PPtP сервер на Openwrt - Форум обсуждения систем "Умный дом", проектов Ардуино, OpenWRT и других DIY устройств

AFON2006 · 25.03.2016, 15:34

Добрый день!
Есть роутер (ip 192.168.0.1) с прошивкой Openwrt chaos_calmer/15.05.1, на нем поднят pptp сервер. Vpn клиент к pptp серверу подключается, получает ip, например, 192.168.0.60. НО проблема в том, что дальше ничего не пингуется, т.е. ip сетевой ПК, не открываются расшаренные ресурсы.
Подскажите что не донастроено??
лог
Fri Mar 25 15:26:18 2016 daemon.info pptpd[1947]: CTRL: Client 109.198.203.173 control connection started
Fri Mar 25 15:26:18 2016 daemon.info pptpd[1947]: CTRL: Starting call (launching pppd, opening GRE)
Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: pppd 2.4.7 started by root, uid 0
Fri Mar 25 15:26:18 2016 daemon.info pppd[1948]: Using interface ppp1
Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: Connect: ppp1 <--> /dev/pts/0
Fri Mar 25 15:26:18 2016 daemon.warn pppd[1948]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access
Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: peer from calling number 109.198.203.173 authorized
Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: MPPE 128-bit stateless compression enabled
Fri Mar 25 15:26:20 2016 daemon.notice pppd[1948]: local IP address 192.168.0.1
Fri Mar 25 15:26:20 2016 daemon.notice pppd[1948]: remote IP address 192.168.0.60

AFON2006 · 25.03.2016, 15:37

правила firewall

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'

config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'wan wan6 iptv'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option target 'ACCEPT'

config rule
option name 'Allow-IPTV-IGMPPROXY'
option src 'wan'
option proto 'udp'
option dest 'lan'
option target 'ACCEPT'
option dest_ip '224.0.0.0/4'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config include
option path '/etc/firewall.user'

config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp'
option dest_port '80'
option name 'remote'
option src '*'

config rule
option target 'ACCEPT'
option _name 'pptp'
option src 'wan'
option proto 'tcp'
option dest_port '1723'

config rule
option target 'ACCEPT'
option _name 'gre'
option src 'wan'
option proto '47'

config rule
option target 'ACCEPT'
option _name 'pptp'
option dest_port '1723'
option proto 'all'
option src '*'
option dest '*'

AFON2006 · 29.03.2016, 11:38

проблема решена

25.03.2016, 15:34	#1
AFON2006 Junior Member Регистрация: 25.03.2016 Сообщений: 19 Вес репутации: 0	PPtP сервер на Openwrt Добрый день! Есть роутер (ip 192.168.0.1) с прошивкой Openwrt chaos_calmer/15.05.1, на нем поднят pptp сервер. Vpn клиент к pptp серверу подключается, получает ip, например, 192.168.0.60. НО проблема в том, что дальше ничего не пингуется, т.е. ip сетевой ПК, не открываются расшаренные ресурсы. Подскажите что не донастроено?? лог Fri Mar 25 15:26:18 2016 daemon.info pptpd[1947]: CTRL: Client 109.198.203.173 control connection started Fri Mar 25 15:26:18 2016 daemon.info pptpd[1947]: CTRL: Starting call (launching pppd, opening GRE) Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: pppd 2.4.7 started by root, uid 0 Fri Mar 25 15:26:18 2016 daemon.info pppd[1948]: Using interface ppp1 Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: Connect: ppp1 <--> /dev/pts/0 Fri Mar 25 15:26:18 2016 daemon.warn pppd[1948]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: peer from calling number 109.198.203.173 authorized Fri Mar 25 15:26:18 2016 daemon.notice pppd[1948]: MPPE 128-bit stateless compression enabled Fri Mar 25 15:26:20 2016 daemon.notice pppd[1948]: local IP address 192.168.0.1 Fri Mar 25 15:26:20 2016 daemon.notice pppd[1948]: remote IP address 192.168.0.60

25.03.2016, 15:37	#2
AFON2006 Junior Member Регистрация: 25.03.2016 Сообщений: 19 Вес репутации: 0	Re: PPtP сервер на Openwrt правила firewall config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan' config zone option name 'wan' option output 'ACCEPT' option masq '1' option mtu_fix '1' option input 'ACCEPT' option forward 'ACCEPT' option network 'wan wan6 iptv' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option target 'ACCEPT' config rule option name 'Allow-IPTV-IGMPPROXY' option src 'wan' option proto 'udp' option dest 'lan' option target 'ACCEPT' option dest_ip '224.0.0.0/4' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config include option path '/etc/firewall.user' config rule option enabled '1' option target 'ACCEPT' option proto 'tcp' option dest_port '80' option name 'remote' option src '' config rule option target 'ACCEPT' option _name 'pptp' option src 'wan' option proto 'tcp' option dest_port '1723' config rule option target 'ACCEPT' option _name 'gre' option src 'wan' option proto '47' config rule option target 'ACCEPT' option _name 'pptp' option dest_port '1723' option proto 'all' option src '' option dest ''

29.03.2016, 11:38	#3
AFON2006 Junior Member Регистрация: 25.03.2016 Сообщений: 19 Вес репутации: 0	Re: PPtP сервер на Openwrt проблема решена

Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)