i recently came across this and i'm certainly not a developer, but was still concerned with this info.<br><br><a href="http://marc.info/?l=openbsd-tech&m=129236621626462&w=2">http://marc.info/?l=openbsd-tech&m=129236621626462&w=2</a><br>
<br>does anybody know if this effects openswan or strongswan? ill cc this on the IRC channel for IRC users convience.<br><br>-dave<br><br><br><br><div class="gmail_quote">On Wed, Dec 15, 2010 at 7:30 PM, <span dir="ltr"><<a href="mailto:users-request@openswan.org">users-request@openswan.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Users mailing list submissions to<br>
<a href="mailto:users@openswan.org">users@openswan.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:users-request@openswan.org">users-request@openswan.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:users-owner@openswan.org">users-owner@openswan.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: openswan + certificates + xl2tpd + no suitable connection<br>
error (Paul Wouters)<br>
2. Re: OpenSwan on ubuntu (Michael H. Warfield)<br>
3. Please help to resolve the issue with xl2tpd (Rustam)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 15 Dec 2010 14:56:25 -0500 (EST)<br>
From: Paul Wouters <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>><br>
Subject: Re: [Openswan Users] openswan + certificates + xl2tpd + no<br>
suitable connection error<br>
To: Adam Sienkiewicz <<a href="mailto:adamsienkiewicz78@gmail.com">adamsienkiewicz78@gmail.com</a>><br>
Cc: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Message-ID: <<a href="mailto:alpine.LFD.1.10.1012151453020.28717@newtla.xelerance.com">alpine.LFD.1.10.1012151453020.28717@newtla.xelerance.com</a>><br>
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed<br>
<br>
On Wed, 15 Dec 2010, Adam Sienkiewicz wrote:<br>
<br>
> Subject: Re: [Openswan Users] openswan + certificates + xl2tpd + no suitable<br>
> connection error<br>
<br>
> 000 Dec 08 18:59:19 2010, 1024 RSA Key AwEAAc+Lo (no private key), until Nov 22 07:59:02 2020 ok<br>
> 000??????? ID_DER_ASN1_DN 'C=PL, ST=cos, O=name1, OU=it, CN=vpntest, E=<a href="mailto:myname@wp.pl">myname@wp.pl</a>'<br>
> 000??????? Issuer 'C=PL, ST=cos, L=Cieszyn, O=name1, OU=it, CN=myCA, E=<a href="mailto:myname@wp.pl">myname@wp.pl</a>'<br>
<br>
Have you tried matching up the RDN's better? I see L= is used in the CAcert, but not in<br>
the host cert.<br>
<br>
It seems you're going wrong in the matching of the cert.<br>
<br>
Paul<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 15 Dec 2010 17:53:11 -0500<br>
From: "Michael H. Warfield" <mhw@WittsEnd.com><br>
Subject: Re: [Openswan Users] OpenSwan on ubuntu<br>
To: Hammad <<a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a>><br>
Cc: mhw@WittsEnd.com, "<a href="mailto:users@openswan.org">users@openswan.org</a>" <<a href="mailto:users@openswan.org">users@openswan.org</a>><br>
Message-ID: <<a href="mailto:1292453591.5194.343.camel@canyon.wittsend.com">1292453591.5194.343.camel@canyon.wittsend.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
On Sun, 2010-12-05 at 13:46 +0500, Hammad wrote:<br>
> Hi All,<br>
><br>
> Just for the sake of completion of this thread. IPSec is not supported<br>
> by<br>
> VPS vendors who are based on openVZ as explained below.<br>
> I shifted my server to Amazon EC2 and their custom packages solved all<br>
> problems in first go..<br>
<br>
Just for completeness too and for the record, while I know this does not<br>
help out the OP with that original hosting outfit who is probably stuck<br>
on RHEL5 w/ a 2.6.18 kernel and OpenVZ, it does now appear that Pavel<br>
has enabled IPSec in an OpenVZ container under 2.6.32. I see a check-in<br>
to that effect, 7 days ago, but it has not reached a release, and no<br>
sign of it ever appearing in a 2.6.18 kernel, the branch of which is<br>
labeled "frozen".<br>
<br>
<a href="http://git.openvz.org/?p=linux-2.6.32-openvz;a=summary" target="_blank">http://git.openvz.org/?p=linux-2.6.32-openvz;a=summary</a><br>
<br>
So there's hope there for the future.<br>
<br>
Regards,<br>
Mike<br>
<br>
> [root@xxxxx~]# ipsec verify<br>
> Checking your system to see if IPsec got installed and started<br>
> correctly:<br>
> Version check and ipsec on-path [OK]<br>
> Linux Openswan U2.6.27/K2.6.34.7-56.40.amzn1.i686 (netkey)<br>
> Checking for IPsec support in kernel [OK]<br>
> NETKEY detected, testing for disabled ICMP send_redirects [OK]<br>
> NETKEY detected, testing for disabled ICMP accept_redirects [OK]<br>
> Checking that pluto is running [OK]<br>
> Pluto listening for IKE on udp 500 [OK]<br>
> Pluto listening for NAT-T on udp 4500 [OK]<br>
> Checking for 'ip' command [OK]<br>
> Checking for 'iptables' command [OK]<br>
> Opportunistic Encryption Support<br>
> [DISABLED]<br>
><br>
> Thank you all for your help and fruitful discussion.<br>
><br>
> Regards,<br>
><br>
><br>
> On Sat, Dec 4, 2010 at 9:07 PM, Michael H. Warfield<br>
> <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>>wrote:<br>
><br>
> > On Sat, 2010-12-04 at 20:09 +0500, Hammad wrote:<br>
> > > Hi Laurent,<br>
> > > You are right, packages come from my hosting company...<br>
> > > Does it make a difference?<br>
> ><br>
> > So this VPS is a virtual machine hosted by them, correct? In that<br>
> case,<br>
> > you are probably screwed. Contact them about VPN service. You<br>
> probably<br>
> > can not do kernel level IPSec, not with an OpenVZ VM at least. To<br>
> the<br>
> > best of my knowledge, OpenVZ / Virtuoso does not support IPsec in a<br>
> > container and everything I'm reading on the net even up to last July<br>
> > backs that up. I though I saw Kir post something to the OpenVZ list<br>
> > more recently but I haven't been able to find it.<br>
> ><br>
> > There's a little more about this in Wikipedia:<br>
> ><br>
> > <a href="http://en.wikipedia.org/wiki/OpenVZ" target="_blank">http://en.wikipedia.org/wiki/OpenVZ</a><br>
> ><br>
> > Look under "Limitations".<br>
> ><br>
> > A little more discussion is present in this thread from the OpenVZ<br>
> > mailing list...<br>
> ><br>
> > <a href="http://www.mail-archive.com/users@openvz.org/msg03250.html" target="_blank">http://www.mail-archive.com/users@openvz.org/msg03250.html</a><br>
> ><br>
> > I believe that OpenVPN would work for you, however, as that's a user<br>
> > space routed VPN solution that doesn't require any kernel modules.<br>
> If<br>
> > you are trying to connect to an established IPsec gateway, you may<br>
> want<br>
> > to look into VPNC, which is IPSec purely in user space but it's<br>
> designed<br>
> > to interface to Cisco ASAs and similar XAUTH / Aggressive mode<br>
> devices.<br>
> ><br>
> > This article certainly indicates you could use OpenVPN or VPNC:<br>
> ><br>
> > <a href="http://wiki.openvz.org/VPN_via_the_TUN/TAP_device" target="_blank">http://wiki.openvz.org/VPN_via_the_TUN/TAP_device</a><br>
> ><br>
> > Both of them operation based on the TUN / TAP interfaces. But you<br>
> may<br>
> > still need support from the hosting provider to get access to the<br>
> > tun/tap modules.<br>
> ><br>
> > > Regards,<br>
> > > Hammad<br>
> ><br>
> > Regards,<br>
> > Mike<br>
> ><br>
> > > On 12/4/10, Laurent Caron <<a href="mailto:lcaron@unix-scripts.info">lcaron@unix-scripts.info</a>> wrote:<br>
> > > > Hi<br>
> > > ><br>
> > > > Are u Sure The kernel package comes from redhat and not your<br>
> virtual<br>
> > server<br>
> > > > hosting company?<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > Le 4 d?c. 2010 ? 14:30, Hammad <<a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a>> a ?crit :<br>
> > > ><br>
> > > >> Hi,<br>
> > > >><br>
> > > >> Now thats a bit disturbing... I have now CentOS but still the<br>
> same<br>
> > > >> /lib/modules/.... is missing. Its a fresh installation<br>
> > > >><br>
> > > >> Mike: How did you cater this situation? Any ideas?<br>
> > > >><br>
> > > >> [root@vps ~]# service ipsec start<br>
> > > >> ipsec_setup: FATAL: Could not load<br>
> > > >> /lib/modules/2.6.18-028stab068.9/modules.dep: No such file or<br>
> > directory<br>
> > > >> ipsec_setup: Starting Openswan IPsec 2.6.21...<br>
> > > >> ipsec_setup: multiple ip addresses, using 127.0.0.1 on venet0<br>
> > > >><br>
> > > >> [root@vps ~]# uname -a<br>
> > > >> Linux <a href="http://vps.flexilogix.com" target="_blank">vps.flexilogix.com</a> 2.6.18-028stab068.9 #1 SMP Tue Mar 30<br>
> > 17:22:31<br>
> > > >> MSD 2010 i686 athlon i386 GNU/Linux<br>
> > > >><br>
> > > >><br>
> > > >> [root@vps ~]# ipsec verify<br>
> > > >> Checking your system to see if IPsec got installed and started<br>
> > correctly:<br>
> > > >> Version check and ipsec on-path<br>
> [OK]<br>
> > > >> Linux Openswan U2.6.21/K(no kernel code presently loaded)<br>
> > > >> Checking for IPsec support in kernel<br>
> > [FAILED]<br>
> > > >> Checking for RSA private key (/etc/ipsec.secrets)<br>
> [OK]<br>
> > > >> Checking that pluto is running<br>
> > [FAILED]<br>
> > > >> whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")<br>
> > > >> Checking for 'ip' command<br>
> [OK]<br>
> > > >> Checking for 'iptables' command<br>
> [OK]<br>
> > > >><br>
> > > >> Opportunistic Encryption DNS checks:<br>
> > > >> Looking for TXT in forward dns zone: <a href="http://vps.flexilogix.com" target="_blank">vps.flexilogix.com</a><br>
> > [MISSING]<br>
> > > >> Does the machine have at least one non-private address?<br>
> [OK]<br>
> > > >> Looking for TXT in reverse dns zone:<br>
> 20.69.65.216.in-addr.arpa.<br>
> > > >> [MISSING]<br>
> > > >><br>
> > > >> Regards,<br>
> > > >> Hammad<br>
> > > >><br>
> > > >> On Sat, Dec 4, 2010 at 9:51 AM, Hammad <<a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a>><br>
> wrote:<br>
> > > >> Hi Paul,<br>
> > > >> No its not a custom compiled (by me) in fact I bought VPS and<br>
> this is<br>
> > the<br>
> > > >> ubuntu version I got (jaunty 9.0.4).<br>
> > > >><br>
> > > >> Hi Mike,<br>
> > > >><br>
> > > >><br>
> > > >> > WARNING: Couldn't open directory /lib/modules/2.6.18-<br>
> > > >> 028stab068.9: No<br>
> > > >> > such file or directory<br>
> > > >><br>
> > > >> I overcame this problem. I 'd 2.6.18-028stab059.6<br>
> directory in<br>
> > place<br>
> > > >> but not the one mentioned in error; I created a soft-link with<br>
> same<br>
> > name<br>
> > > >> pointing to actual dir and installation succeeded well ;)<br>
> > > >><br>
> > > >><br>
> > > >> So our problem is again back to original, ipsec is not<br>
> supported by<br>
> > > >> kernel...<br>
> > > >><br>
> > > >><br>
> > > >> > Are you currently actively running and OpenVZ kernel on that<br>
> > machine?<br>
> > > >><br>
> > > >> I suppose yes this VPS is using OpenVZ.<br>
> > > >><br>
> > > >><br>
> > > >> > What version are you at? From there site, it looks like<br>
> > 028stab070.14<br>
> > > >> > is the latest in the RHEL/CentOS stable 2.6.18 line.<br>
> > > >><br>
> > > >> # uname -a<br>
> > > >> Linux <a href="http://vps.flexilogix.com" target="_blank">vps.flexilogix.com</a> 2.6.18-028stab068.9 #1 SMP Tue Mar 30<br>
> > 17:22:31<br>
> > > >> MSD 2010 i686 GNU/Linux<br>
> > > >><br>
> > > >> > You must have built that Openswan 2.6.31 package yourself,<br>
> the<br>
> > latest<br>
> > > >> > RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile<br>
> it or<br>
> > > >> > actually build your own rpms?<br>
> > > >><br>
> > > >> Yes, I actually compiled openswan 2,6,31 from sources<br>
> > > >><br>
> > > >> I've come to know from Ubuntu Support groups that there is no<br>
> ipsec<br>
> > > >> package for ubuntu jaunty 9.0.4 and its no more updated since<br>
> Oct 23<br>
> > 2010.<br>
> > > >> So I suppose its the time to switch back to CentOS that is my<br>
> actual<br>
> > > >> playground...<br>
> > > >><br>
> > > >> Thanks for your help all.<br>
> > > >> Hammad ( aka Hammond :) )<br>
> > > >><br>
> > > >><br>
> > > >> On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield<br>
> <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a><br>
> > ><br>
> > > >> wrote:<br>
> > > >> Paul (and Hammond),<br>
> > > >><br>
> > > >> On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:<br>
> > > >> > On Fri, 3 Dec 2010, Hammad wrote:<br>
> > > >> ><br>
> > > >> > > Here is the output of commands...<br>
> > > >> > > root@vps:/usr/local# modprobe ipsec<br>
> > > >> > > WARNING: Deprecated config file /etc/modprobe.conf, all<br>
> config<br>
> > files<br>
> > > >> > > belong into /etc/modprobe.d/.<br>
> > > >> > > FATAL: Module ipsec not found.<br>
> > > >> > ><br>
> > > >> > > root@vps:/usr/local# modprobe af_key<br>
> > > >> > > WARNING: Deprecated config file /etc/modprobe.conf, all<br>
> config<br>
> > files<br>
> > > >> > > belong into /etc/modprobe.d/.<br>
> > > >> > > FATAL: Module af_key not found.<br>
> > > >> > ><br>
> > > >> > > root@vps:/usr/local# ipsec --version<br>
> > > >> > > Linux Openswan U2.6.31/K(no kernel code presently loaded)<br>
> > > >> > > See `ipsec --copyright' for copyright information.<br>
> > > >><br>
> > > >> > Your kernel has no IPsec support. Perhaps you are missing the<br>
> right<br>
> > > >> > modules directory, or support<br>
> > > >> > was not compiled on that kernel. Seems like this is a<br>
> > non-distribution,<br>
> > > >> > custom built kernel?<br>
> > > >><br>
> > > >> It doesn't show up in this last message but in an earlier post<br>
> I saw<br>
> > > >> this...<br>
> > > >><br>
> > > >> > WARNING: Couldn't open<br>
> directory /lib/modules/2.6.18-028stab068.9:<br>
> > No<br>
> > > >> > such file or directory<br>
> > > >><br>
> > > >> That tells me two things.<br>
> > > >><br>
> > > >> 1) He's running an OpenVZ kernel. That's one of their revision<br>
> > strings<br>
> > > >> and that's one of their releases for the RHEL distro. Not too<br>
> > terribly<br>
> > > >> old but back several clicks.<br>
> > > >><br>
> > > >> 2) He was, at that time, running on a kernel which had been<br>
> updated<br>
> > > >> (possibly by a mainline distro kernel or possibly by a newer<br>
> OpenVZ<br>
> > > >> kernel) and the running kernel had been uninstalled by yum so<br>
> the<br>
> > > >> modules directory no longer existed.<br>
> > > >><br>
> > > >> Now... That being said... Prior to swapping all of my OpenVZ<br>
> VM's (><br>
> > 3<br>
> > > >> dozen) over to LXC to get back on a more current kernel with<br>
> in-tree<br>
> > > >> container virtualization, I was an extensive user of OpenVZ.<br>
> Those<br>
> > > >> kernels certainly do have IPsec compiled in as modules. I've<br>
> used it.<br>
> > > >><br>
> > > >> Hammond,<br>
> > > >><br>
> > > >> Are you currently actively running and OpenVZ kernel on that<br>
> machine?<br>
> > > >><br>
> > > >> What version are you at? From there site, it looks like<br>
> 028stab070.14<br>
> > > >> is the latest in the RHEL/CentOS stable 2.6.18 line.<br>
> > > >><br>
> > > >> What are you running (uname -a) and what do you have installed?<br>
> > > >><br>
> > > >> Did you install it from their site with yum or downloaded it or<br>
> build<br>
> > a<br>
> > > >> custom build (which I often had done with newer releases)?<br>
> (One flaw<br>
> > > >> with their yum repo is that it doesn't properly setup the<br>
> install only<br>
> > > >> and a couple of other conditions to prevent removing the<br>
> running<br>
> > > >> kernel).<br>
> > > >><br>
> > > >> You must have built that Openswan 2.6.31 package yourself, the<br>
> latest<br>
> > > >> RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it<br>
> or<br>
> > > >> actually build your own rpms?<br>
> > > >><br>
> > > >> What's in your grub.conf file and are you running on the latest<br>
> kernel<br>
> > > >> which was installed?<br>
> > > >><br>
> > > >> > Paul<br>
> > > >><br>
> > > >> Regards,<br>
> > > >> Mike<br>
> > > >> --<br>
> > > >> Michael H. Warfield (AI4NB) | (770) 985-6132 |<br>
> mhw@WittsEnd.com<br>
> > > >> /\/\|=mhw=|\/\/ | (678) 463-0932 |<br>
> > > >> <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
> > > >> NIC whois: MHW9 | An optimist believes we live in<br>
> the best<br>
> > of<br>
> > > >> all<br>
> > > >> PGP Key: 0x674627FF | possible worlds. A pessimist is<br>
> sure of<br>
> > it!<br>
> > > >><br>
> > > >><br>
> > > >> _______________________________________________<br>
> > > >> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
> > > >> <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
> > > >> Micropayments:<br>
> > <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> > > >> Building and Integrating Virtual Private Networks with<br>
> Openswan:<br>
> > > >><br>
> ><br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
> > > ><br>
> > ><br>
> ><br>
> > --<br>
> > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br>
> > /\/\|=mhw=|\/\/ | (678) 463-0932 |<br>
> > <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
> > NIC whois: MHW9 | An optimist believes we live in the<br>
> best of<br>
> > all<br>
> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure<br>
> of it!<br>
> ><br>
><br>
><br>
--<br>
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br>
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
NIC whois: MHW9 | An optimist believes we live in the best of all<br>
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: not available<br>
Type: application/pgp-signature<br>
Size: 482 bytes<br>
Desc: This is a digitally signed message part<br>
Url : <a href="http://lists.openswan.org/pipermail/users/attachments/20101215/4550dd4f/attachment-0001.bin" target="_blank">http://lists.openswan.org/pipermail/users/attachments/20101215/4550dd4f/attachment-0001.bin</a><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Wed, 15 Dec 2010 08:14:39 +0500<br>
From: Rustam <<a href="mailto:rfhamzin@gmail.com">rfhamzin@gmail.com</a>><br>
Subject: [Openswan Users] Please help to resolve the issue with xl2tpd<br>
To: <a href="mailto:users@openswan.org">users@openswan.org</a><br>
Message-ID: <<a href="mailto:87326139.20101215081439@gmail.com">87326139.20101215081439@gmail.com</a>><br>
Content-Type: text/plain; charset="windows-1251"<br>
<br>
<br>
<br>
Installed and configured the xl2tpd on Slackware 13.1.<br>
Everything works fine, but confused by the fact that this development<br>
not registering Call-Station (called party server l2tp) and CLID (caller) with client authentication L2TP.<br>
<br>
What should I do??How do I fix this??Please help!<br>
I attach a screenshot with the syslog<br>
<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: Snap_2010.12.png<br>
Type: image/png<br>
Size: 181739 bytes<br>
Desc: not available<br>
Url : <a href="http://lists.openswan.org/pipermail/users/attachments/20101215/7e64adac/attachment.png" target="_blank">http://lists.openswan.org/pipermail/users/attachments/20101215/7e64adac/attachment.png</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: Snap_2010.121.jpg<br>
Type: image/jpeg<br>
Size: 103904 bytes<br>
Desc: not available<br>
Url : <a href="http://lists.openswan.org/pipermail/users/attachments/20101215/7e64adac/attachment.jpg" target="_blank">http://lists.openswan.org/pipermail/users/attachments/20101215/7e64adac/attachment.jpg</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
<br>
<br>
End of Users Digest, Vol 85, Issue 31<br>
*************************************<br>
</blockquote></div><br>