Mr.Scayger Posted January 6 Report post 01/06/2021 09:31 AM Важное дополнение - если на роутере включены ПРИОРИТЕТЫ ПОДКЛЮЧЕНИЙ и настроена ПРИВЯЗКА УСТРОЙСТВ К ПРОФИЛЯМ, то устройство, с которого производится проверка, должно находиться в ОСНОВНОМ ПРОФИЛЕ. Убил на это кучу времени, пока понял. Возможно, что если поиграть настройками дополнительных профилей, то заработает и с ними, но я не стал экспериментировать. Quote Share this post Link to post Share on other sites More sharing options...
dsolo Posted February 20 Report post 02/20/2021 11:04 PM Вероятно мой сервер попал в список "заблокированных", как ранее писали ложные срабатывания возможны за счёт того, что список формируется не по 1 IP в строке, а как бы масками. Перезагружаю роутер с выключенным VPN. Подключаюсь по SSH к своему VPN-серверу, всё ок, В "Другие подключения" включаю VPN. После этого больше не могу подключиться по SSH к своему серверу. Добавил в белый список IP и домен своего сервера. Не помогает. Spoiler Фев 21 01:50:47 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:47 ndm IpSec::Manager: service enabled. Фев 21 01:50:47 ndm Core::ConfigurationSaver: saving configuration... Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 01:50:47 ndm Network::Interface::L2tp: "L2TP0": using port 41271 as local. Фев 21 01:50:47 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 01:50:47 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 01:50:47 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:47 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:49 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 01:50:49 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 01:50:49 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 01:50:49 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 01:50:49 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 01:50:49 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 01:50:49 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 01:50:49 ipsec 11[CFG] rereading secrets Фев 21 01:50:49 ipsec 11[CFG] loading secrets Фев 21 01:50:49 ipsec 11[CFG] loaded IKE secret for %any Фев 21 01:50:49 ipsec 11[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 01:50:49 ipsec 11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 01:50:49 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 01:50:49 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 01:50:49 ipsec 14[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 14[CFG] deleted connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 01:50:49 ipsec 08[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 01:50:49 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 01:50:49 ipsec 08[CFG] added configuration 'VPNL2TPServer' Фев 21 01:50:49 ipsec 16[CFG] received stroke: add connection 'L2TP0' Фев 21 01:50:49 ipsec 16[CFG] added configuration 'L2TP0' Фев 21 01:50:49 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:49 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:49 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 01:50:49 ipsec 06[CFG] received stroke: initiate 'L2TP0' Фев 21 01:50:49 ipsec 10[IKE] sending DPD vendor ID Фев 21 01:50:49 ipsec 10[IKE] sending FRAGMENTATION vendor ID Фев 21 01:50:49 ndm IpSec::Configurator: "L2TP0": crypto map initialized. Фев 21 01:50:49 ipsec 10[IKE] sending NAT-T (RFC 3947) vendor ID Фев 21 01:50:49 ipsec 10[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 01:50:49 ipsec 10[IKE] initiating Main Mode IKE_SA L2TP0[1] to 95.182.123.183 Фев 21 01:50:50 ipsec 13[IKE] received NAT-T (RFC 3947) vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received DPD vendor ID Фев 21 01:50:50 ipsec 13[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 01:50:50 ipsec 13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Фев 21 01:50:50 ipsec 13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 01:50:50 ipsec 15[IKE] found linked key for crypto map 'L2TP0' Фев 21 01:50:50 ipsec 15[IKE] local host is behind NAT, sending keep alives Фев 21 01:50:50 ipsec 07[IKE] IKE_SA L2TP0[1] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 01:50:50 ipsec 07[IKE] scheduling reauthentication in 28780s Фев 21 01:50:50 ipsec 07[IKE] maximum IKE_SA lifetime 28800s Фев 21 01:50:50 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. Фев 21 01:50:50 ipsec 09[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[IKE] CHILD_SA L2TP0{1} established with SPIs cee91684_i a5716a43_o and TS 95.31.196.5/32[udp/41271] === 95.182.123.183/32[udp/l2tp] Фев 21 01:50:50 ndm IpSec::Configurator: crypto map "L2TP0" is up. Фев 21 01:50:50 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. Фев 21 01:50:50 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. Фев 21 01:50:50 ndm Network::Interface::Ppp: "L2TP0": enabled connection via any interface. Фев 21 01:50:50 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:50 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:51 ndm Core::ConfigurationSaver: configuration saved. Фев 21 01:50:51 ipsec 11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 01:50:51 ipsec 11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 01:50:51 ipsec 11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 01:50:51 ipsec 11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 01:50:52 l2tp[1371] Plugin pppol2tp.so loaded. Фев 21 01:50:52 l2tp[1371] pppd 2.4.4-4 started by root, uid 0 Фев 21 01:50:52 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 01:50:52 pppd_L2TP0 l2tp_control v2.02 Фев 21 01:50:52 pppd_L2TP0 remote host: 95.182.123.183:1701 Фев 21 01:50:52 pppd_L2TP0 local bind: 95.31.196.5:41271 Фев 21 01:50:53 pppd_L2TP0 creating in-kernel L2TP tunnel (R/L 1/57658) Фев 21 01:50:53 pppd_L2TP0 creating in-kernel L2TP session (R/L 1/30906) Фев 21 01:50:53 pppd_L2TP0 L2TP tunnel/session created Фев 21 01:50:53 pppd_L2TP0 PPP channel connected Фев 21 01:50:53 pppd_L2TP0 using channel 1 Фев 21 01:50:53 pppd_L2TP0 Using interface ppp0 Фев 21 01:50:53 pppd_L2TP0 Connect: ppp0 <--> l2tp[0] Фев 21 01:50:53 pppd_L2TP0 PAP authentication succeeded Фев 21 01:50:53 pppd_L2TP0 local IP address 192.168.30.10 Фев 21 01:50:53 pppd_L2TP0 remote IP address 1.0.0.1 Фев 21 01:50:53 pppd_L2TP0 primary DNS address 192.168.30.1 Фев 21 01:50:53 ipsec 10[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:53 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:53 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": interface "L2TP0" is global, priority 65502. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": adding default route via L2TP0. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": adding nameserver 192.168.30.1. Фев 21 01:50:53 ndm Dns::Manager: name server 192.168.30.1 added, domain (default). Фев 21 01:50:53 ndm Network::Interface::Ip: "L2TP0": IP address is 192.168.30.10/32. Фев 21 01:50:54 coalagent updating configuration... Фев 21 01:50:54 ndm Http::Nginx: loaded SSL certificate for "3fff06087455fb639118b3ac.keenetic.io". Фев 21 01:50:54 ndm Http::Nginx: loaded SSL certificate for "dsolo.keenetic.name". Фев 21 01:50:54 ndm Core::Server: started Session /var/run/ndm.core.socket. Фев 21 01:50:55 ipsec 14[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:55 ndm Core::Session: client disconnected. Фев 21 01:50:55 ndm Http::Manager: updated configuration. Фев 21 01:50:55 ndm Core::Server: started Session /var/run/ndm.core.socket. Фев 21 01:50:55 ndm Core::Session: client disconnected. Фев 21 01:50:56 ipsec 12[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:57 ipsec 15[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:57 bird4 Kernel dropped some netlink messages, will resync on next scan. Инструкция по переводу в ручной режим не работает, если закомментировать строку, как написано на github, то затем просто не запускается скрипт. Spoiler ~ # /opt/etc/cron.daily/add-bird4_routes.sh curl: no URL specified! curl: try 'curl --help' for more information На данный момент считаю что система с BGP вообще не состоятельна, просматриваю статистику в админке кинетика, через VPN огромное количество трафика идёт, хотя по факту надо фильтровать 3-5 сайтов, на которые я хожу раз в пару дней. Также не раз сталкиваюсь со сбоями, что непосредственно сайты мне говорят, что во время работы у вас сменился IP, а должен оставаться постоянным. Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP. Quote Share this post Link to post Share on other sites More sharing options...
dsolo Posted February 20 Report post 02/20/2021 11:21 PM (edited) В файле add-bird4_routes.sh закомментировал ещё строку "curl -sf $URL0 | sed 's/^/route /' | sed 's/$/ via "'$VPN'";/' >> $ROUTE"б, теперь скрипт запускается. Но всё равно после первого подключения к VPN всё ломается. Перестаёт подключаться к VPN. Я даже не могу объяснить это. Переключаю ползунок рядом с VPN в "Другие подключения", всё ок, написано "Готов". Потом спустя время вижу "Ошибка подключения" и в журнале циклично пытается подключиться. Привожу копипаст одного цикла. Spoiler Фев 21 02:18:34 ndm Core::Syslog: the system log has been cleared. Фев 21 02:18:35 bndstrg band steering: send BTM request to 32:a3:28:83:e8:e4 for roam to 2.4GHz band (Low RSSI: -78) Фев 21 02:18:35 bndstrg band steering: WNM client 32:a3:28:83:e8:e4 rejected 2.4GHz band (code: 6) Фев 21 02:18:38 pppd_L2TP0 control init failed Фев 21 02:18:38 pppd_L2TP0 Couldn't get channel number: Bad file descriptor Фев 21 02:18:38 pppd_L2TP0 Exit. Фев 21 02:18:38 ndm Service: "L2TP0": unexpectedly stopped. Фев 21 02:18:38 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 02:18:38 ndm Network::Interface::Ppp: "L2TP0": disabled connection. Фев 21 02:18:38 ndm IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:38 ndm Network::Interface::L2tp: "L2TP0": using port 41286 as local. Фев 21 02:18:38 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 02:18:38 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 02:18:40 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 02:18:40 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 02:18:40 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 02:18:40 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 02:18:41 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 02:18:41 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 02:18:41 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. Фев 21 02:18:41 ndm Network::Interface::Ppp: "L2TP0": disabled connection. Фев 21 02:18:41 ipsec 03[CFG] rereading secrets Фев 21 02:18:41 ipsec 03[CFG] loading secrets Фев 21 02:18:41 ipsec 03[CFG] loaded IKE secret for %any Фев 21 02:18:41 ipsec 03[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 02:18:41 ipsec 03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 02:18:41 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": using port 41216 as local. Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 02:18:41 ndm IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. Фев 21 02:18:41 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 02:18:41 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 02:18:41 ipsec 13[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 13[CFG] deleted connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 05[CFG] received stroke: delete connection 'L2TP0' Фев 21 02:18:41 ipsec 05[CFG] deleted connection 'L2TP0' Фев 21 02:18:41 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 02:18:41 ipsec 06[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 02:18:41 ipsec 06[CFG] added configuration 'VPNL2TPServer' Фев 21 02:18:41 ipsec 11[CFG] received stroke: add connection 'L2TP0' Фев 21 02:18:41 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 02:18:41 ipsec 11[CFG] added configuration 'L2TP0' Фев 21 02:18:41 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:41 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:41 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 02:18:43 ndm IpSec::Configurator: "L2TP0": crypto map shutdown started. Фев 21 02:18:43 ipsec 12[CFG] received stroke: unroute 'L2TP0' Фев 21 02:18:43 ipsec 03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 02:18:43 ipsec 03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 02:18:43 ipsec 03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 02:18:43 ipsec 03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 02:18:43 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 02:18:43 ipsec 13[CFG] received stroke: terminate 'L2TP0{*}' Фев 21 02:18:43 ipsec 16[IKE] closing CHILD_SA L2TP0{2} with SPIs c21801e1_i (0 bytes) 5af2ad6f_o (435 bytes) and TS 95.31.196.5/32[udp/41289] === 95.182.123.183/32[udp/l2tp] Фев 21 02:18:43 ipsec 07[CFG] received stroke: terminate 'L2TP0[*]' Фев 21 02:18:43 ndm IpSec::Configurator: "L2TP0": crypto map shutdown complete. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 02:18:43 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 02:18:43 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 02:18:43 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 02:18:43 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 02:18:43 ipsec 08[CFG] rereading secrets Фев 21 02:18:43 ipsec 08[CFG] loading secrets Фев 21 02:18:43 ipsec 08[CFG] loaded IKE secret for %any Фев 21 02:18:43 ipsec 08[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 02:18:43 ipsec 08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 02:18:43 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c21801e1 Фев 21 02:18:43 ipsec 11[IKE] deleting IKE_SA L2TP0[2] between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 02:18:43 ipsec 11[IKE] sending DELETE for IKE_SA L2TP0[2] Фев 21 02:18:43 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 02:18:43 ipsec 12[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 12[CFG] deleted connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 10[CFG] received stroke: delete connection 'L2TP0' Фев 21 02:18:43 ipsec 10[CFG] deleted connection 'L2TP0' Фев 21 02:18:43 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 02:18:43 ipsec 13[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 02:18:43 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 02:18:43 ipsec 13[CFG] added configuration 'VPNL2TPServer' Фев 21 02:18:43 ipsec 03[CFG] received stroke: add connection 'L2TP0' Фев 21 02:18:43 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:43 ipsec 03[CFG] added configuration 'L2TP0' Фев 21 02:18:43 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:43 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:45 ndm IpSec::Configurator: "L2TP0": crypto map shutdown started. Фев 21 02:18:45 ipsec 08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 02:18:45 ipsec 08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 02:18:45 ipsec 08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 02:18:45 ipsec 08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 02:18:45 ipsec 16[CFG] received stroke: unroute 'L2TP0' Фев 21 02:18:45 ipsec 14[CFG] received stroke: terminate 'L2TP0{*}' Фев 21 02:18:45 ipsec 14[CFG] no CHILD_SA named 'L2TP0' found Фев 21 02:18:45 ipsec 07[CFG] received stroke: terminate 'L2TP0[*]' Фев 21 02:18:45 ipsec 07[CFG] no IKE_SA named 'L2TP0' found Фев 21 02:18:45 ndm IpSec::Configurator: "L2TP0": crypto map shutdown complete. Фев 21 02:18:46 ipsec 10[CFG] received stroke: initiate 'L2TP0' Фев 21 02:18:46 ipsec 05[IKE] sending DPD vendor ID Фев 21 02:18:46 ndm IpSec::Configurator: "L2TP0": crypto map initialized. Фев 21 02:18:46 ipsec 05[IKE] sending FRAGMENTATION vendor ID Фев 21 02:18:46 ipsec 05[IKE] sending NAT-T (RFC 3947) vendor ID Фев 21 02:18:46 ipsec 05[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 02:18:46 ipsec 05[IKE] initiating Main Mode IKE_SA L2TP0[3] to 95.182.123.183 Фев 21 02:18:46 ipsec 06[IKE] received NAT-T (RFC 3947) vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received DPD vendor ID Фев 21 02:18:46 ipsec 06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 02:18:46 ipsec 06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Фев 21 02:18:46 ipsec 06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 02:18:46 ipsec 13[IKE] found linked key for crypto map 'L2TP0' Фев 21 02:18:46 ipsec 13[IKE] local host is behind NAT, sending keep alives Фев 21 02:18:46 ipsec 16[IKE] IKE_SA L2TP0[3] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 02:18:46 ipsec 16[IKE] scheduling reauthentication in 28770s Фев 21 02:18:46 ipsec 16[IKE] maximum IKE_SA lifetime 28790s Фев 21 02:18:47 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. Фев 21 02:18:47 ipsec 08[IKE] no matching CHILD_SA config found for 95.182.123.183/32[udp/l2tp] === 95.31.196.5/32[udp/41289] Фев 21 02:18:47 ipsec 03[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[IKE] CHILD_SA L2TP0{3} established with SPIs cac9ac1a_i 0bddf96a_o and TS 95.31.196.5/32[udp/41216] === 95.182.123.183/32[udp/l2tp] Фев 21 02:18:47 ndm IpSec::Configurator: crypto map "L2TP0" is up. Фев 21 02:18:47 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. Фев 21 02:18:47 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. Фев 21 02:18:47 ndm Network::Interface::Ppp: "L2TP0": enabled connection via any interface. Фев 21 02:18:47 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:47 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:48 ipsec 09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:49 l2tp[2031] Plugin pppol2tp.so loaded. Фев 21 02:18:49 l2tp[2031] pppd 2.4.4-4 started by root, uid 0 Фев 21 02:18:49 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:49 pppd_L2TP0 l2tp_control v2.02 Фев 21 02:18:49 pppd_L2TP0 remote host: 95.182.123.183:1701 Фев 21 02:18:49 pppd_L2TP0 local bind: 95.31.196.5:41216 Фев 21 02:18:50 ipsec 09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:51 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 1 Фев 21 02:18:52 ipsec 07[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:53 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 2 Фев 21 02:18:55 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 3 Фев 21 02:18:57 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 4 Фев 21 02:18:57 ipsec 14[IKE] received DELETE for ESP CHILD_SA with SPI b9da6b32 Фев 21 02:18:57 ipsec 14[IKE] CHILD_SA not found, ignored Фев 21 02:18:59 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 5 Фев 21 02:18:59 pppd_L2TP0 l2tp: sccrq failed, fatal Фев 21 02:18:59 pppd_L2TP0 l2tp: shutting down control connection Фев 21 02:19:01 pppd_L2TP0 l2tp: shutdown completed Edited February 20 by dsolo Quote Share this post Link to post Share on other sites More sharing options...
DennoN Posted February 21 Report post 02/21/2021 08:40 AM (edited) @dsolo https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/cron.daily/add-bird4_routes.sh вот в этом файле закоментируй пятую и пятнадцатую строку вот так: Скрытый текст #!/bin/sh ISP=eth3 VPN=ppp0 #URL0=https://antifilter.download/list/allyouneed.lst - вот в эту строку в начале поставить # ROUTE=/opt/etc/bird4-routes.list VPNTXT=/opt/etc/bird4-vpn.txt ISPTXT=/opt/etc/bird4-isp.txt [ -f "$ROUTE" ] && cat /dev/null > $ROUTE /opt/root/addip.sh $VPNTXT $VPN $ROUTE /opt/root/addip.sh $ISPTXT $ISP $ROUTE #curl -sf $URL0 | sed 's/^/route /' | sed 's/$/ via "'$VPN'";/' >> $ROUTE - вот тут тоже можно закрмментировать killall -s SIGHUP bird4 все остальные файлы верни в изначальное состояние. Так же надо заполнить файл https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/bird4-vpn.txt списком адресов или доменов, которые тебе надо пустить через впн. После этого запускай скрипт /opt/etc/cron.daily/add-bird4_routes.sh Edited February 21 by DennoN Quote Share this post Link to post Share on other sites More sharing options...
Mr.Scayger Posted March 22 Report post 03/22/2021 12:05 PM On 2/21/2021 at 2:04 AM, dsolo said: Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP. Удалить все скрипты, настроить VPN, в админке кинетика "Сетевые правила/Маршрутизация" добавить вручную нужные маршруты по типу: 35.184.0.0/13 vpn-интерфейс Да Google LLC (Spotify) 208.85.40.0/21 vpn-интерфейс Да www.pandora.com Quote Share this post Link to post Share on other sites More sharing options...
