Report post 01/06/2021 09:31 AM Важное дополнение - если на роутере включены ПРИОРИТЕТЫ ПОДКЛЮЧЕНИЙ и настроена ПРИВЯЗКА УСТРОЙСТВ К ПРОФИЛЯМ, то устройство, с которого производится проверка, должно находиться в ОСНОВНОМ ПРОФИЛЕ. Убил на это кучу времени, пока понял. Возможно, что если поиграть настройками дополнительных профилей, то заработает и с ними, но я не стал экспериментировать. Quote Share this post Link to post Share on other sites
Report post 02/20/2021 11:04 PM Вероятно мой сервер попал в список "заблокированных", как ранее писали ложные срабатывания возможны за счёт того, что список формируется не по 1 IP в строке, а как бы масками. Перезагружаю роутер с выключенным VPN. Подключаюсь по SSH к своему VPN-серверу, всё ок, В "Другие подключения" включаю VPN. После этого больше не могу подключиться по SSH к своему серверу. Добавил в белый список IP и домен своего сервера. Не помогает. Spoiler Фев 21 01:50:47 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:47 ndm IpSec::Manager: service enabled. Фев 21 01:50:47 ndm Core::ConfigurationSaver: saving configuration... Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting. Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 01:50:47 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 01:50:47 ndm Network::Interface::L2tp: "L2TP0": using port 41271 as local. Фев 21 01:50:47 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 01:50:47 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 01:50:47 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:47 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:49 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 01:50:49 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 01:50:49 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 01:50:49 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 01:50:49 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 01:50:49 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 01:50:49 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 01:50:49 ipsec 11[CFG] rereading secrets Фев 21 01:50:49 ipsec 11[CFG] loading secrets Фев 21 01:50:49 ipsec 11[CFG] loaded IKE secret for %any Фев 21 01:50:49 ipsec 11[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 01:50:49 ipsec 11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 01:50:49 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 01:50:49 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 01:50:49 ipsec 14[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 14[CFG] deleted connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 01:50:49 ipsec 08[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 01:50:49 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 01:50:49 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 01:50:49 ipsec 08[CFG] added configuration 'VPNL2TPServer' Фев 21 01:50:49 ipsec 16[CFG] received stroke: add connection 'L2TP0' Фев 21 01:50:49 ipsec 16[CFG] added configuration 'L2TP0' Фев 21 01:50:49 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:49 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:49 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 01:50:49 ipsec 06[CFG] received stroke: initiate 'L2TP0' Фев 21 01:50:49 ipsec 10[IKE] sending DPD vendor ID Фев 21 01:50:49 ipsec 10[IKE] sending FRAGMENTATION vendor ID Фев 21 01:50:49 ndm IpSec::Configurator: "L2TP0": crypto map initialized. Фев 21 01:50:49 ipsec 10[IKE] sending NAT-T (RFC 3947) vendor ID Фев 21 01:50:49 ipsec 10[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 01:50:49 ipsec 10[IKE] initiating Main Mode IKE_SA L2TP0[1] to 95.182.123.183 Фев 21 01:50:50 ipsec 13[IKE] received NAT-T (RFC 3947) vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Фев 21 01:50:50 ipsec 13[IKE] received DPD vendor ID Фев 21 01:50:50 ipsec 13[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 01:50:50 ipsec 13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Фев 21 01:50:50 ipsec 13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 01:50:50 ipsec 15[IKE] found linked key for crypto map 'L2TP0' Фев 21 01:50:50 ipsec 15[IKE] local host is behind NAT, sending keep alives Фев 21 01:50:50 ipsec 07[IKE] IKE_SA L2TP0[1] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 01:50:50 ipsec 07[IKE] scheduling reauthentication in 28780s Фев 21 01:50:50 ipsec 07[IKE] maximum IKE_SA lifetime 28800s Фев 21 01:50:50 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. Фев 21 01:50:50 ipsec 09[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 01:50:50 ipsec 09[IKE] CHILD_SA L2TP0{1} established with SPIs cee91684_i a5716a43_o and TS 95.31.196.5/32[udp/41271] === 95.182.123.183/32[udp/l2tp] Фев 21 01:50:50 ndm IpSec::Configurator: crypto map "L2TP0" is up. Фев 21 01:50:50 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. Фев 21 01:50:50 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. Фев 21 01:50:50 ndm Network::Interface::Ppp: "L2TP0": enabled connection via any interface. Фев 21 01:50:50 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 01:50:50 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 01:50:51 ndm Core::ConfigurationSaver: configuration saved. Фев 21 01:50:51 ipsec 11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 01:50:51 ipsec 11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 01:50:51 ipsec 11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 01:50:51 ipsec 11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 01:50:52 l2tp[1371] Plugin pppol2tp.so loaded. Фев 21 01:50:52 l2tp[1371] pppd 2.4.4-4 started by root, uid 0 Фев 21 01:50:52 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 01:50:52 pppd_L2TP0 l2tp_control v2.02 Фев 21 01:50:52 pppd_L2TP0 remote host: 95.182.123.183:1701 Фев 21 01:50:52 pppd_L2TP0 local bind: 95.31.196.5:41271 Фев 21 01:50:53 pppd_L2TP0 creating in-kernel L2TP tunnel (R/L 1/57658) Фев 21 01:50:53 pppd_L2TP0 creating in-kernel L2TP session (R/L 1/30906) Фев 21 01:50:53 pppd_L2TP0 L2TP tunnel/session created Фев 21 01:50:53 pppd_L2TP0 PPP channel connected Фев 21 01:50:53 pppd_L2TP0 using channel 1 Фев 21 01:50:53 pppd_L2TP0 Using interface ppp0 Фев 21 01:50:53 pppd_L2TP0 Connect: ppp0 <--> l2tp[0] Фев 21 01:50:53 pppd_L2TP0 PAP authentication succeeded Фев 21 01:50:53 pppd_L2TP0 local IP address 192.168.30.10 Фев 21 01:50:53 pppd_L2TP0 remote IP address 1.0.0.1 Фев 21 01:50:53 pppd_L2TP0 primary DNS address 192.168.30.1 Фев 21 01:50:53 ipsec 10[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:53 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:53 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": interface "L2TP0" is global, priority 65502. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": adding default route via L2TP0. Фев 21 01:50:53 ndm Network::Interface::Ppp: "L2TP0": adding nameserver 192.168.30.1. Фев 21 01:50:53 ndm Dns::Manager: name server 192.168.30.1 added, domain (default). Фев 21 01:50:53 ndm Network::Interface::Ip: "L2TP0": IP address is 192.168.30.10/32. Фев 21 01:50:54 coalagent updating configuration... Фев 21 01:50:54 ndm Http::Nginx: loaded SSL certificate for "3fff06087455fb639118b3ac.keenetic.io". Фев 21 01:50:54 ndm Http::Nginx: loaded SSL certificate for "dsolo.keenetic.name". Фев 21 01:50:54 ndm Core::Server: started Session /var/run/ndm.core.socket. Фев 21 01:50:55 ipsec 14[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:55 ndm Core::Session: client disconnected. Фев 21 01:50:55 ndm Http::Manager: updated configuration. Фев 21 01:50:55 ndm Core::Server: started Session /var/run/ndm.core.socket. Фев 21 01:50:55 ndm Core::Session: client disconnected. Фев 21 01:50:56 ipsec 12[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:57 ipsec 15[KNL] unable to receive from RT event socket No buffer space available (132) Фев 21 01:50:57 bird4 Kernel dropped some netlink messages, will resync on next scan. Инструкция по переводу в ручной режим не работает, если закомментировать строку, как написано на github, то затем просто не запускается скрипт. Spoiler ~ # /opt/etc/cron.daily/add-bird4_routes.sh curl: no URL specified! curl: try 'curl --help' for more information На данный момент считаю что система с BGP вообще не состоятельна, просматриваю статистику в админке кинетика, через VPN огромное количество трафика идёт, хотя по факту надо фильтровать 3-5 сайтов, на которые я хожу раз в пару дней. Также не раз сталкиваюсь со сбоями, что непосредственно сайты мне говорят, что во время работы у вас сменился IP, а должен оставаться постоянным. Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP. Quote Share this post Link to post Share on other sites
Report post 02/20/2021 11:21 PM (edited) В файле add-bird4_routes.sh закомментировал ещё строку "curl -sf $URL0 | sed 's/^/route /' | sed 's/$/ via "'$VPN'";/' >> $ROUTE"б, теперь скрипт запускается. Но всё равно после первого подключения к VPN всё ломается. Перестаёт подключаться к VPN. Я даже не могу объяснить это. Переключаю ползунок рядом с VPN в "Другие подключения", всё ок, написано "Готов". Потом спустя время вижу "Ошибка подключения" и в журнале циклично пытается подключиться. Привожу копипаст одного цикла. Spoiler Фев 21 02:18:34 ndm Core::Syslog: the system log has been cleared. Фев 21 02:18:35 bndstrg band steering: send BTM request to 32:a3:28:83:e8:e4 for roam to 2.4GHz band (Low RSSI: -78) Фев 21 02:18:35 bndstrg band steering: WNM client 32:a3:28:83:e8:e4 rejected 2.4GHz band (code: 6) Фев 21 02:18:38 pppd_L2TP0 control init failed Фев 21 02:18:38 pppd_L2TP0 Couldn't get channel number: Bad file descriptor Фев 21 02:18:38 pppd_L2TP0 Exit. Фев 21 02:18:38 ndm Service: "L2TP0": unexpectedly stopped. Фев 21 02:18:38 ndm Network::Interface::Base: "L2TP0": interface is up. Фев 21 02:18:38 ndm Network::Interface::Ppp: "L2TP0": disabled connection. Фев 21 02:18:38 ndm IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 02:18:38 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:38 ndm Network::Interface::L2tp: "L2TP0": using port 41286 as local. Фев 21 02:18:38 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 02:18:38 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 02:18:40 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 02:18:40 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 02:18:40 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 02:18:40 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 02:18:41 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 02:18:41 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 02:18:41 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer. Фев 21 02:18:41 ndm Network::Interface::Ppp: "L2TP0": disabled connection. Фев 21 02:18:41 ipsec 03[CFG] rereading secrets Фев 21 02:18:41 ipsec 03[CFG] loading secrets Фев 21 02:18:41 ipsec 03[CFG] loaded IKE secret for %any Фев 21 02:18:41 ipsec 03[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 02:18:41 ipsec 03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 02:18:41 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183". Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1). Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5". Фев 21 02:18:41 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": using port 41216 as local. Фев 21 02:18:41 ndm Network::Interface::L2tp: "L2TP0": updating IP secure configuration. Фев 21 02:18:41 ndm IpSec::Manager: "L2TP0": IP secure connection and keys was deleted. Фев 21 02:18:41 ndm IpSec::Manager: "L2TP0": IP secure connection was added. Фев 21 02:18:41 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 02:18:41 ipsec 13[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 13[CFG] deleted connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 05[CFG] received stroke: delete connection 'L2TP0' Фев 21 02:18:41 ipsec 05[CFG] deleted connection 'L2TP0' Фев 21 02:18:41 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 02:18:41 ipsec 06[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 02:18:41 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 02:18:41 ipsec 06[CFG] added configuration 'VPNL2TPServer' Фев 21 02:18:41 ipsec 11[CFG] received stroke: add connection 'L2TP0' Фев 21 02:18:41 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 02:18:41 ipsec 11[CFG] added configuration 'L2TP0' Фев 21 02:18:41 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:41 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:41 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 02:18:43 ndm IpSec::Configurator: "L2TP0": crypto map shutdown started. Фев 21 02:18:43 ipsec 12[CFG] received stroke: unroute 'L2TP0' Фев 21 02:18:43 ipsec 03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 02:18:43 ipsec 03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 02:18:43 ipsec 03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 02:18:43 ipsec 03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 02:18:43 ndm IpSec::Manager: create IPsec reconfiguration transaction... Фев 21 02:18:43 ipsec 13[CFG] received stroke: terminate 'L2TP0{*}' Фев 21 02:18:43 ipsec 16[IKE] closing CHILD_SA L2TP0{2} with SPIs c21801e1_i (0 bytes) 5af2ad6f_o (435 bytes) and TS 95.31.196.5/32[udp/41289] === 95.182.123.183/32[udp/l2tp] Фев 21 02:18:43 ipsec 07[CFG] received stroke: terminate 'L2TP0[*]' Фев 21 02:18:43 ndm IpSec::Configurator: "L2TP0": crypto map shutdown complete. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ndm IpSec::Manager: add config for crypto map "VPNL2TPServer". Фев 21 02:18:43 ndm IpSec::Manager: add config for crypto map "L2TP0". Фев 21 02:18:43 ndm IpSec::Manager: IPsec reconfiguration transaction was created. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ndm IpSec::Configurator: start applying IPsec configuration. Фев 21 02:18:43 ndm IpSec::Configurator: IPsec configuration applying is done. Фев 21 02:18:43 ndm IpSec::Configurator: start reloading IKE keys task. Фев 21 02:18:43 ipsec 08[CFG] rereading secrets Фев 21 02:18:43 ipsec 08[CFG] loading secrets Фев 21 02:18:43 ipsec 08[CFG] loaded IKE secret for %any Фев 21 02:18:43 ipsec 08[CFG] loaded IKE secret for cmap:L2TP0 Фев 21 02:18:43 ipsec 08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' Фев 21 02:18:43 ndm IpSec::Configurator: reloading IKE keys task done. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:43 ipsec 16[IKE] sending DELETE for ESP CHILD_SA with SPI c21801e1 Фев 21 02:18:43 ipsec 11[IKE] deleting IKE_SA L2TP0[2] between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 02:18:43 ipsec 11[IKE] sending DELETE for IKE_SA L2TP0[2] Фев 21 02:18:43 ndm IpSec::Configurator: start reloading IPsec config task. Фев 21 02:18:43 ipsec 12[CFG] received stroke: delete connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 12[CFG] deleted connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 10[CFG] received stroke: delete connection 'L2TP0' Фев 21 02:18:43 ipsec 10[CFG] deleted connection 'L2TP0' Фев 21 02:18:43 ipsec 00[DMN] signal of type SIGHUP received. Reloading configuration Фев 21 02:18:43 ipsec 13[CFG] received stroke: add connection 'VPNL2TPServer' Фев 21 02:18:43 ipsec 00[CFG] loaded 0 entries for attr plugin configuration Фев 21 02:18:43 ipsec 00[CFG] loaded 1 RADIUS server configuration Фев 21 02:18:43 ipsec 13[CFG] added configuration 'VPNL2TPServer' Фев 21 02:18:43 ipsec 03[CFG] received stroke: add connection 'L2TP0' Фев 21 02:18:43 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:43 ipsec 03[CFG] added configuration 'L2TP0' Фев 21 02:18:43 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:43 ndm IpSec::Configurator: reloading IPsec config task done. Фев 21 02:18:43 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0. Фев 21 02:18:45 ndm IpSec::Configurator: "L2TP0": crypto map shutdown started. Фев 21 02:18:45 ipsec 08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' Фев 21 02:18:45 ipsec 08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' Фев 21 02:18:45 ipsec 08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' Фев 21 02:18:45 ipsec 08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' Фев 21 02:18:45 ipsec 16[CFG] received stroke: unroute 'L2TP0' Фев 21 02:18:45 ipsec 14[CFG] received stroke: terminate 'L2TP0{*}' Фев 21 02:18:45 ipsec 14[CFG] no CHILD_SA named 'L2TP0' found Фев 21 02:18:45 ipsec 07[CFG] received stroke: terminate 'L2TP0[*]' Фев 21 02:18:45 ipsec 07[CFG] no IKE_SA named 'L2TP0' found Фев 21 02:18:45 ndm IpSec::Configurator: "L2TP0": crypto map shutdown complete. Фев 21 02:18:46 ipsec 10[CFG] received stroke: initiate 'L2TP0' Фев 21 02:18:46 ipsec 05[IKE] sending DPD vendor ID Фев 21 02:18:46 ndm IpSec::Configurator: "L2TP0": crypto map initialized. Фев 21 02:18:46 ipsec 05[IKE] sending FRAGMENTATION vendor ID Фев 21 02:18:46 ipsec 05[IKE] sending NAT-T (RFC 3947) vendor ID Фев 21 02:18:46 ipsec 05[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 02:18:46 ipsec 05[IKE] initiating Main Mode IKE_SA L2TP0[3] to 95.182.123.183 Фев 21 02:18:46 ipsec 06[IKE] received NAT-T (RFC 3947) vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Фев 21 02:18:46 ipsec 06[IKE] received DPD vendor ID Фев 21 02:18:46 ipsec 06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 02:18:46 ipsec 06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Фев 21 02:18:46 ipsec 06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 Фев 21 02:18:46 ipsec 13[IKE] found linked key for crypto map 'L2TP0' Фев 21 02:18:46 ipsec 13[IKE] local host is behind NAT, sending keep alives Фев 21 02:18:46 ipsec 16[IKE] IKE_SA L2TP0[3] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183] Фев 21 02:18:46 ipsec 16[IKE] scheduling reauthentication in 28770s Фев 21 02:18:46 ipsec 16[IKE] maximum IKE_SA lifetime 28790s Фев 21 02:18:47 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0. Фев 21 02:18:47 ipsec 08[IKE] no matching CHILD_SA config found for 95.182.123.183/32[udp/l2tp] === 95.31.196.5/32[udp/41289] Фев 21 02:18:47 ipsec 03[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ Фев 21 02:18:47 ipsec 03[IKE] CHILD_SA L2TP0{3} established with SPIs cac9ac1a_i 0bddf96a_o and TS 95.31.196.5/32[udp/41216] === 95.182.123.183/32[udp/l2tp] Фев 21 02:18:47 ndm IpSec::Configurator: crypto map "L2TP0" is up. Фев 21 02:18:47 ndm IpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1. Фев 21 02:18:47 ndm Network::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer. Фев 21 02:18:47 ndm Network::Interface::Ppp: "L2TP0": enabled connection via any interface. Фев 21 02:18:47 ndm IpSec::IpSecNetfilter: start reloading netfilter configuration... Фев 21 02:18:47 ndm IpSec::IpSecNetfilter: netfilter configuration reloading is done. Фев 21 02:18:48 ipsec 09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:49 l2tp[2031] Plugin pppol2tp.so loaded. Фев 21 02:18:49 l2tp[2031] pppd 2.4.4-4 started by root, uid 0 Фев 21 02:18:49 ndm Network::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1). Фев 21 02:18:49 pppd_L2TP0 l2tp_control v2.02 Фев 21 02:18:49 pppd_L2TP0 remote host: 95.182.123.183:1701 Фев 21 02:18:49 pppd_L2TP0 local bind: 95.31.196.5:41216 Фев 21 02:18:50 ipsec 09[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:51 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 1 Фев 21 02:18:52 ipsec 07[IKE] received retransmit of request with ID 2474906703, but no response to retransmit Фев 21 02:18:53 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 2 Фев 21 02:18:55 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 3 Фев 21 02:18:57 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 4 Фев 21 02:18:57 ipsec 14[IKE] received DELETE for ESP CHILD_SA with SPI b9da6b32 Фев 21 02:18:57 ipsec 14[IKE] CHILD_SA not found, ignored Фев 21 02:18:59 pppd_L2TP0 l2tp: timeout of sccrp, retry sccrq, try: 5 Фев 21 02:18:59 pppd_L2TP0 l2tp: sccrq failed, fatal Фев 21 02:18:59 pppd_L2TP0 l2tp: shutting down control connection Фев 21 02:19:01 pppd_L2TP0 l2tp: shutdown completed Edited February 20 by dsolo Quote Share this post Link to post Share on other sites
Report post 02/21/2021 08:40 AM (edited) @dsolo https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/cron.daily/add-bird4_routes.sh вот в этом файле закоментируй пятую и пятнадцатую строку вот так: Скрытый текст #!/bin/sh ISP=eth3 VPN=ppp0 #URL0=https://antifilter.download/list/allyouneed.lst - вот в эту строку в начале поставить # ROUTE=/opt/etc/bird4-routes.list VPNTXT=/opt/etc/bird4-vpn.txt ISPTXT=/opt/etc/bird4-isp.txt [ -f "$ROUTE" ] && cat /dev/null > $ROUTE /opt/root/addip.sh $VPNTXT $VPN $ROUTE /opt/root/addip.sh $ISPTXT $ISP $ROUTE #curl -sf $URL0 | sed 's/^/route /' | sed 's/$/ via "'$VPN'";/' >> $ROUTE - вот тут тоже можно закрмментировать killall -s SIGHUP bird4 все остальные файлы верни в изначальное состояние. Так же надо заполнить файл https://github.com/DennoN-RUS/Bird4Static/blob/master/etc/bird4-vpn.txt списком адресов или доменов, которые тебе надо пустить через впн. После этого запускай скрипт /opt/etc/cron.daily/add-bird4_routes.sh Edited February 21 by DennoN Quote Share this post Link to post Share on other sites