[Openswan Users] Natted L2TP client fails

Arun S arunhere at inbox.com
Tue Apr 18 23:51:17 CEST 2006


Hi all,

I am running a VPN server version 2.4.5rc5 on a Linux box, kernel version 2.6.14. The server also runs a L2TP demon xl2tpd version 1.04. This server is not behind any firewalls (so no NAT).

It is fine with all mobile clients that are not natted. With a mobile client behind a firewall (i.e., peer is natted), IPsec gets established. But L2TP fails.

I have attached "ipsec barf" with this.

Can anyone help me to resolve this issue?

Thanks and regards,
Arun S.
-------------- next part --------------
Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
vpnserver.testvpn.com
Mon Apr 17 12:37:47 IST 2006
+ _________________________ version
+ ipsec --version
Linux Openswan 2.4.5rc5 (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.14NAT-T (root at vpnserver.testvpn.com) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #3 PREEMPT Wed Apr 12 18:42:17 IST 2006
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
1          192.168.1.127/32   -> 192.168.3.100/32   => tun0x1006 at 192.168.1.153
0          192.168.50.0/24    -> 192.168.100.0/24   => tun0x1002 at 192.168.1.129
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.3.100   192.168.1.2     255.255.255.255 UGH       0 0          0 ipsec0
192.168.100.0   192.168.1.2     255.255.255.0   UG        0 0          0 ipsec0
192.168.50.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 ipsec0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.1.2     0.0.0.0         UG        0 0          0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
esp0x4074679e at 192.168.1.129 ESP_3DES_HMAC_MD5: dir=out src=192.168.1.127 iv_bits=64bits iv=0x919a52acf9fa9e37 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=941
tun0x1006 at 192.168.1.153 IPIP: dir=out src=192.168.1.127 life(c,s,h)=bytes(80,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=none natsport=0 natdport=0 refcount=5 ref=967
esp0xdb40d596 at 192.168.1.127 ESP_3DES_HMAC_MD5: dir=in  src=192.168.1.153 iv_bits=64bits iv=0xf4bdf2868e323478 ooowin=64 seq=29 bit=0x1fffffff alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(2938,0,0)addtime(506,0,0)usetime(491,0,0)packets(29,0,0) idle=3 natencap=nonesp natsport=4500 natdport=4500 refcount=33 ref=961
esp0xdb40d594 at 192.168.1.127 ESP_3DES_HMAC_MD5: dir=in  src=192.168.1.129 iv_bits=64bits iv=0xc691a49e0e4c1cae ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=936
tun0x1005 at 192.168.1.127 IPIP: dir=in  src=192.168.1.153 policy=192.168.3.100/32->192.168.1.127/32 flags=0x8<> life(c,s,h)=bytes(60,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=none natsport=0 natdport=0 refcount=4 ref=959
tun0x1002 at 192.168.1.129 IPIP: dir=out src=192.168.1.127 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=940
tun0x1001 at 192.168.1.127 IPIP: dir=in  src=192.168.1.129 policy=192.168.100.0/24->192.168.50.0/24 flags=0x8<> life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=935
comp0x7fbb at 192.168.1.153 COMP_DEFLATE: dir=out src=192.168.1.127 life(c,s,h)=bytes(80,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 ratio=80:80 natencap=none natsport=0 natdport=0 refcount=5 ref=968
comp0x6597 at 192.168.1.127 COMP_DEFLATE: dir=in  src=192.168.1.153 life(c,s,h)=addtime(506,0,0) ratio=80:80 natencap=none natsport=0 natdport=0 refcount=5 ref=960
esp0xe8ad9dac at 192.168.1.153 ESP_3DES_HMAC_MD5: dir=out src=192.168.1.127 iv_bits=64bits iv=0x2ac9481cf0097b48 ooowin=64 seq=1 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(112,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=nonesp natsport=4500 natdport=4500 refcount=4 ref=969
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1006 at 192.168.1.153 comp0x7fbb at 192.168.1.153 esp0xe8ad9dac at 192.168.1.153 
tun0x1005 at 192.168.1.127 comp0x6597 at 192.168.1.127 esp0xdb40d596 at 192.168.1.127 
tun0x1002 at 192.168.1.129 esp0x4074679e at 192.168.1.129 
tun0x1001 at 192.168.1.127 esp0xdb40d594 at 192.168.1.127 
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.1.127
000 interface ipsec0/eth1 192.168.1.127
000 %myid = (none)
000 debug none
000  
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000  
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,72} attrs={0,2,48} 
000  
000 "mobile": 192.168.1.127/32===192.168.1.127---192.168.1.2...%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "mobile":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobile":   ike_life: 14400s; ipsec_life: 28800s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "mobile":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,0; interface: eth1; 
000 "mobile":   dpd: action:clear; delay:30; timeout:60; 
000 "mobile":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "mobile":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "mobile":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 
000 "mobile":   ESP algorithms wanted: 3_000-1, flags=-strict
000 "mobile":   ESP algorithms loaded: 3_000-1, flags=-strict
000 "mobile"[2]: 192.168.1.127/32===192.168.1.127---192.168.1.2...192.168.1.153[192.168.3.100]===192.168.3.100/32; erouted; eroute owner: #6
000 "mobile"[2]:     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobile"[2]:   ike_life: 14400s; ipsec_life: 28800s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "mobile"[2]:   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,0; interface: eth1; 
000 "mobile"[2]:   dpd: action:clear; delay:30; timeout:60; 
000 "mobile"[2]:   newest ISAKMP SA: #5; newest IPsec SA: #6; 
000 "mobile"[2]:   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "mobile"[2]:   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 
000 "mobile"[2]:   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "mobile"[2]:   ESP algorithms wanted: 3_000-1, flags=-strict
000 "mobile"[2]:   ESP algorithms loaded: 3_000-1, flags=-strict
000 "mobile"[2]:   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000 "new1": 192.168.50.0/24===192.168.1.127---192.168.1.2...192.168.1.129===192.168.100.0/24; erouted; eroute owner: #2
000 "new1":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "new1":   ike_life: 24000s; ipsec_life: 24000s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "new1":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface: eth1; 
000 "new1":   dpd: action:restart; delay:30; timeout:60; 
000 "new1":   newest ISAKMP SA: #1; newest IPsec SA: #2; 
000 "new1":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "new1":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 
000 "new1":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "new1":   ESP algorithms wanted: 3_000-1, flags=-strict
000 "new1":   ESP algorithms loaded: 3_000-1, flags=-strict
000 "new1":   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000  
000 #6: "mobile"[2] 192.168.1.153:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3082s; newest IPSEC; eroute owner
000 #6: "mobile"[2] 192.168.1.153 used 434s ago; esp.e8ad9dac at 192.168.1.153 esp.db40d596 at 192.168.1.127 comp.7fbb at 192.168.1.153 comp.6597 at 192.168.1.127 tun.1006 at 192.168.1.153 tun.1005 at 192.168.1.127
000 #5: "mobile"[2] 192.168.1.153:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 13882s; newest ISAKMP; lastdpd=23s(seq in:23076 out:0)
000 #2: "new1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 18979s; newest IPSEC; eroute owner
000 #2: "new1" esp.4074679e at 192.168.1.129 esp.db40d594 at 192.168.1.127 tun.1002 at 192.168.1.129 tun.1001 at 192.168.1.127
000 #1: "new1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 18967s; newest ISAKMP; lastdpd=16s(seq in:20568 out:0)
000  
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:40:63:C0:44:A0  
          inet addr:192.168.50.1  Bcast:192.168.50.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:10 Base address:0xe800 

eth1      Link encap:Ethernet  HWaddr 00:80:48:33:20:D4  
          inet addr:192.168.1.127  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:382816 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52413 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:41993237 (40.0 Mb)  TX bytes:6889338 (6.5 Mb)
          Interrupt:11 Base address:0xec00 

ipsec0    Link encap:Ethernet  HWaddr 00:80:48:33:20:D4  
          inet addr:192.168.1.127  Mask:255.255.255.0
          UP RUNNING NOARP  MTU:16260  Metric:1
          RX packets:8097 errors:0 dropped:3 overruns:0 frame:0
          TX packets:8428 errors:0 dropped:2808 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:516203 (504.1 Kb)  TX bytes:1364980 (1.3 Mb)

ipsec1    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec2    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec3    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1236 (1.2 Kb)  TX bytes:1236 (1.2 Kb)

+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:40:63:c0:44:a0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.1/24 brd 192.168.50.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:80:48:33:20:d4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.127/24 brd 192.168.1.255 scope global eth1
4: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
    link/ether 00:80:48:33:20:d4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.127/24 brd 192.168.1.255 scope global ipsec0
5: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
6: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
7: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
+ _________________________ ip-route-list
+ ip route list
192.168.3.100 via 192.168.1.2 dev ipsec0 
192.168.100.0/24 via 192.168.1.2 dev ipsec0 
192.168.50.0/24 dev eth0  scope link 
192.168.1.0/24 dev eth1  scope link 
192.168.1.0/24 dev ipsec0  proto kernel  scope link  src 192.168.1.127 
169.254.0.0/16 dev eth1  scope link 
127.0.0.0/8 dev lo  scope link 
default via 192.168.1.2 dev eth1 
+ _________________________ ip-rule-list
+ ip rule list
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan 2.4.5rc5 (klips)
Checking for IPsec support in kernel                        	[OK]
KLIPS detected, checking for NAT Traversal support          	[FAILED]
Checking for RSA private key (/etc/ipsec.secrets)           	[DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                              	[OK]
Two or more interfaces found, checking IP forwarding        	[OK]
Checking NAT and MASQUERADEing                              	[OK]
Checking for 'ip' command                                   	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no link
  product info: vendor 00:40:63, model 50 rev 5
  basic mode:   autonegotiation enabled
  basic status: no link
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: negotiated 100baseTx-FD, link ok
  product info: vendor 00:00:00, model 0 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
vpnserver.testvpn.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1 
+ _________________________ uptime
+ uptime
 12:37:48  up 3 days, 21:29,  2 users,  load average: 0.28, 0.09, 0.02
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME COMMAND
0     0 14609 14140  16   0  4148 1104 do_wai S    pts/0      0:00          \_ /bin/sh /usr/local/libexec/ipsec/barf
0     0 14775 14609  18   0  1504  464 pipe_w S    pts/0      0:00              \_ grep -E -i ppid|pluto|ipsec|klips
1     0 14316     1  23   0  2076  400 do_wai S    pts/0      0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack auto --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --nhelp
1     0 14317 14316  23   0  2076  612 do_wai S    pts/0      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack auto --force_keepalive  --disable_port_floating  --virtual_private  --crlcheckinterval 0 --ocspuri  --n
4     0 14318 14317  15   0  2328 1252 rest_i S    pts/0      0:00  |   \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal
1     0 14328 14318  25  10  2284  488 rest_i SN   pts/0      0:00  |       \_ pluto helper  #  0                                                                                                                     
0     0 14329 14318  25   0  1416  248 rest_i S    pts/0      0:00  |       \_ _pluto_adns
0     0 14319 14316  15   0  2044  956 pipe_w S    pts/0      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 
0     0 14320     1  23   0  1364  448 pipe_w S    pts/0      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec _include /etc/ipsec.conf

#< /etc/ipsec.conf 1
version 2.0

config setup
	interfaces="ipsec0=eth1"
	nat_traversal=yes
	strictcrlpolicy=no
	forwardcontrol=yes
	uniqueids=yes
	nocrsend=no

conn new1
	right=192.168.1.129
	rightsubnet=192.168.100.0/24
	left=192.168.1.127
	leftsubnet=192.168.50.0/255.255.255.0
	leftnexthop=192.168.1.2
	esp=3des-md5
	type=tunnel
	authby=secret
	dpddelay=30
	dpdtimeout=60
	dpdaction=restart
	ike=3des-md5
	ikelifetime=400m
	keylife=400m
	pfs=yes
	compress=yes
	keyingtries=10
	rekey=yes
	rekeymargin=25s
	auto=start

conn mobile
	right=%any
	rightsubnetwithin=0.0.0.0/0
	left=192.168.1.127
	leftsubnet=192.168.1.127/255.255.255.255
	leftnexthop=192.168.1.2
	dpddelay=30
	dpdtimeout=60
	dpdaction=clear
	esp=3des-md5
	type=tunnel
	authby=secret
	ike=3des-md5
	ikelifetime=14400s
	keylife=28800s
	pfs=yes
	compress=yes
	keyingtries=10
	rekey=yes
	rekeymargin=25s
	auto=add
conn mobile-wxp
	rightprotoport=17/%any
	leftprotoport=17/0
	also=mobile
	pfs=no
conn mobile-wxp2
	rightprotoport=17/%any
	leftprotoport=17/1701
	also=mobile
	pfs=no

conn block
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore

+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
192.168.1.127 : PSK "[sums to xxxxxxx]"
192.168.1.129 192.168.1.127: PSK "[sums to xxxxxxx]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 148
-rwxr-xr-x    1 root     root        15849 Apr 13 15:06 _confread
-rwxr-xr-x    1 root     root        49027 Apr 13 15:06 _copyright
-rwxr-xr-x    1 root     root         2379 Apr 13 15:06 _include
-rwxr-xr-x    1 root     root         1475 Apr 13 15:06 _keycensor
-rwxr-xr-x    1 root     root         3586 Apr 13 15:06 _plutoload
-rwxr-xr-x    1 root     root         7073 Apr 13 15:06 _plutorun
-rwxr-xr-x    1 root     root        12275 Apr 13 15:06 _realsetup
-rwxr-xr-x    1 root     root         1975 Apr 13 15:06 _secretcensor
-rwxr-xr-x    1 root     root         9958 Apr 13 15:06 _startklips
-rwxr-xr-x    1 root     root        13887 Apr 13 15:06 _updown
-rwxr-xr-x    1 root     root        15746 Apr 13 15:06 _updown_x509
-rwxr-xr-x    1 root     root         1942 Apr 13 15:06 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 5008
-rwxr-xr-x    1 root     root        73340 Apr 13 15:06 _pluto_adns
-rwxr-xr-x    1 root     root        18891 Apr 13 15:06 auto
-rwxr-xr-x    1 root     root        11355 Apr 13 15:06 barf
-rwxr-xr-x    1 root     root          816 Apr 13 15:06 calcgoo
-rwxr-xr-x    1 root     root       322229 Apr 13 15:06 eroute
-rwxr-xr-x    1 root     root       133319 Apr 13 15:06 ikeping
-rwxr-xr-x    1 root     root       192934 Apr 13 15:06 klipsdebug
-rwxr-xr-x    1 root     root         1836 Apr 13 15:06 livetest
-rwxr-xr-x    1 root     root         2605 Apr 13 15:06 look
-rwxr-xr-x    1 root     root         7159 Apr 13 15:06 mailkey
-rwxr-xr-x    1 root     root        15996 Apr 13 15:06 manual
-rwxr-xr-x    1 root     root         1926 Apr 13 15:06 newhostkey
-rwxr-xr-x    1 root     root       172779 Apr 13 15:06 pf_key
-rwxr-xr-x    1 root     root      2784807 Apr 13 15:06 pluto
-rwxr-xr-x    1 root     root        52949 Apr 13 15:06 ranbits
-rwxr-xr-x    1 root     root        83291 Apr 13 15:06 rsasigkey
-rwxr-xr-x    1 root     root          766 Apr 13 15:06 secrets
-rwxr-xr-x    1 root     root        17660 Apr 13 15:06 send-pr
lrwxrwxrwx    1 root     root           22 Apr 13 15:06 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x    1 root     root         1054 Apr 13 15:06 showdefaults
-rwxr-xr-x    1 root     root         4748 Apr 13 15:06 showhostkey
-rwxr-xr-x    1 root     root       522111 Apr 13 15:06 spi
-rwxr-xr-x    1 root     root       260994 Apr 13 15:06 spigrp
-rwxr-xr-x    1 root     root        57585 Apr 13 15:06 tncfg
-rwxr-xr-x    1 root     root        11635 Apr 13 15:06 verify
-rwxr-xr-x    1 root     root       277133 Apr 13 15:06 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:    1236      14    0    0    0     0          0         0     1236      14    0    0    0     0       0          0
  eth0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth1:41995195  382831    0    0    0     0          0         0  6889338   52413    0    0    0     0       0          0
ipsec0:  516203    8097    0    3    0     0          0         0  1364980    8428    0 2808    0     0       0          0
ipsec1:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ipsec2:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ipsec3:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
ipsec0	6403A8C0	0201A8C0	0007	0	0	0	FFFFFFFF	0	0	0                                                                             
ipsec0	0064A8C0	0201A8C0	0003	0	0	0	00FFFFFF	0	0	0                                                                             
eth0	0032A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
eth1	0001A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
ipsec0	0001A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                             
eth1	0000FEA9	00000000	0001	0	0	0	0000FFFF	0	0	0                                                                               
lo	0000007F	00000000	0001	0	0	0	000000FF	0	0	0                                                                                 
eth1	00000000	0201A8C0	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
ipsec0/accept_redirects:1
ipsec0/secure_redirects:1
ipsec0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux vpnserver.testvpn.com 2.6.14NAT-T #3 PREEMPT Wed Apr 12 18:42:17 IST 2006 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
+ test -f /etc/debian-release
+ test -f /etc/SuSE-release
+ test -f /etc/mandrake-release
+ test -f /etc/mandriva-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.4.5rc5
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ ipfwadm -F -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -I -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -O -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -M -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ ipchains -L -v -n
ipchains: Incompatible with this kernel
+ _________________________
+ ipchains -M -L -v -n
ipchains: cannot open file `/proc/net/ip_masquerade'
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 286K packets, 28M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   352 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
    0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          udp dpt:1701 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID reject-with icmp-port-unreachable 
   12  1008 DROP       icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            192.168.1.127      multiport dports 22,21,20,80,443,25 state NEW 
    3   612 ACCEPT     udp  --  eth1   *       0.0.0.0/0            192.168.1.127      multiport dports 53,500,1214,4500 state NEW 
 1137  154K ACCEPT     esp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          
 1132 93846 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0          
  258 15818 ACCEPT     all  --  ppp+   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     esp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          state NEW,RELATED 
26407 2533K ACCEPT     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  eth1   ipsec0  0.0.0.0/0            0.0.0.0/0          udp dpt:4500 
    0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  *      ipsec0  0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  ppp+   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  *      ppp+    0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 25432 packets, 3359K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    4   352 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0          
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 215K packets, 23M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 23 packets, 3732 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 22 packets, 3672 bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 333K packets, 33M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 326K packets, 31M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 1 packets, 60 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 34533 packets, 4438K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 34534 packets, 4438K bytes)
 pkts bytes target     prot opt in     out     source               destination         
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ppp_synctty 9328 0 - Live 0xe018a000
ppp_async 10864 0 - Live 0xe017d000
crc_ccitt 1936 1 ppp_async, Live 0xe016e000
ppp_generic 27996 2 ppp_synctty,ppp_async, Live 0xe0182000
slhc 6640 1 ppp_generic, Live 0xe0175000
ipt_ULOG 7940 0 - Live 0xe0172000
ipt_ttl 1776 0 - Live 0xe016c000
ipt_TOS 2256 0 - Live 0xe016a000
ipt_tos 1520 0 - Live 0xe0164000
ipt_TCPMSS 4240 0 - Live 0xe0167000
ipt_tcpmss 2192 0 - Live 0xe0162000
ipt_state 1840 5 - Live 0xe0160000
ipt_SAME 2352 0 - Live 0xe0156000
ipt_REJECT 5136 1 - Live 0xe015d000
ipt_REDIRECT 2064 0 - Live 0xe0154000
ipt_recent 10544 0 - Live 0xe0159000
ipt_pkttype 1552 0 - Live 0xe0152000
ipt_owner 2000 0 - Live 0xe0150000
ipt_NOTRACK 1968 0 - Live 0xe014e000
ipt_NETMAP 1872 0 - Live 0xe00f9000
ipt_multiport 2320 2 - Live 0xe00f7000
ipt_MASQUERADE 3248 0 - Live 0xe00e0000
ipt_MARK 2288 0 - Live 0xe00f3000
ipt_mark 1552 0 - Live 0xe00ee000
ipt_mac 1840 0 - Live 0xe00ec000
ipt_LOG 6256 0 - Live 0xe00f0000
ipt_limit 2224 0 - Live 0xe00ea000
ipt_length 1584 0 - Live 0xe00e8000
ipt_iprange 1712 0 - Live 0xe00e6000
ipt_helper 1872 0 - Live 0xe00e4000
ipt_esp 1808 0 - Live 0xe00e2000
ipt_ECN 3184 0 - Live 0xe00d2000
ipt_ecn 2096 0 - Live 0xe00de000
ipt_DSCP 2320 0 - Live 0xe00dc000
ipt_dscp 1584 0 - Live 0xe00da000
ipt_conntrack 2448 0 - Live 0xe00d8000
ipt_CLASSIFY 2032 0 - Live 0xe00d6000
ipt_ah 1808 0 - Live 0xe00d4000
iptable_raw 1936 0 - Live 0xe00c6000
iptable_nat 7440 0 - Live 0xe00cf000
iptable_mangle 2640 0 - Live 0xe00a2000
iptable_filter 2832 1 - Live 0xe00ae000
ip_tables 20960 37 ipt_ULOG,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_tcpmss,ipt_state,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_pkttype,ipt_owner,ipt_NOTRACK,ipt_NETMAP,ipt_multiport,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ipt_length,ipt_iprange,ipt_helper,ipt_esp,ipt_ECN,ipt_ecn,ipt_DSCP,ipt_dscp,ipt_conntrack,ipt_CLASSIFY,ipt_ah,iptable_raw,iptable_nat,iptable_mangle,iptable_filter, Live 0xe00c8000
ip_nat_irc 2512 0 - Live 0xe00ac000
ip_nat_ftp 3088 0 - Live 0xe00aa000
ip_nat 17996 7 ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat,ip_nat_irc,ip_nat_ftp, Live 0xe00b1000
ip_conntrack_irc 6608 1 ip_nat_irc, Live 0xe00a7000
ip_conntrack_ftp 7312 1 ip_nat_ftp, Live 0xe00a4000
ipsec 332960 1 [permanent], Live 0xe00fb000
8139too 25136 0 - Live 0xe008c000
via_rhine 22164 0 - Live 0xe0094000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:       507340 kB
MemFree:         68512 kB
Buffers:        140820 kB
Cached:          65484 kB
SwapCached:          0 kB
Active:          91956 kB
Inactive:       121496 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       507340 kB
LowFree:         68512 kB
SwapTotal:     1052216 kB
SwapFree:      1052216 kB
Dirty:             176 kB
Writeback:           0 kB
Mapped:          10600 kB
Slab:           222716 kB
CommitLimit:   1305884 kB
Committed_AS:    12740 kB
PageTables:        312 kB
VmallocTotal:   524244 kB
VmallocUsed:      1544 kB
VmallocChunk:   522640 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
lrwxrwxrwx    1 root     root           16 Apr 17 12:37 /proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx    1 root     root           16 Apr 17 12:37 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx    1 root     root           13 Apr 17 12:37 /proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx    1 root     root           16 Apr 17 12:37 /proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx    1 root     root           11 Apr 17 12:37 /proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx    1 root     root           13 Apr 17 12:37 /proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.14NAT-T/build/.config
++ uname -r
+ cat /lib/modules/2.6.14NAT-T/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_IP_MROUTE is not set
CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_DCCP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
# CONFIG_IP_NF_MATCH_STRING is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IP_NF_TARGET_NFQUEUE is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
# CONFIG_IP_NF_TARGET_TTL is not set
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_CRYPTO_DEV_PADLOCK is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none		/var/log/messages

# The authpriv file has restricted access.
authpriv.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							/var/log/maillog


# Log cron stuff
cron.*							/var/log/cron

# Everybody gets emergency messages
*.emerg							*

# Save news errors of level crit and higher in a special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*						/var/log/boot.log

#
# INN
#
news.=crit                                        /var/log/news/news.crit
news.=err                                         /var/log/news/news.err
news.notice                                       /var/log/news/news.notice
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.1.1
nameserver 192.168.1.6
search localdomain
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 16
drwxr-xr-x    3 root     root         4096 Mar 30 21:31 2.4.20-8
drwxr-xr-x    3 root     root         4096 Apr 12 11:18 2.6.14
drwxr-xr-x    3 root     root         4096 Apr 12 11:28 2.6.14VPN_TEST_KERNEL
drwxr-xr-x    3 root     root         4096 Apr 13 15:09 2.6.14NAT-T
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02f4e3c T netif_rx
c02f4f7c T netif_rx_ni
c02f4e3c U netif_rx	[ppp_generic]
c02f4e3c U netif_rx	[ipsec]
c02f4e3c U netif_rx	[via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.20-8:          U netif_rx_R275cc58f
2.6.14: 
2.6.14NAT-T: 
2.6.14VPN_TEST_KERNEL: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ cat
+ _________________________ plog
+ sed -n '1,$p' /dev/null
+ egrep -i pluto
+ cat
+ _________________________ date
+ date
Mon Apr 17 12:37:50 IST 2006


More information about the Users mailing list