Обход блокировок с использованием bird4

[Mr.Scayger 5]

Важное дополнение - если на роутере включены ПРИОРИТЕТЫ ПОДКЛЮЧЕНИЙ и настроена ПРИВЯЗКА УСТРОЙСТВ К ПРОФИЛЯМ, то устройство, с которого производится проверка, должно находиться в ОСНОВНОМ ПРОФИЛЕ. Убил на это кучу времени, пока понял. Возможно, что если поиграть настройками дополнительных профилей, то заработает и с ними, но я не стал экспериментировать.

[dsolo 0]

Вероятно мой сервер попал в список "заблокированных", как ранее писали ложные срабатывания возможны за счёт того, что список формируется не по 1 IP в строке, а как бы масками.

Перезагружаю роутер с выключенным VPN. Подключаюсь по SSH к своему VPN-серверу, всё ок, В "Другие подключения" включаю VPN. После этого больше не могу подключиться по SSH к своему серверу.

Добавил в белый список IP и домен своего сервера. Не помогает.

Spoiler

Фев 21 01:50:47

 

ndm

Network::Interface::Base: "L2TP0": interface is up.

Фев 21 01:50:47

 

ndm

IpSec::Manager: service enabled.

Фев 21 01:50:47

 

ndm

Core::ConfigurationSaver: saving configuration...

Фев 21 01:50:47

 

ndm

Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting.

Фев 21 01:50:47

 

ndm

Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".

Фев 21 01:50:47

 

ndm

Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).

Фев 21 01:50:47

 

ndm

Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".

Фев 21 01:50:47

 

ndm

Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).

Фев 21 01:50:47

 

ndm

Network::Interface::L2tp: "L2TP0": using port 41271 as local.

Фев 21 01:50:47

 

ndm

Network::Interface::L2tp: "L2TP0": updating IP secure configuration.

Фев 21 01:50:47

 

ndm

IpSec::Manager: "L2TP0": IP secure connection was added.

Фев 21 01:50:47

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 01:50:47

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 01:50:49

 

ndm

IpSec::Manager: create IPsec reconfiguration transaction...

Фев 21 01:50:49

 

ndm

IpSec::Manager: add config for crypto map "VPNL2TPServer".

Фев 21 01:50:49

 

ndm

IpSec::Manager: add config for crypto map "L2TP0".

Фев 21 01:50:49

 

ndm

IpSec::Manager: IPsec reconfiguration transaction was created.

Фев 21 01:50:49

 

ndm

IpSec::Configurator: start applying IPsec configuration.

Фев 21 01:50:49

 

ndm

IpSec::Configurator: IPsec configuration applying is done.

Фев 21 01:50:49

 

ndm

IpSec::Configurator: start reloading IKE keys task.

Фев 21 01:50:49

 

ipsec

11[CFG] rereading secrets

Фев 21 01:50:49

 

ipsec

11[CFG] loading secrets

Фев 21 01:50:49

 

ipsec

11[CFG] loaded IKE secret for %any

Фев 21 01:50:49

 

ipsec

11[CFG] loaded IKE secret for cmap:L2TP0

Фев 21 01:50:49

 

ipsec

11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'

Фев 21 01:50:49

 

ndm

IpSec::Configurator: reloading IKE keys task done.

Фев 21 01:50:49

 

ndm

IpSec::Configurator: start reloading IPsec config task.

Фев 21 01:50:49

 

ipsec

14[CFG] received stroke: delete connection 'VPNL2TPServer'

Фев 21 01:50:49

 

ipsec

14[CFG] deleted connection 'VPNL2TPServer'

Фев 21 01:50:49

 

ipsec

00[DMN] signal of type SIGHUP received. Reloading configuration

Фев 21 01:50:49

 

ipsec

08[CFG] received stroke: add connection 'VPNL2TPServer'

Фев 21 01:50:49

 

ipsec

00[CFG] loaded 0 entries for attr plugin configuration

Фев 21 01:50:49

 

ipsec

00[CFG] loaded 1 RADIUS server configuration

Фев 21 01:50:49

 

ipsec

08[CFG] added configuration 'VPNL2TPServer'

Фев 21 01:50:49

 

ipsec

16[CFG] received stroke: add connection 'L2TP0'

Фев 21 01:50:49

 

ipsec

16[CFG] added configuration 'L2TP0'

Фев 21 01:50:49

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 01:50:49

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 01:50:49

 

ndm

IpSec::Configurator: reloading IPsec config task done.

Фев 21 01:50:49

 

ipsec

06[CFG] received stroke: initiate 'L2TP0'

Фев 21 01:50:49

 

ipsec

10[IKE] sending DPD vendor ID

Фев 21 01:50:49

 

ipsec

10[IKE] sending FRAGMENTATION vendor ID

Фев 21 01:50:49

 

ndm

IpSec::Configurator: "L2TP0": crypto map initialized.

Фев 21 01:50:49

 

ipsec

10[IKE] sending NAT-T (RFC 3947) vendor ID

Фев 21 01:50:49

 

ipsec

10[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Фев 21 01:50:49

 

ipsec

10[IKE] initiating Main Mode IKE_SA L2TP0[1] to 95.182.123.183

Фев 21 01:50:50

 

ipsec

13[IKE] received NAT-T (RFC 3947) vendor ID

Фев 21 01:50:50

 

ipsec

13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID

Фев 21 01:50:50

 

ipsec

13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Фев 21 01:50:50

 

ipsec

13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID

Фев 21 01:50:50

 

ipsec

13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID

Фев 21 01:50:50

 

ipsec

13[IKE] received DPD vendor ID

Фев 21 01:50:50

 

ipsec

13[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536

Фев 21 01:50:50

 

ipsec

13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024

Фев 21 01:50:50

 

ipsec

13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536

Фев 21 01:50:50

 

ipsec

15[IKE] found linked key for crypto map 'L2TP0'

Фев 21 01:50:50

 

ipsec

15[IKE] local host is behind NAT, sending keep alives

Фев 21 01:50:50

 

ipsec

07[IKE] IKE_SA L2TP0[1] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]

Фев 21 01:50:50

 

ipsec

07[IKE] scheduling reauthentication in 28780s

Фев 21 01:50:50

 

ipsec

07[IKE] maximum IKE_SA lifetime 28800s

Фев 21 01:50:50

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.

Фев 21 01:50:50

 

ipsec

09[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ

Фев 21 01:50:50

 

ipsec

09[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ

Фев 21 01:50:50

 

ipsec

09[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ

Фев 21 01:50:50

 

ipsec

09[IKE] CHILD_SA L2TP0{1} established with SPIs cee91684_i a5716a43_o and TS 95.31.196.5/32[udp/41271] === 95.182.123.183/32[udp/l2tp]

Фев 21 01:50:50

 

ndm

IpSec::Configurator: crypto map "L2TP0" is up.

Фев 21 01:50:50

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.

Фев 21 01:50:50

 

ndm

Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.

Фев 21 01:50:50

 

ndm

Network::Interface::Ppp: "L2TP0": enabled connection via any interface.

Фев 21 01:50:50

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 01:50:50

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 01:50:51

 

ndm

Core::ConfigurationSaver: configuration saved.

Фев 21 01:50:51

 

ipsec

11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'

Фев 21 01:50:51

 

ipsec

11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'

Фев 21 01:50:51

 

ipsec

11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'

Фев 21 01:50:51

 

ipsec

11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'

Фев 21 01:50:52

 

l2tp[1371]

Plugin pppol2tp.so loaded.

Фев 21 01:50:52

 

l2tp[1371]

pppd 2.4.4-4 started by root, uid 0

Фев 21 01:50:52

 

ndm

Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).

Фев 21 01:50:52

 

pppd_L2TP0

l2tp_control v2.02

Фев 21 01:50:52

 

pppd_L2TP0

remote host: 95.182.123.183:1701

Фев 21 01:50:52

 

pppd_L2TP0

local bind: 95.31.196.5:41271

Фев 21 01:50:53

 

pppd_L2TP0

creating in-kernel L2TP tunnel (R/L 1/57658)

Фев 21 01:50:53

 

pppd_L2TP0

creating in-kernel L2TP session (R/L 1/30906)

Фев 21 01:50:53

 

pppd_L2TP0

L2TP tunnel/session created

Фев 21 01:50:53

 

pppd_L2TP0

PPP channel connected

Фев 21 01:50:53

 

pppd_L2TP0

using channel 1

Фев 21 01:50:53

 

pppd_L2TP0

Using interface ppp0

Фев 21 01:50:53

 

pppd_L2TP0

Connect: ppp0 <--> l2tp[0]

Фев 21 01:50:53

 

pppd_L2TP0

PAP authentication succeeded

Фев 21 01:50:53

 

pppd_L2TP0

local IP address 192.168.30.10

Фев 21 01:50:53

 

pppd_L2TP0

remote IP address 1.0.0.1

Фев 21 01:50:53

 

pppd_L2TP0

primary DNS address 192.168.30.1

Фев 21 01:50:53

 

ipsec

10[KNL] unable to receive from RT event socket No buffer space available (132)

Фев 21 01:50:53

 

ndm

Network::Interface::Base: "L2TP0": interface is up.

Фев 21 01:50:53

 

ndm

Network::Interface::Base: "L2TP0": interface is up.

Фев 21 01:50:53

 

ndm

Network::Interface::Ppp: "L2TP0": interface "L2TP0" is global, priority 65502.

Фев 21 01:50:53

 

ndm

Network::Interface::Ppp: "L2TP0": adding default route via L2TP0.

Фев 21 01:50:53

 

ndm

Network::Interface::Ppp: "L2TP0": adding nameserver 192.168.30.1.

Фев 21 01:50:53

 

ndm

Dns::Manager: name server 192.168.30.1 added, domain (default).

Фев 21 01:50:53

 

ndm

Network::Interface::Ip: "L2TP0": IP address is 192.168.30.10/32.

Фев 21 01:50:54

 

coalagent

updating configuration...

Фев 21 01:50:54

 

ndm

Http::Nginx: loaded SSL certificate for "3fff06087455fb639118b3ac.keenetic.io".

Фев 21 01:50:54

 

ndm

Http::Nginx: loaded SSL certificate for "dsolo.keenetic.name".

Фев 21 01:50:54

 

ndm

Core::Server: started Session /var/run/ndm.core.socket.

Фев 21 01:50:55

 

ipsec

14[KNL] unable to receive from RT event socket No buffer space available (132)

Фев 21 01:50:55

 

ndm

Core::Session: client disconnected.

Фев 21 01:50:55

 

ndm

Http::Manager: updated configuration.

Фев 21 01:50:55

 

ndm

Core::Server: started Session /var/run/ndm.core.socket.

Фев 21 01:50:55

 

ndm

Core::Session: client disconnected.

Фев 21 01:50:56

 

ipsec

12[KNL] unable to receive from RT event socket No buffer space available (132)

Фев 21 01:50:57

 

ipsec

15[KNL] unable to receive from RT event socket No buffer space available (132)

Фев 21 01:50:57

 

bird4

Kernel dropped some netlink messages, will resync on next scan.

 

Инструкция по переводу в ручной режим не работает, если закомментировать строку, как написано на github, то затем просто не запускается скрипт.

Spoiler

~ # /opt/etc/cron.daily/add-bird4_routes.sh
curl: no URL specified!
curl: try 'curl --help' for more information

На данный момент считаю что система с BGP вообще не состоятельна, просматриваю статистику в админке кинетика, через VPN огромное количество трафика идёт, хотя по факту надо фильтровать 3-5 сайтов, на которые я хожу раз в пару дней. Также не раз сталкиваюсь со сбоями, что непосредственно сайты мне говорят, что во время работы у вас сменился IP, а должен оставаться постоянным.

Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP.

[dsolo 0]

В файле add-bird4_routes.sh закомментировал ещё строку "curl -sf $URL0 | sed 's/^/route /' | sed  's/$/ via "'$VPN'";/' >> $ROUTE"б, теперь скрипт запускается. Но всё равно после первого подключения к VPN всё ломается.
Перестаёт подключаться к VPN. Я даже не могу объяснить это. Переключаю ползунок рядом с VPN в "Другие подключения", всё ок, написано "Готов". Потом спустя время вижу "Ошибка подключения" и в журнале циклично пытается подключиться. Привожу копипаст одного цикла.
 

Spoiler

Фев 21 02:18:34

 

ndm

Core::Syslog: the system log has been cleared.

Фев 21 02:18:35

 

bndstrg

band steering: send BTM request to 32:a3:28:83:e8:e4 for roam to 2.4GHz band (Low RSSI: -78)

Фев 21 02:18:35

 

bndstrg

band steering: WNM client 32:a3:28:83:e8:e4 rejected 2.4GHz band (code: 6)

Фев 21 02:18:38

 

pppd_L2TP0

control init failed

Фев 21 02:18:38

 

pppd_L2TP0

Couldn't get channel number: Bad file descriptor

Фев 21 02:18:38

 

pppd_L2TP0

Exit.

Фев 21 02:18:38

 

ndm

Service: "L2TP0": unexpectedly stopped.

Фев 21 02:18:38

 

ndm

Network::Interface::Base: "L2TP0": interface is up.

Фев 21 02:18:38

 

ndm

Network::Interface::Ppp: "L2TP0": disabled connection.

Фев 21 02:18:38

 

ndm

IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.

Фев 21 02:18:38

 

ndm

Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".

Фев 21 02:18:38

 

ndm

Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).

Фев 21 02:18:38

 

ndm

Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".

Фев 21 02:18:38

 

ndm

Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).

Фев 21 02:18:38

 

ndm

Network::Interface::L2tp: "L2TP0": using port 41286 as local.

Фев 21 02:18:38

 

ndm

Network::Interface::L2tp: "L2TP0": updating IP secure configuration.

Фев 21 02:18:38

 

ndm

IpSec::Manager: "L2TP0": IP secure connection was added.

Фев 21 02:18:40

 

ndm

IpSec::Manager: create IPsec reconfiguration transaction...

Фев 21 02:18:40

 

ndm

IpSec::Manager: add config for crypto map "VPNL2TPServer".

Фев 21 02:18:40

 

ndm

IpSec::Manager: add config for crypto map "L2TP0".

Фев 21 02:18:40

 

ndm

IpSec::Manager: IPsec reconfiguration transaction was created.

Фев 21 02:18:41

 

ndm

IpSec::Configurator: start applying IPsec configuration.

Фев 21 02:18:41

 

ndm

IpSec::Configurator: IPsec configuration applying is done.

Фев 21 02:18:41

 

ndm

IpSec::Configurator: start reloading IKE keys task.

Фев 21 02:18:41

 

ndm

Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer.

Фев 21 02:18:41

 

ndm

Network::Interface::Ppp: "L2TP0": disabled connection.

Фев 21 02:18:41

 

ipsec

03[CFG] rereading secrets

Фев 21 02:18:41

 

ipsec

03[CFG] loading secrets

Фев 21 02:18:41

 

ipsec

03[CFG] loaded IKE secret for %any

Фев 21 02:18:41

 

ipsec

03[CFG] loaded IKE secret for cmap:L2TP0

Фев 21 02:18:41

 

ipsec

03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'

Фев 21 02:18:41

 

ndm

IpSec::Configurator: reloading IKE keys task done.

Фев 21 02:18:41

 

ndm

Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".

Фев 21 02:18:41

 

ndm

Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).

Фев 21 02:18:41

 

ndm

Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".

Фев 21 02:18:41

 

ndm

Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).

Фев 21 02:18:41

 

ndm

Network::Interface::L2tp: "L2TP0": using port 41216 as local.

Фев 21 02:18:41

 

ndm

Network::Interface::L2tp: "L2TP0": updating IP secure configuration.

Фев 21 02:18:41

 

ndm

IpSec::Manager: "L2TP0": IP secure connection and keys was deleted.

Фев 21 02:18:41

 

ndm

IpSec::Manager: "L2TP0": IP secure connection was added.

Фев 21 02:18:41

 

ndm

IpSec::Configurator: start reloading IPsec config task.

Фев 21 02:18:41

 

ipsec

13[CFG] received stroke: delete connection 'VPNL2TPServer'

Фев 21 02:18:41

 

ipsec

13[CFG] deleted connection 'VPNL2TPServer'

Фев 21 02:18:41

 

ipsec

05[CFG] received stroke: delete connection 'L2TP0'

Фев 21 02:18:41

 

ipsec

05[CFG] deleted connection 'L2TP0'

Фев 21 02:18:41

 

ipsec

00[DMN] signal of type SIGHUP received. Reloading configuration

Фев 21 02:18:41

 

ipsec

06[CFG] received stroke: add connection 'VPNL2TPServer'

Фев 21 02:18:41

 

ipsec

00[CFG] loaded 0 entries for attr plugin configuration

Фев 21 02:18:41

 

ipsec

06[CFG] added configuration 'VPNL2TPServer'

Фев 21 02:18:41

 

ipsec

11[CFG] received stroke: add connection 'L2TP0'

Фев 21 02:18:41

 

ipsec

00[CFG] loaded 1 RADIUS server configuration

Фев 21 02:18:41

 

ipsec

11[CFG] added configuration 'L2TP0'

Фев 21 02:18:41

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 02:18:41

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 02:18:41

 

ndm

IpSec::Configurator: reloading IPsec config task done.

Фев 21 02:18:43

 

ndm

IpSec::Configurator: "L2TP0": crypto map shutdown started.

Фев 21 02:18:43

 

ipsec

12[CFG] received stroke: unroute 'L2TP0'

Фев 21 02:18:43

 

ipsec

03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'

Фев 21 02:18:43

 

ipsec

03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'

Фев 21 02:18:43

 

ipsec

03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'

Фев 21 02:18:43

 

ipsec

03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'

Фев 21 02:18:43

 

ndm

IpSec::Manager: create IPsec reconfiguration transaction...

Фев 21 02:18:43

 

ipsec

13[CFG] received stroke: terminate 'L2TP0{*}'

Фев 21 02:18:43

 

ipsec

16[IKE] closing CHILD_SA L2TP0{2} with SPIs c21801e1_i (0 bytes) 5af2ad6f_o (435 bytes) and TS 95.31.196.5/32[udp/41289] === 95.182.123.183/32[udp/l2tp]

Фев 21 02:18:43

 

ipsec

07[CFG] received stroke: terminate 'L2TP0[*]'

Фев 21 02:18:43

 

ndm

IpSec::Configurator: "L2TP0": crypto map shutdown complete.

Фев 21 02:18:43

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.

Фев 21 02:18:43

 

ndm

IpSec::Manager: add config for crypto map "VPNL2TPServer".

Фев 21 02:18:43

 

ndm

IpSec::Manager: add config for crypto map "L2TP0".

Фев 21 02:18:43

 

ndm

IpSec::Manager: IPsec reconfiguration transaction was created.

Фев 21 02:18:43

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.

Фев 21 02:18:43

 

ndm

IpSec::Configurator: start applying IPsec configuration.

Фев 21 02:18:43

 

ndm

IpSec::Configurator: IPsec configuration applying is done.

Фев 21 02:18:43

 

ndm

IpSec::Configurator: start reloading IKE keys task.

Фев 21 02:18:43

 

ipsec

08[CFG] rereading secrets

Фев 21 02:18:43

 

ipsec

08[CFG] loading secrets

Фев 21 02:18:43

 

ipsec

08[CFG] loaded IKE secret for %any

Фев 21 02:18:43

 

ipsec

08[CFG] loaded IKE secret for cmap:L2TP0

Фев 21 02:18:43

 

ipsec

08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'

Фев 21 02:18:43

 

ndm

IpSec::Configurator: reloading IKE keys task done.

Фев 21 02:18:43

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.

Фев 21 02:18:43

 

ipsec

16[IKE] sending DELETE for ESP CHILD_SA with SPI c21801e1

Фев 21 02:18:43

 

ipsec

11[IKE] deleting IKE_SA L2TP0[2] between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]

Фев 21 02:18:43

 

ipsec

11[IKE] sending DELETE for IKE_SA L2TP0[2]

Фев 21 02:18:43

 

ndm

IpSec::Configurator: start reloading IPsec config task.

Фев 21 02:18:43

 

ipsec

12[CFG] received stroke: delete connection 'VPNL2TPServer'

Фев 21 02:18:43

 

ipsec

12[CFG] deleted connection 'VPNL2TPServer'

Фев 21 02:18:43

 

ipsec

10[CFG] received stroke: delete connection 'L2TP0'

Фев 21 02:18:43

 

ipsec

10[CFG] deleted connection 'L2TP0'

Фев 21 02:18:43

 

ipsec

00[DMN] signal of type SIGHUP received. Reloading configuration

Фев 21 02:18:43

 

ipsec

13[CFG] received stroke: add connection 'VPNL2TPServer'

Фев 21 02:18:43

 

ipsec

00[CFG] loaded 0 entries for attr plugin configuration

Фев 21 02:18:43

 

ipsec

00[CFG] loaded 1 RADIUS server configuration

Фев 21 02:18:43

 

ipsec

13[CFG] added configuration 'VPNL2TPServer'

Фев 21 02:18:43

 

ipsec

03[CFG] received stroke: add connection 'L2TP0'

Фев 21 02:18:43

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 02:18:43

 

ipsec

03[CFG] added configuration 'L2TP0'

Фев 21 02:18:43

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 02:18:43

 

ndm

IpSec::Configurator: reloading IPsec config task done.

Фев 21 02:18:43

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.

Фев 21 02:18:45

 

ndm

IpSec::Configurator: "L2TP0": crypto map shutdown started.

Фев 21 02:18:45

 

ipsec

08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'

Фев 21 02:18:45

 

ipsec

08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'

Фев 21 02:18:45

 

ipsec

08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'

Фев 21 02:18:45

 

ipsec

08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'

Фев 21 02:18:45

 

ipsec

16[CFG] received stroke: unroute 'L2TP0'

Фев 21 02:18:45

 

ipsec

14[CFG] received stroke: terminate 'L2TP0{*}'

Фев 21 02:18:45

 

ipsec

14[CFG] no CHILD_SA named 'L2TP0' found

Фев 21 02:18:45

 

ipsec

07[CFG] received stroke: terminate 'L2TP0[*]'

Фев 21 02:18:45

 

ipsec

07[CFG] no IKE_SA named 'L2TP0' found

Фев 21 02:18:45

 

ndm

IpSec::Configurator: "L2TP0": crypto map shutdown complete.

Фев 21 02:18:46

 

ipsec

10[CFG] received stroke: initiate 'L2TP0'

Фев 21 02:18:46

 

ipsec

05[IKE] sending DPD vendor ID

Фев 21 02:18:46

 

ndm

IpSec::Configurator: "L2TP0": crypto map initialized.

Фев 21 02:18:46

 

ipsec

05[IKE] sending FRAGMENTATION vendor ID

Фев 21 02:18:46

 

ipsec

05[IKE] sending NAT-T (RFC 3947) vendor ID

Фев 21 02:18:46

 

ipsec

05[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Фев 21 02:18:46

 

ipsec

05[IKE] initiating Main Mode IKE_SA L2TP0[3] to 95.182.123.183

Фев 21 02:18:46

 

ipsec

06[IKE] received NAT-T (RFC 3947) vendor ID

Фев 21 02:18:46

 

ipsec

06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID

Фев 21 02:18:46

 

ipsec

06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID

Фев 21 02:18:46

 

ipsec

06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID

Фев 21 02:18:46

 

ipsec

06[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID

Фев 21 02:18:46

 

ipsec

06[IKE] received DPD vendor ID

Фев 21 02:18:46

 

ipsec

06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536

Фев 21 02:18:46

 

ipsec

06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024

Фев 21 02:18:46

 

ipsec

06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536

Фев 21 02:18:46

 

ipsec

13[IKE] found linked key for crypto map 'L2TP0'

Фев 21 02:18:46

 

ipsec

13[IKE] local host is behind NAT, sending keep alives

Фев 21 02:18:46

 

ipsec

16[IKE] IKE_SA L2TP0[3] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]

Фев 21 02:18:46

 

ipsec

16[IKE] scheduling reauthentication in 28770s

Фев 21 02:18:46

 

ipsec

16[IKE] maximum IKE_SA lifetime 28790s

Фев 21 02:18:47

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.

Фев 21 02:18:47

 

ipsec

08[IKE] no matching CHILD_SA config found for 95.182.123.183/32[udp/l2tp] === 95.31.196.5/32[udp/41289]

Фев 21 02:18:47

 

ipsec

03[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ

Фев 21 02:18:47

 

ipsec

03[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ

Фев 21 02:18:47

 

ipsec

03[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ

Фев 21 02:18:47

 

ipsec

03[IKE] CHILD_SA L2TP0{3} established with SPIs cac9ac1a_i 0bddf96a_o and TS 95.31.196.5/32[udp/41216] === 95.182.123.183/32[udp/l2tp]

Фев 21 02:18:47

 

ndm

IpSec::Configurator: crypto map "L2TP0" is up.

Фев 21 02:18:47

 

ndm

IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.

Фев 21 02:18:47

 

ndm

Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.

Фев 21 02:18:47

 

ndm

Network::Interface::Ppp: "L2TP0": enabled connection via any interface.

Фев 21 02:18:47

 

ndm

IpSec::IpSecNetfilter: start reloading netfilter configuration...

Фев 21 02:18:47

 

ndm

IpSec::IpSecNetfilter: netfilter configuration reloading is done.

Фев 21 02:18:48

 

ipsec

09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit

Фев 21 02:18:49

 

l2tp[2031]

Plugin pppol2tp.so loaded.

Фев 21 02:18:49

 

l2tp[2031]

pppd 2.4.4-4 started by root, uid 0

Фев 21 02:18:49

 

ndm

Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).

Фев 21 02:18:49

 

pppd_L2TP0

l2tp_control v2.02

Фев 21 02:18:49

 

pppd_L2TP0

remote host: 95.182.123.183:1701

Фев 21 02:18:49

 

pppd_L2TP0

local bind: 95.31.196.5:41216

Фев 21 02:18:50

 

ipsec

09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit

Фев 21 02:18:51

 

pppd_L2TP0

l2tp: timeout of sccrp, retry sccrq, try: 1

Фев 21 02:18:52

 

ipsec

07[IKE] received retransmit of request with ID 2474906703, but no response to retransmit

Фев 21 02:18:53

 

pppd_L2TP0

l2tp: timeout of sccrp, retry sccrq, try: 2

Фев 21 02:18:55

 

pppd_L2TP0

l2tp: timeout of sccrp, retry sccrq, try: 3

Фев 21 02:18:57

 

pppd_L2TP0

l2tp: timeout of sccrp, retry sccrq, try: 4

Фев 21 02:18:57

 

ipsec

14[IKE] received DELETE for ESP CHILD_SA with SPI b9da6b32

Фев 21 02:18:57

 

ipsec

14[IKE] CHILD_SA not found, ignored

Фев 21 02:18:59

 

pppd_L2TP0

l2tp: timeout of sccrp, retry sccrq, try: 5

Фев 21 02:18:59

 

pppd_L2TP0

l2tp: sccrq failed, fatal

Фев 21 02:18:59

 

pppd_L2TP0

l2tp: shutting down control connection

Фев 21 02:19:01

 

pppd_L2TP0

l2tp: shutdown completed

 

Edited February 20 by dsolo

[DennoN 9]

@dsolo

https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/cron.daily/add-bird4_routes.sh
вот в этом файле закоментируй пятую и пятнадцатую строку вот так:

Скрытый текст

#!/bin/sh

ISP=eth3
VPN=ppp0
#URL0=https://antifilter.download/list/allyouneed.lst - вот в эту строку в начале поставить #

ROUTE=/opt/etc/bird4-routes.list
VPNTXT=/opt/etc/bird4-vpn.txt
ISPTXT=/opt/etc/bird4-isp.txt

[ -f "$ROUTE" ] && cat /dev/null > $ROUTE

/opt/root/addip.sh $VPNTXT $VPN $ROUTE
/opt/root/addip.sh $ISPTXT $ISP $ROUTE
#curl -sf $URL0 | sed 's/^/route /' | sed  's/$/ via "'$VPN'";/' >> $ROUTE - вот тут тоже можно закрмментировать

killall -s SIGHUP bird4

 

все остальные файлы верни в изначальное состояние.

Так же надо заполнить файл

https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/bird4-vpn.txt

списком адресов или доменов, которые тебе надо пустить через впн.

После этого запускай скрипт

/opt/etc/cron.daily/add-bird4_routes.sh

Edited February 21 by DennoN