[Openswan Users]

Itai Tavor itai at iinet.net.au
Wed Dec 1 09:53:22 CET 2004


On 30/11/2004, at 9:34 PM, Paul Wouters wrote:

> On Tue, 30 Nov 2004, Itai Tavor wrote:
>
>> Both sides act as LAN gateways, left with a fixed IP, right connected  
>> to ADSL with a dynamic IP. The connection (triggered from right)  
>> starts fine but pings don't work in either direction. I tried both  
>> with the firewall on and off on both sides, with identical results.

Hi Paul,

Thanks for looking at my problem.

> I don't see any established tunnels or attempts in the logs. you  
> either ran a barf
> without starting the conns or you cut it from the barf.

Hmm... strange. I was sure I started the tunnel. Sorry about that.

> One thing I notice:
>
> conn Tir-Na-Nogth-IM
>          right=%defaultroute
>          rightsubnet=10.0.1.0/24
>          #
>          left=210.229.239.65
>          leftsubnet=10.0.2.0/24
>
> Since that side also uses interfaces=%defaultroute, I would swap right  
> and left
> in that connection.

I guess I don't understand left and right... I thought the selection  
was arbitrary. Anyway, I swapped left and right.

> Other then that, why not run 2.4 or 2.6 on both ends? And why openswan  
> 2.1.2? It's
> a bit old.

Wish I could... my local machine needs a recent 2.6 for other services  
it runs, and I can't mess with the remote box too much so I'd rather  
leave it on 2.4. As for openswan 2.1.2... I installed the latest  
openswan and kernel-openswan-modules from atrpms. Package  
openswan-2.2.0-17.rhfc1.at, ipsec version 2.1.2. Go figure. Think that  
might cause a problem?

> I cannot tell you more without seeing more. All the kernel modules  
> seem to have been
> loaded, including xfrm4_tunnel. I do see you are doing lots of  
> blocking of icmp packets,
> which might break PMTU, while you are also doing tcp clamping. The  
> drop rules have a match
> for icmp 'invalid state', which I am not entirely sure what that  
> means, since icmp consists
> of packets, not of a stateful connection. You can try and allowing all  
> icmp to see if that
> helps. Also show us exactly how you are testing your 'ping' so we know  
> it does not involve
> wrong testing. In general, I don't look throgh firewall rules. You  
> have MANY of them, you
> might want to try to temporary insert an 'allow all' rule to see if  
> that might be the cause.

Ok, I completely opened the firewall on both sides. New barfs attached.  
I was able to connect to both gateways using their external IP's so I  
don't think the firewall is getting in the way anymore. All those  
firewall rules are generated by shorewall, I don't understand most of  
them myself.

As for the ping tests, on 10.0.1.1 I simply try ping 10.0.2.1 and ping  
10.0.2.60 (a running host on right), and I get nothing. Same the other  
way.

Itai



edo
Wed Dec  1 07:45:06 JST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan Ucvs2002Mar11_19:19:03/K2.1.2rc3 (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.22-1.2199.nptl_52.rhfc1.at (bachbuilder at n27) (gcc  
version 3.2.3 20030422 (Red Hat Linux 3.2.3-6)) #1 Wed Aug 11 19:48:01  
EDT 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
0          10.0.2.0/24        -> 10.0.1.0/24        =>  
tun0x1002 at 203.206.236.211
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
154.33.4.102    0.0.0.0         255.255.255.255 UH        0 0           
0 ipsec0
10.0.1.0        154.33.4.102    255.255.255.0   UG        0 0           
0 ipsec0
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0           
0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         154.33.4.102    0.0.0.0         UG        0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1002 at 203.206.236.211 esp0x67b4c13c at 203.206.236.211
tun0x1001 at 210.229.239.65 esp0xed2385f1 at 210.229.239.65
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> ppp0 mtu=16260(1454) -> 1454
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_netlink debug_pfkey  
debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform  
icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/ppp0 210.229.239.65
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64,  
keysizemin=168, keysizemax=168
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,  
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,  
keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,  
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,  
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}  
trans={0,0,0} attrs={0,0,0}
000
000 "Tir-Na-Nogth-IM":  
10.0.2.0/24===210.229.239.65[@edo.insentiv.co.jp]-- 
-154.33.4.102...%any[@amber.tir-na-nogth.net]===10.0.1.0/24; unrouted;  
eroute owner: #0
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "Tir-Na-Nogth-IM":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2,  
5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM":   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM":   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM"[1]:  
10.0.2.0/24===210.229.239.65[@edo.insentiv.co.jp]-- 
-154.33.4.102...203.206.236.211[@amber.tir-na-nogth.net]===10.0.1.0/24;  
erouted; eroute owner: #2
000 "Tir-Na-Nogth-IM"[1]:   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "Tir-Na-Nogth-IM"[1]:   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM"[1]:   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "Tir-Na-Nogth-IM"[1]:   IKE algorithms wanted: 5_000-1-5,  
5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM"[1]:   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM"[1]:   IKE algorithm newest:  
3DES_CBC_192-MD5-MODP1536
000 "Tir-Na-Nogth-IM"[1]:   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM"[1]:   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM"[1]:   ESP algorithm newest: 3DES_0-HMAC_MD5;  
pfsgroup=<Phase1>
000
000 #2: "Tir-Na-Nogth-IM"[1] 203.206.236.211 STATE_QUICK_R2 (IPsec SA  
established); EVENT_SA_REPLACE in 28485s; newest IPSEC; eroute owner
000 #2: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
esp.67b4c13c at 203.206.236.211 esp.ed2385f1 at 210.229.239.65  
tun.1002 at 203.206.236.211 tun.1001 at 210.229.239.65
000 #1: "Tir-Na-Nogth-IM"[1] 203.206.236.211 STATE_MAIN_R3 (sent MR3,  
ISAKMP SA established); EVENT_SA_REPLACE in 3284s; newest ISAKMP
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:00:F4:60:9B:31
           inet addr:10.0.2.1  Bcast:10.0.2.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:164398 errors:0 dropped:0 overruns:0 frame:0
           TX packets:337949 errors:3 dropped:0 overruns:3 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:18843646 (17.9 Mb)  TX bytes:430949138 (410.9 Mb)
           Interrupt:11 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:90:CC:51:B9:77
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:351706 errors:0 dropped:0 overruns:0 frame:0
           TX packets:235413 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:430898068 (410.9 Mb)  TX bytes:23371201 (22.2 Mb)
           Interrupt:10 Base address:0x9000

ipsec0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  Mask:255.255.255.255
           UP RUNNING NOARP  MTU:16260  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:13 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec1    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec2    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec3    Link encap:UNSPEC  HWaddr  
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           NOARP  MTU:0  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:49726 errors:0 dropped:0 overruns:0 frame:0
           TX packets:49726 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:3459169 (3.2 Mb)  TX bytes:3459169 (3.2 Mb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:210.229.239.65  P-t-P:154.33.4.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:348820 errors:0 dropped:0 overruns:0 frame:0
           TX packets:232663 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:422860300 (403.2 Mb)  TX bytes:18169637 (17.3 Mb)

ppp0:0    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.99  P-t-P:210.229.239.99   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:1    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.98  P-t-P:210.229.239.98   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ppp0:2    Link encap:Point-to-Point Protocol
           inet addr:210.229.239.102  P-t-P:210.229.239.102   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux Openswan Ucvs2002Mar11_19:19:03/K2.1.2rc3 (klips)
Checking for IPsec support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking tun0x1002 at 203.206.236.211 from 10.0.2.0/24 to 10.0.1.0/24       
[FAILED]
ppp0_masq from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 ->  
10.0.1.0/24
Checking for 'ip' command                                                
[OK]
Checking for 'iptables' command                                          
[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: edo                              
[MISSING]
    Does the machine have at least one non-private address?               
[OK]
    Looking for TXT in reverse dns zone: 65.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 99.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 98.239.229.210.in-addr.arpa.     
[MISSING]
    Looking for TXT in reverse dns zone: 102.239.229.210.in-addr.arpa.    
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
   product info: Davicom DM9101 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
eth1: negotiated 100baseTx-FD, link ok
   product info: vendor 00:07:49, model 1 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD  
flow-control
   link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
edo
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
  07:45:11  up 14:44,  2 users,  load average: 0.29, 0.23, 0.13
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
0     0 17188 11722  22   0  4852  936 -      R    pts/1      0:00  |    
     \_ /bin/sh /usr/libexec/ipsec/barf
0     0 17285 17188  17   0  3092  392 pipe_w S    pts/1      0:00  |    
         \_ egrep -i ppid|pluto|ipsec|klips
1     0 17101     1  20   0  3188  988 wait4  S    pts/1      0:00  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wai
1     0 17102 17101  20   0  3188  996 wait4  S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  -
4     0 17103 17102  17   0  3288 1044 schedu S    pts/1      0:00  |    
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets  
--ipsecdir /etc/ipsec.d --debug-none --uniqueids
0     0 17114 17103  24   0  2108  176 schedu S    pts/1      0:00  |    
     \_ _pluto_adns
0     0 17104 17101  15   0  2792  984 pipe_w S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0     0 17106     1  20   0  2388  288 pipe_w S    pts/1      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $

# edo.isentiv.co.jp
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces="ipsec0=ppp0"
         klipsdebug=none
         plutodebug=none
         uniqueids=yes

# Standard server security definition (right)
conn %default
         # Allow only 1 try since we are the passive end
         keyingtries=1
         #
         # Security gateway - right
         right=210.229.239.65
         rightsubnet=10.0.2.0/24
         rightnexthop=154.33.4.102
         rightupdown=/usr/lib/ipsec/_updown
         #
         # Add but don't start connection on startup
         auto=add
         #
         #
         # RSA authentication
         authby=rsasig
         rightid=@edo.insentiv.co.jp
         rightrsasigkey=[keyid AQOrd0max]

# Load client (right) definitions from subdirectory

#< /etc/ipsec.d/remote.tir-na-nogth.conn 1
# /etc/ipsec.d/remote.tir-na-nogth.conn - FreeS/WAN IPsec remote  
connection file

# Connection from Tir-Na-Nog'th gateway
conn Tir-Na-Nogth-IM
         # Left - Tir-Na-Nog'th security gateway
         left=%any
         leftsubnet=10.0.1.0/24
         #
         leftid=@amber.tir-na-nogth.net
         leftrsasigkey=[keyid AQN/IxlHw]


#> /etc/ipsec.conf 37

#
# Disable opportunistic encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore


#> /etc/ipsec.conf 42
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   edo.insentiv.co.jp   Fri Jan 30 20:14:18 2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQOrd0max]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Dec 01 07:44:06 2004, 2192 RSA Key AQOrd0max, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@edo.insentiv.co.jp'
000 Dec 01 07:44:06 2004, 2192 RSA Key AQN/IxlHw, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@amber.tir-na-nogth.net'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 100
-rwxr-xr-x    1 root     root        15403 Sep 19 09:25 _confread
-rwxr-xr-x    1 root     root         6312 Sep 19 09:25 _copyright
-rwxr-xr-x    1 root     root         2379 Sep 19 09:25 _include
-rwxr-xr-x    1 root     root         1475 Sep 19 09:25 _keycensor
-rwxr-xr-x    1 root     root         3586 Sep 19 09:25 _plutoload
-rwxr-xr-x    1 root     root         7167 Sep 19 09:25 _plutorun
-rwxr-xr-x    1 root     root        10493 Sep 19 09:25 _realsetup
-rwxr-xr-x    1 root     root         1975 Sep 19 09:25 _secretcensor
-rwxr-xr-x    1 root     root         9010 Sep 19 09:25 _startklips
-rwxr-xr-x    1 root     root        12313 Sep 19 09:25 _updown
-rwxr-xr-x    1 root     root         7572 Sep 19 09:25 _updown_x509
-rwxr-xr-x    1 root     root         1942 Sep 19 09:25  
ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 1280
-rwxr-xr-x    1 root     root        11316 Sep 19 09:25 _pluto_adns
-rwxr-xr-x    1 root     root        19220 Sep 19 09:25 auto
-rwxr-xr-x    1 root     root        10224 Sep 19 09:25 barf
-rwxr-xr-x    1 root     root          816 Sep 19 09:25 calcgoo
-rwxr-xr-x    1 root     root        80140 Sep 19 09:25 eroute
-rwxr-xr-x    1 root     root        63744 Sep 19 09:25 klipsdebug
-rwxr-xr-x    1 root     root         2461 Sep 19 09:25 look
-rwxr-xr-x    1 root     root         7118 Sep 19 09:25 mailkey
-rwxr-xr-x    1 root     root        16188 Sep 19 09:25 manual
-rwxr-xr-x    1 root     root         1874 Sep 19 09:25 newhostkey
-rwxr-xr-x    1 root     root        54584 Sep 19 09:25 pf_key
-rwxr-xr-x    1 root     root       567772 Sep 19 09:25 pluto
-rwxr-xr-x    1 root     root        12148 Sep 19 09:25 ranbits
-rwxr-xr-x    1 root     root        20124 Sep 19 09:25 rsasigkey
-rwxr-xr-x    1 root     root          766 Sep 19 09:25 secrets
-rwxr-xr-x    1 root     root        17578 Sep 19 09:25 send-pr
lrwxrwxrwx    1 root     root           22 Nov 30 16:39 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x    1 root     root         1048 Sep 19 09:25 showdefaults
-rwxr-xr-x    1 root     root         4364 Sep 19 09:25 showhostkey
-rwxr-xr-x    1 root     root       119928 Sep 19 09:25 spi
-rwxr-xr-x    1 root     root        69940 Sep 19 09:25 spigrp
-rwxr-xr-x    1 root     root        83384 Sep 19 09:25 starter
-rwxr-xr-x    1 root     root        11276 Sep 19 09:25 tncfg
-rwxr-xr-x    1 root     root        10189 Sep 19 09:25 verify
-rwxr-xr-x    1 root     root        46148 Sep 19 09:25 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo: 3459169   49726    0    0    0     0          0         0   
3459169   49726    0    0    0     0       0          0
   eth0:18843988  164399    0    0    0     0          0         0  
430949138  337949    3    0    3     0       0          0
   eth1:430900591  351733    0    0    0     0          0         0  
23405262  235448    0    0    0     0       0          0
   ppp0:422862229  348847    0    0    0     0          0         0  
18202928  232698    0    0    0     0       0          0
ipsec0:       0       0    0    0    0     0          0         0        
  0       0    0   13    0     0       0          0
ipsec1:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec2:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
ipsec3:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
ipsec0  6604219A        00000000        0005    0       0       0        
FFFFFFFF0       0       0
ipsec0  0001000A        6604219A        0003    0       0       0        
00FFFFFF0       0       0
eth0    0002000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
eth0    0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        6604219A        0003    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter  
ipsec0/rp_filter lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
ipsec0/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux edo 2.4.22-1.2199.nptl_52.rhfc1.at #1 Wed Aug 11 19:48:01 EDT  
2004 i586 i586 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 1 (Yarrow)
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.1.2rc3
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm  
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 4 packets, 776 bytes)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
   130 14765 ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
    15  4432 eth0_in    all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_in  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 3 packets, 140 bytes)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
   663 31820 TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
   766 74504 ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 ipsec0_fwd  all  --  ipsec0 *       0.0.0.0/0             
0.0.0.0/0
   766 74504 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          state INVALID
   137 50682 fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     2   168 fw2loc     all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
    13  1092 fw2vpn     all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain all2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    13  1092 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain common (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 icmpdef    icmp --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:135
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:1900
     0     0 DROP       all  --  *      *       0.0.0.0/0             
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0             
224.0.0.0/4
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:113
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:53 state NEW
     0     0 DROP       all  --  *      *       0.0.0.0/0             
10.0.2.255

Chain dynamic (6 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain eth0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 loc2vpn    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain eth0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    13  4264 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
    15  4432 loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     2   168 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     0     0 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   134 50408 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     2   200 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     1    74 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
    13  1092 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain ipsec0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 all2all    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     0     0 vpn2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0

Chain ipsec0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 vpn2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     2   168 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
    13  4264 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2vpn (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain logdrop (58 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2all (3 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     1    60 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   129 14705 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:500 dpt:500 state NEW
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.1           state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp spt:500 dpt:500
     0     0 ACCEPT     esp  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     ah   --  *      *       0.0.0.0/0             
0.0.0.0/0
     1    60 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.61          multiport dports 80,21 state NEW ctorigdst  
210.229.239.99
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.62          state NEW tcp dpt:80 ctorigdst 210.229.239.102
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,81,443 state NEW ctorigdst  
210.229.239.98
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.100
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          multiport dports 80,443 state NEW ctorigdst  
210.229.239.101
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:21 ctorigdst 210.229.239.101
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.2.60          state NEW tcp dpt:22 ctorigdst 210.229.239.98
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.2.20          state NEW udp dpts:16384:16403
     0     0 net2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain newnotsyn (12 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        all  --  *      *       0.0.0.0/0             
0.0.0.0/0          LOG flags 0 level 6 prefix  
`Shorewall:newnotsyn:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   766 74504 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   766 74504 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   766 74504 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     0     0 net2loc    all  --  *      eth0    0.0.0.0/0             
0.0.0.0/0
     0     0 net2all    all  --  *      ipsec0  0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     1    60 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     1    60 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
     1    60 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW
   130 14765 net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (7 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with tcp-reset
     0     0 REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-port-unreachable
     0     0 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          reject-with icmp-host-prohibited

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RETURN     all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 RETURN     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 255.255.255.255
     0     0 DROP       all  --  *      *       169.254.0.0/16        
0.0.0.0/0
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 169.254.0.0/16
     0     0 logdrop    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 172.16.0.0/12
     0     0 logdrop    all  --  *      *       192.0.2.0/24          
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.0.2.0/24
     0     0 logdrop    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 192.168.0.0/16
     0     0 logdrop    all  --  *      *       0.0.0.0/7             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 0.0.0.0/7
     0     0 logdrop    all  --  *      *       2.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 2.0.0.0/8
     0     0 logdrop    all  --  *      *       5.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 5.0.0.0/8
     0     0 logdrop    all  --  *      *       7.0.0.0/8             
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 7.0.0.0/8
     0     0 logdrop    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 10.0.0.0/8
     0     0 logdrop    all  --  *      *       23.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 23.0.0.0/8
     0     0 logdrop    all  --  *      *       27.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 27.0.0.0/8
     0     0 logdrop    all  --  *      *       31.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 31.0.0.0/8
     0     0 logdrop    all  --  *      *       36.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 36.0.0.0/7
     0     0 logdrop    all  --  *      *       39.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 39.0.0.0/8
     0     0 logdrop    all  --  *      *       41.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 41.0.0.0/8
     0     0 logdrop    all  --  *      *       42.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 42.0.0.0/8
     0     0 logdrop    all  --  *      *       49.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 49.0.0.0/8
     0     0 logdrop    all  --  *      *       50.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 50.0.0.0/8
     0     0 logdrop    all  --  *      *       58.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 58.0.0.0/7
     0     0 logdrop    all  --  *      *       70.0.0.0/7            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 70.0.0.0/7
     0     0 logdrop    all  --  *      *       72.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 72.0.0.0/5
     0     0 logdrop    all  --  *      *       83.0.0.0/8            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 83.0.0.0/8
     0     0 logdrop    all  --  *      *       84.0.0.0/6            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 84.0.0.0/6
     0     0 logdrop    all  --  *      *       88.0.0.0/5            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 88.0.0.0/5
     0     0 logdrop    all  --  *      *       96.0.0.0/3            
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 96.0.0.0/3
     0     0 logdrop    all  --  *      *       127.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 127.0.0.0/8
     0     0 logdrop    all  --  *      *       197.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 197.0.0.0/8
     0     0 logdrop    all  --  *      *       198.18.0.0/15         
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 198.18.0.0/15
     0     0 logdrop    all  --  *      *       223.0.0.0/8           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 223.0.0.0/8
     0     0 logdrop    all  --  *      *       240.0.0.0/4           
0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/0             
0.0.0.0/0          ctorigdst 240.0.0.0/4

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain vpn2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp dpt:53
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain vpn2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 23389 packets, 1462K bytes)
  pkts bytes target     prot opt in     out     source                
destination
     5   608 net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
     0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT 21422 packets, 940K bytes)
  pkts bytes target     prot opt in     out     source                
destination
     6   718 ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 4081 packets, 248K bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 LOG        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 LOG flags 0 level 5 prefix  
`Shorewall:net_dnat:DNAT:'
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:222 to:10.0.2.1:22
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.99     multiport dports 80,21 to:10.0.2.61
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.102    tcp dpt:80 to:10.0.2.62
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     multiport dports 80,81,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.100    multiport dports 80,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    multiport dports 80,443 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.101    tcp dpt:21 to:10.0.2.60
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
210.229.239.98     tcp dpt:223 to:10.0.2.60:22
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:5060 to:10.0.2.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpts:16384:16403 to:10.0.2.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 MASQUERADE  all  --  *      *       10.0.2.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 562K packets, 443M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   916 93961 pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 470K packets, 397M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 91787 packets, 46M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain OUTPUT (policy ACCEPT 546K packets, 403M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   158 58398 outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 620K packets, 448M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
   125 54917 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    40  5254 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4662 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4662 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4672 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4672 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp spt:4862 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0          tcp dpt:4862 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp spt:4872 TOS set 0x08
     0     0 TOS        udp  --  *      *       0.0.0.0/0             
0.0.0.0/0          udp dpt:4872 TOS set 0x08
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipsec                 244512   2
autofs                 11156   0 (autoclean) (unused)
ipt_REDIRECT            1336   1 (autoclean)
ipt_TOS                 1592  28 (autoclean)
ipt_MASQUERADE          2104   2 (autoclean)
ipt_REJECT              3960   4 (autoclean)
ipt_LOG                 4152   3 (autoclean)
ipt_TCPMSS              2968   1 (autoclean)
ipt_state               1112  58 (autoclean)
ip_nat_irc              2896   0 (unused)
ip_nat_tftp             2288   0 (unused)
ip_nat_ftp              3568   0 (unused)
ip_conntrack_irc        3728   1
ip_conntrack_tftp       2192   1
ip_conntrack_ftp        4720   1
ipt_multiport           1176   8 (autoclean)
ipt_conntrack           1656  38 (autoclean)
iptable_filter          2348   1 (autoclean)
iptable_mangle          2712   1 (autoclean)
iptable_nat            20760   4 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ip_nat_irc ip_nat_tftp ip_nat_ftp]
ip_conntrack           27464   6 (autoclean) [ipt_REDIRECT  
ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_tftp ip_nat_ftp  
ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp ipt_conntrack  
iptable_nat]
ip_tables              14688  14 [ipt_REDIRECT ipt_TOS ipt_MASQUERADE  
ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state ipt_multiport ipt_conntrack  
iptable_filter iptable_mangle iptable_nat]
ppp_synctty             6272   0 (unused)
ppp_async               7936   1
ppp_generic            23516   3 [ppp_synctty ppp_async]
slhc                    6612   0 [ppp_generic]
tulip                  40832   1 (autoclean)
via-rhine              14224   1
mii                     3736   0 [via-rhine]
loop                   10808   0 (autoclean)
keybdev                 2464   0 (unused)
mousedev                5044   0 (unused)
hid                    22724   0 (unused)
input                   5664   0 [keybdev mousedev hid]
usb-ohci               20520   0 (unused)
usbcore                73120   1 [hid usb-ohci]
ext3                   81576   4
jbd                    47752   4 [ext3]
lvm-mod                63488   3
+ _________________________ proc/meminfo
+ cat /proc/meminfo
         total:    used:    free:  shared: buffers:  cached:
Mem:  191524864 185085952  6438912        0 37384192 26890240
Swap: 394805248    16384 394788864
MemTotal:       187036 kB
MemFree:          6288 kB
MemShared:           0 kB
Buffers:         36508 kB
Cached:          26244 kB
SwapCached:         16 kB
Active:          47904 kB
Inactive:        34388 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       187036 kB
LowFree:          6288 kB
SwapTotal:      385552 kB
SwapFree:       385536 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug  
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg  
/proc/net/ipsec_version
lrwxrwxrwx    1 root     root           16 Dec  1 07:45  
/proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx    1 root     root           16 Dec  1 07:45  
/proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx    1 root     root           13 Dec  1 07:45  
/proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx    1 root     root           16 Dec  1 07:45  
/proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx    1 root     root           11 Dec  1 07:45  
/proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx    1 root     root           13 Dec  1 07:45  
/proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.4.22-1.2199.nptl_52.rhfc1.at/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# MADE-BY-RP-PPPOE
nameserver 154.33.63.214
nameserver 154.33.63.210
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x    4 root     root         4096 Nov 30 16:37  
2.4.22-1.2199.nptl_52.rhfc1.at
drwxr-xr-x    4 root     root         4096 Nov 30 16:42  
2.4.22-1.2115.nptl
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ egrep netif_rx /proc/ksyms
c0201b10 netif_rx_Rc41991c0
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.22-1.2115.nptl:          U netif_rx_R07a1a075
2.4.22-1.2199.nptl_52.rhfc1.at:          U netif_rx_Rc41991c0
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '41872,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Dec  1 07:44:05 edo ipsec_setup: Starting Openswan IPsec  
cvs2002Mar11_19:19:03...
Dec  1 07:44:05 edo ipsec_setup: Using  
/lib/modules/2.4.22-1.2199.nptl_52.rhfc1.at/kernel/net/ipsec/ipsec.o
+ _________________________ plog
+ sed -n '392,$p' /var/log/secure
+ egrep -i pluto
+ cat
Dec  1 07:44:05 edo ipsec__plutorun: Starting Pluto subsystem...
Dec  1 07:44:05 edo pluto[17103]: Starting Pluto (Openswan Version  
cvs2002Mar11_19:19:03 X.509-1.5.4 PLUTO_USES_KEYRR)
Dec  1 07:44:05 edo pluto[17103]:   including NAT-Traversal patch  
(Version 0.6c) [disabled]
Dec  1 07:44:05 edo pluto[17103]: ike_alg_register_enc(): Activating  
OAKLEY_AES_CBC: Ok (ret=0)
Dec  1 07:44:05 edo pluto[17103]: Using KLIPS IPsec interface code
Dec  1 07:44:05 edo pluto[17103]: Changing to directory  
'/etc/ipsec.d/cacerts'
Dec  1 07:44:05 edo pluto[17103]: Could not change to directory  
'/etc/ipsec.d/aacerts'
Dec  1 07:44:05 edo pluto[17103]: Changing to directory  
'/etc/ipsec.d/ocspcerts'
Dec  1 07:44:05 edo pluto[17103]: Changing to directory  
'/etc/ipsec.d/crls'
Dec  1 07:44:05 edo pluto[17103]:   Warning: empty directory
Dec  1 07:44:06 edo pluto[17103]: added connection description  
"Tir-Na-Nogth-IM"
Dec  1 07:44:06 edo pluto[17103]: listening for IKE messages
Dec  1 07:44:06 edo pluto[17103]: adding interface ipsec0/ppp0  
210.229.239.65
Dec  1 07:44:06 edo pluto[17103]: loading secrets from  
"/etc/ipsec.secrets"
Dec  1 07:44:19 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: responding to Main Mode from unknown peer 203.206.236.211
Dec  1 07:44:19 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: transition from state (null) to state STATE_MAIN_R1
Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: Peer Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1]  
203.206.236.211 #1: I did not send a certificate because I do not have  
one.
Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#1: sent MR3, ISAKMP SA established
Dec  1 07:44:20 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#2: responding to Quick Mode
Dec  1 07:44:21 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#2: transition from state (null) to state STATE_QUICK_R1
Dec  1 07:44:21 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec  1 07:44:21 edo pluto[17103]: "Tir-Na-Nogth-IM"[1] 203.206.236.211  
#2: IPsec SA established {ESP=>0x67b4c13c <0xed2385f1}
+ _________________________ date
+ date
Wed Dec  1 07:45:12 JST 2004


amber
Wed Dec  1 09:45:25 EST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.10-rc1 (root at amber) (gcc version 3.3.3 20040412 (Red  
Hat Linux 3.3.3-7)) #10 Sun Nov 28 17:34:20 EST 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window   
irtt Iface
203.55.229.88   0.0.0.0         255.255.255.255 UH        0 0           
0 ppp0
10.0.1.0        0.0.0.0         255.255.255.0   U         0 0           
0 br0
10.0.2.0        203.55.229.88   255.255.255.0   UG        0 0           
0 ppp0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0           
0 br0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0           
0 lo
0.0.0.0         203.55.229.88   0.0.0.0         UG        0 0           
0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
203.206.236.211 210.229.239.65
         esp mode=tunnel spi=3978528241(0xed2385f1)  
reqid=16385(0x00004001)
         E: 3des-cbc  c3316419 6c82dddb e09666d7 a07e8127 9f68e122  
94dce1f2
         A: hmac-md5  6efff558 b36bc568 494850b0 f1f1aad4
         seq=0x00000000 replay=64 flags=0x00000000 state=mature
         created: Dec  1 09:44:25 2004   current: Dec  1 09:45:25 2004
         diff: 60(s)     hard: 0(s)      soft: 0(s)
         last:                           hard: 0(s)      soft: 0(s)
         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
         allocated: 0    hard: 0 soft: 0
         sadb_seq=1 pid=13850 refcnt=0
210.229.239.65 203.206.236.211
         esp mode=tunnel spi=1739899196(0x67b4c13c)  
reqid=16385(0x00004001)
         E: 3des-cbc  9838af7b 945fa3d2 272a9be8 d7e8809b a1f00bbf  
03bd35fb
         A: hmac-md5  a8e6261b ce7b2090 f29a2dc6 c00610b9
         seq=0x00000000 replay=64 flags=0x00000000 state=mature
         created: Dec  1 09:44:25 2004   current: Dec  1 09:45:25 2004
         diff: 60(s)     hard: 0(s)      soft: 0(s)
         last:                           hard: 0(s)      soft: 0(s)
         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
         allocated: 0    hard: 0 soft: 0
         sadb_seq=0 pid=13850 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
10.0.2.0/24[any] 10.0.1.0/24[any] any
         in ipsec
         esp/tunnel/210.229.239.65-203.206.236.211/unique#16385
         created: Dec  1 09:44:25 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=968 seq=8 pid=13851
         refcnt=1
10.0.1.0/24[any] 10.0.2.0/24[any] any
         out ipsec
         esp/tunnel/203.206.236.211-210.229.239.65/unique#16385
         created: Dec  1 09:44:25 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=985 seq=7 pid=13851
         refcnt=1
10.0.2.0/24[any] 10.0.1.0/24[any] any
         fwd ipsec
         esp/tunnel/210.229.239.65-203.206.236.211/unique#16385
         created: Dec  1 09:44:25 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=978 seq=6 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Dec  1 09:44:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=955 seq=5 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Dec  1 09:44:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=939 seq=4 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         in none
         created: Dec  1 09:44:06 2004  lastused: Dec  1 09:44:25 2004
         lifetime: 0(s) validtime: 0(s)
         spid=923 seq=3 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Dec  1 09:44:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=964 seq=2 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Dec  1 09:44:06 2004  lastused:
         lifetime: 0(s) validtime: 0(s)
         spid=948 seq=1 pid=13851
         refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
         out none
         created: Dec  1 09:44:06 2004  lastused: Dec  1 09:44:25 2004
         lifetime: 0(s) validtime: 0(s)
         spid=932 seq=0 pid=13851
         refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface br0/br0 10.0.1.1
000 interface ppp0/ppp0 203.206.236.211
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,  
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,  
keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,  
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,  
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,  
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,  
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,  
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,  
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,  
keysizemax=0
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,  
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,  
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,4,36}  
trans={0,4,336} attrs={0,4,224}
000
000 "Tir-Na-Nogth-IM":  
10.0.1.0/24===203.206.236.211[@amber.tir-na-nogth.net]-- 
-203.55.229.88...154.33.4.102-- 
-210.229.239.65[@edo.insentiv.co.jp]===10.0.2.0/24; erouted; eroute  
owner: #2
000 "Tir-Na-Nogth-IM":   ike_life: 3600s; ipsec_life: 28800s;  
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "Tir-Na-Nogth-IM":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio:  
24,24; interface: ppp0;
000 "Tir-Na-Nogth-IM":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "Tir-Na-Nogth-IM":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2,  
5_000-2-5, 5_000-2-2, flags=-strict
000 "Tir-Na-Nogth-IM":   IKE algorithms found:  5_192-1_128-5,  
5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "Tir-Na-Nogth-IM":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "Tir-Na-Nogth-IM":   ESP algorithms wanted: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithms loaded: 3_000-1, 3_000-2,  
flags=-strict
000 "Tir-Na-Nogth-IM":   ESP algorithm newest: 3DES_0-HMAC_MD5;  
pfsgroup=<Phase1>
000
000 #2: "Tir-Na-Nogth-IM" STATE_QUICK_I2 (sent QI2, IPsec SA  
established); EVENT_SA_REPLACE in 28147s; newest IPSEC; eroute owner
000 #2: "Tir-Na-Nogth-IM" esp.ed2385f1 at 210.229.239.65  
esp.67b4c13c at 203.206.236.211 tun.0 at 210.229.239.65 tun.0 at 203.206.236.211
000 #1: "Tir-Na-Nogth-IM" STATE_MAIN_I4 (ISAKMP SA established);  
EVENT_SA_REPLACE in 2949s; newest ISAKMP
000
+ _________________________ ifconfig-a
+ ifconfig -a
ath0      Link encap:Ethernet  HWaddr 00:09:5B:E7:2A:2D
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:199
           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
           Interrupt:11 Memory:e0960000-e0970000

br0       Link encap:Ethernet  HWaddr 00:09:5B:E7:2A:2D
           inet addr:10.0.1.1  Bcast:10.0.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:8423892 errors:0 dropped:0 overruns:0 frame:0
           TX packets:10555558 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:2401951544 (2290.6 Mb)  TX bytes:3150618510 (3004.6  
Mb)

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:A1:3B:A3
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:8499906 errors:0 dropped:0 overruns:0 frame:0
           TX packets:10539119 errors:15 dropped:0 overruns:0 carrier:15
           collisions:1435843 txqueuelen:1000
           RX bytes:2548921990 (2430.8 Mb)  TX bytes:3147609335 (3001.7  
Mb)
           Interrupt:9 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:02:44:47:8C:09
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:8002278 errors:0 dropped:0 overruns:0 frame:0
           TX packets:7010867 errors:0 dropped:0 overruns:0 carrier:0
           collisions:42022 txqueuelen:1000
           RX bytes:3562771465 (3397.7 Mb)  TX bytes:2379507345 (2269.2  
Mb)
           Interrupt:5 Base address:0xd000

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:32896 errors:0 dropped:0 overruns:0 frame:0
           TX packets:32896 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:8151281 (7.7 Mb)  TX bytes:8151281 (7.7 Mb)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:203.206.236.211  P-t-P:203.55.229.88   
Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
           RX packets:1247747 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1133885 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:539151992 (514.1 Mb)  TX bytes:287351576 (274.0 Mb)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started  
correctly:
Version check and ipsec on-path                                          
[OK]
Linux Openswan U2.2.0/K2.6.10-rc1 (native)
Checking for IPsec support in kernel                                     
[OK]
Checking for RSA private key (/etc/ipsec.secrets)                        
[OK]
Checking that pluto is running                                           
[OK]
Two or more interfaces found, checking IP forwarding                     
[OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                                
[OK]
Checking for 'iptables' command                                          
[OK]
Checking for 'setkey' command for native IPsec stack support             
[OK]

Opportunistic Encryption DNS checks:
    Looking for TXT in forward dns zone: amber                            
[MISSING]
    Does the machine have at least one non-private address?               
[OK]
    Looking for TXT in reverse dns zone: 211.236.206.203.in-addr.arpa.    
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-HD, link ok
   product info: vendor 00:00:20, model 32 rev 1
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   link partner: 100baseTx-HD 10baseT-HD
eth1: autonegotiation failed, link ok
   product info: vendor 00:00:00, model 0 rev 0
   basic mode:   autonegotiation enabled
   basic status: autonegotiation complete, link ok
   capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
   advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
amber.tir-na-nogth.net
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.0.1.1
+ _________________________ uptime
+ uptime
  09:45:26 up 2 days, 10:44,  1 user,  load average: 0.23, 0.10, 0.02
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME  
COMMAND
4     0 13831  7482  16   0  4084  960 wait   S    pts/1      0:00       
     \_ /bin/sh /usr/libexec/ipsec/barf
4     0 13914 13831  16   0  1508  396 pipe_w S    pts/1      0:00       
         \_ egrep -i ppid|pluto|ipsec|klips
5     0 13379     1  21   0  2056 1032 wait   S    pts/1      0:00  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
5     0 13380 13379  21   0  2056 1044 wait   S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutorun --debug none --uniqueids yes  
--nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive   
--force_keepalive  --disable_port_floating  --virtual_private   
--crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no  
--pre  --post  --log daemon.error --pid /var/run/pluto.pid
4     0 13381 13380  16   0  2308 1040 -      S    pts/1      0:00  |    
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets  
--ipsecdir /etc/ipsec.d --debug-none --uniqueids
4     0 13421 13381  21   0  1320  192 -      S    pts/1      0:00  |    
     \_ _pluto_adns
4     0 13382 13379  16   0  2056 1020 pipe_w S    pts/1      0:00  \_  
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
4     0 13383     1  21   0  1380  288 pipe_w S    pts/1      0:00  
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=ppp0
routevirt=ipsec0
routeaddr=203.206.236.211
routenexthop=203.55.229.88
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - OpenS/WAN IPsec configuration file

#
# amber.tir-na-nogth.net
#

version 2.0     # conforms to second version of ipsec.conf specification

config setup
         interfaces=%defaultroute
         klipsdebug=none
         plutodebug=none

conn %default
         keyingtries=3

#
# Tir-Na-Nog'th to Insentiv Media tunnel
#
# Right: IM  Left: Tir-Na-Nog'th
#
conn Tir-Na-Nogth-IM
         left=%defaultroute
         leftsubnet=10.0.1.0/24
         #
         right=210.229.239.65
         rightsubnet=10.0.2.0/24
         rightnexthop=154.33.4.102
         #
         auto=add
         leftupdown=/usr/lib/ipsec/_updown
         #
         authby=rsasig
         leftid=@amber.tir-na-nogth.net
         rightid=@edo.insentiv.co.jp
         leftrsasigkey=[keyid AQN/IxlHw]
         rightrsasigkey=[keyid AQOrd0max]

#
#Disable Opportunistic Encryption
#

#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/freeswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore

#> /etc/ipsec.conf 43
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: RSA   {
         # RSA 2192 bits   amber.tir-na-nogth.net   Fri Sep 24 10:51:07  
2004
         # for signatures only, UNSAFE FOR ENCRYPTION
         #pubkey=[keyid AQN/IxlHw]
         Modulus: [...]
         PublicExponent: [...]
         # everything after this point is secret
         PrivateExponent: [...]
         Prime1: [...]
         Prime2: [...]
         Exponent1: [...]
         Exponent2: [...]
         Coefficient: [...]
         }
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Dec 01 09:44:06 2004, 2192 RSA Key AQOrd0max, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@edo.insentiv.co.jp'
000 Dec 01 09:44:06 2004, 2192 RSA Key AQN/IxlHw, until --- -- --:--:--  
---- ok (expires never)
000        ID_FQDN '@amber.tir-na-nogth.net'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates  
IPSEC,
# using encryption.  This behaviour is also called "Opportunistic  
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear  
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 140
-rwxr-xr-x  1 root root 15403 Sep 17 01:40 _confread
-rwxr-xr-x  1 root root 47492 Sep 17 01:40 _copyright
-rwxr-xr-x  1 root root  2379 Sep 17 01:40 _include
-rwxr-xr-x  1 root root  1475 Sep 17 01:40 _keycensor
-rwxr-xr-x  1 root root  3586 Sep 17 01:40 _plutoload
-rwxr-xr-x  1 root root  7167 Sep 17 01:40 _plutorun
-rwxr-xr-x  1 root root 10493 Sep 17 01:40 _realsetup
-rwxr-xr-x  1 root root  1975 Sep 17 01:40 _secretcensor
-rwxr-xr-x  1 root root  9016 Sep 17 01:40 _startklips
-rwxr-xr-x  1 root root 12313 Sep 17 01:40 _updown
-rwxr-xr-x  1 root root  7572 Sep 17 01:40 _updown_x509
-rwxr-xr-x  1 root root  1942 Sep 17 01:40 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 5096
-rwxr-xr-x  1 root root   70814 Sep 17 01:40 _pluto_adns
-rwxr-xr-x  1 root root   19220 Sep 17 01:40 auto
-rwxr-xr-x  1 root root   10248 Sep 17 01:40 barf
-rwxr-xr-x  1 root root     816 Sep 17 01:40 calcgoo
-rwxr-xr-x  1 root root  311083 Sep 17 01:40 eroute
-rwxr-xr-x  1 root root  182519 Sep 17 01:40 klipsdebug
-rwxr-xr-x  1 root root    2461 Sep 17 01:40 look
-rwxr-xr-x  1 root root    7124 Sep 17 01:40 mailkey
-rwxr-xr-x  1 root root   16188 Sep 17 01:40 manual
-rwxr-xr-x  1 root root    1874 Sep 17 01:40 newhostkey
-rwxr-xr-x  1 root root  164746 Sep 17 01:40 pf_key
-rwxr-xr-x  1 root root 2656271 Sep 17 01:40 pluto
-rwxr-xr-x  1 root root   55200 Sep 17 01:40 ranbits
-rwxr-xr-x  1 root root   81674 Sep 17 01:40 rsasigkey
-rwxr-xr-x  1 root root     766 Sep 17 01:40 secrets
-rwxr-xr-x  1 root root   17578 Sep 17 01:40 send-pr
lrwxr-xr-x  1 root root      22 Nov 30 17:54 setup ->  
/etc/rc.d/init.d/ipsec
-rwxr-xr-x  1 root root    1048 Sep 17 01:40 showdefaults
-rwxr-xr-x  1 root root    4364 Sep 17 01:40 showhostkey
-rwxr-xr-x  1 root root  498713 Sep 17 01:40 spi
-rwxr-xr-x  1 root root  250823 Sep 17 01:40 spigrp
-rwxr-xr-x  1 root root  475538 Sep 17 01:40 starter
-rwxr-xr-x  1 root root   50198 Sep 17 01:40 tncfg
-rwxr-xr-x  1 root root   10195 Sep 17 01:40 verify
-rwxr-xr-x  1 root root  228071 Sep 17 01:40 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |   
Transmit
  face |bytes    packets errs drop fifo frame compressed multicast|bytes  
    packets errs drop fifo colls carrier compressed
     lo: 8151281   32896    0    0    0     0          0         0   
8151281   32896    0    0    0     0       0          0
   eth0:2548933292 8499959    0    0    0     0          0         0  
3147675200 10539200   15    0    0 1435843      15          0
    br0:2401961952 8423945    0    0    0     0          0         0  
3150684375 10555639    0    0    0     0       0          0
   ath0:       0       0    0    0    0     0          0         0        
  0       0    0    0    0     0       0          0
   eth1:3562796859 8002331    0    0    0     0          0         0  
2379518427 7010913    0    0    0 42022       0          0
   ppp0:539176220 1247800    0    0    0     0          0         0  
287361640 1133931    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric   
Mask   MTU      Window  IRTT
ppp0    58E537CB        00000000        0005    0       0       0        
FFFFFFFF0       0       0
br0     0001000A        00000000        0001    0       0       0        
00FFFFFF0       0       0
ppp0    0002000A        58E537CB        0003    0       0       0        
00FFFFFF0       0       0
br0     0000FEA9        00000000        0001    0       0       0        
0000FFFF0       0       0
lo      0000007F        00000000        0001    0       0       0        
000000FF0       0       0
ppp0    00000000        58E537CB        0003    0       0       0        
000000000       0       0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter br0/rp_filter default/rp_filter lo/rp_filter  
ppp0/rp_filter
all/rp_filter:0
br0/rp_filter:1
default/rp_filter:1
lo/rp_filter:1
ppp0/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux amber 2.6.10-rc1 #10 Sun Nov 28 17:34:20 EST 2004 i686 athlon  
i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.10-rc1) support detected '
native PFKEY (2.6.10-rc1) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm  
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 11 packets, 526 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    94 23043 ACCEPT     all  --  lo     *       0.0.0.0/0             
0.0.0.0/0
     2    80 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
   103 36218 ppp0_in    all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   207 18909 br0_in     all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain FORWARD (policy DROP 12 packets, 570 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    17   716 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
   730 35772 TCPMSS     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
  6465 2764K ppp0_fwd   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
  5692 1308K br0_fwd    all  --  br0    *       0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination
    94 23043 ACCEPT     all  --  *      lo      0.0.0.0/0             
0.0.0.0/0
     0     0 DROP      !icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID
     0     0 ACCEPT     udp  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
   156 17525 fw2net     all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
   193 68014 fw2loc     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain Drop (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RejectAuth  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropBcast  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropInvalid  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropSMB    all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropUPnP   all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropNotSyn  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropDNSrep  all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain DropDNSrep (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp spt:53

Chain DropSMB (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:137:139
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:445
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:135
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:139
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:445

Chain DropUPnP (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:1900

Chain Reject (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 RejectAuth  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropBcast  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropInvalid  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 RejectSMB  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropUPnP   all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 dropNotSyn  all  --  *      *       0.0.0.0/0             
0.0.0.0/0
     0     0 DropDNSrep  all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain RejectAuth (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:113

Chain RejectSMB (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:135
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:135
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:445

Chain all2all (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
    10  1380 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain blacklst (2 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain br0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   349 17394 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
  5690 1308K loc2net    all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0
     2   360 ACCEPT     all  --  *      br0     0.0.0.0/0             
0.0.0.0/0

Chain br0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    17  1734 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
   207 18909 loc2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain dropBcast (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = broadcast
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = multicast

Chain dropInvalid (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID

Chain dropNotSyn (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp flags:!0x16/0x02

Chain dynamic (4 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   183 66634 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.11
    10  1380 all2all    all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   106 13443 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:53
     1    62 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:53
    45  3780 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     4   240 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain icmpdef (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   190 17175 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22
     1    60 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:3128
    15  1626 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  5343 1291K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
   347 17034 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2all (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source                
destination
    97 32976 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.1            tcp dpt:22
     2   200 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp spt:500 dpt:500
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:50
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:51
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           multiport dports 8100,8041
     4  3042 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain net2loc (1 references)
  pkts bytes target     prot opt in     out     source                
destination
  6055 2734K ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4662
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4672
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4762
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4772
   250 22486 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpt:4862
   160  7884 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:4872
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.1            tcp dpt:80
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.20           tcp dpts:6881:6889
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0             
10.0.1.101          tcp dpt:80
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpt:5060
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
10.0.1.20           udp dpts:16384:16403
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain norfc1918 (2 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 rfc1918    all  --  *      *       172.16.0.0/12         
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 172.16.0.0/12
     0     0 rfc1918    all  --  *      *       192.168.0.0/16        
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 192.168.0.0/16
     0     0 rfc1918    all  --  *      *       10.0.0.0/8            
0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ctorigdst 10.0.0.0/8

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   410 30370 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
   410 30370 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
   410 30370 norfc1918  all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
  6465 2764K net2loc    all  --  *      br0     0.0.0.0/0             
0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     6  3242 dynamic    all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
     6  3242 blacklst   all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state INVALID,NEW
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:67:68
     6  3242 norfc1918  all  --  *      *       0.0.0.0/0             
0.0.0.0/0           state NEW
   103 36218 net2fw     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain reject (7 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = broadcast
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           PKTTYPE = multicast
     0     0 DROP       all  --  *      *       10.0.1.255            
0.0.0.0/0
     0     0 DROP       all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 DROP       all  --  *      *       224.0.0.0/4           
0.0.0.0/0
     0     0 REJECT     tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with tcp-reset
     0     0 REJECT     udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-port-unreachable
     0     0 REJECT     icmp --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-unreachable
     0     0 REJECT     all  --  *      *       0.0.0.0/0             
0.0.0.0/0           reject-with icmp-host-prohibited

Chain rfc1918 (6 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ULOG       all  --  *      *       0.0.0.0/0             
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:rfc1918:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain smurfs (0 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 ULOG       all  --  *      *       10.0.1.255            
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       10.0.1.255            
0.0.0.0/0
     0     0 ULOG       all  --  *      *       255.255.255.255       
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       255.255.255.255       
0.0.0.0/0
     0     0 ULOG       all  --  *      *       224.0.0.0/4           
0.0.0.0/0           ULOG copy_range 0 nlgroup 1 prefix  
`Shorewall:smurfs:DROP:' queue_threshold 1
     0     0 DROP       all  --  *      *       224.0.0.0/4           
0.0.0.0/0
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 238K packets, 18M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   417 33604 net_dnat   all  --  ppp0   *       0.0.0.0/0             
0.0.0.0/0
   212 11210 loc_dnat   all  --  br0    *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 575K packets, 29M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   209 10804 ppp0_masq  all  --  *      ppp0    0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain loc_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     1    48 REDIRECT   tcp  --  *      *       0.0.0.0/0            
!10.0.2.0/24         tcp dpt:80 redir ports 3128

Chain net_dnat (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4662 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4672 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4762 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4772 to:10.0.1.20
   251 22534 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:4862 to:10.0.1.20
   161  7932 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:4872 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:888 to:10.0.1.1:80
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:222 to:10.0.1.1:22
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpts:6881:6889 to:10.0.1.20
     0     0 DNAT       tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:8888 to:10.0.1.101:80
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpt:5060 to:10.0.1.20
     0     0 DNAT       udp  --  *      *       0.0.0.0/0             
0.0.0.0/0           udp dpts:16384:16403 to:10.0.1.20

Chain ppp0_masq (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   200 10166 MASQUERADE  all  --  *      *       10.0.1.0/24           
0.0.0.0/0
     0     0 MASQUERADE  all  --  *      *       169.254.0.0/16        
0.0.0.0/0
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 16M packets, 5800M bytes)
  pkts bytes target     prot opt in     out     source                
destination
12599 4160K pretos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
12595 4157K tcpre      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain INPUT (policy ACCEPT 1891K packets, 301M bytes)
  pkts bytes target     prot opt in     out     source                
destination

Chain FORWARD (policy ACCEPT 15M packets, 5498M bytes)
  pkts bytes target     prot opt in     out     source                
destination
12193 4080K tcfor      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3046K packets, 4034M bytes)
  pkts bytes target     prot opt in     out     source                
destination
   444  114K outtos     all  --  *      *       0.0.0.0/0             
0.0.0.0/0
   444  114K tcout      all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 18M packets, 9528M bytes)
  pkts bytes target     prot opt in     out     source                
destination
12624 4194K tcpost     all  --  *      *       0.0.0.0/0             
0.0.0.0/0

Chain outtos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
   143 61212 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
  pkts bytes target     prot opt in     out     source                
destination
   208 17558 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:22 TOS set 0x10
    41  5485 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:22 TOS set 0x10
     6   240 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:21 TOS set 0x10
     6   240 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:21 TOS set 0x10
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp spt:20 TOS set 0x08
     0     0 TOS        tcp  --  *      *       0.0.0.0/0             
0.0.0.0/0           tcp dpt:20 TOS set 0x08

Chain tcfor (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcout (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcpost (1 references)
  pkts bytes target     prot opt in     out     source                
destination

Chain tcpre (1 references)
  pkts bytes target     prot opt in     out     source                
destination
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
xfrm4_tunnel 2884 0 - Live 0xe0a85000
lt_serial 25712 1 - Live 0xe0d6d000
lt_modem 567728 3 lt_serial, Live 0xe0df1000
dvb_bt8xx 7236 0 - Live 0xe0ad6000
dvb_core 74736 1 dvb_bt8xx, Live 0xe0b17000
mt352 4996 1 dvb_bt8xx, Live 0xe0ad3000
sp887x 7428 1 dvb_bt8xx, Live 0xe0ab1000
dst 12040 1 dvb_bt8xx, Live 0xe0acf000
bt878 8696 2 dvb_bt8xx,dst, Live 0xe0aa9000
bttv 145488 2 dvb_bt8xx,bt878, Live 0xe0af2000
video_buf 16964 1 bttv, Live 0xe0a9f000
firmware_class 7616 3 dvb_bt8xx,sp887x,bttv, Live 0xe0a7c000
i2c_algo_bit 8328 1 bttv, Live 0xe0a78000
v4l2_common 4864 1 bttv, Live 0xe0a64000
btcx_risc 3720 1 bttv, Live 0xe0a48000
i2c_core 19216 6 dvb_bt8xx,mt352,sp887x,dst,bttv,i2c_algo_bit, Live  
0xe0a7f000
videodev 7232 1 bttv, Live 0xe0a61000
v4l1_compat 12932 0 - Live 0xe0a73000
nfsd 100616 9 - Live 0xe0ab5000
exportfs 4928 1 nfsd, Live 0xe0a45000
lockd 64168 2 nfsd, Live 0xe0a87000
deflate 2688 0 - Live 0xe0a43000
zlib_deflate 21080 1 deflate, Live 0xe0a5a000
twofish 37120 0 - Live 0xe0a68000
serpent 13248 0 - Live 0xe0a55000
aes_i586 38452 0 - Live 0xe0a4a000
blowfish 8000 0 - Live 0xe0a40000
des 11264 2 - Live 0xe09f8000
sha256 8960 0 - Live 0xe0a38000
sha1 8512 0 - Live 0xe0a34000
md5 3648 2 - Live 0xe0974000
crypto_null 1984 0 - Live 0xe0981000
ipcomp 6472 0 - Live 0xe0a26000
esp4 6720 2 - Live 0xe0a23000
ah4 5312 0 - Live 0xe0a20000
af_key 27024 0 - Live 0xe0a2c000
ipt_LOG 6272 0 - Live 0xe0a29000
ipt_TOS 1984 12 - Live 0xe0a1e000
ipt_MASQUERADE 2880 2 - Live 0xe0a1c000
ipt_REDIRECT 1728 1 - Live 0xe0a08000
ipt_REJECT 5632 4 - Live 0xe0a10000
ipt_ULOG 6244 4 - Live 0xe0a0d000
ipt_TCPMSS 3520 1 - Live 0xe09fc000
ipt_state 1472 20 - Live 0xe0a06000
ipt_pkttype 1344 4 - Live 0xe0a04000
ipt_physdev 1808 0 - Live 0xe0a02000
ipt_multiport 1664 1 - Live 0xe0a00000
ipt_conntrack 1984 3 - Live 0xe09fe000
iptable_mangle 2176 1 - Live 0xe0996000
ip_nat_irc 3504 0 - Live 0xe0994000
ip_nat_tftp 2992 0 - Live 0xe097f000
ip_nat_ftp 4144 0 - Live 0xe0991000
iptable_nat 21960 6  
ipt_MASQUERADE,ipt_REDIRECT,ip_nat_irc,ip_nat_tftp,ip_nat_ftp, Live  
0xe09e0000
ip_conntrack_irc 70512 1 ip_nat_irc, Live 0xe09cd000
ip_conntrack_tftp 3056 0 - Live 0xe0908000
ip_conntrack_ftp 71408 1 ip_nat_ftp, Live 0xe09ba000
ip_conntrack 39732 10  
ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp 
,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp, Live  
0xe0983000
iptable_filter 2176 1 - Live 0xe08f0000
ip_tables 16000 15  
ipt_LOG,ipt_TOS,ipt_MASQUERADE,ipt_REDIRECT,ipt_REJECT,ipt_ULOG,ipt_TCPM 
SS,ipt_state,ipt_pkttype,ipt_physdev,ipt_multiport,ipt_conntrack,iptable 
_mangle,iptable_nat,iptable_filter, Live 0xe08fd000
sunrpc 132388 13 nfsd,lockd, Live 0xe0998000
ppp_synctty 7936 0 - Live 0xe0971000
ppp_async 9024 1 - Live 0xe095c000
crc_ccitt 1664 1 ppp_async, Live 0xe08f2000
ppp_generic 21524 6 ppp_synctty,ppp_async, Live 0xe0918000
slhc 7232 1 ppp_generic, Live 0xe08fa000
8139too 20032 0 - Live 0xe0902000
ath_pci 50912 0 - Live 0xe090a000
ath_rate_onoe 6728 1 ath_pci, Live 0xe0820000
wlan 103964 3 ath_pci,ath_rate_onoe, Live 0xe0941000
ath_hal 131344 2 ath_pci, Live 0xe091f000
via_rhine 18308 0 - Live 0xe08f4000
mii 3904 2 8139too,via_rhine, Live 0xe084f000
crc32 3840 3 dvb_core,8139too,via_rhine, Live 0xe0823000
usblp 10816 0 - Live 0xe083a000
uhci_hcd 29712 0 - Live 0xe0844000
ehci_hcd 26052 0 - Live 0xe0832000
usbcore 102296 4 usblp,uhci_hcd,ehci_hcd, Live 0xe0851000
thermal 10568 0 - Live 0xe0804000
sata_via 4484 6 - Live 0xe081a000
libata 38916 1 sata_via, Live 0xe0827000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal:       515788 kB
MemFree:          2820 kB
Buffers:         20068 kB
Cached:         314700 kB
SwapCached:        880 kB
Active:         400236 kB
Inactive:        87060 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       515788 kB
LowFree:          2820 kB
SwapTotal:     1052216 kB
SwapFree:      1050096 kB
Dirty:             224 kB
Writeback:           0 kB
Mapped:         179900 kB
Slab:            16188 kB
CommitLimit:   1310108 kB
Committed_AS:   487044 kB
CommitAvail:    823064 kB
PageTables:       1896 kB
VmallocTotal:   516056 kB
VmallocUsed:      6064 kB
VmallocChunk:   509412 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.10-rc1/build/.config
++ uname -r
+ cat /lib/modules/2.6.10-rc1/build/.config
+ egrep  
'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
# CONFIG_NETLINK_DEV is not set
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_COMPAT_IPFWADM=m
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                 
/var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                 
/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 203.0.178.191
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 528
drwxr-xr-x  4 root root   4096 Oct 28 17:58 2.6.5-1.358
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-enc.bin
-rw-r--r--  1 root root 262144 Oct 29 22:36 ivtv-fw-dec.bin
drwxr-xr-x  7 root root   4096 Nov 28 17:34 2.6.10-rc1
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02cbbd0 T netif_rx
c02cbd70 T netif_rx_ni
c02cbbd0 U netif_rx     [dvb_core]
c02cbbd0 U netif_rx     [ppp_generic]
c02cbbd0 U netif_rx     [ath_pci]
c02cbbd0 U netif_rx     [wlan]
c02cbbd0 U netif_rx     [via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-rc1:
2.6.5-1.358:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '4425808,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Dec  1 09:44:06 amber ipsec_setup: Starting Openswan IPsec  
U2.2.0/K2.6.10-rc1...
+ _________________________ plog
+ sed -n '635,$p' /var/log/secure
+ cat
+ egrep -i pluto
Dec  1 09:44:06 amber ipsec__plutorun: Starting Pluto subsystem...
Dec  1 09:44:06 amber pluto[13381]: Starting Pluto (Openswan Version  
2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Dec  1 09:44:06 amber pluto[13381]:   including NAT-Traversal patch  
(Version 0.6c) [disabled]
Dec  1 09:44:06 amber pluto[13381]: ike_alg_register_enc(): Activating  
OAKLEY_AES_CBC: Ok (ret=0)
Dec  1 09:44:06 amber pluto[13381]: Using Linux 2.6 IPsec interface code
Dec  1 09:44:06 amber pluto[13381]: Changing to directory  
'/etc/ipsec.d/cacerts'
Dec  1 09:44:06 amber pluto[13381]: Could not change to directory  
'/etc/ipsec.d/aacerts'
Dec  1 09:44:06 amber pluto[13381]: Changing to directory  
'/etc/ipsec.d/ocspcerts'
Dec  1 09:44:06 amber pluto[13381]: Changing to directory  
'/etc/ipsec.d/crls'
Dec  1 09:44:06 amber pluto[13381]:   Warning: empty directory
Dec  1 09:44:06 amber pluto[13381]: added connection description  
"Tir-Na-Nogth-IM"
Dec  1 09:44:06 amber pluto[13381]: listening for IKE messages
Dec  1 09:44:06 amber pluto[13381]: adding interface ppp0/ppp0  
203.206.236.211
Dec  1 09:44:06 amber pluto[13381]: adding interface br0/br0 10.0.1.1
Dec  1 09:44:06 amber pluto[13381]: adding interface lo/lo 127.0.0.1
Dec  1 09:44:06 amber pluto[13381]: loading secrets from  
"/etc/ipsec.secrets"
Dec  1 09:44:23 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: initiating  
Main Mode
Dec  1 09:44:24 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: transition  
from state STATE_MAIN_I1 to state STATE_MAIN_I2
Dec  1 09:44:24 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: I did not  
send a certificate because I do not have one.
Dec  1 09:44:24 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: transition  
from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: Peer ID is  
ID_FQDN: '@Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #1:  
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #1: ISAKMP SA  
established
Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #2: initiating  
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #2: transition  
from state STATE_QUICK_I1 to state STATE_QUICK_I2
Dec  1 09:44:25 amber pluto[13381]: "Tir-Na-Nogth-IM" #2: sent QI2,  
IPsec SA established {ESP=>0xed2385f1 <0x67b4c13c}
+ _________________________ date
+ date
Wed Dec  1 09:45:32 EST 2004



More information about the Users mailing list