имеются сервера с NAT'ом и динамической маршрутизацией по ospf, клиенты подключаются по pppoe, на каждом сервере до 2000 клиентов, столкнулся с такой проблемой:
иногда клиент создаёт и разрывает сессию буквально за долю секунды, в следствии чего маршрут c ip адресом клиента успевает разойтись на остальные сервера, но, на сервере к которому клиент подключался маршрута нет, и дальше клиент не может подключиться так как исходя из маршрута, радиус думает что он уже подключён(проверка по маршруту для предотвращения подключений к нескольким серверам pppoe ). Лечится перезагрузкой ospf.
Версия accel-ppp: 1.11.2
система: CentOS Linux release 7.4.1708 (Core)
ядро: 3.10.0-693.17.1.el7.x86_64
лог подключения такого клиента:
Code: Select all
[2018-02-19 18:59:49]: info: enp1s0f1.426: recv [PPPoE PADI 00:1d:92:ed:9c:05 => ff:ff:ff:ff:ff:ff sid=0000 <Service-Name > <Host-Uniq 020000000000000003000000>]
[2018-02-19 18:59:49]: info: enp1s0f1.426: send [PPPoE PADO 00:1b:21:50:59:89 => 00:1d:92:ed:9c:05 sid=0000 <AC-Name pppoetest.osnova.tv> <Service-Name > <AC-Cookie 1ff5fd94e8477001d4da6c62873b20660c081ce7f86f96a2> <Host-Uniq 020000000000000003000000>]
[2018-02-19 18:59:49]: info: enp1s0f1.426: recv [PPPoE PADR 00:1d:92:ed:9c:05 => 00:1b:21:50:59:89 sid=0000 <Service-Name > <Host-Uniq 020000000000000004000000> <AC-Cookie 1ff5fd94e8477001d4da6c62873b20660c081ce7f86f96a2>]
[2018-02-19 18:59:49]: info: enp1s0f1.426: send [PPPoE PADS 00:1b:21:50:59:89 => 00:1d:92:ed:9c:05 sid=0a80 <AC-Name pppoetest.osnova.tv> <Service-Name > <Host-Uniq 020000000000000004000000>]
[2018-02-19 18:59:49]: debug: enp1s0f1.426: lcp_layer_init
[2018-02-19 18:59:49]: debug: enp1s0f1.426: auth_layer_init
[2018-02-19 18:59:49]: debug: enp1s0f1.426: ccp_layer_init
[2018-02-19 18:59:49]: debug: enp1s0f1.426: ipcp_layer_init
[2018-02-19 18:59:49]: debug: enp1s0f1.426: ipv6cp_layer_init
[2018-02-19 18:59:49]: debug: enp1s0f1.426: ppp establishing
[2018-02-19 18:59:49]: debug: enp1s0f1.426: lcp_layer_start
[2018-02-19 18:59:49]: info: enp1s0f1.426: send [LCP ConfReq id=1 <auth MSCHAP-v2> <mru 1492> <magic 40cc078f>]
[2018-02-19 18:59:49]: info: enp1s0f1.426: recv [LCP ConfReq id=0 <mru 1480> <magic 31d2397b> <pcomp> <accomp> < d 3 6 >]
[2018-02-19 18:59:49]: info: enp1s0f1.426: send [LCP ConfRej id=0 <pcomp> <accomp> < d 3 6 >]
[2018-02-19 18:59:49]: info: enp1s0f1.426: recv [LCP ConfReq id=1 <mru 1480> <magic 31d2397b>]
[2018-02-19 18:59:49]: info: enp1s0f1.426: send [LCP ConfAck id=1 ]
[2018-02-19 18:59:52]: debug: enp1s0f1.426: fsm timeout 9
[2018-02-19 18:59:52]: info: enp1s0f1.426: send [LCP ConfReq id=1 <auth MSCHAP-v2> <mru 1492> <magic 40cc078f>]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [LCP ConfAck id=1 <auth MSCHAP-v2> <mru 1492> <magic 40cc078f>]
[2018-02-19 18:59:52]: debug: enp1s0f1.426: lcp_layer_started
[2018-02-19 18:59:52]: debug: enp1s0f1.426: auth_layer_start
[2018-02-19 18:59:52]: info: enp1s0f1.426: send [MSCHAP-v2 Challenge id=1 <421e85f8f458a4e9e1e545e9bae4f21>]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [LCP Ident id=2 <MSRASV5.20>]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [LCP Ident id=3 <MSRAS-0-JIAMEP-PC>]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [LCP Ident id=4 <3�����H��CzL��]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [MSCHAP-v2 Response id=1 <1b5d73fee728788d62a14621dcdf8849>, <c9d0aec95169306a79ed98d6314531e62bfe9dacf7cf4f2a>, F=0, name="home27711"]
[2018-02-19 18:59:52]: info: enp1s0f1.426: send [RADIUS(3) Access-Request id=1 <User-Name "home27711"> <NAS-Identifier "172.16.1.115"> <NAS-IP-Address 172.16.1.115> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "00:1d:92:ed:9c:05"> <Called-Station-Id "00:1b:21:50:59:89"><Microsoft MS-CHAP-Challenge ><Microsoft MS-CHAP2-Response >]
[2018-02-19 18:59:52]: info: enp1s0f1.426: recv [RADIUS(3) Access-Accept id=1 <Filter-Id "pppoe 100000000 100000000"><Microsoft MS-CHAP2-Success > <Service-Type Framed-User> <Framed-IP-Address 172.16.64.214> <Framed-IP-Netmask 255.255.255.255>]
[2018-02-19 18:59:52]: info: ppp494: connect: ppp494 <--> pppoe(00:1d:92:ed:9c:05)
[2018-02-19 18:59:52]: debug: ppp494: ppp connected
[2018-02-19 18:59:52]: info: ppp494: send [MSCHAP-v2 Success id=1 "S=24D8C88DF3A210564C280CE63C92BBD31E70808F M=Authentication succeeded"]
[2018-02-19 18:59:52]: debug: ppp494: auth_layer_started
[2018-02-19 18:59:52]: debug: ppp494: ccp_layer_start
[2018-02-19 18:59:52]: debug: ppp494: ipcp_layer_start
[2018-02-19 18:59:52]: info: ppp494: send [IPCP ConfReq id=1 <addr 172.20.1.254>]
[2018-02-19 18:59:52]: debug: ppp494: ipv6cp_layer_start
[2018-02-19 18:59:52]: info: ppp494: home27711: authentication succeeded
[2018-02-19 18:59:52]: warn: ppp494: IPV6CP: discarding packet
[2018-02-19 18:59:52]: info: ppp494: send [LCP ProtoRej id=3 <8057>]
[2018-02-19 18:59:52]: info: ppp494: recv [CCP ConfReq id=6 <mppe -H -M -S -L -D -C>]
[2018-02-19 18:59:52]: info: ppp494: send [CCP ConfReq id=1]
[2018-02-19 18:59:52]: info: ppp494: send [CCP ConfRej id=6 <mppe -H -M -S -L -D -C>]
[2018-02-19 18:59:52]: info: ppp494: recv [IPCP ConfReq id=7 <addr 0.0.0.0> <dns1 0.0.0.0> <wins1 0.0.0.0> <dns2 0.0.0.0> <wins2 0.0.0.0>]
[2018-02-19 18:59:52]: info: ppp494: send [IPCP ConfNak id=7 <addr 172.16.64.214> <dns1 193.151.107.98> <dns2 193.151.107.111>]
[2018-02-19 18:59:52]: info: ppp494: recv [IPCP ConfAck id=1 <addr 172.20.1.254>]
[2018-02-19 18:59:52]: info: ppp494: recv [CCP ConfAck id=1]
[2018-02-19 18:59:52]: info: ppp494: recv [CCP TermReq id=8]
[2018-02-19 18:59:52]: info: ppp494: send [CCP TermAck id=8]
[2018-02-19 18:59:52]: info: ppp494: send [CCP TermReq id=3]
[2018-02-19 18:59:52]: info: ppp494: recv [IPCP ConfReq id=9 <addr 172.16.64.214> <dns1 1.1.1.1> <wins1 0.0.0.0> <dns2 2.2.2.2> <wins2 0.0.0.0>]
[2018-02-19 18:59:52]: info: ppp494: send [IPCP TermAck id=9]
[2018-02-19 18:59:52]: info: ppp494: recv [CCP TermAck id=3]
[2018-02-19 18:59:52]: debug: ppp494: ccp_layer_finished
[2018-02-19 18:59:54]: info: ppp494: recv [IPCP ConfReq id=a <addr 172.16.64.214> <dns1 1.1.1.1> <wins1 0.0.0.0> <dns2 2.2.2.2> <wins2 0.0.0.0>]
[2018-02-19 18:59:54]: debug: ppp494: ipcp_layer_started
[2018-02-19 18:59:54]: info: ppp494: send [RADIUS(3) Accounting-Request id=1 <User-Name "home27711"> <NAS-Identifier "172.16.1.115"> <NAS-IP-Address 172.16.1.115> <NAS-Port 494> <NAS-Port-Id "ppp494"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "00:1d:92:ed:9c:05"> <Called-Station-Id "00:1b:21:50:59:89"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "9d934095df2bbb48"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.16.64.214>]
[2018-02-19 18:59:54]: info: ppp494: send [IPCP ConfAck id=a]
[2018-02-19 18:59:54]: info: ppp494: recv [RADIUS(3) Accounting-Response id=1]
[2018-02-19 18:59:54]: debug: ppp494: pppoe: ppp started
[2018-02-19 18:59:54]: info: ppp494: pppd_compat: ip-up started (pid 5520)
[2018-02-19 18:59:54]: info: enp1s0f1.426: recv [PPPoE PADT 00:1d:92:ed:9c:05 => 00:1b:21:50:59:89 sid=0a80]
[2018-02-19 18:59:54]: debug: ppp494: terminate
[2018-02-19 18:59:54]: info: ppp494: send [RADIUS(3) Accounting-Request id=1 <User-Name "home27711"> <NAS-Identifier "172.16.1.115"> <NAS-IP-Address 172.16.1.115> <NAS-Port 494> <NAS-Port-Id "ppp494"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "00:1d:92:ed:9c:05"> <Called-Station-Id "00:1b:21:50:59:89"> <Acct-Status-Type Stop> <Acct-Authentic RADIUS> <Acct-Session-Id "9d934095df2bbb48"> <Acct-Session-Time 6> <Acct-Input-Octets 322> <Acct-Output-Octets 207> <Acct-Input-Packets 12> <Acct-Output-Packets 9> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.16.64.214> <Acct-Terminate-Cause User-Request>]
[2018-02-19 18:59:54]: warn: ppp494: pppd_compat: ip-up is not yet finished, terminating it ...
[2018-02-19 18:59:54]: info: ppp494: pppd_compat: ip-down started (pid 5538)
[2018-02-19 18:59:54]: info: ppp494: pppd_compat: ip-up finished (0)
[2018-02-19 18:59:54]: info: ppp494: pppd_compat: ip-down finished (0)
[2018-02-19 18:59:54]: debug: ppp494: pppoe: ppp finished
[2018-02-19 18:59:54]: debug: ppp494: lcp_layer_free
[2018-02-19 18:59:54]: debug: ppp494: auth_layer_free
[2018-02-19 18:59:54]: debug: ppp494: ccp_layer_free
[2018-02-19 18:59:54]: debug: ppp494: ipcp_layer_free
[2018-02-19 18:59:54]: debug: ppp494: ipv6cp_layer_free
[2018-02-19 18:59:54]: debug: ppp494: ppp destablished
[2018-02-19 18:59:54]: info: enp1s0f1.426: send [PPPoE PADT 00:1b:21:50:59:89 => 00:1d:92:ed:9c:05 sid=0a80 <AC-Name pppoetest.osnova.tv> <Service-Name >]
[2018-02-19 18:59:54]: info: ppp494: disconnected
-------------------------------------------------------------------------------------------------------------------
Другая ситуация:
при попытке подключиться под пользователем который уже подключён, радиус выдаёт ошибку 7023, accel-ppp после версии 1.8.0(может и позже) перестал корректно передавать код ошибки:
accel-ppp v 1.8.0
Code: Select all
[2018-02-20 11:12:10]: info: ppp14: recv [RADIUS(2) Access-Reject id=1 <Reply-Message "already connected to PPPoE25"><Microsoft MS-CHAP-Error "E=7023 R=0 V=3">]
[2018-02-20 11:12:10]: info: ppp14: send [MSCHAP-v2 Failure id=1 "E=7023 R=0 V=3 M=already connected to PPPoE25"]
accel-ppp v 1.11.2
Code: Select all
[2018-02-16 21:50:54]: info: enp1s0f1.432: recv [RADIUS(2) Access-Reject id=1 <Reply-Message "already connected to PPPoE29"><Microsoft MS-CHAP-Error "E=7023 R=0 V=3">]
[2018-02-16 21:50:54]: info: enp1s0f1.432: send [MSCHAP-v2 Failure id=1 "E=691 R=0 V=3 M=Authentication failure"]