rjo-tpo-fw01.corp.arcon.com.br Thu Aug 21 07:12:07 BRT 2008 + _________________________ version + ipsec --version Linux Openswan U2.6.14/K2.6.18-53.1.21.el5 (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.18-53.1.21.el5 (mockbuild@builder6.centos.org) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Tue May 20 09:34:18 EDT 2008 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 189.21.235.128 0.0.0.0 255.255.255.192 U 0 0 0 eth1 10.21.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 189.21.235.129 0.0.0.0 UG 0 0 0 eth1 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state src 189.21.235.131 dst 201.49.213.158 proto esp spi 0x27f52da4 reqid 16385 mode tunnel replay-window 32 auth sha1 0x870e99c7cd577004eaa14090aa5723542a56cdb2 enc aes 0x3a3639a97a49104036a2e363ad38466a src 201.49.213.158 dst 189.21.235.131 proto esp spi 0xf2d8bca0 reqid 16385 mode tunnel replay-window 32 auth sha1 0x1b1b2672b582600be61e1c2680a887000510880e enc aes 0xccb52879598c7728c4df023fa82ef864 + _________________________ ip-xfrm-policy + ip xfrm policy src 10.21.0.0/24 dst 10.21.10.0/24 dir in priority 2344 tmpl src 201.49.213.158 dst 189.21.235.131 proto esp reqid 16385 mode tunnel src 10.21.10.0/24 dst 10.21.0.0/24 dir out priority 2344 tmpl src 189.21.235.131 dst 201.49.213.158 proto esp reqid 16385 mode tunnel src 10.21.0.0/24 dst 10.21.10.0/24 dir fwd priority 2344 tmpl src 201.49.213.158 dst 189.21.235.131 proto esp reqid 16385 mode tunnel src ::/0 dst ::/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src ::/0 dst ::/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : deflate driver : deflate-generic module : deflate priority : 0 type : compression name : compress_null driver : compress_null-generic module : crypto_null priority : 0 type : compression name : digest_null driver : digest_null-generic module : crypto_null priority : 0 type : digest blocksize : 1 digestsize : 0 name : cipher_null driver : cipher_null-generic module : crypto_null priority : 0 type : cipher blocksize : 1 min keysize : 0 max keysize : 0 name : tnepres driver : tnepres-generic module : serpent priority : 0 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : blowfish driver : blowfish-generic module : blowfish priority : 0 type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : twofish driver : twofish-generic module : twofish priority : 0 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : md5 driver : md5-generic module : md5 priority : 0 type : digest blocksize : 64 digestsize : 16 name : sha256 driver : sha256-generic module : sha256 priority : 0 type : digest blocksize : 64 digestsize : 32 name : sha512 driver : sha512-generic module : sha512 priority : 0 type : digest blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512 priority : 0 type : digest blocksize : 96 digestsize : 48 name : des3_ede driver : des3_ede-generic module : des priority : 0 type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des priority : 0 type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : aes driver : aes-generic module : aes priority : 100 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : crc32c driver : crc32c-generic module : kernel priority : 0 type : digest blocksize : 32 digestsize : 4 name : sha1 driver : sha1-generic module : kernel priority : 0 type : digest blocksize : 64 digestsize : 20 + __________________________/proc/sys/net/core/xfrm-star /usr/local/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 0 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 using kernel interface: netkey 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 10.21.10.1 000 interface eth0/eth0 10.21.10.1 000 interface eth0:1/eth0:1 192.168.0.207 000 interface eth0:1/eth0:1 192.168.0.207 000 interface eth1/eth1 189.21.235.131 000 interface eth1/eth1 189.21.235.131 000 interface eth1:1/eth1:1 189.21.235.132 000 interface eth1:1/eth1:1 189.21.235.132 000 interface eth1:2/eth1:2 189.21.235.133 000 interface eth1:2/eth1:2 189.21.235.133 000 %myid = (none) 000 debug none 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "Teleporto-ALOG_RJO": 10.21.10.0/24===189.21.235.131<189.21.235.131>[@rjo-tpo-fw01.corp.arcon.com.br,+S=C]...201.49.213.158<201.49.213.158>[@rjo-alg-fw01.corp.arcon.com.br,+S=C]===10.21.0.0/24; erouted; eroute owner: #2 000 "Teleporto-ALOG_RJO": myip=unset; hisip=unset; 000 "Teleporto-ALOG_RJO": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "Teleporto-ALOG_RJO": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW; prio: 24,24; interface: eth1; 000 "Teleporto-ALOG_RJO": newest ISAKMP SA: #1; newest IPsec SA: #2; 000 "Teleporto-ALOG_RJO": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048 000 000 #2: "Teleporto-ALOG_RJO":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28086s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate 000 #2: "Teleporto-ALOG_RJO" esp.27f52da4@201.49.213.158 esp.f2d8bca0@189.21.235.131 tun.0@201.49.213.158 tun.0@189.21.235.131 ref=0 refhim=4294901761 000 #1: "Teleporto-ALOG_RJO":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2797s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:04:75:90:21:3E inet addr:10.21.10.1 Bcast:10.21.10.255 Mask:255.255.255.0 inet6 addr: fe80::204:75ff:fe90:213e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:61783166 errors:0 dropped:0 overruns:1 frame:0 TX packets:71838811 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:850405628 (811.0 MiB) TX bytes:4253806263 (3.9 GiB) Interrupt:193 Base address:0x4000 eth0:1 Link encap:Ethernet HWaddr 00:04:75:90:21:3E inet addr:192.168.0.207 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:193 Base address:0x4000 eth1 Link encap:Ethernet HWaddr 00:B0:D0:3E:07:5E inet addr:189.21.235.131 Bcast:189.21.235.191 Mask:255.255.255.192 inet6 addr: fe80::2b0:d0ff:fe3e:75e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:68817814 errors:0 dropped:0 overruns:0 frame:0 TX packets:58215489 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1562041160 (1.4 GiB) TX bytes:1855644222 (1.7 GiB) eth1:1 Link encap:Ethernet HWaddr 00:B0:D0:3E:07:5E inet addr:189.21.235.132 Bcast:189.21.235.191 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth1:2 Link encap:Ethernet HWaddr 00:B0:D0:3E:07:5E inet addr:189.21.235.133 Bcast:189.21.235.191 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:159530 errors:0 dropped:0 overruns:0 frame:0 TX packets:159530 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:15775440 (15.0 MiB) TX bytes:15775440 (15.0 MiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:04:75:90:21:3e brd ff:ff:ff:ff:ff:ff inet 10.21.10.1/24 brd 10.21.10.255 scope global eth0 inet 192.168.0.207/24 brd 192.168.0.255 scope global eth0:1 inet6 fe80::204:75ff:fe90:213e/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:b0:d0:3e:07:5e brd ff:ff:ff:ff:ff:ff inet 189.21.235.131/26 brd 189.21.235.191 scope global eth1 inet 189.21.235.132/26 brd 189.21.235.191 scope global secondary eth1:1 inet 189.21.235.133/26 brd 189.21.235.191 scope global secondary eth1:2 inet6 fe80::2b0:d0ff:fe3e:75e/64 scope link valid_lft forever preferred_lft forever 4: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 + _________________________ ip-route-list + ip route list 189.21.235.128/26 dev eth1 proto kernel scope link src 189.21.235.131 10.21.10.0/24 dev eth0 proto kernel scope link src 10.21.10.1 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.207 169.254.0.0/16 dev eth1 scope link default via 189.21.235.129 dev eth1 + _________________________ ip-rule-list + ip rule list 0: from all lookup 255 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.14/K2.6.18-53.1.21.el5 (netkey) Checking for IPsec support in kernel [OK] Testing against enforced SElinux mode [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [N/A] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward dns zone: rjo-tpo-fw01.corp.arcon.com.br [MISSING] Does the machine have at least one non-private address? [OK] Looking for TXT in reverse dns zone: 131.235.21.189.in-addr.arpa. [MISSING] Looking for TXT in reverse dns zone: 132.235.21.189.in-addr.arpa. [MISSING] Looking for TXT in reverse dns zone: 133.235.21.189.in-addr.arpa. [MISSING] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:10:5a, model 0 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth1: negotiated 100baseTx-FD flow-control, link ok product info: Intel 82555 rev 4 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn rjo-tpo-fw01.corp.arcon.com.br + _________________________ hostname/ipaddress + hostname --ip-address 127.0.0.1 + _________________________ uptime + uptime 07:12:23 up 8 days, 29 min, 2 users, load average: 0.10, 0.10, 0.03 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 21806 21347 19 0 4484 1120 wait S+ pts/0 0:00 | \_ /bin/sh /usr/local/libexec/ipsec/barf 0 0 21909 21806 19 0 1836 484 pipe_w S+ pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips 1 0 21693 1 25 0 2404 408 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid 1 0 21694 21693 25 0 2404 532 wait S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid 4 0 21696 21694 15 0 3108 1512 - S pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --use-netkey --nat_traversal 1 0 21708 21696 28 10 3108 724 - SN pts/0 0:00 | \_ pluto helper # 0 0 0 21733 21696 16 0 1592 292 - S pts/0 0:00 | \_ _pluto_adns 0 0 21697 21693 15 0 2400 936 pipe_w S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post 0 0 21695 1 17 0 1652 492 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info' + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey protostack=netkey nat_traversal=yes #< /etc/ipsec.d/Teleporto-Alog.conf 1 conn Teleporto-ALOG_RJO # Teleporto HQ left=189.21.235.131 leftsubnet=10.21.10.0/24 leftid=@rjo-tpo-fw01.corp.arcon.com.br # rsakey AQOhpGbQy leftrsasigkey=[keyid AQOhpGbQy] # ALOG RJO right=201.49.213.158 rightsubnet=10.21.0.0/24 rightid=@rjo-alg-fw01.corp.arcon.com.br # rsakey AQNoXwfHj rightrsasigkey=[keyid AQNoXwfHj] auto=add #> /etc/ipsec.conf 19 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 : RSA { # RSA 2192 bits rjo-tpo-fw01.corp.arcon.com.br Wed Aug 13 12:06:00 2008 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQOhpGbQy] Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 000 Aug 21 07:10:11 2008, 2192 RSA Key AQNoXwfHj (no private key), until --- -- --:--:-- ---- ok (expires never) 000 ID_FQDN '@rjo-alg-fw01.corp.arcon.com.br' 000 Aug 21 07:10:11 2008, 2192 RSA Key AQOhpGbQy (has private key), until --- -- --:--:-- ---- ok (expires never) 000 ID_FQDN '@rjo-tpo-fw01.corp.arcon.com.br' 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 1: RSA (none) (none) + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block.rpmnew + base=block.rpmnew + _________________________ ipsec/policies/block.rpmnew + cat /etc/ipsec.d/policies/block.rpmnew # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # root name servers should be in the clear 192.58.128.30/32 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 193.0.14.129/32 199.7.83.42/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private.rpmnew + base=clear-or-private.rpmnew + _________________________ ipsec/policies/clear-or-private.rpmnew + cat /etc/ipsec.d/policies/clear-or-private.rpmnew # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear.rpmnew + base=clear.rpmnew + _________________________ ipsec/policies/clear.rpmnew + cat /etc/ipsec.d/policies/clear.rpmnew # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # root name servers should be in the clear 192.58.128.30/32 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 193.0.14.129/32 199.7.83.42/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear.rpmnew + base=private-or-clear.rpmnew + _________________________ ipsec/policies/private-or-clear.rpmnew + cat /etc/ipsec.d/policies/private-or-clear.rpmnew # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private.rpmnew + base=private.rpmnew + _________________________ ipsec/policies/private.rpmnew + cat /etc/ipsec.d/policies/private.rpmnew # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec total 352 -rwxr-xr-x 1 root root 11864 Aug 11 01:38 _copyright -rwxr-xr-x 1 root root 11864 Aug 11 01:35 _copyright.old -rwxr-xr-x 1 root root 2379 Aug 11 01:38 _include -rwxr-xr-x 1 root root 2379 Aug 11 01:35 _include.old -rwxr-xr-x 1 root root 1475 Aug 11 01:38 _keycensor -rwxr-xr-x 1 root root 1475 Aug 11 01:35 _keycensor.old -rwxr-xr-x 1 root root 2632 Aug 11 01:38 _plutoload -rwxr-xr-x 1 root root 2632 Aug 11 01:35 _plutoload.old -rwxr-xr-x 1 root root 7610 Aug 11 01:38 _plutorun -rwxr-xr-x 1 root root 7610 Aug 11 01:35 _plutorun.old -rwxr-xr-x 1 root root 13697 Aug 11 01:38 _realsetup -rwxr-xr-x 1 root root 13697 Aug 11 01:35 _realsetup.old -rwxr-xr-x 1 root root 1975 Aug 11 01:38 _secretcensor -rwxr-xr-x 1 root root 1975 Aug 11 01:35 _secretcensor.old -rwxr-xr-x 1 root root 9752 Aug 11 01:38 _startklips -rwxr-xr-x 1 root root 9752 Aug 11 01:38 _startklips.old -rwxr-xr-x 1 root root 4988 Aug 11 01:39 _startnetkey -rwxr-xr-x 1 root root 4988 Aug 11 01:36 _startnetkey.old -rwxr-xr-x 1 root root 4955 Aug 11 01:38 _updown -rwxr-xr-x 1 root root 14030 Aug 11 01:39 _updown.klips -rwxr-xr-x 1 root root 14030 Aug 11 01:38 _updown.klips.old -rwxr-xr-x 1 root root 13739 Aug 11 01:39 _updown.mast -rwxr-xr-x 1 root root 13739 Aug 11 01:38 _updown.mast.old -rwxr-xr-x 1 root root 8337 Aug 11 01:39 _updown.netkey -rwxr-xr-x 1 root root 8337 Aug 11 01:36 _updown.netkey.old -rwxr-xr-x 1 root root 4955 Aug 11 01:35 _updown.old + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec total 11492 -rwxr-xr-x 1 root root 379368 Aug 11 01:38 addconn -rwxr-xr-x 1 root root 379368 Aug 11 01:35 addconn.old -rwxr-xr-x 1 root root 6129 Aug 11 01:38 auto -rwxr-xr-x 1 root root 6129 Aug 11 01:35 auto.old -rwxr-xr-x 1 root root 10758 Aug 11 01:38 barf -rwxr-xr-x 1 root root 10758 Aug 11 01:35 barf.old -rwxr-xr-x 1 root root 167750 Aug 11 01:38 eroute -rwxr-xr-x 1 root root 167750 Aug 11 01:35 eroute.old -rwxr-xr-x 1 root root 48096 Aug 11 01:38 ikeping -rwxr-xr-x 1 root root 48096 Aug 11 01:36 ikeping.old -rwxr-xr-x 1 root root 112315 Aug 11 01:38 klipsdebug -rwxr-xr-x 1 root root 112315 Aug 11 01:35 klipsdebug.old -rwxr-xr-x 1 root root 1836 Aug 11 01:38 livetest -rwxr-xr-x 1 root root 1836 Aug 11 01:36 livetest.old -rwxr-xr-x 1 root root 2591 Aug 11 01:38 look -rwxr-xr-x 1 root root 2591 Aug 11 01:35 look.old -rwxr-xr-x 1 root root 870624 Aug 11 01:38 lwdnsq -rwxr-xr-x 1 root root 870624 Aug 11 01:35 lwdnsq.old -rwxr-xr-x 1 root root 1921 Aug 11 01:38 newhostkey -rwxr-xr-x 1 root root 1921 Aug 11 01:35 newhostkey.old -rwxr-xr-x 1 root root 102817 Aug 11 01:38 pf_key -rwxr-xr-x 1 root root 102817 Aug 11 01:35 pf_key.old -rwxr-xr-x 1 root root 2772131 Aug 11 01:38 pluto -rwxr-xr-x 1 root root 2772131 Aug 11 01:35 pluto.old -rwxr-xr-x 1 root root 16463 Aug 11 01:38 ranbits -rwxr-xr-x 1 root root 16463 Aug 11 01:35 ranbits.old -rwxr-xr-x 1 root root 36810 Aug 11 01:38 rsasigkey -rwxr-xr-x 1 root root 36810 Aug 11 01:35 rsasigkey.old -rwxr-xr-x 1 root root 766 Aug 11 01:38 secrets -rwxr-xr-x 1 root root 766 Aug 11 01:35 secrets.old lrwxrwxrwx 1 root root 22 Aug 11 01:38 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1054 Aug 11 01:38 showdefaults -rwxr-xr-x 1 root root 1054 Aug 11 01:36 showdefaults.old -rwxr-xr-x 1 root root 428496 Aug 11 01:38 showhostkey -rwxr-xr-x 1 root root 428496 Aug 11 01:36 showhostkey.old -rwxr-xr-x 1 root root 62534 Aug 11 01:38 showpolicy -rwxr-xr-x 1 root root 62534 Aug 11 01:35 showpolicy.old -rwxr-xr-x 1 root root 280768 Aug 11 01:38 spi -rwxr-xr-x 1 root root 280768 Aug 11 01:35 spi.old -rwxr-xr-x 1 root root 142910 Aug 11 01:38 spigrp -rwxr-xr-x 1 root root 142910 Aug 11 01:35 spigrp.old -rwxr-xr-x 1 root root 121496 Aug 11 01:38 tncfg -rwxr-xr-x 1 root root 121496 Aug 11 01:35 tncfg.old -rwxr-xr-x 1 root root 13026 Aug 11 01:38 verify -rwxr-xr-x 1 root root 13026 Aug 11 01:35 verify.old -rwxr-xr-x 1 root root 110951 Aug 11 01:38 whack -rwxr-xr-x 1 root root 110951 Aug 11 01:35 whack.old + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:15777139 159547 0 0 0 0 0 0 15777139 159547 0 0 0 0 0 0 eth0:850407229 61783187 0 0 1 0 0 0 4253806558 71838813 0 0 0 0 0 0 eth1:1562043510 68817840 0 0 0 0 0 0 1855646568 58215518 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth1 80EB15BD 00000000 0001 0 0 0 C0FFFFFF 0 0 0 eth0 000A150A 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 0000A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0 eth1 00000000 81EB15BD 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:0 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:0 eth1/accept_redirects:0 eth1/secure_redirects:1 eth1/send_redirects:0 lo/accept_redirects:0 lo/secure_redirects:1 lo/send_redirects:0 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux rjo-tpo-fw01.corp.arcon.com.br 2.6.18-53.1.21.el5 #1 SMP Tue May 20 09:34:18 EDT 2008 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + cat /etc/redhat-release CentOS release 5.2 (Final) + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.18-53.1.21.el5) support detected ' NETKEY (2.6.18-53.1.21.el5) support detected + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules iptable_mangle 6849 0 - Live 0xf89dd000 iptable_nat 11205 0 - Live 0xf89f9000 ip_nat 20973 1 iptable_nat, Live 0xf8a08000 ip_conntrack 53025 2 iptable_nat,ip_nat, Live 0xf8a2c000 nfnetlink 10713 2 ip_nat,ip_conntrack, Live 0xf89d9000 iptable_filter 7105 0 - Live 0xf89d6000 ip_tables 17029 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xf89f3000 ipcomp6 11977 0 - Live 0xf89d2000 ipcomp 11465 0 - Live 0xf89ce000 ah6 10561 0 - Live 0xf89ca000 ah4 10305 0 - Live 0xf89c6000 esp6 11585 0 - Live 0xf89c2000 esp4 11585 2 - Live 0xf89ab000 xfrm4_tunnel 6593 0 - Live 0xf8995000 xfrm4_mode_tunnel 6849 2 - Live 0xf89a8000 xfrm4_mode_transport 6209 0 - Live 0xf89a5000 xfrm6_mode_transport 6337 0 - Live 0xf89a2000 xfrm6_mode_tunnel 6721 0 - Live 0xf8998000 af_key 40785 0 - Live 0xf89af000 deflate 7873 0 - Live 0xf8b9f000 zlib_deflate 21977 1 deflate, Live 0xf8bc1000 crypto_null 6721 0 - Live 0xf8b9c000 serpent 29249 0 - Live 0xf8bb8000 blowfish 12609 0 - Live 0xf8b97000 twofish 46017 0 - Live 0xf8ba2000 md5 8129 0 - Live 0xf8a45000 sha256 15297 0 - Live 0xf8a27000 sha512 13121 0 - Live 0xf8a40000 des 20417 0 - Live 0xf8a48000 aes 31617 2 - Live 0xf8b89000 tunnel4 7364 1 xfrm4_tunnel, Live 0xf8a21000 xfrm6_tunnel 11233 1 ipcomp6, Live 0xf8a04000 tunnel6 7365 1 xfrm6_tunnel, Live 0xf8a01000 ipv6 251393 38 ipcomp6,ah6,esp6,xfrm6_mode_transport,xfrm6_tunnel,tunnel6, Live 0xf8bd3000 tun 14657 0 - Live 0xf89e6000 ipt_REJECT 9537 0 - Live 0xf89ef000 ipt_LOG 10177 0 - Live 0xf89eb000 xt_limit 6721 0 - Live 0xf89e0000 xt_multiport 7233 0 - Live 0xf89ba000 xt_tcpudp 7105 0 - Live 0xf8851000 x_tables 17349 7 iptable_nat,ip_tables,ipt_REJECT,ipt_LOG,xt_limit,xt_multiport,xt_tcpudp, Live 0xf899c000 dm_multipath 21577 0 - Live 0xf8982000 video 19269 0 - Live 0xf898f000 sbs 18533 0 - Live 0xf8989000 backlight 10049 0 - Live 0xf896f000 i2c_ec 9025 1 sbs, Live 0xf8973000 button 10705 0 - Live 0xf8939000 battery 13637 0 - Live 0xf897d000 asus_acpi 19289 0 - Live 0xf8977000 ac 9157 0 - Live 0xf893d000 lp 15849 0 - Live 0xf8955000 sr_mod 19941 0 - Live 0xf894f000 cdrom 36705 1 sr_mod, Live 0xf8965000 sg 36061 0 - Live 0xf895b000 i2c_piix4 12237 0 - Live 0xf894b000 i2c_core 23745 2 i2c_ec,i2c_piix4, Live 0xf88e7000 serio_raw 10693 0 - Live 0xf8935000 e100 36809 0 - Live 0xf8941000 floppy 57125 0 - Live 0xf8919000 3c59x 44649 0 - Live 0xf8929000 mii 9409 2 e100,3c59x, Live 0xf88e3000 parport_pc 29157 1 - Live 0xf88ee000 parport 37513 2 lp,parport_pc, Live 0xf88b1000 pcspkr 7105 0 - Live 0xf882c000 dm_snapshot 20709 0 - Live 0xf88dc000 dm_zero 6209 0 - Live 0xf882f000 dm_mirror 28741 0 - Live 0xf88a8000 dm_mod 58201 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror, Live 0xf88cc000 aic7xxx 133109 0 - Live 0xf88f7000 scsi_transport_spi 26305 1 aic7xxx, Live 0xf8849000 aacraid 59845 2 - Live 0xf88bc000 sd_mod 24897 3 - Live 0xf8841000 scsi_mod 132685 6 sr_mod,sg,aic7xxx,scsi_transport_spi,aacraid,sd_mod, Live 0xf8863000 ext3 123337 2 - Live 0xf8888000 jbd 56553 1 ext3, Live 0xf8854000 ehci_hcd 32973 0 - Live 0xf8837000 ohci_hcd 23261 0 - Live 0xf8825000 uhci_hcd 25421 0 - Live 0xf881d000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 1035332 kB MemFree: 70348 kB Buffers: 279152 kB Cached: 577800 kB SwapCached: 8 kB Active: 462248 kB Inactive: 424748 kB HighTotal: 131064 kB HighFree: 252 kB LowTotal: 904268 kB LowFree: 70096 kB SwapTotal: 2031608 kB SwapFree: 2031600 kB Dirty: 616 kB Writeback: 0 kB AnonPages: 30080 kB Mapped: 13820 kB Slab: 68960 kB PageTables: 1416 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 2549272 kB Committed_AS: 129856 kB VmallocTotal: 114680 kB VmallocUsed: 3952 kB VmallocChunk: 108956 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.18-53.1.21.el5/build/.config ++ uname -r + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM' + cat /lib/modules/2.6.18-53.1.21.el5/build/.config CONFIG_XFRM=y CONFIG_XFRM_USER=y CONFIG_NET_KEY=m CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_INET_AH=m CONFIG_INET_ESP=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_IP_VS=m # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m CONFIG_IP_VS_FTP=m CONFIG_IPV6=m CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_INET6_AH=m CONFIG_INET6_ESP=m CONFIG_INET6_IPCOMP=m CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_IPV6_TUNNEL=m # CONFIG_IPV6_SUBTREES is not set CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_ROUTE_FWMARK=y CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_SECMARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CONNTRACK_NETLINK=m CONFIG_IP_NF_CT_PROTO_SCTP=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_NETBIOS_NS=m CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_AMANDA=m CONFIG_IP_NF_PPTP=m CONFIG_IP_NF_H323=m CONFIG_IP_NF_SIP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_HASHLIMIT=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m CONFIG_IP_NF_NAT_AMANDA=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_NAT_H323=m CONFIG_IP_NF_NAT_SIP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_RAW=m CONFIG_IP_DCCP=m CONFIG_INET_DCCP_DIAG=m CONFIG_IP_DCCP_ACKVEC=y CONFIG_IP_DCCP_CCID2=m CONFIG_IP_DCCP_CCID3=m CONFIG_IP_DCCP_TFRC_LIB=m # CONFIG_IP_DCCP_DEBUG is not set CONFIG_IP_SCTP=m # CONFIG_IPX is not set CONFIG_IPW2100=m CONFIG_IPW2100_MONITOR=y # CONFIG_IPW2100_DEBUG is not set CONFIG_IPW2200=m CONFIG_IPW2200_MONITOR=y CONFIG_IPW2200_RADIOTAP=y CONFIG_IPW2200_PROMISCUOUS=y CONFIG_IPW2200_QOS=y # CONFIG_IPW2200_DEBUG is not set CONFIG_IPPP_FILTER=y CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m CONFIG_HW_RANDOM=y CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_GEODE=m CONFIG_HW_RANDOM_VIA=m CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=y + _________________________ etc/syslog.conf + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + _________________________ etc/resolv.conf + cat /etc/resolv.conf domain corp.arcon.com.br nameserver 127.0.0.1 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 24 drwxr-xr-x 6 root root 4096 Apr 25 16:55 2.6.18-8.el5 drwxr-xr-x 6 root root 4096 Aug 5 15:36 2.6.18-53.1.21.el5 drwxr-xr-x 6 root root 4096 Aug 13 15:20 2.6.18-92.1.10.el5 + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c05ac0db T __netif_rx_schedule c05ace21 T netif_rx c05ae1c4 T netif_rx_ni c05ace21 U netif_rx [ipv6] c05ae1c4 U netif_rx_ni [tun] c05ac0db U __netif_rx_schedule [e100] c05ace21 U netif_rx [3c59x] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.18-53.1.21.el5: 2.6.18-8.el5: 2.6.18-92.1.10.el5: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '4251,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Aug 21 07:10:10 rjo-tpo-fw01 ipsec_setup: Starting Openswan IPsec U2.6.14/K2.6.18-53.1.21.el5... Aug 21 07:10:10 rjo-tpo-fw01 ipsec_setup: Aug 21 07:10:10 rjo-tpo-fw01 ipsec_setup: Aug 21 07:10:11 rjo-tpo-fw01 ipsec__plutorun: 002 added connection description "Teleporto-ALOG_RJO" + _________________________ plog + sed -n '27766,$p' /var/log/secure + egrep -i pluto + case "$1" in + cat Aug 21 07:10:10 rjo-tpo-fw01 ipsec__plutorun: Starting Pluto subsystem... Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: Starting Pluto (Openswan Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:21696 Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: Setting NAT-Traversal port-4500 floating to on Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: port floating activation criteria nat_t=1/port_float=1 Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: including NAT-Traversal patch (Version 0.6c) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: using /dev/urandom as source of random entropy Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: starting up 1 cryptographic helpers Aug 21 07:10:10 rjo-tpo-fw01 pluto[21708]: using /dev/urandom as source of random entropy Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: started helper pid=21708 (fd:7) Aug 21 07:10:10 rjo-tpo-fw01 pluto[21696]: Using Linux 2.6 IPsec interface code on 2.6.18-53.1.21.el5 (experimental code) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : Ok (ret=0) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_add(): ERROR: Algorithm already exists Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_add(): ERROR: Algorithm already exists Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_add(): ERROR: Algorithm already exists Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_add(): ERROR: Algorithm already exists Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_add(): ERROR: Algorithm already exists Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changed path to directory '/etc/ipsec.d/cacerts' Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changed path to directory '/etc/ipsec.d/aacerts' Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changed path to directory '/etc/ipsec.d/ocspcerts' Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changing to directory '/etc/ipsec.d/crls' Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Warning: empty directory Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changing back to directory '/root' failed - (2 No such file or directory) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: Changing back to directory '/root' failed - (2 No such file or directory) Aug 21 07:10:11 rjo-tpo-fw01 pluto[21696]: added connection description "Teleporto-ALOG_RJO" Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: listening for IKE messages Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1:2/eth1:2 189.21.235.133:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1:2/eth1:2 189.21.235.133:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1:1/eth1:1 189.21.235.132:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1:1/eth1:1 189.21.235.132:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1/eth1 189.21.235.131:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth1/eth1 189.21.235.131:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth0:1/eth0:1 192.168.0.207:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth0:1/eth0:1 192.168.0.207:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth0/eth0 10.21.10.1:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface eth0/eth0 10.21.10.1:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface lo/lo 127.0.0.1:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface lo/lo 127.0.0.1:4500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: adding interface lo/lo ::1:500 Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: loading secrets from "/etc/ipsec.secrets" Aug 21 07:10:12 rjo-tpo-fw01 pluto[21696]: loaded private key for keyid: PPK_RSA:AQOhpGbQy Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: initiating Main Mode Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: received Vendor ID payload [Openswan (this version) 2.6.14 ] Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: received Vendor ID payload [Dead Peer Detection] Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: received Vendor ID payload [RFC 3947] method set to=109 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: enabling possible NAT-traversal with method 4 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: received Vendor ID payload [CAN-IKEv2] Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: Main mode peer ID is ID_FQDN: '@rjo-alg-fw01.corp.arcon.com.br' Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048} Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state, please report to dev@openswan.org Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state, please report to dev@openswan.org Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state, please report to dev@openswan.org Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #1: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state, please report to dev@openswan.org Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:3def359a proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048} Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 21 07:10:41 rjo-tpo-fw01 pluto[21696]: "Teleporto-ALOG_RJO" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x27f52da4 <0xf2d8bca0 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none} + _________________________ date + date Thu Aug 21 07:12:24 BRT 2008