Страница 1 из 2
Второй сервер доступа в другой сети
Добавлено: Пн май 13, 2013 8:35 pm
andre13161
Здравствуйте всем
вот столкнулся з задачей поднять второй нас который будет стоять совсем в другой сети и инет от другого провайдера.
Собствено сама схема сети и как я хочу организовать во вложении
Кажись всё настроил но авторизация непроходит, точнее проходит но сразу разрывает.
В билинге во вкладке ошибки видно что подключения пройшло и сразу отваливается с ошибкой 629
Кажись настроил как надо, но видно не судьба.
На первом сервере установленно FreeBSD 7.3-RELEASE с радиусом и мпд, тут и база, и билинг
На втором 8.3-RELEASE FreeBSD с темже мпд
Прошу меня ткнуть носом что нужно было прописать
NAS2
radius.conf
Код: Выделить всё
auth 78.154.xxx.xxx:1812 testing123
acct 78.154.xxx.xxx:1813 testing123
mpd.conf
(содрал с первого NASa полностю только переписал интерфейс на котором PPPoE, но показал что файл для подключения к радиусу есть)
NAS1
radius.conf
Код: Выделить всё
auth 127.0.0.1:1812 testing123
acct 127.0.0.1:1813 testing123
mpd.conf
Код: Выделить всё
startup:
set global enable tcp-wrapper
# configure the console
set console self 127.0.0.1 5000
set user nasuser qwerty admin
set console open
#WEB managment
#set web self 0.0.0.0 5006
#set web open
#Netflow options
#set netflow peer 127.0.0.1 9996
#set netflow self 127.0.0.1 9990
#set netflow timeouts 15 15
#set netflow hook 9000
#set netflow node netflow
log -echo -radius -rep
default:
load pppoe_server
pppoe_server:
create bundle template C
set iface idle 0
set iface enable tcpmssfix proxy-arp
set ipcp no vjcomp
set iface up-script "/usr/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/abills/libexec/linkupdown mpd down"
set ipcp ranges 78.154.ххх.ххх ippool pool1
set ipcp dns ххх.ххх.ххх.ххх ууу.ууу.ууу.ууу
create link template D pppoe
set link action bundle C
set link enable peer-as-calling
set link enable report-mac
set pppoe acname "Lan"
set pppoe iface bge1
set pppoe service "*"
load server_common
server_common:
set link no pap eap
set link yes chap-md5
set link keep-alive 30 120
set link enable incoming
set link no acfcomp protocomp
load radius
radius:
set radius server 127.0.0.1 mpd 1812 1813
set radius config /etc/radius.conf
set radius retries 3
set radius timeout 10
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
clients.conf
Код: Выделить всё
client 127.0.0.1 {
secret = testing123
shortname = localhost
}
client 95.133.ххх.ххх {
secret = testing123
shortname = billing.isp
}
Re: Второй сервер доступа в другой сети
Добавлено: Ср май 15, 2013 6:21 am
alexset
покажи лог мпд второго наса
Re: Второй сервер доступа в другой сети
Добавлено: Ср май 15, 2013 2:35 pm
andre13161
Вот собственно лог MPD от перезапуска до того как подключился пользыватель (точнее ошипка 629)
логин хомяка "serv"
Код: Выделить всё
May 15 18:14:03 billing mpd: caught fatal signal term
May 15 18:14:05 billing mpd: [C] Bundle: Shutdown
May 15 18:14:05 billing mpd: [D] Link: Shutdown
May 15 18:14:05 billing mpd: PPPoE: stop waiting for connection on em1:, service "*"
May 15 18:14:05 billing mpd: process 1203 terminated
May 15 18:14:05 billing mpd: Multi-link PPP daemon for FreeBSD
May 15 18:14:05 billing mpd:
May 15 18:14:05 billing mpd: process 1337 started, version 5.6 (root@billing.isp 18:42 13-May-2013)
May 15 18:14:05 billing mpd: CONSOLE: listening on 127.0.0.1 5000
May 15 18:14:05 billing mpd: PPPoE: waiting for connection on em1:, service "*"
May 15 18:14:06 billing mpd: Incoming PPPoE connection request via em1: for service "" from 00:1d:72:c5:ad:a8
May 15 18:14:06 billing mpd: [D-1] Accepting PPPoE connection
May 15 18:14:06 billing mpd: [D-1] Link: OPEN event
May 15 18:14:06 billing mpd: [D-1] LCP: Open event
May 15 18:14:06 billing mpd: [D-1] LCP: state change Initial --> Starting
May 15 18:14:06 billing mpd: [D-1] LCP: LayerStart
May 15 18:14:06 billing mpd: [D-1] PPPoE: connection successful
May 15 18:14:06 billing mpd: [D-1] Link: UP event
May 15 18:14:06 billing mpd: [D-1] LCP: Up event
May 15 18:14:06 billing mpd: [D-1] LCP: state change Starting --> Req-Sent
May 15 18:14:06 billing mpd: [D-1] LCP: SendConfigReq #1
May 15 18:14:06 billing mpd: [D-1] MRU 1492
May 15 18:14:06 billing mpd: [D-1] MAGICNUM 2cc937b6
May 15 18:14:06 billing mpd: [D-1] AUTHPROTO CHAP MD5
May 15 18:14:06 billing mpd: [D-1] LCP: rec'd Configure Request #0 (Req-Sent)
May 15 18:14:06 billing mpd: [D-1] MRU 1480
May 15 18:14:06 billing mpd: [D-1] MAGICNUM 7a9320d0
May 15 18:14:06 billing mpd: [D-1] PROTOCOMP
May 15 18:14:06 billing mpd: [D-1] ACFCOMP
May 15 18:14:06 billing mpd: [D-1] CALLBACK 6
May 15 18:14:06 billing mpd: [D-1] LCP: SendConfigRej #0
May 15 18:14:06 billing mpd: [D-1] PROTOCOMP
May 15 18:14:06 billing mpd: [D-1] ACFCOMP
May 15 18:14:06 billing mpd: [D-1] CALLBACK 6
May 15 18:14:06 billing mpd: [D-1] LCP: rec'd Configure Request #1 (Req-Sent)
May 15 18:14:06 billing mpd: [D-1] MRU 1480
May 15 18:14:06 billing mpd: [D-1] MAGICNUM 7a9320d0
May 15 18:14:06 billing mpd: [D-1] LCP: SendConfigAck #1
May 15 18:14:06 billing mpd: [D-1] MRU 1480
May 15 18:14:06 billing mpd: [D-1] MAGICNUM 7a9320d0
May 15 18:14:06 billing mpd: [D-1] LCP: state change Req-Sent --> Ack-Sent
May 15 18:14:08 billing mpd: [D-1] LCP: SendConfigReq #2
May 15 18:14:08 billing mpd: [D-1] MRU 1492
May 15 18:14:08 billing mpd: [D-1] MAGICNUM 2cc937b6
May 15 18:14:08 billing mpd: [D-1] AUTHPROTO CHAP MD5
May 15 18:14:08 billing mpd: [D-1] LCP: rec'd Configure Ack #2 (Ack-Sent)
May 15 18:14:08 billing mpd: [D-1] MRU 1492
May 15 18:14:08 billing mpd: [D-1] MAGICNUM 2cc937b6
May 15 18:14:08 billing mpd: [D-1] AUTHPROTO CHAP MD5
May 15 18:14:08 billing mpd: [D-1] LCP: state change Ack-Sent --> Opened
May 15 18:14:08 billing mpd: [D-1] LCP: auth: peer wants nothing, I want CHAP
May 15 18:14:08 billing mpd: [D-1] CHAP: sending CHALLENGE #1 len: 33
May 15 18:14:08 billing mpd: [D-1] LCP: LayerUp
May 15 18:14:08 billing mpd: [D-1] LCP: rec'd Ident #2 (Opened)
May 15 18:14:08 billing mpd: [D-1] MESG: MSRASV5.20
May 15 18:14:08 billing mpd: [D-1] LCP: rec'd Ident #3 (Opened)
May 15 18:14:08 billing mpd: [D-1] MESG: MSRAS-0-NGS_NOTEBOOK
May 15 18:14:08 billing mpd: [D-1] LCP: rec'd Ident #4 (Opened)
May 15 18:14:08 billing mpd: [D-1] MESG: фm$сM-^FBЕE═Т=M-^]^AM- 3^P
May 15 18:14:08 billing mpd: [D-1] CHAP: rec'd RESPONSE #1 len: 25
May 15 18:14:08 billing mpd: [D-1] Name: "serv"
May 15 18:14:08 billing mpd: [D-1] AUTH: Trying RADIUS
May 15 18:14:08 billing mpd: [D-1] AUTH: RADIUS returned: authenticated
May 15 18:14:08 billing mpd: [D-1] CHAP: Auth return status: authenticated
May 15 18:14:08 billing mpd: [D-1] CHAP: Reply message: Welcome
May 15 18:14:08 billing mpd: [D-1] CHAP: sending SUCCESS #1 len: 11
May 15 18:14:08 billing mpd: [D-1] LCP: authorization successful
May 15 18:14:08 billing mpd: [D-1] Link: Matched action 'bundle "C" ""'
May 15 18:14:08 billing mpd: [D-1] Creating new bundle using template "C".
May 15 18:14:08 billing mpd: [C-1] Bundle: Interface ng0 created
May 15 18:14:08 billing mpd: [D-1] Link: Join bundle "C-1"
May 15 18:14:08 billing mpd: [C-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
May 15 18:14:08 billing mpd: [C-1] IPCP: Open event
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Initial --> Starting
May 15 18:14:08 billing mpd: [C-1] IPCP: LayerStart
May 15 18:14:08 billing mpd: [C-1] IPCP: Up event
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Starting --> Req-Sent
May 15 18:14:08 billing mpd: [C-1] IPCP: SendConfigReq #1
May 15 18:14:08 billing mpd: [C-1] IPADDR 192.168.1.1
May 15 18:14:08 billing mpd: [D-1] rec'd unexpected protocol IPV6CP, rejecting
May 15 18:14:08 billing mpd: [C-1] IPCP: rec'd Configure Request #6 (Req-Sent)
May 15 18:14:08 billing mpd: [C-1] IPADDR 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] PRIDNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 80.93.112.3
May 15 18:14:08 billing mpd: [C-1] PRINBNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] SECDNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 80.93.112.2
May 15 18:14:08 billing mpd: [C-1] SECNBNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] IPCP: SendConfigRej #6
May 15 18:14:08 billing mpd: [C-1] PRINBNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] SECNBNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
May 15 18:14:08 billing mpd: [C-1] IPADDR 192.168.1.1
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Req-Sent --> Ack-Rcvd
May 15 18:14:08 billing mpd: [C-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
May 15 18:14:08 billing mpd: [C-1] IPADDR 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] PRIDNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 80.93.112.3
May 15 18:14:08 billing mpd: [C-1] SECDNS 0.0.0.0
May 15 18:14:08 billing mpd: [C-1] NAKing with 80.93.112.2
May 15 18:14:08 billing mpd: [C-1] IPCP: SendConfigNak #7
May 15 18:14:08 billing mpd: [C-1] IPADDR 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] PRIDNS 80.93.112.3
May 15 18:14:08 billing mpd: [C-1] SECDNS 80.93.112.2
May 15 18:14:08 billing mpd: [C-1] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
May 15 18:14:08 billing mpd: [C-1] IPADDR 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] 172.20.1.150 is OK
May 15 18:14:08 billing mpd: [C-1] PRIDNS 80.93.112.3
May 15 18:14:08 billing mpd: [C-1] SECDNS 80.93.112.2
May 15 18:14:08 billing mpd: [C-1] IPCP: SendConfigAck #8
May 15 18:14:08 billing mpd: [C-1] IPADDR 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] PRIDNS 80.93.112.3
May 15 18:14:08 billing mpd: [C-1] SECDNS 80.93.112.2
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Ack-Rcvd --> Opened
May 15 18:14:08 billing mpd: [C-1] IPCP: LayerUp
May 15 18:14:08 billing mpd: [C-1] 192.168.1.1 -> 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] IFACE: No interface to proxy arp on for 172.20.1.150
May 15 18:14:08 billing mpd: [C-1] system: command "/usr/abills/libexec/linkupdown mpd up ng0 inet 192.168.1.1/32 172.20.1.150 'ser
May 15 18:14:08 billing mpd: [C-1] IPCP: parameter negotiation failed
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Opened --> Stopping
May 15 18:14:08 billing mpd: [C-1] IPCP: SendTerminateReq #2
May 15 18:14:08 billing mpd: [C-1] IPCP: LayerDown
May 15 18:14:08 billing mpd: [C-1] system: command "/usr/abills/libexec/linkupdown mpd down ng0 inet 192.168.1.1/32 172.20.1.150 's
May 15 18:14:08 billing mpd: [C-1] IPCP: rec'd Terminate Ack #2 (Stopping)
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Stopping --> Stopped
May 15 18:14:08 billing mpd: [C-1] IPCP: LayerFinish
May 15 18:14:08 billing mpd: [C-1] Bundle: No NCPs left. Closing links...
May 15 18:14:08 billing mpd: [C-1] Bundle: closing link "D-1"...
May 15 18:14:08 billing mpd: [D-1] Link: CLOSE event
May 15 18:14:08 billing mpd: [D-1] LCP: Close event
May 15 18:14:08 billing mpd: [D-1] LCP: state change Opened --> Closing
May 15 18:14:08 billing mpd: [D-1] Link: Leave bundle "C-1"
May 15 18:14:08 billing mpd: [C-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
May 15 18:14:08 billing mpd: [C-1] IPCP: Close event
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Stopped --> Closed
May 15 18:14:08 billing mpd: [C-1] IPCP: Down event
May 15 18:14:08 billing mpd: [C-1] IPCP: state change Closed --> Initial
May 15 18:14:08 billing mpd: [C-1] Bundle: Shutdown
May 15 18:14:08 billing mpd: [D-1] LCP: SendTerminateReq #3
May 15 18:14:08 billing mpd: [D-1] LCP: LayerDown
May 15 18:14:08 billing mpd: [D-1] PPPoE: connection closed
May 15 18:14:08 billing mpd: [D-1] Link: DOWN event
May 15 18:14:08 billing mpd: [D-1] LCP: Down event
May 15 18:14:08 billing mpd: [D-1] LCP: LayerFinish
May 15 18:14:08 billing mpd: [D-1] LCP: state change Closing --> Initial
May 15 18:14:08 billing mpd: [D-1] Link: SHUTDOWN event
May 15 18:14:08 billing mpd: [D-1] Link: Shutdown
Re: Второй сервер доступа в другой сети
Добавлено: Чт май 16, 2013 6:03 am
alexset
May 15 18:14:08 billing mpd: [C-1] system: command "/usr/abills/libexec/linkupdown mpd up ng0 inet 192.168.1.1/32 172.20.1.150 'ser
May 15 18:14:08 billing mpd: [C-1] IPCP: parameter negotiation failed
проблема с выполнением скрипта... проверь по этому ли пути у тебя лежит linkupdown и проверь его права (ну и на вcяк случай "chmod +x /usr/abills/libexec/linkupdown")
Re: Второй сервер доступа в другой сети
Добавлено: Чт май 16, 2013 8:01 am
andre13161
непомогло, файл на месте
Код: Выделить всё
billing# ls -l
total 194
drwxr-xr-x 2 root wheel 512 May 13 21:06 CVS
-rw-r--r-- 1 root wheel 82874 May 13 21:06 billd
drwxr-xr-x 3 root wheel 512 May 13 21:06 billd.plugins
-rw-r--r-- 1 root wheel 4987 May 13 21:06 config.pl
-rw-r--r-- 1 root wheel 4667 May 13 21:06 config.pl.default
-rw-r--r-- 1 root wheel 1840 May 13 21:06 dhcp_log2db.pl
-rwxr-xr-x 1 root wheel 28090 May 16 10:32 linkupdown
-rw-r--r-- 1 root wheel 23390 May 13 21:06 periodic
-rw-r--r-- 1 root wheel 12369 May 13 21:06 racct.pl
-rw-r--r-- 1 root wheel 11486 May 13 21:06 radtest.sh
-rw-r--r-- 1 root wheel 10959 May 13 21:06 rauth.pl
-rw-r--r-- 1 root wheel 3747 May 13 21:06 rlm_perl.pl
лог мпд
Код: Выделить всё
May 16 10:55:34 billing mpd: Incoming PPPoE connection request via em1: for service "" from 00:c0:9f:66:64:73
May 16 10:55:34 billing mpd: [D-1] Accepting PPPoE connection
May 16 10:55:34 billing mpd: [D-1] Link: OPEN event
May 16 10:55:34 billing mpd: [D-1] LCP: Open event
May 16 10:55:34 billing mpd: [D-1] LCP: state change Initial --> Starting
May 16 10:55:34 billing mpd: [D-1] LCP: LayerStart
May 16 10:55:34 billing mpd: [D-1] PPPoE: connection successful
May 16 10:55:34 billing mpd: [D-1] Link: UP event
May 16 10:55:34 billing mpd: [D-1] LCP: Up event
May 16 10:55:34 billing mpd: [D-1] LCP: state change Starting --> Req-Sent
May 16 10:55:34 billing mpd: [D-1] LCP: SendConfigReq #1
May 16 10:55:34 billing mpd: [D-1] MRU 1492
May 16 10:55:34 billing mpd: [D-1] MAGICNUM 28706afd
May 16 10:55:34 billing mpd: [D-1] AUTHPROTO CHAP MD5
May 16 10:55:34 billing mpd: [D-1] LCP: rec'd Configure Request #0 (Req-Sent)
May 16 10:55:34 billing mpd: [D-1] MRU 1480
May 16 10:55:34 billing mpd: [D-1] MAGICNUM 7b0236cd
May 16 10:55:34 billing mpd: [D-1] CALLBACK 6
May 16 10:55:34 billing mpd: [D-1] LCP: SendConfigRej #0
May 16 10:55:34 billing mpd: [D-1] CALLBACK 6
May 16 10:55:34 billing mpd: [D-1] LCP: rec'd Configure Ack #1 (Req-Sent)
May 16 10:55:34 billing mpd: [D-1] MRU 1492
May 16 10:55:34 billing mpd: [D-1] MAGICNUM 28706afd
May 16 10:55:34 billing mpd: [D-1] AUTHPROTO CHAP MD5
May 16 10:55:34 billing mpd: [D-1] LCP: state change Req-Sent --> Ack-Rcvd
May 16 10:55:34 billing mpd: [D-1] LCP: rec'd Configure Request #1 (Ack-Rcvd)
May 16 10:55:34 billing mpd: [D-1] MRU 1480
May 16 10:55:34 billing mpd: [D-1] MAGICNUM 7b0236cd
May 16 10:55:34 billing mpd: [D-1] LCP: SendConfigAck #1
May 16 10:55:34 billing mpd: [D-1] MRU 1480
May 16 10:55:34 billing mpd: [D-1] MAGICNUM 7b0236cd
May 16 10:55:34 billing mpd: [D-1] LCP: state change Ack-Rcvd --> Opened
May 16 10:55:34 billing mpd: [D-1] LCP: auth: peer wants nothing, I want CHAP
May 16 10:55:34 billing mpd: [D-1] CHAP: sending CHALLENGE #1 len: 28
May 16 10:55:34 billing mpd: [D-1] LCP: LayerUp
May 16 10:55:34 billing mpd: [D-1] LCP: rec'd Ident #2 (Opened)
May 16 10:55:34 billing mpd: [D-1] MESG: MSRASV5.10
May 16 10:55:34 billing mpd: [D-1] LCP: rec'd Ident #3 (Opened)
May 16 10:55:34 billing mpd: [D-1] MESG: MSRAS-0-INTEGRAL-E3DEF7
May 16 10:55:34 billing mpd: [D-1] CHAP: rec'd RESPONSE #1 len: 25
May 16 10:55:34 billing mpd: [D-1] Name: "serv"
May 16 10:55:34 billing mpd: [D-1] AUTH: Trying RADIUS
May 16 10:55:35 billing mpd: [D-1] AUTH: RADIUS returned: authenticated
May 16 10:55:35 billing mpd: [D-1] CHAP: Auth return status: authenticated
May 16 10:55:35 billing mpd: [D-1] CHAP: Reply message: Welcome
May 16 10:55:35 billing mpd: [D-1] CHAP: sending SUCCESS #1 len: 11
May 16 10:55:35 billing mpd: [D-1] LCP: authorization successful
May 16 10:55:35 billing mpd: [D-1] Link: Matched action 'bundle "C" ""'
May 16 10:55:35 billing mpd: [D-1] Creating new bundle using template "C".
May 16 10:55:35 billing mpd: [C-1] Bundle: Interface ng0 created
May 16 10:55:35 billing mpd: [D-1] Link: Join bundle "C-1"
May 16 10:55:35 billing mpd: [C-1] Bundle: Status update: up 1 link, total bandwidth 64000 bps
May 16 10:55:35 billing mpd: [C-1] IPCP: Open event
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Initial --> Starting
May 16 10:55:35 billing mpd: [C-1] IPCP: LayerStart
May 16 10:55:35 billing mpd: [C-1] IPCP: Up event
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Starting --> Req-Sent
May 16 10:55:35 billing mpd: [C-1] IPCP: SendConfigReq #1
May 16 10:55:35 billing mpd: [C-1] IPADDR 192.168.1.1
May 16 10:55:35 billing mpd: [D-1] rec'd unexpected protocol CCP, rejecting
May 16 10:55:35 billing mpd: [C-1] IPCP: rec'd Configure Request #5 (Req-Sent)
May 16 10:55:35 billing mpd: [C-1] IPADDR 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] PRIDNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 80.93.112.3
May 16 10:55:35 billing mpd: [C-1] PRINBNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] SECDNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 80.93.112.2
May 16 10:55:35 billing mpd: [C-1] SECNBNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] IPCP: SendConfigRej #5
May 16 10:55:35 billing mpd: [C-1] PRINBNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] SECNBNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] IPCP: rec'd Configure Ack #1 (Req-Sent)
May 16 10:55:35 billing mpd: [C-1] IPADDR 192.168.1.1
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Req-Sent --> Ack-Rcvd
May 16 10:55:35 billing mpd: [C-1] IPCP: rec'd Configure Request #6 (Ack-Rcvd)
May 16 10:55:35 billing mpd: [C-1] IPADDR 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] PRIDNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 80.93.112.3
May 16 10:55:35 billing mpd: [C-1] SECDNS 0.0.0.0
May 16 10:55:35 billing mpd: [C-1] NAKing with 80.93.112.2
May 16 10:55:35 billing mpd: [C-1] IPCP: SendConfigNak #6
May 16 10:55:35 billing mpd: [C-1] IPADDR 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] PRIDNS 80.93.112.3
May 16 10:55:35 billing mpd: [C-1] SECDNS 80.93.112.2
May 16 10:55:35 billing mpd: [C-1] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
May 16 10:55:35 billing mpd: [C-1] IPADDR 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] 172.20.1.71 is OK
May 16 10:55:35 billing mpd: [C-1] PRIDNS 80.93.112.3
May 16 10:55:35 billing mpd: [C-1] SECDNS 80.93.112.2
May 16 10:55:35 billing mpd: [C-1] IPCP: SendConfigAck #7
May 16 10:55:35 billing mpd: [C-1] IPADDR 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] PRIDNS 80.93.112.3
May 16 10:55:35 billing mpd: [C-1] SECDNS 80.93.112.2
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Ack-Rcvd --> Opened
May 16 10:55:35 billing mpd: [C-1] IPCP: LayerUp
May 16 10:55:35 billing mpd: [C-1] 192.168.1.1 -> 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] IFACE: No interface to proxy arp on for 172.20.1.71
May 16 10:55:35 billing mpd: [C-1] system: command "/usr/abills/libexec/linkupdown mpd up ng0 inet 192.168.1.1/32 172.20.1.71 'serv' '' '' '00:c0:9f:66:64:73'" returned 32512
May 16 10:55:35 billing mpd: [C-1] IPCP: parameter negotiation failed
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Opened --> Stopping
May 16 10:55:35 billing mpd: [C-1] IPCP: SendTerminateReq #2
May 16 10:55:35 billing mpd: [C-1] IPCP: LayerDown
May 16 10:55:35 billing mpd: [C-1] system: command "/usr/abills/libexec/linkupdown mpd down ng0 inet 192.168.1.1/32 172.20.1.71 'serv' '00:c0:9f:66:64:73'" returned 32512
May 16 10:55:35 billing mpd: [D-1] rec'd unexpected protocol IP
May 16 10:55:35 billing mpd: [C-1] IPCP: rec'd Terminate Ack #2 (Stopping)
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Stopping --> Stopped
May 16 10:55:35 billing mpd: [C-1] IPCP: LayerFinish
May 16 10:55:35 billing mpd: [C-1] Bundle: No NCPs left. Closing links...
May 16 10:55:35 billing mpd: [C-1] Bundle: closing link "D-1"...
May 16 10:55:35 billing mpd: [D-1] Link: CLOSE event
May 16 10:55:35 billing mpd: [D-1] LCP: Close event
May 16 10:55:35 billing mpd: [D-1] LCP: state change Opened --> Closing
May 16 10:55:35 billing mpd: [D-1] Link: Leave bundle "C-1"
May 16 10:55:35 billing mpd: [C-1] Bundle: Status update: up 0 links, total bandwidth 9600 bps
May 16 10:55:35 billing mpd: [C-1] IPCP: Close event
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Stopped --> Closed
May 16 10:55:35 billing mpd: [C-1] IPCP: Down event
May 16 10:55:35 billing mpd: [C-1] IPCP: state change Closed --> Initial
May 16 10:55:35 billing mpd: [C-1] Bundle: Shutdown
May 16 10:55:35 billing mpd: [D-1] LCP: SendTerminateReq #2
May 16 10:55:35 billing mpd: [D-1] LCP: LayerDown
May 16 10:55:35 billing mpd: [D-1] rec'd proto IP during terminate phase
May 16 10:55:35 billing mpd: [D-1] PPPoE: connection closed
May 16 10:55:35 billing mpd: [D-1] Link: DOWN event
May 16 10:55:35 billing mpd: [D-1] LCP: Down event
May 16 10:55:35 billing mpd: [D-1] LCP: LayerFinish
May 16 10:55:35 billing mpd: [D-1] LCP: state change Closing --> Initial
May 16 10:55:35 billing mpd: [D-1] Link: SHUTDOWN event
May 16 10:55:35 billing mpd: [D-1] Link: Shutdown
в тоже время /var/log/radacct/92.112.231.120/detail-20130516
Код: Выделить всё
Thu May 16 10:55:45 2013
<------>NAS-Identifier = "billing.isp"
<------>Acct-Session-Id = "8690934-D-1"
<------>NAS-Port = 1
<------>NAS-Port-Type = Ethernet
<------>Service-Type = Framed-User
<------>Framed-Protocol = PPP
<------>Calling-Station-Id = "00:c0:9f:66:64:73 / 00:c0:9f:66:64:73 / em1"
<------>NAS-Port-Id = "em1"
<------>mpd-link = "D-1"
<------>mpd-Attr-19 = 0x4d5352415356352e3130204d535241532d302d494e54454752414c2d453344454637
<------>Tunnel-Medium-Type:0 = IEEE-802
<------>Tunnel-Client-Endpoint:0 = "00:c0:9f:66:64:73"
<------>Framed-IP-Address = 172.20.1.71
<------>Framed-IP-Netmask = 255.255.255.255
<------>User-Name = "serv"
<------>Acct-Multi-Session-Id = "8690935-C-1"
<------>mpd-bundle = "C-1"
<------>mpd-iface = "ng0"
<------>mpd-iface-index = 10
<------>mpd-Attr-19 = 0x4d5352415356352e3130204d535241532d302d494e54454752414c2d453344454637
<------>Acct-Link-Count = 1
<------>Acct-Authentic = RADIUS
<------>Acct-Status-Type = Stop
<------>Acct-Terminate-Cause = Service-Unavailable
<------>Acct-Session-Time = 1
<------>Acct-Input-Octets = 156
<------>Acct-Input-Packets = 7
<------>Acct-Input-Gigawords = 0
<------>Acct-Output-Octets = 114
<------>Acct-Output-Packets = 6
<------>Acct-Output-Gigawords = 0
<------>NAS-IP-Address = 92.112.231.120
<------>Client-IP-Address = 92.112.231.120
<------>Acct-Unique-Session-Id = "3aba5dcb31f5cb3d"
<------>Timestamp = 1368690945
Re: Второй сервер доступа в другой сети
Добавлено: Чт май 16, 2013 10:37 am
alexset
если я правильно понял то клиенту при подключении выдался ip 192.168.1.1/32... а в сети случаем нет еще кого нить с таким же ip???
Re: Второй сервер доступа в другой сети
Добавлено: Чт май 16, 2013 10:42 am
andre13161
192.168.1.1 - это шлюз
а клиенту с диапазона 172.20
Re: Второй сервер доступа в другой сети
Добавлено: Чт май 16, 2013 11:57 am
alexset
ой точно)))... с виду по конфигам вроде все правильно... только вот смущает в mpd set radius server 127.0.0.1 mpd 1812 1813
когда вродь по всем правилам должно быть set radius server 78.154.xxx.xxx mpd 1812 1813
+ можно и без radius.conf обойтись... т.е. прописав так
radius:
set radius server 78.154.xxx.xxx testing123 1812 1813
#set radius config /etc/radius.conf
set radius retries 3
set radius timeout 10
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
Re: Второй сервер доступа в другой сети
Добавлено: Пт май 17, 2013 7:50 am
andre13161
сделал по рекомендацыи предыдущей но увы, ефект тот самы.
Сначала авторизация проходит, но сразу отрубает. И потом уже 629
Re: Второй сервер доступа в другой сети
Добавлено: Вс июл 14, 2013 9:31 am
ttys
"UP"
у меня такая же проблема
ктонить разобрался в чём же дело?
Re: Второй сервер доступа в другой сети
Добавлено: Вс июл 14, 2013 2:46 pm
~AsmodeuS~
смотрите логи мпд чтоіб о пишет на атворизацию
Re: Второй сервер доступа в другой сети
Добавлено: Вс июл 14, 2013 3:27 pm
ttys
Код: Выделить всё
Jul 14 15:46:49 mpd1 mpd: [F-1] system: command "/usr/local/abills/libexec/linkupdown mpd up ng0 inet XX.XXX.XXX.X/32 172.9.12.124 'vpn2030' '' '' '00:1d:09:d1:a3:5d'" returned 65280
Jul 14 15:48:49 mpd1 mpd: [F-1] IPCP: parameter negotiation failed
Jul 14 15:48:49 mpd1 mpd: [F-1] IPCP: SendTerminateReq #2
Jul 14 15:48:49 mpd1 mpd: [F-1] system: command "/usr/local/abills/libexec/linkupdown mpd down ng0 inet XX.XXX.XXX.X/32 172.9.15.187 'vpn2030' '00:1d:09:d1:a3:5d'" returned 65280
Jul 14 15:48:51 mpd1 mpd: [F-1] IPCP: SendTerminateReq #3
Jul 14 15:48:53 mpd1 mpd: [vlan1001-2] RADIUS: Accounting user 'vpn2030' (Type: 2)
Jul 14 15:48:53 mpd1 mpd: [vlan1001-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'vpn2030'
после того как закоментил скрипты
Код: Выделить всё
set iface up-script "/usr/local/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/local/abills/libexec/linkupdown mpd down"
начало всё работать., и юзвери в биллинге и количество трафика
но шейпер не пашет
Код: Выделить всё
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: rec'd Configure Request #5 (Req-Sent)
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] NAKing with 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] PRIDNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] NAKing with 8.8.8.8
Jul 14 18:17:56 mpd1 mpd: [F-3] PRINBNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] SECDNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] SECNBNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: SendConfigRej #5
Jul 14 18:17:56 mpd1 mpd: [F-3] PRINBNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] SECDNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] SECNBNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: rec'd Configure Ack #1 (Req-Sent)
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR XX.XXX.XXX.X
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: rec'd Configure Request #7 (Ack-Rcvd)
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] NAKing with 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] PRIDNS 0.0.0.0
Jul 14 18:17:56 mpd1 mpd: [F-3] NAKing with 8.8.8.8
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: SendConfigNak #7
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] PRIDNS 8.8.8.8
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: rec'd Configure Request #8 (Ack-Rcvd)
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] 172.20.4.212 is OK
Jul 14 18:17:56 mpd1 mpd: [F-3] PRIDNS 8.8.8.8
Jul 14 18:17:56 mpd1 mpd: [F-3] IPCP: SendConfigAck #8
Jul 14 18:17:56 mpd1 mpd: [F-3] IPADDR 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] PRIDNS 8.8.8.8
Jul 14 18:17:56 mpd1 mpd: [F-3] XX.XXX.XXX.X -> 172.20.4.212
Jul 14 18:17:56 mpd1 mpd: [F-3] IFACE: Up event
Jul 14 18:20:49 mpd1 mpd: [vlan1001-3] RADIUS: Accounting user 'vpn2047' (Type: 2)
Jul 14 18:20:49 mpd1 mpd: [F-1] IPCP: SendTerminateReq #2
Jul 14 18:20:49 mpd1 mpd: [F-1] IFACE: Down event
Jul 14 18:20:49 mpd1 mpd: [vlan1001-3] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'vpn2047'
Jul 14 18:22:58 mpd1 mpd: [vlan1001-2] RADIUS: Accounting user 'vpn2080' (Type: 2)
Jul 14 18:22:58 mpd1 mpd: [F-2] IPCP: SendTerminateReq #2
Jul 14 18:22:58 mpd1 mpd: [F-2] IFACE: Down event
Jul 14 18:22:58 mpd1 mpd: [vlan1001-2] RADIUS: Rec'd RAD_ACCOUNTING_RESPONSE for user 'vpn2080'
ЗЫ изначально сделал дамп сервера и решил разнести их по разным тачкам
что бы был на одной биллинг а второй был только сервер доступа
Re: Второй сервер доступа в другой сети
Добавлено: Пн июл 15, 2013 7:17 am
~AsmodeuS~
запустите сконсоли
/usr/local/abills/libexec/linkupdown mpd down ng0 inet XX.XXX.XXX.X/32 172.9.15.187 'vpn2030' '00:1d:09:d1:a3:5d'
скорее всего нет доступа к базе
Re: Второй сервер доступа в другой сети
Добавлено: Пн июл 15, 2013 11:11 am
ttys
со скриптом решено!
да доступа не давало
Код: Выделить всё
/usr/local/abills/libexec/linkupdown mpd down ng150 inet XX.XXX.XXX.X/32 172.9.15.187 'vpn2030' '00:1d:09:d1:a3:5d'
DBI connect('database=abills;host=192.168.55.100','abills',...) failed: Access denied for user 'abills'@'192.168.55.9' to database 'abills' at /usr/local/abills/libexec/../Abills/mysql/main.pm line 70
Content-Type: text/html
Error: Unable connect to DB server '192.168.55.100:abills'
Can't call method "prepare" on an undefined value at /usr/local/abills/libexec/../Abills/mysql/main.pm line 153.
но из консольки доступ был
Код: Выделить всё
mysql -u abills -h 192.168.55.100 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8604
Server version: 5.5.31 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> Bye
Код: Выделить всё
grep dbhost /usr/local/abills/libexec/config.pl
$conf{dbhost}='192.168.55.100';
на сервере с базой не правильно создал юзверя для базы имеющего удалённый вход
переделал и начало создавать интерфейсы
Re: Второй сервер доступа в другой сети
Добавлено: Пн июл 15, 2013 1:39 pm
ttys
только вроде как нормализовалось как вылезла ещё одна проблема
не шейпит исходящий трафик при таком
RADIUS Parameters (,)
Код: Выделить всё
mpd-limit+=in#1=all rate-limit 15728640 2949120 5898240,
mpd-limit+=out#1=all rate-limit 15728640 2949120 5898240
для тарифного плана шейпит только входящий 15Мбит исходящий 50
как ставлю
кавычки так получается вообще
вх-50 исх-100
локальный сервер
Код: Выделить всё
radtest test pass 127.0.0.1:1812 0 qwerty 0 127.0.0.1
Sending Access-Request of id 237 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "pass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=237, length=149
Acct-Interim-Interval = 60
Session-Timeout = 1410347
Framed-IP-Address = 172.20.6.191
Framed-IP-Netmask = 255.255.255.255
mpd-limit = "in#1=all rate-limit 15728640 2949120 5898240"
mpd-limit = "out#1=all rate-limit 15728640 2949120 5898240"
удалённый сервер
Код: Выделить всё
radtest test pass 192.168.55.100:1812 11 qwerty 0 192.168.55.9
Sending Access-Request of id 183 to 192.168.55.100 port 1812
User-Name = "test"
User-Password = "pass"
NAS-IP-Address = 192.168.55.9
NAS-Port = 11
Message-Authenticator = 0x00000000000000000000000000000000
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 192.168.55.100 port 1812, id=183, length=149
Acct-Interim-Interval = 60
Session-Timeout = 1409747
Framed-IP-Address = 172.20.4.173
Framed-IP-Netmask = 255.255.255.255
Vendor-12341-Attr-7 = 0x696e23313d616c6c20726174652d6c696d697420313537323836343020323934393132302035383938323430
Vendor-12341-Attr-7 = 0x6f757423313d616c6c20726174652d6c696d697420313537323836343020323934393132302035383938323430