Подключение Windows client к pfsense по схеме Site-to-Site
-
Отключил, асус роутер снова стал подключаться, правда я так и не разобрался почему я из сети 10.10.10.0/24 не могу ходить в сеть 192.168.1.0/24 и обратно.
Выкладываю скриншоты настроек, думаю они прояснят ситтуацию, думаю что дело в правилах фаервола
Лог с асус роутера:
May 15 11:27:58 asus daemon.info dnsmasq[20310]: started, version 2.72+ cachesize 1500 May 15 11:27:58 asus daemon.info dnsmasq[20310]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth DNSSEC loop-detect May 15 11:27:58 asus daemon.info dnsmasq[20310]: asynchronous logging enabled, queue limit is 5 messages May 15 11:27:58 asus daemon.info dnsmasq-dhcp[20310]: DHCP, IP range 192.168.1.10 -- 192.168.1.61, lease time 1d May 15 11:27:58 asus daemon.info dnsmasq[20310]: reading /etc/resolv.dnsmasq May 15 11:27:58 asus daemon.info dnsmasq[20310]: using nameserver 77.37.251.33#53 May 15 11:27:58 asus daemon.info dnsmasq[20310]: using nameserver 77.37.255.30#53 May 15 11:27:58 asus daemon.info dnsmasq[20310]: read /etc/hosts - 2 addresses May 15 11:27:58 asus daemon.info dnsmasq[20310]: read /etc/dnsmasq/hosts/hosts - 3 addresses May 15 11:27:58 asus daemon.info dnsmasq-dhcp[20310]: read /etc/dnsmasq/dhcp/dhcp-hosts May 15 11:28:04 asus daemon.err apcupsd[20061]: apcupsd FATAL ERROR in linux-usb.c at line 609 Cannot find UPS device -- For a link to detailed USB trouble shooting information, please see <http: www.apcupsd.com="" support.html="">. May 15 11:28:04 asus daemon.err apcupsd[20061]: apcupsd error shutdown completed May 15 11:28:06 asus daemon.err nmbd[20246]: Samba server ASUS is now a domain master browser for workgroup WORKGROUP on subnet 192.168.1.1 May 15 11:28:20 asus daemon.err nmbd[20246]: Samba name server ASUS is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.1 May 15 11:48:52 asus daemon.notice openvpn[19494]: SIGUSR1[soft,ping-restart] received, process restarting May 15 11:48:52 asus daemon.notice openvpn[19494]: Restart pause, 2 second(s) May 15 11:48:54 asus daemon.notice openvpn[19494]: Socket Buffers: R=[114688->131072] S=[114688->131072] May 15 11:48:54 asus daemon.notice openvpn[19494]: UDPv4 link local: [undef] May 15 11:48:54 asus daemon.notice openvpn[19494]: UDPv4 link remote: [AF_INET]185.46.154.10:1194 May 15 11:48:54 asus daemon.notice openvpn[19494]: TLS: Initial packet from [AF_INET]185.46.154.10:1194, sid=c0c92ef6 c98e54af May 15 11:48:54 asus daemon.notice openvpn[19494]: VERIFY OK: depth=1, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=internal-ca May 15 11:48:54 asus daemon.notice openvpn[19494]: VERIFY X509NAME OK: /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 11:48:54 asus daemon.notice openvpn[19494]: VERIFY OK: depth=0, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 11:48:54 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 11:48:54 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 11:48:54 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 11:48:54 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 11:48:54 asus daemon.notice openvpn[19494]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA May 15 11:48:54 asus daemon.notice openvpn[19494]: [ovpns1] Peer Connection Initiated with [AF_INET]185.46.154.10:1194 May 15 11:48:57 asus daemon.notice openvpn[19494]: SENT CONTROL [ovpns1]: 'PUSH_REQUEST' (status=1) May 15 11:48:57 asus daemon.notice openvpn[19494]: PUSH: Received control message: 'PUSH_REPLY,route 10.10.12.0 255.255.255.0,route 10.10.10.0 255.255.255.0,route 10.0.8.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5' May 15 11:48:57 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: timers and/or timeouts modified May 15 11:48:57 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: --ifconfig/up options modified May 15 11:48:57 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: route options modified May 15 11:48:57 asus daemon.notice openvpn[19494]: Preserving previous TUN/TAP instance: tun11 May 15 11:48:57 asus daemon.notice openvpn[19494]: Initialization Sequence Completed May 15 12:00:01 asus syslog.info root: -- MARK -- May 15 12:14:35 asus daemon.notice openvpn[19494]: [ovpns1] Inactivity timeout (--ping-restart), restarting May 15 12:14:35 asus daemon.notice openvpn[19494]: SIGUSR1[soft,ping-restart] received, process restarting May 15 12:14:35 asus daemon.notice openvpn[19494]: Restart pause, 2 second(s) May 15 12:14:37 asus daemon.notice openvpn[19494]: Socket Buffers: R=[114688->131072] S=[114688->131072] May 15 12:14:37 asus daemon.notice openvpn[19494]: UDPv4 link local: [undef] May 15 12:14:37 asus daemon.notice openvpn[19494]: UDPv4 link remote: [AF_INET]185.46.154.10:1194 May 15 12:14:37 asus daemon.notice openvpn[19494]: TLS: Initial packet from [AF_INET]185.46.154.10:1194, sid=6a0f4c0b 105b006b May 15 12:14:37 asus daemon.notice openvpn[19494]: VERIFY OK: depth=1, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=internal-ca May 15 12:14:37 asus daemon.notice openvpn[19494]: VERIFY X509NAME OK: /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 12:14:37 asus daemon.notice openvpn[19494]: VERIFY OK: depth=0, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 12:14:37 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 12:14:37 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 12:14:37 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 12:14:37 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 12:14:37 asus daemon.notice openvpn[19494]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA May 15 12:14:37 asus daemon.notice openvpn[19494]: [ovpns1] Peer Connection Initiated with [AF_INET]185.46.154.10:1194 May 15 12:14:39 asus daemon.notice openvpn[19494]: SENT CONTROL [ovpns1]: 'PUSH_REQUEST' (status=1) May 15 12:14:39 asus daemon.notice openvpn[19494]: PUSH: Received control message: 'PUSH_REPLY,route 10.10.12.0 255.255.255.0,route 10.10.10.0 255.255.255.0,route 10.0.8.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5' May 15 12:14:39 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: timers and/or timeouts modified May 15 12:14:39 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: --ifconfig/up options modified May 15 12:14:39 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: route options modified May 15 12:14:39 asus daemon.notice openvpn[19494]: Preserving previous TUN/TAP instance: tun11 May 15 12:14:39 asus daemon.notice openvpn[19494]: Initialization Sequence Completed May 15 12:46:02 asus daemon.notice openvpn[19494]: OpenVPN STATISTICS May 15 12:46:02 asus daemon.notice openvpn[19494]: Updated,Fri May 15 12:46:02 2015 May 15 12:46:02 asus daemon.notice openvpn[19494]: TUN/TAP read bytes,2250700 May 15 12:46:02 asus daemon.notice openvpn[19494]: TUN/TAP write bytes,116667 May 15 12:46:02 asus daemon.notice openvpn[19494]: TCP/UDP read bytes,189008 May 15 12:46:02 asus daemon.notice openvpn[19494]: TCP/UDP write bytes,2366467 May 15 12:46:02 asus daemon.notice openvpn[19494]: Auth read bytes,119499 May 15 12:46:02 asus daemon.notice openvpn[19494]: END May 15 12:55:44 asus daemon.notice openvpn[19494]: OpenVPN STATISTICS May 15 12:55:44 asus daemon.notice openvpn[19494]: Updated,Fri May 15 12:55:44 2015 May 15 12:55:44 asus daemon.notice openvpn[19494]: TUN/TAP read bytes,3281732 May 15 12:55:44 asus daemon.notice openvpn[19494]: TUN/TAP write bytes,187984 May 15 12:55:44 asus daemon.notice openvpn[19494]: TCP/UDP read bytes,291033 May 15 12:55:44 asus daemon.notice openvpn[19494]: TCP/UDP write bytes,3447298 May 15 12:55:44 asus daemon.notice openvpn[19494]: Auth read bytes,191648 May 15 12:55:44 asus daemon.notice openvpn[19494]: END May 15 13:00:01 asus syslog.info root: -- MARK -- May 15 13:05:42 asus daemon.notice openvpn[19494]: [ovpns1] Inactivity timeout (--ping-restart), restarting May 15 13:05:42 asus daemon.notice openvpn[19494]: SIGUSR1[soft,ping-restart] received, process restarting May 15 13:05:42 asus daemon.notice openvpn[19494]: Restart pause, 2 second(s) May 15 13:05:44 asus daemon.notice openvpn[19494]: Socket Buffers: R=[114688->131072] S=[114688->131072] May 15 13:05:44 asus daemon.notice openvpn[19494]: UDPv4 link local: [undef] May 15 13:05:44 asus daemon.notice openvpn[19494]: UDPv4 link remote: [AF_INET]185.46.154.10:1194 May 15 13:05:44 asus daemon.notice openvpn[19494]: TLS: Initial packet from [AF_INET]185.46.154.10:1194, sid=5fe42e41 12463aca May 15 13:05:44 asus daemon.notice openvpn[19494]: VERIFY OK: depth=1, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=internal-ca May 15 13:05:44 asus daemon.notice openvpn[19494]: VERIFY X509NAME OK: /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 13:05:44 asus daemon.notice openvpn[19494]: VERIFY OK: depth=0, /C=RU/ST=Moscow/L=Moscow/O=Interkom/emailAddress=dimka.ermakov@gmail.com/CN=ovpns1 May 15 13:05:45 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 13:05:45 asus daemon.notice openvpn[19494]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 13:05:45 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key May 15 13:05:45 asus daemon.notice openvpn[19494]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication May 15 13:05:45 asus daemon.notice openvpn[19494]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA May 15 13:05:45 asus daemon.notice openvpn[19494]: [ovpns1] Peer Connection Initiated with [AF_INET]185.46.154.10:1194 May 15 13:05:47 asus daemon.notice openvpn[19494]: SENT CONTROL [ovpns1]: 'PUSH_REQUEST' (status=1) May 15 13:05:47 asus daemon.notice openvpn[19494]: PUSH: Received control message: 'PUSH_REPLY,route 10.10.12.0 255.255.255.0,route 10.10.10.0 255.255.255.0,route 10.0.8.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5' May 15 13:05:47 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: timers and/or timeouts modified May 15 13:05:47 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: --ifconfig/up options modified May 15 13:05:47 asus daemon.notice openvpn[19494]: OPTIONS IMPORT: route options modified May 15 13:05:47 asus daemon.notice openvpn[19494]: Preserving previous TUN/TAP instance: tun11 May 15 13:05:47 asus daemon.notice openvpn[19494]: Initialization Sequence Completed</http:>