IPSec íàñòðîéêà ìàðøðóòèçàöèè

kadulin

Íå ðàáîòàåò.
×òî ïîëó÷àåòñÿ:

• c îôèñà2 ïèíãóþòñÿ âñå êîìïáþòåðû ñåòè Îôèñ1
• ïðîïèñàë ìàðøðóò c îôèñà íà Îôèñ3 (192.168.103.0/24) ÷åðåç ôîèñ1(192.168.100.6)

Ïðè àíàëèçå ïàêåòîâ, ïîëó÷àåòñÿ, ÷òî ïèíãè ïðîñòî èäóò íà âíåøíèé IP îôèñ2, ò.å. â èíòåðíåò!!!  ÷åì òðàáë?

Mr. Boroda

â îôèñ1 åñòü ñòàòè÷åñêèå ìàðøðóòû?
êóäà îíè óêàçûâàþò?
ñ îôèñ2 è îôèñ3 øëþçîì äîëæåí áûòü LAN èï îôèñ1
ñîîòâåòñòâåííî ñåòè â îôèñ2 è îôèñ3 äîëæíû áûòü äîñòóïíû ÷åðåç ñâîé LAN èï

kadulin

Òîëüêî ïî÷åìó òî â îôîèñ2 nestat -r  íå ïîêàçûâàåò ïðîïèñàííôé ìíîþ ìàðøðóò??

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            195.5.5.203        UGS        0  459251    ng0
209-80-113-92.pool lo0                UHS        0        0    lo0
localhost          localhost          UH          0        0    lo0
192.168.102.0      link#1            UC          0        0    rl0
195.5.5.203        209-80-113-92.pool UH          1    2940    ng0

À êîãäà ÿ èçìåíèë ìàðøðóò äëÿ ïîäñåòè 192.168.106.0.24 íà IP 192.168.102.7, òî ìàðøðóò ïðîïèñàëñÿ.
Âûõîäèò, ÷òî îí íå çíàåò êóäà ïðâÿçàòü ìàðøðóòèçàöèþ äëÿ IP Îôèñ1 192.168.100.6

Õîòÿ ïèíãè ñ ïîäñåòè îôèñ2 èäóò íà ïîäñåòü îôèñ1.

Mr. Boroda

íàïèøèòå àäðåñà âîò ïî ýòîé ñõåìå
Îôèñ1, LAN IP, LAN NET/MASK, IPSEC Remote subnet, IPSEC Remote gateway

kadulin

Îôèñ1 - IP: 192.168.100.5, Net: 192.168.100.0/24, IPSec Remote Subnet 192.168.102.0/24 IPSec Remote GateWay xxx.xxx.xxx.xxx (âíåøíèé IP îôèñà2)
Îôèñ2 - IP: 192.168.102.5, Net: 192.168.102.0/24, IPSec Remote Subnet 192.168.100.0/24 IPSec Remote GateWay yyy.yyy.yyy.yyy (âíåøíèé IP îôèñà1)

Mr. Boroda

íàñòðîêè Îôèñ1
System: Static Routes
  Destination network: 192.168.102.0/24
  Gateway: 192.168.100.5

íàñòðîêè Îôèñ2
System: Static Routes
  Destination network: 192.168.100.0/24
  Gateway: 192.168.102.5

ÿ òàê ïîíèìàþ â ôàéðâîëå âñå îòêðûòî?

kadulin

Äîáàâëþ

íàñòðîêè Îôèñ1
Lan IP: 192.168.100.6
IPsec:
  Remote Subnet: 192.168.102.0/24  Remote GateWay: xxx.xxx.xxx.xxx
  Remote Subnet: 192.168.104.0/24  Remote GateWay: zzz.zzz.zzz.zzz
System: Static Routes
  Destination network: 192.168.102.0/24  Gateway: 192.168.102.5
  Destination network: 192.168.104.0/24  Gateway: 192.168.104.5

íàñòðîêè Îôèñ2
  Lan IP: 192.168.102.5
IPsec:
  Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
  Destination network: 192.168.104.0/24  Gateway: 192.168.100.6

íàñòðîêè Îôèñ4
  Lan IP: 192.168.104.5
IPsec:
  Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
  Destination network: 192.168.102.0/24  Gateway: 192.168.100.6

Ñâÿçü ìåæäó Îôèñ1<=>Îôèñ2 è Îôèñ1<=>Îôèñ4 åñòü.
À âîò íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó Îôèñ2 è Îôèñ4 íå ïîëó÷åñòñÿ.
Åñëè ïèíãîâàòü ñ Îôèñ2 íà Îôèñ4, òî â trafshow âèäíû ïèíãè èäóùèå ñ âíåøíåãî IP íà 192.168.104.5.
netstat -r - â Îôèñ2 íå ïîêàçûâàåò ïðîïèñàííûé ìíîé ìàðøðóò Destination network: 192.168.104.0/24  Gateway: 192.168.100.6, õîòÿ â web îí ïðèïèñàí.

Mr. Boroda

À âû ðàçâå íå âèäèòå ðàçíèöû
ÿ âåäü ñïåöèàëüíî íàïèñàë ÷òî äîëæíî áûòü â ñòàòè÷åñêèõ ìàðøðóòàõ âíèìàòåëüíî ñìîòðèòå íà øëþç

kadulin

Ïîìåíÿë íàñòðîéêè. Òåïåðü îíè âûãëÿäÿò âîò òàê:
íàñòðîéêè Îôèñ1
Lan IP: 192.168.100.6
IPsec:
 Remote Subnet: 192.168.102.0/24  Remote GateWay: xxx.xxx.xxx.xxx
 Remote Subnet: 192.168.104.0/24  Remote GateWay: zzz.zzz.zzz.zzz
System: Static Routes
 Destination network: 192.168.102.0/24  Gateway: 192.168.102.5
 Destination network: 192.168.104.0/24  Gateway: 192.168.104.5

íàñòðîéêè Îôèñ2
 Lan IP: 192.168.102.5
IPsec:
 Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
 Destination network: 192.168.100.0/24  Gateway: 192.168.102.5
 Destination network: 192.168.104.0/24  Gateway: 192.168.100.6

íàñòðîéêè Îôèñ4
 Lan IP: 192.168.104.5
IPsec:
 Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
 Destination network: 192.168.100.0/24  Gateway: 192.168.104.5
 Destination network: 192.168.102.0/24  Gateway: 192.168.100.6

Ïèíãè c Îôèñ2 íà 192.168.168.104.5 íå èäóò. Îøèáêà - Çàäàííûé óçåë íå äîñòóïåí
è îøèáêè â ëîãàõ
Dec 22 14:21:12 kernel: arpresolve: can't allocate route for 192.168.100.6
Dec 22 14:21:12 kernel: arplookup 192.168.100.6 failed: host is not on local network

Mr. Boroda

traceroute èç îôèñ2 íà 192.168.100.6, 192.168.104.5

è â îôèñ2, îôèñ4
System: Static Routes
  Destination network: 192.168.0.0/16  Gateway: LAN IP

kadulin

Òðàññèðîâêà ñ PF

traceroute 192.168.100.4

traceroute to 192.168.100.4 (192.168.100.4), 64 hops max, 40 byte packets
1  dprouter (192.168.102.5)  0.679 ms  0.584 ms  0.498 ms
2  * * *
3  192.168.100.4 (192.168.100.4)  76.914 ms  57.086 ms  58.720 ms

traceroute 192.168.100.6

traceroute to 192.168.100.6 (192.168.100.6), 64 hops max, 40 byte packets
1  dprouter (192.168.102.5)  0.655 ms  0.607 ms  0.450 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  *^C

traceroute 192.168.104.5

traceroute to 192.168.104.5 (192.168.104.5), 64 hops max, 40 byte packets
traceroute: sendto: Invalid argument
1 traceroute: wrote 192.168.104.5 40 chars, ret=-1
*traceroute: sendto: Invalid argument

Òðàññèðîâêà ñ ñåòè Îôèñ2
C:>tracert 192.168.100.6
Òðàññèðîâêà ìàðøðóòà ê 192.168.100.6 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
  1    1 ms    1 ms    1 ms  192.168.102.5
  2    56 ms    55 ms    55 ms  192.168.100.6
Òðàññèðîâêà çàâåðøåíà.
C:>tracert 192.168.104.5
Òðàññèðîâêà ìàðøðóòà ê 192.168.104.5 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
  1    1 ms    1 ms    1 ms  192.168.102.5
  2  192.168.102.5  ñîîáùàåò: Çàäàííûé óçåë íåäîñòóïåí.
Òðàññèðîâêà çàâåðøåíà.
C:>ping 192.168.104.5 /n 500
Îáìåí ïàêåòàìè ñ 192.168.104.5 ïî ñ 32 áàéò äàííûõ:
Îòâåò îò 192.168.102.5: Çàäàííûé óçåë íåäîñòóïåí.

Eugene

Никак.