Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration. vpn.greatgulfhomes.com Thu May 22 16:03:36 EDT 2008 + _________________________ version + ipsec --version Linux Openswan U2.4.5/K2.6.22.9-61.fc6 (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.22.9-61.fc6 (brewbuilder@hs20-bc1-7.build.redhat.com) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-13)) #1 SMP Thu Sep 27 17:45:57 EDT 2007 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + head -n 100 + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 216.191.52.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0 10.247.0.0 216.191.52.65 255.255.0.0 UG 0 0 0 eth0 10.241.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 10.243.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 10.249.0.0 216.191.52.65 255.255.0.0 UG 0 0 0 eth0 10.248.0.0 216.191.52.65 255.255.0.0 UG 0 0 0 eth0 0.0.0.0 216.191.52.65 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state src 216.191.52.91 dst 64.201.38.182 proto esp spi 0xcf8a6f29 reqid 16401 mode tunnel replay-window 32 auth hmac(md5) 0xf2e25aae1a0828f8a7c9873aecc9891c enc cbc(des3_ede) 0xcfeb8f0ed9790f11e058330f7ceb67a7968bd2a005ef4d6b src 64.201.38.182 dst 216.191.52.91 proto esp spi 0x2f3d786e reqid 16401 mode tunnel replay-window 32 auth hmac(md5) 0x0a8017a4a9b18ed81ffa8e8bdc0ed902 enc cbc(des3_ede) 0x070bc4c6d41bf18c7b89eb3a036cd819bf4b41f353ace7ad src 216.191.52.91 dst 216.191.52.94 proto esp spi 0x2d9d5d60 reqid 16397 mode tunnel replay-window 32 auth hmac(sha1) 0xd5c10b47ab77092f9089e3e8486b81ae0bf9b11b enc cbc(des3_ede) 0x07c6b68ef99a78575dadf09d95083dbe272fd8b4b4200e59 src 216.191.52.94 dst 216.191.52.91 proto esp spi 0x7bfaff9a reqid 16397 mode tunnel replay-window 32 auth hmac(sha1) 0x7446a803497ae527a9f3fc23c1e101b74cca6efe enc cbc(des3_ede) 0xb25897096d6990a77bde97206b9e635172e7ba333c0a4161 src 216.191.52.91 dst 216.191.52.94 proto esp spi 0x2d9d5d5e reqid 16397 mode tunnel replay-window 32 auth hmac(md5) 0x22dcdd72f1d5d772fdd211d5625340bf enc cbc(des3_ede) 0xa5a93bd4b95634f1f8723e32e849ad5a5f00fc5189709d12 src 216.191.52.94 dst 216.191.52.91 proto esp spi 0x75b4b9bc reqid 16397 mode tunnel replay-window 32 auth hmac(md5) 0x462e2eb90498e2696c8587da3cc59b7c enc cbc(des3_ede) 0x36ffd260e35422a42be2dc5693c6d54c8bcbe31e5e6a8b10 src 216.191.52.91 dst 209.91.185.168 proto esp spi 0x5aae9ff4 reqid 16409 mode tunnel replay-window 32 auth hmac(sha1) 0xa62473673568fa9b6c45047d73da11e94455b432 enc cbc(aes) 0xacb15065dc0f39a1e2afe64eba4fd4ee src 209.91.185.168 dst 216.191.52.91 proto esp spi 0x02e4f4a9 reqid 16409 mode tunnel replay-window 32 auth hmac(sha1) 0xef6a92aca9bb393a9d19955ce5887573d3ad5b8f enc cbc(aes) 0x09254d01f3f09130c9df0417ba645ac3 src 216.191.52.91 dst 209.91.185.168 proto esp spi 0x4201bca6 reqid 16409 mode tunnel replay-window 32 auth hmac(sha1) 0x8b56792ecacb64d41c551260646a67714ded4f09 enc cbc(aes) 0xe571ccbed4d73f603856cf776f94a114 src 209.91.185.168 dst 216.191.52.91 proto esp spi 0x271aff04 reqid 16409 mode tunnel replay-window 32 auth hmac(sha1) 0x396d5220bd624503032f558f69bb1102c8e64ebe enc cbc(aes) 0xa9df2e3227105824fb29a23d498011c8 src 216.191.52.91 dst 216.191.52.94 proto esp spi 0x2d9d5d5f reqid 16393 mode tunnel replay-window 32 auth hmac(sha1) 0x6bcc378803fd5d4a1464415b30ed71a113d3988d enc cbc(des3_ede) 0x553bb21efa1b6a7834f5ceaf0f34e97c21655846a4982f68 src 216.191.52.94 dst 216.191.52.91 proto esp spi 0xf243915a reqid 16393 mode tunnel replay-window 32 auth hmac(sha1) 0x0280440be2b83e8b9d820a426d99254dc5488e86 enc cbc(des3_ede) 0xd7846a1703b7202cf8271292df7f28ffadead7ad359cf571 src 216.191.52.91 dst 216.191.52.94 proto esp spi 0x2d9d5d5d reqid 16393 mode tunnel replay-window 32 auth hmac(md5) 0xe29f17348dc3a20dc621b850dd1f3814 enc cbc(des3_ede) 0xc5637c61758ff4c76165350072c22b5aa8d58cc4c07fb060 src 216.191.52.94 dst 216.191.52.91 proto esp spi 0xd3e74275 reqid 16393 mode tunnel replay-window 32 auth hmac(md5) 0x229df520eeca99cc72b36ac9df7e50fd enc cbc(des3_ede) 0xff6caeb0acd1bd0a86ce9db72a746f7f19d1bef4a5e9b5b5 src 216.191.52.91 dst 209.91.185.168 proto esp spi 0xb13917ab reqid 16385 mode tunnel replay-window 32 auth hmac(sha1) 0x12b12f9879884bd625513bf9c10b200c93b27b24 enc cbc(aes) 0x63ece6479c947f57038cc7ce46408eab src 209.91.185.168 dst 216.191.52.91 proto esp spi 0xa9ff1546 reqid 16385 mode tunnel replay-window 32 auth hmac(sha1) 0xaa96086155daa937d07e155fc26ed8e344965d73 enc cbc(aes) 0x4ea1fe8e69fba8dfd90da613a743ee2c src 216.191.52.91 dst 209.91.185.168 proto esp spi 0x78cc0692 reqid 16385 mode tunnel replay-window 32 auth hmac(sha1) 0xeb8ef18e96826c9cd10806751dcc69da8241625a enc cbc(aes) 0xcadf5d3375a5a266feda6824e326d905 src 209.91.185.168 dst 216.191.52.91 proto esp spi 0x7d857fcd reqid 16385 mode tunnel replay-window 32 auth hmac(sha1) 0x0a7444f4ec2d5d01c1e63a993cbd0d9a08049c71 enc cbc(aes) 0x366e295c8c313566a77f4bd20cac2fec src 216.191.52.91 dst 64.201.38.182 proto esp spi 0xcf8a6f2a reqid 16389 mode tunnel replay-window 32 auth hmac(sha1) 0x0b35703a5b1728484ca7a48f9430e03ec2161cce enc cbc(des3_ede) 0x44904f2c45713f566e9066e0c99ddfb8fd01de8fe68e3fba src 64.201.38.182 dst 216.191.52.91 proto esp spi 0x03297266 reqid 16389 mode tunnel replay-window 32 auth hmac(sha1) 0x722e1565fe476255e400b3d0e0df330e82e0ad85 enc cbc(des3_ede) 0xd10c057de7f6a159bb28c064df8071a37931aa2f9a8a59a6 + _________________________ ip-xfrm-policy + ip xfrm policy src 10.248.0.0/16 dst 10.243.0.0/16 dir in priority 2608 ptype main tmpl src 216.191.52.94 dst 216.191.52.91 proto esp reqid 16393 mode tunnel src 10.248.0.0/16 dst 10.241.0.0/16 dir in priority 2608 ptype main tmpl src 216.191.52.94 dst 216.191.52.91 proto esp reqid 16397 mode tunnel src 10.249.0.0/16 dst 10.243.0.0/16 dir in priority 2608 ptype main tmpl src 209.91.185.168 dst 216.191.52.91 proto esp reqid 16409 mode tunnel src 10.249.0.0/16 dst 10.241.0.0/16 dir in priority 2608 ptype main tmpl src 209.91.185.168 dst 216.191.52.91 proto esp reqid 16385 mode tunnel src 10.247.0.0/16 dst 10.243.0.0/16 dir in priority 2608 ptype main tmpl src 64.201.38.182 dst 216.191.52.91 proto esp reqid 16401 mode tunnel src 10.247.0.0/16 dst 10.241.0.0/16 dir in priority 2608 ptype main tmpl src 64.201.38.182 dst 216.191.52.91 proto esp reqid 16389 mode tunnel src 10.241.0.0/16 dst 10.249.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 209.91.185.168 proto esp reqid 16385 mode tunnel src 10.241.0.0/16 dst 10.247.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 64.201.38.182 proto esp reqid 16389 mode tunnel src 10.243.0.0/16 dst 10.248.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 216.191.52.94 proto esp reqid 16393 mode tunnel src 10.241.0.0/16 dst 10.248.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 216.191.52.94 proto esp reqid 16397 mode tunnel src 10.243.0.0/16 dst 10.247.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 64.201.38.182 proto esp reqid 16401 mode tunnel src 10.243.0.0/16 dst 10.249.0.0/16 dir out priority 2608 ptype main tmpl src 216.191.52.91 dst 209.91.185.168 proto esp reqid 16409 mode tunnel src 10.248.0.0/16 dst 10.243.0.0/16 dir fwd priority 2608 ptype main tmpl src 216.191.52.94 dst 216.191.52.91 proto esp reqid 16393 mode tunnel src 10.248.0.0/16 dst 10.241.0.0/16 dir fwd priority 2608 ptype main tmpl src 216.191.52.94 dst 216.191.52.91 proto esp reqid 16397 mode tunnel src 10.249.0.0/16 dst 10.243.0.0/16 dir fwd priority 2608 ptype main tmpl src 209.91.185.168 dst 216.191.52.91 proto esp reqid 16409 mode tunnel src 10.249.0.0/16 dst 10.241.0.0/16 dir fwd priority 2608 ptype main tmpl src 209.91.185.168 dst 216.191.52.91 proto esp reqid 16385 mode tunnel src 10.247.0.0/16 dst 10.243.0.0/16 dir fwd priority 2608 ptype main tmpl src 64.201.38.182 dst 216.191.52.91 proto esp reqid 16401 mode tunnel src 10.247.0.0/16 dst 10.241.0.0/16 dir fwd priority 2608 ptype main tmpl src 64.201.38.182 dst 216.191.52.91 proto esp reqid 16389 mode tunnel src ::/0 dst ::/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 ptype main src ::/0 dst ::/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 ptype main + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 216.191.52.91 000 interface eth0/eth0 216.191.52.91 000 interface eth1/eth1 10.243.102.230 000 interface eth1/eth1 10.243.102.230 000 interface eth2/eth2 10.241.100.230 000 interface eth2/eth2 10.241.100.230 000 %myid = (none) 000 debug none 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=22, name=(null), ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "ggh-brockport": 10.241.0.0/16===216.191.52.91---216.191.52.65...66.186.93.1---209.91.185.168===10.249.0.0/16; erouted; eroute owner: #13 000 "ggh-brockport": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "ggh-brockport": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "ggh-brockport": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "ggh-brockport": newest ISAKMP SA: #19; newest IPsec SA: #13; 000 "ggh-brockport": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 000 "ggh-gghdev": 10.243.0.0/16===216.191.52.91---216.191.52.65...216.191.52.65---216.191.52.91===10.241.0.0/16; unrouted; eroute owner: #0 000 "ggh-gghdev": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "ggh-gghdev": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "ggh-gghdev": policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 16,16; interface: ; 000 "ggh-gghdev": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "gghdev-brockport": 10.243.0.0/16===216.191.52.91---216.191.52.65...66.186.93.1---209.91.185.168===10.249.0.0/16; erouted; eroute owner: #14 000 "gghdev-brockport": srcip=10.243.102.230; dstip=10.249.100.20; srcup=ipsec _updown; dstup=ipsec _updown; 000 "gghdev-brockport": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "gghdev-brockport": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "gghdev-brockport": newest ISAKMP SA: #0; newest IPsec SA: #14; 000 "homecad-ggh": 10.241.0.0/16===216.191.52.91---216.191.52.65...64.201.38.161---64.201.38.182===10.247.0.0/16; erouted; eroute owner: #21 000 "homecad-ggh": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "homecad-ggh": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "homecad-ggh": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "homecad-ggh": newest ISAKMP SA: #20; newest IPsec SA: #21; 000 "homecad-ggh": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 000 "homecad-gghdev": 10.243.0.0/16===216.191.52.91---216.191.52.65...64.201.38.161---64.201.38.182===10.247.0.0/16; erouted; eroute owner: #17 000 "homecad-gghdev": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "homecad-gghdev": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "homecad-gghdev": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "homecad-gghdev": newest ISAKMP SA: #0; newest IPsec SA: #17; 000 "rhtest-ggh": 10.241.0.0/16===216.191.52.91---216.191.52.65...216.191.52.65---216.191.52.94===10.248.0.0/16; erouted; eroute owner: #7 000 "rhtest-ggh": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "rhtest-ggh": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "rhtest-ggh": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "rhtest-ggh": newest ISAKMP SA: #0; newest IPsec SA: #7; 000 "rhtest-gghdev": 10.243.0.0/16===216.191.52.91---216.191.52.65...216.191.52.65---216.191.52.94===10.248.0.0/16; erouted; eroute owner: #6 000 "rhtest-gghdev": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown; 000 "rhtest-gghdev": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "rhtest-gghdev": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,16; interface: eth0; 000 "rhtest-gghdev": newest ISAKMP SA: #18; newest IPsec SA: #6; 000 "rhtest-gghdev": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536 000 000 #19: "ggh-brockport":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1670s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0) 000 #9: "ggh-brockport":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23276s 000 #9: "ggh-brockport" esp.78cc0692@209.91.185.168 esp.7d857fcd@216.191.52.91 tun.0@209.91.185.168 tun.0@216.191.52.91 000 #13: "ggh-brockport":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23916s; newest IPSEC; eroute owner 000 #13: "ggh-brockport" esp.b13917ab@209.91.185.168 esp.a9ff1546@216.191.52.91 tun.0@209.91.185.168 tun.0@216.191.52.91 000 #8: "gghdev-brockport":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23116s 000 #8: "gghdev-brockport" esp.4201bca6@209.91.185.168 esp.271aff04@216.191.52.91 tun.0@209.91.185.168 tun.0@216.191.52.91 000 #14: "gghdev-brockport":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23916s; newest IPSEC; eroute owner 000 #14: "gghdev-brockport" esp.5aae9ff4@209.91.185.168 esp.2e4f4a9@216.191.52.91 tun.0@209.91.185.168 tun.0@216.191.52.91 000 #21: "homecad-ggh":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26561s; newest IPSEC; eroute owner 000 #21: "homecad-ggh" esp.cf8a6f2a@64.201.38.182 esp.3297266@216.191.52.91 tun.0@64.201.38.182 tun.0@216.191.52.91 000 #20: "homecad-ggh":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1695s; newest ISAKMP; lastdpd=24s(seq in:0 out:0) 000 #17: "homecad-gghdev":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23920s; newest IPSEC; eroute owner 000 #17: "homecad-gghdev" esp.cf8a6f29@64.201.38.182 esp.2f3d786e@216.191.52.91 tun.0@64.201.38.182 tun.0@216.191.52.91 000 #7: "rhtest-ggh":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23129s; newest IPSEC; eroute owner 000 #7: "rhtest-ggh" esp.2d9d5d60@216.191.52.94 esp.7bfaff9a@216.191.52.91 tun.0@216.191.52.94 tun.0@216.191.52.91 000 #3: "rhtest-ggh":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23911s 000 #3: "rhtest-ggh" esp.2d9d5d5e@216.191.52.94 esp.75b4b9bc@216.191.52.91 tun.0@216.191.52.94 tun.0@216.191.52.91 000 #18: "rhtest-gghdev":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1662s; newest ISAKMP; nodpd 000 #6: "rhtest-gghdev":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23211s; newest IPSEC; eroute owner 000 #6: "rhtest-gghdev" esp.2d9d5d5f@216.191.52.94 esp.f243915a@216.191.52.91 tun.0@216.191.52.94 tun.0@216.191.52.91 000 #2: "rhtest-gghdev":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23911s 000 #2: "rhtest-gghdev" esp.2d9d5d5d@216.191.52.94 esp.d3e74275@216.191.52.91 tun.0@216.191.52.94 tun.0@216.191.52.91 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:B0:D0:20:4D:E7 inet addr:216.191.52.91 Bcast:216.191.52.95 Mask:255.255.255.224 inet6 addr: fe80::2b0:d0ff:fe20:4de7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2252727 errors:0 dropped:0 overruns:0 frame:0 TX packets:963449 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:255623171 (243.7 MiB) TX bytes:173558209 (165.5 MiB) eth1 Link encap:Ethernet HWaddr 00:90:27:D6:B5:E4 inet addr:10.243.102.230 Bcast:10.243.255.255 Mask:255.255.0.0 inet6 addr: fe80::290:27ff:fed6:b5e4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7595970 errors:0 dropped:0 overruns:0 frame:0 TX packets:378881 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:629164100 (600.0 MiB) TX bytes:233197192 (222.3 MiB) eth2 Link encap:Ethernet HWaddr 00:90:27:D6:B5:E5 inet addr:10.241.100.230 Bcast:10.241.255.255 Mask:255.255.0.0 inet6 addr: fe80::290:27ff:fed6:b5e5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6800099 errors:0 dropped:0 overruns:0 frame:0 TX packets:12438 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:564171971 (538.0 MiB) TX bytes:2555430 (2.4 MiB) eth3 Link encap:Ethernet HWaddr 00:90:27:D5:C7:BD BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth4 Link encap:Ethernet HWaddr 00:90:27:D5:C7:BE BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3892 errors:0 dropped:0 overruns:0 frame:0 TX packets:3892 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3731138 (3.5 MiB) TX bytes:3731138 (3.5 MiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:b0:d0:20:4d:e7 brd ff:ff:ff:ff:ff:ff inet 216.191.52.91/27 brd 216.191.52.95 scope global eth0 inet6 fe80::2b0:d0ff:fe20:4de7/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:90:27:d6:b5:e4 brd ff:ff:ff:ff:ff:ff inet 10.243.102.230/16 brd 10.243.255.255 scope global eth1 inet6 fe80::290:27ff:fed6:b5e4/64 scope link valid_lft forever preferred_lft forever 4: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:90:27:d6:b5:e5 brd ff:ff:ff:ff:ff:ff inet 10.241.100.230/16 brd 10.241.255.255 scope global eth2 inet6 fe80::290:27ff:fed6:b5e5/64 scope link valid_lft forever preferred_lft forever 5: eth3: mtu 1500 qdisc noop qlen 1000 link/ether 00:90:27:d5:c7:bd brd ff:ff:ff:ff:ff:ff 6: eth4: mtu 1500 qdisc noop qlen 1000 link/ether 00:90:27:d5:c7:be brd ff:ff:ff:ff:ff:ff 7: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 + _________________________ ip-route-list + ip route list 216.191.52.64/27 dev eth0 proto kernel scope link src 216.191.52.91 10.247.0.0/16 via 216.191.52.65 dev eth0 10.241.0.0/16 dev eth2 proto kernel scope link src 10.241.100.230 10.243.0.0/16 dev eth1 proto kernel scope link src 10.243.102.230 169.254.0.0/16 dev eth2 scope link 10.249.0.0/16 via 216.191.52.65 dev eth0 10.248.0.0/16 via 216.191.52.65 dev eth0 default via 216.191.52.65 dev eth0 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.5/K2.6.22.9-61.fc6 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD flow-control, link ok product info: Intel 82555 rev 4 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth1: negotiated 100baseTx-FD flow-control, link ok product info: Intel 82555 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth2: negotiated 100baseTx-FD flow-control, link ok product info: Intel 82555 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth3: no link product info: Intel 82555 rev 0 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth4: no link product info: Intel 82555 rev 0 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn vpn.greatgulfhomes.com + _________________________ hostname/ipaddress + hostname --ip-address 216.191.52.91 + _________________________ uptime + uptime 16:03:38 up 51 days, 22:42, 4 users, load average: 0.91, 0.23, 0.08 + _________________________ ps + egrep -i 'ppid|pluto|ipsec|klips' + ps alxwf F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 1411 31227 20 0 4456 1080 wait S+ pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/barf 0 0 1569 1411 20 0 1820 484 pipe_w S+ pts/0 0:00 \_ egrep -i ppid|pluto|ipsec|klips 1 0 31733 1 20 0 2420 408 wait S pts/0 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 1 0 31734 31733 20 0 2420 584 wait S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid 4 0 31735 31734 20 0 2956 1676 - S pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal 1 0 31746 31735 30 10 2704 548 - SN pts/0 0:00 | \_ pluto helper # 0 0 0 31820 31735 20 0 1576 292 - S pts/0 0:00 | \_ _pluto_adns 0 0 31736 31733 20 0 2424 1044 pipe_w S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 31737 1 20 0 1632 488 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults # no default route + _________________________ ipsec/conf + ipsec _keycensor + ipsec _include /etc/ipsec.conf #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" interfaces="ipsec0=eth0" #klipsdebug="control parsing" #plutodebug="control parsing" overridemtu=1410 nat_traversal=yes # Connection between GGH and GGHDEV conn ggh-gghdev # Left Security gateway, subnet behind it, next hop toward right left=216.191.52.91 leftsubnet=10.241.0.0/16 leftnexthop=216.191.52.65 # Right Security gateway, subnet behind it, next hop towards left right=216.191.52.91 rightsubnet=10.243.0.0/16 rightnexthop=216.191.52.65 keyingtries=0 authby=secret type=tunnel auto=start # Connections for GGH (10.241.x.x) conn ggh-brockport # Left Security gateway, subnet behind it, next hop toward right left=216.191.52.91 leftsubnet=10.241.0.0/16 leftnexthop=216.191.52.65 # Right Security gateway, subnet behind it, next hop towards left right=209.91.185.168 rightsubnet=10.249.0.0/16 rightnexthop=66.186.93.1 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes conn rhtest-ggh # Left Security gateway, subnet behind it, next hop toward right left=216.191.52.94 leftsubnet=10.248.0.0/16 leftnexthop=216.191.52.65 # Right Security gateway, subnet behind it, next hop towards left right=216.191.52.91 rightsubnet=10.241.0.0/16 rightnexthop=216.191.52.65 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes conn homecad-ggh # Left Security gateway, subnet behind it, next hop toward right left=64.201.38.182 leftsubnet=10.247.0.0/16 leftnexthop=64.201.38.161 # Right Security gateway, subnet behind it, next hop towards left right=216.191.52.91 rightsubnet=10.241.0.0/16 rightnexthop=216.191.52.65 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes # Connections for GGHDEV (10.243.x.x) conn gghdev-brockport # Left Security gateway, subnet behind it, next hop toward right left=216.191.52.91 leftsubnet=10.243.0.0/16 leftsourceip=10.243.102.230 leftnexthop=216.191.52.65 # Right Security gateway, subnet behind it, next hop towards left right=209.91.185.168 rightsubnet=10.249.0.0/16 rightsourceip=10.249.100.20 rightnexthop=66.186.93.1 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes conn rhtest-gghdev # Left Security gateway, subnet behind it, next hop toward right left=216.191.52.94 leftsubnet=10.248.0.0/16 leftnexthop=216.191.52.65 # Right Security gateway, subnet behind it, next hop towards left right=216.191.52.91 rightsubnet=10.243.0.0/16 rightnexthop=216.191.52.65 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes conn homecad-gghdev # Left Security gateway, subnet behind it, next hop toward right left=64.201.38.182 leftsubnet=10.247.0.0/16 leftnexthop=64.201.38.161 # Right Security gateway, subnet behind it, next hop towards left right=216.191.52.91 rightsubnet=10.243.0.0/16 rightnexthop=216.191.52.65 keyingtries=0 authby=secret type=tunnel auto=start #forceencaps=yes #< /etc/ipsec.d/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/share/doc/openswan/policygroups.html for details. # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 133 + _________________________ ipsec/secrets + ipsec _secretcensor + ipsec _include /etc/ipsec.secrets #< /etc/ipsec.secrets 1 #< /etc/ipsec.d/hostkey.secrets 1 : RSA { # RSA 2192 bits localhost.localdomain Tue Feb 19 10:17:56 2008 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQOJYzHbo] Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } # do not change the indenting of that "[sums to 7d9d...]" #> /etc/ipsec.secrets 2 #ggh to gghdev 216.191.52.93 216.191.52.93: PSK "[sums to b4dd...]" #ggh to brockport 216.191.52.91 209.91.185.168: PSK "[sums to b4dd...]" #rhtest to ggh 216.191.52.94 216.191.52.91: PSK "[sums to b4dd...]" #homecad to ggh 64.201.38.182 216.191.52.91: PSK "[sums to b4dd...]" #gghdev to brockport 216.191.52.91 209.91.185.168: PSK "[sums to b4dd...]" #rhtest to gghdev 216.191.52.94 216.191.52.91: PSK "[sums to b4dd...]" #homecad to gghdev 64.201.38.182 216.191.52.91: PSK "[sums to b4dd...]" : RSA {# RSA 2048 bits vpntest.greatgulfhomes.com Wed Feb 20 16:32:49 2008 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQNseplVv] U6j8ClUtB7tpL+O6MDi4AW8WkhJWFuy9MOVYBhxhkJc8rbB38LvV9e6zwwfkyP8Hlu/Sn3WOxN/s/KD1OWkqptWTweUH+bf+JP6iGv2s5SOUNOLxoiLGlnedeUxG8C HwhL7BSjyr2ug2YcSdOOeAqUwKTvAwPh59TRD77gqgbYb80+rfnMrjfIkURP71Yes36C/w751gJhQcsihVwOlTLsHdxfToDwv4Kdwx3/VCZZop Modulus: [...] 7028fcce3911fd69e8eacc0a91ca85bd97ff5c7aae1174a27ec53a8fc0a552d07bb692fe3ba3038b8016f1692125616ecbd30e558061c6190973cadb077f0b bd5f5eeb3c307e4c8ff0796efd29f758ec4dfecfca0f539692aa6d593c1e507f9b7fe24fea21afdace5239434e2f1a222c696779d794c46f021f084bec14a3 cabdae83661c49d38e780a94c0a4ef0303e1e7d4d10fbee0aa06d86fcd3eadf9ccae37c891444fef561eb37e82ff0ef9d6026141cb22855c0e9532ec1ddc5f 4e80f0bf829dc31dff542659a29 PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] 6bbe047712b17f77b42daa3c517c7757184c6b9f99553a1472583e1b1520df17f570e322bf49187fb49b2b41eaae7d9185863ae7cca32d0e40104baed6e8a1 cf2bea81f4e53a7c8a08150cc2a81439a3eadc4ae6b0300117358b4c1335df3eabd55acbd5fe3b298bb223cf1e65012088877c5b6f037304a610a5850e07f7 ada6e5d20b01a099e4c6bd082e2e8ed43d2429e3af8e5a69600ff7c00a38db853f91167778cd369e5b47c895b089cf71a87edf7f481a3e4b31ed0ef6591b72 cfc4ae9859a4bb09e3a660df8dfb5489e79 Prime1: [...] 6017ab5a7fb3fd9c18abc722c530eaaae5f5024c02c64a0bba26d9cbbdeaa4810057461f06bffdafeec4e9fb16af04117bfd2095e5f94c4e4516864d582239 0e68929e5231bd74ce296f Prime2: [...] 4e68ebe33a73986f0109559c759d7e11afd408b30340810f7ade23b6b4e4d96e00cf933ac013308d7e8416620933523d3becd8acd36632b9dbc195ff7b280f d9da38d98bd8f98de3b9e7 Exponent1: [...] 7bd95651ce6ffcd53bd65c7da172e209c71eea356dd572edc07d16f3bdd29471856003a2ebf59d553ca9f2df1520f1f580ba7fe15b943fb88342e0f0433901 6d0b445b71436cbd3a3341b9f Exponent2: [...] fc1899b47ecd1a2659f56063912f913a9611fe2b0775780560a51e96d24789890f4008a62272ab775b3a9ad64415b778c28d29de5c88ceecc7be7d663ffa77 00a913c25e65d3b5109427bef Coefficient: [...] 1c2fc7924b5b56b07d865b12772b90daf0e2985dc0111a9adf43afe2c0fb57adf9cb5fb28eafeb5047edfffd1939cab36817229a45e0c83fa03509a32d2e46 7e1b3c68b899e890f23782a04a6 } # do not change the indenting of that "[sums to 7d9d...]" + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/lib/ipsec total 164 -rwxr-xr-x 1 root root 15859 Jul 12 2006 _confread -rwxr-xr-x 1 root root 15084 Jul 12 2006 _copyright -rwxr-xr-x 1 root root 2379 Jul 12 2006 _include -rwxr-xr-x 1 root root 1475 Jul 12 2006 _keycensor -rwxr-xr-x 1 root root 3586 Jul 12 2006 _plutoload -rwxr-xr-x 1 root root 7061 Jul 12 2006 _plutorun -rwxr-xr-x 1 root root 12275 Jul 12 2006 _realsetup -rwxr-xr-x 1 root root 1975 Jul 12 2006 _secretcensor -rwxr-xr-x 1 root root 9958 Jul 12 2006 _startklips -rwxr-xr-x 1 root root 13918 Jul 12 2006 _updown -rwxr-xr-x 1 root root 15746 Jul 12 2006 _updown_x509 -rwxr-xr-x 1 root root 1942 Jul 12 2006 ipsec_pr.template + _________________________ ipsec/ls-execdir + ls -l /usr/libexec/ipsec total 3456 -rwxr-xr-x 1 root root 28834 Jul 12 2006 _pluto_adns -rwxr-xr-x 1 root root 18891 Jul 12 2006 auto -rwxr-xr-x 1 root root 11355 Jul 12 2006 barf -rwxr-xr-x 1 root root 816 Jul 12 2006 calcgoo -rwxr-xr-x 1 root root 208052 Jul 12 2006 eroute -rwxr-xr-x 1 root root 63298 Jul 12 2006 ikeping -rwxr-xr-x 1 root root 135901 Jul 12 2006 klipsdebug -rwxr-xr-x 1 root root 1836 Jul 12 2006 livetest -rwxr-xr-x 1 root root 2605 Jul 12 2006 look -rwxr-xr-x 1 root root 7153 Jul 12 2006 mailkey -rwxr-xr-x 1 root root 16015 Jul 12 2006 manual -rwxr-xr-x 1 root root 1926 Jul 12 2006 newhostkey -rwxr-xr-x 1 root root 117808 Jul 12 2006 pf_key -rwxr-xr-x 1 root root 1941797 Jul 12 2006 pluto -rwxr-xr-x 1 root root 24901 Jul 12 2006 ranbits -rwxr-xr-x 1 root root 52360 Jul 12 2006 rsasigkey -rwxr-xr-x 1 root root 766 Jul 12 2006 secrets -rwxr-xr-x 1 root root 17636 Jul 12 2006 send-pr lrwxrwxrwx 1 root root 22 Feb 19 10:17 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Jul 12 2006 showdefaults -rwxr-xr-x 1 root root 4748 Jul 12 2006 showhostkey -rwxr-xr-x 1 root root 334886 Jul 12 2006 spi -rwxr-xr-x 1 root root 166522 Jul 12 2006 spigrp -rwxr-xr-x 1 root root 29484 Jul 12 2006 tncfg -rwxr-xr-x 1 root root 11629 Jul 12 2006 verify -rwxr-xr-x 1 root root 142502 Jul 12 2006 whack + _________________________ ipsec/updowns ++ ls /usr/libexec/ipsec ++ egrep updown + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 3731138 3892 0 0 0 0 0 0 3731138 3892 0 0 0 0 0 0 eth0:255623657 2252734 0 0 0 0 0 0 173558497 963453 0 0 0 0 0 0 eth1:629165018 7595977 0 0 0 0 0 0 233197480 378885 0 0 0 0 0 0 eth2:564172211 6800103 0 0 0 0 0 0 2555430 12438 0 0 0 0 0 0 eth3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 4034BFD8 00000000 0001 0 0 0 E0FFFFFF 0 0 0 eth0 0000F70A 4134BFD8 0003 0 0 0 0000FFFF 0 0 0 eth2 0000F10A 00000000 0001 0 0 0 0000FFFF 0 0 0 eth1 0000F30A 00000000 0001 0 0 0 0000FFFF 0 0 0 eth2 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0 eth0 0000F90A 4134BFD8 0003 0 0 0 0000FFFF 0 0 0 eth0 0000F80A 4134BFD8 0003 0 0 0 0000FFFF 0 0 0 eth0 00000000 4134BFD8 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter eth3/rp_filter eth4/rp_filter lo/rp_filter sit0/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 eth2/rp_filter:1 eth3/rp_filter:1 eth4/rp_filter:1 lo/rp_filter:1 sit0/rp_filter:1 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter eth3/rp_filter eth4/rp_filter lo/rp_filter sit0/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 eth2/rp_filter:1 eth3/rp_filter:1 eth4/rp_filter:1 lo/rp_filter:1 sit0/rp_filter:1 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects eth2/accept_redirects eth2/secure_redirects eth2/send_redirects eth3/accept_redirects eth3/secure_redirects eth3/send_redirects eth4/accept_redirects eth4/secure_redirects eth4/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects sit0/accept_redirects sit0/secure_redirects sit0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:0 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:0 eth1/accept_redirects:0 eth1/secure_redirects:1 eth1/send_redirects:0 eth2/accept_redirects:0 eth2/secure_redirects:1 eth2/send_redirects:0 eth3/accept_redirects:0 eth3/secure_redirects:1 eth3/send_redirects:0 eth4/accept_redirects:0 eth4/secure_redirects:1 eth4/send_redirects:0 lo/accept_redirects:0 lo/secure_redirects:1 lo/send_redirects:0 sit0/accept_redirects:0 sit0/secure_redirects:1 sit0/send_redirects:0 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux vpn.greatgulfhomes.com 2.6.22.9-61.fc6 #1 SMP Thu Sep 27 17:45:57 EDT 2007 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + cat /etc/redhat-release Fedora Core release 6 (Zod) + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.22.9-61.fc6) support detected ' NETKEY (2.6.22.9-61.fc6) support detected + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3185K 500M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 402K 76M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 834K packets, 137M bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 216.191.52.72 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 216.191.52.72 20067 1100K ACCEPT all -- * * 216.191.52.74 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 216.191.52.74 0 0 ACCEPT all -- * * 216.191.52.71 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 216.191.52.71 211 9788 ACCEPT tcp -- * * 10.241.0.0/16 0.0.0.0/0 tcp 479K 105M ACCEPT udp -- * * 10.241.0.0/16 0.0.0.0/0 udp 159 15986 ACCEPT tcp -- * * 0.0.0.0/0 10.241.0.0/16 tcp 202 21364 ACCEPT udp -- * * 0.0.0.0/0 10.241.0.0/16 udp 220K 10M ACCEPT tcp -- * * 10.243.0.0/16 0.0.0.0/0 tcp 1987K 247M ACCEPT udp -- * * 10.243.0.0/16 0.0.0.0/0 udp 170K 65M ACCEPT tcp -- * * 0.0.0.0/0 10.243.0.0/16 tcp 10721 1130K ACCEPT udp -- * * 0.0.0.0/0 10.243.0.0/16 udp 1902 3044K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 690K 142M ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 3374 762K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 28 1760 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 35 2806 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 216.191.52.0/24 0.0.0.0/0 state NEW tcp dpt:21 0 0 ACCEPT tcp -- * * 216.191.52.0/24 0.0.0.0/0 state NEW tcp dpt:23 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:67 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:389 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:500 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 3648 1184K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 1242K packets, 222M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4371 packets, 502K bytes) pkts bytes target prot opt in out source destination 5528 1801K MASQUERADE all -- * eth0 0.0.0.0/0 !10.0.0.0/8 Chain OUTPUT (policy ACCEPT 6830 packets, 1988K bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 6772 packets, 632K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 6712 packets, 624K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 32 packets, 3216 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5921 packets, 3836K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 5954 packets, 3839K bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules iptable_mangle 6977 0 - Live 0xd0c23000 xfrm4_tunnel 6849 0 - Live 0xd0bb5000 af_key 44625 0 - Live 0xd0bd2000 nf_conntrack_ftp 13761 0 - Live 0xd0c36000 nf_conntrack_netbios_ns 7105 0 - Live 0xd0b40000 ipt_REJECT 8641 1 - Live 0xd0b4f000 xt_state 6593 15 - Live 0xd0b43000 iptable_filter 7105 1 - Live 0xd0af0000 ipt_MASQUERADE 7745 1 - Live 0xd0ac7000 iptable_nat 11461 1 - Live 0xd0ad2000 nf_nat 22381 2 ipt_MASQUERADE,iptable_nat, Live 0xd0ae9000 nf_conntrack_ipv4 21837 17 iptable_nat, Live 0xd0acb000 nf_conntrack 64713 7 nf_conntrack_ftp,nf_conntrack_netbios_ns,xt_state,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xd0ad8000 nfnetlink 9945 3 nf_nat,nf_conntrack_ipv4,nf_conntrack, Live 0xd0aaf000 ip_tables 16517 3 iptable_mangle,iptable_filter,iptable_nat, Live 0xd0abd000 xfrm4_mode_tunnel 6977 20 - Live 0xd0c27000 sit 14757 0 - Live 0xd0bc7000 deflate 7873 0 - Live 0xd0bff000 zlib_deflate 21977 1 deflate, Live 0xd0c2a000 twofish 11841 0 - Live 0xd0bfb000 twofish_common 39745 1 twofish, Live 0xd0c0d000 camellia 36161 0 - Live 0xd0c19000 serpent 29249 0 - Live 0xd0c04000 blowfish 12609 0 - Live 0xd0bf6000 cbc 8513 20 - Live 0xd0bf2000 ecb 7617 0 - Live 0xd0bef000 blkcipher 10309 2 cbc,ecb, Live 0xd0beb000 xcbc 9929 0 - Live 0xd0be7000 sha256 15297 0 - Live 0xd0b4a000 crypto_null 6721 0 - Live 0xd0bc4000 aes 31616 8 - Live 0xd0bde000 des 20417 12 - Live 0xd0bcc000 tunnel4 7753 2 xfrm4_tunnel,sit, Live 0xd0bb2000 ipcomp 11849 0 - Live 0xd0b58000 esp4 11712 20 - Live 0xd0b54000 ah4 10305 0 - Live 0xd0af7000 autofs4 24773 2 - Live 0xd0baa000 hidp 26689 2 - Live 0xd0b77000 rfcomm 44377 0 - Live 0xd0bb8000 l2cap 30401 8 hidp,rfcomm, Live 0xd0b5e000 bluetooth 57893 5 hidp,rfcomm,l2cap, Live 0xd0b67000 sunrpc 161981 1 - Live 0xd0b81000 ip6t_REJECT 9536 1 - Live 0xd0ab3000 xt_tcpudp 7233 56 - Live 0xd09d5000 ip6table_filter 6849 1 - Live 0xd094e000 ip6_tables 17669 1 ip6table_filter, Live 0xd0aa9000 x_tables 18629 8 ipt_REJECT,xt_state,ipt_MASQUERADE,iptable_nat,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables, Live 0xd0901000 ipv6 277957 24 sit,ip6t_REJECT, Live 0xd0afb000 dm_mirror 25153 0 - Live 0xd09a0000 dm_multipath 21961 0 - Live 0xd09c6000 dm_mod 57089 2 dm_mirror,dm_multipath, Live 0xd09d8000 video 20937 0 - Live 0xd09bf000 sbs 22729 0 - Live 0xd09a8000 button 12113 0 - Live 0xd098c000 dock 13921 0 - Live 0xd099b000 battery 14149 0 - Live 0xd0987000 ac 9285 0 - Live 0xd0983000 lp 16105 0 - Live 0xd0949000 floppy 58661 0 - Live 0xd09af000 sg 37469 0 - Live 0xd0990000 i2c_piix4 12493 0 - Live 0xd0944000 i2c_core 27841 1 i2c_piix4, Live 0xd097b000 e100 38349 0 - Live 0xd0970000 mii 9409 1 e100, Live 0xd08e9000 st 39900 0 - Live 0xd0965000 parport_pc 30821 1 - Live 0xd095c000 parport 38281 2 lp,parport_pc, Live 0xd0951000 sr_mod 20837 0 - Live 0xd08e2000 serio_raw 10821 0 - Live 0xd08cf000 osst 53981 0 - Live 0xd0935000 cdrom 37089 1 sr_mod, Live 0xd092a000 aacraid 61637 0 - Live 0xd08f0000 aic7xxx 137337 7 - Live 0xd0907000 scsi_transport_spi 27073 1 aic7xxx, Live 0xd08d3000 sd_mod 31297 10 - Live 0xd0841000 scsi_mod 140621 8 sg,st,sr_mod,osst,aacraid,aic7xxx,scsi_transport_spi,sd_mod, Live 0xd0865000 raid456 123729 0 - Live 0xd08aa000 xor 18121 1 raid456, Live 0xd0831000 raid1 26177 2 - Live 0xd084a000 ext3 125641 3 - Live 0xd088a000 jbd 59881 1 ext3, Live 0xd0855000 mbcache 12485 1 ext3, Live 0xd082c000 ehci_hcd 35405 0 - Live 0xd0837000 ohci_hcd 23877 0 - Live 0xd0825000 uhci_hcd 27089 0 - Live 0xd081d000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 255136 kB MemFree: 4204 kB Buffers: 996 kB Cached: 174012 kB SwapCached: 0 kB Active: 115468 kB Inactive: 119252 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 255136 kB LowFree: 4204 kB SwapTotal: 1574360 kB SwapFree: 1574244 kB Dirty: 152 kB Writeback: 0 kB AnonPages: 59676 kB Mapped: 10372 kB Slab: 8336 kB SReclaimable: 2528 kB SUnreclaim: 5808 kB PageTables: 1516 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 1701928 kB Committed_AS: 91160 kB VmallocTotal: 770040 kB VmallocUsed: 4208 kB VmallocChunk: 765708 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.22.9-61.fc6/build/.config + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV' ++ uname -r + cat /lib/modules/2.6.22.9-61.fc6/build/.config CONFIG_IPC_NS=y CONFIG_NET_KEY=m CONFIG_NET_KEY_MIGRATE=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_INET_AH=m CONFIG_INET_ESP=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_IP_VS=m # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m CONFIG_IP_VS_FTP=m CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_INET6_AH=m CONFIG_INET6_ESP=m CONFIG_INET6_IPCOMP=m CONFIG_IPV6_MIP6=y CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m CONFIG_IPV6_SIT=m CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_RAW=m CONFIG_IP_DCCP=m CONFIG_INET_DCCP_DIAG=m CONFIG_IP_DCCP_ACKVEC=y CONFIG_IP_DCCP_CCID2=m # CONFIG_IP_DCCP_CCID2_DEBUG is not set CONFIG_IP_DCCP_CCID3=m CONFIG_IP_DCCP_TFRC_LIB=m # CONFIG_IP_DCCP_CCID3_DEBUG is not set CONFIG_IP_DCCP_CCID3_RTO=100 # CONFIG_IP_DCCP_DEBUG is not set CONFIG_IP_SCTP=m CONFIG_IPX=m # CONFIG_IPX_INTERN is not set CONFIG_IPDDP=m CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP_DECAP=y CONFIG_IPW2100=m CONFIG_IPW2100_MONITOR=y # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m CONFIG_IPW2200_MONITOR=y CONFIG_IPW2200_RADIOTAP=y CONFIG_IPW2200_PROMISCUOUS=y CONFIG_IPW2200_QOS=y # CONFIG_IPW2200_DEBUG is not set CONFIG_IPPP_FILTER=y # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_GEODE=m CONFIG_HW_RANDOM_VIA=m # CONFIG_CRYPTO_DEV_PADLOCK is not set CONFIG_CRYPTO_DEV_GEODE=m + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # # INN # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf ; generated by /sbin/dhclient-script search greatgulfhomes.com nameserver 216.191.52.67 nameserver 10.243.102.254 nameserver 216.191.52.74 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 12 drwxr-xr-x 6 root root 4096 Feb 19 09:06 2.6.18-1.2798.fc6 drwxr-xr-x 6 root root 4096 Feb 20 12:43 2.6.22.9-61.fc6 + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c05c6755 T __netif_rx_schedule c05c7393 T netif_rx c05c7545 T netif_rx_ni c06f8de0 r __ksymtab_netif_rx c06f8ec0 r __ksymtab_netif_rx_ni c06f8ef0 r __ksymtab___netif_rx_schedule c06fd5fc r __kcrctab_netif_rx c06fd66c r __kcrctab_netif_rx_ni c06fd684 r __kcrctab___netif_rx_schedule c070b08f r __kstrtab_netif_rx c070b257 r __kstrtab_netif_rx_ni c070b2c2 r __kstrtab___netif_rx_schedule c05c7393 u netif_rx [sit] c05c7393 u netif_rx [ipv6] c05c6755 u __netif_rx_schedule [e100] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.18-1.2798.fc6: 2.6.22.9-61.fc6: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat + sed -n '1,$p' /dev/null + _________________________ plog + case "$1" in + cat + egrep -i pluto + sed -n '817296,$p' /var/log/secure May 22 14:46:30 vpn ipsec__plutorun: Starting Pluto subsystem... May 22 14:46:30 vpn pluto[31735]: Starting Pluto (Openswan Version 2.4.5 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEnMCu\177xOp@c) May 22 14:46:30 vpn pluto[31735]: Setting NAT-Traversal port-4500 floating to on May 22 14:46:30 vpn pluto[31735]: port floating activation criteria nat_t=1/port_fload=1 May 22 14:46:30 vpn pluto[31735]: including NAT-Traversal patch (Version 0.6c) May 22 14:46:30 vpn pluto[31735]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) May 22 14:46:30 vpn pluto[31735]: starting up 1 cryptographic helpers May 22 14:46:30 vpn pluto[31735]: started helper pid=31746 (fd:6) May 22 14:46:30 vpn pluto[31735]: Using Linux 2.6 IPsec interface code on 2.6.22.9-61.fc6 May 22 14:46:32 vpn pluto[31735]: Could not change to directory '/etc/ipsec.d/cacerts' May 22 14:46:32 vpn pluto[31735]: Could not change to directory '/etc/ipsec.d/aacerts' May 22 14:46:32 vpn pluto[31735]: Could not change to directory '/etc/ipsec.d/ocspcerts' May 22 14:46:32 vpn pluto[31735]: Could not change to directory '/etc/ipsec.d/crls' May 22 14:46:32 vpn pluto[31735]: added connection description "ggh-brockport" May 22 14:46:32 vpn pluto[31735]: added connection description "homecad-ggh" May 22 14:46:32 vpn pluto[31735]: added connection description "rhtest-gghdev" May 22 14:46:32 vpn pluto[31735]: added connection description "rhtest-ggh" May 22 14:46:32 vpn pluto[31735]: added connection description "homecad-gghdev" May 22 14:46:33 vpn pluto[31735]: added connection description "ggh-gghdev" May 22 14:46:33 vpn pluto[31735]: added connection description "gghdev-brockport" May 22 14:46:33 vpn pluto[31735]: listening for IKE messages May 22 14:46:33 vpn pluto[31735]: adding interface eth2/eth2 10.241.100.230:500 May 22 14:46:33 vpn pluto[31735]: adding interface eth2/eth2 10.241.100.230:4500 May 22 14:46:33 vpn pluto[31735]: adding interface eth1/eth1 10.243.102.230:500 May 22 14:46:33 vpn pluto[31735]: adding interface eth1/eth1 10.243.102.230:4500 May 22 14:46:33 vpn pluto[31735]: adding interface eth0/eth0 216.191.52.91:500 May 22 14:46:33 vpn pluto[31735]: adding interface eth0/eth0 216.191.52.91:4500 May 22 14:46:33 vpn pluto[31735]: adding interface lo/lo 127.0.0.1:500 May 22 14:46:33 vpn pluto[31735]: adding interface lo/lo 127.0.0.1:4500 May 22 14:46:33 vpn pluto[31735]: adding interface lo/lo ::1:500 May 22 14:46:33 vpn pluto[31735]: both sides of "ggh-gghdev" are our interface eth0! May 22 14:46:33 vpn pluto[31735]: loading secrets from "/etc/ipsec.secrets" May 22 14:46:33 vpn pluto[31735]: loading secrets from "/etc/ipsec.d/hostkey.secrets" May 22 14:46:33 vpn pluto[31735]: could not open private key file '/etc/ipsec.d/private/{#' May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 24: error loading RSA private key file May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 27: index "U6j8ClUtB7tpL+O6MDi4AW8WkhJWFuy9MOVYBhxhkJc8rbB38LvV9e6zwwfkyP8Hlu/Sn3WOxN/s/KD1OWkqptWTweUH+bf+JP6iGv2s5SOUNOLxoiLGlnedeUxG8C" illegal (non-DNS-name) character in name May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 28: unexpected end of id list May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 28: index "HwhL7BSjyr2ug2YcSdOOeAqUwKTvAwPh59TRD77gqgbYb80+rfnMrjfIkURP71Yes36C/w751gJhQcsihVwOlTLsHdxfToDwv4Kdwx3/VCZZop" illegal (non-DNS-name) character in name May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 29: index "Modulus" does not look numeric and name lookup failed May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 29: unrecognized key format: 0x6c7a9955bd61bec36649dfc60b7092bfda32b9e88587276104abcde5bc3c4357c86e767ec5c1828c726916b3388cdeac6e086741aca May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 30: index "7028fcce3911fd69e8eacc0a91ca85bd97ff5c7aae1174a27ec53a8fc0a552d07bb692fe3ba3038b8016f1692125616ecbd30e558061c6190973cadb077f0b" byte overflow in dotted-decimal address May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 31: unexpected end of id list May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 31: index "bd5f5eeb3c307e4c8ff0796efd29f758ec4dfecfca0f539692aa6d593c1e507f9b7fe24fea21afdace5239434e2f1a222c696779d794c46f021f084bec14a3" does not look numeric and name lookup failed May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 32: unexpected end of id list May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 32: index "cabdae83661c49d38e780a94c0a4ef0303e1e7d4d10fbee0aa06d86fcd3eadf9ccae37c891444fef561eb37e82ff0ef9d6026141cb22855c0e9532ec1ddc5f" does not look numeric and name lookup failed May 22 14:46:33 vpn pluto[31735]: "/etc/ipsec.secrets" line 33: unexpected end of id list May 22 14:46:33 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 33: index "4e80f0bf829dc31dff542659a29" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 34: index "PublicExponent" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 34: unrecognized key format: 0x03 May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 37: index "6bbe047712b17f77b42daa3c517c7757184c6b9f99553a1472583e1b1520df17f570e322bf49187fb49b2b41eaae7d9185863ae7cca32d0e40104baed6e8a1" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 38: unexpected end of id list May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 38: index "cf2bea81f4e53a7c8a08150cc2a81439a3eadc4ae6b0300117358b4c1335df3eabd55acbd5fe3b298bb223cf1e65012088877c5b6f037304a610a5850e07f7" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 39: unexpected end of id list May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 39: index "ada6e5d20b01a099e4c6bd082e2e8ed43d2429e3af8e5a69600ff7c00a38db853f91167778cd369e5b47c895b089cf71a87edf7f481a3e4b31ed0ef6591b72" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 40: unexpected end of id list May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 40: index "cfc4ae9859a4bb09e3a660df8dfb5489e79" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 41: index "Prime1" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 41: unrecognized key format: 0xc655d04aaee7e13349728e08585d06c1d935da1110004923ebd6827746d3da48569dbcdee8ffb9955c6c7be3d46617660236201acb9c May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 42: index "6017ab5a7fb3fd9c18abc722c530eaaae5f5024c02c64a0bba26d9cbbdeaa4810057461f06bffdafeec4e9fb16af04117bfd2095e5f94c4e4516864d582239" byte overflow in dotted-decimal address May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 43: unexpected end of id list May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 43: index "0e68929e5231bd74ce296f" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 44: index "Prime2" does not look numeric and name lookup failed May 22 14:46:34 vpn pluto[31735]: "/etc/ipsec.secrets" line 44: unrecognized key format: 0x8c04bc8ec95aecb94a7a52f489996c5c3a1c08ea79785ed17e68cb18baab68dfab126620f02591c082c692513678dc3d9df4fb5dbfa2 May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 45: index "4e68ebe33a73986f0109559c759d7e11afd408b30340810f7ade23b6b4e4d96e00cf933ac013308d7e8416620933523d3becd8acd36632b9dbc195ff7b280f" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: "/etc/ipsec.secrets" line 46: unexpected end of id list May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 46: index "d9da38d98bd8f98de3b9e7" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 47: index "Exponent1" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: "/etc/ipsec.secrets" line 47: unrecognized key format: 0x843935871f4540ccdba1b405903e04813b793c0b600030c29d39ac4f848d3c3039be7de9f0aa7bb8e8485297e2eeba4401796abc8 May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 48: index "7bd95651ce6ffcd53bd65c7da172e209c71eea356dd572edc07d16f3bdd29471856003a2ebf59d553ca9f2df1520f1f580ba7fe15b943fb88342e0f0433901" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: "/etc/ipsec.secrets" line 49: unexpected end of id list May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 49: index "6d0b445b71436cbd3a3341b9f" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 50: index "Exponent2" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: "/etc/ipsec.secrets" line 50: unrecognized key format: 0x5d587db4863c9dd0dc518ca30666483d7c12b09c50fae9e0fef08765d1c79b3fc761996b4ac3b680572f0c36245092d3bea3523e7 May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 51: index "fc1899b47ecd1a2659f56063912f913a9611fe2b0775780560a51e96d24789890f4008a62272ab775b3a9ad64415b778c28d29de5c88ceecc7be7d663ffa77" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: "/etc/ipsec.secrets" line 52: unexpected end of id list May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 52: index "00a913c25e65d3b5109427bef" does not look numeric and name lookup failed May 22 14:46:35 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 53: index "Coefficient" does not look numeric and name lookup failed May 22 14:46:36 vpn pluto[31735]: "/etc/ipsec.secrets" line 53: unrecognized key format: 0x85d15e03fc5d8c89c163d407d8a35da0228795ee4fd0a51f74d0bbab8c013992c6b99068da7e530d9a12491c2d9ce195ed43094 May 22 14:46:36 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 54: index "1c2fc7924b5b56b07d865b12772b90daf0e2985dc0111a9adf43afe2c0fb57adf9cb5fb28eafeb5047edfffd1939cab36817229a45e0c83fa03509a32d2e46" does not look numeric and name lookup failed May 22 14:46:36 vpn pluto[31735]: "/etc/ipsec.secrets" line 55: unexpected end of id list May 22 14:46:36 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 55: index "7e1b3c68b899e890f23782a04a6" does not look numeric and name lookup failed May 22 14:46:36 vpn pluto[31735]: ERROR "/etc/ipsec.secrets" line 56: index "}" illegal (non-DNS-name) character in name May 22 14:46:36 vpn pluto[31735]: "/etc/ipsec.secrets" line 58: unexpected end of id list May 22 14:46:36 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 May 22 14:46:36 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 May 22 14:46:36 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 14:46:36 vpn pluto[31735]: "rhtest-gghdev" #1: responding to Main Mode May 22 14:46:36 vpn pluto[31735]: "rhtest-gghdev" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 14:46:36 vpn pluto[31735]: "rhtest-gghdev" #1: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 14:46:36 vpn pluto[31735]: "rhtest-gghdev" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: Main mode peer ID is ID_IPV4_ADDR: '216.191.52.94' May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: I did not send a certificate because I do not have one. May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #2: responding to Quick Mode {msgid:c9cca98d} May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:37 vpn pluto[31735]: "rhtest-gghdev" #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x2d9d5d5d <0xd3e74275 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none} May 22 14:46:37 vpn pluto[31735]: "rhtest-ggh" #3: responding to Quick Mode {msgid:983541e6} May 22 14:46:37 vpn pluto[31735]: "rhtest-ggh" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:37 vpn pluto[31735]: "rhtest-ggh" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:37 vpn pluto[31735]: "rhtest-ggh" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:37 vpn pluto[31735]: "rhtest-ggh" #3: STATE_QUICK_R2: IPsec SA established {ESP=>0x2d9d5d5e <0x75b4b9bc xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none} May 22 14:46:37 vpn pluto[31735]: "ggh-brockport" #4: initiating Main Mode May 22 14:46:37 vpn pluto[31735]: "homecad-ggh" #5: initiating Main Mode May 22 14:46:38 vpn pluto[31735]: "rhtest-gghdev" #6: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1} May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f] May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: received Vendor ID payload [Dead Peer Detection] May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: received Vendor ID payload [RFC 3947] method set to=110 May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: enabling possible NAT-traversal with method 3 May 22 14:46:38 vpn pluto[31735]: "rhtest-gghdev" #6: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:38 vpn pluto[31735]: "rhtest-gghdev" #6: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x2d9d5d5f <0xf243915a xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:38 vpn pluto[31735]: "rhtest-ggh" #7: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1} May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: STATE_MAIN_I2: sent MI2, expecting MR2 May 22 14:46:38 vpn pluto[31735]: "ggh-gghdev": We cannot identify ourselves with either end of this connection. May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: I did not send a certificate because I do not have one. May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: NAT-Traversal: Result using 3: no NAT detected May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: STATE_MAIN_I3: sent MI3, expecting MR3 May 22 14:46:38 vpn pluto[31735]: "rhtest-ggh" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:38 vpn pluto[31735]: "rhtest-ggh" #7: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x2d9d5d60 <0x7bfaff9a xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: Main mode peer ID is ID_IPV4_ADDR: '209.91.185.168' May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #4: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 14:46:38 vpn pluto[31735]: "gghdev-brockport" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#4} May 22 14:46:38 vpn pluto[31735]: "ggh-brockport" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#4} May 22 14:46:38 vpn pluto[31735]: "homecad-ggh" #5: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 May 22 14:46:38 vpn pluto[31735]: "homecad-ggh" #5: received Vendor ID payload [Dead Peer Detection] May 22 14:46:38 vpn pluto[31735]: "homecad-ggh" #5: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: STATE_MAIN_I2: sent MI2, expecting MR2 May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: I did not send a certificate because I do not have one. May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: STATE_MAIN_I3: sent MI3, expecting MR3 May 22 14:46:39 vpn pluto[31735]: "gghdev-brockport" #8: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:39 vpn pluto[31735]: "gghdev-brockport" #8: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x4201bca6 <0x271aff04 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: Main mode peer ID is ID_IPV4_ADDR: '64.201.38.182' May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 14:46:39 vpn pluto[31735]: "homecad-gghdev" #10: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#5} May 22 14:46:39 vpn pluto[31735]: "homecad-ggh" #11: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#5} May 22 14:46:39 vpn pluto[31735]: "ggh-brockport" #9: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:39 vpn pluto[31735]: "ggh-brockport" #9: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x78cc0692 <0x7d857fcd xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:40 vpn pluto[31735]: "homecad-gghdev" #10: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:40 vpn pluto[31735]: "homecad-gghdev" #10: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xcf8a6f26 <0x8b0a2290 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #4: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xdc4a365a) not found (maybe expired) May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #4: received and ignored informational message May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f] May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [Dead Peer Detection] May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [RFC 3947] method set to=110 May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 May 22 14:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: responding to Main Mode May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: NAT-Traversal: Result using 3: no NAT detected May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 14:46:41 vpn pluto[31735]: "ggh-brockport" #12: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #12: Main mode peer ID is ID_IPV4_ADDR: '209.91.185.168' May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #12: I did not send a certificate because I do not have one. May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #12: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #12: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #13: responding to Quick Mode {msgid:bcf68b3b} May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #13: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #13: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:42 vpn pluto[31735]: "gghdev-brockport" #14: responding to Quick Mode {msgid:87763e32} May 22 14:46:42 vpn pluto[31735]: "gghdev-brockport" #14: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:42 vpn pluto[31735]: "gghdev-brockport" #14: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #11: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #11: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xcf8a6f27 <0xadd2eb0b xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #13: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:42 vpn pluto[31735]: "ggh-brockport" #13: STATE_QUICK_R2: IPsec SA established {ESP=>0xb13917ab <0xa9ff1546 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:42 vpn pluto[31735]: "gghdev-brockport" #14: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:42 vpn pluto[31735]: "gghdev-brockport" #14: STATE_QUICK_R2: IPsec SA established {ESP=>0x5aae9ff4 <0x02e4f4a9 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none} May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #5: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcf8a6f24) not found (maybe expired) May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #5: received and ignored informational message May 22 14:46:42 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 May 22 14:46:42 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 May 22 14:46:42 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 14:46:42 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [Dead Peer Detection] May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #15: responding to Main Mode May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #15: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 14:46:42 vpn pluto[31735]: "homecad-ggh" #15: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 14:46:43 vpn pluto[31735]: "rhtest-gghdev" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x2d9d5d5c) not found (maybe expired) May 22 14:46:43 vpn pluto[31735]: "rhtest-gghdev" #1: received and ignored informational message May 22 14:46:43 vpn pluto[31735]: "homecad-ggh" #15: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected May 22 14:46:43 vpn pluto[31735]: "homecad-ggh" #15: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 14:46:43 vpn pluto[31735]: "homecad-ggh" #15: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #15: Main mode peer ID is ID_IPV4_ADDR: '64.201.38.182' May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #15: I did not send a certificate because I do not have one. May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #15: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #15: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 14:46:44 vpn pluto[31735]: "rhtest-gghdev" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x2d9d5d5a) not found (maybe expired) May 22 14:46:44 vpn pluto[31735]: "rhtest-gghdev" #1: received and ignored informational message May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #16: responding to Quick Mode {msgid:4f72fe9b} May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:44 vpn pluto[31735]: "homecad-ggh" #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:44 vpn pluto[31735]: "homecad-gghdev" #17: responding to Quick Mode {msgid:85344223} May 22 14:46:44 vpn pluto[31735]: "homecad-gghdev" #17: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 22 14:46:44 vpn pluto[31735]: "homecad-gghdev" #17: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 May 22 14:46:45 vpn pluto[31735]: "homecad-ggh" #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:45 vpn pluto[31735]: "homecad-ggh" #16: STATE_QUICK_R2: IPsec SA established {ESP=>0xcf8a6f28 <0x71134148 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none} May 22 14:46:45 vpn pluto[31735]: "homecad-ggh" #5: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcf8a6f25) not found (maybe expired) May 22 14:46:45 vpn pluto[31735]: "homecad-ggh" #5: received and ignored informational message May 22 14:46:46 vpn pluto[31735]: "homecad-gghdev" #17: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 22 14:46:46 vpn pluto[31735]: "homecad-gghdev" #17: STATE_QUICK_R2: IPsec SA established {ESP=>0xcf8a6f29 <0x2f3d786e xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none} May 22 14:46:47 vpn pluto[31735]: "ggh-brockport" #4: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc2d4e452) not found (maybe expired) May 22 14:46:47 vpn pluto[31735]: "ggh-brockport" #4: received and ignored informational message May 22 15:35:48 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 May 22 15:35:48 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 May 22 15:35:48 vpn pluto[31735]: packet from 216.191.52.94:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: responding to Main Mode May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: Main mode peer ID is ID_IPV4_ADDR: '216.191.52.94' May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: I did not send a certificate because I do not have one. May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 15:35:48 vpn pluto[31735]: "rhtest-gghdev" #18: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f] May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [Dead Peer Detection] May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [RFC 3947] method set to=110 May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 May 22 15:35:55 vpn pluto[31735]: packet from 209.91.185.168:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 15:35:55 vpn pluto[31735]: "ggh-brockport" #19: responding to Main Mode May 22 15:35:55 vpn pluto[31735]: "ggh-brockport" #19: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 15:35:55 vpn pluto[31735]: "ggh-brockport" #19: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: NAT-Traversal: Result using 3: no NAT detected May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: Main mode peer ID is ID_IPV4_ADDR: '209.91.185.168' May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: I did not send a certificate because I do not have one. May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 15:35:56 vpn pluto[31735]: "ggh-brockport" #19: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 15:36:20 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 May 22 15:36:20 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 108 May 22 15:36:20 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] May 22 15:36:20 vpn pluto[31735]: packet from 64.201.38.182:500: received Vendor ID payload [Dead Peer Detection] May 22 15:36:20 vpn pluto[31735]: "homecad-ggh" #20: responding to Main Mode May 22 15:36:20 vpn pluto[31735]: "homecad-ggh" #20: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 22 15:36:20 vpn pluto[31735]: "homecad-ggh" #20: STATE_MAIN_R1: sent MR1, expecting MI2 May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: STATE_MAIN_R2: sent MR2, expecting MI3 May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: Main mode peer ID is ID_IPV4_ADDR: '64.201.38.182' May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: I did not send a certificate because I do not have one. May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 22 15:36:21 vpn pluto[31735]: "homecad-ggh" #20: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received Delete SA(0xcf8a6f27) payload: deleting IPSEC State #11 May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received and ignored informational message May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received Delete SA(0xcf8a6f26) payload: deleting IPSEC State #10 May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received and ignored informational message May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received Delete SA payload: replace IPSEC State #16 in 10 seconds May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #20: received and ignored informational message May 22 15:38:12 vpn pluto[31735]: "homecad-ggh" #5: received Delete SA payload: deleting ISAKMP State #5 May 22 15:38:12 vpn pluto[31735]: packet from 64.201.38.182:500: received and ignored informational message May 22 15:38:22 vpn pluto[31735]: "homecad-ggh" #21: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #16 {using isakmp#20} May 22 15:38:24 vpn pluto[31735]: "homecad-ggh" #21: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 May 22 15:38:24 vpn pluto[31735]: "homecad-ggh" #21: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xcf8a6f2a <0x03297266 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none} May 22 15:46:36 vpn pluto[31735]: "rhtest-gghdev" #1: received Delete SA payload: deleting ISAKMP State #1 May 22 15:46:36 vpn pluto[31735]: packet from 216.191.52.94:500: received and ignored informational message May 22 15:46:37 vpn pluto[31735]: "ggh-brockport" #4: received Delete SA payload: deleting ISAKMP State #4 May 22 15:46:37 vpn pluto[31735]: packet from 209.91.185.168:500: received and ignored informational message May 22 15:46:41 vpn pluto[31735]: "ggh-brockport" #12: received Delete SA payload: deleting ISAKMP State #12 May 22 15:46:41 vpn pluto[31735]: packet from 209.91.185.168:500: received and ignored informational message May 22 15:46:44 vpn pluto[31735]: "homecad-ggh" #15: received Delete SA payload: deleting ISAKMP State #15 May 22 15:46:44 vpn pluto[31735]: packet from 64.201.38.182:500: received and ignored informational message + _________________________ date + date Thu May 22 16:03:40 EDT 2008