Доброго времени суток, мучаюсь уже неделю не пойму в чем причина. Имеется статический ip, на роутере (dlink dir825acg1) ip малины стоит в дмз, еще в придачу стоит настройка виртуальный сервер с портами 500 и 4500 и в ip фильтре разрешены подключения по этим портам на ip малины, т.е. по идее файрволл на роутере настроен отлично, далее у провайдера (билайн) в личном кабинете файрволл отключен. На самой малине iptables выключен или включен, но с фильтром по портам 500 и 4500 и в любом случае вижу картину у клиента https://yadi.sk/i/SDNmDMqN3Ua9QV У сервера в /var/log/auth.log https://pastebin.com/embed_iframe/Lpkcgnhw
Apr 19 21:17:38 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: received and ignored informational message
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: the peer proposed: xx.248.5/32:17/1701 -> 192.168.0.100/32:17/1701
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: responding to Quick Mode proposal {msgid:04000000}
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: us: 192.168.1.254<192.168.1.254>[+S=C]:17/1701
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: them: xx.152.130[192.168.0.100,+S=C]:17/1701===192.168.0.100/32
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: keeping refhim=4294901761 during rekey
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 19 21:17:41 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 19 21:17:42 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 19 21:17:42 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 19 21:17:42 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #5: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xce794744 <0x61a9e5e0 xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.100 NATD= xx.152.130:10242 DPD$
Apr 19 21:17:42 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: received Delete SA(0x03f2f3c2) payload: deleting IPSEC State #4
Apr 19 21:17:42 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: received and ignored informational message
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: the peer proposed: xx.248.5/32:17/1701 -> 192.168.0.100/32:17/1701
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: responding to Quick Mode proposal {msgid:05000000}
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: us: 192.168.1.254<192.168.1.254>[+S=C]:17/1701
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: them: xx.152.130[192.168.0.100,+S=C]:17/1701===192.168.0.100/32
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: keeping refhim=4294901761 during rekey
Apr 19 21:17:49 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #6: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x28328236 <0x0bb3eece xfrm=AES_256-HMAC_SHA1 NATOA=192.168.0.100 NATD= xx.152.130:10242 DPD$
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: received Delete SA(0xce794744) payload: deleting IPSEC State #5
Apr 19 21:17:50 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: received and ignored informational message
Apr 19 21:17:59 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: the peer proposed: xx.248.5/32:17/1701 -> 192.168.0.100/32:17/1701
Apr 19 21:17:59 raspberrypi pluto[643]: "L2TP-PSK-NAT"[2] xx.152.130 #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Удалось 1 раз подключиться из работы на windows server 2008, но больше никак, пытался на разных устройствах с разными провайдерами Подскажите пожалуйста, в чем проблема, может я как-то не до конца открыл порты? nmap говорит:
pi@raspberrypi:~ $ sudo nmap -v 127.0.0.1
Starting Nmap 7.40 ( https://nmap.org ) at 2018-04-19 21:51 +07
Initiating SYN Stealth Scan at 21:51
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 22/tcp on 127.0.0.1
Completed SYN Stealth Scan at 21:51, 7.99s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00043s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 9.07 seconds
Raw packets sent: 1217 (53.548KB) | Rcvd: 1217
(48.684KB)
