Недавно столкнулся с проблемой - абонент пытается авторизоваться и присылает LCP ConfAck, ацель в ответ шлет два LCP ConfAck, и абонент снова отправляет ConfAck и так по кругу. Такая карусель может продолжаться бесконечно, рестарт ацеля не всегда помогает. В tcpdump и логах ацель в этот моент видно только LCP, в результате на интерфейсе сервера есть только LCP трафик, и у уже авторизованных абонентов винда говорит "Нет ресурсов".
Code: Select all
[2015-11-23 08:15:36.213] ppp3: edf9f554962e6db6: recv [LCP ConfReq id=53 <mru 1492> <magic 44a74992>]
[2015-11-23 08:15:36.213] ppp3: edf9f554962e6db6: send [LCP ConfAck id=53 ]
[2015-11-23 08:15:36.213] ppp3: edf9f554962e6db6: send [LCP ConfAck id=53 ]
[2015-11-23 08:15:36.218] ppp3: edf9f554962e6db6: recv [LCP ConfReq id=54 <mru 1492> <magic 44a74992>]
[[2015-11-23 08:15:36.218] ppp3: edf9f554962e6db6: send [LCP ConfAck id=54 ]
[2015-11-23 08:15:36.218] ppp3: edf9f554962e6db6: send [LCP ConfAck id=54 ]
[2015-11-23 08:15:36.226] ppp36: edf9f554962e6dc4: pppd_compat: ip-down finished (0)
[2015-11-23 08:15:36.228] ppp3: edf9f554962e6db6: recv [LCP ConfReq id=55 <mru 1492> <magic 44a74992>]
[2015-11-23 08:15:36.228] ppp3: edf9f554962e6db6: send [LCP ConfAck id=55 ]
[2015-11-23 08:15:36.228] ppp3: edf9f554962e6db6: send [LCP ConfAck id=55 ]
[2015-11-23 08:15:36.242] send [PPPoE PADT 00:1e:67:9f:d5:24 => 00:1b:11:fa:c2:3b sid=0980 <AC-Name pppoe_server1> <Service-Name >]
[2015-11-23 08:15:36.242] ppp3: edf9f554962e6db6: recv [LCP ConfReq id=56 <mru 1492> <magic 44a74992>]
[2015-11-23 08:15:36.242] ppp3: edf9f554962e6db6: send [LCP ConfAck id=56 ]
[2015-11-23 08:15:36.242] ppp3: edf9f554962e6db6: send [LCP ConfAck id=56 ]
[2015-11-23 08:15:36.248] ppp3: edf9f554962e6db6: recv [LCP ConfReq id=57 <mru 1492> <magic 44a74992>]
[2015-11-23 08:15:36.248] ppp3: edf9f554962e6db6: send [LCP ConfAck id=57 ]
[2015-11-23 08:15:36.248] ppp3: edf9f554962e6db6: send [LCP ConfAck id=57 ]
Code: Select all
[root@pppoe_server1 ~]# tcpdump -i eth1 pppoes
ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 53, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 53, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 53, length 16
ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 54, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 54, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 54, length 16
ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x754] LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 55, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x754] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 55, length 16
ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x754] LCP (0xc021), length 16: LCP, Conf-Ack (0x02), id 55, length 16
ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x812] LCP (0xc021), length 16: LCP, Conf-Request (0x01), id 56, length 16
Я нашел в исходниках ацеля, что два ConfAck отправляется в случае если lcp сессия имеет статуc started:
часть функции lcp_recv из файла ppp_lcp.c
Code: Select all
...
lcp->fsm.recv_id = hdr->id;
switch(hdr->code) {
case CONFREQ:
r = lcp_recv_conf_req(lcp, (uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN);
if (lcp->started) {
if (r == LCP_OPT_ACK) {
send_conf_ack(&lcp->fsm);
}
else
r = LCP_OPT_FAIL;
}
switch(r) {
case LCP_OPT_ACK:
ppp_fsm_recv_conf_req_ack(&lcp->fsm);
break;
case LCP_OPT_NAK:
ppp_fsm_recv_conf_req_nak(&lcp->fsm);
break;
case LCP_OPT_REJ:
ppp_fsm_recv_conf_req_rej(&lcp->fsm);
break;
}
lcp_free_conf_req(lcp);
if (r == LCP_OPT_FAIL)
ap_session_terminate(&lcp->ppp->ses, TERM_USER_ERROR, 0);
break;
...
Не уверен, может причина не в дублирующихся ConfAck, а в не правильной настройке ацеля.
Code: Select all
[modules]
log_file
l2tp
pppoe
auth_mschap_v2
radius
ippool
sigchld
pppd_compat
connlimit
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=1
[common]
single-session=replace
[ppp]
verbose=1
min-mtu=300
mtu=1400
mru=1400
ccp=0
check-ip=0
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=30
lcp-echo-failure=10
max-configure=30
[auth]
[pppoe]
verbose=1
ac-name=pppoe_server1
service-name=pppoe_server1
interface=eth0,padi-limit=1000
interface=eth2,padi-limit=1000
[l2tp]
verbose=5
dictionary=/etc/accel-ppp/l2tp/dictionary
avp_permissive=1
[dns]
dns1=10.128.0.1
dns2=8.8.8.8
[wins]
[radius]
dictionary=/etc/accel-ppp/radius/dictionary
nas-identifier=192.168.18.1
nas-ip-address=192.168.18.1
gw-ip-address=10.128.0.1
server=192.168.18.12,supersecret,auth-port=1812,acct-port=0,req-limit=100,fail-time=0
server=192.168.18.13,supersecret,auth-port=0,acct-port=1813,req-limit=100,fail-time=0
verbose=1
timeout=10
[client-ip-range]
disable
[ip-pool]
gw-ip-address=10.128.0.1
attr=Framed-Pool
192.168.0.2-255
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
log-debug=/var/log/accel-ppp/debug.log
copy=1
level=4
[pppd-compat]
ip-up=/usr/local/bin/ip-up
ip-down=/usr/local/bin/ip-down
ip-change=/usr/local/bin/ip-change
radattr-prefix=/var/run/radattr
verbose=1
[chap-secrets]
gw-ip-address=192.168.100.1
[shaper]
up-limiter=police
down-limiter=tbf
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=10
timeout=600
[ipv6-pool]
fc00:0:1::/48,64
delegate=fc00:1::/36,48
[ipv6-dns]
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
route-via-gw=1