<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Peter McGill wrote:
<blockquote cite="mid:4979E530.1060303@goco.net" type="cite">Chris,
<br>
<br>
It appears that you still have opportunistic encryption on.
<br>
> + ipsec verify
<br>
> Opportunistic Encryption DNS checks:
<br>
> Looking for TXT in forward dns zone: localhost.localdomain
[MISSING]
<br>
> Does the machine have at least one non-private address?
[FAILED]
<br>
<br>
I don't see anywhere that you've turned opportunistic encryption off.
<br>
ipsec.conf:
<br>
config setup
<br>
oe=off # Openswan 2.6.x only
<br>
<br>
or
<br>
<br>
include /etc/ipsec.d/examples/no_oe.conf
<br>
</blockquote>
Apparently that wasn't enough. We must have something else wrong as
well.<br>
<br>
Here's the latest barf:<br>
<br>
localhost.localdomain<br>
Mon Jan 26 09:41:08 EST 2009<br>
+ _________________________ version<br>
+ ipsec --version<br>
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)<br>
See `ipsec --copyright' for copyright information.<br>
+ _________________________ /proc/version<br>
+ cat /proc/version<br>
Linux version 2.6.27.5-41.fc9.i686 (mockbuild@) (gcc version 4.3.0
20080428 (Red Hat 4.3.0-8) (GCC) ) #1 SMP Thu Nov 13 20:52:14 EST 2008<br>
+ _________________________ /proc/net/ipsec_eroute<br>
+ test -r /proc/net/ipsec_eroute<br>
+ _________________________ netstat-rn<br>
+ netstat -nr<br>
+ head -n 100<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags MSS Window
irtt Iface<br>
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0<br>
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0
0 eth0<br>
+ _________________________ /proc/net/ipsec_spi<br>
+ test -r /proc/net/ipsec_spi<br>
+ _________________________ /proc/net/ipsec_spigrp<br>
+ test -r /proc/net/ipsec_spigrp<br>
+ _________________________ /proc/net/ipsec_tncfg<br>
+ test -r /proc/net/ipsec_tncfg<br>
+ _________________________ /proc/net/pfkey<br>
+ test -r /proc/net/pfkey<br>
+ cat /proc/net/pfkey<br>
sk RefCnt Rmem Wmem User Inode<br>
+ _________________________ ip-xfrm-state<br>
+ ip xfrm state<br>
+ _________________________ ip-xfrm-policy<br>
+ ip xfrm policy<br>
+ _________________________ /proc/crypto<br>
+ test -r /proc/crypto<br>
+ cat /proc/crypto<br>
name : deflate<br>
driver : deflate-generic<br>
module : deflate<br>
priority : 0<br>
refcnt : 1<br>
type : compression<br>
<br>
name : rfc3686(ctr(aes))<br>
driver : rfc3686(ctr(aes-asm))<br>
module : ctr<br>
priority : 200<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 1<br>
min keysize : 20<br>
max keysize : 36<br>
ivsize : 8<br>
geniv : seqiv<br>
<br>
name : ctr(aes)<br>
driver : ctr(aes-asm)<br>
module : ctr<br>
priority : 200<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 1<br>
min keysize : 16<br>
max keysize : 32<br>
ivsize : 16<br>
geniv : <default><br>
<br>
name : cbc(twofish)<br>
driver : cbc(twofish-generic)<br>
module : cbc<br>
priority : 100<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
ivsize : 16<br>
geniv : <default><br>
<br>
name : cbc(camellia)<br>
driver : cbc(camellia-generic)<br>
module : cbc<br>
priority : 100<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
ivsize : 16<br>
geniv : <default><br>
<br>
name : camellia<br>
driver : camellia-generic<br>
module : camellia<br>
priority : 100<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
<br>
name : cbc(serpent)<br>
driver : cbc(serpent-generic)<br>
module : cbc<br>
priority : 0<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 16<br>
min keysize : 0<br>
max keysize : 32<br>
ivsize : 16<br>
geniv : <default><br>
<br>
name : cbc(aes)<br>
driver : cbc(aes-asm)<br>
module : cbc<br>
priority : 200<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
ivsize : 16<br>
geniv : <default><br>
<br>
name : cbc(blowfish)<br>
driver : cbc(blowfish-generic)<br>
module : cbc<br>
priority : 0<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 8<br>
min keysize : 4<br>
max keysize : 56<br>
ivsize : 8<br>
geniv : <default><br>
<br>
name : cbc(des3_ede)<br>
driver : cbc(des3_ede-generic)<br>
module : cbc<br>
priority : 0<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 8<br>
min keysize : 24<br>
max keysize : 24<br>
ivsize : 8<br>
geniv : <default><br>
<br>
name : cbc(des)<br>
driver : cbc(des-generic)<br>
module : cbc<br>
priority : 0<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 8<br>
min keysize : 8<br>
max keysize : 8<br>
ivsize : 8<br>
geniv : <default><br>
<br>
name : xcbc(aes)<br>
driver : xcbc(aes-asm)<br>
module : xcbc<br>
priority : 200<br>
refcnt : 1<br>
type : hash<br>
blocksize : 16<br>
digestsize : 16<br>
<br>
name : hmac(rmd160)<br>
driver : hmac(rmd160)<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : hash<br>
blocksize : 64<br>
digestsize : 20<br>
<br>
name : rmd160<br>
driver : rmd160<br>
module : rmd160<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 64<br>
digestsize : 20<br>
<br>
name : hmac(sha256)<br>
driver : hmac(sha256-generic)<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : hash<br>
blocksize : 64<br>
digestsize : 32<br>
<br>
name : hmac(sha1)<br>
driver : hmac(sha1-generic)<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : hash<br>
blocksize : 64<br>
digestsize : 20<br>
<br>
name : hmac(md5)<br>
driver : hmac(md5-generic)<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : hash<br>
blocksize : 64<br>
digestsize : 16<br>
<br>
name : compress_null<br>
driver : compress_null-generic<br>
module : crypto_null<br>
priority : 0<br>
refcnt : 1<br>
type : compression<br>
<br>
name : digest_null<br>
driver : digest_null-generic<br>
module : crypto_null<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 1<br>
digestsize : 0<br>
<br>
name : ecb(cipher_null)<br>
driver : ecb-cipher_null<br>
module : crypto_null<br>
priority : 100<br>
refcnt : 1<br>
type : blkcipher<br>
blocksize : 1<br>
min keysize : 0<br>
max keysize : 0<br>
ivsize : 0<br>
geniv : <default><br>
<br>
name : cipher_null<br>
driver : cipher_null-generic<br>
module : crypto_null<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 1<br>
min keysize : 0<br>
max keysize : 0<br>
<br>
name : tnepres<br>
driver : tnepres-generic<br>
module : serpent<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 0<br>
max keysize : 32<br>
<br>
name : serpent<br>
driver : serpent-generic<br>
module : serpent<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 0<br>
max keysize : 32<br>
<br>
name : blowfish<br>
driver : blowfish-generic<br>
module : blowfish<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 8<br>
min keysize : 4<br>
max keysize : 56<br>
<br>
name : twofish<br>
driver : twofish-generic<br>
module : twofish<br>
priority : 100<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
<br>
name : sha256<br>
driver : sha256-generic<br>
module : sha256_generic<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 64<br>
digestsize : 32<br>
<br>
name : sha224<br>
driver : sha224-generic<br>
module : sha256_generic<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 64<br>
digestsize : 28<br>
<br>
name : sha512<br>
driver : sha512-generic<br>
module : sha512_generic<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 128<br>
digestsize : 64<br>
<br>
name : sha384<br>
driver : sha384-generic<br>
module : sha512_generic<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 128<br>
digestsize : 48<br>
<br>
name : des3_ede<br>
driver : des3_ede-generic<br>
module : des_generic<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 8<br>
min keysize : 24<br>
max keysize : 24<br>
<br>
name : des<br>
driver : des-generic<br>
module : des_generic<br>
priority : 0<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 8<br>
min keysize : 8<br>
max keysize : 8<br>
<br>
name : aes<br>
driver : aes-asm<br>
module : aes_i586<br>
priority : 200<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
<br>
name : aes<br>
driver : aes-generic<br>
module : aes_generic<br>
priority : 100<br>
refcnt : 1<br>
type : cipher<br>
blocksize : 16<br>
min keysize : 16<br>
max keysize : 32<br>
<br>
name : sha1<br>
driver : sha1-generic<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 64<br>
digestsize : 20<br>
<br>
name : md5<br>
driver : md5-generic<br>
module : kernel<br>
priority : 0<br>
refcnt : 1<br>
type : digest<br>
blocksize : 64<br>
digestsize : 16<br>
<br>
+ __________________________/proc/sys/net/core/xfrm-star<br>
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory<br>
+ for i in '/proc/sys/net/core/xfrm_*'<br>
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '<br>
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires<br>
30<br>
+ for i in '/proc/sys/net/core/xfrm_*'<br>
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '<br>
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime<br>
10<br>
+ for i in '/proc/sys/net/core/xfrm_*'<br>
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '<br>
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth<br>
2<br>
+ for i in '/proc/sys/net/core/xfrm_*'<br>
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '<br>
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop<br>
0<br>
+ _________________________ /proc/sys/net/ipsec-star<br>
+ test -d /proc/sys/net/ipsec<br>
+ _________________________ ipsec/status<br>
+ ipsec auto --status<br>
000 using kernel interface: netkey<br>
000 %myid = (none)<br>
000 debug none<br>
000 <br>
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64<br>
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
keysizemin=192, keysizemax=192<br>
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448<br>
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0<br>
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128<br>
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160<br>
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256<br>
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160<br>
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128<br>
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
keysizemax=0<br>
000 <br>
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16,
keydeflen=131<br>
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128<br>
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192<br>
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128<br>
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128<br>
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<br>
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<br>
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32<br>
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64<br>
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024<br>
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536<br>
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048<br>
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072<br>
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096<br>
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144<br>
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192<br>
000 <br>
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0} <br>
000 <br>
000 "vo":
192.168.10.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0<br>
000 "vo": myip=unset; hisip=192.168.200.56;<br>
000 "vo": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0<br>
000 "vo": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD; prio:
24,32; interface: ; <br>
000 "vo": newest ISAKMP SA: #0; newest IPsec SA: #0; <br>
000 "vo": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5),
AES_CBC(7)_256-SHA1(2)-MODP1024(2); flags=-strict<br>
000 "vo": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2, <br>
000 "vo": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict<br>
000 "vo": ESP algorithms loaded: AES(12)_256-SHA1(2)_160<br>
000 "vodmz":
192.168.8.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0<br>
000 "vodmz": myip=unset; hisip=192.168.200.56;<br>
000 "vodmz": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0<br>
000 "vodmz": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD;
prio: 24,32; interface: ; <br>
000 "vodmz": newest ISAKMP SA: #0; newest IPsec SA: #0; <br>
000 "vodmz": IKE algorithms wanted:
AES_CBC(7)_256-SHA1(2)-MODP1536(5), AES_CBC(7)_256-SHA1(2)-MODP1024(2);
flags=-strict<br>
000 "vodmz": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2, <br>
000 "vodmz": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict<br>
000 "vodmz": ESP algorithms loaded: AES(12)_256-SHA1(2)_160<br>
000 <br>
000 <br>
+ _________________________ ifconfig-a<br>
+ ifconfig -a<br>
eth0 Link encap:Ethernet HWaddr 00:1A:A0:49:D6:F0 <br>
inet addr:192.168.15.3 Bcast:192.168.15.255
Mask:255.255.255.0<br>
inet6 addr: fe80::21a:a0ff:fe49:d6f0/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:437205 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:382402 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000 <br>
RX bytes:392714376 (374.5 MiB) TX bytes:73748413 (70.3 MiB)<br>
Interrupt:16 <br>
<br>
lo Link encap:Local Loopback <br>
inet addr:127.0.0.1 Mask:255.0.0.0<br>
inet6 addr: ::1/128 Scope:Host<br>
UP LOOPBACK RUNNING MTU:16436 Metric:1<br>
RX packets:8706 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:8706 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0 <br>
RX bytes:452185 (441.5 KiB) TX bytes:452185 (441.5 KiB)<br>
<br>
pan0 Link encap:Ethernet HWaddr 42:44:14:66:91:88 <br>
BROADCAST MULTICAST MTU:1500 Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0 <br>
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br>
<br>
+ _________________________ ip-addr-list<br>
+ ip addr list<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state
UNKNOWN <br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP qlen 1000<br>
link/ether 00:1a:a0:49:d6:f0 brd ff:ff:ff:ff:ff:ff<br>
inet 192.168.15.3/24 brd 192.168.15.255 scope global eth0<br>
inet6 fe80::21a:a0ff:fe49:d6f0/64 scope link <br>
valid_lft forever preferred_lft forever<br>
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN <br>
link/ether 42:44:14:66:91:88 brd ff:ff:ff:ff:ff:ff<br>
+ _________________________ ip-route-list<br>
+ ip route list<br>
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.3 <br>
default via 192.168.15.1 dev eth0 proto static <br>
+ _________________________ ip-rule-list<br>
+ ip rule list<br>
0: from all lookup local <br>
32766: from all lookup main <br>
32767: from all lookup default <br>
+ _________________________ ipsec_verify<br>
+ ipsec verify --nocolour<br>
Checking your system to see if IPsec got installed and started
correctly:<br>
Version check and ipsec on-path [OK]<br>
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)<br>
Checking for IPsec support in kernel [OK]<br>
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]<br>
<br>
Please disable /proc/sys/net/ipv4/conf/*/send_redirects<br>
or NETKEY will cause the sending of bogus ICMP redirects!<br>
<br>
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]<br>
<br>
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects<br>
or NETKEY will accept bogus ICMP redirects!<br>
<br>
Checking for RSA private key (/etc/ipsec.secrets) [OK]<br>
Checking that pluto is running [OK]<br>
Pluto not listening on port udp 500. Check interfaces defintion in
ipsec.conf.Two or more interfaces found, checking IP forwarding
[FAILED]<br>
Checking for 'ip' command [OK]<br>
Checking for 'iptables' command [OK]<br>
Opportunistic Encryption Support
[DISABLED]<br>
+ _________________________ mii-tool<br>
+ '[' -x /sbin/mii-tool ']'<br>
+ /sbin/mii-tool -v<br>
eth0: negotiated 100baseTx-FD, link ok<br>
product info: vendor 00:50:ef, model 14 rev 0<br>
basic mode: autonegotiation enabled<br>
basic status: autonegotiation complete, link ok<br>
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD<br>
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
flow-control<br>
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD<br>
+ _________________________ ipsec/directory<br>
+ ipsec --directory<br>
/usr/libexec/ipsec<br>
+ _________________________ hostname/fqdn<br>
+ hostname --fqdn<br>
localhost.localdomain<br>
+ _________________________ hostname/ipaddress<br>
+ hostname --ip-address<br>
127.0.0.1<br>
+ _________________________ uptime<br>
+ uptime<br>
09:41:09 up 5 days, 41 min, 11 users, load average: 0.51, 0.43, 0.22<br>
+ _________________________ ps<br>
+ ps alxwf<br>
+ egrep -i 'ppid|pluto|ipsec|klips'<br>
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME
COMMAND<br>
4 0 22375 20683 20 0 5668 1136 wait S+ pts/10
0:00 \_ /bin/sh /usr/libexec/ipsec/barf<br>
0 0 22455 22375 20 0 2044 504 pipe_w S+ pts/10
0:00 \_ egrep -i ppid|pluto|ipsec|klips<br>
1 0 22265 1 20 0 2668 416 wait S pts/10 0:00
/bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid<br>
1 0 22266 22265 20 0 2668 548 wait S pts/10 0:00
\_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid<br>
4 0 22267 22266 20 0 3260 1152 select S pts/10 0:00
| \_ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --use-netkey --nat_traversal<br>
1 0 22268 22267 30 10 3268 580 unix_s SN pts/10 0:00
| \_ pluto helper #
0
<br>
0 0 22308 22267 20 0 1756 296 select S pts/10 0:00
| \_ _pluto_adns<br>
0 0 22270 22265 20 0 2668 968 pipe_w S pts/10 0:00
\_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post <br>
0 0 22269 1 20 0 1808 504 pipe_w S pts/10 0:00
logger -s -p daemon.error -t ipsec__plutorun<br>
+ _________________________ ipsec/showdefaults<br>
+ ipsec showdefaults<br>
ipsec showdefaults: cannot find defaults file
`/var/run/pluto/ipsec.info'<br>
+ _________________________ ipsec/conf<br>
+ ipsec _keycensor<br>
+ ipsec _include /etc/ipsec.conf<br>
<br>
#< /etc/ipsec.conf 1<br>
# /etc/ipsec.conf - Openswan IPsec configuration file<br>
#<br>
# Manual: ipsec.conf.5<br>
#<br>
# Please place your own config files in /etc/ipsec.d/ ending in .conf<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
<br>
# basic configuration<br>
config setup<br>
# Debug-logging controls: "none" for (almost) none, "all" for lots.<br>
# klipsdebug=none<br>
# plutodebug="control parsing"<br>
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
protostack=netkey<br>
nat_traversal=yes<br>
<br>
<br>
#< /etc/ipsec.d/ipsec.conf 1<br>
conn vo<br>
also=vocommon<br>
rightsubnet=192.168.10.0/24<br>
auto=start<br>
<br>
conn vodmz<br>
also=vocommon<br>
rightsubnet=192.168.8.0/24<br>
auto=start<br>
<br>
conn vocommon<br>
type=tunnel<br>
left=%defaultroute<br>
leftid=@jingluo<br>
leftsourceip=192.168.200.56<br>
leftsubnet=192.168.200.56/32<br>
rightid=@vo<br>
right=67.220.126.196<br>
keyingtries=0<br>
pfs=yes<br>
authby=secret<br>
auth=esp<br>
ike=aes256-sha1<br>
esp=aes256-sha1<br>
keyexchange=ike<br>
<br>
conn block <br>
auto=ignore<br>
<br>
conn private <br>
auto=ignore<br>
<br>
conn private-or-clear <br>
auto=ignore<br>
<br>
conn clear-or-private <br>
auto=ignore<br>
<br>
conn clear <br>
auto=ignore<br>
<br>
conn packetdefault <br>
auto=ignore<br>
<br>
#> /etc/ipsec.conf 19<br>
+ _________________________ ipsec/secrets<br>
+ ipsec _include /etc/ipsec.secrets<br>
+ ipsec _secretcensor<br>
<br>
#< /etc/ipsec.secrets 1<br>
<br>
#< /etc/ipsec.d/ipsec.secrets 1<br>
@jingluo @vo : PSK "[sums to 3db3...]"<br>
<br>
#> /etc/ipsec.secrets 2<br>
+ _________________________ ipsec/listall<br>
+ ipsec auto --listall<br>
000 <br>
000 List of Public Keys:<br>
000 <br>
000 List of Pre-shared secrets (from /etc/ipsec.secrets)<br>
+ '[' /etc/ipsec.d/policies ']'<br>
+ for policy in '$POLICIES/*'<br>
++ basename /etc/ipsec.d/policies/block<br>
+ base=block<br>
+ _________________________ ipsec/policies/block<br>
+ cat /etc/ipsec.d/policies/block<br>
# This file defines the set of CIDRs (network/mask-length) to which<br>
# communication should never be allowed.<br>
#<br>
# See /usr/share/doc/openswan/policygroups.html for details.<br>
#<br>
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $<br>
#<br>
<br>
+ for policy in '$POLICIES/*'<br>
++ basename /etc/ipsec.d/policies/clear<br>
+ base=clear<br>
+ _________________________ ipsec/policies/clear<br>
+ cat /etc/ipsec.d/policies/clear<br>
# This file defines the set of CIDRs (network/mask-length) to which<br>
# communication should always be in the clear.<br>
#<br>
# See /usr/share/doc/openswan/policygroups.html for details.<br>
#<br>
<br>
# root name servers should be in the clear<br>
192.58.128.30/32<br>
198.41.0.4/32<br>
192.228.79.201/32<br>
192.33.4.12/32<br>
128.8.10.90/32<br>
192.203.230.10/32<br>
192.5.5.241/32<br>
192.112.36.4/32<br>
128.63.2.53/32<br>
192.36.148.17/32<br>
193.0.14.129/32<br>
199.7.83.42/32<br>
202.12.27.33/32<br>
+ for policy in '$POLICIES/*'<br>
++ basename /etc/ipsec.d/policies/clear-or-private<br>
+ base=clear-or-private<br>
+ _________________________ ipsec/policies/clear-or-private<br>
+ cat /etc/ipsec.d/policies/clear-or-private<br>
# This file defines the set of CIDRs (network/mask-length) to which<br>
# we will communicate in the clear, or, if the other side initiates
IPSEC,<br>
# using encryption. This behaviour is also called "Opportunistic
Responder".<br>
#<br>
# See /usr/share/doc/openswan/policygroups.html for details.<br>
#<br>
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $<br>
#<br>
+ for policy in '$POLICIES/*'<br>
++ basename /etc/ipsec.d/policies/private<br>
+ base=private<br>
+ _________________________ ipsec/policies/private<br>
+ cat /etc/ipsec.d/policies/private<br>
# This file defines the set of CIDRs (network/mask-length) to which<br>
# communication should always be private (i.e. encrypted).<br>
# See /usr/share/doc/openswan/policygroups.html for details.<br>
#<br>
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $<br>
#<br>
+ for policy in '$POLICIES/*'<br>
++ basename /etc/ipsec.d/policies/private-or-clear<br>
+ base=private-or-clear<br>
+ _________________________ ipsec/policies/private-or-clear<br>
+ cat /etc/ipsec.d/policies/private-or-clear<br>
# This file defines the set of CIDRs (network/mask-length) to which<br>
# communication should be private, if possible, but in the clear
otherwise.<br>
#<br>
# If the target has a TXT (later IPSECKEY) record that specifies<br>
# authentication material, we will require private (i.e. encrypted)<br>
# communications. If no such record is found, communications will be<br>
# in the clear.<br>
#<br>
# See /usr/share/doc/openswan/policygroups.html for details.<br>
#<br>
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $<br>
#<br>
<br>
0.0.0.0/0<br>
+ _________________________ ipsec/ls-libdir<br>
+ ls -l /usr/libexec/ipsec<br>
total 2256<br>
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright<br>
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include<br>
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor<br>
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns<br>
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload<br>
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun<br>
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup<br>
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor<br>
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips<br>
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old<br>
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey<br>
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown<br>
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips<br>
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old<br>
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast<br>
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old<br>
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey<br>
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn<br>
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto<br>
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf<br>
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute<br>
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping<br>
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug<br>
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest<br>
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look<br>
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey<br>
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key<br>
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto<br>
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits<br>
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey<br>
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets<br>
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec<br>
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults<br>
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey<br>
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy<br>
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi<br>
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp<br>
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg<br>
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify<br>
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack<br>
+ _________________________ ipsec/ls-execdir<br>
+ ls -l /usr/libexec/ipsec<br>
total 2256<br>
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright<br>
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include<br>
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor<br>
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns<br>
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload<br>
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun<br>
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup<br>
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor<br>
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips<br>
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old<br>
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey<br>
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown<br>
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips<br>
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old<br>
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast<br>
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old<br>
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey<br>
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn<br>
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto<br>
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf<br>
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute<br>
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping<br>
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug<br>
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest<br>
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look<br>
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey<br>
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key<br>
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto<br>
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits<br>
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey<br>
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets<br>
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec<br>
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults<br>
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey<br>
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy<br>
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi<br>
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp<br>
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg<br>
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify<br>
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack<br>
+ _________________________ /proc/net/dev<br>
+ cat /proc/net/dev<br>
Inter-| Receive |
Transmit<br>
face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed<br>
lo: 452185 8706 0 0 0 0 0 0
452185 8706 0 0 0 0 0 0<br>
eth0:392714376 437205 0 0 0 0 0 0
73748491 382403 0 0 0 0 0 0<br>
pan0: 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0<br>
+ _________________________ /proc/net/route<br>
+ cat /proc/net/route<br>
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window
IRTT <br>
eth0 000FA8C0 00000000 0001 0 0 0 00FFFFFF 0
0
0
<br>
eth0 00000000 010FA8C0 0003 0 0 0 00000000 0
0
0
<br>
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc<br>
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc<br>
0<br>
+ _________________________ /proc/sys/net/ipv4/ip_forward<br>
+ cat /proc/sys/net/ipv4/ip_forward<br>
0<br>
+ _________________________ /proc/sys/net/ipv4/tcp_ecn<br>
+ cat /proc/sys/net/ipv4/tcp_ecn<br>
0<br>
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter<br>
+ cd /proc/sys/net/ipv4/conf<br>
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
pan0/rp_filter<br>
all/rp_filter:0<br>
default/rp_filter:1<br>
eth0/rp_filter:1<br>
lo/rp_filter:1<br>
pan0/rp_filter:1<br>
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects<br>
+ cd /proc/sys/net/ipv4/conf<br>
+ egrep '^' all/accept_redirects all/secure_redirects
all/send_redirects default/accept_redirects default/secure_redirects
default/send_redirects eth0/accept_redirects eth0/secure_redirects
eth0/send_redirects lo/accept_redirects lo/secure_redirects
lo/send_redirects pan0/accept_redirects pan0/secure_redirects
pan0/send_redirects<br>
all/accept_redirects:1<br>
all/secure_redirects:1<br>
all/send_redirects:1<br>
default/accept_redirects:1<br>
default/secure_redirects:1<br>
default/send_redirects:1<br>
eth0/accept_redirects:1<br>
eth0/secure_redirects:1<br>
eth0/send_redirects:1<br>
lo/accept_redirects:1<br>
lo/secure_redirects:1<br>
lo/send_redirects:1<br>
pan0/accept_redirects:1<br>
pan0/secure_redirects:1<br>
pan0/send_redirects:1<br>
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling<br>
+ cat /proc/sys/net/ipv4/tcp_window_scaling<br>
1<br>
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale<br>
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale<br>
2<br>
+ _________________________ uname-a<br>
+ uname -a<br>
Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13
20:52:14 EST 2008 i686 i686 i386 GNU/Linux<br>
+ _________________________ config-built-with<br>
+ test -r /proc/config_built_with<br>
+ _________________________ distro-release<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/redhat-release<br>
+ cat /etc/redhat-release<br>
Fedora release 9 (Sulphur)<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/debian-release<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/SuSE-release<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/mandrake-release<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/mandriva-release<br>
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<br>
+ test -f /etc/gentoo-release<br>
+ _________________________ /proc/net/ipsec_version<br>
+ test -r /proc/net/ipsec_version<br>
+ test -r /proc/net/pfkey<br>
++ uname -r<br>
+ echo 'NETKEY (2.6.27.5-41.fc9.i686) support detected '<br>
NETKEY (2.6.27.5-41.fc9.i686) support detected <br>
+ _________________________ iptables<br>
+ test -r /sbin/iptables<br>
+ iptables -L -v -n<br>
+ _________________________ iptables-nat<br>
+ iptables -t nat -L -v -n<br>
+ _________________________ iptables-mangle<br>
+ iptables -t mangle -L -v -n<br>
+ _________________________ /proc/modules<br>
+ test -f /proc/modules<br>
+ cat /proc/modules<br>
ipcomp6 6912 0 - Live 0xfacdb000<br>
ipcomp 6656 0 - Live 0xfac54000<br>
ah6 9216 0 - Live 0xfad76000<br>
ah4 8320 0 - Live 0xfacd3000<br>
esp6 9472 0 - Live 0xfaccf000<br>
esp4 9472 0 - Live 0xfaccb000<br>
xfrm4_mode_beet 6400 0 - Live 0xfacbc000<br>
xfrm4_tunnel 6272 0 - Live 0xfacb9000<br>
xfrm4_mode_tunnel 6272 0 - Live 0xfacb6000<br>
xfrm4_mode_transport 5760 0 - Live 0xfacb3000<br>
xfrm6_mode_transport 5760 0 - Live 0xfac86000<br>
xfrm6_mode_ro 5632 0 - Live 0xfac83000<br>
xfrm6_mode_beet 6144 0 - Live 0xfac80000<br>
xfrm6_mode_tunnel 6144 0 - Live 0xfac7d000<br>
af_key 30356 0 - Live 0xfac66000<br>
iptable_mangle 6656 0 - Live 0xfad5d000<br>
iptable_nat 8712 0 - Live 0xfad7a000<br>
nf_nat 17944 1 iptable_nat, Live 0xfad81000<br>
nls_utf8 5632 1 - Live 0xfad73000<br>
deflate 6528 0 - Live 0xfad60000<br>
zlib_deflate 21224 1 deflate, Live 0xfad6c000<br>
ctr 7936 0 - Live 0xfad34000<br>
camellia 22144 0 - Live 0xfad65000<br>
bridge 43668 0 - Live 0xfad47000<br>
stp 6148 1 bridge, Live 0xfad37000<br>
bnep 14848 2 - Live 0xfad2a000<br>
rfcomm 33936 4 - Live 0xfad53000<br>
rmd160 14720 0 - Live 0xfad2f000<br>
l2cap 21504 16 bnep,rfcomm, Live 0xfad18000<br>
bluetooth 48608 5 bnep,rfcomm,l2cap, Live 0xfad3a000<br>
crypto_null 6784 0 - Live 0xfad0f000<br>
ccm 11776 0 - Live 0xfad26000<br>
serpent 22912 0 - Live 0xfad1f000<br>
blowfish 12032 0 - Live 0xfacf7000<br>
twofish 10880 0 - Live 0xfad0b000<br>
twofish_common 17024 1 twofish, Live 0xfad12000<br>
ecb 6528 0 - Live 0xfad08000<br>
xcbc 8200 0 - Live 0xfad04000<br>
cbc 7168 0 - Live 0xfacfb000<br>
crypto_blkcipher 18052 5 ctr,crypto_null,ccm,ecb,cbc, Live 0xfacfe000<br>
sha256_generic 16128 0 - Live 0xfacee000<br>
sha512_generic 11904 0 - Live 0xfacf3000<br>
des_generic 20352 0 - Live 0xfacde000<br>
aes_i586 11648 0 - Live 0xfacbf000<br>
aes_generic 31144 1 aes_i586, Live 0xface5000<br>
xfrm_ipcomp 8584 2 ipcomp6,ipcomp, Live 0xfacd7000<br>
aead 9600 3 esp6,esp4,ccm, Live 0xfacc3000<br>
tunnel4 6792 1 xfrm4_tunnel, Live 0xfac51000<br>
xfrm6_tunnel 9860 1 ipcomp6, Live 0xfac62000<br>
tunnel6 6664 1 xfrm6_tunnel, Live 0xfac5f000<br>
fuse 49436 3 - Live 0xfac6f000<br>
sunrpc 155924 3 - Live 0xfac8b000<br>
ipt_REJECT 6656 2 - Live 0xfac5c000<br>
nf_conntrack_ipv4 11528 5 iptable_nat,nf_nat, Live 0xfab28000<br>
iptable_filter 6528 1 - Live 0xfac40000<br>
ip_tables 13712 3 iptable_mangle,iptable_nat,iptable_filter, Live
0xfac57000<br>
ip6t_REJECT 7296 2 - Live 0xfac38000<br>
xt_tcpudp 6656 2 - Live 0xfac35000<br>
nf_conntrack_ipv6 15864 2 - Live 0xfac3b000<br>
xt_state 5888 4 - Live 0xfac32000<br>
nf_conntrack 51424 5
iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live
0xfac43000<br>
ip6table_filter 6400 1 - Live 0xfab2c000<br>
ip6_tables 14736 1 ip6table_filter, Live 0xf8ade000<br>
x_tables 15236 7
iptable_nat,ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables,
Live 0xf8ad1000<br>
cpufreq_ondemand 9868 2 - Live 0xf8ada000<br>
acpi_cpufreq 12172 0 - Live 0xf8ad6000<br>
dm_multipath 17292 0 - Live 0xf8a59000<br>
scsi_dh 9476 1 dm_multipath, Live 0xf89d2000<br>
radeon 119044 3 - Live 0xf8b08000<br>
drm 146404 4 radeon, Live 0xf8ae3000<br>
ipv6 230260 39
ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,
Live 0xf8a1f000<br>
snd_hda_intel 351380 3 - Live 0xf8a5f000<br>
snd_seq_dummy 6660 0 - Live 0xf89a3000<br>
snd_seq_oss 30364 0 - Live 0xf89e3000<br>
snd_seq_midi_event 9600 1 snd_seq_oss, Live 0xf89b0000<br>
snd_seq 48576 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live
0xf89d6000<br>
snd_seq_device 9996 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf89ac000<br>
snd_pcm_oss 42496 0 - Live 0xf89ba000<br>
snd_mixer_oss 16896 1 snd_pcm_oss, Live 0xf89a6000<br>
snd_pcm 65924 2 snd_hda_intel,snd_pcm_oss, Live 0xf896e000<br>
snd_timer 22024 2 snd_seq,snd_pcm, Live 0xf8926000<br>
snd_page_alloc 11016 2 snd_hda_intel,snd_pcm, Live 0xf896a000<br>
snd_hwdep 10500 1 snd_hda_intel, Live 0xf8937000<br>
ppdev 10372 0 - Live 0xf8933000<br>
snd 50744 16
snd_hda_intel,snd_seq_dummy,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep,
Live 0xf8991000<br>
parport_pc 25620 0 - Live 0xf893d000<br>
parport 31956 2 ppdev,parport_pc, Live 0xf8961000<br>
dcdbas 10272 0 - Live 0xf891e000<br>
sr_mod 17064 1 - Live 0xf892d000<br>
tg3 107780 0 - Live 0xf8945000<br>
serio_raw 8836 0 - Live 0xf8922000<br>
libphy 18560 1 tg3, Live 0xf88fd000<br>
soundcore 9416 1 snd, Live 0xf891a000<br>
iTCO_wdt 13732 0 - Live 0xf8903000<br>
cdrom 32664 1 sr_mod, Live 0xf8911000<br>
i2c_i801 12048 0 - Live 0xf88ca000<br>
iTCO_vendor_support 6916 1 iTCO_wdt, Live 0xf8834000<br>
pcspkr 6272 0 - Live 0xf88ba000<br>
i2c_core 21396 2 drm,i2c_i801, Live 0xf88f0000<br>
sg 31028 0 - Live 0xf8908000<br>
dm_snapshot 19364 0 - Live 0xf88f7000<br>
dm_zero 5632 0 - Live 0xf88ad000<br>
dm_mirror 19968 0 - Live 0xf88b4000<br>
dm_log 12164 1 dm_mirror, Live 0xf884e000<br>
dm_mod 48692 10 dm_multipath,dm_snapshot,dm_zero,dm_mirror,dm_log, Live
0xf88bd000<br>
pata_acpi 7680 0 - Live 0xf884b000<br>
ata_generic 8452 0 - Live 0xf8847000<br>
ata_piix 24836 3 - Live 0xf88a5000<br>
libata 134380 3 pata_acpi,ata_generic,ata_piix, Live 0xf88ce000<br>
sd_mod 32408 3 - Live 0xf889c000<br>
scsi_mod 123772 5 scsi_dh,sr_mod,sg,libata,sd_mod, Live 0xf885f000<br>
crc_t10dif 5632 1 sd_mod, Live 0xf8844000<br>
ext3 109192 2 - Live 0xf8880000<br>
jbd 42900 1 ext3, Live 0xf8853000<br>
mbcache 10244 1 ext3, Live 0xf8839000<br>
uhci_hcd 23312 0 - Live 0xf883d000<br>
ohci_hcd 24336 0 - Live 0xf8824000<br>
ehci_hcd 32524 0 - Live 0xf882b000<br>
+ _________________________ /proc/meminfo<br>
+ cat /proc/meminfo<br>
MemTotal: 2072476 kB<br>
MemFree: 87604 kB<br>
Buffers: 160136 kB<br>
Cached: 779088 kB<br>
SwapCached: 32 kB<br>
Active: 1195048 kB<br>
Inactive: 559600 kB<br>
HighTotal: 1177596 kB<br>
HighFree: 12000 kB<br>
LowTotal: 894880 kB<br>
LowFree: 75604 kB<br>
SwapTotal: 2031608 kB<br>
SwapFree: 2031456 kB<br>
Dirty: 176 kB<br>
Writeback: 0 kB<br>
AnonPages: 815192 kB<br>
Mapped: 143760 kB<br>
Slab: 129540 kB<br>
SReclaimable: 110380 kB<br>
SUnreclaim: 19160 kB<br>
PageTables: 7032 kB<br>
NFS_Unstable: 0 kB<br>
Bounce: 0 kB<br>
WritebackTmp: 0 kB<br>
CommitLimit: 3067844 kB<br>
Committed_AS: 1478656 kB<br>
VmallocTotal: 110584 kB<br>
VmallocUsed: 38328 kB<br>
VmallocChunk: 72156 kB<br>
HugePages_Total: 0<br>
HugePages_Free: 0<br>
HugePages_Rsvd: 0<br>
HugePages_Surp: 0<br>
Hugepagesize: 4096 kB<br>
DirectMap4k: 8192 kB<br>
DirectMap4M: 909312 kB<br>
+ _________________________ /proc/net/ipsec-ls<br>
+ test -f /proc/net/ipsec_version<br>
+ _________________________ usr/src/linux/.config<br>
+ test -f /proc/config.gz<br>
++ uname -r<br>
+ test -f /lib/modules/2.6.27.5-41.fc9.i686/build/.config<br>
+ echo 'no .config file found, cannot list kernel properties'<br>
no .config file found, cannot list kernel properties<br>
+ _________________________ etc/syslog.conf<br>
+ _________________________ etc/syslog-ng/syslog-ng.conf<br>
+ cat /etc/syslog-ng/syslog-ng.conf<br>
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory<br>
+ cat /etc/syslog.conf<br>
cat: /etc/syslog.conf: No such file or directory<br>
+ _________________________ etc/resolv.conf<br>
+ cat /etc/resolv.conf<br>
# generated by NetworkManager, do not edit!<br>
<br>
nameserver 192.168.15.1<br>
<br>
+ _________________________ lib/modules-ls<br>
+ ls -ltr /lib/modules<br>
total 12<br>
drwxr-xr-x 7 root root 4096 Oct 24 17:56 2.6.26.6-79.fc9.i686<br>
drwxr-xr-x 7 root root 4096 Nov 15 12:00 2.6.27.5-37.fc9.i686<br>
drwxr-xr-x 7 root root 4096 Nov 19 13:03 2.6.27.5-41.fc9.i686<br>
+ _________________________ /proc/ksyms-netif_rx<br>
+ test -r /proc/ksyms<br>
+ test -r /proc/kallsyms<br>
+ egrep netif_rx /proc/kallsyms<br>
c05d6055 T netif_rx<br>
c05d6697 T netif_rx_ni<br>
c072abbc r __ksymtab_netif_rx<br>
c072acc4 r __ksymtab_netif_rx_ni<br>
c073b292 r __kstrtab_netif_rx<br>
c073b4ce r __kstrtab_netif_rx_ni<br>
c05d6697 u netif_rx_ni [bnep]<br>
c05d6055 u netif_rx [ipv6]<br>
f894f103 t netif_rx_schedule [tg3]<br>
f8950af8 t netif_rx_complete [tg3]<br>
+ _________________________ lib/modules-netif_rx<br>
+ modulegoo kernel/net/ipv4/ipip.o netif_rx<br>
+ set +x<br>
2.6.26.6-79.fc9.i686: <br>
2.6.27.5-37.fc9.i686: <br>
2.6.27.5-41.fc9.i686: <br>
+ _________________________ kern.debug<br>
+ test -f /var/log/kern.debug<br>
+ _________________________ klog<br>
+ sed -n '1151,$p' /var/log/messages<br>
+ egrep -i 'ipsec|klips|pluto'<br>
+ case "$1" in<br>
+ cat<br>
Jan 26 09:36:38 localhost ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.27.5-41.fc9.i686...<br>
Jan 26 09:36:38 localhost ipsec_setup: <br>
Jan 26 09:36:38 localhost ipsec_setup: <br>
Jan 26 09:36:38 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f<br>
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f<br>
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f<br>
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f<br>
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f<br>
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux
messages. run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2<br>
+ _________________________ plog<br>
+ sed -n '5,$p' /var/log/secure<br>
+ egrep -i pluto<br>
+ case "$1" in<br>
+ cat<br>
Jan 26 09:33:17 localhost pluto[20993]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:20993<br>
Jan 26 09:33:17 localhost pluto[20993]: Setting NAT-Traversal port-4500
floating to on<br>
Jan 26 09:33:17 localhost pluto[20993]: port floating activation
criteria nat_t=1/port_float=1<br>
Jan 26 09:33:17 localhost pluto[20993]: including NAT-Traversal
patch (Version 0.6c)<br>
Jan 26 09:33:17 localhost pluto[20993]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)<br>
Jan 26 09:33:17 localhost pluto[20993]: starting up 1 cryptographic
helpers<br>
Jan 26 09:33:17 localhost pluto[21003]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:33:17 localhost pluto[20993]: started helper pid=21003 (fd:7)<br>
Jan 26 09:33:17 localhost pluto[20993]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d<br>
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d<br>
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d<br>
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/crls'<br>
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:33:18 localhost pluto[20993]: added connection description
"vo"<br>
Jan 26 09:33:18 localhost pluto[20993]: added connection description
"vodmz"<br>
Jan 26 09:33:28 localhost pluto[20993]: shutting down<br>
Jan 26 09:33:28 localhost pluto[20993]: "vodmz": deleting connection<br>
Jan 26 09:33:28 localhost pluto[20993]: "vo": deleting connection<br>
Jan 26 09:33:31 localhost pluto[21368]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:21368<br>
Jan 26 09:33:31 localhost pluto[21368]: Setting NAT-Traversal port-4500
floating to on<br>
Jan 26 09:33:31 localhost pluto[21368]: port floating activation
criteria nat_t=1/port_float=1<br>
Jan 26 09:33:31 localhost pluto[21368]: including NAT-Traversal
patch (Version 0.6c)<br>
Jan 26 09:33:31 localhost pluto[21368]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: starting up 1 cryptographic
helpers<br>
Jan 26 09:33:31 localhost pluto[21371]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:33:31 localhost pluto[21368]: started helper pid=21371 (fd:7)<br>
Jan 26 09:33:31 localhost pluto[21368]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d<br>
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d<br>
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d<br>
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/crls'<br>
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:33:31 localhost pluto[21368]: added connection description
"vo"<br>
Jan 26 09:33:31 localhost pluto[21368]: added connection description
"vodmz"<br>
Jan 26 09:34:10 localhost pluto[21368]: shutting down<br>
Jan 26 09:34:10 localhost pluto[21368]: "vodmz": deleting connection<br>
Jan 26 09:34:10 localhost pluto[21368]: "vo": deleting connection<br>
Jan 26 09:34:12 localhost pluto[21750]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:21750<br>
Jan 26 09:34:12 localhost pluto[21750]: Setting NAT-Traversal port-4500
floating to on<br>
Jan 26 09:34:12 localhost pluto[21750]: port floating activation
criteria nat_t=1/port_float=1<br>
Jan 26 09:34:12 localhost pluto[21750]: including NAT-Traversal
patch (Version 0.6c)<br>
Jan 26 09:34:12 localhost pluto[21750]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: starting up 1 cryptographic
helpers<br>
Jan 26 09:34:12 localhost pluto[21752]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:34:12 localhost pluto[21750]: started helper pid=21752 (fd:7)<br>
Jan 26 09:34:12 localhost pluto[21750]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d<br>
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d<br>
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d<br>
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/crls'<br>
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:34:12 localhost pluto[21750]: added connection description
"vo"<br>
Jan 26 09:34:12 localhost pluto[21750]: added connection description
"vodmz"<br>
Jan 26 09:36:36 localhost pluto[21750]: shutting down<br>
Jan 26 09:36:36 localhost pluto[21750]: "vodmz": deleting connection<br>
Jan 26 09:36:36 localhost pluto[21750]: "vo": deleting connection<br>
Jan 26 09:36:38 localhost pluto[22267]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:22267<br>
Jan 26 09:36:38 localhost pluto[22267]: Setting NAT-Traversal port-4500
floating to on<br>
Jan 26 09:36:38 localhost pluto[22267]: port floating activation
criteria nat_t=1/port_float=1<br>
Jan 26 09:36:38 localhost pluto[22267]: including NAT-Traversal
patch (Version 0.6c)<br>
Jan 26 09:36:38 localhost pluto[22267]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: starting up 1 cryptographic
helpers<br>
Jan 26 09:36:38 localhost pluto[22268]: using /dev/urandom as source of
random entropy<br>
Jan 26 09:36:38 localhost pluto[22267]: started helper pid=22268 (fd:7)<br>
Jan 26 09:36:38 localhost pluto[22267]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
WARNING: enc alg=0 not found in constants.c:oakley_enc_names <br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists<br>
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)<br>
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d<br>
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d<br>
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d<br>
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/crls'<br>
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)<br>
Jan 26 09:36:39 localhost pluto[22267]: added connection description
"vo"<br>
Jan 26 09:36:39 localhost pluto[22267]: added connection description
"vodmz"<br>
+ _________________________ date<br>
+ date<br>
Mon Jan 26 09:41:09 EST 2009<br>
<br>
<br>
<div class="moz-signature">-- <br>
<title></title>
Chris Garrigues <br>
<div class="moz-signature">Senior System Administrator <br>
Ph: (512) 961-6808<br>
<a href="mailto:chris.garrigues@SteepRockInc.com">chris.garrigues@SteepRockInc.com</a>
<br>
<img alt="" src="cid:part1.00040100.08040009@steeprockinc.com"
height="35" width="350"><br>
</div>
</div>
</body>
</html>