[Openswan Users] no default routes
Chris McKeever
techjedi at gmail.com
Mon Sep 20 11:34:31 CEST 2004
On Mon, 20 Sep 2004 16:45:27 +0200 (MET DST), Paul Wouters
<paul at xelerance.com> wrote:
> On Mon, 20 Sep 2004, Chris McKeever wrote:
>
> > I have two network cards, eth0/eth1
> > eth1 being the public side and eth0 being the private side
> >
> > route
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
> > 192.168.250.0 * 255.255.255.0 U 0 0 0 eth1
> > 192.168.250.0 * 255.255.255.0 U 0 0 0 ipsec0
> > default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
> >
> > If I leave interfaces=%defaultroute, then I get the ipsecn message,
> > when I explicitly define ipsec0=eht1 , I can see the connections
> > trying but unfortunately, the leftnexthop is defined wrong.
>
> Can't you set leftnexthop to 192.168.250.20?
>
havent tried will give that a show
> > I am trying to VPN through a switch
> > (if you are wondering why - the switch is a wireless access point - so
> > I am trying to only let authenticated users onto the lan)
> >
> > client(192.168.250.20) -- 192.168.250.1/left gateway/192.168.0.13
>
> Is your gateway 192.168.0.13 or 192.168.0.254? According to the route cmd
> it is 192.168.0.254.
>
this is where it gets tricky -- 192.168.0.254 is the gateway to the
internet - let me add more detail to my diagram
client(192.168.250.20)
|
|
WLAN/SWITCH (192.168.250.0/24)
|
|
192.168.250.1
/left gateway running openswan/
192.168.0.13
|
|
LAN/SWITCH (192.168.0.0/24)
|
|
192.168.0.254 - GATEWAY
|
|
INTERNET
> > config setup
> > interfaces="ipsec0=eth1"
> > klipsdebug=none
> > plutodebug=none
> > plutoload=%search
> > plutostart=%search
>
> This is openswan-1?
>
> > plutowait=no
> > uniqueids=yes
> >
> > conn %default
> > keyingtries=0
> >
> > conn statis
> > left=192.168.250.1
> > leftsubnet=192.168.0.0/24
> > leftnexthop=192.168.250.10 <---- definately doesnt work
> > right=%any
>
> Why not right=192.168.250.20?
raodwarrior? didnt want to put subnets and rightnexthow
>
> > any suggestions?
>
> I'd need to see more information, such as an 'ipsec barf' to see more
> details on what is going wrong. Likely there are non-standard routes,
> like hostroutes that might be complicating things.
this may be slightly changed in regards to the ipsec.conf - but the
routing should be the same
smoothwall
Mon Sep 20 10:14:04 BST 2004
+ _________________________ version
+ ipsec --version
Linux Openswan 1.0.7
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.27 (root at lawrence) (gcc version 3.2 20020903 (Red
Hat Linux 8.0 3.2-7)) #1 Mon Aug 9 16:39:19 BST 2004
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
cf498e10 15615 cecfaaa0 0 0 0 0 2 106496 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 cecfaaa0 15615 cf498e10
pf_key_registered: 3 cecfaaa0 15615 cf498e10
pf_key_registered: 9 cecfaaa0 15615 cf498e10
pf_key_registered: 10 cecfaaa0 15615 cf498e10
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 14 7 0 512 512
pf_key_supported: 3 14 5 0 256 256
pf_key_supported: 3 15 12 128 128 256
pf_key_supported: 3 15 3 64 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink
debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose
debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.250.1
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64,
keysizemin=168, keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512,
keysizemin=512, keysizemax=512
000
000 algorithm IKE encrypt: id=65289, name=OAKLEY_SSH_PRIVATE_65289,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=6, name=OAKLEY_CAST_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC,
blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8, keydeflen=64
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=1, name=OAKLEY_GROUP_MODP768, bits=768
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "statis": 192.168.0.0/24===192.168.250.1---192.168.250.10...192.168.200.10===192.168.200.0/24
000 "statis": CAs: '%any'...'%any'
000 "statis": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "statis": policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; unrouted
000 "statis": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "statis": IKE algorithms wanted: 7_000-1-5, 7_000-2-5, 7_000-1-2,
7_000-2-2, 7_000-1-1, 7_000-2-1, 5_000-1-5, 5_000-2-5, 5_000-1-2,
5_000-2-2, 5_000-1-1, 5_000-2-1, flags=-strict
000 "statis": IKE algorithms found: 7_128-1_128-5, 7_128-2_160-5,
7_128-1_128-2, 7_128-2_160-2, 7_128-1_128-1, 7_128-2_160-1,
5_192-1_128-5, 5_192-2_160-5, 5_192-1_128-2, 5_192-2_160-2,
5_192-1_128-1, 5_192-2_160-1,
000 "statis": ESP algorithms wanted: 12_000-1, 12_000-2, 3_000-1,
3_000-2, flags=-strict
000 "statis": ESP algorithms loaded: 12_128-1_128, 12_128-2_160,
3_168-1_128, 3_168-2_160,
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:B0:D0:4E:7D:89
inet addr:192.168.0.13 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65413 errors:0 dropped:0 overruns:0 frame:0
TX packets:62569 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6346825 (6.0 Mb) TX bytes:9791854 (9.3 Mb)
Interrupt:5 Base address:0xec00
eth1 Link encap:Ethernet HWaddr 00:20:78:06:E9:8D
inet addr:192.168.250.1 Bcast:192.168.250.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13000 errors:0 dropped:0 overruns:0 frame:0
TX packets:9031 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1127812 (1.0 Mb) TX bytes:926413 (904.7 Kb)
Interrupt:10 Base address:0xe800
ipsec0 Link encap:Ethernet HWaddr 00:20:78:06:E9:8D
inet addr:192.168.250.1 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:236 errors:0 dropped:0 overruns:0 frame:0
TX packets:236 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17781 (17.3 Kb) TX bytes:17781 (17.3 Kb)
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
smoothwall
+ _________________________ hostname/ipaddress
+ hostname --ip-address
192.168.0.13
+ _________________________ uptime
+ uptime
10:14am up 18:28, 3 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
100 0 20169 9713 9 0 2016 936 do_sel S ttyp1 0:00 | \_ vi ipsec.conf
000 0 20950 20935 9 0 1984 912 wait4 S ttyp0 0:00 \_ /bin/sh
/usr/local/sbin/ipsec barf
000 0 20951 20950 16 0 2008 972 wait4 S ttyp0 0:00 \_ /bin/sh
/usr/local/lib/ipsec/barf
040 0 15609 1 9 0 2008 952 wait4 S ttyp1 0:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug none --uniqueids
040 0 15611 15609 9 0 2008 960 wait4 S ttyp1 0:00 \_ /bin/sh
/usr/local/lib/ipsec/_plutorun --debug none --uniqu
100 0 15615 15611 9 0 2568 960 do_sel S ttyp1 0:00 | \_
/usr/local/lib/ipsec/pluto --nofork --debug-none --uniq
000 0 15617 15615 9 0 1356 264 do_sel S ttyp1 0:00 | \_ _pluto_adns 7 10
000 0 15612 15609 8 0 1992 948 pipe_w S ttyp1 0:00 \_ /bin/sh
/usr/local/lib/ipsec/_plutoload --load %search --st
000 0 15610 1 9 0 1296 364 pipe_w S ttyp1 0:00 logger -p daemon.error
-t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr: no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
plutowait=no
uniqueids=yes
conn %default
keyingtries=0
conn statis
left=192.168.250.1
leftsubnet=192.168.0.0/24
leftnexthop=192.168.250.10
right=192.168.200.10
rightsubnet=192.168.200.0/24
rightnexthop=192.168.250.1
compress=no
auto=add
ike=aes,3des
esp=aes,3des
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
192.168.250.1 192.168.250.10 : PSK "[sums to 23cd...]"
192.168.250.1 %any : PSK "[sums to 23cd...]"
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 4016
-rwxr-xr-x 1 root root 11426 Aug 26 10:31 _confread
-rwxr-xr-x 1 root root 48895 Aug 26 10:31 _copyright
-rwxr-xr-x 1 root root 2164 Aug 26 10:31 _include
-rwxr-xr-x 1 root root 1476 Aug 26 10:31 _keycensor
-rwxr-xr-x 1 root root 71763 Aug 26 10:31 _pluto_adns
-rwxr-xr-x 1 root root 3497 Aug 26 10:31 _plutoload
-rwxr-xr-x 1 root root 5946 Aug 26 10:31 _plutorun
-rwxr-xr-x 1 root root 7825 Aug 26 10:31 _realsetup
-rwxr-xr-x 1 root root 1975 Aug 26 10:31 _secretcensor
-rwxr-xr-x 1 root root 7058 Aug 26 10:31 _startklips
-rwxr-xr-x 1 root root 5009 Aug 26 10:31 _updown
-rwxr-xr-x 1 root root 7572 Aug 26 10:31 _updown.x509
-rwxr-xr-x 1 root root 14416 Aug 26 10:31 auto
-rwxr-xr-x 1 root root 7193 Aug 26 10:31 barf
-rwxr-xr-x 1 root root 816 Aug 26 10:31 calcgoo
-rwxr-xr-x 1 root root 321173 Aug 26 10:31 eroute
-rwxr-xr-x 1 root root 140494 Aug 26 10:31 ikeping
-rwxr-xr-x 1 root root 2911 Aug 26 10:31 ipsec
-rw-r--r-- 1 root root 1950 Aug 26 10:31 ipsec_pr.template
-rwxr-xr-x 1 root root 173609 Aug 26 10:31 klipsdebug
-rwxr-xr-x 1 root root 2444 Aug 26 10:31 look
-rwxr-xr-x 1 root root 16158 Aug 26 10:31 manual
-rwxr-xr-x 1 root root 1847 Aug 26 10:31 newhostkey
-rwxr-xr-x 1 root root 150184 Aug 26 10:31 pf_key
-rwxr-xr-x 1 root root 1799356 Aug 26 10:31 pluto
-rwxr-xr-x 1 root root 53452 Aug 26 10:31 ranbits
-rwxr-xr-x 1 root root 77674 Aug 26 10:31 rsasigkey
-rwxr-xr-x 1 root root 16730 Aug 26 10:31 send-pr
lrwxrwxrwx 1 root root 22 Sep 19 13:01 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1043 Aug 26 10:31 showdefaults
-rwxr-xr-x 1 root root 4242 Aug 26 10:31 showhostkey
-rwxr-xr-x 1 root root 442813 Aug 26 10:31 spi
-rwxr-xr-x 1 root root 268834 Aug 26 10:31 spigrp
-rwxr-xr-x 1 root root 60995 Aug 26 10:31 tncfg
-rw-r--r-- 1 root root 16280 Apr 2 14:41 uml_netjig
-rwxr-xr-x 1 root root 7416 Aug 26 10:31 verify
-rwxr-xr-x 1 root root 238000 Aug 26 10:31 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.3 2003/11/25 00:37:27 ken Exp $
# CAUTION: Installing a new version of Openswan will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# Openswan use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/lib/ipsec/_updown.x509
#! /bin/sh
#
# customized updown script
#
# logging of VPN connections
#
# tag put in front of each log entry:
TAG=vpn
#
# syslog facility and priority used:
FAC_PRIO=local0.notice
#
# to create a special vpn logging file, put the following line into
# the syslog configuration file /etc/syslog.conf:
#
# local0.notice -/var/log/vpn
#
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&"
it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2
;;
*) it="route $1 $parms $parms2"
route $1 $parms $parms2
;;
esac
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# are there port numbers?
if [ "$PLUTO_MY_PORT" != 0 ]
then
S_MY_PORT="--sport $PLUTO_MY_PORT"
D_MY_PORT="--dport $PLUTO_MY_PORT"
fi
if [ "$PLUTO_PEER_PORT" != 0 ]
then
S_PEER_PORT="--sport $PLUTO_PEER_PORT"
D_PEER_PORT="--dport $PLUTO_PEER_PORT"
fi
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
parms1="-net 0.0.0.0 netmask 128.0.0.0"
parms2="-net 128.0.0.0 netmask 128.0.0.0"
it="route del $parms1 2>&1 ; route del $parms2 2>&1"
oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`"
;;
*)
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
it="route del $parms 2>&1"
oops="`route del $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
fi
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
fi
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 17781 236 0 0 0 0 0 0 17781 236 0 0 0 0 0 0
eth0: 6346825 65413 0 0 0 0 0 0 9791854 62569 0 0 0 0 0 0
eth1: 1127812 13000 0 0 0 0 0 0 926413 9031 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 0000A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 00FAA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
ipsec0 00FAA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 00000000 FE00A8C0 0003 0 0 0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter
eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
ipsec0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux smoothwall 2.4.27 #1 Mon Aug 9 16:39:19 BST 2004 i686 i686 i386 GNU/Linux
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan 1.0.7
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
43068 3661K ipac~o all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ipblock all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ipblock all -- ippp0 * 0.0.0.0/0 0.0.0.0/0
2946 301K ipblock all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 advnet all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 advnet all -- ippp0 * 0.0.0.0/0 0.0.0.0/0
2946 301K advnet all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 spoof all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 spoof all -- ippp0 * 0.0.0.0/0 0.0.0.0/0
2946 301K spoof all -- eth1 * 0.0.0.0/0 0.0.0.0/0
66 4049 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
40067 3357K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
2946 301K secin all -- * * 0.0.0.0/0 0.0.0.0/0
2946 301K block all -- * * 0.0.0.0/0 0.0.0.0/0
2356 190K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
2356 190K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8912 591K ipac~fi all -- * * 0.0.0.0/0 0.0.0.0/0
8912 591K ipac~fo all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ipblock all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ipblock all -- ippp0 * 0.0.0.0/0 0.0.0.0/0
8912 591K ipblock all -- eth1 * 0.0.0.0/0 0.0.0.0/0
8912 591K secout all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- * ippp0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * ippp0 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 state NEW
8912 591K portfwf all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 ipsec0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ipsec0 eth0 0.0.0.0/0 0.0.0.0/0
8912 591K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
8912 591K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 46718 packets, 4902K bytes)
pkts bytes target prot opt in out source destination
46705 4899K ipac~i all -- * * 0.0.0.0/0 0.0.0.0/0
Chain advnet (3 references)
pkts bytes target prot opt in out source destination
Chain block (1 references)
pkts bytes target prot opt in out source destination
112 33268 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
2834 268K xtaccess all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ipsec all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ipsec all -- ippp0 * 0.0.0.0/0 0.0.0.0/0
2834 268K ipsec all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- ippp0 * 0.0.0.0/0 0.0.0.0/0
8 480 ACCEPT icmp -- eth1 * 0.0.0.0/0 192.168.250.0/24
Chain dmzholes (0 references)
pkts bytes target prot opt in out source destination
Chain ipac~fi (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
45 2958 all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain ipac~fo (1 references)
pkts bytes target prot opt in out source destination
45 2958 all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain ipac~i (1 references)
pkts bytes target prot opt in out source destination
45 2896 all -- * eth0 0.0.0.0/0 0.0.0.0/0
39 3660 all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain ipac~o (1 references)
pkts bytes target prot opt in out source destination
62 4165 all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain ipblock (6 references)
pkts bytes target prot opt in out source destination
Chain ipsec (3 references)
pkts bytes target prot opt in out source destination
40 18744 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
430 58104 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
Chain portfwf (1 references)
pkts bytes target prot opt in out source destination
Chain secin (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
Chain secout (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
Chain spoof (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 192.168.0.0/24 0.0.0.0/0
Chain xtaccess (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 ACCEPT tcp -- ippp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
+ _________________________ ipchains/list
+ ipchains -L -v -n
/usr/local/lib/ipsec/barf: line 197: ipchains: command not found
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
/usr/local/lib/ipsec/barf: line 199: ipfwadm: command not found
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
/usr/local/lib/ipsec/barf: line 201: ipfwadm: command not found
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
/usr/local/lib/ipsec/barf: line 203: ipfwadm: command not found
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 59618 packets, 4900K bytes)
pkts bytes target prot opt in out source destination
34577 2917K jmpsquid all -- eth0 * 0.0.0.0/0 0.0.0.0/0
45914 3708K portfw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 73 packets, 8717 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * ippp0 0.0.0.0/0 0.0.0.0/0
6 524 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain jmpsquid (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12
34562 2916K RETURN all -- * * 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16
15 705 squid all -- * * 0.0.0.0/0 0.0.0.0/0
Chain portfw (1 references)
pkts bytes target prot opt in out source destination
Chain squid (1 references)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
/usr/local/lib/ipsec/barf: line 207: ipchains: command not found
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
/usr/local/lib/ipsec/barf: line 209: ipfwadm: command not found
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
iptables v1.2.8: can't initialize iptables table `mangle': Table does
not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ proc/modules
+ cat /proc/modules
ipsec_sha2 10028 0 (unused)
ipsec_aes 33232 0 (unused)
ipsec 265056 2 [ipsec_sha2 ipsec_aes]
tulip 40832 1
crc32 3560 0 [tulip]
3c59x 27536 1
ip_nat_quake3 2472 0 (unused)
ip_conntrack_quake3 2472 1
ip_nat_h323 3100 0 (unused)
ip_conntrack_h323 2848 1
ip_nat_mms 3376 0 (unused)
ip_conntrack_mms 3664 1
ip_nat_ftp 3440 0 (unused)
ip_conntrack_ftp 4528 1
ip_nat_irc 2832 0 (unused)
ip_conntrack_irc 3632 1
ppp_async 7840 0 (unused)
ppp_synctty 6304 0 (unused)
ppp_generic 21084 0 [ppp_async ppp_synctty]
slhc 5624 0 [ppp_generic]
usb-uhci 23564 0 (unused)
usbcore 67264 1 [usb-uhci]
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 262197248 95973376 166223872 0 53063680 28016640
Swap: 24666112 0 24666112
MemTotal: 256052 kB
MemFree: 162328 kB
MemShared: 0 kB
Buffers: 51820 kB
Cached: 27360 kB
SwapCached: 0 kB
Active: 54088 kB
Inactive: 32516 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 256052 kB
LowFree: 162328 kB
SwapTotal: 24088 kB
SwapFree: 24088 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Sep 20 10:14 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /var/log/kernel
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *
# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
*.* /dev/tty12+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 127.0.0.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 20
drwxr-xr-x 4 root root 4096 Sep 2 2003 2.4.22
drwxr-xr-x 4 root root 4096 Jan 6 2004 2.4.24
drwxr-xr-x 4 root root 4096 Feb 23 2004 2.4.25
drwxr-xr-x 4 root root 4096 May 21 10:41 2.4.26
drwxr-xr-x 4 root root 4096 Aug 9 17:04 2.4.27
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c01c1c30 netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.22:
2.4.24:
2.4.25:
2.4.26:
2.4.27:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '967,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Sep 19 13:07:02 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 19 13:07:02 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 19 13:07:02 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 19 13:07:02 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 19 13:07:02 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 19 13:07:02 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 19 13:07:02 smoothwall ipsec_setup: (/etc/ipsec.conf, line 0) did
not find config section(s) "setup" -- `start' aborted
Sep 19 15:27:29 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 15:27:29 smoothwall ipsec_setup: stop ordered, but IPsec does
not appear to be running!
Sep 19 15:27:29 smoothwall ipsec_setup: doing cleanup anyway...
Sep 19 15:27:29 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 15:27:29 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 15:27:29 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 15:27:29 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 15:27:29 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 15:27:30 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 15:46:17 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 19 15:46:17 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 19 15:46:17 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 19 15:46:17 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 19 15:46:17 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 19 15:46:17 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 19 15:46:18 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 15:46:18 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 15:46:18 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 15:46:18 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 15:46:19 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 15:46:19 smoothwall ipsec__plutorun: ...could not route conn "vpn-1"
Sep 19 15:46:19 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 15:46:19 smoothwall ipsec__plutorun: ...could not start conn "vpn-1"
Sep 19 20:19:25 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 20:19:26 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 20:19:26 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 20:19:26 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 20:19:27 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 20:19:27 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 20:19:27 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 20:19:27 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 20:19:28 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 20:19:28 smoothwall ipsec__plutorun: ...could not route conn "vpn-2"
Sep 19 20:19:28 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 20:19:28 smoothwall ipsec__plutorun: ...could not route conn "vpn-1"
Sep 19 20:19:28 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 20:19:28 smoothwall ipsec__plutorun: ...could not start conn "vpn-2"
Sep 19 20:19:28 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 20:19:28 smoothwall ipsec__plutorun: ...could not start conn "vpn-1"
Sep 19 20:40:52 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 20:40:53 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 20:40:53 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 20:40:53 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 20:40:53 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 20:40:53 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 20:40:53 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 20:40:54 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 20:40:55 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 20:40:55 smoothwall ipsec__plutorun: ...could not route conn "vpn-2"
Sep 19 20:40:55 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 20:40:55 smoothwall ipsec__plutorun: ...could not route conn "vpn-1"
Sep 19 20:40:55 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 20:40:55 smoothwall ipsec__plutorun: ...could not start conn "vpn-2"
Sep 19 20:40:55 smoothwall ipsec__plutorun: 022 "vpn-1": we have no
ipsecN interface for either end of this connection
Sep 19 20:40:55 smoothwall ipsec__plutorun: ...could not start conn "vpn-1"
Sep 19 21:10:35 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 21:10:36 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 21:10:36 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 21:10:36 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 21:10:36 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 21:10:36 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 21:10:36 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 21:10:37 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 21:10:37 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 21:10:37 smoothwall ipsec__plutorun: ...could not route conn "vpn-2"
Sep 19 21:10:38 smoothwall ipsec__plutorun: 022 "vpn-2": we have no
ipsecN interface for either end of this connection
Sep 19 21:10:38 smoothwall ipsec__plutorun: ...could not start conn "vpn-2"
Sep 19 21:55:30 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 21:55:31 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 21:55:31 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 21:55:31 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 21:55:31 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 21:55:31 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 21:55:31 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 21:55:31 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 22:51:43 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 22:51:44 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 22:51:44 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 22:51:44 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 22:51:44 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 22:51:44 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 22:51:44 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.254.1/255.255.255.0 broadcast 192.168.254.255
Sep 19 22:51:44 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 22:51:45 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"roadwarrior": %defaultroute requested but not known
Sep 19 22:51:45 smoothwall ipsec__plutorun: 021 no connection named
"roadwarrior"
Sep 19 22:51:45 smoothwall ipsec__plutorun: ...could not route conn
"roadwarrior"
Sep 19 22:51:45 smoothwall ipsec__plutorun: 021 no connection named
"roadwarrior"
Sep 19 22:51:45 smoothwall ipsec__plutorun: ...could not start conn
"roadwarrior"
Sep 19 23:30:06 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 23:30:07 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 23:30:07 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 23:30:07 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 23:30:07 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 23:30:07 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 23:30:08 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.254.1/255.255.255.0 broadcast 192.168.254.255
Sep 19 23:30:08 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 23:30:08 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"roadwarrior": %defaultroute requested but not known
Sep 19 23:39:51 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 23:39:53 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 23:39:53 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 23:39:53 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 23:39:53 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 23:39:53 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 23:39:53 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 23:39:53 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 23:39:54 smoothwall ipsec__plutorun: 022 "statis": we have no
ipsecN interface for either end of this connection
Sep 19 23:39:54 smoothwall ipsec__plutorun: ...could not route conn "statis"
Sep 19 23:39:54 smoothwall ipsec__plutorun: 022 "statis": we have no
ipsecN interface for either end of this connection
Sep 19 23:39:54 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 19 23:49:42 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 23:49:43 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 23:49:43 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 23:49:43 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 23:49:43 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 19 23:49:43 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 19 23:52:04 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 19 23:52:04 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 19 23:52:04 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 19 23:52:04 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 19 23:52:04 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 19 23:52:04 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 19 23:52:04 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 23:52:04 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 23:52:04 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 19 23:52:05 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 23:52:05 smoothwall ipsec__plutorun: 104 "statis" #1:
STATE_MAIN_I1: initiate
Sep 19 23:52:05 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 19 23:57:49 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 19 23:57:50 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 19 23:57:50 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 19 23:57:50 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 19 23:57:50 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 19 23:57:50 smoothwall ipsec_setup: KLIPS debug `none'
Sep 19 23:57:51 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 19 23:57:51 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 19 23:57:51 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": %defaultroute requested but not known
Sep 19 23:57:51 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 19 23:57:51 smoothwall ipsec__plutorun: ...could not route conn "statis"
Sep 19 23:57:52 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 19 23:57:52 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 20 00:05:07 smoothwall ipsec_setup: Openswan IPsec apparently
already running, start aborted
Sep 20 00:05:32 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:05:33 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:05:33 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:05:33 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:05:33 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:05:33 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:05:45 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:05:45 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:05:45 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:05:45 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:05:45 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:05:45 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:05:45 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:05:45 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:05:45 smoothwall ipsec_setup: interface `%defaultroutes' not
understood
Sep 20 00:05:45 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:05:46 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": %defaultroute requested but not known
Sep 20 00:05:46 smoothwall ipsec__plutorun: 003 no public interfaces found
Sep 20 00:05:46 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 20 00:05:46 smoothwall ipsec__plutorun: ...could not route conn "statis"
Sep 20 00:05:46 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 20 00:05:46 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 20 00:06:39 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:06:39 smoothwall ipsec_setup: stop ordered, but IPsec does
not appear to be running!
Sep 20 00:06:39 smoothwall ipsec_setup: doing cleanup anyway...
Sep 20 00:06:40 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:06:40 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:06:40 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:06:40 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:06:43 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:06:43 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:06:43 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:06:43 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:06:43 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:06:43 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:06:43 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:06:43 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:06:43 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 20 00:06:43 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:06:44 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": %defaultroute requested but not known
Sep 20 00:06:44 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 20 00:06:44 smoothwall ipsec__plutorun: ...could not route conn "statis"
Sep 20 00:06:44 smoothwall ipsec__plutorun: 021 no connection named "statis"
Sep 20 00:06:44 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 20 00:18:55 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:18:56 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:18:56 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:18:56 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:18:57 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:18:57 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:18:57 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 20 00:18:57 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:18:58 smoothwall ipsec__plutorun: 022 "statis": we have no
ipsecN interface for either end of this connection
Sep 20 00:18:58 smoothwall ipsec__plutorun: ...could not route conn "statis"
Sep 20 00:18:58 smoothwall ipsec__plutorun: 022 "statis": we have no
ipsecN interface for either end of this connection
Sep 20 00:18:58 smoothwall ipsec__plutorun: ...could not start conn "statis"
Sep 20 00:32:56 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:32:57 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:32:57 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:32:57 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:32:58 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:32:58 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:32:58 smoothwall ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.13/255.255.255.0 broadcast 192.168.0.255
Sep 20 00:32:58 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:35:57 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:35:58 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:35:58 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:35:58 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:35:59 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:35:59 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:35:59 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:35:59 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:35:59 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": %defaultroute requested but not known
Sep 20 00:38:13 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:38:14 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:38:14 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:38:14 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:38:14 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:38:14 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:38:21 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:38:21 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:38:21 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:38:21 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:38:21 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:38:21 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:38:22 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:38:22 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:38:22 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:38:22 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:38:23 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": %defaultroute requested but not known
Sep 20 00:41:38 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:41:39 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:41:39 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:41:39 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:41:40 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:41:40 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:41:42 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:41:42 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:41:42 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:41:42 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:41:42 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:41:42 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:41:42 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:41:42 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:41:42 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:41:42 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:43:07 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:43:08 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:43:08 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:43:08 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:43:09 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:43:09 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:43:17 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:43:17 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:43:17 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:43:17 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:43:17 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:43:17 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:43:17 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:43:17 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:43:17 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:43:17 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:49:19 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:49:20 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:49:20 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:49:20 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:49:21 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:49:21 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:49:22 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:49:22 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:49:22 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:49:22 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:49:22 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:49:22 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:49:23 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:49:23 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:49:23 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:49:23 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:50:22 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:50:24 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:50:24 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:50:24 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:50:24 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:50:24 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:50:24 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:50:24 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:50:35 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:50:36 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:50:36 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:50:36 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:50:36 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:50:36 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:50:41 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:50:41 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:50:41 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:50:41 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:50:41 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:50:41 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:50:41 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:50:41 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:50:41 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:50:41 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:52:05 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:52:06 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:52:06 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:52:06 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:52:07 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:52:07 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:52:09 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:52:09 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:52:09 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:52:09 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:52:09 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:52:09 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:52:09 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:52:09 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:52:09 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:52:09 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:52:10 smoothwall ipsec__plutorun: ipsec_auto: fatal error in
"statis": left and leftnexthop must not be the same
Sep 20 00:53:45 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:53:46 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:53:46 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:53:46 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:53:47 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:53:47 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:53:48 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:53:48 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:53:48 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:53:48 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:53:48 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:53:48 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:53:48 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:53:48 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:53:48 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:53:48 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 00:55:59 smoothwall ipsec_setup: Openswan IPsec apparently
already running, start aborted
Sep 20 00:56:18 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 00:56:19 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 00:56:19 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 00:56:19 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 00:56:19 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 00:56:19 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 00:56:20 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 00:56:20 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 00:56:20 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 00:56:20 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 00:56:20 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 00:56:20 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 00:56:20 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 00:56:20 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 00:56:20 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 00:56:20 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:08:04 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:08:05 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:08:05 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:08:06 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:08:06 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:08:06 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:08:06 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:08:06 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:08:06 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:08:06 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:08:06 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:08:06 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:08:06 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:08:06 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:08:06 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:08:07 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:16:02 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:16:04 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:16:04 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:16:04 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:16:04 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:16:04 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:16:04 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:16:04 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:16:04 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:16:04 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:16:04 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:16:04 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:16:04 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:16:05 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:16:05 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:16:05 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:21:14 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:21:15 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:21:16 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:21:16 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:21:16 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:21:16 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:21:16 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:21:16 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:21:16 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:21:16 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:21:16 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:21:16 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:21:16 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:21:16 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:21:17 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:21:17 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:23:21 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:23:22 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:23:22 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:23:22 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:23:23 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:23:23 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:23:23 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:23:23 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:23:23 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:23:23 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:23:23 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:23:23 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:23:23 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:23:23 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:23:23 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:23:23 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:30:04 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:30:05 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:30:05 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:30:05 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:30:06 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:30:06 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:30:06 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:30:06 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:30:06 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:30:06 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:30:06 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:30:06 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:30:06 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:30:06 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:30:06 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:30:06 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:30:48 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:30:49 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:30:50 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:30:50 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:30:50 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:30:50 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:30:50 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:30:50 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:30:50 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:30:50 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:30:50 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:30:50 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:30:50 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:30:50 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:30:51 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:30:51 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:31:55 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:31:56 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:31:56 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:31:56 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:31:57 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:31:57 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:31:57 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:31:57 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:31:57 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:31:57 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:31:57 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:31:57 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:31:57 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:31:57 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:31:57 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:31:57 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:32:24 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:32:25 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:32:25 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:32:25 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:32:26 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:32:26 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:32:26 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:32:26 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:32:26 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:32:26 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:32:26 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:32:26 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:32:26 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:32:26 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:32:26 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:32:26 smoothwall ipsec_setup: ...Openswan IPsec started
Sep 20 01:33:14 smoothwall ipsec_setup: Stopping Openswan IPsec...
Sep 20 01:33:15 smoothwall kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Sep 20 01:33:15 smoothwall ipsec_setup: ipsec: Device or resource busy
Sep 20 01:33:15 smoothwall ipsec_setup: ...Openswan IPsec stopped
Sep 20 01:33:16 smoothwall kernel: klips_info:pfkey_cleanup: shutting
down PF_KEY domain sockets.
Sep 20 01:33:16 smoothwall kernel: klips_info:cleanup_module: ipsec
module unloaded.
Sep 20 01:33:16 smoothwall kernel: klips_info:ipsec_init: KLIPS
startup, Openswan IPsec stack 1.0.7
Sep 20 01:33:16 smoothwall kernel: klips_info:ipsec_alg_init: KLIPS
alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=15)
Sep 20 01:33:16 smoothwall kernel: klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
Sep 20 01:33:16 smoothwall kernel: ipsec_aes_init(alg_type=15
alg_id=12 name=aes): ret=0
Sep 20 01:33:16 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=5 name=sha2_256): ret=0
Sep 20 01:33:16 smoothwall kernel: ipsec_sha2_init(alg_type=14
alg_id=7 name=sha2_512): ret=0
Sep 20 01:33:16 smoothwall ipsec_setup: Starting Openswan IPsec 1.0.7...
Sep 20 01:33:16 smoothwall ipsec_setup: KLIPS debug `none'
Sep 20 01:33:16 smoothwall ipsec_setup: KLIPS ipsec0 on eth1
192.168.250.1/255.255.255.0 broadcast 192.168.250.255
Sep 20 01:33:16 smoothwall ipsec_setup: ...Openswan IPsec started
+ _________________________ plog
+ sed -n '1541,$p' /var/log/secure
+ egrep -i pluto
+ cat
Sep 20 01:33:16 smoothwall ipsec__plutorun: Starting Pluto subsystem...
Sep 20 01:33:16 smoothwall pluto[15615]: Starting Pluto (Openswan Version 1.0.7)
Sep 20 01:33:16 smoothwall pluto[15615]: including X.509 patch with
traffic selectors (Version 0.9.42)
Sep 20 01:33:16 smoothwall pluto[15615]: including NAT-Traversal patch
(Version 0.6) [disabled]
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_DES_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_CAST_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: ike_alg_register_enc():
Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Sep 20 01:33:16 smoothwall pluto[15615]: Changing to directory
'/etc/ipsec.d/cacerts'
Sep 20 01:33:16 smoothwall pluto[15615]: Warning: empty directory
Sep 20 01:33:16 smoothwall pluto[15615]: Changing to directory
'/etc/ipsec.d/crls'
Sep 20 01:33:16 smoothwall pluto[15615]: Warning: empty directory
Sep 20 01:33:16 smoothwall pluto[15615]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Sep 20 01:33:17 smoothwall pluto[15615]: | from whack: got --esp=aes,3des
Sep 20 01:33:17 smoothwall pluto[15615]: | from whack: got --ike=aes,3des
Sep 20 01:33:17 smoothwall pluto[15615]: added connection description "statis"
Sep 20 01:33:17 smoothwall pluto[15615]: listening for IKE messages
Sep 20 01:33:17 smoothwall pluto[15615]: adding interface ipsec0/eth1
192.168.250.1
Sep 20 01:33:17 smoothwall pluto[15615]: loading secrets from
"/etc/ipsec.secrets"
Sep 20 01:33:25 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:25 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
Sep 20 01:33:26 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:26 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
Sep 20 01:33:28 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:28 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
Sep 20 01:33:32 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:32 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
Sep 20 01:33:40 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:40 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
Sep 20 01:33:50 smoothwall pluto[15615]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 01:33:50 smoothwall pluto[15615]: packet from
192.168.250.10:500: initial Main Mode message received on
192.168.250.1:500 but no connection has been authorized with
policy=PSK
+ _________________________ date
+ date
Mon Sep 20 10:14:05 BST 2004
>
> Paul
> --
> "Non cogitamus, ergo nihil sumus"
>
More information about the Users
mailing list