ie-fw1.thermeon.eu Tue Oct 10 22:22:38 BST 2006 + _________________________ version + ipsec --version Linux Openswan 2.4.7dr1 (klips) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.18 (root@ie-fw1.thermeon.eu) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-3)) #1 SMP Tue Oct 10 21:21:32 BST 2006 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + sort -sg +3 /proc/net/ipsec_eroute 9 192.168.242.0/24 -> 192.168.234.0/24 => tun0x1002@212.159.53.154 + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.254.252 0.0.0.0 255.255.255.252 U 0 0 0 eth2 81.17.242.80 0.0.0.0 255.255.255.252 U 0 0 0 eth1 81.17.242.8 0.0.0.0 255.255.255.252 U 0 0 0 eth1 81.17.242.8 0.0.0.0 255.255.255.252 U 0 0 0 ipsec0 192.168.242.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.234.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 0.0.0.0 81.17.242.9 0.0.0.0 UG 0 0 0 eth1 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + cat /proc/net/ipsec_spi tun0x1001@81.17.242.10 IPIP: dir=in src=212.159.53.154 policy=192.168.234.0/24->192.168.242.0/24 flags=0x8<> life(c,s,h)=addtime(201,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=8 esp0xe62345c5@212.159.53.154 ESP_AES_HMAC_SHA1: dir=out src=81.17.242.10 iv_bits=128bits iv=0x6f5947ed5a112c45831290eb4c0f0f64 ooowin=64 seq=9 alen=160 aklen=160 eklen=128 life(c,s,h)=bytes(1368,0,0)addtime(201,0,0)usetime(34,0,0)packets(9,0,0) idle=26 natencap=none natsport=0 natdport=0 refcount=4 ref=18 comp0xe08e@212.159.53.154 COMP_DEFLATE: dir=out src=81.17.242.10 life(c,s,h)=bytes(936,0,0)addtime(201,0,0)usetime(34,0,0)packets(9,0,0) idle=26 ratio=936:936 natencap=none natsport=0 natdport=0 refcount=5 ref=17 comp0xb5a8@81.17.242.10 COMP_DEFLATE: dir=in src=212.159.53.154 life(c,s,h)=addtime(201,0,0) natencap=none natsport=0 natdport=0 refcount=5 ref=9 tun0x1002@212.159.53.154 IPIP: dir=out src=81.17.242.10 life(c,s,h)=bytes(936,0,0)addtime(201,0,0)usetime(34,0,0)packets(9,0,0) idle=26 natencap=none natsport=0 natdport=0 refcount=13 ref=16 esp0x4dd101e7@81.17.242.10 ESP_AES_HMAC_SHA1: dir=in src=212.159.53.154 iv_bits=128bits iv=0x8afd7ed2f8cdfccc1e4b7a54f8ca5317 ooowin=64 alen=160 aklen=160 eklen=128 life(c,s,h)=addtime(201,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=10 + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + cat /proc/net/ipsec_spigrp tun0x1001@81.17.242.10 comp0xb5a8@81.17.242.10 esp0x4dd101e7@81.17.242.10 tun0x1002@212.159.53.154 comp0xe08e@212.159.53.154 esp0xe62345c5@212.159.53.154 + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + cat /proc/net/ipsec_tncfg ipsec0 -> eth1 mtu=1419(1500) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 ipsec2 -> NULL mtu=0(0) -> 0 ipsec3 -> NULL mtu=0(0) -> 0 + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + cd /proc/sys/net/ipsec + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check tos debug_ah:0 debug_eroute:0 debug_esp:0 debug_ipcomp:0 debug_netlink:0 debug_pfkey:0 debug_radij:0 debug_rcv:0 debug_spi:0 debug_tunnel:0 debug_verbose:0 debug_xform:0 icmp:1 inbound_policy_check:1 tos:1 + _________________________ ipsec/status + ipsec auto --status 000 interface ipsec0/eth1 81.17.242.10 000 interface ipsec0/eth1 81.17.242.10 000 %myid = (none) 000 debug none 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=64, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=64, keysizemin=128, keysizemax=128 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=64, keysizemin=96, keysizemax=448 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=128, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=128, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "iecollo-ukoffice": 192.168.242.0/24===81.17.242.10...212.159.53.154===192.168.234.0/24; erouted; eroute owner: #2 000 "iecollo-ukoffice": srcip=192.168.242.254; dstip=192.168.234.1; srcup=ipsec _updown; dstup=ipsec _updown; 000 "iecollo-ukoffice": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 10 000 "iecollo-ukoffice": policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface: eth1; encap: esp; 000 "iecollo-ukoffice": dpd: action:restart; delay:9; timeout:30; 000 "iecollo-ukoffice": newest ISAKMP SA: #1; newest IPsec SA: #2; 000 "iecollo-ukoffice": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 000 000 #2: "iecollo-ukoffice":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2295s; newest IPSEC; eroute owner 000 #2: "iecollo-ukoffice" esp.e62345c5@212.159.53.154 esp.4dd101e7@81.17.242.10 comp.e08e@212.159.53.154 comp.b5a8@81.17.242.10 tun.1002@212.159.53.154 tun.1001@81.17.242.10 000 #1: "iecollo-ukoffice":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27827s; newest ISAKMP; lastdpd=1s(seq in:21361 out:0) 000 + _________________________ ifconfig-a + ifconfig -a eql Link encap:Serial Line IP MASTER MTU:576 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:5 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth0 Link encap:Ethernet HWaddr 00:30:48:89:27:12 inet addr:192.168.242.254 Bcast:192.168.242.255 Mask:255.255.255.0 inet6 addr: fe80::230:48ff:fe89:2712/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4137 errors:0 dropped:0 overruns:0 frame:0 TX packets:2022 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:506625 (494.7 KiB) TX bytes:208158 (203.2 KiB) Base address:0x2000 Memory:c8200000-c8220000 eth1 Link encap:Ethernet HWaddr 00:30:48:89:27:13 inet addr:81.17.242.10 Bcast:81.17.242.11 Mask:255.255.255.252 inet6 addr: fe80::230:48ff:fe89:2713/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50062 errors:0 dropped:984 overruns:0 frame:0 TX packets:15130 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9767699 (9.3 MiB) TX bytes:4251444 (4.0 MiB) Base address:0x2020 Memory:c8220000-c8240000 eth1:0 Link encap:Ethernet HWaddr 00:30:48:89:27:13 inet addr:81.17.242.81 Bcast:81.17.242.83 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Base address:0x2020 Memory:c8220000-c8240000 eth1:1 Link encap:Ethernet HWaddr 00:30:48:89:27:13 inet addr:81.17.242.82 Bcast:81.17.242.83 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Base address:0x2020 Memory:c8220000-c8240000 eth2 Link encap:Ethernet HWaddr 00:05:5D:6B:A8:E2 inet addr:192.168.254.254 Bcast:192.168.254.255 Mask:255.255.255.252 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:201 gre0 Link encap:UNSPEC HWaddr 00-00-00-00-E3-B7-07-A4-00-00-00-00-00-00-00-00 NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec0 Link encap:Ethernet HWaddr 00:30:48:89:27:13 inet addr:81.17.242.10 Mask:255.255.255.252 inet6 addr: fe80::230:48ff:fe89:2713/64 Scope:Link UP RUNNING NOARP MTU:1419 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:3 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:1494 (1.4 KiB) ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ip6tnl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1460 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2952 errors:0 dropped:0 overruns:0 frame:0 TX packets:2952 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:510489 (498.5 KiB) TX bytes:510489 (498.5 KiB) shaper0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 [NO FLAGS] MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) tunl0 Link encap:IPIP Tunnel HWaddr NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:30:48:89:27:12 brd ff:ff:ff:ff:ff:ff inet 192.168.242.254/24 brd 192.168.242.255 scope global eth0 inet6 fe80::230:48ff:fe89:2712/64 scope link valid_lft forever preferred_lft forever 2: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:30:48:89:27:13 brd ff:ff:ff:ff:ff:ff inet 81.17.242.10/30 brd 81.17.242.11 scope global eth1 inet 81.17.242.81/30 brd 81.17.242.83 scope global eth1:0 inet 81.17.242.82/30 brd 81.17.242.83 scope global secondary eth1:1 inet6 fe80::230:48ff:fe89:2713/64 scope link valid_lft forever preferred_lft forever 3: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:05:5d:6b:a8:e2 brd ff:ff:ff:ff:ff:ff inet 192.168.254.254/30 brd 192.168.254.255 scope global eth2 4: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 5: shaper0: <> mtu 1500 qdisc noop qlen 10 link/ether 6: eql: mtu 576 qdisc noop qlen 5 link/slip 7: teql0: mtu 1500 qdisc noop qlen 100 link/void 8: tunl0: mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 9: gre0: mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 10: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 11: ip6tnl0: mtu 1460 qdisc noop link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 40: ipsec0: mtu 1419 qdisc pfifo_fast qlen 10 link/ether 00:30:48:89:27:13 brd ff:ff:ff:ff:ff:ff inet 81.17.242.10/30 brd 81.17.242.11 scope global ipsec0 inet6 fe80::230:48ff:fe89:2713/64 scope link valid_lft forever preferred_lft forever 41: ipsec1: mtu 0 qdisc noop qlen 10 link/void 42: ipsec2: mtu 0 qdisc noop qlen 10 link/void 43: ipsec3: mtu 0 qdisc noop qlen 10 link/void + _________________________ ip-route-list + ip route list 192.168.254.252/30 dev eth2 proto kernel scope link src 192.168.254.254 81.17.242.80/30 dev eth1 proto kernel scope link src 81.17.242.81 81.17.242.8/30 dev eth1 proto kernel scope link src 81.17.242.10 81.17.242.8/30 dev ipsec0 proto kernel scope link src 81.17.242.10 192.168.242.0/24 dev eth0 proto kernel scope link src 192.168.242.254 192.168.234.0/24 dev ipsec0 scope link src 192.168.242.254 169.254.0.0/16 dev eth2 scope link default via 81.17.242.9 dev eth1 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan 2.4.7dr1 (klips) Checking for IPsec support in kernel [OK] KLIPS detected, checking SElinux status [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking tun0x1002@212.159.53.154 from 192.168.242.0/24 to 192.168.234.0/24Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:50:43, model 10 rev 2 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:50:43, model 10 rev 2 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth2: no link product info: vendor 00:40:63, model 52 rev 4 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn ie-fw1.thermeon.eu + _________________________ hostname/ipaddress + hostname --ip-address 192.168.242.254 + _________________________ uptime + uptime 22:22:53 up 48 min, 2 users, load average: 0.10, 0.05, 0.05 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 8808 4299 18 0 4248 1068 wait S+ pts/1 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf 0 0 8889 8808 18 0 1660 460 pipe_w S+ pts/1 0:00 \_ egrep -i ppid|pluto|ipsec|klips 1 0 8382 1 25 0 2220 396 wait S pts/0 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive 20 --protostack auto --force_keepalive --disable_port_floating --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,v4:!192.168.242.0/24 --crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 1 0 8383 8382 25 0 2220 568 wait S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive 20 --protostack auto --force_keepalive --disable_port_floating --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,v4:!192.168.242.0/24 --crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 4 0 8384 8383 15 0 2496 1288 - S pts/0 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal --keep_alive 20 --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,v4:!192.168.242.0/24 --nhelpers 0 0 0 8387 8384 25 0 1476 272 - S pts/0 0:00 | \_ _pluto_adns 0 0 8386 8382 25 0 2224 1104 pipe_w S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 0 0 8385 1 24 0 1536 468 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults # no default route + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $ # This file: /usr/local/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup interfaces="ipsec0=eth1" overridemtu=1419 nhelpers=0 nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,v4:!192.168.242.0/24 keep_alive=20 # enable this if you see "failed to find any available worker" # Add connections here #< /etc/ipsec.d/thermeon/iecollo-ukoffice.conf 1 conn iecollo-ukoffice left=81.17.242.10 leftsubnet=192.168.242.0/24 leftsourceip=192.168.242.254 right=212.159.53.154 rightsubnet=192.168.234.0/24 rightsourceip=192.168.234.1 type=tunnel dpddelay=9 dpdtimeout=30 dpdaction=restart pfs=yes rekey=yes rekeymargin=600 rekeyfuzz=100% keylife=3600 keyingtries=10 ikelifetime=28800 compress=yes authby=secret auto=start #> /etc/ipsec.conf 25 #include /etc/ipsec.d/thermeon/iecollo-ukcollo.conf #include /etc/ipsec.d/thermeon/iecollo-uscollo.conf #include /etc/ipsec.d/thermeon/l2tp.conf #Disable Opportunistic Encryption #< /etc/ipsec.d/examples/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/local/share/doc/openswan/policygroups.html for details. # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 32 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 : RSA { # RSA 2192 bits ie-fw1.thermeon.eu Mon Oct 9 12:35:22 2006 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQOX/Eyzt] Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } # do not change the indenting of that "[sums to 7d9d...]" 81.17.242.10 193.109.194.98 : PSK "[sums to 8877...]" 81.17.242.10 212.159.53.154 : PSK "[sums to f408...]" 81.17.242.10 67.155.224.243 : PSK "[sums to dc48...]" 81.17.242.10 %any : PSK "[sums to e19c...]" #81.17.242.10 %any : RSA /etc/ipsec.d/private/ie-fw1.key "[sums to eb43...]" + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 000 000 List of X.509 CA Certificates: 000 000 Oct 10 22:19:16 2006, count: 1 000 subject: 'C=IE, ST=Dublin, L=Dublin, O=Thermeon Europe, OU=Support, CN=Thermeon Europe Irish CA, E=mark@thermeon.eu' 000 issuer: 'C=IE, ST=Dublin, L=Dublin, O=Thermeon Europe, OU=Support, CN=Thermeon Europe Irish CA, E=mark@thermeon.eu' 000 serial: 00 000 pubkey: 1024 RSA Key AwEAAcFqf 000 validity: not before Oct 09 16:31:50 2006 ok 000 not after Oct 06 16:31:50 2016 ok 000 subjkey: c7:f9:3c:08:b6:df:3d:8c:51:11:75:78:64:79:f2:39:e9:39:30:54 000 authkey: c7:f9:3c:08:b6:df:3d:8c:51:11:75:78:64:79:f2:39:e9:39:30:54 000 aserial: 00 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec total 236 -rwxr-xr-x 1 root root 15848 Oct 10 20:37 _confread -rwxr-xr-x 1 root root 15848 Oct 9 13:32 _confread.old -rwxr-xr-x 1 root root 13256 Oct 10 20:37 _copyright -rwxr-xr-x 1 root root 13252 Oct 9 13:32 _copyright.old -rwxr-xr-x 1 root root 2379 Oct 10 20:37 _include -rwxr-xr-x 1 root root 2379 Oct 9 13:32 _include.old -rwxr-xr-x 1 root root 1475 Oct 10 20:37 _keycensor -rwxr-xr-x 1 root root 1475 Oct 9 13:32 _keycensor.old -rwxr-xr-x 1 root root 3586 Oct 10 20:37 _plutoload -rwxr-xr-x 1 root root 3586 Oct 9 13:32 _plutoload.old -rwxr-xr-x 1 root root 7223 Oct 10 20:37 _plutorun -rwxr-xr-x 1 root root 7223 Oct 9 13:32 _plutorun.old -rwxr-xr-x 1 root root 12346 Oct 10 20:37 _realsetup -rwxr-xr-x 1 root root 12335 Oct 9 13:32 _realsetup.old -rwxr-xr-x 1 root root 1975 Oct 10 20:37 _secretcensor -rwxr-xr-x 1 root root 1975 Oct 9 13:32 _secretcensor.old -rwxr-xr-x 1 root root 10076 Oct 10 20:37 _startklips -rwxr-xr-x 1 root root 10076 Oct 9 13:32 _startklips.old -rwxr-xr-x 1 root root 13918 Oct 10 20:37 _updown -rwxr-xr-x 1 root root 13918 Oct 9 13:32 _updown.old -rwxr-xr-x 1 root root 15746 Oct 10 20:37 _updown_x509 -rwxr-xr-x 1 root root 15746 Oct 9 13:32 _updown_x509.old -rwxr-xr-x 1 root root 1942 Oct 10 20:37 ipsec_pr.template + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec total 6504 -rwxr-xr-x 1 root root 29227 Oct 10 20:37 _pluto_adns -rwxr-xr-x 1 root root 29219 Oct 9 13:32 _pluto_adns.old -rwxr-xr-x 1 root root 18891 Oct 10 20:37 auto -rwxr-xr-x 1 root root 18891 Oct 9 13:32 auto.old -rwxr-xr-x 1 root root 11355 Oct 10 20:37 barf -rwxr-xr-x 1 root root 11355 Oct 9 13:32 barf.old -rwxr-xr-x 1 root root 816 Oct 10 20:37 calcgoo -rwxr-xr-x 1 root root 816 Oct 9 13:32 calcgoo.old -rwxr-xr-x 1 root root 187218 Oct 10 20:37 eroute -rwxr-xr-x 1 root root 187114 Oct 9 13:32 eroute.old -rwxr-xr-x 1 root root 62503 Oct 10 20:37 ikeping -rwxr-xr-x 1 root root 62435 Oct 9 13:32 ikeping.old -rwxr-xr-x 1 root root 116227 Oct 10 20:37 klipsdebug -rwxr-xr-x 1 root root 116187 Oct 9 13:32 klipsdebug.old -rwxr-xr-x 1 root root 1833 Oct 10 22:16 livetest -rwxr-xr-x 1 root root 1833 Oct 10 14:17 livetest.old -rwxr-xr-x 1 root root 2605 Oct 10 20:37 look -rwxr-xr-x 1 root root 2605 Oct 9 13:32 look.old -rwxr-xr-x 1 root root 7159 Oct 10 20:37 mailkey -rwxr-xr-x 1 root root 7159 Oct 9 13:32 mailkey.old -rwxr-xr-x 1 root root 16015 Oct 10 20:37 manual -rwxr-xr-x 1 root root 16015 Oct 9 13:32 manual.old -rwxr-xr-x 1 root root 1951 Oct 10 20:37 newhostkey -rwxr-xr-x 1 root root 1951 Oct 9 13:32 newhostkey.old -rwxr-xr-x 1 root root 106000 Oct 10 20:37 pf_key -rwxr-xr-x 1 root root 105952 Oct 9 13:32 pf_key.old -rwxr-xr-x 1 root root 1912351 Oct 10 20:37 pluto -rwxr-xr-x 1 root root 1987261 Oct 9 13:32 pluto.old -rwxr-xr-x 1 root root 19910 Oct 10 20:37 ranbits -rwxr-xr-x 1 root root 19870 Oct 9 13:32 ranbits.old -rwxr-xr-x 1 root root 47352 Oct 10 20:37 rsasigkey -rwxr-xr-x 1 root root 47332 Oct 9 13:32 rsasigkey.old -rwxr-xr-x 1 root root 766 Oct 10 20:37 secrets -rwxr-xr-x 1 root root 766 Oct 9 13:32 secrets.old -rwxr-xr-x 1 root root 17660 Oct 10 20:37 send-pr -rwxr-xr-x 1 root root 17660 Oct 9 13:32 send-pr.old lrwxrwxrwx 1 root root 22 Oct 10 20:37 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Oct 10 20:37 showdefaults -rwxr-xr-x 1 root root 1054 Oct 9 13:32 showdefaults.old -rwxr-xr-x 1 root root 4748 Oct 10 20:37 showhostkey -rwxr-xr-x 1 root root 4748 Oct 9 13:32 showhostkey.old -rwxr-xr-x 1 root root 305961 Oct 10 20:37 spi -rwxr-xr-x 1 root root 305793 Oct 9 13:32 spi.old -rwxr-xr-x 1 root root 155723 Oct 10 20:37 spigrp -rwxr-xr-x 1 root root 155631 Oct 9 13:32 spigrp.old -rwxr-xr-x 1 root root 21996 Oct 10 20:37 tncfg -rwxr-xr-x 1 root root 21988 Oct 9 13:32 tncfg.old -rwxr-xr-x 1 root root 12006 Oct 10 20:37 verify -rwxr-xr-x 1 root root 11640 Oct 9 13:32 verify.old -rwxr-xr-x 1 root root 150580 Oct 10 20:37 whack -rwxr-xr-x 1 root root 150496 Oct 9 13:32 whack.old + _________________________ ipsec/updowns ++ ls /usr/local/libexec/ipsec ++ egrep updown + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed eth0: 510529 4170 0 0 0 0 0 0 209087 2033 0 0 0 0 0 0 eth1: 9802984 50232 0 984 0 0 0 6 4256843 15176 0 0 0 0 0 0 eth2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 lo: 510489 2952 0 0 0 0 0 0 510489 2952 0 0 0 0 0 0 shaper0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eql: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 teql0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 tunl0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 gre0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ip6tnl0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec0: 0 0 0 0 0 0 0 0 1494 9 0 3 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth2 FCFEA8C0 00000000 0001 0 0 0 FCFFFFFF 0 0 0 eth1 50F21151 00000000 0001 0 0 0 FCFFFFFF 0 0 0 eth1 08F21151 00000000 0001 0 0 0 FCFFFFFF 0 0 0 ipsec0 08F21151 00000000 0001 0 0 0 FCFFFFFF 0 0 0 eth0 00F2A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 ipsec0 00EAA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth2 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0 eth1 00000000 09F21151 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter ipsec0/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 eth2/rp_filter:0 ipsec0/rp_filter:0 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter ipsec0/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 eth2/rp_filter:0 ipsec0/rp_filter:0 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects eth2/accept_redirects eth2/secure_redirects eth2/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 eth2/accept_redirects:1 eth2/secure_redirects:1 eth2/send_redirects:1 ipsec0/accept_redirects:1 ipsec0/secure_redirects:1 ipsec0/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux ie-fw1.thermeon.eu 2.6.18 #1 SMP Tue Oct 10 21:21:32 BST 2006 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + cat /etc/redhat-release CentOS release 4.4 (Final) + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + cat /proc/net/ipsec_version Openswan version: 2.4.7dr1 + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + test -r /sbin/ipchains + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules ipsec 325144 2 - Live 0xf8f10000 ppp_mppe 10756 0 - Live 0xf8a81000 autofs4 24964 0 - Live 0xf894e000 sunrpc 146364 1 - Live 0xf8a5c000 joydev 13760 0 - Live 0xf893d000 button 11152 0 - Live 0xf8967000 battery 14084 0 - Live 0xf8962000 asus_acpi 19736 0 - Live 0xf8916000 ac 9604 0 - Live 0xf8912000 usb_storage 65344 0 - Live 0xf8a8c000 uhci_hcd 26764 0 - Live 0xf890a000 ehci_hcd 34184 0 - Live 0xf88fd000 i2c_i801 11916 0 - Live 0xf88b9000 i2c_core 24448 1 i2c_i801, Live 0xf88a8000 dm_snapshot 20268 0 - Live 0xf88f7000 dm_zero 6144 0 - Live 0xf8873000 dm_mirror 25552 0 - Live 0xf88b1000 ext3 125832 3 - Live 0xf891d000 jbd 58664 1 ext3, Live 0xf88e7000 dm_mod 58264 10 dm_snapshot,dm_zero,dm_mirror, Live 0xf88d7000 ahci 20484 4 - Live 0xf88a1000 libata 97428 1 ahci, Live 0xf88be000 sd_mod 23680 5 - Live 0xf8876000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 1031504 kB MemFree: 535912 kB Buffers: 26532 kB Cached: 133888 kB SwapCached: 0 kB Active: 400484 kB Inactive: 66980 kB HighTotal: 130432 kB HighFree: 240 kB LowTotal: 901072 kB LowFree: 535672 kB SwapTotal: 1966072 kB SwapFree: 1966072 kB Dirty: 204 kB Writeback: 0 kB AnonPages: 306972 kB Mapped: 20452 kB Slab: 12716 kB PageTables: 2116 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 2481824 kB Committed_AS: 503536 kB VmallocTotal: 116728 kB VmallocUsed: 2964 kB VmallocChunk: 109172 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 2048 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version lrwxrwxrwx 1 root root 16 Oct 10 22:22 /proc/net/ipsec_eroute -> ipsec/eroute/all lrwxrwxrwx 1 root root 16 Oct 10 22:22 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug lrwxrwxrwx 1 root root 13 Oct 10 22:22 /proc/net/ipsec_spi -> ipsec/spi/all lrwxrwxrwx 1 root root 16 Oct 10 22:22 /proc/net/ipsec_spigrp -> ipsec/spigrp/all lrwxrwxrwx 1 root root 11 Oct 10 22:22 /proc/net/ipsec_tncfg -> ipsec/tncfg lrwxrwxrwx 1 root root 13 Oct 10 22:22 /proc/net/ipsec_version -> ipsec/version + _________________________ usr/src/linux/.config + test -f /proc/config.gz + zcat /proc/config.gz + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV' CONFIG_NET_KEY=m CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_MULTIPATH_CACHED=y CONFIG_IP_ROUTE_MULTIPATH_RR=y CONFIG_IP_ROUTE_MULTIPATH_RANDOM=y CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=y CONFIG_IP_ROUTE_MULTIPATH_DRR=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_PNP=y # CONFIG_IP_PNP_DHCP is not set # CONFIG_IP_PNP_BOOTP is not set # CONFIG_IP_PNP_RARP is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_IPSEC_NAT_TRAVERSAL=y CONFIG_INET_AH=y CONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_INET_XFRM_TUNNEL=y CONFIG_INET_TUNNEL=y CONFIG_INET_XFRM_MODE_TRANSPORT=y CONFIG_INET_XFRM_MODE_TUNNEL=y CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y CONFIG_IP_VS=y CONFIG_IP_VS_DEBUG=y CONFIG_IP_VS_TAB_BITS=12 CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_RR=y CONFIG_IP_VS_WRR=y CONFIG_IP_VS_LC=y CONFIG_IP_VS_WLC=y CONFIG_IP_VS_LBLC=y CONFIG_IP_VS_LBLCR=y CONFIG_IP_VS_DH=y CONFIG_IP_VS_SH=y CONFIG_IP_VS_SED=y CONFIG_IP_VS_NQ=y CONFIG_IP_VS_FTP=y CONFIG_IPV6=y CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_INET6_AH=y CONFIG_INET6_ESP=y CONFIG_INET6_IPCOMP=y CONFIG_INET6_XFRM_TUNNEL=y CONFIG_INET6_TUNNEL=y CONFIG_INET6_XFRM_MODE_TRANSPORT=y CONFIG_INET6_XFRM_MODE_TUNNEL=y CONFIG_IPV6_TUNNEL=y CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_SECMARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CONNTRACK_NETLINK=y CONFIG_IP_NF_CT_PROTO_SCTP=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_NETBIOS_NS=y CONFIG_IP_NF_TFTP=y CONFIG_IP_NF_AMANDA=y CONFIG_IP_NF_PPTP=y CONFIG_IP_NF_H323=y CONFIG_IP_NF_SIP=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_IPRANGE=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_DSCP=y CONFIG_IP_NF_MATCH_AH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_OWNER=y CONFIG_IP_NF_MATCH_ADDRTYPE=y CONFIG_IP_NF_MATCH_HASHLIMIT=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_TARGET_NETMAP=y CONFIG_IP_NF_TARGET_SAME=y CONFIG_IP_NF_NAT_SNMP_BASIC=y CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_NAT_TFTP=y CONFIG_IP_NF_NAT_AMANDA=y CONFIG_IP_NF_NAT_PPTP=y CONFIG_IP_NF_NAT_H323=y CONFIG_IP_NF_NAT_SIP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_DSCP=y CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_TARGET_CLUSTERIP=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y CONFIG_IP_NF_SET=y CONFIG_IP_NF_SET_MAX=256 CONFIG_IP_NF_SET_HASHSIZE=1024 CONFIG_IP_NF_SET_IPMAP=y CONFIG_IP_NF_SET_MACIPMAP=y CONFIG_IP_NF_SET_PORTMAP=y CONFIG_IP_NF_SET_IPHASH=y CONFIG_IP_NF_SET_NETHASH=y CONFIG_IP_NF_SET_IPPORTHASH=y CONFIG_IP_NF_SET_IPTREE=y CONFIG_IP_NF_MATCH_SET=y CONFIG_IP_NF_TARGET_SET=y CONFIG_IP_NF_TARGET_ROUTE=y CONFIG_IP6_NF_QUEUE=y CONFIG_IP6_NF_IPTABLES=y CONFIG_IP6_NF_MATCH_RT=y CONFIG_IP6_NF_MATCH_OPTS=y CONFIG_IP6_NF_MATCH_FRAG=y CONFIG_IP6_NF_MATCH_HL=y CONFIG_IP6_NF_MATCH_OWNER=y CONFIG_IP6_NF_MATCH_IPV6HEADER=y CONFIG_IP6_NF_MATCH_AH=y CONFIG_IP6_NF_MATCH_EUI64=y CONFIG_IP6_NF_FILTER=y CONFIG_IP6_NF_TARGET_LOG=y CONFIG_IP6_NF_TARGET_REJECT=y CONFIG_IP6_NF_MANGLE=y CONFIG_IP6_NF_TARGET_HL=y CONFIG_IP6_NF_RAW=y CONFIG_IP6_NF_TARGET_ROUTE=y # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_IPX is not set CONFIG_KLIPS=m CONFIG_KLIPS_ESP=y CONFIG_KLIPS_AH=y CONFIG_KLIPS_AUTH_HMAC_MD5=y CONFIG_KLIPS_AUTH_HMAC_SHA1=y CONFIG_KLIPS_ENC_CRYPTOAPI=y CONFIG_KLIPS_ENC_1DES=y CONFIG_KLIPS_ENC_3DES=y CONFIG_KLIPS_ENC_AES=y CONFIG_KLIPS_IPCOMP=y CONFIG_KLIPS_DEBUG=y CONFIG_IPW2100=m # CONFIG_IPW2100_MONITOR is not set # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m # CONFIG_IPW2200_MONITOR is not set # CONFIG_IPW2200_QOS is not set # CONFIG_IPW2200_DEBUG is not set CONFIG_IPPP_FILTER=y CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_INTEL=y CONFIG_HW_RANDOM_AMD=y CONFIG_HW_RANDOM_GEODE=y CONFIG_HW_RANDOM_VIA=y # CONFIG_CRYPTO_DEV_PADLOCK is not set + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf search thermeon.eu car-rental-world.com thermeon.com thermeoneurope.com nameserver 193.109.194.98 nameserver 192.168.242.52 nameserver 192.168.240.52 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 52 drwxr-xr-x 3 root root 4096 Sep 13 11:38 2.6.9-34.ELsmp drwxr-xr-x 3 root root 4096 Sep 13 12:24 2.6.9-34.EL drwxr-xr-x 3 root root 4096 Sep 13 13:07 2.6.17.11 drwxr-xr-x 3 root root 4096 Sep 28 14:53 2.6.9-42.0.2.EL drwxr-xr-x 3 root root 4096 Sep 28 14:54 2.6.9-42.0.2.ELsmp drwxr-xr-x 3 root root 4096 Oct 3 13:25 2.6.18.old drwxr-xr-x 2 root root 4096 Oct 6 12:16 kabi-4.0-0 drwxr-xr-x 2 root root 4096 Oct 6 12:38 kabi-4.0-0smp drwxr-xr-x 3 root root 4096 Oct 9 13:24 2.6.9-42.0.3.EL drwxr-xr-x 3 root root 4096 Oct 9 13:24 2.6.9-42.0.3.ELsmp drwxr-xr-x 3 root root 4096 Oct 10 21:31 2.6.18 + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c02e337d T __netif_rx_schedule c02e3a5f T netif_rx c02e3b92 T netif_rx_ni c02e3a5f U netif_rx [ipsec] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.17.11: 2.6.18: 2.6.18.old: 2.6.9-34.EL: 2.6.9-34.ELsmp: 2.6.9-42.0.2.EL: 2.6.9-42.0.2.ELsmp: 2.6.9-42.0.3.EL: 2.6.9-42.0.3.ELsmp: kabi-4.0-0: kabi-4.0-0smp: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '342028,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Oct 10 22:19:16 ie-fw1 ipsec_setup: Starting Openswan IPsec 2.4.7dr1... Oct 10 22:19:16 ie-fw1 ipsec__plutorun: 104 "iecollo-ukoffice" #1: STATE_MAIN_I1: initiate Oct 10 22:19:16 ie-fw1 ipsec__plutorun: ...could not start conn "iecollo-ukoffice" Oct 10 22:21:34 ie-fw1 kernel: device ipsec0 entered promiscuous mode Oct 10 22:21:34 ie-fw1 kernel: audit(1160515294.815:25): dev=ipsec0 prom=256 old_prom=0 auid=4294967295 Oct 10 22:21:39 ie-fw1 kernel: device ipsec0 left promiscuous mode Oct 10 22:21:39 ie-fw1 kernel: audit(1160515299.819:26): dev=ipsec0 prom=0 old_prom=256 auid=4294967295 Oct 10 22:21:42 ie-fw1 kernel: device ipsec0 entered promiscuous mode Oct 10 22:21:42 ie-fw1 kernel: audit(1160515302.216:27): dev=ipsec0 prom=256 old_prom=0 auid=4294967295 Oct 10 22:22:09 ie-fw1 kernel: device ipsec0 left promiscuous mode Oct 10 22:22:09 ie-fw1 kernel: audit(1160515329.973:28): dev=ipsec0 prom=0 old_prom=256 auid=4294967295 + _________________________ plog + sed -n '25821,$p' /var/log/secure + egrep -i pluto + case "$1" in + cat Oct 10 22:19:16 ie-fw1 ipsec__plutorun: Starting Pluto subsystem... Oct 10 22:19:16 ie-fw1 pluto[8384]: Starting Pluto (Openswan Version 2.4.7dr1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEYvbDvZe[ef) Oct 10 22:19:16 ie-fw1 pluto[8384]: Setting NAT-Traversal port-4500 floating to on Oct 10 22:19:16 ie-fw1 pluto[8384]: port floating activation criteria nat_t=1/port_fload=1 Oct 10 22:19:16 ie-fw1 pluto[8384]: including NAT-Traversal patch (Version 0.6c) Oct 10 22:19:16 ie-fw1 pluto[8384]: 1 bad entries in virtual_private - none loaded Oct 10 22:19:16 ie-fw1 pluto[8384]: WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random Oct 10 22:19:16 ie-fw1 pluto[8384]: WARNING: Using /dev/urandom as the source of random Oct 10 22:19:16 ie-fw1 pluto[8384]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 10 22:19:16 ie-fw1 pluto[8384]: no helpers will be started, all cryptographic operations will be done inline Oct 10 22:19:16 ie-fw1 pluto[8384]: Using KLIPS IPsec interface code on 2.6.18 Oct 10 22:19:16 ie-fw1 pluto[8384]: Changing to directory '/etc/ipsec.d/cacerts' Oct 10 22:19:16 ie-fw1 pluto[8384]: loaded CA cert file 'caCert.pem' (1346 bytes) Oct 10 22:19:16 ie-fw1 pluto[8384]: Changing to directory '/etc/ipsec.d/aacerts' Oct 10 22:19:16 ie-fw1 pluto[8384]: Changing to directory '/etc/ipsec.d/ocspcerts' Oct 10 22:19:16 ie-fw1 pluto[8384]: Changing to directory '/etc/ipsec.d/crls' Oct 10 22:19:16 ie-fw1 pluto[8384]: Warning: empty directory Oct 10 22:19:16 ie-fw1 pluto[8384]: added connection description "iecollo-ukoffice" Oct 10 22:19:16 ie-fw1 pluto[8384]: listening for IKE messages Oct 10 22:19:16 ie-fw1 pluto[8384]: adding interface ipsec0/eth1 81.17.242.10:500 Oct 10 22:19:16 ie-fw1 pluto[8384]: adding interface ipsec0/eth1 81.17.242.10:4500 Oct 10 22:19:16 ie-fw1 pluto[8384]: loading secrets from "/etc/ipsec.secrets" Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: initiating Main Mode Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: received Vendor ID payload [Dead Peer Detection] Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: I did not send a certificate because I do not have one. Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: Main mode peer ID is ID_IPV4_ADDR: '212.159.53.154' Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #1: Dead Peer Detection (RFC 3706): enabled Oct 10 22:19:16 ie-fw1 pluto[8384]: "iecollo-ukoffice" #2: initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1} Oct 10 22:19:17 ie-fw1 pluto[8384]: "iecollo-ukoffice" #2: Dead Peer Detection (RFC 3706): enabled Oct 10 22:19:17 ie-fw1 pluto[8384]: "iecollo-ukoffice" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Oct 10 22:19:17 ie-fw1 pluto[8384]: "iecollo-ukoffice" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xe62345c5 <0x4dd101e7 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000e08e <0x0000b5a8 NATD=none DPD=enabled} Oct 10 22:19:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Informational Exchange is for an unknown (expired?) SA Oct 10 22:19:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:19:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:19:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:19:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:19:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:19:29 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Informational Exchange is for an unknown (expired?) SA Oct 10 22:19:38 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Informational Exchange is for an unknown (expired?) SA Oct 10 22:19:45 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA Oct 10 22:19:46 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA Oct 10 22:19:47 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: Informational Exchange is for an unknown (expired?) SA Oct 10 22:19:50 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:19:50 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:19:50 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:19:50 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:19:50 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:20:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:20:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:20:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:20:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:20:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:20:04 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:20:04 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:20:04 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:20:04 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:20:04 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:20:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:20:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:20:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:20:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:20:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:20:45 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:20:45 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:20:45 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:20:45 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:20:45 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:21:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:21:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:21:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:21:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:21:00 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:21:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:21:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:21:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:21:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:21:25 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:21:41 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:21:41 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:21:41 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:21:41 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:21:41 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:22:05 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:22:05 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:22:05 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:22:05 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:22:05 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:22:15 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:22:15 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:22:15 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:22:15 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:22:15 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:22:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:22:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:22:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:22:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:22:20 ie-fw1 pluto[8384]: packet from 193.109.194.98:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized Oct 10 22:22:35 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Oct 10 22:22:35 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 Oct 10 22:22:35 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 10 22:22:35 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: received Vendor ID payload [Dead Peer Detection] Oct 10 22:22:35 ie-fw1 pluto[8384]: packet from 67.155.224.243:500: initial Main Mode message received on 81.17.242.10:500 but no connection has been authorized + _________________________ date + date Tue Oct 10 22:22:53 BST 2006