Re: Proxy-arp и pppd_compat не работают при переходе на свежий commit
Posted: 31 Jan 2019, 06:27
High performance PPTP/L2TP/PPPoE/IPoE server for Linux
https://accel-ppp.org/forum/
Code: Select all
[ipoe]
gw-ip-address=X.Y.104.1/24
gw-ip-address=X.Y.105.1/24
gw-ip-address=X.Y.106.1/24
Собрал стенд на отдельном железе. Установил всё самое свежее (accel тот же). Конфиг упростил, без радиусов, шейперов и т.п. Не работает proxy-arp (((dimka88 wrote: ↑31 Jan 2019, 06:33 Хотя, можно попробовать указать в [ipoe]можно несколько gw для разных сетей, и не передавать радиус атрибутами шлюз и маску, ну или в секции [ipoe] закомментировать #attr-dhcp-router-ip=DHCP-Router-IP-Address и #attr-dhcp-mask=DHCP-MaskCode: Select all
[ipoe] gw-ip-address=X.Y.104.1/24 gw-ip-address=X.Y.105.1/24 gw-ip-address=X.Y.106.1/24
Code: Select all
[modules]
log_file
ipoe
ippool
sigchld
#pppd_compat
#shaper
#chap-secrets
#vlan-mon
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[common]
single-session=replace
[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
lcp-echo-timeout=120
[auth]
[pptp]
verbose=1
[pppoe]
verbose=1
[l2tp]
verbose=1
[ipoe]
gw-ip-address=192.168.100.1/24
verbose=5
username=ifname
password=empty
lease-time=60
max-lease-time=90
unit-cache=0
shared=0
ifcfg=1
mode=L2
start=dhcpv4
ip-unnumbered=1
proxy-arp=1
nat=0
vlan-mon=re:eth1\.3[0-9][0-9][0-9],101-400
vlan-timeout=300
vlan-name=%I.%N
interface=re:eth1\.3[0-9][0-9][0-9],shared=0,mode=L2,start=dhcpv4,ifcfg=1,proxy-arp=1
offer-delay=0,100:100,200:200,300:300,400:400,500:500,600:600,-1:1500
idle-timeout=0
soft-terminate=1
check-mac-change=0
ip-pool=test_pool
noauth=1
unit-cache=0
[dns]
[wins]
[radius]
[client-ip-range]
10.0.0.0/8
[ip-pool]
gw-ip-address=192.168.100.1
#192.168.100.2-3,name=test_pool
192.168.100.2/24,name=test_pool
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/var/log/accel-ppp/debug.log
copy=1
level=5
[log-pgsql]
conninfo=user=log
log-table=log
[pppd-compat]
ip-up=/etc/ppp/ip-up.d/firewall
ip-down=/etc/ppp/ip-down.d/antifirewall
radattr-prefix=/var/run/radattr
verbose=5
[chap-secrets]
gw-ip-address=192.168.100.1
chap-secrets=/etc/ppp/chap-secrets
[shaper]
r2q=1300
quantum=1500
attr-down=PPPD-Downstream-Speed-Limit
attr-up=PPPD-Upstream-Speed-Limit
ifb=ifb0
up-limiter=htb
down-limiter=htb
leaf-qdisc=sfq perturb 10
verbose=0
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
[ipv6-dns]
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1
Code: Select all
[root@comp-celeron-cpu-366f8a rc.d]# accel-cmd show sessions
ifname | username | calling-sid | ip | type | comp | state | uptime
---------------+----------+-------------------+---------------+------+------+--------+----------
eth1.3501.105 | | 10:7b:ef:61:2c:7d | 192.168.100.2 | ipoe | | active | 00:06:07
eth1.3501.103 | | 1c:39:47:f3:76:10 | 192.168.100.4 | ipoe | | active | 00:05:55
[root@comp-celeron-cpu-366f8a rc.d]#
[root@comp-celeron-cpu-366f8a rc.d]#
[root@comp-celeron-cpu-366f8a rc.d]#
[root@comp-celeron-cpu-366f8a rc.d]# tcpdump -enn -i eth1.3501.103
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1.3501.103, link-type EN10MB (Ethernet), capture size 65535 bytes
16:17:14.590141 1c:39:47:f3:76:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.2 tell 192.168.100.4, length 46
16:17:15.587378 1c:39:47:f3:76:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.2 tell 192.168.100.4, length 46
16:17:16.601185 1c:39:47:f3:76:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.2 tell 192.168.100.4, length 46
16:17:17.381918 1c:39:47:f3:76:10 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 175: 192.168.100.4.63909 > 239.255.255.250.1900: UDP, length 133
16:17:17.602112 1c:39:47:f3:76:10 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.2 tell 192.168.100.4, length 46
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@comp-celeron-cpu-366f8a rc.d]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.100.2 ether 10:7b:ef:61:2c:7d C eth1.3501.105
192.168.100.4 ether 1c:39:47:f3:76:10 C eth1.3501.103
Code: Select all
tcpdump -enn -i eth1.3501.105 arp
dimka88 wrote: ↑13 Feb 2019, 13:22 А покажите пакеты на eth1.3501.105 когда 192.168.100.4 спрашивает об 192.168.100.2 (как у вас в дампе, ничего не меняя)Code: Select all
tcpdump -enn -i eth1.3501.105 arp
Code: Select all
[root@comp-celeron-cpu-366f8a rc.d]# tcpdump -enn -i eth1.3501.105 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1.3501.105, link-type EN10MB (Ethernet), capture size 65535 bytes
09:47:11.270655 10:7b:ef:61:2c:7d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.1 tell 192.168.100.2, length 46
09:47:11.270674 00:1b:21:36:6f:8b > 10:7b:ef:61:2c:7d, ethertype ARP (0x0806), length 42: Reply 192.168.100.1 is-at 00:1b:21:36:6f:8b, length 28
09:47:11.360661 10:7b:ef:61:2c:7d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.1 tell 192.168.100.2, length 46
09:47:11.360681 00:1b:21:36:6f:8b > 10:7b:ef:61:2c:7d, ethertype ARP (0x0806), length 42: Reply 192.168.100.1 is-at 00:1b:21:36:6f:8b, length 28
09:47:16.303327 00:1b:21:36:6f:8b > 10:7b:ef:61:2c:7d, ethertype ARP (0x0806), length 42: Request who-has 192.168.100.2 tell 192.168.100.1, length 28
09:47:16.303510 10:7b:ef:61:2c:7d > 00:1b:21:36:6f:8b, ethertype ARP (0x0806), length 60: Reply 192.168.100.2 is-at 10:7b:ef:61:2c:7d, length 46
09:47:21.378489 10:7b:ef:61:2c:7d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.1 tell 192.168.100.2, length 46
09:47:21.378514 00:1b:21:36:6f:8b > 10:7b:ef:61:2c:7d, ethertype ARP (0x0806), length 42: Reply 192.168.100.1 is-at 00:1b:21:36:6f:8b, length 28
Code: Select all
sysctl net.ipv4.ip_forward
Code: Select all
sysctl -w net.ipv4.ip_forward=1
Code: Select all
sysctl -a | grep proxy_arp
Forward был выключен (для чистоты эксперимента все тюннинговые скрипты выключил и ребутнулся ), включил - не помоглоdimka88 wrote: ↑14 Feb 2019, 07:28 А покажите вывод командыЕсли не включен то, выполнитеCode: Select all
sysctl net.ipv4.ip_forward
И если проблема не в форвардинге, то нужен еще выводCode: Select all
sysctl -w net.ipv4.ip_forward=1
ps://Для оперативной связи есть телеграм чат комьюнити https://telegram.me/joinchat/DS6swRC3DvEWdNijTqaaeACode: Select all
sysctl -a | grep proxy_arp
Code: Select all
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.enp0s25.proxy_arp = 0
net.ipv4.conf.enp0s25.proxy_arp_pvlan = 0
net.ipv4.conf.enp3s0.proxy_arp = 0
net.ipv4.conf.enp3s0.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.eth1.proxy_arp = 0
net.ipv4.conf.eth1.proxy_arp_pvlan = 0
net.ipv4.conf.eth1/3501.proxy_arp = 0
net.ipv4.conf.eth1/3501.proxy_arp_pvlan = 0
net.ipv4.conf.eth1/3501/103.proxy_arp = 0
net.ipv4.conf.eth1/3501/103.proxy_arp_pvlan = 0
net.ipv4.conf.eth1/3501/105.proxy_arp = 0
net.ipv4.conf.eth1/3501/105.proxy_arp_pvlan = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.default.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.enp0s25.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.enp3s0.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.eth0.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.eth1.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.eth1/3501.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.eth1/3501/103.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.eth1/3501/105.stable_secret": Ошибка ввода/вывода
sysctl: reading key "net.ipv6.conf.lo.stable_secret": Ошибка ввода/вывода
Code: Select all
/sbin/sysctl -w net.ipv4.ip_forward=1
/sbin/insmod /lib/modules/4.9.154-std-def-alt0.M80P.1/kernel/net/vlan_mon.ko
/usr/bin/vconfig add eth1 3501
/sbin/ip link set dev eth1.3501 mtu 1500
sleep 2
/usr/sbin/accel-pppd -d -p /var/run/accel-pppd.pid -c /etc/accel-ppp.conf
exit
Code: Select all
root@dev:~# accel-cmd show sessions
ifname | username | calling-sid | ip | type | comp | state | uptime
-----------------+----------+-------------------+---------------+------+------+--------+----------
ens224.2002.115 | | 00:0c:29:e3:86:1d | 192.168.100.2 | ipoe | | active | 00:37:10
ens224.2002.118 | | 00:0c:29:e8:5c:de | 192.168.100.3 | ipoe | | active | 00:37:08
Code: Select all
root@dev:~# tcpdump -n -e -i ens224.2002.118 arp
15:17:06.660161 00:0c:29:e8:5c:de > 00:0c:29:3a:61:2f, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.1 tell 192.168.100.3, length 46
15:17:06.660184 00:0c:29:3a:61:2f > 00:0c:29:e8:5c:de, ethertype ARP (0x0806), length 42: Reply 192.168.100.1 is-at 00:0c:29:3a:61:2f, length 28
15:17:06.669147 00:0c:29:3a:61:2f > 00:0c:29:e8:5c:de, ethertype ARP (0x0806), length 42: Reply 192.168.100.1 is-at 00:0c:29:3a:61:2f, length 28
15:17:14.328856 00:0c:29:3a:61:2f > 00:0c:29:e8:5c:de, ethertype ARP (0x0806), length 42: Request who-has 192.168.100.3 tell 192.168.100.1, length 28
15:17:14.340217 00:0c:29:e8:5c:de > 00:0c:29:3a:61:2f, ethertype ARP (0x0806), length 60: Reply 192.168.100.3 is-at 00:0c:29:e8:5c:de, length 46
15:17:38.460271 00:0c:29:e8:5c:de > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 192.168.100.2 tell 192.168.100.3, length 46
15:17:38.460377 00:0c:29:3a:61:2f > 00:0c:29:e8:5c:de, ethertype ARP (0x0806), length 42: Reply 192.168.100.2 is-at 00:0c:29:3a:61:2f, length 28
Code: Select all
Linux NAS 3.18.34 #1 SMP Thu Jun 2 00:32:49 EEST 2016 x86_64 Intel(R) Xeon(R) CPU E5-2650 0 @ 2.00GHz GenuineIntel GNU/Linux