myserver.stratoserver.net Sat Nov 21 10:35:40 CET 2009 + _________________________ version + ipsec --version Linux Openswan U2.6.23/K2.6.24-21-server (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.24-21-server (buildd@crested) (gcc version 4.2.3 (Ubuntu 4.2.3-2ubuntu7)) #1 SMP Tue Oct 21 23:40:13 UTC 2008 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 85.214.64.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 85.214.64.1 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state + _________________________ ip-xfrm-policy + ip xfrm policy src ::/0 dst ::/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir in priority 0 src ::/0 dst ::/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir out priority 0 + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : sha512 driver : sha512-generic module : sha512 priority : 0 refcnt : 1 type : digest blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512 priority : 0 refcnt : 1 type : digest blocksize : 128 digestsize : 48 name : ecb(arc4) driver : ecb(arc4-generic) module : ecb priority : 0 refcnt : 1 type : blkcipher blocksize : 1 min keysize : 1 max keysize : 256 ivsize : 0 name : arc4 driver : arc4-generic module : arc4 priority : 0 refcnt : 1 type : cipher blocksize : 1 min keysize : 1 max keysize : 256 name : deflate driver : deflate-generic module : deflate priority : 0 refcnt : 1 type : compression name : cbc(twofish) driver : cbc(twofish-generic) module : cbc priority : 100 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 name : twofish driver : twofish-generic module : twofish priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : cbc(camellia) driver : cbc(camellia-generic) module : cbc priority : 100 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 name : camellia driver : camellia-generic module : camellia priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : cbc(serpent) driver : cbc(serpent-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 name : tnepres driver : tnepres-generic module : serpent priority : 0 refcnt : 1 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 refcnt : 1 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : cbc(aes) driver : cbc(aes-x86_64) module : cbc priority : 200 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 name : cbc(blowfish) driver : cbc(blowfish-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 name : blowfish driver : blowfish-generic module : blowfish priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : cbc(des3_ede) driver : cbc(des3_ede-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 name : cbc(des) driver : cbc(des-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 8 max keysize : 8 ivsize : 8 name : des3_ede driver : des3_ede-generic module : des_generic priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des_generic priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : ecb(cipher_null) driver : ecb(cipher_null-generic) module : ecb priority : 0 refcnt : 1 type : blkcipher blocksize : 1 min keysize : 0 max keysize : 0 ivsize : 0 name : xcbc(aes) driver : xcbc(aes-x86_64) module : xcbc priority : 200 refcnt : 1 type : hash blocksize : 16 digestsize : 16 name : aes driver : aes-x86_64 module : aes_x86_64 priority : 200 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-generic module : aes_generic priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : hmac(sha256) driver : hmac(sha256-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 64 digestsize : 32 name : sha256 driver : sha256-generic module : sha256_generic priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 32 name : hmac(sha1) driver : hmac(sha1-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 64 digestsize : 20 name : sha1 driver : sha1-generic module : sha1_generic priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 20 name : hmac(md5) driver : hmac(md5-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 64 digestsize : 16 name : hmac(digest_null) driver : hmac(digest_null-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 1 digestsize : 0 name : compress_null driver : compress_null-generic module : crypto_null priority : 0 refcnt : 1 type : compression name : digest_null driver : digest_null-generic module : crypto_null priority : 0 refcnt : 1 type : digest blocksize : 1 digestsize : 0 name : cipher_null driver : cipher_null-generic module : crypto_null priority : 0 refcnt : 1 type : cipher blocksize : 1 min keysize : 0 max keysize : 0 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 16 + __________________________/proc/sys/net/core/xfrm-star /usr/local/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 0 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 using kernel interface: netkey 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 123.456.789.123 000 interface eth0/eth0 222.333.444.555 000 interface tap0/tap0 10.8.0.1 000 interface tap0/tap0 10.8.0.1 000 %myid = (none) 000 debug none 000 000 virtual_private (%priv): 000 - allowed 3 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 000 - disallowed 0 subnets: 000 WARNING: Either virtual_private= was not specified, or there was a syntax 000 error in that line. 'left/rightsubnet=%priv' will not work! 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "L2TP-PSK-NAT": 123.456.789.123[+S=C]:17/1701...%virtual[+S=C]:17/%any===?; unrouted; eroute owner: #0 000 "L2TP-PSK-NAT": myip=unset; hisip=unset; 000 "L2TP-PSK-NAT": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "L2TP-PSK-NAT": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: eth0; 000 "L2TP-PSK-NAT": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:21:85:fa:8e:c4 inet addr:123.456.789.123 Bcast:123.456.789.123 Mask:255.255.255.255 inet6 addr: fe80::221:85ff:fefa:8ec4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1941806 errors:0 dropped:0 overruns:0 frame:0 TX packets:1736754 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1598742910 (1.4 GB) TX bytes:818825884 (780.8 MB) Base address:0xd800 Memory:feae0000-feb00000 eth1 Link encap:Ethernet HWaddr 00:21:85:fa:8e:c5 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Base address:0xe800 Memory:febe0000-fec00000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:38377 errors:0 dropped:0 overruns:0 frame:0 TX packets:38377 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:41367081 (39.4 MB) TX bytes:41367081 (39.4 MB) tap0 Link encap:Ethernet HWaddr 00:ff:f2:0d:bc:e0 inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0 inet6 addr: fe80::2ff:f2ff:fe0d:bce0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4187 errors:0 dropped:0 overruns:0 frame:0 TX packets:218 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:504006 (492.1 KB) TX bytes:32455 (31.6 KB) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:21:85:fa:8e:c4 brd ff:ff:ff:ff:ff:ff inet 123.456.789.123/32 brd 123.456.789.123 scope global eth0 inet 85.214.33.140/32 brd 85.255.255.255 scope global eth0:1 inet6 fe80::221:85ff:fefa:8ec4/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc noop qlen 1000 link/ether 00:21:85:fa:8e:c5 brd ff:ff:ff:ff:ff:ff 4: tap0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:ff:f2:0d:bc:e0 brd ff:ff:ff:ff:ff:ff inet 10.8.0.1/24 brd 10.8.0.255 scope global tap0 inet6 fe80::2ff:f2ff:fe0d:bce0/64 scope link valid_lft forever preferred_lft forever + _________________________ ip-route-list + ip route list 85.214.64.1 dev eth0 scope link 10.8.0.0/24 dev tap0 proto kernel scope link src 10.8.0.1 default via 85.214.64.1 dev eth0 metric 100 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.23/K2.6.24-21-server (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will cause the sending of bogus ICMP redirects! NETKEY detected, testing for disabled ICMP accept_redirects [FAILED] Please disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will accept bogus ICMP redirects! Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: Yukon-EC 88E1111 rev 2 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD eth1: no link product info: Yukon-EC 88E1111 rev 2 basic mode: autonegotiation enabled basic status: no link capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn myserver.stratoserver.net + _________________________ hostname/ipaddress + hostname --ip-address 123.456.789.123 + _________________________ uptime + uptime 10:35:42 up 1 day, 20:34, 2 users, load average: 0.00, 0.00, 0.00 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 23536 17074 20 0 10232 1452 wait S+ pts/1 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf 1 0 23629 23536 20 0 10232 700 - R+ pts/1 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf 1 0 22078 1 20 0 8972 496 wait S pts/1 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 --crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 1 0 22079 22078 20 0 8972 672 wait S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 --crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 4 0 22080 22079 20 0 9604 1636 - S pts/1 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 --nhelpers 0 0 0 22130 22080 20 0 5852 384 - S pts/1 0:00 | \_ _pluto_adns 0 0 22083 22078 20 0 8932 1224 pipe_w S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 0 0 22081 1 20 0 3848 608 pipe_w S pts/1 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults routephys=eth0 routevirt=none routeaddr=123.456.789.123 routenexthop=85.214.64.1 + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $ # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 private" # eg: # plutodebug="control parsing" # # Only enable klipsdebug=all if you are a developer # # NAT-TRAVERSAL support, see README.NAT-Traversal #plutodebug="all" nat_traversal=yes protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 # # enable this if you see "failed to find any available worker" nhelpers=0 #interfaces="ipsec0=eth0:1" # Add connections here #Disable Opportunistic Encryption #< /etc/ipsec.d/examples/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/share/doc/openswan/policygroups.html for details. # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 34 # l2tp hinzufügen #< /etc/ipsec.d/l2tp-psk.conf 1 # Configuration supporting multiple users with any type of # IPsec/L2TP client. This includes the updated Windows 2000/XP # (MS KB Q818043), Vista and Mac OS X 10.3+ but excludes the # non-updated Windows 2000/XP. # # Authenticates through a Pre-Shared Key. Supports clients that # are not behind NAT. Does not support clients that are behind NAT. conn L2TP-PSK-NAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=tunnel #left=85.214.33.140 left=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any rightsubnet=vhost:%no,%priv #> /etc/ipsec.conf 37 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 #85.214.33.140 92.50.99.45: PSK "[sums to 06f0...]" 85.214.33.140 %any: PSK "[sums to c963...]" 123.456.789.123 %any: PSK "[sums to c963...]" + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 3: PSK %any 123.456.789.123 000 2: PSK %any 85.214.33.140 + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $ # # # Michael's idea: Always have ROOT NAMESERVERS in the clear. # It will make OE work much better on machines running caching # resolvers. # # Based on: http://www.internic.net/zones/named.root # This file holds the information on root name servers needed to # last update: Jan 29, 2004 # related version of root zone: 2004012900 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 192.58.128.30/32 193.0.14.129/32 198.32.64.12/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec total 168 -rwxr-xr-x 1 root root 16883 Nov 21 08:29 _copyright -rwxr-xr-x 1 root root 2379 Nov 21 08:29 _include -rwxr-xr-x 1 root root 1475 Nov 21 08:29 _keycensor -rwxr-xr-x 1 root root 2632 Nov 21 08:29 _plutoload -rwxr-xr-x 1 root root 7635 Nov 21 08:29 _plutorun -rwxr-xr-x 1 root root 12943 Nov 21 08:29 _realsetup -rwxr-xr-x 1 root root 1975 Nov 21 08:29 _secretcensor -rwxr-xr-x 1 root root 8567 Nov 21 08:29 _startklips -rwxr-xr-x 1 root root 8567 Nov 21 08:29 _startklips.old -rwxr-xr-x 1 root root 5923 Nov 21 08:29 _startnetkey -rwxr-xr-x 1 root root 4886 Nov 21 08:29 _updown -rwxr-xr-x 1 root root 14028 Nov 21 08:29 _updown.klips -rwxr-xr-x 1 root root 14028 Nov 21 08:29 _updown.klips.old -rwxr-xr-x 1 root root 11798 Nov 21 08:29 _updown.mast -rwxr-xr-x 1 root root 11798 Nov 21 08:29 _updown.mast.old -rwxr-xr-x 1 root root 8534 Nov 21 08:29 _updown.netkey + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec total 10124 -rwxr-xr-x 1 root root 29469 Nov 21 08:29 _pluto_adns -rwxr-xr-x 1 root root 29469 Nov 21 08:28 _pluto_adns.old -rwxr-xr-x 1 root root 470026 Nov 21 08:29 addconn -rwxr-xr-x 1 root root 6015 Nov 21 08:29 auto -rwxr-xr-x 1 root root 10828 Nov 21 08:29 barf -rwxr-xr-x 1 root root 202240 Nov 21 08:29 eroute -rwxr-xr-x 1 root root 202240 Nov 21 08:28 eroute.old -rwxr-xr-x 1 root root 63270 Nov 21 08:29 ikeping -rwxr-xr-x 1 root root 134647 Nov 21 08:29 klipsdebug -rwxr-xr-x 1 root root 134647 Nov 21 08:28 klipsdebug.old -rwxr-xr-x 1 root root 2591 Nov 21 08:29 look -rwxr-xr-x 1 root root 2182 Nov 21 08:29 newhostkey -rwxr-xr-x 1 root root 129119 Nov 21 08:29 pf_key -rwxr-xr-x 1 root root 129119 Nov 21 08:28 pf_key.old -rwxr-xr-x 1 root root 3136016 Nov 21 08:29 pluto -rwxr-xr-x 1 root root 3136016 Nov 21 08:28 pluto.old -rwxr-xr-x 1 root root 24026 Nov 21 08:29 ranbits -rwxr-xr-x 1 root root 47467 Nov 21 08:29 rsasigkey -rwxr-xr-x 1 root root 766 Nov 21 08:29 secrets lrwxrwxrwx 1 root root 17 Nov 21 08:29 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Nov 21 08:29 showdefaults -rwxr-xr-x 1 root root 563443 Nov 21 08:29 showhostkey -rwxr-xr-x 1 root root 77746 Nov 21 08:29 showpolicy -rwxr-xr-x 1 root root 77746 Nov 21 08:28 showpolicy.old -rwxr-xr-x 1 root root 338511 Nov 21 08:29 spi -rwxr-xr-x 1 root root 338511 Nov 21 08:28 spi.old -rwxr-xr-x 1 root root 173210 Nov 21 08:29 spigrp -rwxr-xr-x 1 root root 173210 Nov 21 08:28 spigrp.old -rwxr-xr-x 1 root root 153913 Nov 21 08:29 tncfg -rwxr-xr-x 1 root root 153913 Nov 21 08:28 tncfg.old -rwxr-xr-x 1 root root 13384 Nov 21 08:29 verify -rwxr-xr-x 1 root root 134405 Nov 21 08:29 whack -rwxr-xr-x 1 root root 134405 Nov 21 08:28 whack.old + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:41367081 38377 0 0 0 0 0 0 41367081 38377 0 0 0 0 0 0 eth0:1598742910 1941806 0 0 0 0 0 0 818825884 1736754 0 0 0 0 0 0 eth1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 tap0: 504006 4187 0 0 0 0 0 0 32642 220 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 0140D655 00000000 0005 0 0 0 FFFFFFFF 0 0 0 tap0 0000080A 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 00000000 0140D655 0003 0 0 100 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter tap0/rp_filter all/rp_filter:1 default/rp_filter:1 eth0/rp_filter:0 eth1/rp_filter:1 lo/rp_filter:1 tap0/rp_filter:1 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects tap0/accept_redirects tap0/secure_redirects tap0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:1 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:0 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 tap0/accept_redirects:1 tap0/secure_redirects:1 tap0/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux myserver.stratoserver.net 2.6.24-21-server #1 SMP Tue Oct 21 23:40:13 UTC 2008 x86_64 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.24-21-server) support detected ' NETKEY (2.6.24-21-server) support detected + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 18 5400 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 11696 2592K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset 5 280 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 24 1440 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 2239 94038 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 56 2712 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8880 41 2256 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 273 13460 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 4 256 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:106 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9008 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9080 66 5148 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 23 5070 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 18 1008 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 2 104 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0 623 188K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 14 2940 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 11767 2842K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 198 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 24 1440 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 1139 82196 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 565 packets, 48109 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 896 packets, 64035 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 896 packets, 64035 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 15091 packets, 2911K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 15091 packets, 2911K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 12946 packets, 2929K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 12950 packets, 2929K bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules xfrm_user 36608 2 - Live 0xffffffff884cd000 ah6 16768 0 - Live 0xffffffff884c7000 ah4 15488 0 - Live 0xffffffff884c2000 esp6 17408 0 - Live 0xffffffff884bc000 esp4 17408 0 - Live 0xffffffff884b6000 xfrm4_mode_beet 11520 0 - Live 0xffffffff884b2000 xfrm4_tunnel 11648 0 - Live 0xffffffff884ae000 xfrm4_mode_tunnel 11648 0 - Live 0xffffffff884aa000 xfrm4_mode_transport 10752 0 - Live 0xffffffff884a6000 xfrm6_mode_transport 10880 0 - Live 0xffffffff884a2000 xfrm6_mode_ro 10752 0 - Live 0xffffffff8849e000 xfrm6_mode_beet 11264 0 - Live 0xffffffff8849a000 xfrm6_mode_tunnel 11520 0 - Live 0xffffffff88458000 ipcomp 17292 0 - Live 0xffffffff88494000 ipcomp6 17804 0 - Live 0xffffffff88467000 xfrm6_tunnel 18464 1 ipcomp6, Live 0xffffffff88461000 af_key 48788 0 - Live 0xffffffff8844b000 tunnel6 12688 1 xfrm6_tunnel, Live 0xffffffff8833a000 sha512 14080 0 - Live 0xffffffff88335000 arc4 10624 0 - Live 0xffffffff88490000 ppp_mppe 16776 0 - Live 0xffffffff8848a000 ppp_async 21760 0 - Live 0xffffffff88483000 crc_ccitt 10752 1 ppp_async, Live 0xffffffff8847f000 ppp_generic 40736 2 ppp_mppe,ppp_async, Live 0xffffffff88474000 slhc 15360 1 ppp_generic, Live 0xffffffff8846f000 tunnel4 12816 1 xfrm4_tunnel, Live 0xffffffff8845c000 appletalk 50320 0 - Live 0xffffffff8843d000 iptable_nat 16772 0 - Live 0xffffffff88437000 nf_nat 31148 1 iptable_nat, Live 0xffffffff8842e000 iptable_mangle 11648 0 - Live 0xffffffff8842a000 ipt_REJECT 13696 3 - Live 0xffffffff88425000 xt_tcpudp 12160 31 - Live 0xffffffff88421000 nf_conntrack_ipv4 29072 8 iptable_nat, Live 0xffffffff88418000 xt_state 11264 6 - Live 0xffffffff88414000 nf_conntrack 86384 4 iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state, Live 0xffffffff883fd000 ppdev 18568 0 - Live 0xffffffff883f7000 tun 21504 1 - Live 0xffffffff883f0000 battery 23944 0 - Live 0xffffffff883e9000 cpufreq_conservative 17800 0 - Live 0xffffffff883e3000 cpufreq_stats 16032 0 - Live 0xffffffff883de000 cpufreq_powersave 10368 0 - Live 0xffffffff883da000 cpufreq_ondemand 18320 1 - Live 0xffffffff883d4000 cpufreq_userspace 14468 0 - Live 0xffffffff883cf000 iptable_filter 11776 1 - Live 0xffffffff883cb000 ip_tables 31720 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xffffffff883c2000 x_tables 30728 5 iptable_nat,ipt_REJECT,xt_tcpudp,xt_state,ip_tables, Live 0xffffffff883b9000 deflate 12800 0 - Live 0xffffffff883b4000 zlib_deflate 30360 1 deflate, Live 0xffffffff883ab000 twofish 14848 0 - Live 0xffffffff883a6000 twofish_common 48000 1 twofish, Live 0xffffffff88399000 camellia 33792 0 - Live 0xffffffff8838f000 serpent 27520 0 - Live 0xffffffff88387000 blowfish 17024 0 - Live 0xffffffff88381000 des_generic 25472 0 - Live 0xffffffff88379000 cbc 13568 0 - Live 0xffffffff88374000 ecb 12416 0 - Live 0xffffffff8836f000 blkcipher 16644 2 cbc,ecb, Live 0xffffffff88369000 aes_x86_64 34088 0 - Live 0xffffffff8835f000 aes_generic 34880 0 - Live 0xffffffff88355000 xcbc 15112 0 - Live 0xffffffff88350000 sha256_generic 17536 0 - Live 0xffffffff8834a000 sha1_generic 11520 0 - Live 0xffffffff88346000 crypto_null 11520 0 - Live 0xffffffff88342000 ext2 87312 1 - Live 0xffffffff8831e000 ipv6 325896 40 ah6,esp6,xfrm6_mode_beet,ipcomp6,xfrm6_tunnel,tunnel6, Live 0xffffffff882cd000 af_packet 34440 2 - Live 0xffffffff882c3000 powernow_k8 24224 2 - Live 0xffffffff882bc000 freq_table 14080 3 cpufreq_stats,cpufreq_ondemand,powernow_k8, Live 0xffffffff882b7000 parport_pc 48296 0 - Live 0xffffffff882aa000 lp 22084 0 - Live 0xffffffff882a3000 parport 51340 3 ppdev,parport_pc,lp, Live 0xffffffff88295000 loop 28676 0 - Live 0xffffffff8828c000 sg 48920 0 - Live 0xffffffff8827f000 button 18080 0 - Live 0xffffffff88279000 serio_raw 16260 0 - Live 0xffffffff88274000 psmouse 53404 0 - Live 0xffffffff88265000 evdev 22144 2 - Live 0xffffffff8825e000 pcspkr 12160 0 - Live 0xffffffff8825a000 ext3 156176 1 - Live 0xffffffff88232000 jbd 64168 1 ext3, Live 0xffffffff88221000 mbcache 18560 2 ext2,ext3, Live 0xffffffff8821b000 atiixp 13840 0 [permanent], Live 0xffffffff88216000 ide_core 143768 1 atiixp, Live 0xffffffff881f1000 pata_atiixp 17664 0 - Live 0xffffffff881eb000 sd_mod 40448 8 - Live 0xffffffff881e0000 pata_acpi 17024 0 - Live 0xffffffff881da000 ehci_hcd 49164 0 - Live 0xffffffff881ca000 ahci 40452 6 - Live 0xffffffff881bd000 ata_generic 17156 0 - Live 0xffffffff881b7000 libata 183600 4 pata_atiixp,pata_acpi,ahci,ata_generic, Live 0xffffffff88189000 ohci_hcd 36124 0 - Live 0xffffffff8817f000 k8temp 14848 0 - Live 0xffffffff88178000 usbcore 177072 3 ehci_hcd,ohci_hcd, Live 0xffffffff88149000 i2c_piix4 18316 0 - Live 0xffffffff88141000 scsi_mod 185528 3 sg,sd_mod,libata, Live 0xffffffff8810f000 i2c_core 35712 1 i2c_piix4, Live 0xffffffff88105000 e1000 144704 0 - Live 0xffffffff880de000 shpchp 45340 0 - Live 0xffffffff880d1000 pci_hotplug 41776 1 shpchp, Live 0xffffffff880c5000 raid10 33536 0 - Live 0xffffffff880bb000 raid456 138528 0 - Live 0xffffffff88098000 async_xor 13312 1 raid456, Live 0xffffffff88093000 async_memcpy 11776 1 raid456, Live 0xffffffff8808f000 async_tx 17652 3 raid456,async_xor,async_memcpy, Live 0xffffffff88089000 xor 14352 2 raid456,async_xor, Live 0xffffffff88084000 raid1 33920 2 - Live 0xffffffff8807a000 raid0 16640 0 - Live 0xffffffff88074000 multipath 18176 0 - Live 0xffffffff8806e000 linear 14592 0 - Live 0xffffffff88069000 md_mod 95644 8 raid10,raid456,raid1,raid0,multipath,linear, Live 0xffffffff88050000 thermal 26912 0 - Live 0xffffffff88048000 processor 50120 3 powernow_k8,thermal, Live 0xffffffff8803a000 fan 13960 0 - Live 0xffffffff88035000 fbcon 53504 0 - Live 0xffffffff88026000 tileblit 11264 1 fbcon, Live 0xffffffff88022000 font 17280 1 fbcon, Live 0xffffffff8801c000 bitblit 14592 1 fbcon, Live 0xffffffff88017000 softcursor 10880 1 bitblit, Live 0xffffffff88013000 fuse 63280 1 - Live 0xffffffff88002000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 4025432 kB MemFree: 2016348 kB Buffers: 241920 kB Cached: 753156 kB SwapCached: 0 kB Active: 1291188 kB Inactive: 411248 kB SwapTotal: 2104496 kB SwapFree: 2104496 kB Dirty: 164 kB Writeback: 0 kB AnonPages: 707376 kB Mapped: 37140 kB Slab: 258920 kB SReclaimable: 230796 kB SUnreclaim: 28124 kB PageTables: 16452 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 4117212 kB Committed_AS: 1725940 kB VmallocTotal: 34359738367 kB VmallocUsed: 18068 kB VmallocChunk: 34359720203 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.24-21-server/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + cat /etc/syslog.conf # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/opt/psa/var/log/maillog user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # Some `catch-all' logfiles. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole + _________________________ etc/resolv.conf + cat /etc/resolv.conf search stratoserver.net nameserver 81.169.163.106 nameserver 85.214.7.22 nameserver 81.169.148.34 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 4 drwxr-xr-x 5 root root 4096 Jul 25 22:45 2.6.24-21-server + _________________________ fipscheck + cat /proc/sys/crypto/fips_enabled cat: /proc/sys/crypto/fips_enabled: No such file or directory + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms ffffffff803ef7d0 T netif_rx ffffffff803efa90 T netif_rx_ni ffffffff8056a740 r __ksymtab_netif_rx ffffffff8056a930 r __ksymtab_netif_rx_ni ffffffff80573458 r __kcrctab_netif_rx ffffffff80573550 r __kcrctab_netif_rx_ni ffffffff80584721 r __kstrtab_netif_rx ffffffff80584a0a r __kstrtab_netif_rx_ni ffffffff803ef7d0 u netif_rx [ppp_generic] ffffffff803ef7d0 u netif_rx [appletalk] ffffffff803efa90 u netif_rx_ni [tun] ffffffff803ef7d0 u netif_rx [ipv6] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.24-21-server: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '3396,$p' /var/log/syslog + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Nov 21 09:37:14 myserver ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.24-21-server... Nov 21 09:37:14 myserver ipsec_setup: Using NETKEY(XFRM) stack Nov 21 09:37:15 myserver ipsec_setup: multiple ip addresses, using 123.456.789.123 on eth0 Nov 21 09:37:15 myserver pluto: adjusting ipsec.d to /etc/ipsec.d Nov 21 09:37:15 myserver ipsec_setup: ...Openswan IPsec started Nov 21 09:37:15 myserver ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Nov 21 09:37:16 myserver ipsec__plutorun: 002 added connection description "L2TP-PSK-NAT" Nov 21 09:37:16 myserver ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T Nov 21 09:37:16 myserver ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19) Nov 21 09:37:16 myserver ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T + _________________________ plog + sed -n '8246,$p' /var/log/auth.log + egrep -i pluto + case "$1" in + cat Nov 21 09:37:15 myserver ipsec__plutorun: Starting Pluto subsystem... Nov 21 09:37:15 myserver pluto[22080]: Starting Pluto (Openswan Version 2.6.23; Vendor ID OEm@kgSFEH@\177) pid:22080 Nov 21 09:37:15 myserver pluto[22080]: Setting NAT-Traversal port-4500 floating to on Nov 21 09:37:15 myserver pluto[22080]: port floating activation criteria nat_t=1/port_float=1 Nov 21 09:37:15 myserver pluto[22080]: including NAT-Traversal patch (Version 0.6c) Nov 21 09:37:15 myserver pluto[22080]: using /dev/urandom as source of random entropy Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Nov 21 09:37:15 myserver pluto[22080]: no helpers will be started, all cryptographic operations will be done inline Nov 21 09:37:15 myserver pluto[22080]: Using Linux 2.6 IPsec interface code on 2.6.24-21-server (experimental code) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : Ok (ret=0) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_add(): ERROR: Algorithm already exists Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_add(): ERROR: Algorithm already exists Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_add(): ERROR: Algorithm already exists Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_add(): ERROR: Algorithm already exists Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Nov 21 09:37:16 myserver pluto[22080]: ike_alg_add(): ERROR: Algorithm already exists Nov 21 09:37:16 myserver pluto[22080]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Nov 21 09:37:16 myserver pluto[22080]: Changed path to directory '/etc/ipsec.d/cacerts' Nov 21 09:37:16 myserver pluto[22080]: Changed path to directory '/etc/ipsec.d/aacerts' Nov 21 09:37:16 myserver pluto[22080]: Changed path to directory '/etc/ipsec.d/ocspcerts' Nov 21 09:37:16 myserver pluto[22080]: Changing to directory '/etc/ipsec.d/crls' Nov 21 09:37:16 myserver pluto[22080]: Warning: empty directory Nov 21 09:37:16 myserver pluto[22080]: added connection description "L2TP-PSK-NAT" Nov 21 09:37:16 myserver pluto[22080]: listening for IKE messages Nov 21 09:37:16 myserver pluto[22080]: NAT-Traversal: Trying new style NAT-T Nov 21 09:37:16 myserver pluto[22080]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19) Nov 21 09:37:16 myserver pluto[22080]: NAT-Traversal: Trying old style NAT-T Nov 21 09:37:16 myserver pluto[22080]: adding interface tap0/tap0 10.8.0.1:500 Nov 21 09:37:16 myserver pluto[22080]: adding interface tap0/tap0 10.8.0.1:4500 Nov 21 09:37:16 myserver pluto[22080]: adding interface eth0/eth0 123.456.789.123:500 Nov 21 09:37:16 myserver pluto[22080]: adding interface eth0/eth0 123.456.789.123:4500 Nov 21 09:37:16 myserver pluto[22080]: adding interface lo/lo 127.0.0.1:500 Nov 21 09:37:16 myserver pluto[22080]: adding interface lo/lo 127.0.0.1:4500 Nov 21 09:37:16 myserver pluto[22080]: adding interface lo/lo ::1:500 Nov 21 09:37:16 myserver pluto[22080]: loading secrets from "/etc/ipsec.secrets" Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [RFC 3947] method set to=109 Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b] Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 Nov 21 09:37:20 myserver pluto[22080]: packet from 92.50.99.45:500: received Vendor ID payload [Dead Peer Detection] Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: responding to Main Mode from unknown peer 92.50.99.45 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: STATE_MAIN_R2: sent MR2, expecting MI3 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.10' Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[1] 92.50.99.45 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT" Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: deleting connection "L2TP-PSK-NAT" instance with peer 92.50.99.45 {isakmp=#0/ipsec=#0} Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: new NAT mapping for #1, was 92.50.99.45:500, now 92.50.99.45:39153 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024} Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000 Nov 21 09:37:20 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: received and ignored informational message Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: the peer proposed: 123.456.789.123/32:17/1701 -> 192.168.0.10/32:17/0 Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: responding to Quick Mode proposal {msgid:48947f86} Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: us: 123.456.789.123[+S=C]:17/1701 Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: them: 92.50.99.45[192.168.0.10,+S=C]:17/52856===? Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Nov 21 09:37:21 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0262e2eb <0x877293ef xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=92.50.99.45:39153 DPD=none} Nov 21 09:37:41 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: received Delete SA(0x0262e2eb) payload: deleting IPSEC State #2 Nov 21 09:37:41 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: received and ignored informational message Nov 21 09:37:41 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45 #1: received Delete SA payload: deleting ISAKMP State #1 Nov 21 09:37:41 myserver pluto[22080]: "L2TP-PSK-NAT"[2] 92.50.99.45: deleting connection "L2TP-PSK-NAT" instance with peer 92.50.99.45 {isakmp=#0/ipsec=#0} Nov 21 09:37:41 myserver pluto[22080]: packet from 92.50.99.45:39153: received and ignored informational message + _________________________ date + date Sat Nov 21 10:35:42 CET 2009