[Openswan Users] IPSEC BARF part 2

Greg Dickinson gdickinson at logistasolutions.com
Fri Oct 22 15:41:21 CEST 2004


Here is the rest of the listing :-)

+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
lrwxrwxrwx    1 root     root           16 Oct 22 14:12
/proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx    1 root     root           16 Oct 22 14:12
/proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx    1 root     root           13 Oct 22 14:12
/proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx    1 root     root           16 Oct 22 14:12
/proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx    1 root     root           11 Oct 22 14:12
/proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx    1 root     root           13 Oct 22 14:12
/proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.4.20-31.9custom/build/.config
++ uname -r
+ cat /lib/modules/2.4.20-31.9custom/build/.config
+ egrep
'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NETLINK_DEV=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_LARGE_TABLES=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_INET_ECN is not set
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_LOCAL=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_COMPAT_IPFWADM=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IPV6=m
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_IPHASE5526=m
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_KCS=m
CONFIG_IPMI_WATCHDOG=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none		/var/log/messages

# The authpriv file has restricted access.
authpriv.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							/var/log/maillog


# Log cron stuff
cron.*							/var/log/cron

# Everybody gets emergency messages
*.emerg							*

# Save news errors of level crit and higher in a special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*						/var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search bps
nameserver 204.181.147.2

+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 20
drwxr-xr-x    3 root     root         4096 Jul 22 14:43 2.4.20-8
drwxr-xr-x    3 root     root         4096 Jul 22 14:44 2.4.20-8smp
drwxr-xr-x    3 root     root         4096 Jul 22 16:53 2.4.20-31.9
drwxr-xr-x    3 root     root         4096 Jul 22 16:54 2.4.20-31.9smp
drwxr-xr-x    4 root     root         4096 Aug 11 09:16
2.4.20-31.9custom
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ egrep netif_rx /proc/ksyms
c0210530 netif_rx_Rsmp_17a8054f
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.20-31.9:          U netif_rx_R733de01d
2.4.20-31.9custom:          U netif_rx_Rsmp_17a8054f
2.4.20-31.9smp:          U netif_rx_Rsmp_2f065443
2.4.20-8:          U netif_rx_R8d84bcda
2.4.20-8smp:          U netif_rx_Rsmp_72a4855f
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '7232,$p' /var/log/messages
+ cat
+ egrep -i 'ipsec|klips|pluto'
Oct 22 14:11:16 famcourt ipsec_setup: Starting Openswan IPsec 2.1.4...
Oct 22 14:11:16 famcourt kernel: klips_info:ipsec_init: KLIPS startup,
Openswan IPsec version: 2.1.4
Oct 22 14:11:16 famcourt ipsec_setup: Using
/lib/modules/2.4.20-31.9custom/kernel/ipsec.o
Oct 22 14:11:16 famcourt /etc/hotplug/net.agent: invoke ifup ipsec1
Oct 22 14:11:16 famcourt /etc/hotplug/net.agent: invoke ifup ipsec0
Oct 22 14:11:16 famcourt ipsec_setup: KLIPS debug `none'
Oct 22 14:11:16 famcourt /etc/hotplug/net.agent: invoke ifup ipsec3
Oct 22 14:11:16 famcourt /etc/hotplug/net.agent: invoke ifup ipsec2
Oct 22 14:11:16 famcourt ipsec_setup: KLIPS ipsec0 on eth0
172.25.1.2/255.255.255.0 broadcast 172.25.1.255 
Oct 22 14:11:17 famcourt ipsec_setup: ...Openswan IPsec started
Oct 22 14:11:18 famcourt ipsec__plutorun: 104 "famcourtnet-boenet" #1:
STATE_MAIN_I1: initiate
Oct 22 14:11:18 famcourt ipsec__plutorun: ...could not start conn
"famcourtnet-boenet"
+ _________________________ plog
+ sed -n '10717,$p' /var/log/secure
+ egrep -i pluto
+ cat
Oct 22 14:11:17 famcourt ipsec__plutorun: Starting Pluto subsystem...
Oct 22 14:11:17 famcourt pluto[31695]: Starting Pluto (Openswan Version
2.1.4 X.509-1.4.8-1 PLUTO_USES_KEYRR)
Oct 22 14:11:17 famcourt pluto[31695]:   including NAT-Traversal patch
(Version 0.6c)
Oct 22 14:11:17 famcourt pluto[31695]: Using KLIPS IPsec interface
code
Oct 22 14:11:17 famcourt pluto[31695]: Changing to directory
'/etc/ipsec.d/cacerts'
Oct 22 14:11:17 famcourt pluto[31695]:   Warning: empty directory
Oct 22 14:11:17 famcourt pluto[31695]: Changing to directory
'/etc/ipsec.d/crls'
Oct 22 14:11:17 famcourt pluto[31695]:   Warning: empty directory
Oct 22 14:11:17 famcourt pluto[31695]: added connection description
"famcourtnet-boenet"
Oct 22 14:11:18 famcourt pluto[31695]: added connection description
"famcourtnet-selnet"
Oct 22 14:11:18 famcourt pluto[31695]: listening for IKE messages
Oct 22 14:11:18 famcourt pluto[31695]: adding interface ipsec0/eth0
172.25.1.2
Oct 22 14:11:18 famcourt pluto[31695]: adding interface ipsec0/eth0
172.25.1.2:4500
Oct 22 14:11:18 famcourt pluto[31695]: loading secrets from
"/etc/ipsec.secrets"
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
initiating Main Mode
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal)
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am
NATed
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Oct 22 14:11:18 famcourt pluto[31695]: "famcourtnet-boenet" #1: Peer ID
is ID_FQDN: '@ns2.bps'
Oct 22 14:11:19 famcourt pluto[31695]: "famcourtnet-boenet" #1:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Oct 22 14:11:19 famcourt pluto[31695]: "famcourtnet-boenet" #1: ISAKMP
SA established
Oct 22 14:11:19 famcourt pluto[31695]: "famcourtnet-boenet" #2:
initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Oct 22 14:11:19 famcourt pluto[31695]: "famcourtnet-boenet" #2:
transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Oct 22 14:11:19 famcourt pluto[31695]: "famcourtnet-boenet" #2: sent
QI2, IPsec SA established {ESP=>0x355e94cb <0xf680019b}
Oct 22 14:11:37 famcourt pluto[31695]: "famcourtnet-selnet" #3:
initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Oct 22 14:11:37 famcourt pluto[31695]: "famcourtnet-selnet" #3:
transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Oct 22 14:11:37 famcourt pluto[31695]: "famcourtnet-selnet" #3: sent
QI2, IPsec SA established {ESP=>0xfb894d9d <0xf680019c}
+ _________________________ date
+ date
Fri Oct 22 14:12:57 CDT 2004



More information about the Users mailing list