[Openswan Users] Packets being dropped
Jeremy Mann
jrmann1999 at gmail.com
Sat May 7 12:14:21 CEST 2005
I am experiencing a problem with packets needing retransmission. I'm
doing a gateway to gateway connection from my home(dynamic IP) to my
office. The tunnel never dies, but if I try to do an SSH session
across the tunnel, I can login just fine but running a ps -ef or top
or whatever displays a little text then just locks up. I've done a
tethereal dump and this is what I see:
root@$ tethereal -f 'net 10.10.0.0/24' -i eth1
...
6.149398 10.10.0.148 -> 192.168.1.75 TCP [TCP Dup ACK 115#4] 2347 >
ssh [ACK] Seq=2216 Ack=2651 Win=16404 Len=0 SLE=2318769310
SRE=2318769366 SLE=2318767850 SRE=2318767906
6.149526 10.10.0.148 -> 192.168.1.75 TCP [TCP Dup ACK 115#5] 2347 >
ssh [ACK] Seq=2216 Ack=2651 Win=16404 Len=0 SLE=2318769310
SRE=2318769366 SLE=2318767850 SRE=2318767906
6.282641 192.168.1.75 -> 10.10.0.148 SSHv2 [TCP Retransmission]
Encrypted response packet len=1404
6.786695 192.168.1.75 -> 10.10.0.148 SSHv2 [TCP Retransmission]
Encrypted response packet len=1404
7.794792 192.168.1.75 -> 10.10.0.148 SSHv2 [TCP Retransmission]
Encrypted response packet len=1404
9.810995 192.168.1.75 -> 10.10.0.148 SSHv2 [TCP Retransmission]
Encrypted response packet len=1404
13.843391 192.168.1.75 -> 10.10.0.148 SSHv2 [TCP Retransmission]
Encrypted response packet len=1404
The last bit happens over and over, which makes me thing something is
being dropped. Attached is the output of ipsec barf, I could use some
help if possible....
The tunnel in question is home-tunnel, and I added ip addresses to my
ethernet interfaces with ip addr add instead of doing an ifconfig
eth0:#
-------------- next part --------------
occucaremedicalcenters.com
Sat May 7 11:07:52 CDT 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.6.9-gentoo-r4jrm (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.6.9-gentoo-r4jrm (root at occucaremedicalcenters.com) (gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)) #1 Fri Dec 3 16:38:43 CST 2004
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
216.158.212.112 0.0.0.0 255.255.255.240 U 0 0 0 eth0
10.10.0.0 216.158.212.113 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
216.158.212.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 192.168.1.1 255.255.240.0 UG 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 216.158.212.113 0.0.0.0 UG 0 0 0 eth0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
71.240.180.131 216.158.212.116
esp mode=tunnel spi=2603218879(0x9b29f7bf) reqid=16397(0x0000400d)
E: 3des-cbc 6630846f 2a76ae93 28b839bb e3232344 a80d9c11 c99b8c6a
A: hmac-md5 7dfd442d d66c20fe d87e4137 2ad48338
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: May 7 11:00:35 2005 current: May 7 11:07:52 2005
diff: 437(s) hard: 0(s) soft: 0(s)
last: May 7 11:00:35 2005 hard: 0(s) soft: 0(s)
current: 17402(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 157 hard: 0 soft: 0
sadb_seq=1 pid=6138 refcnt=0
216.158.212.116 71.240.180.131
esp mode=tunnel spi=268435472(0x10000010) reqid=16397(0x0000400d)
E: 3des-cbc d23105f8 491f826f d8c1ff46 7c63352a 84db1bbb f9de87bc
A: hmac-md5 bcee6cc0 b66cfd38 7efad9fc caa36000
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: May 7 11:00:35 2005 current: May 7 11:07:52 2005
diff: 437(s) hard: 0(s) soft: 0(s)
last: May 7 11:00:36 2005 hard: 0(s) soft: 0(s)
current: 58768(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 130 hard: 0 soft: 0
sadb_seq=0 pid=6138 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
10.10.0.0/24[any] 192.168.1.0/24[any] any
in ipsec
esp/tunnel/71.240.180.131-216.158.212.116/unique#16397
created: May 7 11:00:35 2005 lastused: May 7 11:03:49 2005
lifetime: 0(s) validtime: 0(s)
spid=1816 seq=34 pid=6139
refcnt=27
192.168.1.0/24[any] 10.10.0.0/24[any] any
out ipsec
esp/tunnel/216.158.212.116-71.240.180.131/unique#16397
created: May 7 11:00:35 2005 lastused: May 7 11:07:26 2005
lifetime: 0(s) validtime: 0(s)
spid=1833 seq=33 pid=6139
refcnt=29
10.10.0.0/24[any] 192.168.1.0/24[any] any
fwd ipsec
esp/tunnel/71.240.180.131-216.158.212.116/unique#16397
created: May 7 11:00:35 2005 lastused: May 7 11:07:50 2005
lifetime: 0(s) validtime: 0(s)
spid=1826 seq=32 pid=6139
refcnt=20
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1803 seq=31 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1787 seq=30 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1771 seq=29 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1755 seq=28 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1739 seq=27 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused: May 7 11:00:35 2005
lifetime: 0(s) validtime: 0(s)
spid=1723 seq=26 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1707 seq=25 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1691 seq=24 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1675 seq=23 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1659 seq=22 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1643 seq=21 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1627 seq=20 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1611 seq=19 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1595 seq=18 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1579 seq=17 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1563 seq=16 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1812 seq=15 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1796 seq=14 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1780 seq=13 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1764 seq=12 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1748 seq=11 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused: May 7 11:00:35 2005
lifetime: 0(s) validtime: 0(s)
spid=1732 seq=10 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1716 seq=9 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1700 seq=8 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1684 seq=7 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1668 seq=6 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1652 seq=5 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1636 seq=4 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1620 seq=3 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1604 seq=2 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1588 seq=1 pid=6139
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: May 7 11:00:14 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1572 seq=0 pid=6139
refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 216.158.212.115
000 interface eth0/eth0 216.158.212.115
000 interface eth0/eth0 216.158.212.116
000 interface eth0/eth0 216.158.212.116
000 interface eth0/eth0 216.158.212.114
000 interface eth0/eth0 216.158.212.114
000 interface eth0/eth0 216.158.212.117
000 interface eth0/eth0 216.158.212.117
000 interface eth1/eth1 192.168.1.102
000 interface eth1/eth1 192.168.1.102
000 interface eth1/eth1 192.168.1.103
000 interface eth1/eth1 192.168.1.103
000 interface eth1/eth1 192.168.1.160
000 interface eth1/eth1 192.168.1.160
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "home": 216.158.212.115:17/1701---216.158.212.113...%any:17/1701; unrouted; eroute owner: #0
000 "home": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "home": policy: PSK+ENCRYPT+TUNNEL; prio: 32,32; interface: eth0;
000 "home": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "home": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "home": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "home": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "home": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "home-tunnel": 192.168.1.0/24===216.158.212.116---216.158.212.113...%any===10.10.0.0/24; unrouted; eroute owner: #0
000 "home-tunnel": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "home-tunnel": policy: PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;
000 "home-tunnel": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "home-tunnel": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "home-tunnel": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "home-tunnel": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "home-tunnel": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "home-tunnel"[1]: 192.168.1.0/24===216.158.212.116---216.158.212.113...71.240.180.131===10.10.0.0/24; erouted; eroute owner: #2
000 "home-tunnel"[1]: ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "home-tunnel"[1]: policy: PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;
000 "home-tunnel"[1]: newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "home-tunnel"[1]: IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "home-tunnel"[1]: IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "home-tunnel"[1]: IKE algorithm newest: 3DES_CBC_192-SHA-MODP1024
000 "home-tunnel"[1]: ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "home-tunnel"[1]: ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "home-tunnel"[1]: ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<N/A>
000 "olney": 192.168.1.0/24===216.158.212.115---216.158.212.113...208.31.187.61===192.168.191.0/24; unrouted; eroute owner: #0
000 "olney": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "olney": policy: PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;
000 "olney": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "olney": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "olney": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "olney": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "olney": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000
000 #2: "home-tunnel"[1] 71.240.180.131 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28093s; newest IPSEC; eroute owner
000 #2: "home-tunnel"[1] 71.240.180.131 esp.10000010 at 71.240.180.131 esp.9b29f7bf at 216.158.212.116 tun.0 at 71.240.180.131 tun.0 at 216.158.212.116
000 #1: "home-tunnel"[1] 71.240.180.131 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 28093s; newest ISAKMP
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:10:B5:0F:DB:8D
inet addr:216.158.212.115 Bcast:216.158.212.255 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2507027 errors:0 dropped:0 overruns:0 frame:0
TX packets:2757387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:359151561 (342.5 Mb) TX bytes:622315194 (593.4 Mb)
Interrupt:10 Base address:0x6000
eth1 Link encap:Ethernet HWaddr 00:60:67:2C:22:DF
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4045787 errors:0 dropped:0 overruns:0 frame:0
TX packets:3757215 errors:3 dropped:0 overruns:0 carrier:6
collisions:36887 txqueuelen:1000
RX bytes:944527046 (900.7 Mb) TX bytes:1242518410 (1184.9 Mb)
Interrupt:11 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2734056 errors:0 dropped:0 overruns:0 frame:0
TX packets:2734056 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:917614922 (875.1 Mb) TX bytes:917614922 (875.1 Mb)
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.6.9-gentoo-r4jrm (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: occucaremedicalcenters.com [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 115.212.158.216.in-addr.arpa. [MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
SIOCGMIIPHY on 'eth1' failed: Operation not supported
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
occucaremedicalcenters.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
216.158.212.116
+ _________________________ uptime
+ uptime
11:07:52 up 4 days, 22:06, 2 users, load average: 0.00, 0.02, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 6111 5776 20 0 2140 1000 - R+ pts/1 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
5 0 5590 1 21 0 2012 968 wait S ? 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid
5 0 5591 5590 21 0 2012 972 wait S ? 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid
4 0 5592 5591 16 0 2272 1164 - S ? 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec/ipsec.secrets --ipsecdir /etc/ipsec/ipsec.d --uniqueids --nat_traversal
4 0 5640 5592 18 0 1312 276 - S ? 0:00 | \_ _pluto_adns
4 0 5595 5590 15 0 2012 956 pipe_w S ? 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
4 0 5597 1 21 0 1368 392 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=216.158.212.115
routenexthop=216.158.212.113
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan-2.2.0/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
conn olney
type=tunnel
authby=secret
pfs=no
left=216.158.212.115
leftsubnet=192.168.1.0/24
leftnexthop=216.158.212.113
#leftprotoport=17/1701
right=208.31.187.61
rightsubnet=192.168.191.0/24
#rightprotoport=17/1701
auto=add
keyingtries=%forever
conn home-tunnel
type=tunnel
authby=secret
pfs=no
left=216.158.212.116
leftsubnet=192.168.1.0/24
leftnexthop=216.158.212.113
right=%any
rightsubnet=10.10.0.0/24
auto=add
keyingtries=%forever
ikelifetime=8h
conn home
type=tunnel
authby=secret
pfs=no
left=216.158.212.115
leftnexthop=216.158.212.113
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
auto=add
keyingtries=%forever
#Disable Opportunistic Encryption
#< /etc/ipsec/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec/ipsec.conf 54
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec/ipsec.secrets 1
216.158.212.115 208.31.187.61: PSK "[sums to ba53...]"
216.158.212.115 %any: PSK "[sums to 923b...]"
192.168.1.102 %any: PSK "[sums to 923b...]"
216.158.212.116 %any: PSK "[sums to 5417...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000
000 List of X.509 CA Certificates:
000
000 May 07 11:00:14 2005, count: 1
000 subject: 'C=US, ST=Texas, L=Grapevine, O=IntegraCare Home Health Services Inc., CN=Jeremy Mann, E=jmann at integracarehh.com'
000 issuer: 'C=US, ST=Texas, L=Grapevine, O=IntegraCare Home Health Services Inc., CN=Jeremy Mann, E=jmann at integracarehh.com'
000 serial: 00:b9:46:35:07:6c:8e:4b:60
000 pubkey: 1024 RSA Key AwEAAdWF9
000 validity: not before Mar 03 15:45:44 2005 ok
000 not after Mar 03 15:45:44 2006 ok
000 subjkey: 78:7a:aa:a8:66:57:44:41:f5:eb:7f:ce:a7:d0:82:ee:b2:01:50:77
000 authkey: 78:7a:aa:a8:66:57:44:41:f5:eb:7f:ce:a7:d0:82:ee:b2:01:50:77
000 aserial: 00:b9:46:35:07:6c:8e:4b:60
000 May 07 11:00:14 2005, count: 1
000 subject: 'C=US, ST=Texas, L=Grapevine, O=IntegraCare Home Health Services Inc., E=jmann at integracarehh.com'
000 issuer: 'C=US, ST=Texas, L=Grapevine, O=IntegraCare Home Health Services Inc., E=jmann at integracarehh.com'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAZoS2
000 validity: not before Dec 22 12:56:43 2004 ok
000 not after Dec 21 12:56:43 2014 ok
000 subjkey: 36:97:ab:0c:12:c7:24:f2:19:2c:98:a2:e7:2e:a3:59:03:43:e7:4a
000 authkey: 36:97:ab:0c:12:c7:24:f2:19:2c:98:a2:e7:2e:a3:59:03:43:e7:4a
000 aserial: 00
+ '[' /etc/ipsec/ipsec.d/policies ']'
++ basename /etc/ipsec/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan-2.2.0/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 100
-rwxr-xr-x 1 root root 15409 Dec 16 12:39 _confread
-rwxr-xr-x 1 root root 5152 Dec 16 12:39 _copyright
-rwxr-xr-x 1 root root 2391 Dec 16 12:39 _include
-rwxr-xr-x 1 root root 1475 Dec 16 12:39 _keycensor
-rwxr-xr-x 1 root root 3586 Dec 16 12:39 _plutoload
-rwxr-xr-x 1 root root 7167 Dec 16 12:39 _plutorun
-rwxr-xr-x 1 root root 10493 Dec 16 12:39 _realsetup
-rwxr-xr-x 1 root root 1975 Dec 16 12:39 _secretcensor
-rwxr-xr-x 1 root root 9016 Dec 16 12:39 _startklips
-rwxr-xr-x 1 root root 12313 Dec 16 12:39 _updown
-rwxr-xr-x 1 root root 7572 Dec 16 12:39 _updown_x509
-rwxr-xr-x 1 root root 1942 Dec 16 12:39 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 1161
-rwxr-xr-x 1 root root 8828 Dec 16 12:39 _pluto_adns
-rwxr-xr-x 1 root root 19220 Dec 16 12:39 auto
-rwxr-xr-x 1 root root 10230 Dec 16 12:39 barf
-rwxr-xr-x 1 root root 816 Dec 16 12:39 calcgoo
-rwxr-xr-x 1 root root 74572 Dec 16 12:39 eroute
-rwxr-xr-x 1 root root 57672 Dec 16 12:39 klipsdebug
-rwxr-xr-x 1 root root 2461 Dec 16 12:39 look
-rwxr-xr-x 1 root root 7130 Dec 16 12:39 mailkey
-rwxr-xr-x 1 root root 16188 Dec 16 12:39 manual
-rwxr-xr-x 1 root root 1874 Dec 16 12:39 newhostkey
-rwxr-xr-x 1 root root 50292 Dec 16 12:39 pf_key
-rwxr-xr-x 1 root root 528172 Dec 16 12:39 pluto
-rwxr-xr-x 1 root root 7292 Dec 16 12:39 ranbits
-rwxr-xr-x 1 root root 19464 Dec 16 12:39 rsasigkey
-rwxr-xr-x 1 root root 766 Dec 16 12:39 secrets
-rwxr-xr-x 1 root root 17578 Dec 16 12:39 send-pr
lrwxrwxrwx 1 root root 17 Dec 16 12:39 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1048 Dec 16 12:39 showdefaults
-rwxr-xr-x 1 root root 4370 Dec 16 12:39 showhostkey
-rwxr-xr-x 1 root root 110256 Dec 16 12:39 spi
-rwxr-xr-x 1 root root 63636 Dec 16 12:39 spigrp
-rwxr-xr-x 1 root root 77584 Dec 16 12:39 starter
-rwxr-xr-x 1 root root 9960 Dec 16 12:39 tncfg
-rwxr-xr-x 1 root root 10195 Dec 16 12:39 verify
-rwxr-xr-x 1 root root 40588 Dec 16 12:39 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo:917616172 2734068 0 0 0 0 0 0 917616172 2734068 0 0 0 0 0 0
eth0:359151651 2507028 0 0 0 0 0 0 622315344 2757389 0 0 0 0 0 0
eth1:944527226 4045790 0 0 0 0 0 159411 1242518470 3757216 3 0 0 36887 6 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 70D49ED8 00000000 0001 0 0 0 F0FFFFFF 0 0 0
eth0 00000A0A 71D49ED8 0003 0 0 0 00FFFFFF 0 0 0
eth1 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 00D49ED8 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 0000A8C0 0101A8C0 0003 0 0 0 00F0FFFF 0 0 0
lo 0000007F 0100007F 0003 0 0 0 000000FF 0 0 0
eth0 00000000 71D49ED8 0003 0 0 0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux occucaremedicalcenters.com 2.6.9-gentoo-r4jrm #1 Fri Dec 3 16:38:43 CST 2004 i686 AMD Duron(tm) processor AuthenticAMD GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ test -r /etc/fedora-release
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.6.9-gentoo-r4jrm) support detected '
native PFKEY (2.6.9-gentoo-r4jrm) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 288: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ ipchains -L -v -n
ipchains: Incompatible with this kernel
+ _________________________
+ ipchains -M -L -v -n
ipchains: cannot open file `/proc/net/ip_masquerade'
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 24M packets, 7615M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 18M packets, 1923M bytes)
pkts bytes target prot opt in out source destination
1707 282K ACCEPT all -- * * 0.0.0.0/0 10.10.0.0/24
Chain OUTPUT (policy ACCEPT 22M packets, 8518M bytes)
pkts bytes target prot opt in out source destination
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 1062K packets, 97M bytes)
pkts bytes target prot opt in out source destination
958 56117 DNAT tcp -- * * 0.0.0.0/0 216.158.212.115 tcp dpt:3389 to:192.168.1.63
479 30572 DNAT tcp -- * * 0.0.0.0/0 192.168.1.103 tcp dpt:3389 to:192.168.1.63
Chain POSTROUTING (policy ACCEPT 429K packets, 45M bytes)
pkts bytes target prot opt in out source destination
124 13127 ACCEPT all -- * * 10.10.0.0/24 0.0.0.0/0
2 168 ACCEPT all -- * * 0.0.0.0/0 10.10.0.0/24
51253 15M ACCEPT all -- * eth1 192.168.1.0/24 0.0.0.0/0
1942 429K ACCEPT all -- * eth1 192.168.160.0/24 0.0.0.0/0
4790 374K ACCEPT all -- * eth1 192.168.191.0/24 0.0.0.0/0
36298 2666K SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 to:192.168.1.102
1073 258K ACCEPT all -- * eth0 216.158.212.114 0.0.0.0/0
1867 338K ACCEPT all -- * eth0 216.158.212.116 0.0.0.0/0
1078 259K ACCEPT all -- * eth0 216.158.212.117 0.0.0.0/0
59115 6780K SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:216.158.212.115
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 316 packets, 28470 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 313 packets, 28340 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 2 packets, 89 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 129 packets, 29131 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 131 packets, 29220 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 2304 0 - Live 0xd123b000
ppp_async 8960 0 - Live 0xd1290000
crc_ccitt 1920 1 ppp_async, Live 0xd1259000
ppp_generic 19476 1 ppp_async, Live 0xd1272000
slhc 7424 1 ppp_generic, Live 0xd125b000
iptable_nat 21448 1 - Live 0xd126b000
ip_conntrack 38900 1 iptable_nat, Live 0xd1278000
iptable_filter 2432 1 - Live 0xd1239000
ip_tables 15360 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xd1252000
twofish 37376 0 - Live 0xd1260000
aes_i586 38132 0 - Live 0xd1247000
blowfish 9728 0 - Live 0xd123d000
des 11520 2 - Live 0xd1206000
sha256 9216 0 - Live 0xd1235000
sha1 8704 0 - Live 0xd1217000
md5 3840 2 - Live 0xd120d000
xfrm_user 13188 0 - Live 0xd1212000
ipcomp 6536 0 - Live 0xd120a000
esp4 6912 2 - Live 0xd114f000
ah4 5504 0 - Live 0xd1203000
usbcore 99684 1 - Live 0xd121b000
af_key 26896 0 - Live 0xd1152000
ne2k_pci 7776 0 - Live 0xd113f000
8139too 20096 0 - Live 0xd1143000
mii 4096 1 8139too, Live 0xd087e000
8390 8064 1 ne2k_pci, Live 0xd1138000
+ _________________________ proc/meminfo
+ cat /proc/meminfo
MemTotal: 254972 kB
MemFree: 3136 kB
Buffers: 39512 kB
Cached: 50992 kB
SwapCached: 59560 kB
Active: 202264 kB
Inactive: 26868 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 254972 kB
LowFree: 3136 kB
SwapTotal: 248968 kB
SwapFree: 126684 kB
Dirty: 56 kB
Writeback: 0 kB
Mapped: 141168 kB
Slab: 16728 kB
Committed_AS: 431768 kB
PageTables: 2464 kB
VmallocTotal: 778196 kB
VmallocUsed: 10804 kB
VmallocChunk: 767364 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
# CONFIG_NETLINK_DEV is not set
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_IP_MROUTE is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_REALM=m
CONFIG_IP_NF_MATCH_SCTP=m
CONFIG_IP_NF_MATCH_COMMENT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
# This is from Debian, we are using it for now
# Daniel Robbins, 5/15/99
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog1
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* /var/log/mail.log
user.* -/var/log/user.log
uucp.* -/var/log/uucp.log
local6.debug /var/log/imapd.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
#daemon.*,mail.*;\
# news.crit;news.err;news.notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole
local2.* -/var/log/ppp.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 192.168.1.102
nameserver 216.158.195.155
nameserver 216.158.195.152
search bedford.integracarehh.com
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 0
drwxr-xr-x 5 root root 440 Jun 11 2004 2.4.20-gentoo-r5
drwxr-xr-x 4 root root 416 Nov 23 14:23 2.4.26-gentoo-r9
drwxr-xr-x 3 root root 424 Dec 3 15:50 2.6.9-gentoo-r4
drwxr-xr-x 3 root root 424 May 2 13:04 2.6.9-gentoo-r4jrm
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c038f870 T netif_rx
c038f870 U netif_rx [ppp_generic]
c038f870 U netif_rx [8390]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.20-gentoo-r5: U netif_rx_R9ec59586
2.4.26-gentoo-r9: U netif_rx
2.6.9-gentoo-r4:
2.6.9-gentoo-r4jrm:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '13858,$p' /var/log/syslog1
+ egrep -i 'ipsec|klips|pluto'
+ cat
May 7 11:00:13 occucaremedicalcenters ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.9-gentoo-r4jrm...
May 7 11:00:13 occucaremedicalcenters ipsec_setup: KLIPS ipsec0 on eth0 216.158.212.115/255.255.255.240 broadcast 216.158.212.255
May 7 11:00:14 occucaremedicalcenters ipsec_setup: ...Openswan IPsec started
+ _________________________ plog
+ sed -n '865,$p' /var/log/auth.log
+ cat
+ egrep -i pluto
May 7 11:00:14 occucaremedicalcenters ipsec__plutorun: Starting Pluto subsystem...
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Starting Pluto (Openswan Version 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
May 7 11:00:14 occucaremedicalcenters pluto[5592]: including NAT-Traversal patch (Version 0.6c)
May 7 11:00:14 occucaremedicalcenters pluto[5592]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Using Linux 2.6 IPsec interface code
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Changing to directory '/etc/ipsec/ipsec.d/cacerts'
May 7 11:00:14 occucaremedicalcenters pluto[5592]: loaded CA cert file 'cacert.pem' (1257 bytes)
May 7 11:00:14 occucaremedicalcenters pluto[5592]: loaded CA cert file 'RootCA.der' (972 bytes)
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Could not change to directory '/etc/ipsec/ipsec.d/aacerts'
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Changing to directory '/etc/ipsec/ipsec.d/ocspcerts'
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Changing to directory '/etc/ipsec/ipsec.d/crls'
May 7 11:00:14 occucaremedicalcenters pluto[5592]: Warning: empty directory
May 7 11:00:14 occucaremedicalcenters pluto[5592]: added connection description "home-tunnel"
May 7 11:00:14 occucaremedicalcenters pluto[5592]: added connection description "olney"
May 7 11:00:14 occucaremedicalcenters pluto[5592]: added connection description "home"
May 7 11:00:14 occucaremedicalcenters pluto[5592]: listening for IKE messages
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.160
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.160:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.103
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.103:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.102
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth1/eth1 192.168.1.102:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.117
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.117:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.114
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.114:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.116
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.116:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.115
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface eth0/eth0 216.158.212.115:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface lo/lo 127.0.0.1
May 7 11:00:14 occucaremedicalcenters pluto[5592]: adding interface lo/lo 127.0.0.1:4500
May 7 11:00:14 occucaremedicalcenters pluto[5592]: loading secrets from "/etc/ipsec/ipsec.secrets"
May 7 11:00:34 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: responding to Main Mode from unknown peer 71.240.180.131
May 7 11:00:34 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: transition from state (null) to state STATE_MAIN_R1
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: Peer ID is ID_IPV4_ADDR: '71.240.180.131'
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: I did not send a certificate because I do not have one.
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #1: sent MR3, ISAKMP SA established
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #2: responding to Quick Mode
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #2: transition from state (null) to state STATE_QUICK_R1
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 7 11:00:35 occucaremedicalcenters pluto[5592]: "home-tunnel"[1] 71.240.180.131 #2: IPsec SA established {ESP=>0x10000010 <0x9b29f7bf}
+ _________________________ date
+ date
Sat May 7 11:07:53 CDT 2005
More information about the Users
mailing list