[Openswan Users] IPSec SA estabished but no traffic goes out?

Martin Hillier martin.hillier at nyquist-solutions.com
Fri Nov 25 20:12:39 CET 2005


Where is my traffic going?

At the moment I have... 

Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)

I have tried K2.6.14.2 & .3 with U2.4.2 and .5dr

I can establish the IPSec, but when I try and ping a known address on the other side of the vpn i get no traffic over the vpn?

on eth0 i see:

tcpdump -i eth0

19:48:37.115393 arp who-has 172.16.0.1 tell ??????.pureserver.info
19:48:38.115174 arp who-has 172.16.0.1 tell ??????.pureserver.info

tcpdump host [right vpn ip]

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
19:50:00.461380 IP [right vpn ip] > p15179238.pureserver.info: ESP(spi=0x50a0c52c,seq=0x54)
19:50:00.461380 IP [right vpn ip] > p15179238.pureserver.info: icmp 24: echo request seq 24328

But no extra ESP packets when i ping 172.16.0.1

There is more to the story... I have tried using klips and not the kernel so I could see a bit more by looking at ipsec0. But each time i run ipsec --version i get a kernel oops, this was more of a work around and an attempt to see what was going on.

I have made sure the firewall is off.

I have an eth0:0 192.168.0.10 that is part of the left subnet, not sure if this is a problem or not

Im not sure how to check the routing as it seems to be hidden by the kernel with netkey? or if i should try and get klips working without netkey?

Any ideas would be very welcome.


[root@?????? root]# ipsec barf
??????.pureserver.info
Fri Nov 25 19:56:14 GMT 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.11.12 (root@??????.pureserver.info) (gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #2 SMP Fri Nov 25 18:53:47 GMT 2005
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.255.255.1    0.0.0.0         255.255.255.255 UH        0 0          0 eth0
172.16.0.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         10.255.255.1    0.0.0.0         UG        0 0          0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ setkey-D
+ setkey -D
[Right IP] [Left IP]
        esp mode=tunnel spi=1352713516(0x50a0c52c) reqid=16385(0x00004001)
        E: 3des-cbc  1df8d910 a135c5c0 63bb1929 943ac223 65c1ebca 0c02ac79
        A: hmac-sha1  9bb0326b 880b732f baa59633 b0fdff5b 4eb7fbcc
        seq=0x00000000 replay=32 flags=0x00000000 state=mature
        created: Nov 25 19:36:16 2005   current: Nov 25 19:56:14 2005
        diff: 1198(s)   hard: 0(s)      soft: 0(s)
        last: Nov 25 19:36:16 2005      hard: 0(s)      soft: 0(s)
        current: 5324(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 121  hard: 0 soft: 0
        sadb_seq=3 pid=1326 refcnt=0
[Right IP] [Left IP]
        esp mode=tunnel spi=3707438638(0xdcfb062e) reqid=16385(0x00004001)
        E: 3des-cbc  6d7e4666 c410b0c2 fe4f4d64 f5e1f57f 69e361d4 a01ebe0d
        A: hmac-sha1  1eaf04eb 8a6cd247 5432635c 814f0b77 bbccece7
        seq=0x00000000 replay=32 flags=0x00000000 state=mature
        created: Nov 25 19:18:10 2005   current: Nov 25 19:56:14 2005
        diff: 2284(s)   hard: 0(s)      soft: 0(s)
        last: Nov 25 19:18:10 2005      hard: 0(s)      soft: 0(s)
        current: 4840(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 110  hard: 0 soft: 0
        sadb_seq=2 pid=1326 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
172.16.0.0/24[any] 192.168.0.0/24[any] any
        in prio high + 1073739480 ipsec
        esp/tunnel/[Right IP]-[Left IP]/unique#16385
        created: Nov 25 19:18:10 2005  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=40 seq=6 pid=1327
        refcnt=1
192.168.0.0/24[any] 172.16.0.0/24[any] any
        out prio high + 1073739480 ipsec
        esp/tunnel/[Left IP]-[Right IP]/unique#16385
        created: Nov 25 19:36:16 2005  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=33 seq=5 pid=1327
        refcnt=1
172.16.0.0/24[any] 192.168.0.0/24[any] any
        fwd prio high + 1073739480 ipsec
        esp/tunnel/[Right IP]-[Left IP]/unique#16385
        created: Nov 25 19:18:10 2005  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=50 seq=4 pid=1327
        refcnt=1
(per-socket policy)
        in none
        created: Nov 25 19:12:11 2005  lastused: Nov 25 19:36:16 2005
        lifetime: 0(s) validtime: 0(s)
        spid=19 seq=3 pid=1327
        refcnt=1
(per-socket policy)
        in none
        created: Nov 25 19:12:11 2005  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=3 seq=2 pid=1327
        refcnt=1
(per-socket policy)
        out none
        created: Nov 25 19:12:11 2005  lastused: Nov 25 19:36:16 2005
        lifetime: 0(s) validtime: 0(s)
        spid=28 seq=1 pid=1327
        refcnt=1
(per-socket policy)
        out none
        created: Nov 25 19:12:11 2005  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=12 seq=0 pid=1327
        refcnt=1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface eth0/eth0 [Left IP]
000 interface lo/lo 127.0.0.1
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "mobius": 192.168.0.0/24===[Left IP]...[Right IP]===172.16.0.0/24; erouted; eroute owner: #3
000 "mobius":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobius":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "mobius":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "mobius":   newest ISAKMP SA: #1; newest IPsec SA: #3;
000 "mobius":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000
000 #3: "mobius":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26777s; newest IPSEC; eroute owner
000 #3: "mobius" esp.9f797971@[Right IP] esp.50a0c52c@[Left IP] tun.0@[Right IP] tun.0@[Left IP]
000 #2: "mobius":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 25642s
000 #2: "mobius" esp.9f79796f@[Right IP] esp.dcfb062e@[Left IP] tun.0@[Right IP] tun.0@[Left IP]
000 #1: "mobius":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 662s; newest ISAKMP; nodpd
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:11:11:B1:FE:62
          inet addr:[Left IP]  Bcast:[Left IP]  Mask:255.255.255.255
          inet6 addr: fe80::211:11ff:feb1:fe62/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1992 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1397 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:351386 (343.1 Kb)  TX bytes:891589 (870.6 Kb)

eth0:0    Link encap:Ethernet  HWaddr 00:11:11:B1:FE:62
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2464 (2.4 Kb)  TX bytes:2464 (2.4 Kb)

sit0      Link encap:IPv6-in-IPv4
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ip-addr-list
+ ip addr list
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:11:11:b1:fe:62 brd ff:ff:ff:ff:ff:ff
    inet [Left IP]/32 brd [Left IP] scope global eth0
    inet 192.168.0.10/24 brd 192.168.0.255 scope global eth0:0
    inet6 fe80::211:11ff:feb1:fe62/64 scope link
       valid_lft forever preferred_lft forever
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
10.255.255.1 dev eth0  scope link
172.16.0.0/24 dev eth0  scope link
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.10
169.254.0.0/16 dev eth0  scope link
default via 10.255.255.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
RTNETLINK answers: Invalid argument
Dump terminated
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.5dr2/K2.6.11.12 (netkey)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'setkey' command for NETKEY IPsec stack support    [OK]
Opportunistic Encryption Support                                [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 00:aa:00, model 51 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
??????.pureserver.info
+ _________________________ hostname/ipaddress
+ hostname --ip-address
[Left IP]
+ _________________________ uptime
+ uptime
 19:56:16 up 44 min,  2 users,  load average: 0.00, 0.02, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME COMMAND
1     0   593     1  20   0  2132 1024 wait   S    ?          0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --protostack auto --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
1     0   594   593  20   0  2132 1036 wait   S    ?          0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal  --keep_alive  --protostack auto --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
4     0   596   594  15   0  2356 1220 -      S    ?          0:00  |   \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
1     0   621   596  27  10  2356  852 -      SN   ?          0:00  |       \_ pluto helper  #  0                                                               
0     0   672   596  18   0  1404  256 -      S    ?          0:00  |       \_ _pluto_adns
0     0   597   593  16   0  2128 1004 pipe_w S    ?          0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0     0   595     1  20   0  1464  308 pipe_w S    ?          0:00 logger -s -p daemon.error -t ipsec__plutorun
0     0  1306  1041  18   0  4156  972 wait   S    ttyS0      0:00      \_ /bin/sh /usr/local/libexec/ipsec/barf
0     0  1385  1306  22   0  1588  412 -      S    ttyS0      0:00          \_ egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=[Left IP]
routenexthop=10.255.255.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.1 2005/07/26 12:28:39 ken Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        klipsdebug = all
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control klips pfkey natt x509 private"
        # eg:
        # plutodebug="control parsing"
        #
        # Only enable klipsdebug=all if you are a developer
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        # nat_traversal=yes
        # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

# Add connections here

# sample VPN connection
#       conn sample
#               # Left security gateway, subnet behind it, nexthop toward right.
#               left=10.0.0.1
#               leftsubnet=172.16.0.0/24
#               leftnexthop=10.22.33.44
#               # Right security gateway, subnet behind it, nexthop toward left.
#               right=10.12.12.1
#               rightsubnet=192.168.0.0/24
#               rightnexthop=10.101.102.103
#               # To authorize this connection, but not actually start it,
#               # at startup, uncomment this.
#               #auto=start

conn mobius
        left=[Left IP]
        leftsubnet=192.168.0.0/24
        right=[Right IP]
        rightsubnet=172.16.0.0/24
        authby=secret
        auto=route

#Disable Opportunistic Encryption

#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

#> /etc/ipsec.conf 58
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
: PSK "[sums to fef9...]"
[Left IP] [Right IP]: PSK "[sums to fef9...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 292
-rwxr-xr-x  1 root root 15535 Nov 25 19:09 _confread
-rwxr-xr-x  1 root root 15535 Nov 25 10:51 _confread.old
-rwxr-xr-x  1 root root 45252 Nov 25 19:09 _copyright
-rwxr-xr-x  1 root root 45252 Nov 25 10:51 _copyright.old
-rwxr-xr-x  1 root root  2379 Nov 25 19:09 _include
-rwxr-xr-x  1 root root  2379 Nov 25 10:51 _include.old
-rwxr-xr-x  1 root root  1475 Nov 25 19:09 _keycensor
-rwxr-xr-x  1 root root  1475 Nov 25 10:51 _keycensor.old
-rwxr-xr-x  1 root root  3586 Nov 25 19:09 _plutoload
-rwxr-xr-x  1 root root  3586 Nov 25 10:51 _plutoload.old
-rwxr-xr-x  1 root root  7443 Nov 25 19:09 _plutorun
-rwxr-xr-x  1 root root  7443 Nov 25 10:51 _plutorun.old
-rwxr-xr-x  1 root root 12275 Nov 25 19:09 _realsetup
-rwxr-xr-x  1 root root 12275 Nov 25 10:51 _realsetup.old
-rwxr-xr-x  1 root root  1975 Nov 25 19:09 _secretcensor
-rwxr-xr-x  1 root root  1975 Nov 25 10:51 _secretcensor.old
-rwxr-xr-x  1 root root  9778 Nov 25 19:09 _startklips
-rwxr-xr-x  1 root root  9778 Nov 25 10:51 _startklips.old
-rwxr-xr-x  1 root root 13417 Nov 25 19:09 _updown
-rwxr-xr-x  1 root root 13417 Nov 25 10:51 _updown.old
-rwxr-xr-x  1 root root 15746 Nov 25 19:09 _updown_x509
-rwxr-xr-x  1 root root 15746 Nov 25 10:51 _updown_x509.old
-rwxr-xr-x  1 root root  1942 Nov 25 19:09 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 9808
-rwxr-xr-x  1 root root   69197 Nov 25 19:09 _pluto_adns
-rwxr-xr-x  1 root root   69197 Nov 25 10:51 _pluto_adns.old
-rwxr-xr-x  1 root root   19157 Nov 25 19:09 auto
-rwxr-xr-x  1 root root   19157 Nov 25 10:51 auto.old
-rwxr-xr-x  1 root root   10584 Nov 25 19:09 barf
-rwxr-xr-x  1 root root   10584 Nov 25 10:51 barf.old
-rwxr-xr-x  1 root root     816 Nov 25 19:09 calcgoo
-rwxr-xr-x  1 root root     816 Nov 25 10:51 calcgoo.old
-rwxr-xr-x  1 root root  316534 Nov 25 19:09 eroute
-rwxr-xr-x  1 root root  316534 Nov 25 10:51 eroute.old
-rwxr-xr-x  1 root root  129396 Nov 25 19:09 ikeping
-rwxr-xr-x  1 root root  129396 Nov 25 10:51 ikeping.old
-rwxr-xr-x  1 root root  185639 Nov 25 19:09 klipsdebug
-rwxr-xr-x  1 root root  185639 Nov 25 10:51 klipsdebug.old
-rwxr-xr-x  1 root root    1836 Nov 25 19:09 livetest
-rwxr-xr-x  1 root root    1836 Nov 25 10:51 livetest.old
-rwxr-xr-x  1 root root    2605 Nov 25 19:09 look
-rwxr-xr-x  1 root root    2605 Nov 25 10:51 look.old
-rwxr-xr-x  1 root root    7159 Nov 25 19:09 mailkey
-rwxr-xr-x  1 root root    7159 Nov 25 10:51 mailkey.old
-rwxr-xr-x  1 root root   15996 Nov 25 19:09 manual
-rwxr-xr-x  1 root root   15996 Nov 25 10:51 manual.old
-rwxr-xr-x  1 root root    1926 Nov 25 19:09 newhostkey
-rwxr-xr-x  1 root root    1926 Nov 25 10:51 newhostkey.old
-rwxr-xr-x  1 root root  166104 Nov 25 19:09 pf_key
-rwxr-xr-x  1 root root  166104 Nov 25 10:51 pf_key.old
-rwxr-xr-x  1 root root 2769359 Nov 25 19:09 pluto
-rwxr-xr-x  1 root root 2769359 Nov 25 10:51 pluto.old
-rwxr-xr-x  1 root root   49150 Nov 25 19:09 ranbits
-rwxr-xr-x  1 root root   49150 Nov 25 10:51 ranbits.old
-rwxr-xr-x  1 root root   78968 Nov 25 19:09 rsasigkey
-rwxr-xr-x  1 root root   78968 Nov 25 10:51 rsasigkey.old
-rwxr-xr-x  1 root root     766 Nov 25 19:09 secrets
-rwxr-xr-x  1 root root     766 Nov 25 10:51 secrets.old
-rwxr-xr-x  1 root root   17660 Nov 25 19:09 send-pr
-rwxr-xr-x  1 root root   17660 Nov 25 10:51 send-pr.old
lrwxrwxrwx  1 root root      22 Nov 25 19:09 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x  1 root root    1054 Nov 25 19:09 showdefaults
-rwxr-xr-x  1 root root    1054 Nov 25 10:51 showdefaults.old
-rwxr-xr-x  1 root root    4748 Nov 25 19:09 showhostkey
-rwxr-xr-x  1 root root    4748 Nov 25 10:51 showhostkey.old
-rwxr-xr-x  1 root root  515916 Nov 25 19:09 spi
-rwxr-xr-x  1 root root  515916 Nov 25 10:51 spi.old
-rwxr-xr-x  1 root root  254307 Nov 25 19:09 spigrp
-rwxr-xr-x  1 root root  254307 Nov 25 10:51 spigrp.old
-rwxr-xr-x  1 root root   53394 Nov 25 19:09 tncfg
-rwxr-xr-x  1 root root   53394 Nov 25 10:51 tncfg.old
-rwxr-xr-x  1 root root   10613 Nov 25 19:09 verify
-rwxr-xr-x  1 root root   10613 Nov 25 10:51 verify.old
-rwxr-xr-x  1 root root  282864 Nov 25 19:09 whack
-rwxr-xr-x  1 root root  282864 Nov 25 10:51 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets ip_tables: (C) 2000-2002 Netfilter core team
errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
  eth0:  351386    1992    0    0    0     0          0         0   891589    1397    0    0    0     0     ip_conntrack version 2.1 (8177 buckets, 65416 max) - 216 bytes per conntrack
  0          0
    lo:    2464      22    0    0    0     0          0         0     2464      22    0    0    0     0       0          0
  sit0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask   MTU      Window  IRTT
eth0    01FFFF0A        00000000        0005    0       0       0       FFFFFFFF0       0       0                                                               
eth0    000010AC        00000000        0001    0       0       0       00FFFFFF0       0       0                                                               
eth0    0000A8C0        00000000        0001    0       0       0       00FFFFFF0       0       0                                                               
eth0    0000FEA9        00000000        0001    0       0       0       0000FFFF0       0       0                                                               
eth0    00000000        01FFFF0A        0003    0       0       0       000000000       0       0                                                               
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux ??????.pureserver.info 2.6.11.12 #2 SMP Fri Nov 25 18:53:47 GMT 2005 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.11.12) support detected '
NETKEY (2.6.11.12) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 3328 0 - Live 0xf892f000
iptable_nat 24124 0 - Live 0xf898c000
ip_conntrack 45000 1 iptable_nat, Live 0xf89f6000
iptable_filter 3584 0 - Live 0xf891d000
ip_tables 22528 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xf8994000
ipv6 266624 18 - Live 0xf89b3000
deflate 4352 0 - Live 0xf892c000
zlib_deflate 23320 1 deflate, Live 0xf8951000
zlib_inflate 18688 1 deflate, Live 0xf894b000
twofish 39296 0 - Live 0xf895a000
serpent 14848 0 - Live 0xf8946000
blowfish 8832 0 - Live 0xf8942000
sha256 10240 0 - Live 0xf893e000
crypto_null 2816 0 - Live 0xf8901000
aes_i586 39680 0 - Live 0xf8933000
des 12288 4 - Live 0xf8928000
md5 4608 1 - Live 0xf8925000
sha1 9088 4 - Live 0xf8919000
xfrm_user 17284 0 - Live 0xf891f000
xfrm4_tunnel 4484 0 - Live 0xf8916000
ipcomp 9608 0 - Live 0xf8912000
esp4 8960 4 - Live 0xf890e000
ah4 7296 0 - Live 0xf890b000
microcode 7680 0 - Live 0xf8908000
binfmt_misc 12936 1 - Live 0xf8903000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:      1034000 kB
MemFree:        821796 kB
Buffers:          7060 kB
Cached:          60464 kB
SwapCached:          0 kB
Active:         159904 kB
Inactive:        34404 kB
HighTotal:      129212 kB
HighFree:          140 kB
LowTotal:       904788 kB
LowFree:        821656 kB
SwapTotal:     2048276 kB
SwapFree:      2048276 kB
Dirty:              60 kB
Writeback:           0 kB
Mapped:         143348 kB
Slab:            11048 kB
CommitLimit:   2565276 kB
Committed_AS:   321892 kB
PageTables:       1948 kB
VmallocTotal:   114680 kB
VmallocUsed:      2024 kB
VmallocChunk:   112624 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=y
# CONFIG_IP_TCPDIAG_IPV6 is not set
# CONFIG_IP_VS is not set
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
# CONFIG_IPV6_TUNNEL is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
# CONFIG_IP_NF_TARGET_CLASSIFY is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
# CONFIG_IP6_NF_RAW is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                          /usr/local/psa/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search pureserver.info
nameserver 212.227.64.251
nameserver 195.20.224.99
nameserver 195.20.224.234
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 44
drwxr-xr-x  4 root root 4096 Feb 17  2005 2.6.9-1.6_FC2smp
drwxr-xr-x  4 root root 4096 Feb 17  2005 2.6.9-1.6_FC2
drwxr-xr-x  4 root root 4096 Feb 17  2005 2.6.10-1.9_FC2smp
drwxr-xr-x  4 root root 4096 Nov 14 19:17 2.6.10-1.771_FC2smp
drwxr-xr-x  3 root root 4096 Nov 15 08:54 2.6.5-1.358custom
drwxr-xr-x  3 root root 4096 Nov 15 18:12 2.6.9-041221
drwxr-xr-x  3 root root 4096 Nov 25 10:20 2.6.14.2m1
drwxr-xr-x  3 root root 4096 Nov 25 10:45 2.6.14.2
drwxr-xr-x  3 root root 4096 Nov 25 16:04 2.6.9-041214
drwxr-xr-x  3 root root 4096 Nov 25 16:33 2.6.14.3
drwxr-xr-x  3 root root 4096 Nov 25 19:02 2.6.11.12
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02e8d50 T netif_rx
c02e8f40 T netif_rx_ni
c02e8d50 U netif_rx     [ipv6]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.10-1.771_FC2smp:
2.6.10-1.9_FC2smp:
2.6.11.12:
2.6.14.2:
2.6.14.2m1:
2.6.14.3:
2.6.5-1.358custom:
2.6.9-041214:
2.6.9-041221:
2.6.9-1.6_FC2:
2.6.9-1.6_FC2smp:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '13805,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: Starting Openswan IPsec U2.4.5dr2/K2.6.11.12...
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/ah4.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/esp4.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/ipcomp.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/ipv4/xfrm4_tunnel.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/net/xfrm/xfrm_user.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/sha1.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/md5.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/crypto/des.ko
Nov 25 19:12:11 ?????? ipsec: ipsec_setup: insmod /lib/modules/2.6.11.12/kernel/arch/i386/crypto/aes-i586.ko
Nov 25 19:12:11 ?????? rc: Starting ipsec:  succeeded
+ _________________________ plog
+ sed -n '18398,$p' /var/log/secure
+ egrep -i pluto
+ cat
Nov 25 19:12:11 ?????? ipsec__plutorun: Starting Pluto subsystem...
Nov 25 19:12:11 ?????? pluto[596]: Starting Pluto (Openswan Version 2.4.5dr2 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OErg}^Yx{Yhd)
Nov 25 19:12:11 ?????? pluto[596]: Setting NAT-Traversal port-4500 floating to off
Nov 25 19:12:11 ?????? pluto[596]:    port floating activation criteria nat_t=0/port_fload=1
Nov 25 19:12:11 ?????? pluto[596]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Nov 25 19:12:11 ?????? pluto[596]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Nov 25 19:12:11 ?????? pluto[596]: starting up 1 cryptographic helpers
Nov 25 19:12:11 ?????? pluto[596]: started helper pid=621 (fd:6)
Nov 25 19:12:11 ?????? pluto[596]: Using Linux 2.6 IPsec interface code on 2.6.11.12
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/cacerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/aacerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/ocspcerts'
Nov 25 19:12:11 ?????? pluto[596]: Changing to directory '/etc/ipsec.d/crls'
Nov 25 19:12:11 ?????? pluto[596]:   Warning: empty directory
Nov 25 19:12:11 ?????? pluto[596]: added connection description "mobius"
Nov 25 19:12:11 ?????? pluto[596]: listening for IKE messages
Nov 25 19:12:11 ?????? pluto[596]: adding interface lo/lo 127.0.0.1:500
Nov 25 19:12:11 ?????? pluto[596]: adding interface eth0/eth0 [Left IP]:500
Nov 25 19:12:11 ?????? pluto[596]: loading secrets from "/etc/ipsec.secrets"
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: initiating Main Mode
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: ignoring unknown Vendor ID payload [1fc46a9704dd84ebad7e205854a55ad58f9a038d000000030000050a]
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: I did not send a certificate because I do not have one.
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: Main mode peer ID is ID_IPV4_ADDR: '[Right IP]'
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 25 19:18:10 ?????? pluto[596]: "mobius" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9f79796f <0xdcfb062e xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 25 19:36:16 ?????? pluto[596]: "mobius" #3: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9f797971 <0x50a0c52c xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
+ _________________________ date
+ date
Fri Nov 25 19:56:21 GMT 2005


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051125/d3680427/attachment-0001.htm


More information about the Users mailing list