[Openswan Users] stuck at Negotiating IP Security.
darkrealm
darkrealm.drjj at gmail.com
Fri Sep 16 12:18:24 CEST 2005
ok, i have attached the output of ipsec barf in an attachment file. it
was a bit much to post it all in an email ;-)
On 9/16/05, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 15 Sep 2005, darkrealm wrote:
>
> > i have disabled both (one at a time) and it still didnt work (i added
> > the comma as well, stupid mistake) these are the logs from
> > /var/log/secure:
> >
> > Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
> > received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
> > set to=106
> > Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
> > ignoring Vendor ID payload [Vid-Initial-Contact]
> > Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
> > initial Main Mode message received on 192.168.2.101:500 but no
> > connection has been authorized
>
> Show the complete logs from the startup onwards, or an 'ipsec barf'
>
> Paul
>
--
Check my website :-) www.darkrealm.nl
-------------- next part --------------
darkrealm
Fri Sep 16 11:17:54 CEST 2005
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.1dr1/K2.6.5-1.358 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.5-1.358 (bhcompile at bugs.build.redhat.com) (gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 Sat May 8 09:04:50 EDT 2004
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
No SAD entries.
+ _________________________ setkey-D-P
+ setkey -D -P
(per-socket policy)
in none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=787 seq=9 pid=28285
refcnt=1
(per-socket policy)
in none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=771 seq=8 pid=28285
refcnt=1
(per-socket policy)
in none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=755 seq=7 pid=28285
refcnt=1
(per-socket policy)
in none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=739 seq=6 pid=28285
refcnt=1
(per-socket policy)
in none
created: Sep 16 01:01:49 2005 lastused: Sep 16 01:02:32 2005
lifetime: 0(s) validtime: 0(s)
spid=723 seq=5 pid=28285
refcnt=1
(per-socket policy)
out none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=796 seq=4 pid=28285
refcnt=1
(per-socket policy)
out none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=780 seq=3 pid=28285
refcnt=1
(per-socket policy)
out none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=764 seq=2 pid=28285
refcnt=1
(per-socket policy)
out none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=748 seq=1 pid=28285
refcnt=1
(per-socket policy)
out none
created: Sep 16 01:01:49 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=732 seq=0 pid=28285
refcnt=1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.2.101
000 interface eth0/eth0 192.168.2.101
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:10:5A:EF:E7:01
inet addr:192.168.2.101 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::210:5aff:feef:e701/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11499 errors:0 dropped:0 overruns:0 frame:0
TX packets:9592 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5529120 (5.2 Mb) TX bytes:2714662 (2.5 Mb)
Interrupt:11 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5220 errors:0 dropped:0 overruns:0 frame:0
TX packets:5220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:502429 (490.6 Kb) TX bytes:502429 (490.6 Kb)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:5a:ef:e7:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.101/24 brd 192.168.2.255 scope global eth0
inet6 fe80::210:5aff:feef:e701/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.101
169.254.0.0/16 dev eth0 scope link
default via 192.168.2.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.1dr1/K2.6.5-1.358 (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
darkrealm
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
11:17:55 up 12:21, 1 user, load average: 0.13, 0.13, 0.09
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 28264 28079 16 0 5116 972 wait4 S pts/2 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
4 0 28343 28264 16 0 2148 404 pipe_w S pts/2 0:00 \_ egrep -i ppid|pluto|ipsec|klips
5 0 6465 1 17 0 3032 904 wait4 S ? 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.2.0/16,%v4:192.168.2.100 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
5 0 6466 6465 17 0 3032 912 wait4 S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.2.0/16,%v4:192.168.2.100 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 6467 6466 15 0 3344 1124 - S ? 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.2.0/16,%v4:192.168.2.100
1 0 6479 6467 30 10 3292 812 - SN ? 0:00 | \_ pluto helper # 0
4 0 6504 6467 19 0 2900 264 - S ? 0:00 | \_ _pluto_adns
4 0 6468 6465 15 0 3104 1008 pipe_w S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
4 0 6469 1 15 0 1752 396 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
version 2.0
config setup
interfaces="ipsec0=eth0"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:192.168.2.0/16,%v4:192.168.2.100
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=secret
leftrsasigkey=[sums to 816c...]
rightrsasigkey=[sums to 816c...]
auto=add
#conn roadwarrior-net
# leftsubnet=255.255.255.0
conn roadwarrior-net
also=roadwarrior
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/%any
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-all
also=roadwarrior
#conn roadwarrior-l2tp-updatedwin
# pfs=no
# leftprotoport=17/1701
# rightprotoport=17/1701
# also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=darkrealm.pem
right=%any
auto=add
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 63
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec.secrets
#< /etc/ipsec.secrets 1
: RSA darkrealm.key "[sums to 021e...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000
000 List of X.509 CA Certificates:
000
000 Sep 16 01:01:47 2005, count: 1
000 subject: 'C=NL, ST=NH, L=AP, O=My Company Ltd, CN=darkrealm, E=info at darkrealm.nl'
000 issuer: 'C=NL, ST=NH, L=AP, O=My Company Ltd, CN=darkrealm, E=info at darkrealm.nl'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAdOXI
000 validity: not before Sep 15 17:22:43 2005 ok
000 not after Jan 01 01:59:59 1970 fatal (expired)
000 subjkey: bf:8e:c9:50:35:a6:49:9e:d2:f7:2a:d7:91:01:63:39:e8:a4:8d:57
000 authkey: bf:8e:c9:50:35:a6:49:9e:d2:f7:2a:d7:91:01:63:39:e8:a4:8d:57
000 aserial: 00
000
000 List of X.509 CRLs:
000
000 Sep 16 01:01:47 2005, revoked certs: 0
000 issuer: 'C=NL, ST=NH, L=AP, O=My Company Ltd, CN=darkrealm, E=info at darkrealm.nl'
000 updates: this Sep 15 17:23:18 2005
000 next Oct 15 17:23:18 2005 ok
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 292
-rwxr-xr-x 1 root root 15535 Sep 15 23:27 _confread
-rwxr-xr-x 1 root root 15535 Sep 15 23:24 _confread.old
-rwxr-xr-x 1 root root 45188 Sep 15 23:27 _copyright
-rwxr-xr-x 1 root root 45188 Sep 15 23:24 _copyright.old
-rwxr-xr-x 1 root root 2379 Sep 15 23:27 _include
-rwxr-xr-x 1 root root 2379 Sep 15 23:24 _include.old
-rwxr-xr-x 1 root root 1475 Sep 15 23:27 _keycensor
-rwxr-xr-x 1 root root 1475 Sep 15 23:24 _keycensor.old
-rwxr-xr-x 1 root root 3586 Sep 15 23:27 _plutoload
-rwxr-xr-x 1 root root 3586 Sep 15 23:24 _plutoload.old
-rwxr-xr-x 1 root root 7443 Sep 15 23:27 _plutorun
-rwxr-xr-x 1 root root 7443 Sep 15 23:24 _plutorun.old
-rwxr-xr-x 1 root root 12275 Sep 15 23:27 _realsetup
-rwxr-xr-x 1 root root 12275 Sep 15 23:24 _realsetup.old
-rwxr-xr-x 1 root root 1975 Sep 15 23:27 _secretcensor
-rwxr-xr-x 1 root root 1975 Sep 15 23:24 _secretcensor.old
-rwxr-xr-x 1 root root 9778 Sep 15 23:27 _startklips
-rwxr-xr-x 1 root root 9778 Sep 15 23:24 _startklips.old
-rwxr-xr-x 1 root root 13417 Sep 15 23:27 _updown
-rwxr-xr-x 1 root root 13417 Sep 15 23:24 _updown.old
-rwxr-xr-x 1 root root 15746 Sep 15 23:27 _updown_x509
-rwxr-xr-x 1 root root 15746 Sep 15 23:24 _updown_x509.old
-rwxr-xr-x 1 root root 1942 Sep 15 23:27 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 9880
-rwxr-xr-x 1 root root 69129 Sep 15 23:27 _pluto_adns
-rwxr-xr-x 1 root root 69129 Sep 15 23:24 _pluto_adns.old
-rwxr-xr-x 1 root root 18846 Sep 15 23:27 auto
-rwxr-xr-x 1 root root 18846 Sep 15 23:24 auto.old
-rwxr-xr-x 1 root root 10584 Sep 15 23:27 barf
-rwxr-xr-x 1 root root 10584 Sep 15 23:24 barf.old
-rwxr-xr-x 1 root root 816 Sep 15 23:27 calcgoo
-rwxr-xr-x 1 root root 816 Sep 15 23:24 calcgoo.old
-rwxr-xr-x 1 root root 316314 Sep 15 23:27 eroute
-rwxr-xr-x 1 root root 316314 Sep 15 23:24 eroute.old
-rwxr-xr-x 1 root root 129288 Sep 15 23:27 ikeping
-rwxr-xr-x 1 root root 129288 Sep 15 23:24 ikeping.old
-rwxr-xr-x 1 root root 185527 Sep 15 23:27 klipsdebug
-rwxr-xr-x 1 root root 185527 Sep 15 23:24 klipsdebug.old
-rwxr-xr-x 1 root root 1836 Sep 15 23:27 livetest
-rwxr-xr-x 1 root root 1836 Sep 15 23:24 livetest.old
-rwxr-xr-x 1 root root 2605 Sep 15 23:27 look
-rwxr-xr-x 1 root root 2605 Sep 15 23:24 look.old
-rwxr-xr-x 1 root root 7159 Sep 15 23:27 mailkey
-rwxr-xr-x 1 root root 7159 Sep 15 23:24 mailkey.old
-rwxr-xr-x 1 root root 15951 Sep 15 23:27 manual
-rwxr-xr-x 1 root root 15951 Sep 15 23:24 manual.old
-rwxr-xr-x 1 root root 1926 Sep 15 23:27 newhostkey
-rwxr-xr-x 1 root root 1926 Sep 15 23:24 newhostkey.old
-rwxr-xr-x 1 root root 166004 Sep 15 23:27 pf_key
-rwxr-xr-x 1 root root 166004 Sep 15 23:24 pf_key.old
-rwxr-xr-x 1 root root 2763288 Sep 15 23:27 pluto
-rwxr-xr-x 1 root root 2763288 Sep 15 23:24 pluto.old
-rwxr-xr-x 1 root root 49114 Sep 15 23:27 ranbits
-rwxr-xr-x 1 root root 49114 Sep 15 23:24 ranbits.old
-rwxr-xr-x 1 root root 78964 Sep 15 23:27 rsasigkey
-rwxr-xr-x 1 root root 78964 Sep 15 23:24 rsasigkey.old
-rwxr-xr-x 1 root root 766 Sep 15 23:27 secrets
-rwxr-xr-x 1 root root 766 Sep 15 23:24 secrets.old
-rwxr-xr-x 1 root root 17660 Sep 15 23:27 send-pr
-rwxr-xr-x 1 root root 17660 Sep 15 23:24 send-pr.old
lrwxrwxrwx 1 root root 22 Sep 15 23:27 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Sep 15 23:27 showdefaults
-rwxr-xr-x 1 root root 1054 Sep 15 23:24 showdefaults.old
-rwxr-xr-x 1 root root 4748 Sep 15 23:27 showhostkey
-rwxr-xr-x 1 root root 4748 Sep 15 23:24 showhostkey.old
-rwxr-xr-x 1 root root 513760 Sep 15 23:27 spi
-rwxr-xr-x 1 root root 513760 Sep 15 23:24 spi.old
-rwxr-xr-x 1 root root 254111 Sep 15 23:27 spigrp
-rwxr-xr-x 1 root root 254111 Sep 15 23:24 spigrp.old
-rwxr-xr-x 1 root root 53366 Sep 15 23:27 tncfg
-rwxr-xr-x 1 root root 53366 Sep 15 23:24 tncfg.old
-rwxr-xr-x 1 root root 10613 Sep 15 23:27 verify
-rwxr-xr-x 1 root root 10613 Sep 15 23:24 verify.old
-rwxr-xr-x 1 root root 282668 Sep 15 23:27 whack
-rwxr-xr-x 1 root root 282668 Sep 15 23:24 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 503539 5232 0 0 0 0 0 0 503539 5232 0 0 0 0 0 0
eth0: 5529120 11499 0 0 0 0 0 0 2714662 9592 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 0002A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
eth0 00000000 0102A8C0 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux darkrealm 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 2 (Tettnang)
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.5-1.358) support detected '
NETKEY (2.6.5-1.358) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 171 packets, 13938 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 197 packets, 87593 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 1327 packets, 430K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1044 packets, 165K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1056 packets, 167K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 16543 packets, 5862K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 15523 packets, 5481K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13925 packets, 3078K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 14132 packets, 3104K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
af_key 23312 0 - Live 0x06976000
deflate 2560 0 - Live 0x0682f000
zlib_deflate 19480 1 deflate, Live 0x06970000
twofish 36608 0 - Live 0x0697e000
serpent 12928 0 - Live 0x0696b000
blowfish 9600 0 - Live 0x06967000
sha256 8704 0 - Live 0x06963000
crypto_null 1920 0 - Live 0x068fa000
aes 31296 0 - Live 0x0695a000
des 11264 0 - Live 0x0693e000
sha1 7936 0 - Live 0x06938000
ipcomp 5248 0 - Live 0x0693b000
esp4 7168 0 - Live 0x068e1000
ah4 5120 0 - Live 0x06935000
ipv6 184288 20 - Live 0x0698a000
parport_pc 19392 1 - Live 0x0694e000
lp 8236 0 - Live 0x06942000
parport 29640 2 parport_pc,lp, Live 0x0692c000
ipt_TOS 1920 0 - Live 0x068fc000
ip_conntrack_ftp 70576 0 - Live 0x06919000
ip_conntrack_irc 70064 0 - Live 0x068e7000
ipt_REJECT 4736 0 - Live 0x068e4000
ipt_LOG 4992 0 - Live 0x068d5000
ipt_limit 1792 0 - Live 0x068d3000
ipt_multiport 1536 0 - Live 0x068d1000
ipt_state 1536 0 - Live 0x068aa000
autofs4 10624 0 - Live 0x068cd000
sunrpc 101064 1 - Live 0x068ff000
iptable_filter 2048 0 - Live 0x0682d000
3c59x 30376 0 - Live 0x068d8000
iptable_mangle 2048 0 - Live 0x068a4000
iptable_nat 17452 0 - Live 0x06896000
ip_conntrack 24968 4 ip_conntrack_ftp,ip_conntrack_irc,ipt_state,iptable_nat, Live 0x068c5000
ip_tables 13440 9 ipt_TOS,ipt_REJECT,ipt_LOG,ipt_limit,ipt_multiport,ipt_state,iptable_filter,iptable_mangle,iptable_nat, Live 0x0689c000
floppy 47440 0 - Live 0x0684d000
sg 27552 0 - Live 0x0688e000
scsi_mod 91344 1 sg, Live 0x068ad000
microcode 4768 0 - Live 0x0682a000
binfmt_misc 7176 1 - Live 0x06827000
dm_mod 33184 0 - Live 0x06843000
uhci_hcd 23708 0 - Live 0x0683c000
ext3 102376 2 - Live 0x0685b000
jbd 40216 1 ext3, Live 0x06831000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 62124 kB
MemFree: 2616 kB
Buffers: 19388 kB
Cached: 15936 kB
SwapCached: 1732 kB
Active: 26276 kB
Inactive: 18348 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 62124 kB
LowFree: 2616 kB
SwapTotal: 192772 kB
SwapFree: 172684 kB
Dirty: 236 kB
Writeback: 0 kB
Mapped: 17080 kB
Slab: 10860 kB
Committed_AS: 127824 kB
PageTables: 1880 kB
VmallocTotal: 4071416 kB
VmallocUsed: 1680 kB
VmallocChunk: 4069656 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.5-1.358/build/.config
++ uname -r
+ cat /lib/modules/2.6.5-1.358/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_RAW=m
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.* /dev/console
*.* /var/log/all.log
kernel.* /var/log/kernel.log
*.kernel /var/log/kernel2.log
#httpd.* /var/log/apache2.log
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 127.0.0.1
#nameserver 192.168.2.101
#nameserver 213.73.255.52
#nameserver 213.132.189.250
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x 4 root root 4096 Sep 15 01:33 2.6.5-1.358
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ echo 'broken (redhat/fedora) 2.6 kernel without kallsyms'
broken (redhat/fedora) 2.6 kernel without kallsyms
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.5-1.358:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '2017,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Sep 16 01:01:46 darkrealm ipsec_setup: Starting Openswan IPsec 2.4.1dr1...
Sep 16 01:01:46 darkrealm ipsec_setup: insmod /lib/modules/2.6.5-1.358/kernel/net/key/af_key.ko
Sep 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in "roadwarrior-l2tp": (/etc/ipsec.conf, line 42) duplicated parameter "pfs"
Sep 16 01:01:48 darkrealm ipsec__plutorun: ...could not add conn "roadwarrior-l2tp"
Sep 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in "roadwarrior": %defaultroute requested but not known
Sep 16 01:01:48 darkrealm ipsec__plutorun: ipsec_auto: fatal error in "roadwarrior-all": %defaultroute requested but not known
Sep 16 01:01:49 darkrealm ipsec__plutorun: ipsec_auto: fatal error in "roadwarrior-net": %defaultroute requested but not known
+ _________________________ plog
+ sed -n '717,$p' /var/log/secure
+ egrep -i pluto
+ cat
Sep 16 01:01:46 darkrealm ipsec__plutorun: Starting Pluto subsystem...
Sep 16 01:01:46 darkrealm pluto[6467]: Starting Pluto (Openswan Version 2.4.1dr1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEVrxNnzrRMV)
Sep 16 01:01:46 darkrealm pluto[6467]: Setting NAT-Traversal port-4500 floating to on
Sep 16 01:01:46 darkrealm pluto[6467]: port floating activation criteria nat_t=1/port_fload=1
Sep 16 01:01:46 darkrealm pluto[6467]: including NAT-Traversal patch (Version 0.6c)
Sep 16 01:01:46 darkrealm pluto[6467]: 1 bad entries in virtual_private - none loaded
Sep 16 01:01:46 darkrealm pluto[6467]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 16 01:01:46 darkrealm pluto[6467]: starting up 1 cryptographic helpers
Sep 16 01:01:46 darkrealm pluto[6467]: started helper pid=6479 (fd:6)
Sep 16 01:01:46 darkrealm pluto[6467]: Using Linux 2.6 IPsec interface code on 2.6.5-1.358
Sep 16 01:01:47 darkrealm pluto[6467]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 16 01:01:47 darkrealm pluto[6467]: loaded CA cert file 'cacert.pem' (1176 bytes)
Sep 16 01:01:47 darkrealm pluto[6467]: Changing to directory '/etc/ipsec.d/aacerts'
Sep 16 01:01:47 darkrealm pluto[6467]: Changing to directory '/etc/ipsec.d/ocspcerts'
Sep 16 01:01:47 darkrealm pluto[6467]: Changing to directory '/etc/ipsec.d/crls'
Sep 16 01:01:47 darkrealm pluto[6467]: loaded crl file 'crl.pem' (483 bytes)
Sep 16 01:01:49 darkrealm pluto[6467]: listening for IKE messages
Sep 16 01:01:49 darkrealm pluto[6467]: adding interface eth0/eth0 192.168.2.101:500
Sep 16 01:01:49 darkrealm pluto[6467]: adding interface eth0/eth0 192.168.2.101:4500
Sep 16 01:01:49 darkrealm pluto[6467]: adding interface lo/lo 127.0.0.1:500
Sep 16 01:01:49 darkrealm pluto[6467]: adding interface lo/lo 127.0.0.1:4500
Sep 16 01:01:49 darkrealm pluto[6467]: adding interface lo/lo ::1:500
Sep 16 01:01:49 darkrealm pluto[6467]: loading secrets from "/etc/ipsec.secrets"
Sep 16 01:01:49 darkrealm pluto[6467]: loaded private key file '/etc/ipsec.d/private/darkrealm.key' (1635 bytes)
Sep 16 01:02:06 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 01:02:06 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 01:02:06 darkrealm pluto[6467]: packet from 192.168.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 16 01:02:06 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 01:02:06 darkrealm pluto[6467]: packet from 192.168.2.100:500: initial Main Mode message received on 192.168.2.101:500 but no connection has been authorized
Sep 16 01:02:07 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 01:02:07 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 01:02:07 darkrealm pluto[6467]: packet from 192.168.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 16 01:02:07 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 01:02:07 darkrealm pluto[6467]: packet from 192.168.2.100:500: initial Main Mode message received on 192.168.2.101:500 but no connection has been authorized
Sep 16 01:02:09 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 01:02:09 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 01:02:09 darkrealm pluto[6467]: packet from 192.168.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 16 01:02:09 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 01:02:09 darkrealm pluto[6467]: packet from 192.168.2.100:500: initial Main Mode message received on 192.168.2.101:500 but no connection has been authorized
Sep 16 01:02:13 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 01:02:13 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 01:02:13 darkrealm pluto[6467]: packet from 192.168.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 16 01:02:13 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 01:02:13 darkrealm pluto[6467]: packet from 192.168.2.100:500: initial Main Mode message received on 192.168.2.101:500 but no connection has been authorized
Sep 16 01:02:21 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 16 01:02:21 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 16 01:02:21 darkrealm pluto[6467]: packet from 192.168.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 16 01:02:21 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 16 01:02:21 darkrealm pluto[6467]: packet from 192.168.2.100:500: initial Main Mode message received on 192.168.2.101:500 but no connection has been authorized
Sep 16 01:02:32 darkrealm pluto[6467]: packet from 192.168.2.100:500: ignoring Delete SA payload: not encrypted
Sep 16 01:02:32 darkrealm pluto[6467]: packet from 192.168.2.100:500: received and ignored informational message
+ _________________________ date
+ date
Fri Sep 16 11:17:56 CEST 2005
More information about the Users
mailing list