Хелп Poptop +exPPP+FreeBSD 6.4
Хелп Poptop +exPPP+FreeBSD 6.4
Не создаются 100 tun и больше.... Где копать?
#################################################################
# PPP Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.10 2004/11/19 17:12:56 obrien Exp $
#################################################################
default:
set log Phase Chat LCP IPCP CCP tun command
ident user-ppp VERSION (built COMPILATIONDATE)
pptp:
set timeout 0
allow mode direct
disable acfcomp protocomp pred1
deny acfcomp protocomp pred1
enable lqr
set lqrperiod 5
enable dns
accept dns
enable mppe
accept mppe
enable mschapv2
accept mschapv2
set radius /etc/ppp/radius.conf
set rad_alive 600
set server +3000 paawwd
set dns 81.21.1.1
вот мой ppp.conf
FreeBSD 6.3 STABLE на одном NAS и 6.4 Stable на втором
# FreeRADIUS Version 1.1.5, for host i386-portbld-freebsd6.2
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
#user = nobody
#group = nobody
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 4096
bind_address = *
port = 0
#listen {
# IP address on which to listen.
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
# wildcard (*)
# ipaddr = *
# Port on which to listen.
# Allowed values are:
# integer port number (1812)
# 0 means "use /etc/services for the proper port"
# port = 0
# Type of packets to listen for.
# Allowed values are:
# auth listen for authentication packets
# acct listen for accounting packets
#
# type = auth
#}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = no
#$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
thread pool {
# Number of servers to start initially --- should be a reasonable
# ballpark figure.
start_servers = 1
# Limit on the total number of servers running.
#
# If this limit is ever reached, clients will be LOCKED OUT, so it
# should NOT BE SET TOO LOW. It is intended mainly as a brake to
# keep a runaway server from taking the system with it as it spirals
# down...
max_servers = 32
min_spare_servers = 0
max_spare_servers = 1
max_requests_per_server = 0
}
modules {
exec pre_auth {
wait = yes
program = "/usr/local/abills/libexec/rauth.pl pre_auth"
input_pairs = request
output_pairs = config
}
exec post_auth {
wait = yes
program = "/usr/local/abills/libexec/rauth.pl post_auth"
input_pairs = request
output_pairs = config
}
perl {
module = /usr/local/abills/libexec/rlm_perl.pl
func_authorize = authorize
func_accounting = accounting
func_authenticate = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
pap {
auto_header = yes
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
#$INCLUDE ${confdir}/eap.conf
mschap {
#use_mppe = yes
#require_encryption = yes
#require_strong = yes
#with_ntdomain_hack = no
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{S
}
checkval {
# The attribute to look for in the request
item-name = Calling-Station-Id
# The attribute to look for in check items. Can be multi valued
check-name = Calling-Station-Id
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
data-type = string
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
# preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
#suppress {
# User-Password
#}
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Add
}
attr_filter {
attrsfile = ${confdir}/attrs
}
expr {
}
exec {
wait = yes
input_pairs = request
}
}
instantiate {
exec
expr
}
authorize {
preprocess
#Use if 'files' mode and mschap auth
pre_auth
#chap
mschap
#eap
# don't use simultaneously 'perl' and files
# perl
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
# don't use simultaneously 'perl' and files
# perl
#eap
}
preacct {
preprocess
acct_unique
files
}
accounting {
# don't use simultaneously 'perl' and files
# perl
detail
}
session {
# radutmp
# sql
}
post-auth {
# Post-Auth-Type REJECT {
# don't use simultaneously 'perl' and files
# perl
# post_auth
# }
}
конфиг радиуса....
# PPP Sample Configuration File
# Originally written by Toshiharu OHNO
# Simplified 5/14/1999 by wself@cdrom.com
#
# See /usr/share/examples/ppp/ for some examples
#
# $FreeBSD: src/etc/ppp/ppp.conf,v 1.10 2004/11/19 17:12:56 obrien Exp $
#################################################################
default:
set log Phase Chat LCP IPCP CCP tun command
ident user-ppp VERSION (built COMPILATIONDATE)
pptp:
set timeout 0
allow mode direct
disable acfcomp protocomp pred1
deny acfcomp protocomp pred1
enable lqr
set lqrperiod 5
enable dns
accept dns
enable mppe
accept mppe
enable mschapv2
accept mschapv2
set radius /etc/ppp/radius.conf
set rad_alive 600
set server +3000 paawwd
set dns 81.21.1.1
вот мой ppp.conf
FreeBSD 6.3 STABLE на одном NAS и 6.4 Stable на втором
# FreeRADIUS Version 1.1.5, for host i386-portbld-freebsd6.2
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
#user = nobody
#group = nobody
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 4096
bind_address = *
port = 0
#listen {
# IP address on which to listen.
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
# wildcard (*)
# ipaddr = *
# Port on which to listen.
# Allowed values are:
# integer port number (1812)
# 0 means "use /etc/services for the proper port"
# port = 0
# Type of packets to listen for.
# Allowed values are:
# auth listen for authentication packets
# acct listen for accounting packets
#
# type = auth
#}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = no
#$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
thread pool {
# Number of servers to start initially --- should be a reasonable
# ballpark figure.
start_servers = 1
# Limit on the total number of servers running.
#
# If this limit is ever reached, clients will be LOCKED OUT, so it
# should NOT BE SET TOO LOW. It is intended mainly as a brake to
# keep a runaway server from taking the system with it as it spirals
# down...
max_servers = 32
min_spare_servers = 0
max_spare_servers = 1
max_requests_per_server = 0
}
modules {
exec pre_auth {
wait = yes
program = "/usr/local/abills/libexec/rauth.pl pre_auth"
input_pairs = request
output_pairs = config
}
exec post_auth {
wait = yes
program = "/usr/local/abills/libexec/rauth.pl post_auth"
input_pairs = request
output_pairs = config
}
perl {
module = /usr/local/abills/libexec/rlm_perl.pl
func_authorize = authorize
func_accounting = accounting
func_authenticate = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
pap {
auto_header = yes
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
#$INCLUDE ${confdir}/eap.conf
mschap {
#use_mppe = yes
#require_encryption = yes
#require_strong = yes
#with_ntdomain_hack = no
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{S
}
checkval {
# The attribute to look for in the request
item-name = Calling-Station-Id
# The attribute to look for in check items. Can be multi valued
check-name = Calling-Station-Id
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
data-type = string
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
# preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
#suppress {
# User-Password
#}
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Add
}
attr_filter {
attrsfile = ${confdir}/attrs
}
expr {
}
exec {
wait = yes
input_pairs = request
}
}
instantiate {
exec
expr
}
authorize {
preprocess
#Use if 'files' mode and mschap auth
pre_auth
#chap
mschap
#eap
# don't use simultaneously 'perl' and files
# perl
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
# don't use simultaneously 'perl' and files
# perl
#eap
}
preacct {
preprocess
acct_unique
files
}
accounting {
# don't use simultaneously 'perl' and files
# perl
detail
}
session {
# radutmp
# sql
}
post-auth {
# Post-Auth-Type REJECT {
# don't use simultaneously 'perl' and files
# perl
# post_auth
# }
}
конфиг радиуса....
Jan 29 23:00:01 beta newsyslog[26656]: logfile turned over due to size>100K
Jan 29 23:01:58 beta pptpd[25545]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Jan 29 23:01:58 beta pptpd[25545]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:02:00 beta pptpd[988]: MGR: No free connection slots or IPs - no more clients can connect!
Jan 29 23:02:00 beta pptpd[26673]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 29 23:02:00 beta ppp[26674]: tun78: Warning: iface add: ioctl(SIOCAIFADDR, 172.26.255.2 -> 192.168.240.167): File exists
Jan 29 23:02:00 beta ppp[26674]: tun78: Warning: iface add: ioctl(SIOCAIFADDR, 172.26.255.2 -> 192.168.240.167): File exists
Jan 29 23:02:00 beta ppp[26674]: tun78: Error: ipcp_InterfaceUp: unable to set ip address
Jan 29 23:02:01 beta ppp[26674]: tun78: Warning: ipv4_Input: IPCP not open - packet dropped
Jan 29 23:02:05 beta pptpd[22011]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Jan 29 23:02:05 beta pptpd[22011]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Jan 29 23:02:20 beta pptpd[26689]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 29 23:02:21 beta ppp[26690]: tun5: Warning: OpenSecret: Can't open /etc/ppp/ppp.secret.
Jan 29 23:02:26 beta pptpd[988]: MGR: No free connection slots or IPs - no more clients can connect!
Jan 29 23:02:27 beta pptpd[26698]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 29 23:01:58 beta pptpd[25545]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Jan 29 23:01:58 beta pptpd[25545]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:01:58 beta pptpd[988]: MGR: accept() failed
Jan 29 23:01:58 beta pptpd[988]: accept: Software caused connection abort
Jan 29 23:02:00 beta pptpd[988]: MGR: No free connection slots or IPs - no more clients can connect!
Jan 29 23:02:00 beta pptpd[26673]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 29 23:02:00 beta ppp[26674]: tun78: Warning: iface add: ioctl(SIOCAIFADDR, 172.26.255.2 -> 192.168.240.167): File exists
Jan 29 23:02:00 beta ppp[26674]: tun78: Warning: iface add: ioctl(SIOCAIFADDR, 172.26.255.2 -> 192.168.240.167): File exists
Jan 29 23:02:00 beta ppp[26674]: tun78: Error: ipcp_InterfaceUp: unable to set ip address
Jan 29 23:02:01 beta ppp[26674]: tun78: Warning: ipv4_Input: IPCP not open - packet dropped
Jan 29 23:02:05 beta pptpd[22011]: GRE: read(fd=7,buffer=804d580,len=8196) from PTY failed: status = 0 error = No error
Jan 29 23:02:05 beta pptpd[22011]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Jan 29 23:02:20 beta pptpd[26689]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jan 29 23:02:21 beta ppp[26690]: tun5: Warning: OpenSecret: Can't open /etc/ppp/ppp.secret.
Jan 29 23:02:26 beta pptpd[988]: MGR: No free connection slots or IPs - no more clients can connect!
Jan 29 23:02:27 beta pptpd[26698]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!