[root@fw shorewall]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.14/K2.6.18-128.2.1.el5 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
[root@fw shorewall]# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface dmz0/dmz0 10.27.2.254
000 interface vlan1/vlan1 10.27.0.254
000 interface vlan2/vlan2 10.27.1.254
000 interface vlan10/vlan10 RRR.RRR.RRR.RRR
000 interface vlan11/vlan11 192.168.1.2
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,1,36} trans={0,1,1080} attrs={0,1,1440}
000
000 "onebyte": 10.27.0.0/24===RRR.RRR.RRR.RRR<RRR.RRR.RRR.RRR>[+S=C]...LLL.LLL.LLL.LLL<LLL.LLL.LLL.LLL>[+S=C]===10.0.14.0/24; erouted; eroute owner: #1362
000 "onebyte":     myip=unset; hisip=unset;
000 "onebyte":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "onebyte":   policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface: vlan10;
000 "onebyte":   newest ISAKMP SA: #1361; newest IPsec SA: #1362;
000 "onebyte":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "onebyte":   ESP algorithms wanted: 3DES(3)_000-SHA1(2); flags=-strict
000 "onebyte":   ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "onebyte":   ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=<N/A>
000
000 #1400: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 28s; nodpd; idle; import:not set
000 #1396: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 26s; nodpd; idle; import:not set
000 #1385: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 18s; nodpd; idle; import:not set
000 #1402: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 35s; nodpd; idle; import:not set
000 #1386: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 16s; nodpd; idle; import:not set
000 #1389: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 23s; nodpd; idle; import:not set
000 #1384: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 27s; nodpd; idle; import:not set
000 #1394: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 34s; nodpd; idle; import:not set
000 #1404: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s; nodpd; idle; import:admin initiate
000 #1404: pending Phase 2 for "onebyte" replacing #3
000 #1404: pending Phase 2 for "onebyte" replacing #0
000 #1403: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 30s; nodpd; idle; import:not set
000 #1392: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 8s; nodpd; idle; import:not set
000 #1388: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 28s; nodpd; idle; import:not set
000 #1331: "onebyte":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 941s; isakmp#1249; idle; import:not set
000 #1331: "onebyte" esp.7bad139a@LLL.LLL.LLL.LLL esp.3045c6b7@RRR.RRR.RRR.RRR tun.0@LLL.LLL.LLL.LLL tun.0@RRR.RRR.RRR.RRR ref=0 refhim=4294901761
000 #1362: "onebyte":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1864s; newest IPSEC; eroute owner; isakmp#1361; idle; import:not set
000 #1362: "onebyte" esp.7bad139b@LLL.LLL.LLL.LLL esp.5c14bd0f@RRR.RRR.RRR.RRR tun.0@LLL.LLL.LLL.LLL tun.0@RRR.RRR.RRR.RRR ref=0 refhim=4294901761
000 #1361: "onebyte":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1863s; newest ISAKMP; lastdpd=25s(seq in:0 out:0); idle; im                                                      port:not set
000 #1395: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 27s; nodpd; idle; import:not set
000 #1406: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 25s; nodpd; idle; import:not set
000 #1387: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s; nodpd; idle; import:not set
000 #1398: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 34s; nodpd; idle; import:not set
000 #1397: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 1s; nodpd; idle; import:not set
000 #1390: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 15s; nodpd; idle; import:not set
000 #1393: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s; nodpd; idle; import:not set
000 #1391: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 40s; nodpd; idle; import:not set
000 #1405: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 9s; nodpd; idle; import:not set
000 #1399: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 35s; nodpd; idle; import:not set
000 #1401: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 15s; nodpd; idle; import:not set
000 #1383: "onebyte":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s; nodpd; idle; import:not set
000