MPD 4.2
-
- Site Admin
- Сообщения: 5746
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
У меня так и настроено.~AsmodeuS~ писал(а):http://abills.net.ua/wiki/doku.php?id=a ... ap_mppe:ru
Но клиент нормально подключается с шифрованием. Причём шифрование включается даже если клиент этого не требует.
А вот это -
mpd: [pptp1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
постоянно сыплется в лог MPD.
Сброс пользователя через веб заработал после смены прав доступа на /usr/abills/var/log/abills.log (спасибо vxb).
-
- Site Admin
- Сообщения: 5746
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
в ядро
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_MPPC_COMPRESSION
http://mavhome.dp.ua/MPPC/
Для компрессии:
Download archive and put it's content to the /usr/src/sys/net.
Change directory to the /usr/src/sys/modules/netgraph/mppc
In Makefile change line
NETGRAPH_MPPC_COMPRESSION?= 0
to
NETGRAPH_MPPC_COMPRESSION?= 1
Make
make && make install && make clean
Stop all ng_mppc consumers and unload previous module with
kldunload ng_mppc
command.
архив:
http://mavhome.dp.ua/MPPC/mppc-1.0.tgz
У меня также, вот полный лог:А вот это -
mpd: [pptp1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
постоянно сыплется в лог MPD.
Код: Выделить всё
su# mpd4
Multi-link PPP daemon for FreeBSD
process 18243 started, version 4.4 (root@su.uss.ru 11:26 28-Feb-2008)
CONSOLE: listening on 127.0.0.1 5005
[pptp0] using interface ng0
PPTP: waiting for connection on 192.168.1.3
[pptp1] using interface ng1
PPTP: waiting for connection on 192.168.1.3
PPTP: Incoming control connection from 192.168.1.101 48776 to 192.168.1.3 1723
pptp0: attached to connection with 192.168.1.101 48776
[pptp0] Accepting PPTP connection
[pptp0] opening link "pptp0"...
[pptp0] link: OPEN event
[pptp0] LCP: Open event
[pptp0] LCP: state change Initial --> Starting
[pptp0] LCP: LayerStart
[pptp0] PPTP: attaching to peer's outgoing call
[pptp0] link: UP event
[pptp0] link: origination is remote
[pptp0] LCP: Up event
[pptp0] LCP: state change Starting --> Req-Sent
[pptp0] LCP: SendConfigReq #1
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 5259d438
AUTHPROTO CHAP MSOFTv2
MP MRRU 1600
MP SHORTSEQ
ENDPOINTDISC [802.1] 00 90 27 1a e0 a0
[pptp0] LCP: rec'd Configure Request #1 (Req-Sent)
MRU 1492
ACCMAP 0x00000000
MAGICNUM 87cdb8cd
PROTOCOMP
ACFCOMP
[pptp0] LCP: SendConfigAck #1
MRU 1492
ACCMAP 0x00000000
MAGICNUM 87cdb8cd
PROTOCOMP
ACFCOMP
[pptp0] LCP: state change Req-Sent --> Ack-Sent
[pptp0] LCP: rec'd Configure Reject #1 (Ack-Sent)
MP MRRU 1600
MP SHORTSEQ
[pptp0] LCP: SendConfigReq #2
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 5259d438
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: rec'd Configure Ack #2 (Ack-Sent)
ACFCOMP
PROTOCOMP
MRU 1500
MAGICNUM 5259d438
AUTHPROTO CHAP MSOFTv2
[pptp0] LCP: state change Ack-Sent --> Opened
[pptp0] LCP: auth: peer wants nothing, I want CHAP
[pptp0] CHAP: sending CHALLENGE len:17
[pptp0] LCP: LayerUp
[pptp0] CHAP: rec'd RESPONSE #1
Name: "manson"
[pptp0] AUTH: Auth-Thread started
[pptp0] AUTH: Trying RADIUS
[pptp0] RADIUS: RadiusAuthenticate for: manson
[pptp0] RADIUS: rec'd RAD_ACCESS_ACCEPT for user manson
[pptp0] AUTH: RADIUS returned authenticated
[pptp0] AUTH: Auth-Thread finished normally
[pptp0] CHAP: ChapInputFinish: status authenticated
Reply message: S=55C0266C4751F5625297C23D74B79F42624551F9
[pptp0] CHAP: sending SUCCESS len:42
[pptp0] LCP: authorization successful
[pptp0] Bundle up: 1 link, total bandwidth 64000 bps
[pptp0] IPCP: Open event
[pptp0] IPCP: state change Initial --> Starting
[pptp0] IPCP: LayerStart
[pptp0] CCP: Open event
[pptp0] CCP: state change Initial --> Starting
[pptp0] CCP: LayerStart
[pptp0] IPCP: Up event
[pptp0] IPCP: state change Starting --> Req-Sent
[pptp0] IPCP: SendConfigReq #1
IPADDR 192.168.254.1
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp0] CCP: Up event
[pptp0] CCP: state change Starting --> Req-Sent
[pptp0] CCP: SendConfigReq #1
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[pptp0] AUTH: Accounting-Thread started
[pptp0] RADIUS: RadiusAccount for: manson (Type: 1)
[pptp0] CCP: rec'd Configure Request #1 (Req-Sent)
MPPC
0x01000060:MPPE(40, 128 bits), stateless
[pptp0] CCP: SendConfigNak #1
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] IPCP: rec'd Terminate Ack #1 (Req-Sent)
[pptp0] CCP: rec'd Configure Nak #1 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] CCP: SendConfigReq #2
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] CCP: rec'd Configure Request #2 (Req-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] CCP: SendConfigAck #2
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] CCP: state change Req-Sent --> Ack-Sent
[pptp0] CCP: rec'd Configure Ack #2 (Ack-Sent)
MPPC
0x01000040:MPPE(128 bits), stateless
[pptp0] CCP: state change Ack-Sent --> Opened
[pptp0] CCP: LayerUp
[pptp0] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user manson
[pptp0] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
Compress using: mppc (MPPE(128 bits), stateless)
Decompress using: mppc (MPPE(128 bits), stateless)
[pptp0] IPCP: rec'd Configure Request #1 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
IPADDR 0.0.0.0
NAKing with 192.168.254.55
PRIDNS 0.0.0.0
NAKing with 192.168.1.2
SECDNS 0.0.0.0
[pptp0] IPCP: SendConfigRej #1
SECDNS 0.0.0.0
[pptp0] IPCP: rec'd Configure Request #2 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
IPADDR 0.0.0.0
NAKing with 192.168.254.55
PRIDNS 0.0.0.0
NAKing with 192.168.1.2
[pptp0] IPCP: SendConfigNak #2
IPADDR 192.168.254.55
PRIDNS 192.168.1.2
[pptp0] IPCP: rec'd Configure Request #3 (Req-Sent)
COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
IPADDR 192.168.254.55
192.168.254.55 is OK
PRIDNS 192.168.1.2
[pptp0] IPCP: SendConfigAck #3
COMPPROTO VJCOMP, 16 comp. channels, allow comp-cid
IPADDR 192.168.254.55
PRIDNS 192.168.1.2
[pptp0] IPCP: state change Req-Sent --> Ack-Sent
[pptp0] AUTH: Accounting-Thread finished normally
[pptp0] IPCP: SendConfigReq #2
IPADDR 192.168.254.1
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp0] IPCP: rec'd Configure Ack #2 (Ack-Sent)
IPADDR 192.168.254.1
COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[pptp0] IPCP: state change Ack-Sent --> Opened
[pptp0] IPCP: LayerUp
192.168.254.1 -> 192.168.254.55
[pptp0] IFACE: Up event
[pptp0] no interface to proxy arp on for 192.168.254.55
[pptp0] AUTH: Sending Accounting Update
[pptp0] AUTH: Accounting-Thread started
[pptp0] RADIUS: RadiusAccount for: manson (Type: 3)
[pptp0] RADIUS: rec'd RAD_ACCOUNTING_RESPONSE for user manson
[pptp0] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
[pptp0] AUTH: Accounting-Thread finished normally
Код: Выделить всё
startup:
# enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
set global enable tcp-wrapper
# configure the console
set console port 5005
set console ip 127.0.0.1
set console user admin secretpass
set console open
#Netflow options
set netflow export 127.0.0.1 9996
set netflow source 127.0.0.1 9990
#set netflow timeouts inactive active
#set netflow node nodename
#Radius Config
radius:
set radius config /etc/radius.conf
set radius retries 3
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 300
set auth enable radius-auth
set auth enable radius-acct
set bundle enable compression
set ccp yes mppc
set ccp enable mppe-policy
set radius enable message-authentic
default:
load pptp0
load pptp1
pptp0:
new -n -i ng0 pptp0 pptp0
load pptp
pptp1:
new -i ng1 pptp1 pptp1
load pptp
#Incoming PPTP link config
pptp:
# new -i ng0 pptp pptp
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set bundle enable multilink
# use RADIUS servers
load radius
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp ranges 192.168.254.1/24 192.168.254.254/24
set ipcp dns 192.168.1.2
#set ipcp nbns 192.168.1.4
#
# The five lines below enable Microsoft Point-to-Point encryption (MPPE) using
# the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set pptp self 192.168.1.3
set pptp enable incoming
set pptp disable originate
default:
load l2tp0
load l2tp1
l2tp0:
new -i ng0 l2tp0 l2tp0
load l2tp_server
l2tp1:
new -i ng1 l2tp1 l2tp1
load l2tp_server
l2tp_server:
set bundle disable multilink
set bundle enable compression
set bundle yes crypt-reqd
set ipcp yes vjcomp
# set ipcp ranges 131.188.69.161/32 131.188.69.170/28
set ipcp dns 192.168.1.2
set ccp yes mppc
set iface disable on-demand
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 180
load radius
set iface up-script "/usr/abills/libexec/linkupdown mpd up"
set iface down-script "/usr/abills/libexec/linkupdown mpd down"
set l2tp self 192.168.1.3
set l2tp enable incoming
set l2tp disable originate