[Openswan Users] Routing problem (with barfs)

Da Shen dshen19 at yahoo.com
Sat Feb 26 23:03:14 CET 2005


Hi, all:

I am a newbie for openswan. I am trying setup a vpn
connecting two segments as 

192.168.10.0===24.91.72.14<--->221.219.4.251===192.168.8.0

Here is the conn section included in ipsec.conf(they
are the same in both ends)
conn w-b
        left=24.91.72.14
        leftsubnet=192.168.10.0/24
        leftid=@w.netgenco.com
       
leftrsasigkey=0sAQOTnxk5o8wdADEXERry8B4xUVSPSt6ln7D9xIItwW7Sup1GC83WzS6nLU2asDQqwb7zBkpc3IlkD+BCOtQaSjo+S6Tf2SAnwk5qXDBLg/pAqIji9kguA6l7gKfjdiXaFg4O0bv51aSvA6cqqFTaSf32YgVEaxiGnsviyVi9KxkD8oW+PE9xe7I7T0f1u/IOStkM0AprQEN1l5qWMIowWTIU1BMzHbSOhwzXsmfLcNWXTYhko7g94anUn3NkCuxCCYidjjb56NLLjyl18yNF3Kaq1YkMYdG/vdIgVWTVRnkJYNy+5w4uEECCgEUOXEbCVI2izq02TF4yvtYGacjP4WzH
        leftnexthop=24.91.72.1
        right=221.219.4.251
        rightsubnet=192.168.8.0/24
        rightid=@b.netgenco.com
       
rightrsasigkey=0sAQO26/NgpIcS6pkqg6INiShzxP9a2xtptpkGqldZy0Wtc+LGVIrv5IY6HrX5sNeg8unBvQ83Zk8/3H6QjExddnoVF+aqLu8zymj8Z9ae+8e06CqcS97JOsjW8zcR5pK5dZKvPUN4RoINw6/N4A+l3UxEPW2OdKVBueQcLCi+uQ12mPSznvPo6nkLvKlAcROhh/XOY9yYieKK/fSdKa/DUu0mrK8EwauoRqlJUJ8oQ2Kp55AC1Y5WvhKaLOQKo1Qd4H7tGk5JGsXGuC2Q48Si8vdkZmkcp9vZ4j6itxgr2wS83lZPTLU2kgir7L9g7QO4YuMVoLwW6+5rwvIXDYzof/UF
        rightnexthop=61.51.120.1
        authby=rsasig
        auto=start

from ipsec auto --status: 

000 "w-b":
192.168.8.0/24===221.219.4.251[@b.netgenco.com]---61.51.120.1...24.91.72.1---24.91.72.14[@w.netgenco.com]===192.168.10.0/24;
erouted; erowner: #5
000 #5: "w-b" STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 20568s; newest
IPSEC; eroute owner
000 #5: "w-b" esp.620dde4a at 24.91.72.14
esp.a4c32704 at 221.219.4.251 tun.0 at 24.91.72.14
tun.0 at 221.219.4.251
000 #4: "w-b" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 21160s
000 #4: "w-b" esp.c42a79c5 at 24.91.72.14
esp.b7035b97 at 221.219.4.251 tun.0 at 24.91.72.14
tun.0 at 221.219.4.251
000 #8: "w-b" STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 1330s; newest ISAKMP

it seems that the tunnel has been setup, but I can't
ping through and connect by any means from either
side.
and the routing table are:
for w:
# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags 
 MSS Window  irtt Iface
192.168.10.0    0.0.0.0         255.255.255.0   U     
   0 0          0 eth1
192.168.8.0     24.91.72.1      255.255.255.0   UG    
   0 0          0 eth0
24.91.72.0      0.0.0.0         255.255.254.0   U     
   0 0          0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    
   0 0          0 lo
0.0.0.0         24.91.72.1      0.0.0.0         UG    
   0 0          0 eth0

for b:
# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags 
 MSS Window  irtt Iface
61.51.120.1     0.0.0.0         255.255.255.255 UH    
   0 0          0 ppp0
192.168.10.0    61.51.120.1     255.255.255.0   UG    
   0 0          0 ppp0
192.168.8.0     0.0.0.0         255.255.255.0   U     
   0 0          0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    
   0 0          0 lo
0.0.0.0         61.51.120.1     0.0.0.0         UG    
   0 0          0 ppp0

My question is: Does my problem come from routing? if
so, how can I correct it? I have browsed many posts
related to routing in this list and can't figure out a
solution. 

I also attached barf files with this post, if you
can't read it, I can repost them into the text.

BTW, how the kernel(2.6) ipsec engine know where the
packets should be sent to(I mean whether a packet
should go into a ipsec tunnel or just follow a general
route to outside)?  as I need try some more advanced
configs(for real working situation) if I can go
through this step, I feel the additional knowledge
will help me  a lot then. In fact, I really love the
original freeswan/openswan design that with ipsec
devices, which is much more clear in concept for
newbies as me to understand it.

Thanks in advance!

Da 


		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 
-------------- next part --------------
Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
b
Sun Feb 27 13:57:14 CST 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.10-gentoo-r6 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.10-gentoo-r6 (root at b) (gcc version 3.3.5 (Gentoo Linux 3.3.5-r1, ssp-3.3.2-3, pie-8.7.7.1)) #7 SMP Sat Feb 26 11:28:01 CST 2005
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
61.51.120.1     0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
192.168.10.0    61.51.120.1     255.255.255.0   UG        0 0          0 ppp0
192.168.8.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG        0 0          0 lo
0.0.0.0         61.51.120.1     0.0.0.0         UG        0 0          0 ppp0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
221.219.4.251 24.91.72.14 
	esp mode=tunnel spi=1645076042(0x620dde4a) reqid=16385(0x00004001)
	E: 3des-cbc  17da869f 93110b3e ce99f07b 55a55a2b 6f903f80 3afc765e
	A: hmac-md5  2517f1e4 b8b042ce a8d9be37 1030cb07
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 27 12:30:17 2005	current: Feb 27 13:57:14 2005
	diff: 5217(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=3 pid=8837 refcnt=0
221.219.4.251 24.91.72.14 
	esp mode=tunnel spi=3291118021(0xc42a79c5) reqid=16385(0x00004001)
	E: 3des-cbc  24355d63 f02bb404 c8e27f1b a84ccc44 5c34d599 ec7c9ed4
	A: hmac-md5  acf20a4b 6328254e 4de49f76 24941c2e
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 27 12:28:56 2005	current: Feb 27 13:57:14 2005
	diff: 5298(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=2 pid=8837 refcnt=0
24.91.72.14 221.219.4.251 
	esp mode=tunnel spi=2764252932(0xa4c32704) reqid=16385(0x00004001)
	E: 3des-cbc  ec75d484 79f2ed08 25ac37fb 7b4a92c8 47a4207f 7175cc7b
	A: hmac-md5  0b99cf2d 21be6b9b 2f6aa87e 4a675f2c
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 27 12:30:17 2005	current: Feb 27 13:57:14 2005
	diff: 5217(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=8837 refcnt=0
24.91.72.14 221.219.4.251 
	esp mode=tunnel spi=3070450583(0xb7035b97) reqid=16385(0x00004001)
	E: 3des-cbc  171a7655 1dfea400 3d485dae 861e49ea 7a040610 757c6c7d
	A: hmac-md5  685479d0 fcf29d8a ba3256a6 66e00e56
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 27 12:28:56 2005	current: Feb 27 13:57:14 2005
	diff: 5298(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=8837 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
192.168.10.0/24[any] 192.168.8.0/24[any] any
	in ipsec
	esp/tunnel/24.91.72.14-221.219.4.251/unique#16385
	created: Feb 27 12:28:28 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=776 seq=12 pid=8838
	refcnt=1
192.168.8.0/24[any] 192.168.10.0/24[any] any
	out ipsec
	esp/tunnel/221.219.4.251-24.91.72.14/unique#16385
	created: Feb 27 12:30:17 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=769 seq=11 pid=8838
	refcnt=1
192.168.10.0/24[any] 192.168.8.0/24[any] any
	fwd ipsec
	esp/tunnel/24.91.72.14-221.219.4.251/unique#16385
	created: Feb 27 12:28:28 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=786 seq=10 pid=8838
	refcnt=1
::/0[any] ::/0[any] any
	in none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=755 seq=9 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=739 seq=8 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=723 seq=7 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=707 seq=6 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 27 12:28:26 2005  lastused: Feb 27 13:28:55 2005
	lifetime: 0(s) validtime: 0(s)
	spid=691 seq=5 pid=8838
	refcnt=1
::/0[any] ::/0[any] any
	out none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=764 seq=4 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=748 seq=3 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=732 seq=2 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 27 12:28:26 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=716 seq=1 pid=8838
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 27 12:28:26 2005  lastused: Feb 27 13:28:55 2005
	lifetime: 0(s) validtime: 0(s)
	spid=700 seq=0 pid=8838
	refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo ::1
000 interface eth0:1/eth0:1 192.168.8.3
000 interface eth0:2/eth0:2 192.168.8.4
000 interface lo/lo 127.0.0.1
000 interface ppp0/ppp0 221.219.4.251
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000  
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000  
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,6,36} trans={0,6,336} attrs={0,6,224} 
000  
000 "w-b": 192.168.8.0/24===221.219.4.251[@b.netgenco.com]---61.51.120.1...24.91.72.1---24.91.72.14[@w.netgenco.com]===192.168.10.0/24; erouted; eroute owner: #5
000 "w-b":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "w-b":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: ppp0; 
000 "w-b":   newest ISAKMP SA: #6; newest IPsec SA: #5; 
000 "w-b":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "w-b":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2, 
000 "w-b":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "w-b":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "w-b":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "w-b":   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000  
000 #6: "w-b" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 727s; newest ISAKMP
000 #5: "w-b" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 22640s; newest IPSEC; eroute owner
000 #5: "w-b" esp.620dde4a at 24.91.72.14 esp.a4c32704 at 221.219.4.251 tun.0 at 24.91.72.14 tun.0 at 221.219.4.251
000 #4: "w-b" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23232s
000 #4: "w-b" esp.c42a79c5 at 24.91.72.14 esp.b7035b97 at 221.219.4.251 tun.0 at 24.91.72.14 tun.0 at 221.219.4.251
000  
+ _________________________ ifconfig-a
+ ifconfig -a
bond0     Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          BROADCAST MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

dummy0    Link encap:Ethernet  HWaddr 5E:CD:45:88:A3:93  
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:0C:76:60:BA:8F  
          inet6 addr: fe80::20c:76ff:fe60:ba8f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:122468 errors:0 dropped:0 overruns:0 frame:0
          TX packets:116542 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:132338801 (126.2 Mb)  TX bytes:10530366 (10.0 Mb)
          Interrupt:177 Base address:0xa000 

eth0:1    Link encap:Ethernet  HWaddr 00:0C:76:60:BA:8F  
          inet addr:192.168.8.3  Bcast:192.168.8.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:115400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:109453 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:129347509 (123.3 Mb)  TX bytes:7907846 (7.5 Mb)
          Interrupt:177 Base address:0xa000 

eth0:2    Link encap:Ethernet  HWaddr 00:0C:76:60:BA:8F  
          inet addr:192.168.8.4  Bcast:192.168.8.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:115400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:109453 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:129347509 (123.3 Mb)  TX bytes:7907846 (7.5 Mb)
          Interrupt:177 Base address:0xa000 

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-FF-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ip6tnl0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1460  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:45471 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45471 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2275300 (2.1 Mb)  TX bytes:2275300 (2.1 Mb)

plip0     Link encap:Ethernet  HWaddr FC:FC:FC:FC:FC:FC  
          POINTOPOINT NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:7 Base address:0x378 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:221.219.4.251  P-t-P:61.51.120.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:115400 errors:0 dropped:0 overruns:0 frame:0
          TX packets:109453 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:129347509 (123.3 Mb)  TX bytes:7907846 (7.5 Mb)

shaper0   Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          [NO FLAGS]  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
          BROADCAST NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          

teql0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tunl0     Link encap:IPIP Tunnel  HWaddr   
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                  	[OK]
Linux Openswan U2.2.0/K2.6.10-gentoo-r6 (native)
Checking for IPsec support in kernel                             	[OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)          	[OK]
Checking that pluto is running                                   	[OK]
Two or more interfaces found, checking IP forwarding             	[OK]
Checking NAT and MASQUERADEing                                   	[OK]
Checking for 'ip' command                                        	[OK]
Checking for 'iptables' command                                  	[OK]
Checking for 'setkey' command for native IPsec stack support     	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: b                   	[MISSING]
   Does the machine have at least one non-private address?       	[OK]
   Looking for TXT in reverse dns zone: 251.4.219.221.in-addr.arpa.	[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 00:40:63, model 50 rev 8
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1 
+ _________________________ uptime
+ uptime
 13:57:15 up 1 day,  2:09,  5 users,  load average: 0.01, 0.03, 0.08
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4     0  8766 11231  16   0   1864   964 wait   S+   pts/1      0:00              \_ /bin/sh /usr/libexec/ipsec/barf
4     0  8888  8766  16   0   1376   440 -      S+   pts/1      0:00                  \_ egrep -i ppid|pluto|ipsec|klips
5     0  7235     1  17   0   1856   940 wait   S    pts/1      0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
5     0  7236  7235  17   0   1856   948 wait   S    pts/1      0:00  \_ /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
4     0  7237  7236  15   0   2264  1200 select S    pts/1      0:00  |   \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --debug-all --uniqueids
4     0  7273  7237  24   0   1264   272 select S    pts/1      0:00  |       \_ _pluto_adns -d
4     0  7246  7235  15   0   1860   944 pipe_w S pts/1      0:00  \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 
4     0  7248     1  16   0   1328   456 pipe_w S pts/1      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=ppp0
routevirt=ipsec0
routeaddr=221.219.4.251
routenexthop=61.51.120.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

# This file:  /usr/share/doc/openswan-2.2.0/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	interfaces=%defaultroute
	klipsdebug=all
	plutodebug=all
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	# klipsdebug=none
	# plutodebug="control parsing"

# Add connections here

# sample VPN connection
#sample#	conn sample
#sample#		# Left security gateway, subnet behind it, next hop toward right.
#sample#		left=10.0.0.1
#sample#		leftsubnet=172.16.0.0/24
#sample#		leftnexthop=10.22.33.44
#sample#		# Right security gateway, subnet behind it, next hop toward left.
#sample#		right=10.12.12.1
#sample#		rightsubnet=192.168.0.0/24
#sample#		rightnexthop=10.101.102.103
#sample#		# To authorize this connection, but not actually start it, at startup,
#sample#		# uncomment this.
#sample#		#auto=start

#Disable Opportunistic Encryption

#< /etc/ipsec/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

#> /etc/ipsec/ipsec.conf 38

#< /etc/ipsec/w-b.conf 1
conn w-b
	left=24.91.72.14
	leftsubnet=192.168.10.0/24
	leftid=@w.netgenco.com
	leftrsasigkey=[keyid AQOTnxk5o]
	leftnexthop=24.91.72.1
	right=221.219.4.251
	rightsubnet=192.168.8.0/24
	rightid=@b.netgenco.com
	rightrsasigkey=[keyid AQO26/Ngp]
	rightnexthop=61.51.120.1
	authby=rsasig
	auto=start

#> /etc/ipsec/ipsec.conf 39
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec/ipsec.secrets

#< /etc/ipsec/ipsec.secrets 1
: RSA	{
	# RSA 2048 bits   b   Sat Feb 26 14:04:34 2005
	# for signatures only, UNSAFE FOR ENCRYPTION
	#pubkey=[keyid AQO26/Ngp]
	Modulus: [...]
	PublicExponent: [...]
	# everything after this point is secret
	PrivateExponent: [...]
	Prime1: [...]
	Prime2: [...]
	Exponent1: [...]
	Exponent2: [...]
	Coefficient: [...]
	}
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
000 Feb 27 12:28:25 2005, 2048 RSA Key AQO26/Ngp, until --- -- --:--:-- ---- ok (expires never)
000        ID_FQDN '@b.netgenco.com'
000 Feb 27 12:28:25 2005, 2048 RSA Key AQOTnxk5o, until --- -- --:--:-- ---- ok (expires never)
000        ID_FQDN '@w.netgenco.com'
+ '[' /etc/ipsec/ipsec.d/policies ']'
++ basename /etc/ipsec/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 100
-rwxr-xr-x  1 root root 15409 Feb 26 14:02 _confread
-rwxr-xr-x  1 root root  5224 Feb 26 14:02 _copyright
-rwxr-xr-x  1 root root  2391 Feb 26 14:02 _include
-rwxr-xr-x  1 root root  1475 Feb 26 14:02 _keycensor
-rwxr-xr-x  1 root root  3586 Feb 26 14:02 _plutoload
-rwxr-xr-x  1 root root  7167 Feb 26 14:02 _plutorun
-rwxr-xr-x  1 root root 10493 Feb 26 14:02 _realsetup
-rwxr-xr-x  1 root root  1975 Feb 26 14:02 _secretcensor
-rwxr-xr-x  1 root root  9016 Feb 26 14:02 _startklips
-rwxr-xr-x  1 root root 12313 Feb 26 14:02 _updown
-rwxr-xr-x  1 root root  7572 Feb 26 14:02 _updown_x509
-rwxr-xr-x  1 root root  1942 Feb 26 14:02 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 1268
-rwxr-xr-x  1 root root  10472 Feb 26 14:02 _pluto_adns
-rwxr-xr-x  1 root root  19220 Feb 26 14:02 auto
-rwxr-xr-x  1 root root  10230 Feb 26 14:02 barf
-rwxr-xr-x  1 root root    816 Feb 26 14:02 calcgoo
-rwxr-xr-x  1 root root  79504 Feb 26 14:02 eroute
-rwxr-xr-x  1 root root  58524 Feb 26 14:02 klipsdebug
-rwxr-xr-x  1 root root   2461 Feb 26 14:02 look
-rwxr-xr-x  1 root root   7130 Feb 26 14:02 mailkey
-rwxr-xr-x  1 root root  16188 Feb 26 14:02 manual
-rwxr-xr-x  1 root root   1874 Feb 26 14:02 newhostkey
-rwxr-xr-x  1 root root  53100 Feb 26 14:02 pf_key
-rwxr-xr-x  1 root root 564468 Feb 26 14:02 pluto
-rwxr-xr-x  1 root root   7208 Feb 26 14:02 ranbits
-rwxr-xr-x  1 root root  19376 Feb 26 14:02 rsasigkey
-rwxr-xr-x  1 root root    766 Feb 26 14:02 secrets
-rwxr-xr-x  1 root root  17578 Feb 26 14:02 send-pr
lrwxrwxrwx  1 root root     17 Feb 26 14:02 setup -> /etc/init.d/ipsec
-rwxr-xr-x  1 root root   1048 Feb 26 14:02 showdefaults
-rwxr-xr-x  1 root root   4370 Feb 26 14:02 showhostkey
-rwxr-xr-x  1 root root 116748 Feb 26 14:02 spi
-rwxr-xr-x  1 root root  67572 Feb 26 14:02 spigrp
-rwxr-xr-x  1 root root  80256 Feb 26 14:02 starter
-rwxr-xr-x  1 root root  10392 Feb 26 14:02 tncfg
-rwxr-xr-x  1 root root  10195 Feb 26 14:02 verify
-rwxr-xr-x  1 root root  60932 Feb 26 14:02 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
 bond0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
 plip0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth0:132339282  122471    0    0    0     0          0         0 10530608  116545    0    0    0     0       0          0
    lo: 2275300   45471    0    0    0     0          0         0  2275300   45471    0    0    0     0       0          0
  tap0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
shaper0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
dummy0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
 teql0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
 tunl0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  gre0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  sit0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ip6tnl0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  ppp0:129347924  115403    0    0    0     0          0         0  7908022  109456    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
ppp0	0178333D	00000000	0005	0	0	0	FFFFFFFF	0	0	0                                                                               
ppp0	000AA8C0	0178333D	0003	0	0	0	00FFFFFF	0	0	0                                                                               
eth0	0008A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
lo	0000007F	0100007F	0003	0	0	0	000000FF	0	0	0                                                                                 
ppp0	00000000	0178333D	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:1
lo/rp_filter:0
ppp0/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux b 2.6.10-gentoo-r6 #7 SMP Sat Feb 26 11:28:01 CST 2005 i686 Intel(R) Celeron(R) CPU 2.40GHz GenuineIntel GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ test -r /etc/fedora-release
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.10-gentoo-r6) support detected '
native PFKEY (2.6.10-gentoo-r6) support detected 
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 161K packets, 132M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 155K packets, 10M bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 6098 packets, 313K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 25067 packets, 1516K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 161K packets, 132M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 161K packets, 132M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 155K packets, 10M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 155K packets, 10M bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
shfs 50448 0 - Live 0xe0be2000
snd_via82xx 24960 2 - Live 0xe09dc000
snd_ac97_codec 76640 1 snd_via82xx, Live 0xe0981000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal:       478356 kB
MemFree:          6896 kB
Buffers:         13772 kB
Cached:         107792 kB
SwapCached:      42588 kB
Active:         234372 kB
Inactive:        57684 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       478356 kB
LowFree:          6896 kB
SwapTotal:      939792 kB
SwapFree:       861256 kB
Dirty:              36 kB
Writeback:           0 kB
Mapped:         209468 kB
Slab:           174104 kB
CommitLimit:   1178968 kB
Committed_AS:   367084 kB
PageTables:       1716 kB
VmallocTotal:   548788 kB
VmallocUsed:     35776 kB
VmallocChunk:   511988 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NETLINK_DEV=y
CONFIG_NET_KEY=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_TUNNEL=y
CONFIG_IP_TCPDIAG=y
CONFIG_IP_TCPDIAG_IPV6=y
# CONFIG_IP_VS is not set
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_INET6_TUNNEL=y
CONFIG_IPV6_TUNNEL=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CT_PROTO_SCTP=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_PHYSDEV=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_REALM=y
CONFIG_IP_NF_MATCH_SCTP=y
CONFIG_IP_NF_MATCH_COMMENT=y
CONFIG_IP_NF_MATCH_CONNMARK=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_TARGET_CONNMARK=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_TARGET_NOTRACK=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP6_NF_QUEUE=y
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_LIMIT=y
CONFIG_IP6_NF_MATCH_MAC=y
CONFIG_IP6_NF_MATCH_RT=y
CONFIG_IP6_NF_MATCH_OPTS=y
CONFIG_IP6_NF_MATCH_FRAG=y
CONFIG_IP6_NF_MATCH_HL=y
CONFIG_IP6_NF_MATCH_MULTIPORT=y
CONFIG_IP6_NF_MATCH_OWNER=y
CONFIG_IP6_NF_MATCH_MARK=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_MATCH_AHESP=y
CONFIG_IP6_NF_MATCH_LENGTH=y
CONFIG_IP6_NF_MATCH_EUI64=y
CONFIG_IP6_NF_MATCH_PHYSDEV=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_LOG=y
CONFIG_IP6_NF_MANGLE=y
CONFIG_IP6_NF_TARGET_MARK=y
CONFIG_IP6_NF_RAW=y
CONFIG_IP_SCTP=y
# CONFIG_IPX is not set
CONFIG_IPMI_HANDLER=y
CONFIG_IPMI_PANIC_EVENT=y
CONFIG_IPMI_PANIC_STRING=y
CONFIG_IPMI_DEVICE_INTERFACE=y
CONFIG_IPMI_SI=y
CONFIG_IPMI_WATCHDOG=y
CONFIG_IPMI_POWEROFF=y
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 202.106.46.151
nameserver 202.106.0.20
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x  4 root root 4096 Feb 26 11:54 2.6.10-gentoo-r6
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c049bb40 T netif_rx
c049bd40 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-gentoo-r6: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ cat
+ _________________________ plog
+ sed -n '1,$p' /dev/null
+ egrep -i pluto
+ cat
+ _________________________ date
+ date
Sun Feb 27 13:57:16 CST 2005
-------------- next part --------------
Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
sushi
Sun Feb 27 00:54:06 EST 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.10-gentoo-r6 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.10-gentoo-r6 (root at sushi) (gcc version 3.3.5 (Gentoo Linux 3.3.5-r1, ssp-3.3.2-3, pie-8.7.7.1)) #1 SMP Sat Feb 26 01:32:16 EST 2005
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.8.0     24.91.72.1      255.255.255.0   UG        0 0          0 eth0
24.91.72.0      0.0.0.0         255.255.254.0   U         0 0          0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG        0 0          0 lo
0.0.0.0         24.91.72.1      0.0.0.0         UG        0 0          0 eth0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
221.219.4.251 24.91.72.14 
	esp mode=tunnel spi=1645076042(0x620dde4a) reqid=16385(0x00004001)
	E: 3des-cbc  17da869f 93110b3e ce99f07b 55a55a2b 6f903f80 3afc765e
	A: hmac-md5  2517f1e4 b8b042ce a8d9be37 1030cb07
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 26 23:30:20 2005	current: Feb 27 00:54:06 2005
	diff: 5026(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=3 pid=14893 refcnt=0
221.219.4.251 24.91.72.14 
	esp mode=tunnel spi=3291118021(0xc42a79c5) reqid=16385(0x00004001)
	E: 3des-cbc  24355d63 f02bb404 c8e27f1b a84ccc44 5c34d599 ec7c9ed4
	A: hmac-md5  acf20a4b 6328254e 4de49f76 24941c2e
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 26 23:28:59 2005	current: Feb 27 00:54:06 2005
	diff: 5107(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=2 pid=14893 refcnt=0
24.91.72.14 221.219.4.251 
	esp mode=tunnel spi=2764252932(0xa4c32704) reqid=16385(0x00004001)
	E: 3des-cbc  ec75d484 79f2ed08 25ac37fb 7b4a92c8 47a4207f 7175cc7b
	A: hmac-md5  0b99cf2d 21be6b9b 2f6aa87e 4a675f2c
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 26 23:30:20 2005	current: Feb 27 00:54:06 2005
	diff: 5026(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=14893 refcnt=0
24.91.72.14 221.219.4.251 
	esp mode=tunnel spi=3070450583(0xb7035b97) reqid=16385(0x00004001)
	E: 3des-cbc  171a7655 1dfea400 3d485dae 861e49ea 7a040610 757c6c7d
	A: hmac-md5  685479d0 fcf29d8a ba3256a6 66e00e56
	seq=0x00000000 replay=64 flags=0x00000000 state=mature 
	created: Feb 26 23:28:59 2005	current: Feb 27 00:54:06 2005
	diff: 5107(s)	hard: 0(s)	soft: 0(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=0 pid=14893 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
192.168.8.0/24[any] 192.168.10.0/24[any] any
	in ipsec
	esp/tunnel/221.219.4.251-24.91.72.14/unique#16385
	created: Feb 26 23:28:59 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=312 seq=10 pid=14894
	refcnt=1
192.168.10.0/24[any] 192.168.8.0/24[any] any
	out ipsec
	esp/tunnel/24.91.72.14-221.219.4.251/unique#16385
	created: Feb 26 23:30:20 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=305 seq=9 pid=14894
	refcnt=1
192.168.8.0/24[any] 192.168.10.0/24[any] any
	fwd ipsec
	esp/tunnel/221.219.4.251-24.91.72.14/unique#16385
	created: Feb 26 23:28:59 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=322 seq=8 pid=14894
	refcnt=1
::/0[any] ::/0[any] any
	in none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=291 seq=7 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 26 23:28:56 2005  lastused: Feb 27 00:28:58 2005
	lifetime: 0(s) validtime: 0(s)
	spid=275 seq=6 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=259 seq=5 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	in none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=243 seq=4 pid=14894
	refcnt=1
::/0[any] ::/0[any] any
	out none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=300 seq=3 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 26 23:28:56 2005  lastused: Feb 27 00:28:58 2005
	lifetime: 0(s) validtime: 0(s)
	spid=284 seq=2 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=268 seq=1 pid=14894
	refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
	out none
	created: Feb 26 23:28:56 2005  lastused:                     
	lifetime: 0(s) validtime: 0(s)
	spid=252 seq=0 pid=14894
	refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo ::1
000 interface eth0/eth0 24.91.72.14
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 192.168.10.1
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000  
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000  
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,6,36} trans={0,6,336} attrs={0,6,224} 
000  
000 "w-b": 192.168.10.0/24===24.91.72.14[@w.netgenco.com]---24.91.72.1...61.51.120.1---221.219.4.251[@b.netgenco.com]===192.168.8.0/24; erouted; eroute owner: #3
000 "w-b":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "w-b":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0; 
000 "w-b":   newest ISAKMP SA: #4; newest IPsec SA: #3; 
000 "w-b":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "w-b":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2, 
000 "w-b":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "w-b":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "w-b":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "w-b":   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000  
000 #4: "w-b" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 252s; newest ISAKMP
000 #3: "w-b" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 23504s; newest IPSEC; eroute owner
000 #3: "w-b" esp.a4c32704 at 221.219.4.251 esp.620dde4a at 24.91.72.14 tun.0 at 221.219.4.251 tun.0 at 24.91.72.14
000 #2: "w-b" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23118s
000 #2: "w-b" esp.b7035b97 at 221.219.4.251 esp.c42a79c5 at 24.91.72.14 tun.0 at 221.219.4.251 tun.0 at 24.91.72.14
000  
+ _________________________ ifconfig-a
+ ifconfig -a
bond0     Link encap:Ethernet  HWaddr 00:00:00:00:00:00  
          BROADCAST MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

dummy0    Link encap:Ethernet  HWaddr AE:DD:6C:8C:CE:86  
          BROADCAST NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:02:E3:06:4D:6A  
          inet addr:24.91.72.14  Bcast:255.255.255.255  Mask:255.255.254.0
          inet6 addr: fe80::202:e3ff:fe06:4d6a/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:447467 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49601 errors:1 dropped:0 overruns:1 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:38822741 (37.0 Mb)  TX bytes:39165020 (37.3 Mb)
          Interrupt:18 Base address:0x2000 

eth1      Link encap:Ethernet  HWaddr 00:30:BD:28:64:23  
          inet addr:192.168.10.1  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::230:bdff:fe28:6423/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14410 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15227 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2571681 (2.4 Mb)  TX bytes:11791217 (11.2 Mb)
          Interrupt:19 Base address:0xb400 

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-33-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ip6tnl0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1460  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1041 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1041 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:120466 (117.6 Kb)  TX bytes:120466 (117.6 Kb)

plip0     Link encap:Ethernet  HWaddr FC:FC:FC:FC:FC:FC  
          POINTOPOINT NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:255 Base address:0x378 

sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tap0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
          BROADCAST NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          

teql0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tunl0     Link encap:IPIP Tunnel  HWaddr   
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                  	[OK]
Linux Openswan U2.2.0/K2.6.10-gentoo-r6 (native)
Checking for IPsec support in kernel                             	[OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)          	[OK]
Checking that pluto is running                                   	[OK]
Two or more interfaces found, checking IP forwarding             	[OK]
Checking NAT and MASQUERADEing                                   
Checking for 'ip' command                                        	[OK]
Checking for 'iptables' command                                  	[OK]
Checking for 'setkey' command for native IPsec stack support     	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: sushi                    	[MISSING]
   Does the machine have at least one non-private address?       	[OK]
   Looking for TXT in reverse dns zone: 14.72.91.24.in-addr.arpa.	[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 08:00:17, model 2 rev 1
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth1: negotiated 100baseTx-FD, link ok
  product info: vendor 00:00:00, model 0 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
sushi.netgenco.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
192.168.10.1 
+ _________________________ uptime
+ uptime
 00:54:07 up 22:59,  1 user,  load average: 0.08, 0.02, 0.01
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0     0 14816 10465  19   0   1996   976 wait   S+   pts/0      0:00                      \_ /bin/sh /usr/libexec/ipsec/barf
0     0 14942 14816  22   0   1420   460 pipe_w S+ pts/0     0:00                          \_ egrep -i ppid|pluto|ipsec|klips
1     0 14531     1  19   0   1988   948 wait   S    pts/0      0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
1     0 14532 14531  19   0   1988   956 wait   S    pts/0      0:00  \_ /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto.pid
4     0 14534 14532  16   0   2320  1212 -      S    pts/0      0:00  |   \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --debug-all --uniqueids
0     0 14575 14534  22   0   1296   276 -      S    pts/0      0:00  |       \_ _pluto_adns -d
0     0 14535 14531  15   0   1992   948 pipe_w S pts/0      0:00  \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 
0     0 14533     1  16   0   1360   468 pipe_w S pts/0      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=24.91.72.14
routenexthop=24.91.72.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

# This file:  /usr/share/doc/openswan-2.2.0/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	interfaces=%defaultroute
	klipsdebug=all
	plutodebug=all
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	# klipsdebug=none
	# plutodebug="control parsing"

# Add connections here

# sample VPN connection
#sample#	conn sample
#sample#		# Left security gateway, subnet behind it, next hop toward right.
#sample#		left=10.0.0.1
#sample#		leftsubnet=172.16.0.0/24
#sample#		leftnexthop=10.22.33.44
#sample#		# Right security gateway, subnet behind it, next hop toward left.
#sample#		right=10.12.12.1
#sample#		rightsubnet=192.168.0.0/24
#sample#		rightnexthop=10.101.102.103
#sample#		# To authorize this connection, but not actually start it, at startup,
#sample#		# uncomment this.
#sample#		#auto=start

#Disable Opportunistic Encryption

#< /etc/ipsec/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

#> /etc/ipsec/ipsec.conf 38

#< /etc/ipsec/w-b.conf 1
conn w-b
	left=24.91.72.14
	leftsubnet=192.168.10.0/24
	leftid=@w.netgenco.com
	leftrsasigkey=[keyid AQOTnxk5o]
	leftnexthop=24.91.72.1
	right=221.219.4.251
	rightsubnet=192.168.8.0/24
	rightid=@b.netgenco.com
	rightrsasigkey=[keyid AQO26/Ngp]
	rightnexthop=61.51.120.1
	authby=rsasig
	auto=start

#> /etc/ipsec/ipsec.conf 39
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec/ipsec.secrets 1
: RSA	{
	# RSA 2048 bits   sushi   Sat Feb 26 11:51:31 2005
	# for signatures only, UNSAFE FOR ENCRYPTION
	#pubkey=[keyid AQOTnxk5o]
	Modulus: [...]
	PublicExponent: [...]
	# everything after this point is secret
	PrivateExponent: [...]
	Prime1: [...]
	Prime2: [...]
	Exponent1: [...]
	Exponent2: [...]
	Coefficient: [...]
	}
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
000 Feb 26 23:28:56 2005, 2048 RSA Key AQO26/Ngp, until --- -- --:--:-- ---- ok (expires never)
000        ID_FQDN '@b.netgenco.com'
000 Feb 26 23:28:56 2005, 2048 RSA Key AQOTnxk5o, until --- -- --:--:-- ---- ok (expires never)
000        ID_FQDN '@w.netgenco.com'
+ '[' /etc/ipsec/ipsec.d/policies ']'
++ basename /etc/ipsec/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 100
-rwxr-xr-x  1 root root 15409 Feb 26 00:07 _confread
-rwxr-xr-x  1 root root  5344 Feb 26 00:07 _copyright
-rwxr-xr-x  1 root root  2391 Feb 26 00:07 _include
-rwxr-xr-x  1 root root  1475 Feb 26 00:07 _keycensor
-rwxr-xr-x  1 root root  3586 Feb 26 00:07 _plutoload
-rwxr-xr-x  1 root root  7167 Feb 26 00:07 _plutorun
-rwxr-xr-x  1 root root 10493 Feb 26 00:07 _realsetup
-rwxr-xr-x  1 root root  1975 Feb 26 00:07 _secretcensor
-rwxr-xr-x  1 root root  9016 Feb 26 00:07 _startklips
-rwxr-xr-x  1 root root 12313 Feb 26 00:07 _updown
-rwxr-xr-x  1 root root  7572 Feb 26 00:07 _updown_x509
-rwxr-xr-x  1 root root  1942 Feb 26 00:07 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 1308
-rwxr-xr-x  1 root root  10496 Feb 26 00:07 _pluto_adns
-rwxr-xr-x  1 root root  19220 Feb 26 00:07 auto
-rwxr-xr-x  1 root root  10230 Feb 26 00:07 barf
-rwxr-xr-x  1 root root    816 Feb 26 00:07 calcgoo
-rwxr-xr-x  1 root root  82632 Feb 26 00:07 eroute
-rwxr-xr-x  1 root root  61684 Feb 26 00:07 klipsdebug
-rwxr-xr-x  1 root root   2461 Feb 26 00:07 look
-rwxr-xr-x  1 root root   7130 Feb 26 00:07 mailkey
-rwxr-xr-x  1 root root  16188 Feb 26 00:07 manual
-rwxr-xr-x  1 root root   1874 Feb 26 00:07 newhostkey
-rwxr-xr-x  1 root root  54788 Feb 26 00:07 pf_key
-rwxr-xr-x  1 root root 580876 Feb 26 00:07 pluto
-rwxr-xr-x  1 root root   7424 Feb 26 00:07 ranbits
-rwxr-xr-x  1 root root  19400 Feb 26 00:07 rsasigkey
-rwxr-xr-x  1 root root    766 Feb 26 00:07 secrets
-rwxr-xr-x  1 root root  17578 Feb 26 00:07 send-pr
lrwxrwxrwx  1 root root     17 Feb 26 00:07 setup -> /etc/init.d/ipsec
-rwxr-xr-x  1 root root   1048 Feb 26 00:07 showdefaults
-rwxr-xr-x  1 root root   4370 Feb 26 00:07 showhostkey
-rwxr-xr-x  1 root root 120644 Feb 26 00:07 spi
-rwxr-xr-x  1 root root  69932 Feb 26 00:07 spigrp
-rwxr-xr-x  1 root root  84216 Feb 26 00:07 starter
-rwxr-xr-x  1 root root  10416 Feb 26 00:07 tncfg
-rwxr-xr-x  1 root root  10195 Feb 26 00:07 verify
-rwxr-xr-x  1 root root  61404 Feb 26 00:07 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
 bond0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
 plip0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth0:38823694  447475    0    0    0     0          0         0 39165404   49606    1    0    1     0       1          0
    lo:  120466    1041    0    0    0     0          0         0   120466    1041    0    0    0     0       0          0
  tap0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
dummy0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth1: 2571681   14410    0    0    0     0          0         0 11791217   15227    0    0    0     0       0          0
 teql0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
 tunl0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  gre0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  sit0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ip6tnl0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
eth1	000AA8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
eth0	0008A8C0	01485B18	0003	0	0	0	00FFFFFF	0	0	0                                                                               
eth0	00485B18	00000000	0001	0	0	0	00FEFFFF	0	0	0                                                                               
lo	0000007F	0100007F	0003	0	0	0	000000FF	0	0	0                                                                                 
eth0	00000000	01485B18	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux sushi 2.6.10-gentoo-r6 #1 SMP Sat Feb 26 01:32:16 EST 2005 i686 Celeron (Mendocino) GenuineIntel GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ test -r /etc/fedora-release
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.10-gentoo-r6) support detected '
native PFKEY (2.6.10-gentoo-r6) support detected 
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 1 packets, 52 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   73 14181 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    7   288 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 5325  788K eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
  867  146K eth1_in    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 2623 2999K eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
 2785  422K eth1_fwd   all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   73 14181 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP      !icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
 5531 1293K fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           
  732  130K fw2masq    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
    0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:' 
    0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain Drop (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  172 64948 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 DropSMB    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 dropNotSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DropDNSrep (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 

Chain DropSMB (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:135 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:445 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:135 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 

Chain DropUPnP (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900 

Chain Reject (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    1    48 RejectAuth  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 RejectSMB  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 DropUPnP   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 dropNotSyn  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 DropDNSrep  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain RejectAuth (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 

Chain RejectSMB (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:135 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139 
    0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:445 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:135 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 

Chain all2all (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    1    48 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    48 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' 
    1    48 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain dropBcast (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast 

Chain dropInvalid (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 

Chain dropNotSyn (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x16/0x02 

Chain dynamic (4 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
 2623 2999K net2all    all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain eth0_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  699  160K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
  215 77678 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:67:68 
 5110  711K net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain eth1_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  682 33296 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
 2785  422K masq2net   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain eth1_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  670  132K dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW 
  867  146K masq2fw    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  621  104K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 53,631,515,137,138,139,80,443 
  110 26510 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 53,631,515,137,138,139,80,443 
    1    48 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4316 1213K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
 1215 80862 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain icmpdef (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain masq2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  197 14324 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:137 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:138 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:220 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:119 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:123 
  288 20194 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
  151 69421 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:67 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:21 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:22 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:23 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 
   80  6816 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137 
  151 35716 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:139 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:143 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:220 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:993 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:110 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:25 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:123 
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain masq2net (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2103  388K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  682 33296 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2all (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 2623 2999K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  172 64948 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  172 64948 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' 
  172 64948 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4626  628K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
  287 13996 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:137 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:138 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
    6   288 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:220 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6901 
   18  3236 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 53,137,138,139,631,6901,23,500 
  172 64948 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain reject (11 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
    1    48 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain smurfs (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
    0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' 
    0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0           
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 1507K packets, 204M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 654K packets, 44M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1356 80902 eth0_masq  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain eth0_masq (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  681 33248 MASQUERADE  all  --  *      *       192.168.10.0/24      0.0.0.0/0           
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 96M packets, 71G bytes)
 pkts bytes target     prot opt in     out     source               destination         
11680 4370K pretos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 75M packets, 60G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 21M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 46M packets, 23G bytes)
 pkts bytes target     prot opt in     out     source               destination         
 6336 1438K outtos     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 67M packets, 34G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain outtos (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
 1558  552K TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 

Chain pretos (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1747  141K TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:22 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:21 TOS set 0x10 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:20 TOS set 0x08 
    0     0 TOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20 TOS set 0x08 
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
snd_ens1371 20388 0 - Live 0xf28d5000
snd_ac97_codec 73440 1 snd_ens1371, Live 0xf28ec000
snd_rawmidi 20896 1 snd_ens1371, Live 0xf28ce000
reiserfs 240848 0 - Live 0xf29d9000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal:       772084 kB
MemFree:         11812 kB
Buffers:        290956 kB
Cached:         123980 kB
SwapCached:          0 kB
Active:         268764 kB
Inactive:       271652 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       772084 kB
LowFree:         11812 kB
SwapTotal:      538136 kB
SwapFree:       538136 kB
Dirty:              52 kB
Writeback:           0 kB
Mapped:         156508 kB
Slab:           204192 kB
CommitLimit:    924176 kB
Committed_AS:   377720 kB
PageTables:       1932 kB
VmallocTotal:   253876 kB
VmallocUsed:     37992 kB
VmallocChunk:   214960 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NETLINK_DEV=y
CONFIG_NET_KEY=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
CONFIG_IP_PNP_DHCP=y
CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_TUNNEL=y
CONFIG_IP_TCPDIAG=y
CONFIG_IP_TCPDIAG_IPV6=y
# CONFIG_IP_VS is not set
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
CONFIG_INET6_TUNNEL=y
CONFIG_IPV6_TUNNEL=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_TFTP=y
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_PHYSDEV=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_REALM=y
CONFIG_IP_NF_MATCH_SCTP=y
CONFIG_IP_NF_MATCH_COMMENT=y
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_TARGET_NOTRACK=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP6_NF_QUEUE=y
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_LIMIT=y
CONFIG_IP6_NF_MATCH_MAC=y
CONFIG_IP6_NF_MATCH_RT=y
CONFIG_IP6_NF_MATCH_OPTS=y
CONFIG_IP6_NF_MATCH_FRAG=y
CONFIG_IP6_NF_MATCH_HL=y
CONFIG_IP6_NF_MATCH_MULTIPORT=y
CONFIG_IP6_NF_MATCH_OWNER=y
CONFIG_IP6_NF_MATCH_MARK=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_MATCH_AHESP=y
CONFIG_IP6_NF_MATCH_LENGTH=y
CONFIG_IP6_NF_MATCH_EUI64=y
CONFIG_IP6_NF_MATCH_PHYSDEV=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_LOG=y
CONFIG_IP6_NF_MANGLE=y
# CONFIG_IP6_NF_TARGET_MARK is not set
CONFIG_IP6_NF_RAW=y
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
domain netgenco.com
nameserver 204.127.202.19
nameserver 216.148.227.204
search hsd1.ma.comcast.net.
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
drwxr-xr-x  3 root root 4096 Dec  8 22:56 2.6.9-gentoo-r1
drwxr-xr-x  3 root root 4096 Feb 25 10:24 2.6.9-gentoo-r9
drwxr-xr-x  3 root root 4096 Feb 26 01:56 2.6.10-gentoo-r6
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c0428c50 T netif_rx
c0428e30 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-gentoo-r6: 
2.6.9-gentoo-r1: 
2.6.9-gentoo-r9: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ cat
+ _________________________ plog
+ sed -n '1,$p' /dev/null
+ egrep -i pluto
+ cat
+ _________________________ date
+ date
Sun Feb 27 00:54:08 EST 2005


More information about the Users mailing list