клиент-сервер. домашний кинетик по впн соединяется с сервером/gw в европе и часть запрещенного трафика с домашней сети роутит туда
(config)> show ipsec
ipsec_statusall:
Status of IKE charon daemon (strongSwan 5.9.7, Linux 4.9-ndm-5, mips):
uptime: 10 seconds, since Jan 18 16:51:55 2023
worker threads: 4 of 9 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5
loaded plugins: charon ndm-pem random save-keys nonce x509 pubkey pkcs7 pem openssl pkcs8 xcbc cmac hmac ctr attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-peap xauth-generic xau
th-eap error-notify systime-fix unity counters
Listening IP addresses:
100.126.99.131
192.168.100.1
10.1.30.1
10.10.10.2
Connections:
IKE0: 0.0.0.0/0, ::/0...1x5.105.108.x7 IKEv2, dpddelay=30s
IKE0: local: [%any] uses EAP_MSCHAPV2 authentication with EAP identity 'dt'
IKE0: remote: [%any] uses public key authentication
IKE0: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=start
Security Associations (1 up, 0 connecting):
IKE0[1]: ESTABLISHED 9 seconds ago, 100.126.99.131[100.126.99.131]...1x5.105.108.x7[1x5.105.108.x7]
IKE0[1]: IKEv2 SPIs: f3da0d06c7c5c5aa_i* e27d9569107cca71_r, rekeying in 7 hours
IKE0[1]: IKE proposal: AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
IKE0{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c7417d09_i cb49d880_o
IKE0{1}: CHACHA20_POLY1305, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
IKE0{1}: 10.10.10.2/32 === 179.60.192.0/22 185.60.216.0/22 185.89.216.0/22 204.15.20.0/22 ...........{и так далее} маршруты что дает сервер клиенту, но в show ip route их нет
IKE keys:
490s ago, value:b02e5d537e5b6f4e,f8dbf42582b9bc1a,6911c7cc69f7dba8ff37a4b649f5678448fbb843747a09246956b3ff6738f3c2,583bb8eaae6cd1bfd2dbf0029c13bcd943aa3873b2f55fe97182e424e1e021e5,"AES-CBC-256 [RFC3602]",a9f48c4511f5f4786eeda2f943260fd614a7dcff,5db5e7c876696624bfca5674464f350934511805,"HMAC_SHA1_96 [RFC2404]"
138s ago, value:1fb843bab4298485,c02cdde859f4a29d,fd5c1e1e4b47f4745a21b539f931a2f6f8e6372a888cc2fc11454eb0214f9375,4b04288746f637a1f65429cb347e99ebe428e33b0996938b517af3ff72a4c502,"AES-CBC-256 [RFC3602]",7e530a77bba2f01fca989c8ac3a0837e3ba32614,6c67f49f620b1f72cd25e9e72d352ff2aef4dada,"HMAC_SHA1_96 [RFC2404]"
10s ago, value:f3da0d06c7c5c5aa,e27d9569107cca71,288d702b703b7392b2c7141a274b77c915640a7a87ce3c72fc3142126ca9fe3f,7ce45395467ed3a9b95b0d4761dc70238e520a1eb151f4df5a8c0c6c0808c149,"AES-CBC-256 [RFC3602]",f3951d85f723305b8ab52b1daaebb4caa105c30b,fc1ac943203a8ed4cf331c412c4d99dba3fa8b92,"HMAC_SHA1_96 [RFC2404]"
SA keys: