gateway.clarkconnect.lan Wed Nov 12 13:42:46 EST 2008 + _________________________ version + ipsec --version Linux Openswan U2.2.0/K2.6.18-92.cc4 (native) See `ipsec --copyright' for copyright information. + _________________________ proc/version + cat /proc/version Linux version 2.6.18-92.cc4 (devel@cc4devel.lan) (gcc version 3.4.6 20060404 (Red Hat 3.4.6-9)) #1 SMP Thu May 22 18:27:55 EDT 2008 + _________________________ proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 24.106.218.80 0.0.0.0 255.255.255.248 U 0 0 0 eth0 192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.8.0 24.106.218.81 255.255.255.0 UG 0 0 0 eth0 0.0.0.0 24.106.218.81 0.0.0.0 UG 0 0 0 eth0 + _________________________ proc/net/ipsec_spi + test -r proc/net/ipsec_spi + _________________________ proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ setkey-D + setkey -D 24.106.218.85 24.106.218.82 esp mode=tunnel spi=3186558229(0xbdef0515) reqid=16385(0x00004001) E: 3des-cbc 30dbfc8d 00d142b0 860146e2 8976216e a81eee80 46af2168 A: hmac-sha1 125c9582 47efb399 78648f0e 497d0c38 e16593e4 seq=0x00000000 replay=64 flags=0x00000000 state=mature created: Nov 12 13:40:57 2008 current: Nov 12 13:42:46 2008 diff: 109(s) hard: 0(s) soft: 0(s) last: Nov 12 13:41:38 2008 hard: 0(s) soft: 0(s) current: 27152(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 133 hard: 0 soft: 0 sadb_seq=1 pid=24719 refcnt=0 24.106.218.82 24.106.218.85 esp mode=tunnel spi=3062277274(0xb686a49a) reqid=16385(0x00004001) E: 3des-cbc a92cd152 18cf6915 a1b7f8e7 167c6336 322eef3f bcc86b68 A: hmac-sha1 5dfcef7f e7c5c6de 3307820e a115c55f 57c88a33 seq=0x00000000 replay=64 flags=0x00000000 state=mature created: Nov 12 13:40:57 2008 current: Nov 12 13:42:46 2008 diff: 109(s) hard: 0(s) soft: 0(s) last: Nov 12 13:41:38 2008 hard: 0(s) soft: 0(s) current: 20022(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 142 hard: 0 soft: 0 sadb_seq=0 pid=24719 refcnt=0 + _________________________ setkey-D-P + setkey -D -P 192.168.8.0/24[any] 192.168.99.0/24[any] any in ipsec esp/tunnel/24.106.218.82-24.106.218.85/unique#16385 created: Nov 12 13:40:57 2008 lastused: Nov 12 13:41:49 2008 lifetime: 0(s) validtime: 0(s) spid=152 seq=10 pid=24720 refcnt=9 192.168.99.0/24[any] 192.168.8.0/24[any] any out ipsec esp/tunnel/24.106.218.85-24.106.218.82/unique#16385 created: Nov 12 13:40:57 2008 lastused: Nov 12 13:42:45 2008 lifetime: 0(s) validtime: 0(s) spid=169 seq=9 pid=24720 refcnt=12 192.168.8.0/24[any] 192.168.99.0/24[any] any fwd ipsec esp/tunnel/24.106.218.82-24.106.218.85/unique#16385 created: Nov 12 13:40:57 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=162 seq=8 pid=24720 refcnt=1 ::/0[any] ::/0[any] any in none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=139 seq=7 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=123 seq=6 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Nov 12 13:40:10 2008 lastused: Nov 12 13:40:57 2008 lifetime: 0(s) validtime: 0(s) spid=107 seq=5 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=91 seq=4 pid=24720 refcnt=1 ::/0[any] ::/0[any] any out none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=148 seq=3 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=132 seq=2 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Nov 12 13:40:10 2008 lastused: Nov 12 13:40:57 2008 lifetime: 0(s) validtime: 0(s) spid=116 seq=1 pid=24720 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Nov 12 13:40:10 2008 lastused: lifetime: 0(s) validtime: 0(s) spid=100 seq=0 pid=24720 refcnt=1 + _________________________ proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 24.106.218.85 000 interface eth1/eth1 192.168.99.1 000 %myid = (none) 000 debug none 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=13, name=(null), ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_ID9, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,648} attrs={0,2,432} 000 000 "sonicwall": 192.168.99.0/24===24.106.218.85---24.106.218.81...24.106.218.81---24.106.218.82===192.168.8.0/24; erouted; eroute owner: #2 000 "sonicwall": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 "sonicwall": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth0; 000 "sonicwall": newest ISAKMP SA: #1; newest IPsec SA: #2; 000 "sonicwall": IKE algorithm newest: 3DES_CBC_192-SHA-MODP1536 000 "sonicwall": ESP algorithms wanted: 3_000-2, flags=-strict 000 "sonicwall": ESP algorithms loaded: 3_000-2, flags=-strict 000 "sonicwall": ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup= 000 000 #2: "sonicwall" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27878s; newest IPSEC; eroute owner 000 #2: "sonicwall" esp.bdef0515@24.106.218.82 esp.b686a49a@24.106.218.85 tun.0@24.106.218.82 tun.0@24.106.218.85 000 #1: "sonicwall" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2482s; newest ISAKMP 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0C:76:02:C6:7F inet addr:24.106.218.85 Bcast:24.106.218.87 Mask:255.255.255.248 inet6 addr: fe80::20c:76ff:fe02:c67f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:235764 errors:0 dropped:0 overruns:0 frame:0 TX packets:116184 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29615307 (28.2 MiB) TX bytes:8548171 (8.1 MiB) Interrupt:177 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 00:04:5A:54:A9:C7 inet addr:192.168.99.1 Bcast:192.168.99.255 Mask:255.255.255.0 inet6 addr: fe80::204:5aff:fe54:a9c7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6227 errors:0 dropped:0 overruns:0 frame:0 TX packets:13049 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:636059 (621.1 KiB) TX bytes:15262775 (14.5 MiB) Interrupt:185 Base address:0x4000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13899 errors:0 dropped:0 overruns:0 frame:0 TX packets:13899 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1221250 (1.1 MiB) TX bytes:1221250 (1.1 MiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.2.0/K2.6.18-92.cc4 (native) Checking for IPsec support in kernel [OK] Checking for RSA private key (/etc/ipsec.secrets) [FAILED] ipsec showhostkey: no default key in "/etc/ipsec.secrets" Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Checking for 'setkey' command for native IPsec stack support [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward dns zone: gateway.clarkconnect.lan [MISSING] Does the machine have at least one non-private address? [OK] Looking for TXT in reverse dns zone: 85.218.106.24.in-addr.arpa. [MISSING] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:00:00, model 0 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:08:95, model 1 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn gateway.clarkconnect.lan + _________________________ hostname/ipaddress + hostname --ip-address 192.168.99.1 + _________________________ uptime + uptime 13:42:47 up 16 days, 23 min, 2 users, load average: 0.02, 0.06, 0.01 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 24700 4325 18 0 4256 1140 wait S+ tty2 0:00 \_ /bin/sh /usr/libexec/ipsec/barf 1 0 24141 1 25 0 2176 384 wait S tty2 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal no --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid 1 0 24142 24141 25 0 2176 648 wait S tty2 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal no --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid 4 0 24143 24142 15 0 2388 1184 - S tty2 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --uniqueids 0 0 24156 24143 25 0 1484 276 - S tty2 0:00 | \_ _pluto_adns 0 0 24157 24141 25 0 2184 1028 pipe_w S tty2 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 24159 1 18 0 1544 492 pipe_w S tty2 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults # no default route + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # The config file changed quite a bit from 1.x. # See http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/upgrading.html version 2.0 # Default policy #--------------- config setup nat_traversal=no interfaces="ipsec0=eth0" conn sonicwall type=tunnel left=24.106.218.82 leftnexthop=24.106.218.81 leftsubnet=192.168.8.0/24 right=24.106.218.85 rightid=24.106.218.85 rightnexthop=24.106.218.81 rightsubnet=192.168.99.0/24 authby=secret auto=add auth=esp keyexchange=ike esp=3des-sha1 ike=3des-sha1 xauth=no pfs=no keyingtries=1 # Tunnels defined in separate files #---------------------------------- #> /etc/ipsec.conf 38 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 #:cannot open configuration file \'/etc/ipsec.*.secrets\' #> /etc/ipsec.secrets 2 24.106.218.85 24.106.218.82 : PSK "[sums to 14a5...]" + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/lib/ipsec total 125 -rwxr-xr-x 1 root root 15403 Dec 10 2004 _confread -rwxr-xr-x 1 root root 45260 Dec 10 2004 _copyright -rwxr-xr-x 1 root root 2379 Dec 10 2004 _include -rwxr-xr-x 1 root root 1475 Dec 10 2004 _keycensor -rwxr-xr-x 1 root root 3586 Dec 10 2004 _plutoload -rwxr-xr-x 1 root root 7167 Dec 10 2004 _plutorun -rwxr-xr-x 1 root root 10493 Dec 10 2004 _realsetup -rwxr-xr-x 1 root root 1975 Dec 10 2004 _secretcensor -rwxr-xr-x 1 root root 9016 Dec 10 2004 _startklips -rwxr-xr-x 1 root root 12313 Dec 10 2004 _updown -rwxr-xr-x 1 root root 7572 Dec 10 2004 _updown_x509 -rwxr-xr-x 1 root root 1942 Dec 10 2004 ipsec_pr.template + _________________________ ipsec/ls-execdir + ls -l /usr/libexec/ipsec total 4999 -rwxr-xr-x 1 root root 67890 Dec 10 2004 _pluto_adns -rwxr-xr-x 1 root root 19220 Dec 10 2004 auto -rwxr-xr-x 1 root root 10248 Dec 10 2004 barf -rwxr-xr-x 1 root root 816 Dec 10 2004 calcgoo -rwxr-xr-x 1 root root 308475 Dec 10 2004 eroute -rwxr-xr-x 1 root root 180615 Dec 10 2004 klipsdebug -rwxr-xr-x 1 root root 2461 Dec 10 2004 look -rwxr-xr-x 1 root root 7124 Dec 10 2004 mailkey -rwxr-xr-x 1 root root 16188 Dec 10 2004 manual -rwxr-xr-x 1 root root 1874 Dec 10 2004 newhostkey -rwxr-xr-x 1 root root 162490 Dec 10 2004 pf_key -rwxr-xr-x 1 root root 2650315 Dec 10 2004 pluto -rwxr-xr-x 1 root root 49208 Dec 10 2004 ranbits -rwxr-xr-x 1 root root 79770 Dec 10 2004 rsasigkey -rwxr-xr-x 1 root root 766 Dec 10 2004 secrets -rwxr-xr-x 1 root root 17578 Dec 10 2004 send-pr lrwxrwxrwx 1 root root 22 Sep 18 13:54 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1048 Dec 10 2004 showdefaults -rwxr-xr-x 1 root root 4364 Dec 10 2004 showhostkey -rwxr-xr-x 1 root root 492713 Dec 10 2004 spi -rwxr-xr-x 1 root root 248367 Dec 10 2004 spigrp -rwxr-xr-x 1 root root 469546 Dec 10 2004 starter -rwxr-xr-x 1 root root 47750 Dec 10 2004 tncfg -rwxr-xr-x 1 root root 10195 Dec 10 2004 verify -rwxr-xr-x 1 root root 224507 Dec 10 2004 whack + _________________________ ipsec/updowns ++ ls /usr/libexec/ipsec ++ egrep updown + _________________________ proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 1225114 13947 0 0 0 0 0 0 1225114 13947 0 0 0 0 0 0 eth0:29619011 235788 0 0 0 0 0 0 8550203 116208 0 0 0 0 0 0 eth1: 636059 6227 0 0 0 0 0 0 15262775 13049 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 50DA6A18 00000000 0001 0 0 0 F8FFFFFF 0 0 0 eth1 0063A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 0008A8C0 51DA6A18 0003 0 0 0 00FFFFFF 0 0 0 eth0 00000000 51DA6A18 0003 0 0 0 00000000 0 0 0 + _________________________ proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 lo/rp_filter:0 + _________________________ uname-a + uname -a Linux gateway.clarkconnect.lan 2.6.18-92.cc4 #1 SMP Thu May 22 18:27:55 EDT 2008 i686 i686 i386 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ redhat-release + test -r /etc/redhat-release + cat /etc/redhat-release CentOS release 4.4 (Final) + _________________________ proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'native PFKEY (2.6.18-92.cc4) support detected ' native PFKEY (2.6.18-92.cc4) support detected + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- eth0 * 59.63.157.142 0.0.0.0/0 0 0 DROP all -- eth0 * 202.109.129.46 0.0.0.0/0 0 0 DROP all -- eth0 * 219.148.64.202 0.0.0.0/0 0 0 DROP all -- eth0 * 218.71.136.106 0.0.0.0/0 0 0 DROP all -- eth0 * 59.173.247.106 0.0.0.0/0 0 0 DROP all -- eth0 * 222.217.240.216 0.0.0.0/0 0 0 DROP all -- eth0 * 218.22.244.45 0.0.0.0/0 0 0 DROP all -- eth0 * 221.233.242.4 0.0.0.0/0 0 0 DROP all -- eth0 * 61.139.54.94 0.0.0.0/0 17 680 DROP all -- eth0 * 64.185.237.173 0.0.0.0/0 5 340 DROP all -- eth0 * 24.109.32.69 0.0.0.0/0 0 0 DROP all -- eth0 * 202.99.11.99 0.0.0.0/0 44 2968 DROP all -- eth0 * 24.106.163.75 0.0.0.0/0 125 5432 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW 0 0 DROP all -- eth0 * 127.0.0.0/8 0.0.0.0/0 0 0 DROP all -- eth0 * 169.254.0.0/16 0.0.0.0/0 12899 1044K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0 4582 1045K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 23019 668K ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 0 4 304 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 3 601 36643 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68 0 0 ACCEPT tcp -- * * 0.0.0.0/0 24.106.218.85 tcp dpt:20 8 432 ACCEPT tcp -- * * 0.0.0.0/0 24.106.218.85 tcp dpt:21 23 1592 ACCEPT tcp -- * * 0.0.0.0/0 24.106.218.85 tcp dpt:443 2797 259K ACCEPT tcp -- * * 0.0.0.0/0 24.106.218.85 tcp dpt:22 79 5757 ACCEPT tcp -- * * 0.0.0.0/0 24.106.218.85 tcp dpt:81 14 2024 ACCEPT udp -- * * 0.0.0.0/0 24.106.218.85 udp spt:500 dpt:500 142 27728 ACCEPT esp -- * * 0.0.0.0/0 24.106.218.85 0 0 ACCEPT ah -- * * 0.0.0.0/0 24.106.218.85 0 0 ACCEPT all -- * * 0.0.0.0/0 24.106.218.85 MARK match 0x64 142 20022 ACCEPT all -- * * 0.0.0.0/0 192.168.99.1 MARK match 0x64 727 126K ACCEPT udp -- eth0 * 0.0.0.0/0 24.106.218.85 udp dpts:1024:65535 state RELATED,ESTABLISHED 1321 788K ACCEPT tcp -- eth0 * 0.0.0.0/0 24.106.218.85 tcp dpts:1024:65535 state RELATED,ESTABLISHED 7787 805K DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- eth0 * 59.63.157.142 0.0.0.0/0 0 0 DROP all -- eth0 * 202.109.129.46 0.0.0.0/0 0 0 DROP all -- eth0 * 219.148.64.202 0.0.0.0/0 0 0 DROP all -- eth0 * 218.71.136.106 0.0.0.0/0 0 0 DROP all -- eth0 * 59.173.247.106 0.0.0.0/0 0 0 DROP all -- eth0 * 222.217.240.216 0.0.0.0/0 0 0 DROP all -- eth0 * 218.22.244.45 0.0.0.0/0 0 0 DROP all -- eth0 * 221.233.242.4 0.0.0.0/0 0 0 DROP all -- eth0 * 61.139.54.94 0.0.0.0/0 0 0 DROP all -- eth0 * 64.185.237.173 0.0.0.0/0 0 0 DROP all -- eth0 * 24.109.32.69 0.0.0.0/0 0 0 DROP all -- eth0 * 202.99.11.99 0.0.0.0/0 0 0 DROP all -- eth0 * 24.106.163.75 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x64 15218 15M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 63 5739 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 12899 1044K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0 4533 1140K ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 23622 704K ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67 0 0 ACCEPT tcp -- * eth0 24.106.218.85 0.0.0.0/0 tcp spt:20 8 320 ACCEPT tcp -- * eth0 24.106.218.85 0.0.0.0/0 tcp spt:21 32 2542 ACCEPT tcp -- * eth0 24.106.218.85 0.0.0.0/0 tcp spt:443 4155 510K ACCEPT tcp -- * eth0 24.106.218.85 0.0.0.0/0 tcp spt:22 86 27248 ACCEPT tcp -- * eth0 24.106.218.85 0.0.0.0/0 tcp spt:81 26 4036 ACCEPT udp -- * eth0 24.106.218.85 0.0.0.0/0 udp spt:500 dpt:500 133 27152 ACCEPT esp -- * eth0 24.106.218.85 0.0.0.0/0 0 0 ACCEPT ah -- * eth0 24.106.218.85 0.0.0.0/0 14024 1217K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain drop-lan (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 + _________________________ + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 9248 packets, 897K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2646 packets, 542K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT esp -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0 25913 909K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 28589 packets, 1452K bytes) pkts bytes target prot opt in out source destination + _________________________ + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 72702 packets, 20M bytes) pkts bytes target prot opt in out source destination 142 27728 MARK esp -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x64 142 20022 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0 39307 17M CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore Chain INPUT (policy ACCEPT 57561 packets, 5294K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 15283 packets, 15M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 62085 packets, 5372K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 81259 packets, 21M bytes) pkts bytes target prot opt in out source destination + _________________________ proc/modules + test -f /proc/modules + cat /proc/modules mptctl 32132 0 - Live 0xe3bdc000 (U) mptbase 76708 1 mptctl, Live 0xe3be9000 (U) xfrm4_mode_tunnel 6912 2 - Live 0xe3bba000 (U) chainiv 8832 2 - Live 0xe3bc7000 (U) authenc 10624 2 - Live 0xe3bc3000 (U) des 19712 2 - Live 0xe3bcb000 (U) cbc 8448 2 - Live 0xe3bb6000 (U) crypto_blkcipher 17792 3 chainiv,authenc,cbc, Live 0xe3bbd000 (U) hmac 8704 2 - Live 0xe3bb2000 (U) crypto_hash 6400 1 hmac, Live 0xe3ba7000 (U) cryptomgr 7808 0 - Live 0xe3ba4000 (U) ipv6 263456 24 - Live 0xe3bff000 (U) deflate 8064 0 - Live 0xe3b65000 (U) zlib_deflate 22808 1 deflate, Live 0xe3bab000 (U) ipcomp 11912 0 - Live 0xe3b87000 (U) esp4 12544 2 - Live 0xe3b9f000 (U) xfrm4_esp 9984 1 esp4, Live 0xe3b8b000 (U) aead 12032 2 authenc,esp4, Live 0xe3b96000 (U) crypto_algapi 21376 7 chainiv,authenc,cbc,crypto_blkcipher,hmac,cryptomgr,aead, Live 0xe3b8f000 (U) ah4 10368 0 - Live 0xe3b77000 (U) xfrm_nalgo 13700 4 ipv6,esp4,xfrm4_esp,ah4, Live 0xe3b6e000 (U) crypto_api 12160 7 authenc,crypto_blkcipher,esp4,aead,crypto_algapi,ah4,xfrm_nalgo, Live 0xe3b73000 (U) af_key 41616 0 - Live 0xe3b7b000 (U) xt_CONNMARK 6528 1 - Live 0xe3b6b000 (U) xt_mark 6016 4 - Live 0xe3b68000 (U) xt_tcpudp 7424 20 - Live 0xe3b58000 (U) xt_state 6272 6 - Live 0xe3b5b000 (U) sch_htb 20480 2 - Live 0xe3b5f000 (U) xt_MARK 6528 1 - Live 0xe3b55000 (U) ip_nat_pptp 10116 0 - Live 0xe3b51000 (U) ipt_ipp2p 11008 0 - Live 0xe3b2d000 (U) ip_nat_mms 6784 0 - Live 0xe3b49000 (U) ip_conntrack_mms 75440 1 ip_nat_mms, Live 0xe3b35000 (U) ip_nat_irc 6784 0 - Live 0xe3b21000 (U) ip_nat_ftp 7424 0 - Live 0xe018b000 (U) ipt_MASQUERADE 8448 1 - Live 0xe3b31000 (U) ip_conntrack_pptp 15760 1 ip_nat_pptp, Live 0xe3b0d000 (U) arc4 6144 0 - Live 0xe3b1e000 (U) ppp_mppe 10500 0 - Live 0xe3b1a000 (U) ppp_generic 30740 1 ppp_mppe, Live 0xe3b24000 (U) slhc 10624 1 ppp_generic, Live 0xe3b16000 (U) ip_conntrack_irc 10864 1 ip_nat_irc, Live 0xe3b12000 (U) ip_conntrack_ftp 12016 1 ip_nat_ftp, Live 0xe39eb000 (U) ipt_REJECT 9600 1 - Live 0xe39ef000 (U) ipt_LOG 10112 0 - Live 0xe3b09000 (U) iptable_nat 11652 1 - Live 0xe3b05000 (U) ip_nat 21932 6 ip_nat_pptp,ip_nat_mms,ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,iptable_nat, Live 0xe3ae5000 (U) ip_conntrack 53984 13 xt_CONNMARK,xt_state,ip_nat_pptp,ip_nat_mms,ip_conntrack_mms,ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,ip_conntrack_pptp,ip_conntrack_irc,ip_conntrack_ftp,iptable_nat,ip_nat, Live 0xe3af6000 (U) nfnetlink 10904 2 ip_nat,ip_conntrack, Live 0xe01bc000 (U) iptable_mangle 6912 1 - Live 0xe0184000 (U) iptable_filter 7040 1 - Live 0xe007d000 (U) ip_tables 17492 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xe3adf000 (U) x_tables 17796 11 xt_CONNMARK,xt_mark,xt_tcpudp,xt_state,xt_MARK,ipt_ipp2p,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables, Live 0xe39fa000 (U) firewire_ohci 22660 0 - Live 0xe39f3000 (U) firewire_core 44608 1 firewire_ohci, Live 0xe3ad3000 (U) dm_mod 65308 0 - Live 0xe3a81000 (U) sbs 18980 0 - Live 0xe01fa000 (U) i2c_ec 9216 1 sbs, Live 0xe01f6000 (U) button 10896 0 - Live 0xe01b4000 (U) battery 13828 0 - Live 0xe39e6000 (U) asus_acpi 19480 0 - Live 0xe39e0000 (U) ac 9348 0 - Live 0xe01b8000 (U) uhci_hcd 26252 0 - Live 0xe01ee000 (U) ehci_hcd 34700 0 - Live 0xe01e4000 (U) intelfb 34860 1 - Live 0xe01c0000 (U) i2c_i801 11660 0 - Live 0xe0187000 (U) i2c_core 24064 2 i2c_ec,i2c_i801, Live 0xe01ad000 (U) snd_intel8x0 35996 0 - Live 0xe018e000 (U) snd_ac97_codec 93216 1 snd_intel8x0, Live 0xe01cc000 (U) ac97_bus 6400 1 snd_ac97_codec, Live 0xe0101000 (U) snd_pcm_oss 45440 0 - Live 0xe0120000 (U) snd_mixer_oss 19584 1 snd_pcm_oss, Live 0xe0036000 (U) snd_pcm 75012 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss, Live 0xe0199000 (U) snd_timer 26116 1 snd_pcm, Live 0xe010a000 (U) snd 53380 6 snd_intel8x0,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer, Live 0xe0173000 (U) soundcore 11744 1 snd, Live 0xe0019000 (U) snd_page_alloc 14600 2 snd_intel8x0,snd_pcm, Live 0xe0078000 (U) tulip 51104 0 - Live 0xe0112000 (U) 8139too 29440 0 - Live 0xe003c000 (U) mii 9472 1 8139too, Live 0xe001d000 (U) ext3 126472 2 - Live 0xe0153000 (U) jbd 58152 1 ext3, Live 0xe0068000 (U) ata_piix 22660 0 - Live 0xe002a000 (U) libata 148156 1 ata_piix, Live 0xe012d000 (U) sd_mod 25600 0 - Live 0xe0022000 (U) scsi_mod 138380 3 mptctl,libata,sd_mod, Live 0xe0045000 (U) + _________________________ proc/meminfo + cat /proc/meminfo MemTotal: 507288 kB MemFree: 102720 kB Buffers: 74460 kB Cached: 179544 kB SwapCached: 0 kB Active: 291964 kB Inactive: 53760 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 507288 kB LowFree: 102720 kB SwapTotal: 522104 kB SwapFree: 522104 kB Dirty: 304 kB Writeback: 0 kB AnonPages: 91744 kB Mapped: 21868 kB Slab: 53228 kB PageTables: 1140 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 775748 kB Committed_AS: 301952 kB VmallocTotal: 516088 kB VmallocUsed: 61576 kB VmallocChunk: 454388 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 Hugepagesize: 4096 kB + _________________________ proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.18-92.cc4/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;local6.none;local0.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log local6.* /var/log/system local0.* /var/log/suva + _________________________ etc/resolv.conf + cat /etc/resolv.conf nameserver 127.0.0.1 nameserver 24.25.5.60 nameserver 24.25.5.61 nameserver 66.0.214.14 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 1 drwxr-xr-x 6 root root 1024 Sep 18 13:55 2.6.18-92.cc4 + _________________________ proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c05c1220 T __netif_rx_schedule c05c190b T netif_rx c05c1a3e T netif_rx_ni c05c190b U netif_rx [ipv6] c05c190b U netif_rx [xfrm4_esp] c05c190b U netif_rx [ppp_generic] c05c190b U netif_rx [tulip] c05c1220 U __netif_rx_schedule [8139too] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.18-92.cc4: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '820,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Nov 12 13:40:10 gateway ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.18-92.cc4... Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: 003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1", modp="" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not add conn "sonicwall" Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "block": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "clear-or-private": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "clear": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "private-or-clear": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: ipsec_auto: fatal error in "private": %defaultroute requested but not known Nov 12 13:40:10 gateway ipsec__plutorun: 003 no secrets filename matched "/etc/ipsec.*.secrets" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "packetdefault" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "packetdefault" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "block" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "block" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "clear-or-private" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "clear-or-private" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "clear" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "clear" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "private-or-clear" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "private-or-clear" Nov 12 13:40:10 gateway ipsec__plutorun: 021 no connection named "private" Nov 12 13:40:10 gateway ipsec__plutorun: ...could not route conn "private" + _________________________ plog + sed -n '269,$p' /var/log/secure + egrep -i pluto + case "$1" in + cat Nov 12 13:40:09 gateway ipsec__plutorun: Starting Pluto subsystem... Nov 12 13:40:09 gateway pluto[24143]: Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR) Nov 12 13:40:09 gateway pluto[24143]: including NAT-Traversal patch (Version 0.6c) [disabled] Nov 12 13:40:09 gateway pluto[24143]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Nov 12 13:40:09 gateway pluto[24143]: Using Linux 2.6 IPsec interface code Nov 12 13:40:10 gateway pluto[24143]: Changing to directory '/etc/ipsec.d/cacerts' Nov 12 13:40:10 gateway pluto[24143]: Could not change to directory '/etc/ipsec.d/aacerts' Nov 12 13:40:10 gateway pluto[24143]: Changing to directory '/etc/ipsec.d/ocspcerts' Nov 12 13:40:10 gateway pluto[24143]: Changing to directory '/etc/ipsec.d/crls' Nov 12 13:40:10 gateway pluto[24143]: Warning: empty directory Nov 12 13:40:10 gateway pluto[24143]: ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1", modp="" Nov 12 13:40:10 gateway pluto[24143]: added connection description "sonicwall" Nov 12 13:40:10 gateway pluto[24143]: listening for IKE messages Nov 12 13:40:10 gateway pluto[24143]: adding interface eth1/eth1 192.168.99.1 Nov 12 13:40:10 gateway pluto[24143]: adding interface eth0/eth0 24.106.218.85 Nov 12 13:40:10 gateway pluto[24143]: adding interface lo/lo 127.0.0.1 Nov 12 13:40:10 gateway pluto[24143]: adding interface lo/lo ::1 Nov 12 13:40:10 gateway pluto[24143]: loading secrets from "/etc/ipsec.secrets" Nov 12 13:40:10 gateway pluto[24143]: no secrets filename matched "/etc/ipsec.*.secrets" Nov 12 13:40:23 gateway pluto[24143]: attempt to redefine connection "sonicwall" Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: initiating Main Mode Nov 12 13:40:57 gateway pluto[24143]: | no IKE algorithms for this connection Nov 12 13:40:57 gateway pluto[24143]: | no IKE algorithms for this connection Nov 12 13:40:57 gateway pluto[24143]: | no ISAKMP SA algo proposal to send -using default 3DES-MD5/SHA1 Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: ignoring Vendor ID payload [5b362bc820f60006] Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: ignoring Vendor ID payload [404bf439522ca3f6] Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: ignoring Vendor ID payload [XAUTH] Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: I did not send a certificate because I do not have one. Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: Peer ID is ID_IPV4_ADDR: '24.106.218.82' Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #1: ISAKMP SA established Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1} Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Nov 12 13:40:57 gateway pluto[24143]: "sonicwall" #2: sent QI2, IPsec SA established {ESP=>0xbdef0515 <0xb686a49a} + _________________________ date + date Wed Nov 12 13:42:47 EST 2008