dsolo
-
Posts
10 -
Joined
-
Last visited
Content Type
Profiles
Forums
Gallery
Downloads
Blogs
Events
Posts posted by dsolo
-
-
Добрый день. Вчера от нечего делать обновился на последнюю версию.
Ситуация следующая:
Instagram не загружает контент по этому адресу: scontent-ams4-1.cdninstagram.com
Трассировка показывает следующий IP: 157.240.201.63
В файле user-vpn.list указаны AS Facebook:
AS32934
AS54115
AS63293
AS149642
Скрипт получает подсети по этому адресу: https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS32934
Требуемая подсеть есть в списке.
Только если укажу в файле явно 157.240.201.0/24, то начинает грузить контент из Instagram.Сломался функционал получения IP из AS?
Хотя при этом AS Cloudflare нормально заворачивается: AS13335. -
10 часов назад, Chelovek3000 сказал:
Похоже на то, что у тебя вообще не работает обход. Ты сюда ходил: https://github.com/DennoN-RUS/Bird4Static ?
Там под 7 пунктом ответ на твой вопрос. -
2 минуты назад, DennoN сказал:
а разве по пути /opt/etc/ndm/ifstatechanged.d/ этого файла нет? Это файл был в версиях до 3
В первой он просто копировался в эту папку, во второй это был симлинк с файла addtable.sh который в папке Bird4Static/scripts
Можно там его ещё поискать
Везде поискал. Нет ни файла, ни упоминания его где-либо. Что за магия, не понимаю.
-
Июн 23 19:49:55ndmIo::File: unable to open "/opt/etc/ndm/ifstatechanged.d/010-add_antizapret_route.sh": no such file or directory.Июн 23 19:49:55ndmOpkg::Manager: unable to open file: /opt/etc/ndm/ifstatechanged.d/010-add_antizapret_route.sh.
В консоль постоянно сыпется вот это. Явно артефакт от прошлых версий. Как можно починить это?
Что интересно, если сделать grep -r "010-add_antizapret_route.sh", то он нигде не находит упоминание этого файла. -
В связи с новыми событиями возможно ли добавить поддержку ASN в файл с исключениями? Чтобы не вводить все IP.
Например список для FB + Instagram выглядел бы просто так:AS32934 AS54115 AS63293 AS149642
Вместо двух сотен подсетей.
- 2
-
В файле add-bird4_routes.sh закомментировал ещё строку "curl -sf $URL0 | sed 's/^/route /' | sed 's/$/ via "'$VPN'";/' >> $ROUTE"б, теперь скрипт запускается. Но всё равно после первого подключения к VPN всё ломается.
Перестаёт подключаться к VPN. Я даже не могу объяснить это. Переключаю ползунок рядом с VPN в "Другие подключения", всё ок, написано "Готов". Потом спустя время вижу "Ошибка подключения" и в журнале циклично пытается подключиться. Привожу копипаст одного цикла.
SpoilerФев 21 02:18:34ndmCore::Syslog: the system log has been cleared.Фев 21 02:18:35bndstrgband steering: send BTM request to 32:a3:28:83:e8:e4 for roam to 2.4GHz band (Low RSSI: -78)Фев 21 02:18:35bndstrgband steering: WNM client 32:a3:28:83:e8:e4 rejected 2.4GHz band (code: 6)Фев 21 02:18:38pppd_L2TP0control init failedФев 21 02:18:38pppd_L2TP0Couldn't get channel number: Bad file descriptorФев 21 02:18:38pppd_L2TP0Exit.Фев 21 02:18:38ndmService: "L2TP0": unexpectedly stopped.Фев 21 02:18:38ndmNetwork::Interface::Base: "L2TP0": interface is up.Фев 21 02:18:38ndmNetwork::Interface::Ppp: "L2TP0": disabled connection.Фев 21 02:18:38ndmIpSec::Manager: "L2TP0": IP secure connection and keys was deleted.Фев 21 02:18:38ndmNetwork::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".Фев 21 02:18:38ndmNetwork::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).Фев 21 02:18:38ndmNetwork::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".Фев 21 02:18:38ndmNetwork::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).Фев 21 02:18:38ndmNetwork::Interface::L2tp: "L2TP0": using port 41286 as local.Фев 21 02:18:38ndmNetwork::Interface::L2tp: "L2TP0": updating IP secure configuration.Фев 21 02:18:38ndmIpSec::Manager: "L2TP0": IP secure connection was added.Фев 21 02:18:40ndmIpSec::Manager: create IPsec reconfiguration transaction...Фев 21 02:18:40ndmIpSec::Manager: add config for crypto map "VPNL2TPServer".Фев 21 02:18:40ndmIpSec::Manager: add config for crypto map "L2TP0".Фев 21 02:18:40ndmIpSec::Manager: IPsec reconfiguration transaction was created.Фев 21 02:18:41ndmIpSec::Configurator: start applying IPsec configuration.Фев 21 02:18:41ndmIpSec::Configurator: IPsec configuration applying is done.Фев 21 02:18:41ndmIpSec::Configurator: start reloading IKE keys task.Фев 21 02:18:41ndmNetwork::Interface::L2tp: "L2TP0": IPsec layer is down, shutdown L2TP layer.Фев 21 02:18:41ndmNetwork::Interface::Ppp: "L2TP0": disabled connection.Фев 21 02:18:41ipsec03[CFG] rereading secretsФев 21 02:18:41ipsec03[CFG] loading secretsФев 21 02:18:41ipsec03[CFG] loaded IKE secret for %anyФев 21 02:18:41ipsec03[CFG] loaded IKE secret for cmap:L2TP0Фев 21 02:18:41ipsec03[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'Фев 21 02:18:41ndmIpSec::Configurator: reloading IKE keys task done.Фев 21 02:18:41ndmNetwork::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".Фев 21 02:18:41ndmNetwork::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).Фев 21 02:18:41ndmNetwork::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".Фев 21 02:18:41ndmNetwork::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).Фев 21 02:18:41ndmNetwork::Interface::L2tp: "L2TP0": using port 41216 as local.Фев 21 02:18:41ndmNetwork::Interface::L2tp: "L2TP0": updating IP secure configuration.Фев 21 02:18:41ndmIpSec::Manager: "L2TP0": IP secure connection and keys was deleted.Фев 21 02:18:41ndmIpSec::Manager: "L2TP0": IP secure connection was added.Фев 21 02:18:41ndmIpSec::Configurator: start reloading IPsec config task.Фев 21 02:18:41ipsec13[CFG] received stroke: delete connection 'VPNL2TPServer'Фев 21 02:18:41ipsec13[CFG] deleted connection 'VPNL2TPServer'Фев 21 02:18:41ipsec05[CFG] received stroke: delete connection 'L2TP0'Фев 21 02:18:41ipsec05[CFG] deleted connection 'L2TP0'Фев 21 02:18:41ipsec00[DMN] signal of type SIGHUP received. Reloading configurationФев 21 02:18:41ipsec06[CFG] received stroke: add connection 'VPNL2TPServer'Фев 21 02:18:41ipsec00[CFG] loaded 0 entries for attr plugin configurationФев 21 02:18:41ipsec06[CFG] added configuration 'VPNL2TPServer'Фев 21 02:18:41ipsec11[CFG] received stroke: add connection 'L2TP0'Фев 21 02:18:41ipsec00[CFG] loaded 1 RADIUS server configurationФев 21 02:18:41ipsec11[CFG] added configuration 'L2TP0'Фев 21 02:18:41ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 02:18:41ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 02:18:41ndmIpSec::Configurator: reloading IPsec config task done.Фев 21 02:18:43ndmIpSec::Configurator: "L2TP0": crypto map shutdown started.Фев 21 02:18:43ipsec12[CFG] received stroke: unroute 'L2TP0'Фев 21 02:18:43ipsec03[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'Фев 21 02:18:43ipsec03[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'Фев 21 02:18:43ipsec03[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'Фев 21 02:18:43ipsec03[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'Фев 21 02:18:43ndmIpSec::Manager: create IPsec reconfiguration transaction...Фев 21 02:18:43ipsec13[CFG] received stroke: terminate 'L2TP0{*}'Фев 21 02:18:43ipsec16[IKE] closing CHILD_SA L2TP0{2} with SPIs c21801e1_i (0 bytes) 5af2ad6f_o (435 bytes) and TS 95.31.196.5/32[udp/41289] === 95.182.123.183/32[udp/l2tp]Фев 21 02:18:43ipsec07[CFG] received stroke: terminate 'L2TP0[*]'Фев 21 02:18:43ndmIpSec::Configurator: "L2TP0": crypto map shutdown complete.Фев 21 02:18:43ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.Фев 21 02:18:43ndmIpSec::Manager: add config for crypto map "VPNL2TPServer".Фев 21 02:18:43ndmIpSec::Manager: add config for crypto map "L2TP0".Фев 21 02:18:43ndmIpSec::Manager: IPsec reconfiguration transaction was created.Фев 21 02:18:43ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.Фев 21 02:18:43ndmIpSec::Configurator: start applying IPsec configuration.Фев 21 02:18:43ndmIpSec::Configurator: IPsec configuration applying is done.Фев 21 02:18:43ndmIpSec::Configurator: start reloading IKE keys task.Фев 21 02:18:43ipsec08[CFG] rereading secretsФев 21 02:18:43ipsec08[CFG] loading secretsФев 21 02:18:43ipsec08[CFG] loaded IKE secret for %anyФев 21 02:18:43ipsec08[CFG] loaded IKE secret for cmap:L2TP0Фев 21 02:18:43ipsec08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'Фев 21 02:18:43ndmIpSec::Configurator: reloading IKE keys task done.Фев 21 02:18:43ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.Фев 21 02:18:43ipsec16[IKE] sending DELETE for ESP CHILD_SA with SPI c21801e1Фев 21 02:18:43ipsec11[IKE] deleting IKE_SA L2TP0[2] between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]Фев 21 02:18:43ipsec11[IKE] sending DELETE for IKE_SA L2TP0[2]Фев 21 02:18:43ndmIpSec::Configurator: start reloading IPsec config task.Фев 21 02:18:43ipsec12[CFG] received stroke: delete connection 'VPNL2TPServer'Фев 21 02:18:43ipsec12[CFG] deleted connection 'VPNL2TPServer'Фев 21 02:18:43ipsec10[CFG] received stroke: delete connection 'L2TP0'Фев 21 02:18:43ipsec10[CFG] deleted connection 'L2TP0'Фев 21 02:18:43ipsec00[DMN] signal of type SIGHUP received. Reloading configurationФев 21 02:18:43ipsec13[CFG] received stroke: add connection 'VPNL2TPServer'Фев 21 02:18:43ipsec00[CFG] loaded 0 entries for attr plugin configurationФев 21 02:18:43ipsec00[CFG] loaded 1 RADIUS server configurationФев 21 02:18:43ipsec13[CFG] added configuration 'VPNL2TPServer'Фев 21 02:18:43ipsec03[CFG] received stroke: add connection 'L2TP0'Фев 21 02:18:43ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 02:18:43ipsec03[CFG] added configuration 'L2TP0'Фев 21 02:18:43ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 02:18:43ndmIpSec::Configurator: reloading IPsec config task done.Фев 21 02:18:43ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 0, active CHILD SA: 0.Фев 21 02:18:45ndmIpSec::Configurator: "L2TP0": crypto map shutdown started.Фев 21 02:18:45ipsec08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'Фев 21 02:18:45ipsec08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'Фев 21 02:18:45ipsec08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'Фев 21 02:18:45ipsec08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'Фев 21 02:18:45ipsec16[CFG] received stroke: unroute 'L2TP0'Фев 21 02:18:45ipsec14[CFG] received stroke: terminate 'L2TP0{*}'Фев 21 02:18:45ipsec14[CFG] no CHILD_SA named 'L2TP0' foundФев 21 02:18:45ipsec07[CFG] received stroke: terminate 'L2TP0[*]'Фев 21 02:18:45ipsec07[CFG] no IKE_SA named 'L2TP0' foundФев 21 02:18:45ndmIpSec::Configurator: "L2TP0": crypto map shutdown complete.Фев 21 02:18:46ipsec10[CFG] received stroke: initiate 'L2TP0'Фев 21 02:18:46ipsec05[IKE] sending DPD vendor IDФев 21 02:18:46ndmIpSec::Configurator: "L2TP0": crypto map initialized.Фев 21 02:18:46ipsec05[IKE] sending FRAGMENTATION vendor IDФев 21 02:18:46ipsec05[IKE] sending NAT-T (RFC 3947) vendor IDФев 21 02:18:46ipsec05[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor IDФев 21 02:18:46ipsec05[IKE] initiating Main Mode IKE_SA L2TP0[3] to 95.182.123.183Фев 21 02:18:46ipsec06[IKE] received NAT-T (RFC 3947) vendor IDФев 21 02:18:46ipsec06[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor IDФев 21 02:18:46ipsec06[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor IDФев 21 02:18:46ipsec06[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor IDФев 21 02:18:46ipsec06[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor IDФев 21 02:18:46ipsec06[IKE] received DPD vendor IDФев 21 02:18:46ipsec06[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536Фев 21 02:18:46ipsec06[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024Фев 21 02:18:46ipsec06[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536Фев 21 02:18:46ipsec13[IKE] found linked key for crypto map 'L2TP0'Фев 21 02:18:46ipsec13[IKE] local host is behind NAT, sending keep alivesФев 21 02:18:46ipsec16[IKE] IKE_SA L2TP0[3] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]Фев 21 02:18:46ipsec16[IKE] scheduling reauthentication in 28770sФев 21 02:18:46ipsec16[IKE] maximum IKE_SA lifetime 28790sФев 21 02:18:47ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.Фев 21 02:18:47ipsec08[IKE] no matching CHILD_SA config found for 95.182.123.183/32[udp/l2tp] === 95.31.196.5/32[udp/41289]Фев 21 02:18:47ipsec03[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQФев 21 02:18:47ipsec03[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQФев 21 02:18:47ipsec03[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQФев 21 02:18:47ipsec03[IKE] CHILD_SA L2TP0{3} established with SPIs cac9ac1a_i 0bddf96a_o and TS 95.31.196.5/32[udp/41216] === 95.182.123.183/32[udp/l2tp]Фев 21 02:18:47ndmIpSec::Configurator: crypto map "L2TP0" is up.Фев 21 02:18:47ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.Фев 21 02:18:47ndmNetwork::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.Фев 21 02:18:47ndmNetwork::Interface::Ppp: "L2TP0": enabled connection via any interface.Фев 21 02:18:47ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 02:18:47ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 02:18:48ipsec09[IKE] received retransmit of request with ID 2474906703, but no response to retransmitФев 21 02:18:49l2tp[2031]Plugin pppol2tp.so loaded.Фев 21 02:18:49l2tp[2031]pppd 2.4.4-4 started by root, uid 0Фев 21 02:18:49ndmNetwork::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).Фев 21 02:18:49pppd_L2TP0l2tp_control v2.02Фев 21 02:18:49pppd_L2TP0remote host: 95.182.123.183:1701Фев 21 02:18:49pppd_L2TP0local bind: 95.31.196.5:41216Фев 21 02:18:50ipsec09[IKE] received retransmit of request with ID 2474906703, but no response to retransmitФев 21 02:18:51pppd_L2TP0l2tp: timeout of sccrp, retry sccrq, try: 1Фев 21 02:18:52ipsec07[IKE] received retransmit of request with ID 2474906703, but no response to retransmitФев 21 02:18:53pppd_L2TP0l2tp: timeout of sccrp, retry sccrq, try: 2Фев 21 02:18:55pppd_L2TP0l2tp: timeout of sccrp, retry sccrq, try: 3Фев 21 02:18:57pppd_L2TP0l2tp: timeout of sccrp, retry sccrq, try: 4Фев 21 02:18:57ipsec14[IKE] received DELETE for ESP CHILD_SA with SPI b9da6b32Фев 21 02:18:57ipsec14[IKE] CHILD_SA not found, ignoredФев 21 02:18:59pppd_L2TP0l2tp: timeout of sccrp, retry sccrq, try: 5Фев 21 02:18:59pppd_L2TP0l2tp: sccrq failed, fatalФев 21 02:18:59pppd_L2TP0l2tp: shutting down control connectionФев 21 02:19:01pppd_L2TP0l2tp: shutdown completed -
Вероятно мой сервер попал в список "заблокированных", как ранее писали ложные срабатывания возможны за счёт того, что список формируется не по 1 IP в строке, а как бы масками.
Перезагружаю роутер с выключенным VPN. Подключаюсь по SSH к своему VPN-серверу, всё ок, В "Другие подключения" включаю VPN. После этого больше не могу подключиться по SSH к своему серверу.
Добавил в белый список IP и домен своего сервера. Не помогает.SpoilerФев 21 01:50:47ndmNetwork::Interface::Base: "L2TP0": interface is up.Фев 21 01:50:47ndmIpSec::Manager: service enabled.Фев 21 01:50:47ndmCore::ConfigurationSaver: saving configuration...Фев 21 01:50:47ndmNetwork::Interface::PppTunnel: "L2TP0": interface state is changed, reconnecting.Фев 21 01:50:47ndmNetwork::Interface::PppTunnel: "L2TP0": remote endpoint is resolved to "95.182.123.183".Фев 21 01:50:47ndmNetwork::Interface::PppTunnel: "L2TP0": connecting via ISP (GigabitEthernet1).Фев 21 01:50:47ndmNetwork::Interface::PppTunnel: "L2TP0": local endpoint is resolved to "95.31.196.5".Фев 21 01:50:47ndmNetwork::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).Фев 21 01:50:47ndmNetwork::Interface::L2tp: "L2TP0": using port 41271 as local.Фев 21 01:50:47ndmNetwork::Interface::L2tp: "L2TP0": updating IP secure configuration.Фев 21 01:50:47ndmIpSec::Manager: "L2TP0": IP secure connection was added.Фев 21 01:50:47ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 01:50:47ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 01:50:49ndmIpSec::Manager: create IPsec reconfiguration transaction...Фев 21 01:50:49ndmIpSec::Manager: add config for crypto map "VPNL2TPServer".Фев 21 01:50:49ndmIpSec::Manager: add config for crypto map "L2TP0".Фев 21 01:50:49ndmIpSec::Manager: IPsec reconfiguration transaction was created.Фев 21 01:50:49ndmIpSec::Configurator: start applying IPsec configuration.Фев 21 01:50:49ndmIpSec::Configurator: IPsec configuration applying is done.Фев 21 01:50:49ndmIpSec::Configurator: start reloading IKE keys task.Фев 21 01:50:49ipsec11[CFG] rereading secretsФев 21 01:50:49ipsec11[CFG] loading secretsФев 21 01:50:49ipsec11[CFG] loaded IKE secret for %anyФев 21 01:50:49ipsec11[CFG] loaded IKE secret for cmap:L2TP0Фев 21 01:50:49ipsec11[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts'Фев 21 01:50:49ndmIpSec::Configurator: reloading IKE keys task done.Фев 21 01:50:49ndmIpSec::Configurator: start reloading IPsec config task.Фев 21 01:50:49ipsec14[CFG] received stroke: delete connection 'VPNL2TPServer'Фев 21 01:50:49ipsec14[CFG] deleted connection 'VPNL2TPServer'Фев 21 01:50:49ipsec00[DMN] signal of type SIGHUP received. Reloading configurationФев 21 01:50:49ipsec08[CFG] received stroke: add connection 'VPNL2TPServer'Фев 21 01:50:49ipsec00[CFG] loaded 0 entries for attr plugin configurationФев 21 01:50:49ipsec00[CFG] loaded 1 RADIUS server configurationФев 21 01:50:49ipsec08[CFG] added configuration 'VPNL2TPServer'Фев 21 01:50:49ipsec16[CFG] received stroke: add connection 'L2TP0'Фев 21 01:50:49ipsec16[CFG] added configuration 'L2TP0'Фев 21 01:50:49ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 01:50:49ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 01:50:49ndmIpSec::Configurator: reloading IPsec config task done.Фев 21 01:50:49ipsec06[CFG] received stroke: initiate 'L2TP0'Фев 21 01:50:49ipsec10[IKE] sending DPD vendor IDФев 21 01:50:49ipsec10[IKE] sending FRAGMENTATION vendor IDФев 21 01:50:49ndmIpSec::Configurator: "L2TP0": crypto map initialized.Фев 21 01:50:49ipsec10[IKE] sending NAT-T (RFC 3947) vendor IDФев 21 01:50:49ipsec10[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor IDФев 21 01:50:49ipsec10[IKE] initiating Main Mode IKE_SA L2TP0[1] to 95.182.123.183Фев 21 01:50:50ipsec13[IKE] received NAT-T (RFC 3947) vendor IDФев 21 01:50:50ipsec13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor IDФев 21 01:50:50ipsec13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor IDФев 21 01:50:50ipsec13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor IDФев 21 01:50:50ipsec13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor IDФев 21 01:50:50ipsec13[IKE] received DPD vendor IDФев 21 01:50:50ipsec13[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536Фев 21 01:50:50ipsec13[CFG] configured proposals: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024Фев 21 01:50:50ipsec13[CFG] selected proposal: IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536Фев 21 01:50:50ipsec15[IKE] found linked key for crypto map 'L2TP0'Фев 21 01:50:50ipsec15[IKE] local host is behind NAT, sending keep alivesФев 21 01:50:50ipsec07[IKE] IKE_SA L2TP0[1] established between 95.31.196.5[95.31.196.5]...95.182.123.183[95.182.123.183]Фев 21 01:50:50ipsec07[IKE] scheduling reauthentication in 28780sФев 21 01:50:50ipsec07[IKE] maximum IKE_SA lifetime 28800sФев 21 01:50:50ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 0.Фев 21 01:50:50ipsec09[CFG] received proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQФев 21 01:50:50ipsec09[CFG] configured proposals: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC=128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC=256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQФев 21 01:50:50ipsec09[CFG] selected proposal: ESP:AES_CBC=128/HMAC_SHA1_96/NO_EXT_SEQФев 21 01:50:50ipsec09[IKE] CHILD_SA L2TP0{1} established with SPIs cee91684_i a5716a43_o and TS 95.31.196.5/32[udp/41271] === 95.182.123.183/32[udp/l2tp]Фев 21 01:50:50ndmIpSec::Configurator: crypto map "L2TP0" is up.Фев 21 01:50:50ndmIpSec::CryptoMapInfo: "L2TP0": crypto map active IKE SA: 1, active CHILD SA: 1.Фев 21 01:50:50ndmNetwork::Interface::L2tp: "L2TP0": IPsec layer is up, do start L2TP layer.Фев 21 01:50:50ndmNetwork::Interface::Ppp: "L2TP0": enabled connection via any interface.Фев 21 01:50:50ndmIpSec::IpSecNetfilter: start reloading netfilter configuration...Фев 21 01:50:50ndmIpSec::IpSecNetfilter: netfilter configuration reloading is done.Фев 21 01:50:51ndmCore::ConfigurationSaver: configuration saved.Фев 21 01:50:51ipsec11[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts'Фев 21 01:50:51ipsec11[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts'Фев 21 01:50:51ipsec11[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts'Фев 21 01:50:51ipsec11[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls'Фев 21 01:50:52l2tp[1371]Plugin pppol2tp.so loaded.Фев 21 01:50:52l2tp[1371]pppd 2.4.4-4 started by root, uid 0Фев 21 01:50:52ndmNetwork::Interface::PppTunnel: "L2TP0": added host route to 95.182.123.183 via 95.31.196.6 (GigabitEthernet1).Фев 21 01:50:52pppd_L2TP0l2tp_control v2.02Фев 21 01:50:52pppd_L2TP0remote host: 95.182.123.183:1701Фев 21 01:50:52pppd_L2TP0local bind: 95.31.196.5:41271Фев 21 01:50:53pppd_L2TP0creating in-kernel L2TP tunnel (R/L 1/57658)Фев 21 01:50:53pppd_L2TP0creating in-kernel L2TP session (R/L 1/30906)Фев 21 01:50:53pppd_L2TP0L2TP tunnel/session createdФев 21 01:50:53pppd_L2TP0PPP channel connectedФев 21 01:50:53pppd_L2TP0using channel 1Фев 21 01:50:53pppd_L2TP0Using interface ppp0Фев 21 01:50:53pppd_L2TP0Connect: ppp0 <--> l2tp[0]Фев 21 01:50:53pppd_L2TP0PAP authentication succeededФев 21 01:50:53pppd_L2TP0local IP address 192.168.30.10Фев 21 01:50:53pppd_L2TP0remote IP address 1.0.0.1Фев 21 01:50:53pppd_L2TP0primary DNS address 192.168.30.1Фев 21 01:50:53ipsec10[KNL] unable to receive from RT event socket No buffer space available (132)Фев 21 01:50:53ndmNetwork::Interface::Base: "L2TP0": interface is up.Фев 21 01:50:53ndmNetwork::Interface::Base: "L2TP0": interface is up.Фев 21 01:50:53ndmNetwork::Interface::Ppp: "L2TP0": interface "L2TP0" is global, priority 65502.Фев 21 01:50:53ndmNetwork::Interface::Ppp: "L2TP0": adding default route via L2TP0.Фев 21 01:50:53ndmNetwork::Interface::Ppp: "L2TP0": adding nameserver 192.168.30.1.Фев 21 01:50:53ndmDns::Manager: name server 192.168.30.1 added, domain (default).Фев 21 01:50:53ndmNetwork::Interface::Ip: "L2TP0": IP address is 192.168.30.10/32.Фев 21 01:50:54coalagentupdating configuration...Фев 21 01:50:54ndmHttp::Nginx: loaded SSL certificate for "3fff06087455fb639118b3ac.keenetic.io".Фев 21 01:50:54ndmHttp::Nginx: loaded SSL certificate for "dsolo.keenetic.name".Фев 21 01:50:54ndmCore::Server: started Session /var/run/ndm.core.socket.Фев 21 01:50:55ipsec14[KNL] unable to receive from RT event socket No buffer space available (132)Фев 21 01:50:55ndmCore::Session: client disconnected.Фев 21 01:50:55ndmHttp::Manager: updated configuration.Фев 21 01:50:55ndmCore::Server: started Session /var/run/ndm.core.socket.Фев 21 01:50:55ndmCore::Session: client disconnected.Фев 21 01:50:56ipsec12[KNL] unable to receive from RT event socket No buffer space available (132)Фев 21 01:50:57ipsec15[KNL] unable to receive from RT event socket No buffer space available (132)Фев 21 01:50:57bird4Kernel dropped some netlink messages, will resync on next scan.Инструкция по переводу в ручной режим не работает, если закомментировать строку, как написано на github, то затем просто не запускается скрипт.
Spoiler~ # /opt/etc/cron.daily/add-bird4_routes.sh
curl: no URL specified!
curl: try 'curl --help' for more informationНа данный момент считаю что система с BGP вообще не состоятельна, просматриваю статистику в админке кинетика, через VPN огромное количество трафика идёт, хотя по факту надо фильтровать 3-5 сайтов, на которые я хожу раз в пару дней. Также не раз сталкиваюсь со сбоями, что непосредственно сайты мне говорят, что во время работы у вас сменился IP, а должен оставаться постоянным.
Подскажите что мне сделать, чтобы просто обходить несколько сайтов, без всяких там BGP.
-
Может ли способ из ссылки в первом посте быть не не достаточно точным (не знаю как ещё это назвать)?
Например, при входе на 2ip.ru я вижу свой личный IP. При входе на заблоченный rutracker.org всё нормально, сайт открывается.
Но сегодня я три раза неправильно ввёл пароль от VPS и попросил админов сбросить баны для моего IP, и как оказалось забанен был IP VPN.
Я скачал с antifilter список всех IP и не нашёл в списке IP VPS. Также проверил на РКН.
Периодически YouTube выдаёт сообщения, что на территории этой страны могут работать не все функции Premium. -
В родительской инструкции указано, что нужна Бета или Драфт прошивка, то есть на Релизе ваш метод работать не будет?
Как продиагностировать работу системы? По инструкции с гитхаба не работает. До этого из проверок сделал следующее: установил OpenVPN, в приоритетах поставил его первым, пооткрывал сайтики, всё работает.
bird4
in Вопросы по сборке и настройке Opkg
Posted
@DennoN
Временно очистил все файлы. Оставил только AS32934.
Я так понимаю, что IP адреса он не получает:
~ # ./Bird4Static/scripts/add-bird4_routes.sh -d
########### Sat Feb 17 19:58:41 MSK 2024 STEP_2: add init files ###########
########### Sat Feb 17 19:58:41 MSK 2024 STEP_1: wait dns ###########
########### Sat Feb 17 19:58:41 MSK 2024 STEP_3: diff antifilter.list ###########
########### Sat Feb 17 19:58:41 MSK 2024 STEP_3: diff bird4-base-vpn.list ###########
########### Sat Feb 17 19:58:41 MSK 2024 STEP_4: ipr func file antifilter.list ###########
iprange: Loading from stdin
iprange: NON-OPTIMIZED stdin at line 5, entry 4, last was 1.255.53.122 (33502586) - 1.255.53.122 (33502586), new is 1.32.194.0 (18924032) - 1.32.194.255 (18924287)
iprange: Loaded non-optimized stdin
iprange: Optimizing combined ipset
iprange: Printing combined ipset with 23163 ranges, 4241164 unique IPs
24281 printed CIDRs, break down by prefix:
- prefix /16 counts 2 entries
- prefix /17 counts 2 entries
- prefix /18 counts 8 entries
- prefix /19 counts 33 entries
- prefix /20 counts 83 entries
- prefix /21 counts 131 entries
- prefix /22 counts 660 entries
- prefix /23 counts 3066 entries
- prefix /24 counts 2291 entries
- prefix /25 counts 1007 entries
- prefix /26 counts 579 entries
- prefix /27 counts 440 entries
- prefix /28 counts 273 entries
- prefix /29 counts 266 entries
- prefix /30 counts 210 entries
- prefix /31 counts 166 entries
- prefix /32 counts 15064 entries
totals: 24881 lines read, 23163 distinct IP ranges found, 17 CIDR prefixes, 24281 CIDRs printed, 4241164 unique IPs
completed in 0.37367 seconds (read 0.21666 + think 0.00000 + speak 0.15701)
########### Sat Feb 17 19:58:42 MSK 2024 STEP_3: diff bird4-force-isp.list ###########
########### Sat Feb 17 19:58:42 MSK 2024 STEP_4: ipr func file user-isp.list ###########
iprange: Loading from stdin
iprange: Printing combined ipset with 0 ranges, 0 unique IPs
0 printed CIDRs, break down by prefix:
totals: 0 lines read, 0 distinct IP ranges found, 0 CIDR prefixes, 0 CIDRs printed, 0 unique IPs
completed in 0.01031 seconds (read 0.00979 + think 0.00008 + speak 0.00044)
########### Sat Feb 17 19:58:42 MSK 2024 STEP_3: diff bird4-force-vpn1.list ###########
########### Sat Feb 17 19:58:42 MSK 2024 STEP_4: ipr func file user-vpn.list ###########
iprange: Loading from stdin
########### Sat Feb 17 19:58:42 MSK 2024 STEP_X: get as from file user-vpn.list ###########
AS32934
iprange: Printing combined ipset with 0 ranges, 0 unique IPs
0 printed CIDRs, break down by prefix:
totals: 0 lines read, 0 distinct IP ranges found, 0 CIDR prefixes, 0 CIDRs printed, 0 unique IPs
completed in 0.08168 seconds (read 0.08139 + think 0.00000 + speak 0.00028)
########### Sat Feb 17 19:58:42 MSK 2024 STEP_5: restart bird ###########
~ #
AS из твоего поста аналогично:
~ # ./Bird4Static/scripts/add-bird4_routes.sh -d
########### Sat Feb 17 20:00:52 MSK 2024 STEP_2: add init files ###########
########### Sat Feb 17 20:00:52 MSK 2024 STEP_1: wait dns ###########
########### Sat Feb 17 20:00:53 MSK 2024 STEP_3: diff antifilter.list ###########
########### Sat Feb 17 20:00:53 MSK 2024 STEP_3: diff bird4-base-vpn.list ###########
########### Sat Feb 17 20:00:53 MSK 2024 STEP_4: ipr func file antifilter.list ###########
iprange: Loading from stdin
iprange: NON-OPTIMIZED stdin at line 5, entry 4, last was 1.255.53.122 (33502586) - 1.255.53.122 (33502586), new is 1.32.194.0 (18924032) - 1.32.194.255 (18924287)
iprange: Loaded non-optimized stdin
iprange: Optimizing combined ipset
iprange: Printing combined ipset with 23163 ranges, 4241164 unique IPs
24281 printed CIDRs, break down by prefix:
- prefix /16 counts 2 entries
- prefix /17 counts 2 entries
- prefix /18 counts 8 entries
- prefix /19 counts 33 entries
- prefix /20 counts 83 entries
- prefix /21 counts 131 entries
- prefix /22 counts 660 entries
- prefix /23 counts 3066 entries
- prefix /24 counts 2291 entries
- prefix /25 counts 1007 entries
- prefix /26 counts 579 entries
- prefix /27 counts 440 entries
- prefix /28 counts 273 entries
- prefix /29 counts 266 entries
- prefix /30 counts 210 entries
- prefix /31 counts 166 entries
- prefix /32 counts 15064 entries
totals: 24881 lines read, 23163 distinct IP ranges found, 17 CIDR prefixes, 24281 CIDRs printed, 4241164 unique IPs
completed in 0.36976 seconds (read 0.22431 + think 0.00000 + speak 0.14545)
########### Sat Feb 17 20:00:53 MSK 2024 STEP_3: diff bird4-force-isp.list ###########
########### Sat Feb 17 20:00:53 MSK 2024 STEP_4: ipr func file user-isp.list ###########
iprange: Loading from stdin
iprange: Printing combined ipset with 0 ranges, 0 unique IPs
0 printed CIDRs, break down by prefix:
totals: 0 lines read, 0 distinct IP ranges found, 0 CIDR prefixes, 0 CIDRs printed, 0 unique IPs
completed in 0.01294 seconds (read 0.01270 + think 0.00000 + speak 0.00024)
########### Sat Feb 17 20:00:53 MSK 2024 STEP_3: diff bird4-force-vpn1.list ###########
########### Sat Feb 17 20:00:53 MSK 2024 STEP_4: ipr func file user-vpn.list ###########
iprange: Loading from stdin
########### Sat Feb 17 20:00:53 MSK 2024 STEP_X: get as from file user-vpn.list ###########
AS13414
iprange: Printing combined ipset with 0 ranges, 0 unique IPs
0 printed CIDRs, break down by prefix:
totals: 0 lines read, 0 distinct IP ranges found, 0 CIDR prefixes, 0 CIDRs printed, 0 unique IPs
completed in 0.08156 seconds (read 0.08143 + think 0.00000 + speak 0.00013)
########### Sat Feb 17 20:00:53 MSK 2024 STEP_5: restart bird ###########
Проблема решена.
Спасибо из debug режима понял, что ни для какой AS не возвращаются записи. не работал curl (Error 48). К счастью решилось обновлением всех пакетов.