ASUSWRT-Merlin RT-AC86U 384.15_0 Sat Feb 8 18:41:28 UTC 2020
RT-AC86U:/tmp/home/root# ip route show table ovpnc1
default via 10.26.0.21 dev tun11
10.26.0.21 dev tun11 proto kernel scope link src 10.26.0.22
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
RT-AC86U:/tmp/home/root# ip rule
0: from all lookup local
10101: from 192.168.1.246 lookup ovpnc1
10102: from 192.168.1.137 lookup ovpnc1
10103: from 192.168.1.35 lookup ovpnc1
10104: from 192.168.1.215 lookup ovpnc1
10105: from 192.168.1.45 lookup ovpnc1
10106: from 192.168.1.88 lookup ovpnc1
10108: from 10.10.10.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default
RT-AC86U:/tmp/home/root# ip route show table 220 (Nothing happened here)
RT-AC86U:/tmp/home/root# ipsec statusall (Run before mobile phone connected to IPSec tunnel)
Status of IKE charon daemon (weakSwan 5.7.2, Linux 4.1.27, aarch64):
uptime: 47 minutes, since Apr 02 19:29:17 2020
malloc: sbrk 675840, mmap 0, used 204688, free 471152
worker threads: 3 of 8 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 agent xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Virtual IP pools (size/online/offline):
10.10.10.0/24: 254/0/0
10.10.11.0/24: 254/0/1
Listening IP addresses:
8x.1x.14x.12x
10.26.0.22
Connections:
Host-to-Net: 8x.1x.14x.12x...%any IKEv1, dpddelay=10s
Host-to-Net: local: [8x.1x.14x.12x] uses pre-shared key authentication
Host-to-Net: remote: uses pre-shared key authentication
Host-to-Net: remote: uses XAuth authentication: any
Host-to-Net: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
IKEv2-EAP: 8x.1x.14x.12x...%any IKEv2, dpddelay=10s
IKEv2-EAP: local: [myddns.asuscomm.com] uses public key authentication
IKEv2-EAP: cert: "CN=myddns.asuscomm.com"
IKEv2-EAP: remote: uses EAP_MSCHAPV2 authentication with EAP identity '%any'
IKEv2-EAP: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
none
RT-AC86U:/tmp/home/root#
RT-AC86U:/tmp/home/root# ipsec statusall (Run after mobile phone connected to IPSec tunnel)
Status of IKE charon daemon (weakSwan 5.7.2, Linux 4.1.27, aarch64):
uptime: 49 minutes, since Apr 02 19:29:17 2020
malloc: sbrk 675840, mmap 0, used 221656, free 454184
worker threads: 3 of 8 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 agent xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Virtual IP pools (size/online/offline):
10.10.10.0/24: 254/0/0
10.10.11.0/24: 254/1/0
Listening IP addresses:
8x.1x.14x.12x
10.26.0.22
Connections:
Host-to-Net: 8x.1x.14x.12x...%any IKEv1, dpddelay=10s
Host-to-Net: local: [8x.1x.14x.12x] uses pre-shared key authentication
Host-to-Net: remote: uses pre-shared key authentication
Host-to-Net: remote: uses XAuth authentication: any
Host-to-Net: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
IKEv2-EAP: 8x.1x.14x.12x...%any IKEv2, dpddelay=10s
IKEv2-EAP: local: [myddns.asuscomm.com] uses public key authentication
IKEv2-EAP: cert: "CN=myddns.asuscomm.com"
IKEv2-EAP: remote: uses EAP_MSCHAPV2 authentication with EAP identity '%any'
IKEv2-EAP: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
IKEv2-EAP[3]: ESTABLISHED 4 seconds ago, 8x.1x.14x.12x[myddns.asuscomm.com]...14x.25x.12x.12x[password1]
IKEv2-EAP[3]: IKEv2 SPIs: password1_i password2_r*, rekeying disabled
IKEv2-EAP[3]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
IKEv2-EAP{3}: INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: c3b92f54_i 1dc55c2d_o
IKEv2-EAP{3}: AES_CBC_128/HMAC_SHA2_256_128, 2542 bytes_i (30 pkts, 0s ago), 8782 bytes_o (27 pkts, 1s ago), rekeying disabled
IKEv2-EAP{3}: 0.0.0.0/0 === 10.10.11.1/32