Появилась надобность перейти с авторизации по "ключику" на pppoe
Cделал как описано в документаци, не получается поднять pppoe сервер
radius работает, если ввести команду
radtest art 1234 127.0.0.1 0 harpass5
получаю ответ:
Sending Access-Request of id 51 to 127.0.0.1 port 1812
User-Name = "art"
User-Password = "1234"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=51, length=38
Framed-IP-Address = 192.168.5.2
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP
mpd5 запушен
ps ax|grep mpd5
1535 0 S+ 0:00.00 grep mpd5
Пробую подключиться в винде, получаю: Ошибка 651: Модем или другое устройство сообщило об ошибке.
В логах mpd5 почему-то пусто
rc.firewall
#!/bin/sh -
f='/sbin/ipfw'
ifOut='em0'
${f} -f flush
${f} add 50 allow tcp from any to me 22
${f} add 51 allow tcp from me 22 to any
#pppoe
${f} add 56 allow tcp from me 1812 to any
${f} add 57 allow tcp from any to me 1812
${f} add 58 allow tcp from me 1813 to any
${f} add 59 allow tcp from any to me 1813
${f} add 60 allow udp from me 1812 to any
${f} add 61 allow udp from any to me 1812
${f} add 110 allow ip from any to any via lo0
${f} add 120 skipto 1000 ip from me to any
${f} add 130 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${f} add 160 skipto 2000 ip from any to me
${f} add 200 skipto 500 ip from any to any via ${ifOut}
${f} add 300 skipto 4500 ip from any to any in
${f} add 400 skipto 450 ip from any to any recv ${ifOut}
${f} add 420 divert 1 ip from any to any
${f} add 450 divert 2 ip from any to any
${f} add 490 allow ip from any to any
${f} add 500 skipto 32500 ip from any to any in
${f} add 510 divert 1 ip from any to any
${f} add 540 allow ip from any to any
${f} add 1000 allow udp from any 53,7723 to any
${f} add 1010 allow tcp from any to any setup keep-state
${f} add 1020 allow udp from any to any keep-state
${f} add 1100 allow ip from any to any
${f} add 2000 check-state
${f} add 2010 allow icmp from any to any
${f} add 2020 allow tcp from any to any 80,443
${f} add 2050 deny ip from any to any via ${ifOut}
${f} add 2060 allow udp from any to any 53,7723
${f} add 2100 deny ip from any to any
${f} add 32490 deny ip from any to any
mpd.conf
startup:
set user admin hardpass6
set console self 127.0.0.1 5005
set console open
set web self 0.0.0.0 5006
set web open
default:
load pppoe_server
pppoe_server:
create bundle template B
set ipcp ranges 192.168.10.66/32 127.0.0.2/32
set ipcp dns 192.168.5.250
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
set ecp disable dese-bis dese-old
create link template common pppoe
set link enable multilink
set link action bundle B
set link disable chap pap eap
set link enable pap
load radius
set pppoe service "*"
create link template em1 common
set link max-children 1000
set pppoe iface em1
set link enable incoming
radius:
set radius server localhost harpass5 1812 1813
set radius retries 3
set radius timeout 3
set radius me 127.0.0.1
Буду благодарен за помощь!
