[Openswan Users] IPSec SA estabished but no traffic goes out?
Martin Hillier
martin.hillier at nyquist-solutions.com
Fri Nov 25 20:12:39 CET 2005
Where is my traffic going?
At the moment I have...
Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)
I have tried K2.6.14.2 & .3 with U2.4.2 and .5dr
I can establish the IPSec, but when I try and ping a known address on the other side of the vpn i get no traffic over the vpn?
on eth0 i see:
tcpdump -i eth0
19:48:37.115393 arp who-has 172.16.0.1 tell ??????.pureserver.info
19:48:38.115174 arp who-has 172.16.0.1 tell ??????.pureserver.info
tcpdump host [right vpn ip]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:50:00.461380 IP [right vpn ip] > p15179238.pureserver.info: ESP(spi=0x50a0c52c,seq=0x54)
19:50:00.461380 IP [right vpn ip] > p15179238.pureserver.info: icmp 24: echo request seq 24328
But no extra ESP packets when i ping 172.16.0.1
There is more to the story... I have tried using klips and not the kernel so I could see a bit more by looking at ipsec0. But each time i run ipsec --version i get a kernel oops, this was more of a work around and an attempt to see what was going on.
I have made sure the firewall is off.
I have an eth0:0 192.168.0.10 that is part of the left subnet, not sure if this is a problem or not
Im not sure how to check the routing as it seems to be hidden by the kernel with netkey? or if i should try and get klips working without netkey?
Any ideas would be very welcome.
[root@?????? root]# ipsec barf
??????.pureserver.info
Fri Nov 25 19:56:14 GMT 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.11.12 (root@??????.pureserver.info) (gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #2 SMP Fri Nov 25 18:53:47 GMT 2005
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
[Right IP] [Left IP]
esp mode=tunnel spi=1352713516(0x50a0c52c) reqid=16385(0x00004001)
E: 3des-cbc 1df8d910 a135c5c0 63bb1929 943ac223 65c1ebca 0c02ac79
A: hmac-sha1 9bb0326b 880b732f baa59633 b0fdff5b 4eb7fbcc
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Nov 25 19:36:16 2005 current: Nov 25 19:56:14 2005
diff: 1198(s) hard: 0(s) soft: 0(s)
last: Nov 25 19:36:16 2005 hard: 0(s) soft: 0(s)
current: 5324(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 121 hard: 0 soft: 0
sadb_seq=3 pid=1326 refcnt=0
[Right IP] [Left IP]
esp mode=tunnel spi=3707438638(0xdcfb062e) reqid=16385(0x00004001)
E: 3des-cbc 6d7e4666 c410b0c2 fe4f4d64 f5e1f57f 69e361d4 a01ebe0d
A: hmac-sha1 1eaf04eb 8a6cd247 5432635c 814f0b77 bbccece7
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Nov 25 19:18:10 2005 current: Nov 25 19:56:14 2005
diff: 2284(s) hard: 0(s) soft: 0(s)
last: Nov 25 19:18:10 2005 hard: 0(s) soft: 0(s)
current: 4840(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 110 hard: 0 soft: 0
sadb_seq=2 pid=1326 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
172.16.0.0/24[any] 192.168.0.0/24[any] any
in prio high + 1073739480 ipsec
esp/tunnel/[Right IP]-[Left IP]/unique#16385
created: Nov 25 19:18:10 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=40 seq=6 pid=1327
refcnt=1
192.168.0.0/24[any] 172.16.0.0/24[any] any
out prio high + 1073739480 ipsec
esp/tunnel/[Left IP]-[Right IP]/unique#16385
created: Nov 25 19:36:16 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=33 seq=5 pid=1327
refcnt=1
172.16.0.0/24[any] 192.168.0.0/24[any] any
fwd prio high + 1073739480 ipsec
esp/tunnel/[Right IP]-[Left IP]/unique#16385
created: Nov 25 19:18:10 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=50 seq=4 pid=1327
refcnt=1
(per-socket policy)
in none
created: Nov 25 19:12:11 2005 lastused: Nov 25 19:36:16 2005
lifetime: 0(s) validtime: 0(s)
spid=19 seq=3 pid=1327
refcnt=1
(per-socket policy)
in none
created: Nov 25 19:12:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=3 seq=2 pid=1327
refcnt=1
(per-socket policy)
out none
created: Nov 25 19:12:11 2005 lastused: Nov 25 19:36:16 2005
lifetime: 0(s) validtime: 0(s)
spid=28 seq=1 pid=1327
refcnt=1
(per-socket policy)
out none
created: Nov 25 19:12:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=12 seq=0 pid=1327
refcnt=1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface eth0/eth0 [Left IP]
000 interface lo/lo 127.0.0.1
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "mobius": 192.168.0.0/24===[Left IP]...[Right IP]===172.16.0.0/24; erouted; eroute owner: #3
000 "mobius": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobius": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "mobius": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "mobius": newest ISAKMP SA: #1; newest IPsec SA: #3;
000 "mobius": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000
000 #3: "mobius":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26777s; newest IPSEC; eroute owner
000 #3: "mobius" esp.9f797971@[Right IP] esp.50a0c52c@[Left IP] tun.0@[Right IP] tun.0@[Left IP]
000 #2: "mobius":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 25642s
000 #2: "mobius" esp.9f79796f@[Right IP] esp.dcfb062e@[Left IP] tun.0@[Right IP] tun.0@[Left IP]
000 #1: "mobius":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 662s; newest ISAKMP; nodpd
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:11:B1:FE:62
inet addr:[Left IP] Bcast:[Left IP] Mask:255.255.255.255
inet6 addr: fe80::211:11ff:feb1:fe62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1992 errors:0 dropped:0 overruns:0 frame:0
TX packets:1397 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:351386 (343.1 Kb) TX bytes:891589 (870.6 Kb)
eth0:0 Link encap:Ethernet HWaddr 00:11:11:B1:FE:62
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2464 (2.4 Kb) TX bytes:2464 (2.4 Kb)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:11:b1:fe:62 brd ff:ff:ff:ff:ff:ff
inet [Left IP]/32 brd [Left IP] scope global eth0
inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0:0
inet6 fe80::211:11ff:feb1:fe62/64 scope link
valid_lft forever preferred_lft forever
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
10.255.255.1 dev eth0 scope link
172.16.0.0/24 dev eth0 scope link
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10
169.254.0.0/16 dev eth0 scope link
default via 10.255.255.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
RTNETLINK answers: Invalid argument
Dump terminated
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:aa:00, model 51 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
??????.pureserver.info
+ _________________________ hostname/ipaddress
+ hostname --ip-address
[Left IP]
+ _________________________ uptime
+ uptime
19:56:16 up 44 min, 2 users, load average: 0.00, 0.02, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
1 0 593 1 20 0 2132 1024 wait S ? 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 594 593 20 0 2132 1036 wait S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 596 594 15 0 2356 1220 - S ? 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
1 0 621 596 27 10 2356 852 - SN ? 0:00 | \_ pluto helper # 0
0 0 672 596 18 0 1404 256 - S ? 0:00 | \_ _pluto_adns
0 0 597 593 16 0 2128 1004 pipe_w S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0 0 595 1 20 0 1464 308 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun
0 0 1306 1041 18 0 4156 972 wait S ttyS0 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
0 0 1385 1306 22 0 1588 412 - S ttyS0 0:00 \_ egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=[Left IP]
routenexthop=10.255.255.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.1 2005/07/26 12:28:39 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
klipsdebug = all
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# Add connections here
# sample VPN connection
# conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=start
conn mobius
left=[Left IP]
leftsubnet=192.168.0.0/24
right=[Right IP]
rightsubnet=172.16.0.0/24
authby=secret
auto=route
#Disable Opportunistic Encryption
#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 58
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
: PSK "[sums to fef9...]"
[Left IP] [Right IP]: PSK "[sums to fef9...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 292
-rwxr-xr-x 1 root root 15535 Nov 25 19:09 _confread
-rwxr-xr-x 1 root root 15535 Nov 25 10:51 _confread.old
-rwxr-xr-x 1 root root 45252 Nov 25 19:09 _copyright
-rwxr-xr-x 1 root root 45252 Nov 25 10:51 _copyright.old
-rwxr-xr-x 1 root root 2379 Nov 25 19:09 _include
-rwxr-xr-x 1 root root 2379 Nov 25 10:51 _include.old
-rwxr-xr-x 1 root root 1475 Nov 25 19:09 _keycensor
-rwxr-xr-x 1 root root 1475 Nov 25 10:51 _keycensor.old
-rwxr-xr-x 1 root root 3586 Nov 25 19:09 _plutoload
-rwxr-xr-x 1 root root 3586 Nov 25 10:51 _plutoload.old
-rwxr-xr-x 1 root root 7443 Nov 25 19:09 _plutorun
-rwxr-xr-x 1 root root 7443 Nov 25 10:51 _plutorun.old
-rwxr-xr-x 1 root root 12275 Nov 25 19:09 _realsetup
-rwxr-xr-x 1 root root 12275 Nov 25 10:51 _realsetup.old
-rwxr-xr-x 1 root root 1975 Nov 25 19:09 _secretcensor
-rwxr-xr-x 1 root root 1975 Nov 25 10:51 _secretcensor.old
-rwxr-xr-x 1 root root 9778 Nov 25 19:09 _startklips
-rwxr-xr-x 1 root root 9778 Nov 25 10:51 _startklips.old
-rwxr-xr-x 1 root root 13417 Nov 25 19:09 _updown
-rwxr-xr-x 1 root root 13417 Nov 25 10:51 _updown.old
-rwxr-xr-x 1 root root 15746 Nov 25 19:09 _updown_x509
-rwxr-xr-x 1 root root 15746 Nov 25 10:51 _updown_x509.old
-rwxr-xr-x 1 root root 1942 Nov 25 19:09 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 9808
-rwxr-xr-x 1 root root 69197 Nov 25 19:09 _pluto_adns
-rwxr-xr-x 1 root root 69197 Nov 25 10:51 _pluto_adns.old
-rwxr-xr-x 1 root root 19157 Nov 25 19:09 auto
-rwxr-xr-x 1 root root 19157 Nov 25 10:51 auto.old
-rwxr-xr-x 1 root root 10584 Nov 25 19:09 barf
-rwxr-xr-x 1 root root 10584 Nov 25 10:51 barf.old
-rwxr-xr-x 1 root root 816 Nov 25 19:09 calcgoo
-rwxr-xr-x 1 root root 816 Nov 25 10:51 calcgoo.old
-rwxr-xr-x 1 root root 316534 Nov 25 19:09 eroute
-rwxr-xr-x 1 root root 316534 Nov 25 10:51 eroute.old
-rwxr-xr-x 1 root root 129396 Nov 25 19:09 ikeping
-rwxr-xr-x 1 root root 129396 Nov 25 10:51 ikeping.old
-rwxr-xr-x 1 root root 185639 Nov 25 19:09 klipsdebug
-rwxr-xr-x 1 root root 185639 Nov 25 10:51 klipsdebug.old
-rwxr-xr-x 1 root root 1836 Nov 25 19:09 livetest
-rwxr-xr-x 1 root root 1836 Nov 25 10:51 livetest.old
-rwxr-xr-x 1 root root 2605 Nov 25 19:09 look
-rwxr-xr-x 1 root root 2605 Nov 25 10:51 look.old
-rwxr-xr-x 1 root root 7159 Nov 25 19:09 mailkey
-rwxr-xr-x 1 root root 7159 Nov 25 10:51 mailkey.old
-rwxr-xr-x 1 root root 15996 Nov 25 19:09 manual
-rwxr-xr-x 1 root root 15996 Nov 25 10:51 manual.old
-rwxr-xr-x 1 root root 1926 Nov 25 19:09 newhostkey
-rwxr-xr-x 1 root root 1926 Nov 25 10:51 newhostkey.old
-rwxr-xr-x 1 root root 166104 Nov 25 19:09 pf_key
-rwxr-xr-x 1 root root 166104 Nov 25 10:51 pf_key.old
-rwxr-xr-x 1 root root 2769359 Nov 25 19:09 pluto
-rwxr-xr-x 1 root root 2769359 Nov 25 10:51 pluto.old
-rwxr-xr-x 1 root root 49150 Nov 25 19:09 ranbits
-rwxr-xr-x 1 root root 49150 Nov 25 10:51 ranbits.old
-rwxr-xr-x 1 root root 78968 Nov 25 19:09 rsasigkey
-rwxr-xr-x 1 root root 78968 Nov 25 10:51 rsasigkey.old
-rwxr-xr-x 1 root root 766 Nov 25 19:09 secrets
-rwxr-xr-x 1 root root 766 Nov 25 10:51 secrets.old
-rwxr-xr-x 1 root root 17660 Nov 25 19:09 send-pr
-rwxr-xr-x 1 root root 17660 Nov 25 10:51 send-pr.old
lrwxrwxrwx 1 root root 22 Nov 25 19:09 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Nov 25 19:09 showdefaults
-rwxr-xr-x 1 root root 1054 Nov 25 10:51 showdefaults.old
-rwxr-xr-x 1 root root 4748 Nov 25 19:09 showhostkey
-rwxr-xr-x 1 root root 4748 Nov 25 10:51 showhostkey.old
-rwxr-xr-x 1 root root 515916 Nov 25 19:09 spi
-rwxr-xr-x 1 root root 515916 Nov 25 10:51 spi.old
-rwxr-xr-x 1 root root 254307 Nov 25 19:09 spigrp
-rwxr-xr-x 1 root root 254307 Nov 25 10:51 spigrp.old
-rwxr-xr-x 1 root root 53394 Nov 25 19:09 tncfg
-rwxr-xr-x 1 root root 53394 Nov 25 10:51 tncfg.old
-rwxr-xr-x 1 root root 10613 Nov 25 19:09 verify
-rwxr-xr-x 1 root root 10613 Nov 25 10:51 verify.old
-rwxr-xr-x 1 root root 282864 Nov 25 19:09 whack
-rwxr-xr-x 1 root root 282864 Nov 25 10:51 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets ip_tables: (C) 2000-2002 Netfilter core team
errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
eth0: 351386 1992 0 0 0 0 0 0 891589 1397 0 0 0 0 ip_conntrack version 2.1 (8177 buckets, 65416 max) - 216 bytes per conntrack
0 0
lo: 2464 22 0 0 0 0 0 0 2464 22 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 01FFFF0A 00000000 0005 0 0 0 FFFFFFFF0 0 0
eth0 000010AC 00000000 0001 0 0 0 00FFFFFF0 0 0
eth0 0000A8C0 00000000 0001 0 0 0 00FFFFFF0 0 0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF0 0 0
eth0 00000000 01FFFF0A 0003 0 0 0 000000000 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux ??????.pureserver.info 2.6.11.12 #2 SMP Fri Nov 25 18:53:47 GMT 2005 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.11.12) support detected '
NETKEY (2.6.11.12) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 3328 0 - Live 0xf892f000
iptable_nat 24124 0 - Live 0xf898c000
ip_conntrack 45000 1 iptable_nat, Live 0xf89f6000
iptable_filter 3584 0 - Live 0xf891d000
ip_tables 22528 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xf8994000
ipv6 266624 18 - Live 0xf89b3000
deflate 4352 0 - Live 0xf892c000
zlib_deflate 23320 1 deflate, Live 0xf8951000
zlib_inflate 18688 1 deflate, Live 0xf894b000
twofish 39296 0 - Live 0xf895a000
serpent 14848 0 - Live 0xf8946000
blowfish 8832 0 - Live 0xf8942000
sha256 10240 0 - Live 0xf893e000
crypto_null 2816 0 - Live 0xf8901000
aes_i586 39680 0 - Live 0xf8933000
des 12288 4 - Live 0xf8928000
md5 4608 1 - Live 0xf8925000
sha1 9088 4 - Live 0xf8919000
xfrm_user 17284 0 - Live 0xf891f000
xfrm4_tunnel 4484 0 - Live 0xf8916000
ipcomp 9608 0 - Live 0xf8912000
esp4 8960 4 - Live 0xf890e000
ah4 7296 0 - Live 0xf890b000
microcode 7680 0 - Live 0xf8908000
binfmt_misc 12936 1 - Live 0xf8903000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 1034000 kB
MemFree: 821796 kB
Buffers: 7060 kB
Cached: 60464 kB
SwapCached: 0 kB
Active: 159904 kB
Inactive: 34404 kB
HighTotal: 129212 kB
HighFree: 140 kB
LowTotal: 904788 kB
LowFree: 821656 kB
SwapTotal: 2048276 kB
SwapFree: 2048276 kB
Dirty: 60 kB
Writeback: 0 kB
Mapped: 143348 kB
Slab: 11048 kB
CommitLimit: 2565276 kB
Committed_AS: 321892 kB
PageTables: 1948 kB
VmallocTotal: 114680 kB
VmallocUsed: 2024 kB
VmallocChunk: 112624 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=y
# CONFIG_IP_TCPDIAG_IPV6 is not set
# CONFIG_IP_VS is not set
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
# CONFIG_IPV6_TUNNEL is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
# CONFIG_IP6_NF_RAW is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /usr/local/psa/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search pureserver.info
nameserver 212.227.64.251
nameserver 195.20.224.99
nameserver 195.20.224.234
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 44
drwxr-xr-x 4 root root 4096 Feb 17 2005 2.6.9-1.6_FC2smp
drwxr-xr-x 4 root root 4096 Feb 17 2005 2.6.9-1.6_FC2
drwxr-xr-x 4 root root 4096 Feb 17 2005 2.6.10-1.9_FC2smp
drwxr-xr-x 4 root root 4096 Nov 14 19:17 2.6.10-1.771_FC2smp
drwxr-xr-x 3 root root 4096 Nov 15 08:54 2.6.5-1.358custom
drwxr-xr-x 3 root root 4096 Nov 15 18:12 2.6.9-041221
drwxr-xr-x 3 root root 4096 Nov 25 10:20 2.6.14.2m1
drwxr-xr-x 3 root root 4096 Nov 25 10:45 2.6.14.2
drwxr-xr-x 3 root root 4096 Nov 25 16:04 2.6.9-041214
drwxr-xr-x 3 root root 4096 Nov 25 16:33 2.6.14.3
drwxr-xr-x 3 root root 4096 Nov 25 19:02 2.6.11.12
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02e8d50 T netif_rx
c02e8f40 T netif_rx_ni
c02e8d50 U netif_rx [ipv6]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-1.771_FC2smp:
2.6.10-1.9_FC2smp:
2.6.11.12:
2.6.14.2:
2.6.14.2m1:
2.6.14.3:
2.6.5-1.358custom:
2.6.9-041214:
2.6.9-041221:
2.6.9-1.6_FC2:
2.6.9-1.6_FC2smp:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '13805,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: Starting Openswan IPsec U2.4.5dr2/K2.6.11.12...
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/ah4.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/esp4.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/ipcomp.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/xfrm4_tunnel.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/xfrm/xfrm_user.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/sha1.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/md5.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/des.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/arch/i386/crypto/aes-i586.ko
Nov 25 19:12:11 ?????? rc: Starting ipsec: succeeded
+ _________________________ plog
+ sed -n '18398,$p' /var/log/secure
+ egrep -i pluto
+ cat
Nov 25 19:12:11 ?????? ipsec__plutorun: Starting Pluto subsystem...
Nov 25 19:12:11 ?????? pluto[596]: Starting Pluto (Openswan Version 2.4.5dr2 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OErg}^Yx{Yhd)
Nov 25 19:12:11 ?????? pluto[596]: Setting NAT-Traversal port-4500 floating to off
Nov 25 19:12:11 ?????? pluto[596]: port floating activation criteria nat_t=0/port_fload=1
Nov 25 19:12:11 ?????? pluto[596]: including NAT-Traversal patch (Version 0.6c) [disabled]
Nov 25 19:12:11 ?????? pluto[596]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Nov 25 19:12:11 ?????? pluto[596]: starting up 1 cryptographic helpers
Nov 25 19:12:11 ?????? pluto[596]: started helper pid=621 (fd:6)
Nov 25 19:12:11 ?????? pluto[596]: Using Linux 2.6 IPsec interface code on 2.6.11.12
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/cacerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/aacerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/ocspcerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/crls'
Nov 25 19:12:11 ?????? pluto[596]: Warning: empty directory
Nov 25 19:12:11 ?????? pluto[596]: added connection description "mobius"
Nov 25 19:12:11 ?????? pluto[596]: listening for IKE messages
Nov 25 19:12:11 ?????? pluto[596]: adding interface lo/lo 127.0.0.1:500
Nov 25 19:12:11 ?????? pluto[596]: adding interface eth0/eth0 [Left IP]:500
Nov 25 19:12:11 ?????? pluto[596]: loading secrets from "/etc/ipsec.secrets"
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: initiating Main Mode
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: ignoring unknown Vendor ID payload [1fc46a9704dd84ebad7e205854a55ad58f9a038d000000030000050a]
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: I did not send a certificate because I do not have one.
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: Main mode peer ID is ID_IPV4_ADDR: '[Right IP]'
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9f79796f <0xdcfb062e xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9f797971 <0x50a0c52c xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
+ _________________________ date
+ date
Fri Nov 25 19:56:21 GMT 2005
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051125/d3680427/attachment-0001.htm
More information about the Users
mailing list