Jump to content
DennoN

Обход блокировок с использованием bird4

Recommended Posts

Важное дополнение - если на роутере включены ПРИОРИТЕТЫ ПОДКЛЮЧЕНИЙ и настроена ПРИВЯЗКА УСТРОЙСТВ К ПРОФИЛЯМ, то устройство, с которого производится проверка, должно находиться в ОСНОВНОМ ПРОФИЛЕ. Убил на это кучу времени, пока понял. Возможно, что если поиграть настройками дополнительных профилей, то заработает и с ними, но я не стал экспериментировать.

Share this post


Link to post
Share on other sites

Вероятно мой сервер попал в список "заблокированных", как ранее писали ложные срабатывания возможны за счёт того, что список формируется не по 1 IP в строке, а как бы масками.

Перезагружаю роутер с выключенным VPN. Подключаюсь по SSH к своему VPN-серверу, всё ок, В "Другие подключения" включаю VPN. После этого больше не могу подключиться по SSH к своему серверу.

Добавил в белый список IP и домен своего сервера. Не помогает.

Spoiler
Фев 21 01:50:47
 
ndm
Network::Interface::Base: "L2TP0": interface is up.
Фев 21 01:50:47
 
ndm
IpSec::Manager: service enabled.
Фев 21 01:50:47
 
ndm
Core::ConfigurationSaver: saving configuration...
Фев 21 01:50:47
 
ndm
Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting.
Фев 21 01:50:47
 
ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".
Фев 21 01:50:47
 
ndm
Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).
Фев 21 01:50:47
 
ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".
Фев 21 01:50:47
 
ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).
Фев 21 01:50:47
 
ndm
Network::Interface::L2tp: "L2TP0": using port 41271 as local.
Фев 21 01:50:47
 
ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Фев 21 01:50:47
 
ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Фев 21 01:50:47
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 01:50:47
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 01:50:49
 
ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Фев 21 01:50:49
 
ndm
IpSec::Manager: add config for crypto map "VPNL2TPServer".
Фев 21 01:50:49
 
ndm
IpSec::Manager: add config for crypto map "L2TP0".
Фев 21 01:50:49
 
ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Фев 21 01:50:49
 
ndm
IpSec::Configurator: start applying IPsec configuration.
Фев 21 01:50:49
 
ndm
IpSec::Configurator: IPsec configuration applying is done.
Фев 21 01:50:49
 
ndm
IpSec::Configurator: start reloading IKE keys task.
Фев 21 01:50:49
 
ipsec
11[CFG] rereading secrets
Фев 21 01:50:49
 
ipsec
11[CFG] loading secrets
Фев 21 01:50:49
 
ipsec
11[CFG] loaded IKE secret for %any
Фев 21 01:50:49
 
ipsec
11[CFG] loaded IKE secret for cmap:L2TP0
Фев 21 01:50:49
 
ipsec
11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Фев 21 01:50:49
 
ndm
IpSec::Configurator: reloading IKE keys task done.
Фев 21 01:50:49
 
ndm
IpSec::Configurator: start reloading IPsec config task.
Фев 21 01:50:49
 
ipsec
14[CFG] received stroke: delete connection 'VPNL2TPServer'
Фев 21 01:50:49
 
ipsec
14[CFG] deleted connection 'VPNL2TPServer'
Фев 21 01:50:49
 
ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Фев 21 01:50:49
 
ipsec
08[CFG] received stroke: add connection 'VPNL2TPServer'
Фев 21 01:50:49
 
ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Фев 21 01:50:49
 
ipsec
00[CFG] loaded 1 RADIUS server configuration
Фев 21 01:50:49
 
ipsec
08[CFG] added configuration 'VPNL2TPServer'
Фев 21 01:50:49
 
ipsec
16[CFG] received stroke: add connection 'L2TP0'
Фев 21 01:50:49
 
ipsec
16[CFG] added configuration 'L2TP0'
Фев 21 01:50:49
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 01:50:49
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 01:50:49
 
ndm
IpSec::Configurator: reloading IPsec config task done.
Фев 21 01:50:49
 
ipsec
06[CFG] received stroke: initiate 'L2TP0'
Фев 21 01:50:49
 
ipsec
10[IKE] sending DPD vendor ID
Фев 21 01:50:49
 
ipsec
10[IKE] sending FRAGMENTATION vendor ID
Фев 21 01:50:49
 
ndm
IpSec::Configurator: "L2TP0": crypto map initialized.
Фев 21 01:50:49
 
ipsec
10[IKE] sending NAT-T (RFC 3947) vendor ID
Фев 21 01:50:49
 
ipsec
10[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Фев 21 01:50:49
 
ipsec
10[IKE] initiating Main Mode IKE_SA L2TP0[1] to 95.182.123.183
Фев 21 01:50:50
 
ipsec
13[IKE] received NAT-T (RFC 3947) vendor ID
Фев 21 01:50:50
 
ipsec
13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Фев 21 01:50:50
 
ipsec
13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Фев 21 01:50:50
 
ipsec
13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Фев 21 01:50:50
 
ipsec
13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Фев 21 01:50:50
 
ipsec
13[IKE] received DPD vendor ID
Фев 21 01:50:50
 
ipsec
13[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Фев 21 01:50:50
 
ipsec
13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
Фев 21 01:50:50
 
ipsec
13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Фев 21 01:50:50
 
ipsec
15[IKE] found linked key for crypto map 'L2TP0'
Фев 21 01:50:50
 
ipsec
15[IKE] local host is behind NAT, sending keep alives
Фев 21 01:50:50
 
ipsec
07[IKE] IKE_SA L2TP0[1] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]
Фев 21 01:50:50
 
ipsec
07[IKE] scheduling reauthentication in 28780s
Фев 21 01:50:50
 
ipsec
07[IKE] maximum IKE_SA lifetime 28800s
Фев 21 01:50:50
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.
Фев 21 01:50:50
 
ipsec
09[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ
Фев 21 01:50:50
 
ipsec
09[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ
Фев 21 01:50:50
 
ipsec
09[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ
Фев 21 01:50:50
 
ipsec
09[IKE] CHILD_SA L2TP0{1} established with SPIs cee91684_i a5716a43_o and TS 95.31.196.5/32[udp/41271] === 95.182.123.183/32[udp/l2tp]
Фев 21 01:50:50
 
ndm
IpSec::Configurator: crypto map "L2TP0" is up.
Фев 21 01:50:50
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.
Фев 21 01:50:50
 
ndm
Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.
Фев 21 01:50:50
 
ndm
Network::Interface::Ppp: "L2TP0": enabled connection via any interface.
Фев 21 01:50:50
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 01:50:50
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 01:50:51
 
ndm
Core::ConfigurationSaver: configuration saved.
Фев 21 01:50:51
 
ipsec
11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Фев 21 01:50:51
 
ipsec
11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Фев 21 01:50:51
 
ipsec
11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Фев 21 01:50:51
 
ipsec
11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Фев 21 01:50:52
 
l2tp[1371]
Plugin pppol2tp.so loaded.
Фев 21 01:50:52
 
l2tp[1371]
pppd 2.4.4-4 started by root, uid 0
Фев 21 01:50:52
 
ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).
Фев 21 01:50:52
 
pppd_L2TP0
l2tp_control v2.02
Фев 21 01:50:52
 
pppd_L2TP0
remote host: 95.182.123.183:1701
Фев 21 01:50:52
 
pppd_L2TP0
local bind: 95.31.196.5:41271
Фев 21 01:50:53
 
pppd_L2TP0
creating in-kernel L2TP tunnel (R/L 1/57658)
Фев 21 01:50:53
 
pppd_L2TP0
creating in-kernel L2TP session (R/L 1/30906)
Фев 21 01:50:53
 
pppd_L2TP0
L2TP tunnel/session created
Фев 21 01:50:53
 
pppd_L2TP0
PPP channel connected
Фев 21 01:50:53
 
pppd_L2TP0
using channel 1
Фев 21 01:50:53
 
pppd_L2TP0
Using interface ppp0
Фев 21 01:50:53
 
pppd_L2TP0
Connect: ppp0 <--> l2tp[0]
Фев 21 01:50:53
 
pppd_L2TP0
PAP authentication succeeded
Фев 21 01:50:53
 
pppd_L2TP0
local IP address 192.168.30.10
Фев 21 01:50:53
 
pppd_L2TP0
remote IP address 1.0.0.1
Фев 21 01:50:53
 
pppd_L2TP0
primary DNS address 192.168.30.1
Фев 21 01:50:53
 
ipsec
10[KNL] unable to receive from RT event socket No buffer space available (132)
Фев 21 01:50:53
 
ndm
Network::Interface::Base: "L2TP0": interface is up.
Фев 21 01:50:53
 
ndm
Network::Interface::Base: "L2TP0": interface is up.
Фев 21 01:50:53
 
ndm
Network::Interface::Ppp: "L2TP0": interface "L2TP0" is global, priority 65502.
Фев 21 01:50:53
 
ndm
Network::Interface::Ppp: "L2TP0": adding default route via L2TP0.
Фев 21 01:50:53
 
ndm
Network::Interface::Ppp: "L2TP0": adding nameserver 192.168.30.1.
Фев 21 01:50:53
 
ndm
Dns::Manager: name server 192.168.30.1 added, domain (default).
Фев 21 01:50:53
 
ndm
Network::Interface::Ip: "L2TP0": IP address is 192.168.30.10/32.
Фев 21 01:50:54
 
coalagent
updating configuration...
Фев 21 01:50:54
 
ndm
Http::Nginx: loaded SSL certificate for "3fff06087455fb639118b3ac.keenetic.io".
Фев 21 01:50:54
 
ndm
Http::Nginx: loaded SSL certificate for "dsolo.keenetic.name".
Фев 21 01:50:54
 
ndm
Core::Server: started Session /var/run/ndm.core.socket.
Фев 21 01:50:55
 
ipsec
14[KNL] unable to receive from RT event socket No buffer space available (132)
Фев 21 01:50:55
 
ndm
Core::Session: client disconnected.
Фев 21 01:50:55
 
ndm
Http::Manager: updated configuration.
Фев 21 01:50:55
 
ndm
Core::Server: started Session /var/run/ndm.core.socket.
Фев 21 01:50:55
 
ndm
Core::Session: client disconnected.
Фев 21 01:50:56
 
ipsec
12[KNL] unable to receive from RT event socket No buffer space available (132)
Фев 21 01:50:57
 
ipsec
15[KNL] unable to receive from RT event socket No buffer space available (132)
Фев 21 01:50:57
 
bird4
Kernel dropped some netlink messages, will resync on next scan.

 

Инструкция по переводу в ручной режим не работает, если закомментировать строку, как написано на github, то затем просто не запускается скрипт.

Spoiler

~ # /opt/etc/cron.daily/add-bird4_routes.sh
curl: no URL specified!
curl: try 'curl --help' for more information

На данный момент считаю что система с BGP вообще не состоятельна, просматриваю статистику в админке кинетика, через VPN огромное количество трафика идёт, хотя по факту надо фильтровать 3-5 сайтов, на которые я хожу раз в пару дней. Также не раз сталкиваюсь со сбоями, что непосредственно сайты мне говорят, что во время работы у вас сменился IP, а должен оставаться постоянным.

Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP.

Share this post


Link to post
Share on other sites

В файле add-bird4_routes.sh закомментировал ещё строку "curl -sf $URL0 | sed 's/^/route /' | sed  's/$/ via "'$VPN'";/' >> $ROUTE"б, теперь скрипт запускается. Но всё равно после первого подключения к VPN всё ломается.
Перестаёт подключаться к VPN. Я даже не могу объяснить это. Переключаю ползунок рядом с VPN в "Другие подключения", всё ок, написано "Готов". Потом спустя время вижу "Ошибка подключения" и в журнале циклично пытается подключиться. Привожу копипаст одного цикла.
 

Spoiler
Фев 21 02:18:34
 
ndm
Core::Syslog: the system log has been cleared.
Фев 21 02:18:35
 
bndstrg
band steering: send BTM request to 32:a3:28:83:e8:e4 for roam to 2.4GHz band (Low RSSI: -78)
Фев 21 02:18:35
 
bndstrg
band steering: WNM client 32:a3:28:83:e8:e4 rejected 2.4GHz band (code: 6)
Фев 21 02:18:38
 
pppd_L2TP0
control init failed
Фев 21 02:18:38
 
pppd_L2TP0
Couldn't get channel number: Bad file descriptor
Фев 21 02:18:38
 
pppd_L2TP0
Exit.
Фев 21 02:18:38
 
ndm
Service: "L2TP0": unexpectedly stopped.
Фев 21 02:18:38
 
ndm
Network::Interface::Base: "L2TP0": interface is up.
Фев 21 02:18:38
 
ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Фев 21 02:18:38
 
ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Фев 21 02:18:38
 
ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".
Фев 21 02:18:38
 
ndm
Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).
Фев 21 02:18:38
 
ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".
Фев 21 02:18:38
 
ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).
Фев 21 02:18:38
 
ndm
Network::Interface::L2tp: "L2TP0": using port 41286 as local.
Фев 21 02:18:38
 
ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Фев 21 02:18:38
 
ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Фев 21 02:18:40
 
ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Фев 21 02:18:40
 
ndm
IpSec::Manager: add config for crypto map "VPNL2TPServer".
Фев 21 02:18:40
 
ndm
IpSec::Manager: add config for crypto map "L2TP0".
Фев 21 02:18:40
 
ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Фев 21 02:18:41
 
ndm
IpSec::Configurator: start applying IPsec configuration.
Фев 21 02:18:41
 
ndm
IpSec::Configurator: IPsec configuration applying is done.
Фев 21 02:18:41
 
ndm
IpSec::Configurator: start reloading IKE keys task.
Фев 21 02:18:41
 
ndm
Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer.
Фев 21 02:18:41
 
ndm
Network::Interface::Ppp: "L2TP0": disabled connection.
Фев 21 02:18:41
 
ipsec
03[CFG] rereading secrets
Фев 21 02:18:41
 
ipsec
03[CFG] loading secrets
Фев 21 02:18:41
 
ipsec
03[CFG] loaded IKE secret for %any
Фев 21 02:18:41
 
ipsec
03[CFG] loaded IKE secret for cmap:L2TP0
Фев 21 02:18:41
 
ipsec
03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Фев 21 02:18:41
 
ndm
IpSec::Configurator: reloading IKE keys task done.
Фев 21 02:18:41
 
ndm
Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".
Фев 21 02:18:41
 
ndm
Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).
Фев 21 02:18:41
 
ndm
Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".
Фев 21 02:18:41
 
ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).
Фев 21 02:18:41
 
ndm
Network::Interface::L2tp: "L2TP0": using port 41216 as local.
Фев 21 02:18:41
 
ndm
Network::Interface::L2tp: "L2TP0": updating IP secure configuration.
Фев 21 02:18:41
 
ndm
IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.
Фев 21 02:18:41
 
ndm
IpSec::Manager: "L2TP0": IP secure connection was added.
Фев 21 02:18:41
 
ndm
IpSec::Configurator: start reloading IPsec config task.
Фев 21 02:18:41
 
ipsec
13[CFG] received stroke: delete connection 'VPNL2TPServer'
Фев 21 02:18:41
 
ipsec
13[CFG] deleted connection 'VPNL2TPServer'
Фев 21 02:18:41
 
ipsec
05[CFG] received stroke: delete connection 'L2TP0'
Фев 21 02:18:41
 
ipsec
05[CFG] deleted connection 'L2TP0'
Фев 21 02:18:41
 
ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Фев 21 02:18:41
 
ipsec
06[CFG] received stroke: add connection 'VPNL2TPServer'
Фев 21 02:18:41
 
ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Фев 21 02:18:41
 
ipsec
06[CFG] added configuration 'VPNL2TPServer'
Фев 21 02:18:41
 
ipsec
11[CFG] received stroke: add connection 'L2TP0'
Фев 21 02:18:41
 
ipsec
00[CFG] loaded 1 RADIUS server configuration
Фев 21 02:18:41
 
ipsec
11[CFG] added configuration 'L2TP0'
Фев 21 02:18:41
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 02:18:41
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 02:18:41
 
ndm
IpSec::Configurator: reloading IPsec config task done.
Фев 21 02:18:43
 
ndm
IpSec::Configurator: "L2TP0": crypto map shutdown started.
Фев 21 02:18:43
 
ipsec
12[CFG] received stroke: unroute 'L2TP0'
Фев 21 02:18:43
 
ipsec
03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Фев 21 02:18:43
 
ipsec
03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Фев 21 02:18:43
 
ipsec
03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Фев 21 02:18:43
 
ipsec
03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Фев 21 02:18:43
 
ndm
IpSec::Manager: create IPsec reconfiguration transaction...
Фев 21 02:18:43
 
ipsec
13[CFG] received stroke: terminate 'L2TP0{*}'
Фев 21 02:18:43
 
ipsec
16[IKE] closing CHILD_SA L2TP0{2} with SPIs c21801e1_i (0 bytes) 5af2ad6f_o (435 bytes) and TS 95.31.196.5/32[udp/41289] === 95.182.123.183/32[udp/l2tp]
Фев 21 02:18:43
 
ipsec
07[CFG] received stroke: terminate 'L2TP0[*]'
Фев 21 02:18:43
 
ndm
IpSec::Configurator: "L2TP0": crypto map shutdown complete.
Фев 21 02:18:43
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.
Фев 21 02:18:43
 
ndm
IpSec::Manager: add config for crypto map "VPNL2TPServer".
Фев 21 02:18:43
 
ndm
IpSec::Manager: add config for crypto map "L2TP0".
Фев 21 02:18:43
 
ndm
IpSec::Manager: IPsec reconfiguration transaction was created.
Фев 21 02:18:43
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.
Фев 21 02:18:43
 
ndm
IpSec::Configurator: start applying IPsec configuration.
Фев 21 02:18:43
 
ndm
IpSec::Configurator: IPsec configuration applying is done.
Фев 21 02:18:43
 
ndm
IpSec::Configurator: start reloading IKE keys task.
Фев 21 02:18:43
 
ipsec
08[CFG] rereading secrets
Фев 21 02:18:43
 
ipsec
08[CFG] loading secrets
Фев 21 02:18:43
 
ipsec
08[CFG] loaded IKE secret for %any
Фев 21 02:18:43
 
ipsec
08[CFG] loaded IKE secret for cmap:L2TP0
Фев 21 02:18:43
 
ipsec
08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'
Фев 21 02:18:43
 
ndm
IpSec::Configurator: reloading IKE keys task done.
Фев 21 02:18:43
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.
Фев 21 02:18:43
 
ipsec
16[IKE] sending DELETE for ESP CHILD_SA with SPI c21801e1
Фев 21 02:18:43
 
ipsec
11[IKE] deleting IKE_SA L2TP0[2] between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]
Фев 21 02:18:43
 
ipsec
11[IKE] sending DELETE for IKE_SA L2TP0[2]
Фев 21 02:18:43
 
ndm
IpSec::Configurator: start reloading IPsec config task.
Фев 21 02:18:43
 
ipsec
12[CFG] received stroke: delete connection 'VPNL2TPServer'
Фев 21 02:18:43
 
ipsec
12[CFG] deleted connection 'VPNL2TPServer'
Фев 21 02:18:43
 
ipsec
10[CFG] received stroke: delete connection 'L2TP0'
Фев 21 02:18:43
 
ipsec
10[CFG] deleted connection 'L2TP0'
Фев 21 02:18:43
 
ipsec
00[DMN] signal of type SIGHUP received. Reloading configuration
Фев 21 02:18:43
 
ipsec
13[CFG] received stroke: add connection 'VPNL2TPServer'
Фев 21 02:18:43
 
ipsec
00[CFG] loaded 0 entries for attr plugin configuration
Фев 21 02:18:43
 
ipsec
00[CFG] loaded 1 RADIUS server configuration
Фев 21 02:18:43
 
ipsec
13[CFG] added configuration 'VPNL2TPServer'
Фев 21 02:18:43
 
ipsec
03[CFG] received stroke: add connection 'L2TP0'
Фев 21 02:18:43
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 02:18:43
 
ipsec
03[CFG] added configuration 'L2TP0'
Фев 21 02:18:43
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 02:18:43
 
ndm
IpSec::Configurator: reloading IPsec config task done.
Фев 21 02:18:43
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.
Фев 21 02:18:45
 
ndm
IpSec::Configurator: "L2TP0": crypto map shutdown started.
Фев 21 02:18:45
 
ipsec
08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'
Фев 21 02:18:45
 
ipsec
08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'
Фев 21 02:18:45
 
ipsec
08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'
Фев 21 02:18:45
 
ipsec
08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'
Фев 21 02:18:45
 
ipsec
16[CFG] received stroke: unroute 'L2TP0'
Фев 21 02:18:45
 
ipsec
14[CFG] received stroke: terminate 'L2TP0{*}'
Фев 21 02:18:45
 
ipsec
14[CFG] no CHILD_SA named 'L2TP0' found
Фев 21 02:18:45
 
ipsec
07[CFG] received stroke: terminate 'L2TP0[*]'
Фев 21 02:18:45
 
ipsec
07[CFG] no IKE_SA named 'L2TP0' found
Фев 21 02:18:45
 
ndm
IpSec::Configurator: "L2TP0": crypto map shutdown complete.
Фев 21 02:18:46
 
ipsec
10[CFG] received stroke: initiate 'L2TP0'
Фев 21 02:18:46
 
ipsec
05[IKE] sending DPD vendor ID
Фев 21 02:18:46
 
ndm
IpSec::Configurator: "L2TP0": crypto map initialized.
Фев 21 02:18:46
 
ipsec
05[IKE] sending FRAGMENTATION vendor ID
Фев 21 02:18:46
 
ipsec
05[IKE] sending NAT-T (RFC 3947) vendor ID
Фев 21 02:18:46
 
ipsec
05[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Фев 21 02:18:46
 
ipsec
05[IKE] initiating Main Mode IKE_SA L2TP0[3] to 95.182.123.183
Фев 21 02:18:46
 
ipsec
06[IKE] received NAT-T (RFC 3947) vendor ID
Фев 21 02:18:46
 
ipsec
06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Фев 21 02:18:46
 
ipsec
06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Фев 21 02:18:46
 
ipsec
06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Фев 21 02:18:46
 
ipsec
06[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Фев 21 02:18:46
 
ipsec
06[IKE] received DPD vendor ID
Фев 21 02:18:46
 
ipsec
06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Фев 21 02:18:46
 
ipsec
06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
Фев 21 02:18:46
 
ipsec
06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Фев 21 02:18:46
 
ipsec
13[IKE] found linked key for crypto map 'L2TP0'
Фев 21 02:18:46
 
ipsec
13[IKE] local host is behind NAT, sending keep alives
Фев 21 02:18:46
 
ipsec
16[IKE] IKE_SA L2TP0[3] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]
Фев 21 02:18:46
 
ipsec
16[IKE] scheduling reauthentication in 28770s
Фев 21 02:18:46
 
ipsec
16[IKE] maximum IKE_SA lifetime 28790s
Фев 21 02:18:47
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.
Фев 21 02:18:47
 
ipsec
08[IKE] no matching CHILD_SA config found for 95.182.123.183/32[udp/l2tp] === 95.31.196.5/32[udp/41289]
Фев 21 02:18:47
 
ipsec
03[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ
Фев 21 02:18:47
 
ipsec
03[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ
Фев 21 02:18:47
 
ipsec
03[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ
Фев 21 02:18:47
 
ipsec
03[IKE] CHILD_SA L2TP0{3} established with SPIs cac9ac1a_i 0bddf96a_o and TS 95.31.196.5/32[udp/41216] === 95.182.123.183/32[udp/l2tp]
Фев 21 02:18:47
 
ndm
IpSec::Configurator: crypto map "L2TP0" is up.
Фев 21 02:18:47
 
ndm
IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.
Фев 21 02:18:47
 
ndm
Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.
Фев 21 02:18:47
 
ndm
Network::Interface::Ppp: "L2TP0": enabled connection via any interface.
Фев 21 02:18:47
 
ndm
IpSec::IpSecNetfilter: start reloading netfilter configuration...
Фев 21 02:18:47
 
ndm
IpSec::IpSecNetfilter: netfilter configuration reloading is done.
Фев 21 02:18:48
 
ipsec
09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit
Фев 21 02:18:49
 
l2tp[2031]
Plugin pppol2tp.so loaded.
Фев 21 02:18:49
 
l2tp[2031]
pppd 2.4.4-4 started by root, uid 0
Фев 21 02:18:49
 
ndm
Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).
Фев 21 02:18:49
 
pppd_L2TP0
l2tp_control v2.02
Фев 21 02:18:49
 
pppd_L2TP0
remote host: 95.182.123.183:1701
Фев 21 02:18:49
 
pppd_L2TP0
local bind: 95.31.196.5:41216
Фев 21 02:18:50
 
ipsec
09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit
Фев 21 02:18:51
 
pppd_L2TP0
l2tp: timeout of sccrp, retry sccrq, try: 1
Фев 21 02:18:52
 
ipsec
07[IKE] received retransmit of request with ID 2474906703, but no response to retransmit
Фев 21 02:18:53
 
pppd_L2TP0
l2tp: timeout of sccrp, retry sccrq, try: 2
Фев 21 02:18:55
 
pppd_L2TP0
l2tp: timeout of sccrp, retry sccrq, try: 3
Фев 21 02:18:57
 
pppd_L2TP0
l2tp: timeout of sccrp, retry sccrq, try: 4
Фев 21 02:18:57
 
ipsec
14[IKE] received DELETE for ESP CHILD_SA with SPI b9da6b32
Фев 21 02:18:57
 
ipsec
14[IKE] CHILD_SA not found, ignored
Фев 21 02:18:59
 
pppd_L2TP0
l2tp: timeout of sccrp, retry sccrq, try: 5
Фев 21 02:18:59
 
pppd_L2TP0
l2tp: sccrq failed, fatal
Фев 21 02:18:59
 
pppd_L2TP0
l2tp: shutting down control connection
Фев 21 02:19:01
 
pppd_L2TP0
l2tp: shutdown completed

 

Edited by dsolo

Share this post


Link to post
Share on other sites

@dsolo

https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/cron.daily/add-bird4_routes.sh
вот в этом файле закоментируй пятую и пятнадцатую строку вот так:

Скрытый текст

#!/bin/sh

ISP=eth3
VPN=ppp0
#URL0=https://antifilter.download/list/allyouneed.lst - вот в эту строку в начале поставить #

ROUTE=/opt/etc/bird4-routes.list
VPNTXT=/opt/etc/bird4-vpn.txt
ISPTXT=/opt/etc/bird4-isp.txt

[ -f "$ROUTE" ] && cat /dev/null > $ROUTE

/opt/root/addip.sh $VPNTXT $VPN $ROUTE
/opt/root/addip.sh $ISPTXT $ISP $ROUTE
#curl -sf $URL0 | sed 's/^/route /' | sed  's/$/ via "'$VPN'";/' >> $ROUTE - вот тут тоже можно закрмментировать

killall -s SIGHUP bird4

 

все остальные файлы верни в изначальное состояние.

Так же надо заполнить файл

https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/bird4-vpn.txt

списком адресов или доменов, которые тебе надо пустить через впн.

После этого запускай скрипт

/opt/etc/cron.daily/add-bird4_routes.sh

Edited by DennoN

Share this post


Link to post
Share on other sites

On 2/21/2021 at 2:04 AM, dsolo said:

Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP.

Удалить все скрипты, настроить VPN, в админке кинетика "Сетевые правила/Маршрутизация" добавить вручную нужные маршруты по типу:

35.184.0.0/13
 
vpn-интерфейс
Да
Google LLC (Spotify)
208.85.40.0/21
 
vpn-интерфейс
Да
www.pandora.com

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...