
00:00.2 Host bridge: VIA Technologies, Inc. VX900 CPU Bus Controller
00:00.3 Host bridge: VIA Technologies, Inc. VX900 DRAM Bus Control
00:00.4 Host bridge: VIA Technologies, Inc. VX900 Power Management and Chip Testing Control
00:00.5 Host bridge: VIA Technologies, Inc. VX900 APIC and Central Traffic Control
00:00.6 Host bridge: VIA Technologies, Inc. VX900 Scratch Registers
00:00.7 Host bridge: VIA Technologies, Inc. VX900 North-South Module Interface Control
00:01.0 VGA compatible controller: VIA Technologies, Inc. VX900 Graphics [Chrome9 HD]
00:01.1 Audio device: VIA Technologies, Inc. Device 9170
00:03.0 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 0
00:03.1 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 1
00:03.2 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 2
00:03.3 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 3
00:03.4 Host bridge: VIA Technologies, Inc. VX900 PCI Express Physical Layer Electrical Sub-block
00:0f.0 IDE interface: VIA Technologies, Inc. VX900 Serial ATA Controller
00:10.0 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.1 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.2 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.4 USB controller: VIA Technologies, Inc. USB 2.0 (rev 90)
00:11.0 ISA bridge: VIA Technologies, Inc. VX900 Bus Control and Power Management
00:11.7 Host bridge: VIA Technologies, Inc. VX8xx South-North Module Interface Control
00:13.0 PCI bridge: VIA Technologies, Inc. VX855/VX875/VX900 PCI to PCI Bridge
00:14.0 Audio device: VIA Technologies, Inc. VT8237A/VT8251 HDA Controller (rev 20)
02:00.0 Network controller: Intel Corporation Centrino Advanced-N 6230 [Rainbow Peak] (rev 34)
05:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe (rev 01)

# lsmod | grep iw
iwldvm                120726  0
mac80211              461788  1 iwldvm
iwlwifi                79897  1 iwldvm
cfg80211              515738  3 iwldvm,mac80211,iwlwifi

# hostapd -v
hostapd v2.0
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors

# iw list
Wiphy phy0
        max # scan SSIDs: 20
        max scan IEs length: 195 bytes
        Coverage class: 0 (up to 0m)
        Device supports RSN-IBSS.
        Supported Ciphers:
                * WEP40 (00-0f-ac:1)
                * WEP104 (00-0f-ac:5)
                * TKIP (00-0f-ac:2)
                * CCMP (00-0f-ac:4)
        Available Antennas: TX 0 RX 0
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
        Band 1:
                Capabilities: 0x1072
                        HT20/HT40
                        Static SM Power Save
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        No RX STBC
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 4 usec (0x05)
                HT TX/RX MCS rate indexes supported: 0-15, 32
                Bitrates (non-HT):
                        * 1.0 Mbps
                        * 2.0 Mbps (short preamble supported)
                        * 5.5 Mbps (short preamble supported)
                        * 11.0 Mbps (short preamble supported)
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 2412 MHz [1] (15.0 dBm)
                        * 2417 MHz [2] (15.0 dBm)
                        * 2422 MHz [3] (15.0 dBm)
                        * 2427 MHz [4] (15.0 dBm)
                        * 2432 MHz [5] (15.0 dBm)
                        * 2437 MHz [6] (15.0 dBm)
                        * 2442 MHz [7] (15.0 dBm)
                        * 2447 MHz [8] (15.0 dBm)
                        * 2452 MHz [9] (15.0 dBm)
                        * 2457 MHz [10] (15.0 dBm)
                        * 2462 MHz [11] (15.0 dBm)
                        * 2467 MHz [12] (disabled)
                        * 2472 MHz [13] (disabled)
        Band 2:
                Capabilities: 0x1072
                        HT20/HT40
                        Static SM Power Save
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        No RX STBC
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 4 usec (0x05)
                HT TX/RX MCS rate indexes supported: 0-15, 32
                Bitrates (non-HT):
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 5180 MHz [36] (15.0 dBm) (passive scanning, no IBSS)
                        * 5200 MHz [40] (15.0 dBm) (passive scanning, no IBSS)
                        * 5220 MHz [44] (15.0 dBm) (passive scanning, no IBSS)
                        * 5240 MHz [48] (15.0 dBm) (passive scanning, no IBSS)
                        * 5260 MHz [52] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 163 sec)
                        * 5280 MHz [56] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 163 sec)
                        * 5300 MHz [60] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 163 sec)
                        * 5320 MHz [64] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 163 sec)
                        * 5500 MHz [100] (disabled)
                        * 5520 MHz [104] (disabled)
                        * 5540 MHz [108] (disabled)
                        * 5560 MHz [112] (disabled)
                        * 5580 MHz [116] (disabled)
                        * 5600 MHz [120] (disabled)
                        * 5620 MHz [124] (disabled)
                        * 5640 MHz [128] (disabled)
                        * 5660 MHz [132] (disabled)
                        * 5680 MHz [136] (disabled)
                        * 5700 MHz [140] (disabled)
                        * 5745 MHz [149] (15.0 dBm) (passive scanning, no IBSS)
                        * 5765 MHz [153] (15.0 dBm) (passive scanning, no IBSS)
                        * 5785 MHz [157] (15.0 dBm) (passive scanning, no IBSS)
                        * 5805 MHz [161] (15.0 dBm) (passive scanning, no IBSS)
                        * 5825 MHz [165] (15.0 dBm) (passive scanning, no IBSS)
        Supported commands:
                 * new_interface
                 * set_interface
                 * new_key
                 * start_ap
                 * new_station
                 * set_bss
                 * authenticate
                 * associate
                 * deauthenticate
                 * disassociate
                 * join_ibss
                 * remain_on_channel
                 * set_tx_bitrate_mask
                 * frame
                 * frame_wait_cancel
                 * set_wiphy_netns
                 * set_channel
                 * set_wds_peer
                 * probe_client
                 * set_noack_map
                 * register_beacons
                 * start_p2p_device
                 * Unknown command (92)
                 * connect
                 * disconnect
        Supported TX frame types:
                 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
        Supported RX frame types:
                 * IBSS: 0x40 0xb0 0xc0 0xd0
                 * managed: 0x40 0xd0
                 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * mesh point: 0xb0 0xc0 0xd0
                 * P2P-client: 0x40 0xd0
                 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * P2P-device: 0x40 0xd0
        WoWLAN support:
                 * wake up on disconnect
                 * wake up on magic packet
                 * wake up on pattern match, up to 20 patterns of 16-128 bytes,
                   maximum packet offset 0 bytes
                 * can do GTK rekeying
                 * wake up on GTK rekey failure
                 * wake up on EAP identity request
                 * wake up on rfkill release
        software interface modes (can always be added):
                 * AP/VLAN
                 * monitor
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP } <= 1,
                   total <= 2, #channels <= 1, STA/AP BI must match
                 * #{ managed } <= 2,
                   total <= 2, #channels <= 1
        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Device supports TX status socket option.
        Device supports HT-IBSS.
        Device supports scan flush.

# ls -la /lib/firmware/iwlwifi-*
-rw-r--r--. 1 root root 689680 Мар 11 20:23 /lib/firmware/iwlwifi-105-6.ucode
-rw-r--r--. 1 root root 701228 Мар 11 20:23 /lib/firmware/iwlwifi-135-6.ucode
-rw-r--r--. 1 root root 695876 Мар 11 20:23 /lib/firmware/iwlwifi-2000-6.ucode
-rw-r--r--. 1 root root 707392 Мар 11 20:23 /lib/firmware/iwlwifi-2030-6.ucode
-rw-r--r--. 1 root root 670484 Мар 11 20:23 /lib/firmware/iwlwifi-3160-7.ucode
-rw-r--r--. 1 root root 677296 Мар 11 20:23 /lib/firmware/iwlwifi-6000g2a-6.ucode
-rw-r--r--. 1 root root 679436 Мар 11 20:23 /lib/firmware/iwlwifi-6000g2b-6.ucode
-rw-r--r--. 1 root root 683236 Мар 11 20:23 /lib/firmware/iwlwifi-7260-7.ucode

CentOS 7.1 

# uname -r
3.10.0-229.1.2.el7.x86_64

# lspci
00:00.0 Host bridge: VIA Technologies, Inc. VX900 Host Bridge: Host Control (rev 80)
00:00.1 Host bridge: VIA Technologies, Inc. VX900 Error Reporting
00:00.2 Host bridge: VIA Technologies, Inc. VX900 CPU Bus Controller
00:00.3 Host bridge: VIA Technologies, Inc. VX900 DRAM Bus Control
00:00.4 Host bridge: VIA Technologies, Inc. VX900 Power Management and Chip Testing Control
00:00.5 Host bridge: VIA Technologies, Inc. VX900 APIC and Central Traffic Control
00:00.6 Host bridge: VIA Technologies, Inc. VX900 Scratch Registers
00:00.7 Host bridge: VIA Technologies, Inc. VX900 North-South Module Interface Control
00:01.0 VGA compatible controller: VIA Technologies, Inc. VX900 Graphics [Chrome9 HD]
00:01.1 Audio device: VIA Technologies, Inc. Device 9170
00:03.0 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 0
00:03.1 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 1
00:03.2 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 2
00:03.3 PCI bridge: VIA Technologies, Inc. VX900 PCI Express Root Port 3
00:03.4 Host bridge: VIA Technologies, Inc. VX900 PCI Express Physical Layer Electrical Sub-block
00:0f.0 IDE interface: VIA Technologies, Inc. VX900 Serial ATA Controller
00:10.0 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.1 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.2 USB controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev a0)
00:10.4 USB controller: VIA Technologies, Inc. USB 2.0 (rev 90)
00:11.0 ISA bridge: VIA Technologies, Inc. VX900 Bus Control and Power Management
00:11.7 Host bridge: VIA Technologies, Inc. VX8xx South-North Module Interface Control
00:13.0 PCI bridge: VIA Technologies, Inc. VX855/VX875/VX900 PCI to PCI Bridge
00:14.0 Audio device: VIA Technologies, Inc. VT8237A/VT8251 HDA Controller (rev 20)
02:00.0 Network controller: Intel Corporation Centrino Advanced-N 6230 [Rainbow Peak] (rev 34)
05:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe (rev 01)

lsmod | grep iw
iwldvm                188954  0
mac80211              569655  1 iwldvm
iwlwifi               112501  1 iwldvm
cfg80211              514740  3 iwlwifi,mac80211,iwldvm

# hostapd -v
hostapd v2.3
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> and contributors

# iw list
Wiphy phy0
        max # scan SSIDs: 20
        max scan IEs length: 195 bytes
        Coverage class: 0 (up to 0m)
        Device supports RSN-IBSS.
        Supported Ciphers:
                * WEP40 (00-0f-ac:1)
                * WEP104 (00-0f-ac:5)
                * TKIP (00-0f-ac:2)
                * CCMP (00-0f-ac:4)
        Available Antennas: TX 0 RX 0
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
        Band 1:
                Capabilities: 0x1072
                        HT20/HT40
                        Static SM Power Save
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        No RX STBC
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 4 usec (0x05)
                HT TX/RX MCS rate indexes supported: 0-15, 32
                Bitrates (non-HT):
                        * 1.0 Mbps
                        * 2.0 Mbps (short preamble supported)
                        * 5.5 Mbps (short preamble supported)
                        * 11.0 Mbps (short preamble supported)
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 2412 MHz [1] (15.0 dBm)
                        * 2417 MHz [2] (15.0 dBm)
                        * 2422 MHz [3] (15.0 dBm)
                        * 2427 MHz [4] (15.0 dBm)
                        * 2432 MHz [5] (15.0 dBm)
                        * 2437 MHz [6] (15.0 dBm)
                        * 2442 MHz [7] (15.0 dBm)
                        * 2447 MHz [8] (15.0 dBm)
                        * 2452 MHz [9] (15.0 dBm)
                        * 2457 MHz [10] (15.0 dBm)
                        * 2462 MHz [11] (15.0 dBm)
                        * 2467 MHz [12] (disabled)
                        * 2472 MHz [13] (disabled)
        Band 2:
                Capabilities: 0x1072
                        HT20/HT40
                        Static SM Power Save
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        No RX STBC
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 4 usec (0x05)
                HT TX/RX MCS rate indexes supported: 0-15, 32
                Bitrates (non-HT):
                        * 6.0 Mbps
                        * 9.0 Mbps
                        * 12.0 Mbps
                        * 18.0 Mbps
                        * 24.0 Mbps
                        * 36.0 Mbps
                        * 48.0 Mbps
                        * 54.0 Mbps
                Frequencies:
                        * 5180 MHz [36] (15.0 dBm) (passive scanning, no IBSS)
                        * 5200 MHz [40] (15.0 dBm) (passive scanning, no IBSS)
                        * 5220 MHz [44] (15.0 dBm) (passive scanning, no IBSS)
                        * 5240 MHz [48] (15.0 dBm) (passive scanning, no IBSS)
                        * 5260 MHz [52] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 232 sec)
                        * 5280 MHz [56] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 232 sec)
                        * 5300 MHz [60] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 232 sec)
                        * 5320 MHz [64] (15.0 dBm) (passive scanning, no IBSS, radar detection)
                          DFS state: usable (for 232 sec)
                        * 5500 MHz [100] (disabled)
                        * 5520 MHz [104] (disabled)
                        * 5540 MHz [108] (disabled)
                        * 5560 MHz [112] (disabled)
                        * 5580 MHz [116] (disabled)
                        * 5600 MHz [120] (disabled)
                        * 5620 MHz [124] (disabled)
                        * 5640 MHz [128] (disabled)
                        * 5660 MHz [132] (disabled)
                        * 5680 MHz [136] (disabled)
                        * 5700 MHz [140] (disabled)
                        * 5745 MHz [149] (15.0 dBm) (passive scanning, no IBSS)
                        * 5765 MHz [153] (15.0 dBm) (passive scanning, no IBSS)
                        * 5785 MHz [157] (15.0 dBm) (passive scanning, no IBSS)
                        * 5805 MHz [161] (15.0 dBm) (passive scanning, no IBSS)
                        * 5825 MHz [165] (15.0 dBm) (passive scanning, no IBSS)
        Supported commands:
                 * new_interface
                 * set_interface
                 * new_key
                 * start_ap
                 * new_station
                 * set_bss
                 * authenticate
                 * associate
                 * deauthenticate
                 * disassociate
                 * join_ibss
                 * set_tx_bitrate_mask
                 * frame
                 * frame_wait_cancel
                 * set_wiphy_netns
                 * set_channel
                 * set_wds_peer
                 * probe_client
                 * set_noack_map
                 * register_beacons
                 * start_p2p_device
                 * Unknown command (92)
                 * Unknown command (104)
                 * connect
                 * disconnect
        Supported TX frame types:
                 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
        Supported RX frame types:
                 * IBSS: 0x40 0xb0 0xc0 0xd0
                 * managed: 0x40 0xd0
                 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * mesh point: 0xb0 0xc0 0xd0
                 * P2P-client: 0x40 0xd0
                 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                 * P2P-device: 0x40 0xd0
        WoWLAN support:
                 * wake up on disconnect
                 * wake up on magic packet
                 * wake up on pattern match, up to 20 patterns of 16-128 bytes,
                   maximum packet offset 0 bytes
                 * can do GTK rekeying
                 * wake up on GTK rekey failure
                 * wake up on EAP identity request
                 * wake up on rfkill release
        software interface modes (can always be added):
                 * AP/VLAN
                 * monitor
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP } <= 1,
                   total <= 2, #channels <= 1, STA/AP BI must match
                 * #{ managed } <= 2,
                   total <= 2, #channels <= 1
        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Device supports TX status socket option.
        Device supports HT-IBSS.
        Device supports scan flush.

# ls -la /lib/firmware/iwlwifi-*
-rw-r--r--. 1 root root 335056 мар  6 06:47 /lib/firmware/iwlwifi-1000-3.ucode
-rw-r--r--. 1 root root 337520 мар  6 06:47 /lib/firmware/iwlwifi-1000-5.ucode
-rw-r--r--. 1 root root 337572 мар  6 06:47 /lib/firmware/iwlwifi-100-5.ucode
-rw-r--r--. 1 root root 689680 мар  6 06:47 /lib/firmware/iwlwifi-105-6.ucode
-rw-r--r--. 1 root root 701228 мар  6 06:47 /lib/firmware/iwlwifi-135-6.ucode
-rw-r--r--. 1 root root 695876 мар  6 06:47 /lib/firmware/iwlwifi-2000-6.ucode
-rw-r--r--. 1 root root 707392 мар  6 06:47 /lib/firmware/iwlwifi-2030-6.ucode
-rw-r--r--. 1 root root 670484 мар  6 06:47 /lib/firmware/iwlwifi-3160-7.ucode
-rw-r--r--. 1 root root 667284 мар  6 06:47 /lib/firmware/iwlwifi-3160-8.ucode
-rw-r--r--. 1 root root 666792 мар  6 06:47 /lib/firmware/iwlwifi-3160-9.ucode
-rw-r--r--. 1 root root 150100 мар  6 06:47 /lib/firmware/iwlwifi-3945-2.ucode
-rw-r--r--. 1 root root 187972 мар  6 06:47 /lib/firmware/iwlwifi-4965-2.ucode
-rw-r--r--. 1 root root 345008 мар  6 06:47 /lib/firmware/iwlwifi-5000-1.ucode
-rw-r--r--. 1 root root 353240 мар  6 06:47 /lib/firmware/iwlwifi-5000-2.ucode
-rw-r--r--. 1 root root 340696 мар  6 06:47 /lib/firmware/iwlwifi-5000-5.ucode
-rw-r--r--. 1 root root 337400 мар  6 06:47 /lib/firmware/iwlwifi-5150-2.ucode
-rw-r--r--. 1 root root 454608 мар  6 06:47 /lib/firmware/iwlwifi-6000-4.ucode
-rw-r--r--. 1 root root 444128 мар  6 06:47 /lib/firmware/iwlwifi-6000g2a-5.ucode
-rw-r--r--. 1 root root 677296 мар  6 06:47 /lib/firmware/iwlwifi-6000g2a-6.ucode
-rw-r--r--. 1 root root 460236 мар  6 06:47 /lib/firmware/iwlwifi-6000g2b-5.ucode
-rw-r--r--. 1 root root 679436 мар  6 06:47 /lib/firmware/iwlwifi-6000g2b-6.ucode
-rw-r--r--. 1 root root 463692 мар  6 06:47 /lib/firmware/iwlwifi-6050-4.ucode
-rw-r--r--. 1 root root 469780 мар  6 06:47 /lib/firmware/iwlwifi-6050-5.ucode
-rw-r--r--. 1 root root 683236 мар  6 06:47 /lib/firmware/iwlwifi-7260-7.ucode
-rw-r--r--. 1 root root 679780 мар  6 06:47 /lib/firmware/iwlwifi-7260-8.ucode
-rw-r--r--. 1 root root 679380 мар  6 06:47 /lib/firmware/iwlwifi-7260-9.ucode

 , , ,

wmlex
()
16 комментариев

Не работает Squid в связке с Strongswan.

Форум — Admin

Здравствуйте! Помогите решить проблему. Есть VPN сервер под управлением CentOS 6. На нем уже подняты и работают службы squid, openvpn, pptp. Squid работает в режиме прозрачного прокси и пользователи подключившиеся к серверу ходят через него. Сейчас пытаюсь настроить ipsec (strongswan), но в процессе настройки возникла проблема. Если в iptables включен просто nat, без перенаправления 80 порта на squid, сайты по http и https открываются, а если я заворачиваю 80 порт то http не работает только https. Проблема как я предполагаю в squid, только найти ее самостоятельно у меня не получилось, поэтому прошу вашей помощи. 

Linux vpn 2.6.32-504.8.1.el6.i686 #1 SMP Wed Jan 28 18:25:26 UTC 2015 i686 i686 i386 GNU/Linux

Squid Cache: Version 3.4.10
configure options:  '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--with-large-files' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' 'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu' 'target_alias=i686-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -fPIC' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience

iptables 

-A PREROUTING -s 10.9.0.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127
-A POSTROUTING -s 10.9.0.0/24 -o eth0 -j SNAT --to-source xxx.xxx.xxx.xxx

-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m comment --comment "SSH" -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m comment --comment "HTTP" -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -m comment --comment "HTTPs" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -m comment --comment "OpenVPN" -j ACCEPT
-A INPUT -i ppp+ -p tcp -m tcp --dport 3128 -m comment --comment "Squid" -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 3128 -m comment --comment "Squid" -j ACCEPT
-A INPUT -i ipsec+ -p tcp -m tcp --dport 3128 -m comment --comment "Squid" -j ACCEPT
-A INPUT -i ppp+ -p tcp -m tcp --dport 3127 -m comment --comment "Squid-Transparent" -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 3127 -m comment --comment "Squid-Transparent" -j ACCEPT
-A INPUT -i ipsec+ -p tcp -m tcp --dport 3127 -m comment --comment "Squid-Transparent" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -m comment --comment "PPTP" -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -m comment --comment "OpenVPN" -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -m comment --comment "IPSec" -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -m comment --comment "IPSec" -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o ppp+ -j ACCEPT
-A FORWARD -i ppp+ -o tun0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
-A OUTPUT -p ah -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 500 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 1194 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 4500 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 32768:61000 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 32768:61000 -j ACCEPT

squid.conf 

#----------------------------------------------------------------
acl localnet src 10.9.0.0/24
acl office_hours        time            00:00-24:00
#----------------------------------------------------------------
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
#----------------------------------------------------------------
acl Safe_ports port 21          # ftp
acl Safe_ports port 25          # smtp
acl Safe_ports port 70          # gopher
acl Safe_ports port 80          # http
acl Safe_ports port 210         # wais
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 443         # https
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 631         # cups
acl Safe_ports port 777         # multiling http
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl Safe_ports port 1025-65535  # unregistered ports
acl purge method PURGE
acl CONNECT method CONNECT
#----------------------------------------------------------------
http_port 10.9.0.1:3127 intercept
http_port 10.9.0.1:3128
#----------------------------------------------------------------
always_direct allow all
#----------------------------------------------------------------
acl adblock url_regex "/etc/squid/adblock.acl"
acl adblock-android dstdomain "/etc/squid/adblock-android.conf"
#acl goodsites   dstdomain "/etc/squid/allowed-sites.conf"
#acl blockfiles  urlpath_regex "/etc/squid/blocks.files.acl"
#----------------------------------------------------------------
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localnet Safe_ports
#----------------------------------------------------------------
#http_access deny  pptp badsites
#http_access allow pptp goodsites
#http_access deny  pptp
http_access allow localnet CONNECT
http_access deny  localnet adblock
http_access deny  localnet adblock-android
http_access allow localnet office_hours
#----------------------------------------------------------------
http_access deny all
icp_access allow localnet
icp_access deny all
#----------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
#----------------------------------------------------------------
access_log stdio:/var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log stdio:/var/log/squid/store.log
pid_filename /var/run/squid.pid
debug_options ALL,1
#----------------------------------------------------------------
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Package(.gz)*)$        0       20%     2880
refresh_pattern .               0       20%     4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
acl apache rep_header Server ^Apache
#----------------------------------------------------------------
hosts_file /etc/hosts
coredump_dir /var/spool/squid
error_directory /usr/share/squid/errors/ru-ru
cache_dir ufs /var/spool/squid 100 16 256
shutdown_lifetime 5 seconds

ipsec.conf 

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections

conn %default
    dpdaction=clear
    dpddelay=35s
    dpdtimeout=200s

    fragmentation=yes

    # left - local (server) side
    left=%any
    leftauth=pubkey
    leftcert=vpn.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0

    # right - remote (client) side
    right=%any
    rightauth=pubkey
    rightsourceip=10.9.0.128/25
    rightdns=77.88.8.88,8.8.8.8

conn ikev2-pubkey
    keyexchange=ikev2
    auto=add

conn ikev1
    keyexchange=ikev1
    rightauth2=xauth
    auto=add

conn ikev2-eap-tls
    also="ikev2-pubkey"
    rightauth=eap-tls
    eap_identity=%identity

 , ,

wmlex
()
12 комментариев

RSS подписка на новые темы