=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2008.03.01 00:19:18 =~=~=~=~=~=~=~=~=~=~=~= barf barflog.txt barf.txt [root@flexigw ~]# more barflog.txt flexigw.flexilogix.com Fri Feb 29 16:02:14 PKT 2008 + _________________________ version + ipsec --version Linux Openswan U2.4.9/K2.6.18-1.2798.fc6 (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.18-1.2798.fc6 (brewbuilder@hs20-bc2-3.build.redhat.com) (gcc version 4.1.1 20061011 (Red Hat 4.1.1-30)) #1 SMP Mon Oct 16 14:54:20 EDT 2006 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 58.27.207.68 0.0.0.0 255.255.255.252 U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 58.27.207.69 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state + _________________________ ip-xfrm-policy + ip xfrm policy src ::/0 dst ::/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 --More--(4%)  dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src ::/0 dst ::/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 58.27.207.70 000 interface eth0/eth0 58.27.207.70 000 interface eth1/eth1 192.168.100.11 000 interface eth1/eth1 192.168.100.11 000 %myid = (none) 000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 --More--(10%) 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "telenor": 192.168.100.21/32===58.27.207.70...202.69.9.240===172.18.104.244/32; unrouted; eroute owner: #0 000 "telenor": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "telenor": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "telenor": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY; prio: 32,32; interface: eth0; encap: esp; 000 "telenor": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "telenor": ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=strict 000 "telenor": ESP algorithms loaded: 3DES(3)_000-MD5(1); flags=strict 000 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:08:C7:84:6A:73 inet addr:58.27.207.70 Bcast:58.27.207.71 Mask:255.255.255.252 inet6 addr: fe80::208:c7ff:fe84:6a73/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:445 errors:0 dropped:0 overruns:0 frame:0 TX packets:480 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37921 (37.0 KiB) TX bytes:43208 (42.1 KiB) Interrupt:193 Base address:0xd8f0 eth1 Link encap:Ethernet HWaddr 00:B0:D0:3E:CF:BE inet addr:192.168.100.11 Bcast:192.168.100.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 --More--(16%) RX packets:2071 errors:0 dropped:0 overruns:0 frame:0 TX packets:2071 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5833256 (5.5 MiB) TX bytes:5833256 (5.5 MiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:08:c7:84:6a:73 brd ff:ff:ff:ff:ff:ff inet 58.27.207.70/30 brd 58.27.207.71 scope global eth0 inet6 fe80::208:c7ff:fe84:6a73/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:b0:d0:3e:cf:be brd ff:ff:ff:ff:ff:ff inet 192.168.100.11/24 brd 192.168.100.255 scope global eth1 4: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 + _________________________ ip-route-list + ip route list 58.27.207.68/30 dev eth0 proto kernel scope link src 58.27.207.70 192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.11 169.254.0.0/16 dev eth1 scope link default via 58.27.207.69 dev eth0 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.9/K2.6.18-1.2798.fc6 (netkey) --More--(22%) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! NETKEY detected, testing for disabled ICMP accept_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [FAILED] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: National DP83840A rev 1 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth1: no link product info: Intel 82555 rev 4 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn flexigw.flexilogix.com + _________________________ hostname/ipaddress + hostname --ip-address 127.0.0.1 + _________________________ uptime + uptime 16:02:15 up 8 min, 1 user, load average: 0.40, 0.28, 0.18 --More--(27%) + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 1 0 2142 1 25 0 2412 416 wait S ? 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictc rlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 1 0 2143 2142 25 0 2412 584 wait S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --str ictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspu ri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 4 0 2144 2143 15 0 2612 1136 - S ? 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsec dir /etc/ipsec.d --debug-all --use-auto --uniqueids --nat_traversal 1 0 2202 2144 27 10 2612 500 - SN ? 0:00 | \_ pluto helper # 0 0 0 2307 2144 17 0 1560 284 - S ? 0:00 | \_ _pluto_adns -d 0 0 2145 2142 16 0 2408 1056 pipe_w S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 0 0 2146 1 25 0 1624 384 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun 0 0 2702 2675 21 0 4440 1096 - R+ pts/1 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf + _________________________ ipsec/showdefaults + ipsec showdefaults # no default route + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $ # This file: /usr/local/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup interfaces="ipsec0=eth0" # ONLY enable plutodebug=all or klipsdebug=all if you are a developer !! plutodebug="all" #klipsedebug="all" # # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes --More--(34%)  # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 || 10.5.125.105 # # enable this if you see "failed to find any available worker" #nhelpers=0 conn nattelenor type=tunnel authby=secret # secret key #auth=esp #pfs=no ike=3des-md5-modp1024 #esp=3des-md5-96 left=58.27.207.70 # my external, internet-routable ip address, provided by NAT box= #left=10.5.125.105 # my native (private) subnet= leftsubnet=10.5.125.105/32 leftnexthop=192.168.100.11 right=202.69.9.240 # my peer's external, internet-routable ip address= #right=172.18.104.244 # my peer's internal (private) subnet= rightsubnet=10.8.13.113/32 #172.18.104.244/32 #rightnexthop= # added later #== conn telenor authby=secret pfs=no rekey=no left=58.27.207.70 # Local Values leftsubnet=192.168.100.21/32 # #leftnexthop=%defaultroute # can be default keyingtries=3 right=202.69.9.240 # Remote Values esp=3des-md5 rightsubnet=172.18.104.244/32 # #rightid=@ab.example.com # #rightnexthop=%defaultroute # correct in many situations auto=add # authorizes but doesn't start this # sample VPN connections, see /etc/ipsec.d/examples/ #Disable Opportunistic Encryption #< /etc/ipsec.d/examples/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/local/share/doc/openswan/policygroups.html for details. --More--(38%) # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 62 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 #Pre shared Key with Telenor 58.27.207.70 202.69.9.240: PSK "[sums to 8e5a...]" : RSA { # RSA 2192 bits flexigw.flexilogix.com Thu Feb 21 20:36:31 2008 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQN51q6u8] Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } # do not change the indenting of that "[sums to 7d9d...]" + _________________________ ipsec/listall --More--(41%) + ipsec auto --listall 000 000 List of Public Keys: 000 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $ # # # Michael's idea: Always have ROOT NAMESERVERS in the clear. # It will make OE work much better on machines running caching # resolvers. # # Based on: http://www.internic.net/zones/named.root # This file holds the information on root name servers needed to # last update: Jan 29, 2004 # related version of root zone: 2004012900 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 --More--(45%) 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 192.58.128.30/32 193.0.14.129/32 198.32.64.12/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. --More--(49%) # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec total 160 -rwxr-xr-x 1 root root 15848 Feb 21 20:18 _confread -rwxr-xr-x 1 root root 13313 Feb 21 20:18 _copyright -rwxr-xr-x 1 root root 2379 Feb 21 20:18 _include -rwxr-xr-x 1 root root 1475 Feb 21 20:18 _keycensor -rwxr-xr-x 1 root root 3586 Feb 21 20:18 _plutoload -rwxr-xr-x 1 root root 8069 Feb 21 20:18 _plutorun -rwxr-xr-x 1 root root 12480 Feb 21 20:18 _realsetup -rwxr-xr-x 1 root root 1975 Feb 21 20:18 _secretcensor -rwxr-xr-x 1 root root 11027 Feb 21 20:18 _startklips -rwxr-xr-x 1 root root 13918 Feb 21 20:18 _updown -rwxr-xr-x 1 root root 15746 Feb 21 20:18 _updown_x509 + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec total 3368 -rwxr-xr-x 1 root root 26313 Feb 21 20:18 _pluto_adns -rwxr-xr-x 1 root root 18891 Feb 21 20:18 auto -rwxr-xr-x 1 root root 11367 Feb 21 20:18 barf -rwxr-xr-x 1 root root 816 Feb 21 20:18 calcgoo -rwxr-xr-x 1 root root 197489 Feb 21 20:18 eroute -rwxr-xr-x 1 root root 63116 Feb 21 20:18 ikeping -rwxr-xr-x 1 root root 127008 Feb 21 20:18 klipsdebug -rwxr-xr-x 1 root root 1836 Feb 21 20:19 livetest -rwxr-xr-x 1 root root 2604 Feb 21 20:18 look -rwxr-xr-x 1 root root 7094 Feb 21 20:18 mailkey -rwxr-xr-x 1 root root 16015 Feb 21 20:18 manual -rwxr-xr-x 1 root root 1951 Feb 21 20:18 newhostkey -rwxr-xr-x 1 root root 109516 Feb 21 20:18 pf_key -rwxr-xr-x 1 root root 1915084 Feb 21 20:18 pluto -rwxr-xr-x 1 root root 20161 Feb 21 20:18 ranbits -rwxr-xr-x 1 root root 50764 Feb 21 20:18 rsasigkey -rwxr-xr-x 1 root root 766 Feb 21 20:18 secrets lrwxrwxrwx 1 root root 22 Feb 21 20:18 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Feb 21 20:18 showdefaults -rwxr-xr-x 1 root root 4845 Feb 21 20:18 showhostkey -rwxr-xr-x 1 root root 321693 Feb 21 20:18 spi -rwxr-xr-x 1 root root 159843 Feb 21 20:18 spigrp -rwxr-xr-x 1 root root 26785 Feb 21 20:18 tncfg --More--(55%) -rwxr-xr-x 1 root root 13530 Feb 21 20:18 verify -rwxr-xr-x 1 root root 158201 Feb 21 20:18 whack + _________________________ ipsec/updowns ++ ls /usr/local/libexec/ipsec ++ egrep updown + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 5833256 2071 0 0 0 0 0 0 5833256 2071 0 0 0 0 0 0 eth0: 37921 445 0 0 0 0 0 0 43208 480 0 0 0 0 0 0 eth1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 44CF1B3A 00000000 0001 0 0 0 FCFFFFFF 0 0 0 eth1 0064A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0 eth0 00000000 45CF1B3A 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 0 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 --More--(61%) eth1/rp_filter:1 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept _redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects all/accept_redirects:1 all/secure_redirects:1 all/send_redirects:1 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux flexigw.flexilogix.com 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:54:20 EDT 2006 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + cat /etc/redhat-release Fedora Core release 6 (Zod) + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release --More--(67%) + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.18-1.2798.fc6) support detected ' NETKEY (2.6.18-1.2798.fc6) support detected + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination --More--(72%)  Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules iptable_mangle 7105 0 - Live 0xf8bad000 iptable_nat 11845 0 - Live 0xf8ba9000 ip_nat 22253 1 iptable_nat, Live 0xf8bb1000 ip_conntrack 56993 2 iptable_nat,ip_nat, Live 0xf8bbb000 nfnetlink 11353 2 ip_nat,ip_conntrack, Live 0xf8b90000 iptable_filter 7233 0 - Live 0xf8b8d000 ip_tables 17669 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xf8ba3000 x_tables 18501 2 iptable_nat,ip_tables, Live 0xf8b77000 deflate 8129 0 - Live 0xf8b74000 zlib_deflate 23001 1 deflate, Live 0xf8b86000 twofish 46145 0 - Live 0xf8b96000 serpent 29505 0 - Live 0xf8b7d000 blowfish 12865 0 - Live 0xf8b6f000 crypto_null 6849 0 - Live 0xf8b6c000 xfrm4_tunnel 6721 0 - Live 0xf8b69000 tunnel4 7621 1 xfrm4_tunnel, Live 0xf88c6000 ipcomp 11849 0 - Live 0xf8b21000 esp4 11969 0 - Live 0xf8b1d000 ah4 10689 0 - Live 0xf8985000 aes 31873 0 - Live 0xf8b60000 des 21953 0 - Live 0xf8b59000 md5 8385 0 - Live 0xf899b000 sha256 15553 0 - Live 0xf89a1000 af_key 41809 0 - Live 0xf8b4d000 autofs4 25413 2 - Live 0xf8b10000 hidp 24129 2 - Live 0xf8b09000 rfcomm 45912 0 - Live 0xf89af000 l2cap 31681 10 hidp,rfcomm, Live 0xf89a6000 bluetooth 58917 5 hidp,rfcomm,l2cap, Live 0xf8af9000 sunrpc 158333 1 - Live 0xf8b25000 freq_table 9793 0 - Live 0xf8989000 dm_multipath 22601 0 - Live 0xf8994000 video 21061 0 - Live 0xf898d000 --More--(77%) sbs 20225 0 - Live 0xf8976000 i2c_ec 9281 1 sbs, Live 0xf8981000 button 10961 0 - Live 0xf896e000 battery 14405 0 - Live 0xf897c000 ac 9541 0 - Live 0xf8972000 ipv6 267745 31 - Live 0xf89bd000 parport_pc 31205 1 - Live 0xf894a000 lp 17033 0 - Live 0xf8923000 parport 40841 2 parport_pc,lp, Live 0xf8963000 sr_mod 21605 2 - Live 0xf890b000 cdrom 38625 1 sr_mod, Live 0xf893f000 floppy 61285 1 - Live 0xf8953000 sg 38493 0 - Live 0xf8934000 e100 40393 0 - Live 0xf8929000 mii 9665 1 e100, Live 0xf8907000 pcspkr 7361 0 - Live 0xf8856000 tlan 32861 0 - Live 0xf8912000 i2c_piix4 12621 0 - Live 0xf888d000 serio_raw 11205 0 - Live 0xf8852000 i2c_core 25537 2 i2c_ec,i2c_piix4, Live 0xf88d9000 dm_snapshot 21357 0 - Live 0xf88bf000 dm_zero 6337 0 - Live 0xf8835000 dm_mirror 32913 0 - Live 0xf88b5000 dm_mod 61273 13 dm_multipath,dm_snapshot,dm_zero,dm_mirror, Live 0xf88c9000 aic7xxx 143093 4 - Live 0xf88e3000 scsi_transport_spi 28993 1 aic7xxx, Live 0xf8844000 sd_mod 24897 17 - Live 0xf8816000 scsi_mod 138601 5 sr_mod,sg,aic7xxx,scsi_transport_spi,sd_mod, Live 0xf886a000 ext3 135369 2 - Live 0xf8892000 jbd 63081 1 ext3, Live 0xf8859000 ehci_hcd 35533 0 - Live 0xf883a000 ohci_hcd 25181 0 - Live 0xf8826000 uhci_hcd 27725 0 - Live 0xf881e000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 1295156 kB MemFree: 598184 kB Buffers: 106032 kB Cached: 511000 kB SwapCached: 0 kB Active: 211644 kB Inactive: 454044 kB HighTotal: 393208 kB HighFree: 752 kB LowTotal: 901948 kB --More--(81%) LowFree: 597432 kB SwapTotal: 2031608 kB SwapFree: 2031608 kB Dirty: 268 kB Writeback: 0 kB AnonPages: 48652 kB Mapped: 26604 kB Slab: 16992 kB PageTables: 2628 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 2679184 kB Committed_AS: 213912 kB VmallocTotal: 114680 kB VmallocUsed: 3856 kB VmallocChunk: 110732 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.18-1.2798.fc6/build/.config ++ uname -r + cat /lib/modules/2.6.18-1.2798.fc6/build/.config + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM' CONFIG_XFRM=y CONFIG_XFRM_USER=y CONFIG_NET_KEY=m CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y --More--(85%) CONFIG_IP_PIMSM_V2=y CONFIG_INET_AH=m CONFIG_INET_ESP=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_IP_VS=m # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m CONFIG_IP_VS_FTP=m CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_INET6_AH=m CONFIG_INET6_ESP=m CONFIG_INET6_IPCOMP=m CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_IPV6_TUNNEL=m CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_SECMARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y --More--(88%) CONFIG_IP_NF_CONNTRACK_NETLINK=m CONFIG_IP_NF_CT_PROTO_SCTP=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_NETBIOS_NS=m CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_AMANDA=m CONFIG_IP_NF_PPTP=m CONFIG_IP_NF_H323=m CONFIG_IP_NF_SIP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_HASHLIMIT=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m CONFIG_IP_NF_NAT_AMANDA=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_NAT_H323=m CONFIG_IP_NF_NAT_SIP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m --More--(91%) CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_RAW=m CONFIG_IP_DCCP=m CONFIG_INET_DCCP_DIAG=m CONFIG_IP_DCCP_ACKVEC=y CONFIG_IP_DCCP_CCID2=m CONFIG_IP_DCCP_CCID3=m CONFIG_IP_DCCP_TFRC_LIB=m # CONFIG_IP_DCCP_DEBUG is not set CONFIG_IP_SCTP=m CONFIG_IPX=m # CONFIG_IPX_INTERN is not set CONFIG_IPDDP=m CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP_DECAP=y CONFIG_IPW2100=m CONFIG_IPW2100_MONITOR=y # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m CONFIG_IPW2200_MONITOR=y CONFIG_IPW2200_RADIOTAP=y CONFIG_IPW2200_PROMISCUOUS=y CONFIG_IPW2200_QOS=y # CONFIG_IPW2200_DEBUG is not set CONFIG_IPPP_FILTER=y --More--(94%) # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_GEODE=m CONFIG_HW_RANDOM_VIA=m # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=y + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf search flexilogix.com nameserver 10.16.6.11 nameserver 10.16.7.12 --More--(97%) + _________________________ lib/modules-ls + ls -ltr /lib/modules total 8 drwxr-xr-x 6 root root 4096 Sep 15 05:09 2.6.18-1.2798.fc6 + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c05af9be T __netif_rx_schedule c05b07dc T netif_rx c05b1c3a T netif_rx_ni c05b07dc U netif_rx [ipv6] c05af9be U __netif_rx_schedule [e100] c05b07dc U netif_rx [tlan] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.18-1.2798.fc6: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '4928,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Feb 29 15:55:46 flexigw ipsec_setup: Starting Openswan IPsec 2.4.9... + _________________________ plog + sed -n '2459403,$p' /var/log/secure ]0;root@flexigw:~ [root@flexigw ~]# ]0;root@flexigw:~[root@flexigw ~]# ]0;root@flexigw:~[root@flexigw ~]# ]0;root@flexigw:~[root@flexigw ~]# ]0;root@flexigw:~[root@flexigw ~]#