айпи - белый, айпи - серый. IPSec не получается

Обсуждение ПО и его настройки
Ответить
maks48
Сообщения: 40
Зарегистрирован: 10 фев 2014, 08:06

Инициатор соединения длинк с серым динамическим адресом
 лог соединения
*******************************
2014/04/04 08:39:04
*******************************
Apr 4 08:34:30 O3G/hotplug: Found [067b 2303] at Port:[1]
Apr 4 08:34:30 O3G/hotplug: do nothing
Apr 4 08:34:30 BEID: BEID STATUS : 0 , STATUS OK!
Apr 4 08:34:31 syslog: Failure parsing line 12 of /etc/udhcpd.conf
Apr 4 08:34:31 syslog: server_config.pool_check = 1
Apr 4 08:34:31 syslog: start = 192.168.2.2, end = 192.168.2.120, lan_ip = 192.168.2.1, interface=br0, ifindex=0
Apr 4 08:34:31 udhcpd[544]: udhcpd (v0.9.9-pre) started
Apr 4 08:34:43 commander: Init NAT Server ...
Apr 4 08:34:47 commander: Start UPNP Daemon !!
Apr 4 08:34:47 xl2tpd[2196]: setsockopt recvref[30]: Protocol not available
Apr 4 08:34:47 xl2tpd[2196]: Using l2tp kernel support.
Apr 4 08:34:47 xl2tpd[2197]: xl2tpd version xl2tpd-1.3.1 started on RT305XL PID:2197
Apr 4 08:34:47 xl2tpd[2197]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 4 08:34:47 xl2tpd[2197]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 4 08:34:47 xl2tpd[2197]: Inherited by Jeff McAdams, (C) 2002
Apr 4 08:34:47 xl2tpd[2197]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr 4 08:34:47 xl2tpd[2197]: Listening on IP address 0.0.0.0, port 1701
Apr 4 08:34:52 init: Starting pid 2846, console /dev/ttyS0: '/bin/ash'
Apr 4 08:34:53 commander: STOP WANTYPE 3G
Apr 4 08:34:58 O3G/hotplug: Found [19d2 0016] at Port:[0]
Apr 4 08:34:58 O3G/hotplug: 3G modem VendorID=19d2 ProductID=0016
Apr 4 08:35:00 syslog[2129]: sendto error: 8.8.8.8:
Apr 4 08:35:00 syslog[2129]: Deactivating DNS server 8.8.8.8
Apr 4 08:35:00 syslog[2129]: Setting server 4.2.2.2 for domain (default)
Apr 4 08:35:00 syslog[2129]: sendto error: 4.2.2.2:
Apr 4 08:35:00 syslog[2129]: Deactivating DNS server 4.2.2.2
Apr 4 08:35:00 syslog[2129]: No active servers for domain (default)
Apr 4 08:35:02 O3G/hotplug: [0x19d2 0x0016] link device node (/dev/ttyXXXooo) to /dev/modem
Apr 4 08:35:09 syslog[2129]: sendto error: 8.8.8.8:
Apr 4 08:35:09 syslog[2129]: sendto error: 4.2.2.2:
Apr 4 08:35:16 commander: START WANTYPE 3G
Apr 4 08:35:19 syslog[2129]: sendto error: 8.8.8.8:
Apr 4 08:35:19 syslog[2129]: sendto error: 4.2.2.2:
Apr 4 08:35:21 pppd[4873]: pppd 2.4.4 started by root, uid 0
Apr 4 08:35:21 chat[4888]: abort on (BUSY)
Apr 4 08:35:21 chat[4888]: abort on (NO CARRIER)
Apr 4 08:35:21 chat[4888]: abort on (ERROR)
Apr 4 08:35:21 chat[4888]: timeout set to 10 seconds
Apr 4 08:35:21 chat[4888]: send (AT^M)
Apr 4 08:35:21 chat[4888]: expect (OK)
Apr 4 08:35:21 chat[4888]: AT^M^M
Apr 4 08:35:21 chat[4888]: OK
Apr 4 08:35:21 chat[4888]: -- got it
Apr 4 08:35:21 chat[4888]: send (AT+CGDCONT=1,"IP","internet.mts.ru"^M)
Apr 4 08:35:22 chat[4888]: expect (OK)
Apr 4 08:35:22 chat[4888]: ^M
Apr 4 08:35:22 chat[4888]: AT+CGDCONT=1,"IP","internet.mts.ru"^M^M
Apr 4 08:35:22 chat[4888]: OK
Apr 4 08:35:22 chat[4888]: -- got it
Apr 4 08:35:22 chat[4888]: send (ATDT*99#^M)
Apr 4 08:35:22 chat[4888]: expect (CONNECT)
Apr 4 08:35:22 chat[4888]: ^M
Apr 4 08:35:22 chat[4888]: ATDT*99#^M^M
Apr 4 08:35:22 chat[4888]: CONNECT
Apr 4 08:35:22 chat[4888]: -- got it
Apr 4 08:35:22 chat[4888]: send (^M)
Apr 4 08:35:22 pppd[4873]: Serial connection established.
Apr 4 08:35:22 pppd[4873]: Using interface ppp0
Apr 4 08:35:22 pppd[4873]: Connect: ppp0 <--> /dev/modem
Apr 4 08:35:23 pppd[4873]: CHAP authentication succeeded
Apr 4 08:35:23 pppd[4873]: CHAP authentication succeeded
Apr 4 08:35:25 pppd[4873]: Could not determine remote IP address: defaulting to 10.64.64.64
Apr 4 08:35:25 pppd[4873]: local IP address 10.169.51.147
Apr 4 08:35:25 pppd[4873]: remote IP address 10.64.64.64
Apr 4 08:35:25 pppd[4873]: primary DNS address 213.87.1.1
Apr 4 08:35:25 pppd[4873]: secondary DNS address 213.87.0.1
Apr 4 08:35:26 O3G/3g-status: 3G is connected and running on interface ppp0
Apr 4 08:35:26 O3G/3g-status: IP address :10.169.51.147
Apr 4 08:35:26 O3G/3g-status: default gateway :10.64.64.64
Apr 4 08:35:26 O3G/3g-status: primary DNS address :213.87.1.1
Apr 4 08:35:26 O3G/3g-status: secondary DNS address :213.87.0.1
Apr 4 08:35:33 commander: WAN IP is changed and GRE tunnel need resatsrt
Apr 4 08:35:35 commander: Restart UPNP Daemon !!
Apr 4 08:35:37 xl2tpd[8190]: setsockopt recvref[30]: Protocol not available
Apr 4 08:35:37 xl2tpd[8190]: Using l2tp kernel support.
Apr 4 08:35:37 xl2tpd[8191]: xl2tpd version xl2tpd-1.3.1 started on dlinkrouter PID:8191
Apr 4 08:35:37 xl2tpd[8191]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 4 08:35:37 xl2tpd[8191]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 4 08:35:37 xl2tpd[8191]: Inherited by Jeff McAdams, (C) 2002
Apr 4 08:35:37 xl2tpd[8191]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr 4 08:35:37 xl2tpd[8191]: Listening on IP address 0.0.0.0, port 1701
Apr 4 08:35:39 ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.36...
Apr 4 08:35:39 syslog: Add Interface: br0
Apr 4 08:35:39 syslog: Interface: ppp0 is not lan
Apr 4 08:35:39 ipsec_setup: Using NETKEY(XFRM) stack
Apr 4 08:35:41 commander: Main WAN status changed ! ...
Apr 4 08:35:41 commander: Restart NAT Server (WAN: wanx, FUNC: ALL)...
Apr 4 08:35:44 ipsec__plutorun: Starting Pluto subsystem...
Apr 4 08:35:44 ipsec_setup: ...Openswan IPsec started
Apr 4 08:35:44 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr 4 08:35:44 syslog: adjusting ipsec.d to /etc/ipsec.d
Apr 4 08:35:44 pluto[9752]: WARNING: 1DES is enabled
Apr 4 08:35:44 pluto[9752]: LEAK_DETECTIVE support [disabled]
Apr 4 08:35:44 pluto[9752]: OCF support for IKE [disabled]
Apr 4 08:35:44 pluto[9752]: NSS support [disabled]
Apr 4 08:35:44 pluto[9752]: HAVE_STATSD notification support not compiled in
Apr 4 08:35:44 pluto[9752]: Setting NAT-Traversal port-4500 floating to on
Apr 4 08:35:44 pluto[9752]: port floating activation criteria nat_t=1/port_float=1
Apr 4 08:35:44 pluto[9752]: NAT-Traversal support [enabled] [Force KeepAlive]
Apr 4 08:35:44 pluto[9752]: using /dev/urandom as source of random entropy
Apr 4 08:35:44 pluto[9752]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 4 08:35:44 pluto[9752]: starting up 1 cryptographic helpers
Apr 4 08:35:44 pluto[9752]: started helper pid=9873 (fd:5)
Apr 4 08:35:44 pluto[9873]: using /dev/urandom as source of random entropy
Apr 4 08:35:45 pluto[9752]: Using Linux 2.6 IPsec interface code on 2.6.36 (experimental code)
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Apr 4 08:35:49 pluto[9752]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Apr 4 08:35:49 pluto[9752]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Apr 4 08:35:49 pluto[9752]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Apr 4 08:35:49 pluto[9752]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Apr 4 08:35:49 pluto[9752]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Apr 4 08:35:49 pluto[9752]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Apr 4 08:35:50 pluto[9752]: added connection description "9"
Apr 4 08:35:50 ipsec__plutorun: 002 added connection description "9"
Apr 4 08:35:51 pluto[9752]: listening for IKE messages
Apr 4 08:35:51 pluto[9752]: adding interface ppp0/ppp0 10.169.51.147:500
Apr 4 08:35:51 pluto[9752]: adding interface ppp0/ppp0 10.169.51.147:4500
Apr 4 08:35:51 pluto[9752]: adding interface br0/br0 192.168.2.1:500
Apr 4 08:35:51 pluto[9752]: adding interface br0/br0 192.168.2.1:4500
Apr 4 08:35:51 pluto[9752]: adding interface lo/lo 127.0.0.1:500
Apr 4 08:35:51 pluto[9752]: adding interface lo/lo 127.0.0.1:4500
Apr 4 08:35:51 pluto[9752]: adding interface lo/lo ::1:500
Apr 4 08:35:51 pluto[9752]: loading secrets from "/etc/ipsec.secrets"
Apr 4 08:35:52 pluto[9752]: "9" #1: initiating Main Mode
Apr 4 08:35:52 ipsec__plutorun: 104 "9" #1: STATE_MAIN_I1: initiate
Apr 4 08:35:54 pluto[9752]: "9" #1: received Vendor ID payload [RFC 3947] method set to=115
Apr 4 08:35:54 pluto[9752]: "9" #1: received Vendor ID payload [Dead Peer Detection]
Apr 4 08:35:54 pluto[9752]: "9" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Apr 4 08:35:55 pluto[9752]: "9" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 4 08:35:55 pluto[9752]: "9" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 4 08:35:55 pluto[9752]: "9" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
Apr 4 08:35:55 pluto[9752]: "9" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 4 08:35:55 pluto[9752]: "9" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 4 08:35:55 pluto[9752]: "9" #1: Main mode peer ID is ID_IPV4_ADDR: '195.34...'
Apr 4 08:35:55 pluto[9752]: "9" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 4 08:35:55 pluto[9752]: "9" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp1024}
Apr 4 08:35:55 pluto[9752]: "9" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+SAREFTRACK {using isakmp#1 msgid:181c8301 proposal=DES(2)_064-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1024}
Apr 4 08:35:56 pluto[9752]: "9" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 4 08:35:56 pluto[9752]: "9" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x09a7aa6b <0x399c8d19 xfrm=DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}


 конфиг микротика
[admin@MikroTik] > export compact
# apr/04/2014 08:49:54 by RouterOS 5.26
# software id = A7PH-MA4Z
#
/interface bridge
add admin-mac= auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 \
mode=ap-bridge ssid=MikroTik-E0AC63 wireless-protocol=any
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=dostup_k_internet password= use-peer-dns=yes user=\

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key= \
wpa2-pre-shared-key=
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=des
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=bridge-local
/ip dhcp-client
add comment="default configuration" interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" dns-server=195.34.224.1 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input dst-port=4500 port="" protocol=udp
add chain=input dst-port=500 protocol=udp
add chain=input dst-port=1701 port="" protocol=udp
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add chain=input protocol=ipsec-esp
add action=drop chain=input disabled=yes in-interface=bridge-local protocol=tcp src-address=192.168.0.1
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=input new-packet-mark=ipsec-esp passthrough=no
/ip firewall nat
add chain=srcnat protocol=ipsec-esp
add chain=srcnat dst-address=192.168.2.0/24 out-interface=dostup_k_internet src-address=192.168.0.0/24
add action=masquerade chain=srcnat out-interface=dostup_k_internet
/ip ipsec peer
add enc-algorithm=des generate-policy=yes nat-traversal=yes secret=password send-initial-contact=no
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
/special-login
add
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.21.78.8 secondary-ntp=62.173.138.130
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 178.234.0.108 1
1 ADC 178.234.0.108/32 195.34... dostup_k_internet 0
2 ADC 192.168.0.0/24 192.168.0.1 bridge-local 0

[admin@MikroTik] > ip ipsec peer print
Flags: X - disabled
0 address=0.0.0.0/0 port=500 auth-method=pre-shared-key secret="password" generate-policy=yes exchange-mode=main
send-initial-contact=no nat-traversal=yes my-id-user-fqdn="" proposal-check=obey hash-algorithm=md5 enc-algorithm=des
dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] >

[admin@MikroTik] > ip ipsec policy print
Flags: X - disabled, D - dynamic, I - inactive
0 D src-address=213.87.129.108/32 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=195.34... sa-dst-address=213.87.129.108 proposal=default priority=2

1 D src-address=213.87.129.108/32 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=195.34... sa-dst-address=213.87.129.108 proposal=default priority=2

2 D src-address=192.168.0.0/24 src-port=any dst-address=213.87.129.108/32 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=213.87.129.108 sa-dst-address=195.34... proposal=default priority=2

3 D src-address=213.87.137.238/32 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=195.34... sa-dst-address=213.87.137.238 proposal=default priority=2

4 D src-address=213.87.137.238/32 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=195.34... sa-dst-address=213.87.137.238 proposal=default priority=2

5 D src-address=192.168.0.0/24 src-port=any dst-address=213.87.137.238/32 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=213.87.137.238 sa-dst-address=195.34... proposal=default priority=2

[admin@MikroTik] > ip ipsec installed-sa print
Flags: A - AH, E - ESP, P - pfs
0 E spi=0x9A7AA6B src-address=213.87.137.238 dst-address=195.34... auth-algorithm=md5 enc-algorithm=des replay=4
state=mature auth-key="62be2daed1176033b9ede18bc104dc8a" enc-key="a66c6755b66340b2" addtime=apr/04/2014 08:39:56
expires-in=36m6s add-lifetime=48m/1h current-bytes=772

1 E spi=0x399C8D19 src-address=195.34... dst-address=213.87.137.238 auth-algorithm=md5 enc-algorithm=des replay=4
state=mature auth-key="13108ef3ce44285f28ab269783c31aaa" enc-key="de6a560b7498a31e" add-lifetime=48m/1h
[admin@MikroTik] >


[admin@MikroTik] > ip ipsec statistic print
in-errors: 0
in-buffer-errors: 0
in-header-errors: 0
in-no-states: 0
in-state-protocol-errors: 0
in-state-mode-errors: 0
in-state-sequence-errors: 0
in-state-expired: 0
in-state-mismatches: 0
in-state-invalid: 0
in-template-mismatches: 0
in-no-policies: 13 <- пинги из сети за длинком в сеть за микротиком
in-policy-blocked: 0
in-policy-errors: 0
out-errors: 0
out-bundle-errors: 0
out-bundle-check-errors: 0
out-no-states: 0
out-state-protocol-errors: 0
out-state-mode-errors: 0
out-state-sequence-errors: 0
out-state-expired: 0
out-policy-blocked: 0
out-policy-dead: 0
out-policy-errors: 0
[admin@MikroTik] >


Нужно из сети за микротиком иметь доступ к сети за длинком. Пока даже пинги не ходят. Такое соединение работоспособно?
Почему политик создалось так много? Адрес какой-то непонятный...


vqd
Модератор
Сообщения: 3605
Зарегистрирован: 26 сен 2013, 14:20
Откуда: НСК
Контактная информация:

Ип сек как и другие ip2ip тоннели работают только при прямой маршрутизации между точками.
Если простым языком то со стороны двух точек должен быть белый ИП


Есть интересная задача и бюджет? http://mikrotik.site
maks48
Сообщения: 40
Зарегистрирован: 10 фев 2014, 08:06

NAT-T не поможет? Есть на обоих железках


gmx
Модератор
Сообщения: 3290
Зарегистрирован: 01 окт 2012, 14:48

NAT поможет, но внешние IP должны быть белыми.


Vladimir22
Сообщения: 561
Зарегистрирован: 09 дек 2012, 17:12

поднимите PPTP . все хорошо маршрутизируется


Ответить