[Openswan dev] Error building klips-ipv6 (missing include?)
Harald Jenny
harald at a-little-linux-box.at
Mon Oct 11 15:51:26 EDT 2010
On Mon, Oct 11, 2010 at 08:05:00PM +0200, Ruben Laban wrote:
> Merging the 2 branches of this thread again:
>
> On Monday 11 October 2010 at 18:28 (CET), Paul Wouters wrote:
> > On Mon, 11 Oct 2010, Ruben Laban wrote:
> > > I also noticed the mtu is quite huge. I wonder if that could interfere
> > > with pmtud somehow?
> >
> > MTU's are huge so that fragmentation never happens on the virtual devices,
> > only on the real physical devices.
>
> Ah, sounds reasonable ;-)
>
> On Monday 11 October 2010 at 18:32 (CET), Paul Wouters wrote:
> > On Mon, 11 Oct 2010, Harald Jenny wrote:
> > >> [ip route commands] before pluto starts listening on the IPv6 address.
> > >
> > > Maybe this is related to:
> > >
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573955
> > >
> > > Did already discuss this problem with Paul...
> >
> > If that is the cause, "ipsec whack --listen" should fix that without
> > setting any routes.
>
> 'ipsec whack --listen' didn't result in the IPv6 address showing up on ipsec0.
> However, 'ipsec setup --restart' did result in the IPv6 address showing up on
> ipsec0. So it might the same issue (or at least similar) issue after all.
The issue from Debian is NETKEY based - when the system is booted it seems the
problem is gone...
>
> On Monday 11 October 2010 at 18:28 (CET), Paul Wouters wrote:
> > > More important (to me at least) is that I still need to do:
> > >
> > > # ip addr add 2a02:bd0:abcd:3::20/64 dev ipsec0
> > > # ipsec whack --listen
> > >
> > > before pluto starts listening on the IPv6 address.
> >
> > Is 2a02:bd0:abcd:3::20/64 an address that's configured as a real IP address
> > on a real physical interface?
>
> It is.
>
> > If so, it should always show up in the listen list. Can you give me a
> > plutodebug=all of "ipsec setup start"?
>
> I attached 3 files:
>
> ipsec-start.log : booting and auto-starting openswan with plutodebug=all
> ipsec-restart.log : executing 'ipsec setup restart' with plutodebug=all
> logs.diff : unified diff of the 2 previous files
>
> Regards,
> Ruben Laban
> Oct 11 19:45:21 vn-t-fw03 ipsec__plutorun: Starting Pluto subsystem...
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Starting Pluto (Openswan Version 2.6.30dr3-5020-g6ba3582; Vendor ID OEC|tUyTnRLR) pid:1024
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: LEAK_DETECTIVE support [enabled]
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: SAref support [disabled]: Protocol not available
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: SAbind support [disabled]: Protocol not available
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: NSS support [disabled]
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: HAVE_STATSD notification support not compiled in
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Setting NAT-Traversal port-4500 floating to off
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: port floating activation criteria nat_t=0/port_float=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: NAT-Traversal support [disabled]
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | opening /dev/urandom
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: using /dev/urandom as source of random entropy
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | event added at head of queue
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | event added at head of queue
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | event added after event EVENT_PENDING_DDNS
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: starting up 1 cryptographic helpers
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: started helper pid=1028 (fd:7)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Using KLIPS IPsec interface code on 2.6.32-24-generic-pae
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | process 1024 listening for PF_KEY_V2 on file descriptor 8
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | 02 07 00 02 02 00 00 00 01 00 00 00 00 04 00 00
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | pfkey_get: K_SADB_REGISTER message 1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | AH registered with kernel.
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | 02 07 00 03 02 00 00 00 02 00 00 00 00 04 00 00
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | pfkey_get: K_SADB_REGISTER message 2
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | alg_init():memset(0x813c660, 0, 2016) memset(0x813ce40, 0, 2048)
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=9 sadb_supported_len=24
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=9 sadb_supported_len=32
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add():satype=3, exttype=15, alg_id=12
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=168, alg_maxbits=168, res=0, ret=0
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | ESP registered with kernel.
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | 02 07 00 0a 02 00 00 00 03 00 00 00 00 04 00 00
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | pfkey_get: K_SADB_REGISTER message 3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IPCOMP registered with kernel.
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | finish_pfkey_msg: K_SADB_REGISTER message 4 for IPIP
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | 02 07 00 09 02 00 00 00 04 00 00 00 00 04 00 00
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | pfkey_get: K_SADB_REGISTER message 4
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IPIP registered with kernel.
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | event added after event EVENT_PENDING_DDNS
> Oct 11 19:45:21 vn-t-fw03 pluto[1028]: | opening /dev/urandom
> Oct 11 19:45:21 vn-t-fw03 pluto[1028]: using /dev/urandom as source of random entropy
> Oct 11 19:45:21 vn-t-fw03 pluto[1028]: ! helper 0 waiting on fd: 8
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Changed path to directory '/etc/ipsec.d/cacerts'
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Changed path to directory '/etc/ipsec.d/aacerts'
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Changed path to directory '/etc/ipsec.d/ocspcerts'
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Changing to directory '/etc/ipsec.d/crls'
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: Warning: empty directory
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | inserting event EVENT_LOG_DAILY, timeout in 15279 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | event added after event EVENT_REINIT_SECRET
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: |
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | *received whack message
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | alg_info_parse_str() ealg_buf=3des aalg_buf=eklen=0 aklen=0
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | enum_search_prefix () calling enum_search(0x8111d60, "OAKLEY_3DES")
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | enum_search_ppfixi () calling enum_search(0x8111d60, "OAKLEY_3DES_CBC")
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | parser_alg_info_add() ealg_getbyname("3des")=5
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_ike_add() ealg=5 aalg=1 modp_id=5, cnt=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=5, cnt=2
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_ike_add() ealg=5 aalg=1 modp_id=2, cnt=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=4
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | Added new connection tunnel-v6-to-01 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | from whack: got --esp=3des
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | alg_info_parse_str() ealg_buf=3des aalg_buf=eklen=0 aklen=0
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | enum_search_prefix () calling enum_search(0x8111acc, "ESP_3DES")
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | parser_alg_info_add() ealg_getbyname("3des")=3
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_esp_add() ealg=3 aalg=1 cnt=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | __alg_info_esp_add() ealg=3 aalg=2 cnt=2
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | esp string values: 3DES(3)_000-MD5(1)_000, 3DES(3)_000-SHA1(2)_000; flags=-strict
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | ike (phase1) algorihtm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2); flags=-strict
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | counting wild cards for 2a02:bd0:abcd:2::10 is 0
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | counting wild cards for 2a02:bd0:abcd:3::20 is 0
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | alg_info_addref() alg_info->ref_cnt=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | alg_info_addref() alg_info->ref_cnt=1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: added connection description "tunnel-v6-to-01"
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | 2a02:bd0:abcd:1::/64===2a02:bd0:abcd:2::10<2a02:bd0:abcd:2::10>[+S=C]---2a02:bd0:abcd:2::20...2a02:bd0:abcd:3::10---2a02:bd0:abcd:3::20<2a02:bd0:abcd:3::20>[+S=C]===2a02:bd0:abcd:4::/64
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: |
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | *received whack message
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: |
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | *received whack message
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: |
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | *received whack message
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: listening for IKE messages
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found lo with address 127.0.0.1
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found eth0 with address 10.0.112.103
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found eth1 with address 172.16.3.20
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found eth2 with address 172.16.4.10
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found ipsec0 with address 172.16.3.20
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | invalid listen= option ignored: empty string
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface eth2 172.16.4.10 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: adding interface ipsec0/eth1 172.16.3.20:500
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface eth0 10.0.112.103 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found eth2 with address 2a02:0bd0:abcd:0004:0000:0000:0000:0010
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | found eth1 with address 2a02:0bd0:abcd:0003:0000:0000:0000:0020
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface eth1 2a02:bd0:abcd:3::20 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface lo ::1 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | IP interface eth2 2a02:bd0:abcd:4::10 has no matching ipsec* interface -- ignored
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: loading secrets from "/etc/ipsec.secrets"
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: loaded private key for keyid: PPK_RSA:AQOZP6OG/
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:45:21 vn-t-fw03 pluto[1024]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 ipsec__plutorun: Starting Pluto subsystem...
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Starting Pluto (Openswan Version 2.6.30dr3-5020-g6ba3582; Vendor ID OEC|tUyTnRLR) pid:1224
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: LEAK_DETECTIVE support [enabled]
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: SAref support [disabled]: Protocol not available
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: SAbind support [disabled]: Protocol not available
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: NSS support [disabled]
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: HAVE_STATSD notification support not compiled in
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Setting NAT-Traversal port-4500 floating to off
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: port floating activation criteria nat_t=0/port_float=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: NAT-Traversal support [disabled]
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | opening /dev/urandom
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: using /dev/urandom as source of random entropy
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | event added at head of queue
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | event added at head of queue
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | event added after event EVENT_PENDING_DDNS
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: starting up 1 cryptographic helpers
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: started helper pid=1226 (fd:7)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Using KLIPS IPsec interface code on 2.6.32-24-generic-pae
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | process 1224 listening for PF_KEY_V2 on file descriptor 8
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | 02 07 00 02 02 00 00 00 01 00 00 00 c8 04 00 00
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | pfkey_get: K_SADB_REGISTER message 1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | AH registered with kernel.
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | 02 07 00 03 02 00 00 00 02 00 00 00 c8 04 00 00
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | pfkey_get: K_SADB_REGISTER message 2
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | alg_init():memset(0x813c660, 0, 2016) memset(0x813ce40, 0, 2048)
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=9 sadb_supported_len=24
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=9 sadb_supported_len=32
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=192, alg_maxbits=192, res=0, ret=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add():satype=3, exttype=15, alg_id=12
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=15, satype=3, alg_id=12, alg_ivlen=128, alg_minbits=128, alg_maxbits=256, res=0, ret=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_add(): discarding already setup satype=3, exttype=15, alg_id=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=168, alg_maxbits=168, res=0, ret=0
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | ESP registered with kernel.
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | 02 07 00 0a 02 00 00 00 03 00 00 00 c8 04 00 00
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | pfkey_get: K_SADB_REGISTER message 3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IPCOMP registered with kernel.
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | finish_pfkey_msg: K_SADB_REGISTER message 4 for IPIP
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | 02 07 00 09 02 00 00 00 04 00 00 00 c8 04 00 00
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | pfkey_get: K_SADB_REGISTER message 4
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IPIP registered with kernel.
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | event added after event EVENT_PENDING_DDNS
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Changed path to directory '/etc/ipsec.d/cacerts'
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Changed path to directory '/etc/ipsec.d/aacerts'
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Changed path to directory '/etc/ipsec.d/ocspcerts'
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Changing to directory '/etc/ipsec.d/crls'
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: Warning: empty directory
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | inserting event EVENT_LOG_DAILY, timeout in 15122 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | event added after event EVENT_REINIT_SECRET
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1226]: | opening /dev/urandom
> Oct 11 19:47:58 vn-t-fw03 pluto[1226]: using /dev/urandom as source of random entropy
> Oct 11 19:47:58 vn-t-fw03 pluto[1226]: ! helper 0 waiting on fd: 8
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: |
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | *received whack message
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | alg_info_parse_str() ealg_buf=3des aalg_buf=eklen=0 aklen=0
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | enum_search_prefix () calling enum_search(0x8111d60, "OAKLEY_3DES")
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | enum_search_ppfixi () calling enum_search(0x8111d60, "OAKLEY_3DES_CBC")
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | parser_alg_info_add() ealg_getbyname("3des")=5
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_ike_add() ealg=5 aalg=1 modp_id=5, cnt=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=5, cnt=2
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_ike_add() ealg=5 aalg=1 modp_id=2, cnt=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=4
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | Added new connection tunnel-v6-to-01 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | from whack: got --esp=3des
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | alg_info_parse_str() ealg_buf=3des aalg_buf=eklen=0 aklen=0
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | enum_search_prefix () calling enum_search(0x8111acc, "ESP_3DES")
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | parser_alg_info_add() ealg_getbyname("3des")=3
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_esp_add() ealg=3 aalg=1 cnt=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | __alg_info_esp_add() ealg=3 aalg=2 cnt=2
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | esp string values: 3DES(3)_000-MD5(1)_000, 3DES(3)_000-SHA1(2)_000; flags=-strict
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | ike (phase1) algorihtm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2); flags=-strict
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | counting wild cards for 2a02:bd0:abcd:2::10 is 0
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | counting wild cards for 2a02:bd0:abcd:3::20 is 0
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | alg_info_addref() alg_info->ref_cnt=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | alg_info_addref() alg_info->ref_cnt=1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: added connection description "tunnel-v6-to-01"
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | 2a02:bd0:abcd:1::/64===2a02:bd0:abcd:2::10<2a02:bd0:abcd:2::10>[+S=C]---2a02:bd0:abcd:2::20...2a02:bd0:abcd:3::10---2a02:bd0:abcd:3::20<2a02:bd0:abcd:3::20>[+S=C]===2a02:bd0:abcd:4::/64
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: |
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | *received whack message
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: |
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | *received whack message
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: |
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | *received whack message
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: listening for IKE messages
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found lo with address 127.0.0.1
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found eth0 with address 10.0.112.103
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found eth1 with address 172.16.3.20
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found eth2 with address 172.16.4.10
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found ipsec0 with address 172.16.3.20
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | invalid listen= option ignored: empty string
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IP interface eth2 172.16.4.10 has no matching ipsec* interface -- ignored
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: adding interface ipsec0/eth1 172.16.3.20:500
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IP interface eth0 10.0.112.103 has no matching ipsec* interface -- ignored
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found eth2 with address 2a02:0bd0:abcd:0004:0000:0000:0000:0010
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found ipsec0 with address 2a02:0bd0:abcd:0003:0000:0000:0000:0020
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | found eth1 with address 2a02:0bd0:abcd:0003:0000:0000:0000:0020
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: adding interface ipsec0/eth1 2a02:bd0:abcd:3::20:500
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IP interface lo ::1 has no matching ipsec* interface -- ignored
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | IP interface eth2 2a02:bd0:abcd:4::10 has no matching ipsec* interface -- ignored
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | connect_to_host_pair: 2a02:bd0:abcd:3::20:500 2a02:bd0:abcd:2::10:500 -> hp:none
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: loading secrets from "/etc/ipsec.secrets"
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: loaded private key for keyid: PPK_RSA:AQOZP6OG/
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | * processed 0 messages from cryptographic helpers
> Oct 11 19:47:58 vn-t-fw03 pluto[1224]: | next event EVENT_PENDING_DDNS in 60 seconds
> --- a 2010-10-11 19:59:34.026150840 +0200
> +++ b 2010-10-11 19:59:38.610143785 +0200
> @@ -1,5 +1,5 @@
> Starting Pluto subsystem...
> -Starting Pluto (Openswan Version 2.6.30dr3-5020-g6ba3582; Vendor ID OEC|tUyTnRLR) pid:1024
> +Starting Pluto (Openswan Version 2.6.30dr3-5020-g6ba3582; Vendor ID OEC|tUyTnRLR) pid:1224
> LEAK_DETECTIVE support [enabled]
> SAref support [disabled]: Protocol not available
> SAbind support [disabled]: Protocol not available
> @@ -24,15 +24,15 @@
> ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
> ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> starting up 1 cryptographic helpers
> -started helper pid=1028 (fd:7)
> +started helper pid=1226 (fd:7)
> Using KLIPS IPsec interface code on 2.6.32-24-generic-pae
> -| process 1024 listening for PF_KEY_V2 on file descriptor 8
> +| process 1224 listening for PF_KEY_V2 on file descriptor 8
> | finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
> -| 02 07 00 02 02 00 00 00 01 00 00 00 00 04 00 00
> +| 02 07 00 02 02 00 00 00 01 00 00 00 c8 04 00 00
> | pfkey_get: K_SADB_REGISTER message 1
> | AH registered with kernel.
> | finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
> -| 02 07 00 03 02 00 00 00 02 00 00 00 00 04 00 00
> +| 02 07 00 03 02 00 00 00 02 00 00 00 c8 04 00 00
> | pfkey_get: K_SADB_REGISTER message 2
> | alg_init():memset(0x813c660, 0, 2016) memset(0x813ce40, 0, 2048)
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=9 sadb_supported_len=24
> @@ -50,26 +50,26 @@
> | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=3, alg_ivlen=64, alg_minbits=168, alg_maxbits=168, res=0, ret=0
> | ESP registered with kernel.
> | finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
> -| 02 07 00 0a 02 00 00 00 03 00 00 00 00 04 00 00
> +| 02 07 00 0a 02 00 00 00 03 00 00 00 c8 04 00 00
> | pfkey_get: K_SADB_REGISTER message 3
> | IPCOMP registered with kernel.
> | finish_pfkey_msg: K_SADB_REGISTER message 4 for IPIP
> -| 02 07 00 09 02 00 00 00 04 00 00 00 00 04 00 00
> +| 02 07 00 09 02 00 00 00 04 00 00 00 c8 04 00 00
> | pfkey_get: K_SADB_REGISTER message 4
> | IPIP registered with kernel.
> | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds
> | event added after event EVENT_PENDING_DDNS
> -| opening /dev/urandom
> -using /dev/urandom as source of random entropy
> -! helper 0 waiting on fd: 8
> Changed path to directory '/etc/ipsec.d/cacerts'
> Changed path to directory '/etc/ipsec.d/aacerts'
> Changed path to directory '/etc/ipsec.d/ocspcerts'
> Changing to directory '/etc/ipsec.d/crls'
> Warning: empty directory
> -| inserting event EVENT_LOG_DAILY, timeout in 15279 seconds
> +| inserting event EVENT_LOG_DAILY, timeout in 15122 seconds
> | event added after event EVENT_REINIT_SECRET
> | next event EVENT_PENDING_DDNS in 60 seconds
> +| opening /dev/urandom
> +using /dev/urandom as source of random entropy
> +! helper 0 waiting on fd: 8
> |
> | *received whack message
> | alg_info_parse_str() ealg_buf=3des aalg_buf=eklen=0 aklen=0
> @@ -124,12 +124,13 @@
> | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored
> | found eth2 with address 2a02:0bd0:abcd:0004:0000:0000:0000:0010
> | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
> +| found ipsec0 with address 2a02:0bd0:abcd:0003:0000:0000:0000:0020
> | found eth1 with address 2a02:0bd0:abcd:0003:0000:0000:0000:0020
> -| IP interface eth1 2a02:bd0:abcd:3::20 has no matching ipsec* interface -- ignored
> +adding interface ipsec0/eth1 2a02:bd0:abcd:3::20:500
> | IP interface lo ::1 has no matching ipsec* interface -- ignored
> | IP interface eth2 2a02:bd0:abcd:4::10 has no matching ipsec* interface -- ignored
> +| connect_to_host_pair: 2a02:bd0:abcd:3::20:500 2a02:bd0:abcd:2::10:500 -> hp:none
> loading secrets from "/etc/ipsec.secrets"
> loaded private key for keyid: PPK_RSA:AQOZP6OG/
> | * processed 0 messages from cryptographic helpers
> | next event EVENT_PENDING_DDNS in 60 seconds
> -| next event EVENT_PENDING_DDNS in 60 seconds
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
More information about the Dev
mailing list