Есть 192.168.70.1 Lite III v2.08(AAUQ.1)A8 с серым айпи - IPSec VPN-Клиент:
(show)> ipsec
ipsec_statusall:
Status of IKE charon daemon (strongSwan 5.5.0, Linux 3.4.112, mips):
uptime: 2 hours, since Oct 11 16:16:06 2016
malloc: sbrk 204800, mmap 0, used 133496, free 71304
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8
loaded plugins: charon random nonce openssl hmac attr kernel-netlink socket-default stroke updown eap-mschapv2 eap-dynamic xauth-generic xauth-eap error-notify systime-fix unity
Listening IP addresses:
78.47.125.180
10.77.140.133
192.168.70.1
10.1.30.1
172.16.2.37
Connections:
Lite3HomeVPN2: %any...31.41.245.221 IKEv1, dpddelay=30s
Lite3HomeVPN2: local: [enp.enp@yandex.ru] uses pre-shared key authentication
Lite3HomeVPN2: remote: [enp.enp@yandex.ru] uses pre-shared key authentication
Lite3HomeVPN2: child: 192.168.70.0/24 === 192.168.2.0/24 TUNNEL, dpdaction=restart
L2TPoverIPsec0: %any...31.41.245.221 IKEv1, dpddelay=30s
L2TPoverIPsec0: local: [10.77.140.133] uses pre-shared key authentication
L2TPoverIPsec0: remote: uses pre-shared key authentication
L2TPoverIPsec0: child: 10.77.140.133/32[udp/l2tp] === 31.41.245.221/32[udp/l2tp] TRANSPORT, dpdaction=restart
Security Associations (1 up, 0 connecting):
Lite3HomeVPN2[18]: ESTABLISHED 34 minutes ago, 10.77.140.133[enp.enp@yandex.ru]...31.41.245.221[enp.enp@yandex.ru]
Lite3HomeVPN2[18]: IKEv1 SPIs: 860b5b1026e48967_i* e36d561fff59d13b_r, pre-shared key reauthentication in 25 minutes
Lite3HomeVPN2[18]: IKE proposal: DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768/#
Lite3HomeVPN2{7}: INSTALLED, TUNNEL, reqid 7, ESP in UDP SPIs: c1f49bc7_i c4d0edec_o
Lite3HomeVPN2{7}: DES_CBC/HMAC_MD5_96, 9612369 bytes_i (9126 pkts, 2s ago), 1779764 bytes_o (6205 pkts, 2s ago), rekeying in 25 minutes
который подключается к 192.168.2.1 Lite III v2.08(AAUQ.1)A8 с белым айпи - IPSec VPN-Сервер:
(show)> ipsec
ipsec_statusall:
Status of IKE charon daemon (strongSwan 5.5.0, Linux 3.4.112, mips):
uptime: 2 hours, since Oct 11 16:28:44 2016
malloc: sbrk 184320, mmap 0, used 125224, free 59096
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5
loaded plugins: charon random nonce openssl hmac attr kernel-netlink socket-default stroke updown eap-mschapv2 eap-dynamic xauth-generic xauth-eap error-notify systime-fix unity
Listening IP addresses:
78.47.125.180
192.168.66.3
192.168.2.1
10.1.30.1
31.41.245.221
192.168.2.1
Connections:
Lite3WorkVPN: %any...%any IKEv1, dpddelay=30s
Lite3WorkVPN: local: [enp.enp@yandex.ru] uses pre-shared key authentication
Lite3WorkVPN: remote: uses pre-shared key authentication
Lite3WorkVPN: child: 192.168.2.0/24 === 192.168.70.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
Lite3WorkVPN[17]: ESTABLISHED 36 minutes ago, 31.41.245.221[enp.enp@yandex.ru]...194.226.11.5[enp.enp@yandex.ru]
Lite3WorkVPN[17]: IKEv1 SPIs: 860b5b1026e48967_i e36d561fff59d13b_r*, pre-shared key reauthentication in 22 minutes
Lite3WorkVPN[17]: IKE proposal: DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768/#
Lite3WorkVPN{6}: INSTALLED, TUNNEL, reqid 6, ESP in UDP SPIs: c4d0edec_i c1f49bc7_o
Lite3WorkVPN{6}: DES_CBC/HMAC_MD5_96, 1916549 bytes_i (6675 pkts, 0s ago), 10393368 bytes_o (9887 pkts, 0s ago), rekeying in 22 minutes
Lite3WorkVPN{6}: 192.168.2.0/24 === 192.168.70.0/24
нужен доступ не только к компьютерам, которые подключены к 192.168.2.1 Lite III v2.08(AAUQ.1)A8 с белым айпи - IPSec VPN-Сервер, но и к локальным ресурсам провайдера, которые находятся в таких подсетях:
ip route 10.0.0.0 255.0.0.0
ip route 192.168.0.0 255.255.0.0
ip route 192.168.100.0 255.255.255.0
ранее, я это прописывал для VPN-клиента и имел доступ в личный кабинет провайдера billing.darnet.ru [192.168.100.10], сейчас нет, пинги не идут до ресурса.