<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br><div><br><div>Begin forwarded message:</div><br class="Apple-interchange-newline"><div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="color: rgb(127, 127, 127); "><b>From: </b></span>"<a href="mailto:serzer@gmail.com">serzer@gmail.com</a>" <<a href="mailto:serzer@gmail.com">serzer@gmail.com</a>></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>SA Established, no ping</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">3 May, 2013 8:59:36 PM EDT<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br></span></div><br><br><div dir="ltr">Hello, I am trying to establish connection between my mikrotik router and CentOS 6.4 server<br clear="all"><div><br></div><div style="">Looks like ipsec tunnel is establishing, but i am not able to ping my router:</div>
<div style=""><br></div><div style=""><div>[root@ks3307690 ~]# ping 192.168.0.1</div><div>PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.</div><div>^C</div><div>--- 192.168.0.1 ping statistics ---</div><div>3 packets transmitted, 0 received, 100% packet loss, time 2285ms</div>
<div><br></div><div style=""><div>[root@ks3307690 ~]# traceroute 192.168.0.1</div><div>traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets</div><div> 1 178.32.223.253 (178.32.223.253) 0.842 ms^C</div><div>
<br></div><div style="">here is the barf log:</div><div style=""><div>[root@ks3307690 ~]# ipsec barf</div><div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div><div>Sat May 4 02:55:49 CEST 2013</div><div>+ _________________________ version</div>
<div>+ ipsec --version</div><div>Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div><div>See `ipsec --copyright' for copyright information.</div><div>+ _________________________ /proc/version</div><div>+ cat /proc/version</div>
<div>Linux version 2.6.32-358.6.1.el6.x86_64 (<a href="mailto:mockbuild@c6b9.bsys.dev.centos.org">mockbuild@c6b9.bsys.dev.centos.org</a>) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23 19:29:00 UTC 2013</div>
<div>+ _________________________ /proc/net/ipsec_eroute</div><div>+ test -r /proc/net/ipsec_eroute</div><div>+ _________________________ netstat-rn</div><div>+ netstat -nr</div><div>+ head -n 100</div><div>Kernel IP routing table</div>
<div>Destination Gateway Genmask Flags MSS Window irtt Iface</div><div>178.32.223.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</div><div>0.0.0.0 178.32.223.254 0.0.0.0 UG 0 0 0 eth0</div>
<div>+ _________________________ /proc/net/ipsec_spi</div><div>+ test -r /proc/net/ipsec_spi</div><div>+ _________________________ /proc/net/ipsec_spigrp</div><div>+ test -r /proc/net/ipsec_spigrp</div><div>+ _________________________ /proc/net/ipsec_tncfg</div>
<div>+ test -r /proc/net/ipsec_tncfg</div><div>+ _________________________ /proc/net/pfkey</div><div>+ test -r /proc/net/pfkey</div><div>+ cat /proc/net/pfkey</div><div>sk RefCnt Rmem Wmem User Inode</div><div>
+ _________________________ ip-xfrm-state</div><div>+ ip xfrm state</div><div>src 82.198.121.45 dst 179.34.222.31</div><div> proto esp spi 0x743427d2 reqid 16389 mode tunnel</div><div> replay-window 32 flag 20</div>
<div> auth hmac(sha1) 0x0ec98333b7b35011dd556775706927fb24bc91b4</div><div> enc cbc(des3_ede) 0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15</div><div>src 179.34.222.31 dst 82.198.121.45</div><div> proto esp spi 0x01eea26a reqid 16389 mode tunnel</div>
<div> replay-window 32 flag 20</div><div> auth hmac(sha1) 0x2564bcea5b8774578011ab4ab09bd9323f436f16</div><div> enc cbc(des3_ede) 0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447</div><div>+ _________________________ ip-xfrm-policy</div>
<div>+ ip xfrm policy</div><div>src <a href="http://192.168.1.0/24">192.168.1.0/24</a> dst <a href="http://192.168.0.0/24">192.168.0.0/24</a></div><div> dir out priority 2344 ptype main</div><div> tmpl src 179.34.222.31 dst 82.198.121.45</div>
<div> proto esp reqid 16389 mode tunnel</div><div>src <a href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a href="http://192.168.1.0/24">192.168.1.0/24</a></div><div> dir fwd priority 2344 ptype main</div>
<div> tmpl src 82.198.121.45 dst 179.34.222.31</div><div> proto esp reqid 16389 mode tunnel</div><div>src <a href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a href="http://192.168.1.0/24">192.168.1.0/24</a></div>
<div> dir in priority 2344 ptype main</div><div> tmpl src 82.198.121.45 dst 179.34.222.31</div><div> proto esp reqid 16389 mode tunnel</div><div>src ::/0 dst ::/0</div><div> dir 4 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div><div> dir 3 priority 0 ptype main</div><div>src ::/0 dst ::/0</div><div> dir 4 priority 0 ptype main</div><div>src ::/0 dst ::/0</div><div> dir 3 priority 0 ptype main</div>
<div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> dir 4 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div> dir 3 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> dir 4 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div> dir 3 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> dir 4 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div> dir 3 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> dir 4 priority 0 ptype main</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div> dir 3 priority 0 ptype main</div><div>+ _________________________ /proc/crypto</div><div>+ test -r /proc/crypto</div><div>+ cat /proc/crypto</div><div>name : authenc(hmac(sha1),cbc(des3_ede))</div><div>
driver : authenc(hmac(sha1-generic),cbc(des3_ede-generic))</div><div>module : authenc</div><div>priority : 0</div><div>refcnt : 3</div><div>selftest : passed</div><div>type : aead</div><div>
async : no</div><div>blocksize : 8</div><div>ivsize : 8</div><div>maxauthsize : 20</div><div>geniv : <built-in></div><div><br></div><div>name : cbc(des3_ede)</div><div>driver : cbc(des3_ede-generic)</div>
<div>module : kernel</div><div>priority : 0</div><div>refcnt : 3</div><div>selftest : passed</div><div>type : givcipher</div><div>async : no</div><div>blocksize : 8</div><div>min keysize : 24</div>
<div>max keysize : 24</div><div>ivsize : 8</div><div>geniv : eseqiv</div><div><br></div><div>name : deflate</div><div>driver : deflate-generic</div><div>module : deflate</div><div>priority : 0</div>
<div>refcnt : 1</div><div>selftest : passed</div><div>type : compression</div><div><br></div><div>name : rfc3686(ctr(aes))</div><div>driver : rfc3686(ctr(aes-asm))</div><div>module : ctr</div>
<div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 1</div><div>min keysize : 20</div><div>max keysize : 36</div><div>ivsize : 8</div>
<div>geniv : seqiv</div><div><br></div><div>name : ctr(aes)</div><div>driver : ctr(aes-asm)</div><div>module : ctr</div><div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div>
<div>type : blkcipher</div><div>blocksize : 1</div><div>min keysize : 16</div><div>max keysize : 32</div><div>ivsize : 16</div><div>geniv : chainiv</div><div><br></div><div>name : cbc(twofish)</div>
<div>driver : cbc(twofish-asm)</div><div>module : cbc</div><div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 16</div>
<div>min keysize : 16</div><div>max keysize : 32</div><div>ivsize : 16</div><div>geniv : <default></div><div><br></div><div>name : cbc(camellia)</div><div>driver : cbc(camellia-generic)</div>
<div>module : cbc</div><div>priority : 100</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 16</div><div>min keysize : 16</div><div>max keysize : 32</div>
<div>ivsize : 16</div><div>geniv : <default></div><div><br></div><div>name : camellia</div><div>driver : camellia-generic</div><div>module : camellia</div><div>priority : 100</div>
<div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 16</div><div>min keysize : 16</div><div>max keysize : 32</div><div><br></div><div>name : cbc(serpent)</div>
<div>driver : cbc(serpent-generic)</div><div>module : cbc</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 16</div>
<div>min keysize : 0</div><div>max keysize : 32</div><div>ivsize : 16</div><div>geniv : <default></div><div><br></div><div>name : cbc(aes)</div><div>driver : cbc(aes-asm)</div><div>module : cbc</div>
<div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 16</div><div>min keysize : 16</div><div>max keysize : 32</div><div>ivsize : 16</div>
<div>geniv : <default></div><div><br></div><div>name : cbc(blowfish)</div><div>driver : cbc(blowfish-generic)</div><div>module : cbc</div><div>priority : 0</div><div>refcnt : 1</div>
<div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 8</div><div>min keysize : 4</div><div>max keysize : 56</div><div>ivsize : 8</div><div>geniv : <default></div><div>
<br></div><div>name : cbc(cast5)</div><div>driver : cbc(cast5-generic)</div><div>module : cbc</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div>
<div>blocksize : 8</div><div>min keysize : 5</div><div>max keysize : 16</div><div>ivsize : 8</div><div>geniv : <default></div><div><br></div><div>name : cast5</div><div>driver : cast5-generic</div>
<div>module : cast5</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 8</div><div>min keysize : 5</div><div>max keysize : 16</div>
<div><br></div><div>name : cbc(des3_ede)</div><div>driver : cbc(des3_ede-generic)</div><div>module : cbc</div><div>priority : 0</div><div>refcnt : 3</div><div>selftest : passed</div><div>
type : blkcipher</div><div>blocksize : 8</div><div>min keysize : 24</div><div>max keysize : 24</div><div>ivsize : 8</div><div>geniv : <default></div><div><br></div><div>name : cbc(des)</div>
<div>driver : cbc(des-generic)</div><div>module : cbc</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 8</div><div>
min keysize : 8</div><div>max keysize : 8</div><div>ivsize : 8</div><div>geniv : <default></div><div><br></div><div>name : xcbc(aes)</div><div>driver : xcbc(aes-asm)</div><div>module : xcbc</div>
<div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 16</div><div>digestsize : 16</div><div><br></div><div>name : hmac(rmd160)</div>
<div>driver : hmac(rmd160-generic)</div><div>module : kernel</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div>
<div>digestsize : 20</div><div><br></div><div>name : rmd160</div><div>driver : rmd160-generic</div><div>module : rmd160</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div>
<div>type : shash</div><div>blocksize : 64</div><div>digestsize : 20</div><div><br></div><div>name : hmac(sha512)</div><div>driver : hmac(sha512-generic)</div><div>module : kernel</div><div>
priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 128</div><div>digestsize : 64</div><div><br></div><div>name : hmac(sha384)</div>
<div>driver : hmac(sha384-generic)</div><div>module : kernel</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 128</div>
<div>digestsize : 48</div><div><br></div><div>name : hmac(sha256)</div><div>driver : hmac(sha256-generic)</div><div>module : kernel</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div>
<div>type : shash</div><div>blocksize : 64</div><div>digestsize : 32</div><div><br></div><div>name : hmac(sha1)</div><div>driver : hmac(sha1-generic)</div><div>module : kernel</div><div>priority : 0</div>
<div>refcnt : 5</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 20</div><div><br></div><div>name : hmac(md5)</div><div>driver : hmac(md5-generic)</div>
<div>module : kernel</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 16</div><div><br></div><div>
name : compress_null</div><div>driver : compress_null-generic</div><div>module : crypto_null</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : compression</div>
<div><br></div><div>name : digest_null</div><div>driver : digest_null-generic</div><div>module : crypto_null</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>
type : shash</div><div>blocksize : 1</div><div>digestsize : 0</div><div><br></div><div>name : ecb(cipher_null)</div><div>driver : ecb-cipher_null</div><div>module : crypto_null</div><div>priority : 100</div>
<div>refcnt : 1</div><div>selftest : passed</div><div>type : blkcipher</div><div>blocksize : 1</div><div>min keysize : 0</div><div>max keysize : 0</div><div>ivsize : 0</div><div>geniv : <default></div>
<div><br></div><div>name : cipher_null</div><div>driver : cipher_null-generic</div><div>module : crypto_null</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>
type : cipher</div><div>blocksize : 1</div><div>min keysize : 0</div><div>max keysize : 0</div><div><br></div><div>name : tnepres</div><div>driver : tnepres-generic</div><div>module : serpent</div>
<div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 16</div><div>min keysize : 0</div><div>max keysize : 32</div><div><br></div><div>
name : serpent</div><div>driver : serpent-generic</div><div>module : serpent</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>
blocksize : 16</div><div>min keysize : 0</div><div>max keysize : 32</div><div><br></div><div>name : blowfish</div><div>driver : blowfish-generic</div><div>module : blowfish</div><div>priority : 0</div>
<div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 8</div><div>min keysize : 4</div><div>max keysize : 56</div><div><br></div><div>name : twofish</div>
<div>driver : twofish-asm</div><div>module : twofish_x86_64</div><div>priority : 200</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 16</div>
<div>min keysize : 16</div><div>max keysize : 32</div><div><br></div><div>name : sha256</div><div>driver : sha256-generic</div><div>module : sha256_generic</div><div>priority : 0</div><div>refcnt : 1</div>
<div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 32</div><div><br></div><div>name : sha224</div><div>driver : sha224-generic</div><div>module : sha256_generic</div>
<div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 28</div><div><br></div><div>name : sha512</div><div>
driver : sha512-generic</div><div>module : sha512_generic</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 128</div>
<div>digestsize : 64</div><div><br></div><div>name : sha384</div><div>driver : sha384-generic</div><div>module : sha512_generic</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div>
<div>type : shash</div><div>blocksize : 128</div><div>digestsize : 48</div><div><br></div><div>name : des3_ede</div><div>driver : des3_ede-generic</div><div>module : des_generic</div><div>
priority : 0</div><div>refcnt : 3</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 8</div><div>min keysize : 24</div><div>max keysize : 24</div><div><br></div><div>name : des</div>
<div>driver : des-generic</div><div>module : des_generic</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 8</div><div>
min keysize : 8</div><div>max keysize : 8</div><div><br></div><div>name : aes</div><div>driver : aes-asm</div><div>module : aes_x86_64</div><div>priority : 200</div><div>refcnt : 1</div><div>
selftest : passed</div><div>type : cipher</div><div>blocksize : 16</div><div>min keysize : 16</div><div>max keysize : 32</div><div><br></div><div>name : aes</div><div>driver : aes-generic</div>
<div>module : aes_generic</div><div>priority : 100</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : cipher</div><div>blocksize : 16</div><div>min keysize : 16</div><div>max keysize : 32</div>
<div><br></div><div>name : stdrng</div><div>driver : krng</div><div>module : kernel</div><div>priority : 200</div><div>refcnt : 2</div><div>selftest : passed</div><div>type : rng</div>
<div>seedsize : 0</div><div><br></div><div>name : crc32c</div><div>driver : crc32c-generic</div><div>module : kernel</div><div>priority : 100</div><div>refcnt : 1</div><div>selftest : passed</div>
<div>type : shash</div><div>blocksize : 1</div><div>digestsize : 4</div><div><br></div><div>name : sha1</div><div>driver : sha1-generic</div><div>module : kernel</div><div>priority : 0</div>
<div>refcnt : 3</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 20</div><div><br></div><div>name : md5</div><div>driver : md5-generic</div>
<div>module : kernel</div><div>priority : 0</div><div>refcnt : 1</div><div>selftest : passed</div><div>type : shash</div><div>blocksize : 64</div><div>digestsize : 16</div><div><br></div><div>
+ __________________________/proc/sys/net/core/xfrm-star</div><div>/usr/libexec/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory</div><div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '</div><div>/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires</div><div>30</div><div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '</div><div>/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime</div><div>10</div><div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '</div><div>/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth</div><div>2</div><div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '</div><div>/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop</div><div>1</div><div>+ _________________________ /proc/sys/net/ipsec-star</div>
<div>+ test -d /proc/sys/net/ipsec</div><div>+ _________________________ ipsec/status</div><div>+ ipsec auto --status</div><div>000 using kernel interface: netkey</div><div>000 interface eth0/eth0 2001:41d0:8:e242::1</div>
<div>000 interface lo/lo ::1</div><div>000 interface lo/lo 127.0.0.1</div><div>000 interface lo/lo 127.0.0.1</div><div>000 interface eth0/eth0 179.34.222.31</div><div>000 interface eth0/eth0 179.34.222.31</div><div>000 %myid = (none)</div>
<div>000 debug none</div><div>000</div><div>000 virtual_private (%priv):</div><div>000 - allowed 0 subnets:</div><div>000 - disallowed 0 subnets:</div><div>000 WARNING: Either virtual_private= is not specified, or there is a syntax</div>
<div>000 error in that line. 'left/rightsubnet=vhost:%priv' will not work!</div><div>000 WARNING: Disallowed subnets in virtual_private= is empty. If you have</div><div>000 private address space in internal use, it should be excluded!</div>
<div>000</div><div>000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64</div><div>000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</div><div>000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128</div>
<div>000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448</div><div>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0</div><div>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256</div>
<div>000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256</div>
<div>000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256</div>
<div>000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</div>
<div>000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</div><div>000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128</div><div>000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</div>
<div>000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256</div><div>000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384</div>
<div>000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512</div><div>000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160</div><div>
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128</div><div>000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0</div><div>000</div><div>000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131</div>
<div>000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128</div><div>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192</div><div>000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128</div>
<div>000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128</div><div>000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128</div>
<div>000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16</div><div>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20</div><div>000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32</div><div>000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64</div>
<div>000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024</div><div>000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536</div><div>000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048</div>
<div>000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072</div><div>000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096</div><div>000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144</div>
<div>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192</div><div>000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024</div><div>000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048</div>
<div>000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048</div><div>000</div><div>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}</div><div>000</div><div>000 "mikrotik": <a href="http://192.168.1.0/24===179.34.222.31">192.168.1.0/24===179.34.222.31</a><179.34.222.31>[+S=C]...192.168.0.1---82.198.121.45<82.198.121.45>[+S=C]===<a href="http://192.168.0.0/24">192.168.0.0/24</a>; erouted; eroute owner: #7</div>
<div>000 "mikrotik": myip=unset; hisip=unset;</div><div>000 "mikrotik": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0</div><div>000 "mikrotik": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: eth0;</div>
<div>000 "mikrotik": newest ISAKMP SA: #6; newest IPsec SA: #7;</div><div>000 "mikrotik": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024</div><div>000</div><div>000 #7: "mikrotik":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin initiate</div>
<div>000 #7: "mikrotik" <a href="mailto:esp.1eea26a@82.198.121.45">esp.1eea26a@82.198.121.45</a> <a href="mailto:esp.743427d2@179.34.222.31">esp.743427d2@179.34.222.31</a> <a href="mailto:tun.0@82.198.121.45">tun.0@82.198.121.45</a> <a href="mailto:tun.0@179.34.222.31">tun.0@179.34.222.31</a> ref=0 refhim=4294901761</div>
<div>000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate</div><div>000</div><div>+ _________________________ ifconfig-a</div>
<div>+ ifconfig -a</div><div>eth0 Link encap:Ethernet HWaddr 4C:72:B9:D1:C4:25</div><div> inet addr:179.34.222.31 Bcast:178.32.223.255 Mask:255.255.255.0</div><div> inet6 addr: 2001:41d0:8:e242::1/64 Scope:Global</div>
<div> inet6 addr: fe80::4e72:b9ff:fed1:c425/64 Scope:Link</div><div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div><div> RX packets:17969 errors:0 dropped:0 overruns:0 frame:0</div><div>
TX packets:48900 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:1000</div><div> RX bytes:1532137 (1.4 MiB) TX bytes:14568681 (13.8 MiB)</div><div> Interrupt:20 Memory:fe500000-fe520000</div>
<div><br></div><div>lo Link encap:Local Loopback</div><div> inet addr:127.0.0.1 Mask:255.0.0.0</div><div> inet6 addr: ::1/128 Scope:Host</div><div> UP LOOPBACK RUNNING MTU:16436 Metric:1</div>
<div> RX packets:248 errors:0 dropped:0 overruns:0 frame:0</div><div> TX packets:248 errors:0 dropped:0 overruns:0 carrier:0</div><div> collisions:0 txqueuelen:0</div><div> RX bytes:39867 (38.9 KiB) TX bytes:39867 (38.9 KiB)</div>
<div><br></div><div>+ _________________________ ip-addr-list</div><div>+ ip addr list</div><div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN</div><div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div>
<div> inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo</div><div> inet6 ::1/128 scope host</div><div> valid_lft forever preferred_lft forever</div><div>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000</div>
<div> link/ether 4c:72:b9:d1:c4:25 brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://179.34.222.31/24">179.34.222.31/24</a> brd 178.32.223.255 scope global eth0</div><div> inet6 2001:41d0:8:e242::1/64 scope global</div>
<div> valid_lft forever preferred_lft forever</div><div> inet6 fe80::4e72:b9ff:fed1:c425/64 scope link</div><div> valid_lft forever preferred_lft forever</div><div>+ _________________________ ip-route-list</div>
<div>+ ip route list</div><div><a href="http://178.32.223.0/24">178.32.223.0/24</a> dev eth0 proto kernel scope link src 179.34.222.31</div><div>default via 178.32.223.254 dev eth0</div><div>+ _________________________ ip-rule-list</div>
<div>+ ip rule list</div><div>0: from all lookup local</div><div>32766: from all lookup main</div><div>32767: from all lookup default</div><div>+ _________________________ ipsec_verify</div><div>+ ipsec verify --nocolour</div>
<div>Checking your system to see if IPsec got installed and started correctly:</div><div>Version check and ipsec on-path [OK]</div><div>Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div>
<div>Checking for IPsec support in kernel [OK]</div><div> SAref kernel support [N/A]</div><div> NETKEY: Testing for disabled ICMP send_redirects [OK]</div>
<div>NETKEY detected, testing for disabled ICMP accept_redirects [OK]</div><div>Testing against enforced SElinux mode [OK]</div><div>Checking that pluto is running [OK]</div>
<div> Pluto listening for IKE on udp 500 [OK]</div><div> Pluto listening for NAT-T on udp 4500 [OK]</div><div>Checking for 'ip' command [OK]</div>
<div>Checking /bin/sh is not /bin/dash [OK]</div><div>Checking for 'iptables' command [OK]</div><div>Opportunistic Encryption Support [DISABLED]</div>
<div>+ _________________________ mii-tool</div><div>+ '[' -x /sbin/mii-tool ']'</div><div>+ /sbin/mii-tool -v</div><div>No interface specified</div><div>usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...</div>
<div> -V, --version display version information</div><div> -v, --verbose more verbose output</div><div> -R, --reset reset MII to poweron state</div><div> -r, --restart restart autonegotiation</div>
<div> -w, --watch monitor for link status changes</div><div> -l, --log with -w, write events to syslog</div><div> -A, --advertise=media,... advertise only specified media</div>
<div> -F, --force=media force specified media technology</div><div>media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,</div><div> (to advertise both HD and FD) 100baseTx, 10baseT</div>
<div>+ _________________________ ipsec/directory</div><div>+ ipsec --directory</div><div>/usr/libexec/ipsec</div><div>+ _________________________ hostname/fqdn</div><div>+ hostname --fqdn</div><div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div>
<div>+ _________________________ hostname/ipaddress</div><div>+ hostname --ip-address</div><div>179.34.222.31</div><div>+ _________________________ uptime</div><div>+ uptime</div><div> 02:55:49 up 1:09, 2 users, load average: 0.06, 0.03, 0.00</div>
<div>+ _________________________ ps</div><div>+ ps alxwf</div><div>+ egrep -i 'ppid|pluto|ipsec|klips'</div><div>F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND</div><div>4 0 7913 1701 20 0 106064 1480 wait S+ pts/0 0:00 | \_ /bin/sh /usr/libexec/ipsec/barf</div>
<div>0 0 7978 7913 20 0 4148 672 pipe_w S+ pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips</div><div>1 0 4897 1 20 0 9192 524 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid</div>
<div>1 0 4899 4897 20 0 9192 692 wait S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid</div>
<div>4 0 4903 4899 20 0 313724 7860 poll_s Sl pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private oe=off</div>
<div>0 0 4934 4903 20 0 6080 404 poll_s S pts/0 0:00 | \_ _pluto_adns</div><div>0 0 4900 4897 20 0 9192 1316 pipe_w S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post</div>
<div>0 0 4898 1 20 0 4056 664 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun</div><div>+ _________________________ ipsec/showdefaults</div><div>+ ipsec showdefaults</div><div>routephys=eth0</div>
<div>routevirt=none</div><div>routeaddr=179.34.222.31</div><div>routenexthop=178.32.223.254</div><div>+ _________________________ ipsec/conf</div><div>+ ipsec _include /etc/ipsec.conf</div><div>+ ipsec _keycensor</div><div>
<br></div><div>#< /etc/ipsec.conf 1</div><div># /etc/ipsec.conf - Openswan IPsec configuration file</div><div>#</div><div># Manual: ipsec.conf.5</div><div>#</div><div># Please place your own config files in /etc/ipsec.d/ ending in .conf</div>
<div><br></div><div>version 2.0 # conforms to second version of ipsec.conf specification</div><div><br></div><div># basic configuration</div><div>config setup</div><div> # Debug-logging controls: "none" for (almost) none, "all" for lots.</div>
<div> # klipsdebug=none</div><div> # plutodebug="control parsing"</div><div> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey</div><div> #protostack=klips</div><div>
interfaces=%defaultroute</div><div> protostack=netkey</div><div><br></div><div> nat_traversal=yes</div><div> virtual_private=</div><div> oe=off</div><div> # Enable this if you see "failed to find any available worker"</div>
<div> # nhelpers=0</div><div><br></div><div>conn mikrotik</div><div> left=179.34.222.31</div><div> leftsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a></div><div> #leftnexthop=%defaultroute</div>
<div><br></div><div> right=82.198.121.45</div><div> rightsubnet=<a href="http://192.168.0.0/24">192.168.0.0/24</a></div><div> rightnexthop=192.168.0.1</div><div><br></div><div> type=tunnel</div>
<div> authby=secret</div><div> auto=start</div><div>#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.</div><div>#include /etc/ipsec.d/*.conf</div><div>+ _________________________ ipsec/secrets</div>
<div>+ ipsec _include /etc/ipsec.secrets</div><div>+ ipsec _secretcensor</div><div><br></div><div>#< /etc/ipsec.secrets 1</div><div>#:cannot open configuration file \'/etc/ipsec.d/*.secrets\'</div><div><br></div>
<div>#> /etc/ipsec.secrets 2</div><div>179.34.222.31 <a href="http://82.198.121.45/">82.198.121.45</a>: PSK "[sums to 354c...]"</div><div>+ _________________________ ipsec/listall</div><div>+ ipsec auto --listall</div>
<div>000</div><div>000 List of Public Keys:</div><div>000</div><div>000 List of Pre-shared secrets (from /etc/ipsec.secrets)</div><div>000 2: PSK 82.198.121.45 179.34.222.31</div><div>+ '[' /etc/ipsec.d/policies ']'</div>
<div>+ for policy in '$POLICIES/*'</div><div>++ basename /etc/ipsec.d/policies/block</div><div>+ base=block</div><div>+ _________________________ ipsec/policies/block</div><div>+ cat /etc/ipsec.d/policies/block</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div><div># communication should never be allowed.</div><div>#</div><div># See /usr/share/doc/openswan/policygroups.html for details.</div><div>#</div>
<div># $Id: <a href="http://block.in/">block.in</a>,v 1.4 2003/02/17 02:22:15 mcr Exp $</div><div>#</div><div><br></div><div>+ for policy in '$POLICIES/*'</div><div>++ basename /etc/ipsec.d/policies/clear</div><div>
+ base=clear</div><div>+ _________________________ ipsec/policies/clear</div><div>+ cat /etc/ipsec.d/policies/clear</div><div># This file defines the set of CIDRs (network/mask-length) to which</div><div># communication should always be in the clear.</div>
<div>#</div><div># See /usr/share/doc/openswan/policygroups.html for details.</div><div>#</div><div><br></div><div># root name servers should be in the clear</div><div><a href="http://192.58.128.30/32">192.58.128.30/32</a></div>
<div><a href="http://198.41.0.4/32">198.41.0.4/32</a></div><div><a href="http://192.228.79.201/32">192.228.79.201/32</a></div><div><a href="http://192.33.4.12/32">192.33.4.12/32</a></div><div><a href="http://128.8.10.90/32">128.8.10.90/32</a></div>
<div><a href="http://192.203.230.10/32">192.203.230.10/32</a></div><div><a href="http://192.5.5.241/32">192.5.5.241/32</a></div><div><a href="http://192.112.36.4/32">192.112.36.4/32</a></div><div><a href="http://128.63.2.53/32">128.63.2.53/32</a></div>
<div><a href="http://192.36.148.17/32">192.36.148.17/32</a></div><div><a href="http://193.0.14.129/32">193.0.14.129/32</a></div><div><a href="http://199.7.83.42/32">199.7.83.42/32</a></div><div><a href="http://202.12.27.33/32">202.12.27.33/32</a></div>
<div>+ for policy in '$POLICIES/*'</div><div>++ basename /etc/ipsec.d/policies/clear-or-private</div><div>+ base=clear-or-private</div><div>+ _________________________ ipsec/policies/clear-or-private</div><div>+ cat /etc/ipsec.d/policies/clear-or-private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div><div># we will communicate in the clear, or, if the other side initiates IPSEC,</div><div># using encryption. This behaviour is also called "Opportunistic Responder".</div>
<div>#</div><div># See /usr/share/doc/openswan/policygroups.html for details.</div><div>#</div><div># $Id: <a href="http://clear-or-private.in/">clear-or-private.in</a>,v 1.4 2003/02/17 02:22:15 mcr Exp $</div><div>#</div>
<div>+ for policy in '$POLICIES/*'</div><div>++ basename /etc/ipsec.d/policies/private</div><div>+ base=private</div><div>+ _________________________ ipsec/policies/private</div><div>+ cat /etc/ipsec.d/policies/private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div><div># communication should always be private (i.e. encrypted).</div><div># See /usr/share/doc/openswan/policygroups.html for details.</div><div>
#</div><div># $Id: <a href="http://private.in/">private.in</a>,v 1.4 2003/02/17 02:22:15 mcr Exp $</div><div>#</div><div>+ for policy in '$POLICIES/*'</div><div>++ basename /etc/ipsec.d/policies/private-or-clear</div>
<div>+ base=private-or-clear</div><div>+ _________________________ ipsec/policies/private-or-clear</div><div>+ cat /etc/ipsec.d/policies/private-or-clear</div><div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should be private, if possible, but in the clear otherwise.</div><div>#</div><div># If the target has a TXT (later IPSECKEY) record that specifies</div><div># authentication material, we will require private (i.e. encrypted)</div>
<div># communications. If no such record is found, communications will be</div><div># in the clear.</div><div>#</div><div># See /usr/share/doc/openswan/policygroups.html for details.</div><div>#</div><div># $Id: <a href="http://private-or-clear.in/">private-or-clear.in</a>,v 1.5 2003/02/17 02:22:15 mcr Exp $</div>
<div>#</div><div><br></div><div><a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div>+ _________________________ ipsec/ls-libdir</div><div>+ ls -l /usr/libexec/ipsec</div><div>total 2676</div><div>-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright</div>
<div>-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include</div><div>-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor</div><div>-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns</div><div>-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload</div>
<div>-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun</div><div>-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup</div><div>-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor</div><div>-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips</div>
<div>-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey</div><div>-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown</div><div>-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips</div><div>-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast</div>
<div>-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey</div><div>-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn</div><div>-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto</div><div>-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf</div>
<div>-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute</div><div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping</div><div>-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug</div><div>-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look</div>
<div>-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey</div><div>-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key</div><div>-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto</div><div>-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy</div>
<div>-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits</div><div>-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey</div><div>-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets</div><div>lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec</div>
<div>-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults</div><div>-rwxr-xr-x. 1 root root 267584 Sep 24 2012 showhostkey</div><div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy</div><div>-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi</div>
<div>-rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp</div><div>-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg</div><div>-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify</div><div>-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack</div>
<div>+ _________________________ ipsec/ls-execdir</div><div>+ ls -l /usr/libexec/ipsec</div><div>total 2676</div><div>-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright</div><div>-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include</div>
<div>-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor</div><div>-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns</div><div>-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload</div><div>-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun</div>
<div>-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup</div><div>-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor</div><div>-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips</div><div>-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey</div>
<div>-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown</div><div>-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips</div><div>-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast</div><div>-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey</div>
<div>-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn</div><div>-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto</div><div>-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf</div><div>-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute</div>
<div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping</div><div>-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug</div><div>-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look</div><div>-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey</div>
<div>-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key</div><div>-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto</div><div>-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy</div><div>-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits</div>
<div>-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey</div><div>-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets</div><div>lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec</div>
<div>-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults</div><div>-rwxr-xr-x. 1 root root 267584 Sep 24 2012 showhostkey</div><div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy</div><div>-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi</div>
<div>-rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp</div><div>-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg</div><div>-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify</div><div>-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack</div>
<div>+ _________________________ /proc/net/dev</div><div>+ cat /proc/net/dev</div><div>Inter-| Receive | Transmit</div><div> face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed</div>
<div> lo: 40474 252 0 0 0 0 0 0 40474 252 0 0 0 0 0 0</div><div> eth0: 1532197 17970 0 0 0 0 0 41 14568681 48900 0 0 0 0 0 0</div>
<div>+ _________________________ /proc/net/route</div><div>+ cat /proc/net/route</div><div>Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT </div>
<div>eth0 00DF20B2 00000000 0001 0 0 0 00FFFFFF 0 0 0 </div><div>eth0 00000000 FEDF20B2 0003 0 0 0 00000000 0 0 0 </div>
<div>+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc</div><div>+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc</div><div>0</div><div>+ _________________________ /proc/sys/net/ipv4/ip_forward</div><div>+ cat /proc/sys/net/ipv4/ip_forward</div>
<div>1</div><div>+ _________________________ /proc/sys/net/ipv4/tcp_ecn</div><div>+ cat /proc/sys/net/ipv4/tcp_ecn</div><div>2</div><div>+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter</div><div>+ cd /proc/sys/net/ipv4/conf</div>
<div>+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter</div><div>all/rp_filter:0</div><div>default/rp_filter:0</div><div>eth0/rp_filter:0</div><div>lo/rp_filter:0</div><div>+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects</div>
<div>+ cd /proc/sys/net/ipv4/conf</div><div>+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects</div>
<div>all/accept_redirects:0</div><div>all/secure_redirects:1</div><div>all/send_redirects:0</div><div>default/accept_redirects:0</div><div>default/secure_redirects:1</div><div>default/send_redirects:0</div><div>eth0/accept_redirects:0</div>
<div>eth0/secure_redirects:1</div><div>eth0/send_redirects:0</div><div>lo/accept_redirects:0</div><div>lo/secure_redirects:1</div><div>lo/send_redirects:0</div><div>+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling</div>
<div>+ cat /proc/sys/net/ipv4/tcp_window_scaling</div><div>1</div><div>+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale</div><div>+ cat /proc/sys/net/ipv4/tcp_adv_win_scale</div><div>2</div><div>+ _________________________ uname-a</div>
<div>+ uname -a</div><div>Linux <a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a> 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</div><div>+ _________________________ config-built-with</div>
<div>+ test -r /proc/config_built_with</div><div>+ _________________________ distro-release</div><div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div>
<div>+ test -f /etc/redhat-release</div><div>+ cat /etc/redhat-release</div><div>CentOS release 6.4 (Final)</div><div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div>
<div>+ test -f /etc/debian-release</div><div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div><div>+ test -f /etc/SuSE-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div><div>+ test -f /etc/mandrake-release</div><div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div>
<div>+ test -f /etc/mandriva-release</div><div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div><div>+ test -f /etc/gentoo-release</div>
<div>+ _________________________ /proc/net/ipsec_version</div><div>+ test -r /proc/net/ipsec_version</div><div>+ test -r /proc/net/pfkey</div><div>++ uname -r</div><div>+ echo 'NETKEY (2.6.32-358.6.1.el6.x86_64) support detected '</div>
<div>NETKEY (2.6.32-358.6.1.el6.x86_64) support detected</div><div>+ _________________________ iptables</div><div>+ test -r /sbin/iptables-save</div><div>+ iptables-save</div><div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*mangle</div><div>:PREROUTING ACCEPT [4726:242681]</div><div>:INPUT ACCEPT [4725:242553]</div><div>:FORWARD ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [12292:3653325]</div><div>:POSTROUTING ACCEPT [12292:3653325]</div><div>
COMMIT</div><div># Completed on Sat May 4 02:55:49 2013</div><div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div><div>*nat</div><div>:PREROUTING ACCEPT [22:2083]</div><div>:POSTROUTING ACCEPT [14:1473]</div>
<div>:OUTPUT ACCEPT [221:34157]</div><div>-A POSTROUTING -o eth0 -j MASQUERADE</div><div>COMMIT</div><div># Completed on Sat May 4 02:55:49 2013</div><div>+ _________________________ iptables-nat</div><div>+ iptables-save -t nat</div>
<div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div><div>*nat</div><div>:PREROUTING ACCEPT [22:2083]</div><div>:POSTROUTING ACCEPT [14:1473]</div><div>:OUTPUT ACCEPT [221:34157]</div><div>-A POSTROUTING -o eth0 -j MASQUERADE</div>
<div>COMMIT</div><div># Completed on Sat May 4 02:55:49 2013</div><div>+ _________________________ iptables-mangle</div><div>+ iptables-save -t mangle</div><div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*mangle</div><div>:PREROUTING ACCEPT [4726:242681]</div><div>:INPUT ACCEPT [4725:242553]</div><div>:FORWARD ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [12292:3653325]</div><div>:POSTROUTING ACCEPT [12292:3653325]</div><div>
COMMIT</div><div># Completed on Sat May 4 02:55:49 2013</div><div>+ _________________________ /proc/modules</div><div>+ test -f /proc/modules</div><div>+ cat /proc/modules</div><div>ipt_MASQUERADE 2466 1 - Live 0xffffffffa0331000</div>
<div>iptable_mangle 3349 0 - Live 0xffffffffa0326000</div><div>iptable_nat 6158 1 - Live 0xffffffffa03df000</div><div>nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000</div><div>nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000</div>
<div>nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000</div><div>ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000</div><div>bluetooth 99239 0 - Live 0xffffffffa03a0000</div><div>rfkill 19255 1 bluetooth, Live 0xffffffffa0396000</div>
<div>ah6 5191 0 - Live 0xffffffffa030a000</div><div>ah4 4320 0 - Live 0xffffffffa0305000</div><div>esp6 4979 0 - Live 0xffffffffa0300000</div><div>esp4 5358 2 - Live 0xffffffffa02f0000</div><div>xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000</div>
<div>xfrm4_tunnel 1981 0 - Live 0xffffffffa02dc000</div><div>xfrm4_mode_tunnel 2002 4 - Live 0xffffffffa02d6000</div><div>xfrm4_mode_transport 1449 0 - Live 0xffffffffa02d0000</div><div>xfrm6_mode_transport 1545 0 - Live 0xffffffffa02ca000</div>
<div>xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000</div><div>xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000</div><div>xfrm6_mode_tunnel 1906 2 - Live 0xffffffffa02ad000</div><div>ipcomp 2073 0 - Live 0xffffffffa02a3000</div>
<div>ipcomp6 2138 0 - Live 0xffffffffa015a000</div><div>xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000</div><div>af_key 29685 0 - Live 0xffffffffa026c000</div><div>authenc 6651 2 - Live 0xffffffffa0374000</div><div>
deflate 2107 0 - Live 0xffffffffa0370000</div><div>zlib_deflate 21629 1 deflate, Live 0xffffffffa0367000</div><div>ctr 4063 0 - Live 0xffffffffa0363000</div><div>camellia 18334 0 - Live 0xffffffffa035b000</div><div>cast5 15242 0 - Live 0xffffffffa0354000</div>
<div>rmd160 8154 0 - Live 0xffffffffa034f000</div><div>crypto_null 2952 0 - Live 0xffffffffa034b000</div><div>ccm 8247 0 - Live 0xffffffffa0345000</div><div>serpent 18455 0 - Live 0xffffffffa033d000</div><div>blowfish 7884 0 - Live 0xffffffffa0338000</div>
<div>twofish_x86_64 5297 0 - Live 0xffffffffa0333000</div><div>twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa032c000</div><div>ecb 2209 0 - Live 0xffffffffa0328000</div><div>xcbc 2849 0 - Live 0xffffffffa0324000</div>
<div>cbc 3083 2 - Live 0xffffffffa0320000</div><div>sha256_generic 10361 0 - Live 0xffffffffa031a000</div><div>sha512_generic 4974 0 - Live 0xffffffffa0315000</div><div>des_generic 16604 2 - Live 0xffffffffa030d000</div><div>
cryptd 8006 0 - Live 0xffffffffa02fa000</div><div>aes_x86_64 7961 0 - Live 0xffffffffa02f5000</div><div>aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02e2000</div><div>tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa02c2000</div>
<div>xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live 0xffffffffa0275000</div><div>tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0042000</div><div>ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000</div><div>nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000</div>
<div>nf_defrag_ipv6 11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000</div><div>xt_state 1492 2 - Live 0xffffffffa015e000</div><div>nf_conntrack 79645 6 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live 0xffffffffa0288000</div>
<div>ip6table_filter 2889 1 - Live 0xffffffffa0055000</div><div>ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa027f000</div><div>ipv6 321454 40 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, Live 0xffffffffa021c000</div>
<div>sg 29350 0 - Live 0xffffffffa0151000</div><div>serio_raw 4594 0 - Live 0xffffffffa0032000</div><div>i2c_i801 11167 0 - Live 0xffffffffa0019000</div><div>xhci_hcd 142149 0 - Live 0xffffffffa01ef000</div><div>iTCO_wdt 14990 0 - Live 0xffffffffa00bb000</div>
<div>iTCO_vendor_support 3088 1 iTCO_wdt, Live 0xffffffffa0037000</div><div>ext3 232456 2 - Live 0xffffffffa01b5000</div><div>jbd 79071 1 ext3, Live 0xffffffffa01a0000</div><div>mbcache 8193 1 ext3, Live 0xffffffffa004d000</div>
<div>raid1 31657 2 - Live 0xffffffffa00a4000</div><div>sd_mod 38976 8 - Live 0xffffffffa0099000</div><div>crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000</div><div>ahci 41127 6 - Live 0xffffffffa0145000</div><div>e1000e 253849 0 - Live 0xffffffffa0161000</div>
<div>wmi 6287 0 - Live 0xffffffffa0016000</div><div>i915 537570 1 - Live 0xffffffffa00c0000</div><div>drm_kms_helper 40087 1 i915, Live 0xffffffffa00b0000</div><div>drm 265638 2 i915,drm_kms_helper, Live 0xffffffffa0057000</div>
<div>i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000</div><div>i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live 0xffffffffa0044000</div><div>video 20674 1 i915, Live 0xffffffffa0039000</div><div>output 2409 1 video, Live 0xffffffffa0035000</div>
<div>dm_mirror 14133 0 - Live 0xffffffffa002d000</div><div>dm_region_hash 12085 1 dm_mirror, Live 0xffffffffa0026000</div><div>dm_log 9930 2 dm_mirror,dm_region_hash, Live 0xffffffffa001f000</div><div>dm_mod 82839 2 dm_mirror,dm_log, Live 0xffffffffa0000000</div>
<div>+ _________________________ /proc/meminfo</div><div>+ cat /proc/meminfo</div><div>MemTotal: 8089016 kB</div><div>MemFree: 7839892 kB</div><div>Buffers: 8560 kB</div><div>Cached: 61384 kB</div>
<div>SwapCached: 0 kB</div><div>Active: 61012 kB</div><div>Inactive: 46064 kB</div><div>Active(anon): 37288 kB</div><div>Inactive(anon): 3540 kB</div><div>Active(file): 23724 kB</div>
<div>Inactive(file): 42524 kB</div><div>Unevictable: 0 kB</div><div>Mlocked: 0 kB</div><div>SwapTotal: 8386544 kB</div><div>SwapFree: 8386544 kB</div><div>Dirty: 4 kB</div>
<div>Writeback: 0 kB</div><div>AnonPages: 37224 kB</div><div>Mapped: 10824 kB</div><div>Shmem: 3688 kB</div><div>Slab: 64536 kB</div><div>SReclaimable: 11388 kB</div>
<div>SUnreclaim: 53148 kB</div><div>KernelStack: 1104 kB</div><div>PageTables: 2464 kB</div><div>NFS_Unstable: 0 kB</div><div>Bounce: 0 kB</div><div>WritebackTmp: 0 kB</div>
<div>CommitLimit: 12431052 kB</div><div>Committed_AS: 191160 kB</div><div>VmallocTotal: 34359738367 kB</div><div>VmallocUsed: 366072 kB</div><div>VmallocChunk: 34359366644 kB</div><div>HardwareCorrupted: 0 kB</div>
<div>AnonHugePages: 16384 kB</div><div>HugePages_Total: 0</div><div>HugePages_Free: 0</div><div>HugePages_Rsvd: 0</div><div>HugePages_Surp: 0</div><div>Hugepagesize: 2048 kB</div><div>
DirectMap4k: 8192 kB</div><div>DirectMap2M: 8288256 kB</div><div>+ _________________________ /proc/net/ipsec-ls</div><div>+ test -f /proc/net/ipsec_version</div><div>+ _________________________ usr/src/linux/.config</div>
<div>+ test -f /proc/config.gz</div><div>++ uname -r</div><div>+ test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config</div><div>+ echo 'no .config file found, cannot list kernel properties'</div><div>no .config file found, cannot list kernel properties</div>
<div>+ _________________________ etc/syslog.conf</div><div>+ _________________________ etc/syslog-ng/syslog-ng.conf</div><div>+ cat /etc/syslog-ng/syslog-ng.conf</div><div>cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory</div>
<div>+ cat /etc/syslog.conf</div><div>cat: /etc/syslog.conf: No such file or directory</div><div>+ _________________________ etc/resolv.conf</div><div>+ cat /etc/resolv.conf</div><div>nameserver 127.0.0.1</div><div>nameserver 213.186.33.99</div>
<div>search <a href="http://ovh.net/">ovh.net</a></div><div>+ _________________________ lib/modules-ls</div><div>+ ls -ltr /lib/modules</div><div>total 8</div><div>drwxr-xr-x. 7 root root 4096 May 4 01:05 2.6.32-358.6.1.el6.x86_64</div>
<div>+ _________________________ fipscheck</div><div>+ cat /proc/sys/crypto/fips_enabled</div><div>0</div><div>+ _________________________ /proc/ksyms-netif_rx</div><div>+ test -r /proc/ksyms</div><div>+ test -r /proc/kallsyms</div>
<div>+ egrep netif_rx /proc/kallsyms</div><div>ffffffff8144d2b0 T netif_rx</div><div>ffffffff8144d520 T netif_rx_ni</div><div>ffffffff814611e0 t ftrace_raw_output_netif_rx</div><div>ffffffff81461750 t ftrace_profile_disable_netif_rx</div>
<div>ffffffff81461770 t ftrace_raw_unreg_event_netif_rx</div><div>ffffffff81461e10 t ftrace_profile_enable_netif_rx</div><div>ffffffff81461e30 t ftrace_raw_reg_event_netif_rx</div><div>ffffffff81462700 t ftrace_raw_init_event_netif_rx</div>
<div>ffffffff81462e20 t ftrace_profile_netif_rx</div><div>ffffffff81463760 t ftrace_raw_event_netif_rx</div><div>ffffffff818162d2 r __tpstrtab_netif_rx</div><div>ffffffff81829720 r __ksymtab_netif_rx_ni</div><div>ffffffff81829730 r __ksymtab_netif_rx</div>
<div>ffffffff818395e8 r __kcrctab_netif_rx_ni</div><div>ffffffff818395f0 r __kcrctab_netif_rx</div><div>ffffffff81853fb4 r __kstrtab_netif_rx_ni</div><div>ffffffff81853fc0 r __kstrtab_netif_rx</div><div>ffffffff81b186a0 d ftrace_event_type_netif_rx</div>
<div>ffffffff81bcddc0 D __tracepoint_netif_rx</div><div>ffffffff81bf8250 d event_netif_rx</div><div>+ _________________________ lib/modules-netif_rx</div><div>+ modulegoo kernel/net/ipv4/ipip.o netif_rx</div><div>+ set +x</div>
<div>2.6.32-358.6.1.el6.x86_64:</div><div>+ _________________________ kern.debug</div><div>+ test -f /var/log/kern.debug</div><div>+ _________________________ klog</div><div>+ sed -n '1542,$p' /var/log/messages</div>
<div>+ egrep -i 'ipsec|klips|pluto'</div><div>+ case "$1" in</div><div>+ cat</div><div>May 4 02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-358.6.1.el6.x86_64...</div><div>May 4 02:09:47 ks3307690 ipsec_setup: Using NETKEY(XFRM) stack</div>
<div>May 4 02:09:47 ks3307690 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div><div>May 4 02:09:47 ks3307690 ipsec_setup: ...Openswan IPsec started</div><div>May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div>
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</div><div>May 4 02:09:47 ks3307690 pluto: adjusting ipsec.d to /etc/ipsec.d</div><div>May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div>
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div><div>May 4 02:09:47 ks3307690 ipsec__plutorun: 002 added connection description "mikrotik"</div>
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched "/etc/ipsec.d/*.secrets"</div><div>May 4 02:09:47 ks3307690 ipsec__plutorun: 104 "mikrotik" #1: STATE_MAIN_I1: initiate</div>
<div>+ _________________________ plog</div><div>+ sed -n '889,$p' /var/log/secure</div><div>+ egrep -i pluto</div><div>+ case "$1" in</div><div>+ cat</div><div>May 4 02:09:47 ks3307690 ipsec__plutorun: Starting Pluto subsystem...</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: nss directory plutomain: /etc/ipsec.d</div><div>May 4 02:09:47 ks3307690 pluto[4903]: NSS Initialized</div><div>May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:4903</div><div>May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: LEAK_DETECTIVE support [disabled]</div><div>May 4 02:09:47 ks3307690 pluto[4903]: OCF support for IKE [disabled]</div><div>May 4 02:09:47 ks3307690 pluto[4903]: SAref support [disabled]: Protocol not available</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: SAbind support [disabled]: Protocol not available</div><div>May 4 02:09:47 ks3307690 pluto[4903]: NSS support [enabled]</div><div>May 4 02:09:47 ks3307690 pluto[4903]: HAVE_STATSD notification support not compiled in</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: Setting NAT-Traversal port-4500 floating to on</div><div>May 4 02:09:47 ks3307690 pluto[4903]: port floating activation criteria nat_t=1/port_float=1</div><div>May 4 02:09:47 ks3307690 pluto[4903]: NAT-Traversal support [enabled]</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: 1 bad entries in virtual_private - none loaded</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: starting up 3 cryptographic helpers</div><div>May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013406775040 (fd:10)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013396285184 (fd:12)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013316601600 (fd:14)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: Using Linux 2.6 IPsec interface code on 2.6.32-358.6.1.el6.x86_64 (experimental code)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div><div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)</div><div>May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/cacerts': /</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/aacerts': /</div><div>May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/ocspcerts': /</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/crls'</div><div>May 4 02:09:47 ks3307690 pluto[4903]: | selinux support is enabled.</div><div>May 4 02:09:47 ks3307690 pluto[4903]: added connection description "mikrotik"</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: listening for IKE messages</div><div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 <a href="http://179.34.222.31:500/">179.34.222.31:500</a></div><div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 <a href="http://179.34.222.31:4500/">179.34.222.31:4500</a></div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo <a href="http://127.0.0.1:500/">127.0.0.1:500</a></div><div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo <a href="http://127.0.0.1:4500/">127.0.0.1:4500</a></div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo ::1:500</div><div>May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 2001:41d0:8:e242::1:500</div><div>May 4 02:09:47 ks3307690 pluto[4903]: loading secrets from "/etc/ipsec.secrets"</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: no secrets filename matched "/etc/ipsec.d/*.secrets"</div><div>May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: initiating Main Mode</div><div>May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer Detection]</div>
<div>May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2, expecting MR2</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: next payload type of ISAKMP Hash Payload has an unknown value: 184</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: | payload malformed after IV</div><div>May 4 02:09:48 ks3307690 pluto[4903]: | d5 e9 80 46 c0 88 41 e9</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending notification PAYLOAD_MALFORMED to <a href="http://82.198.121.45:500/">82.198.121.45:500</a></div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash Payload must be zero, but is not</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:121009cf proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div>
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2</div><div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x08ab66a0 <0xc0d22436 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div>
<div>May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:8eb8d24a proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div>
<div>May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2</div><div>May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x03d0e567 <0x8b2ece14 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div>
<div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik": terminating SAs using this connection</div><div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #3: deleting state (STATE_QUICK_I2)</div><div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #2: deleting state (STATE_QUICK_I2)</div>
<div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #1: deleting state (STATE_MAIN_I4)</div><div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: initiating Main Mode</div><div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: received Vendor ID payload [Dead Peer Detection]</div>
<div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I2: sent MI2, expecting MR2</div>
<div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I3: sent MI3, expecting MR3</div>
<div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'</div><div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div>
<div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}</div><div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 msgid:3eac258b proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div>
<div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2</div><div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x06fb8921 <0x112666f8 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div>
<div>May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik": deleting connection</div><div>May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #5: deleting state (STATE_QUICK_I2)</div><div>May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #4: deleting state (STATE_MAIN_I4)</div>
<div>May 4 02:50:11 ks3307690 pluto[4903]: added connection description "mikrotik"</div><div>May 4 02:50:19 ks3307690 pluto[4903]: "mikrotik" #6: initiating Main Mode</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: received Vendor ID payload [Dead Peer Detection]</div>
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I2: sent MI2, expecting MR2</div>
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I3: sent MI3, expecting MR3</div>
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div>
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#6 msgid:aae4f37f proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div>
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2</div><div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x01eea26a <0x743427d2 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}</div>
<div>+ _________________________ date</div><div>+ date</div><div>Sat May 4 02:55:49 CEST 2013</div><div><br></div><div><br></div><div style="">Is it possible to solve this problem?</div><div style="">Thanks in advance.</div></div>
</div></div></div>
<br><br></div></div><br></body></html>