[Openswan Users] Natted L2TP client fails
Arun S
arunhere at inbox.com
Tue Apr 18 23:51:17 CEST 2006
Hi all,
I am running a VPN server version 2.4.5rc5 on a Linux box, kernel version 2.6.14. The server also runs a L2TP demon xl2tpd version 1.04. This server is not behind any firewalls (so no NAT).
It is fine with all mobile clients that are not natted. With a mobile client behind a firewall (i.e., peer is natted), IPsec gets established. But L2TP fails.
I have attached "ipsec barf" with this.
Can anyone help me to resolve this issue?
Thanks and regards,
Arun S.
-------------- next part --------------
Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Openswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
vpnserver.testvpn.com
Mon Apr 17 12:37:47 IST 2006
+ _________________________ version
+ ipsec --version
Linux Openswan 2.4.5rc5 (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.14NAT-T (root at vpnserver.testvpn.com) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #3 PREEMPT Wed Apr 12 18:42:17 IST 2006
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
1 192.168.1.127/32 -> 192.168.3.100/32 => tun0x1006 at 192.168.1.153
0 192.168.50.0/24 -> 192.168.100.0/24 => tun0x1002 at 192.168.1.129
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.100 192.168.1.2 255.255.255.255 UGH 0 0 0 ipsec0
192.168.100.0 192.168.1.2 255.255.255.0 UG 0 0 0 ipsec0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
esp0x4074679e at 192.168.1.129 ESP_3DES_HMAC_MD5: dir=out src=192.168.1.127 iv_bits=64bits iv=0x919a52acf9fa9e37 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=941
tun0x1006 at 192.168.1.153 IPIP: dir=out src=192.168.1.127 life(c,s,h)=bytes(80,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=none natsport=0 natdport=0 refcount=5 ref=967
esp0xdb40d596 at 192.168.1.127 ESP_3DES_HMAC_MD5: dir=in src=192.168.1.153 iv_bits=64bits iv=0xf4bdf2868e323478 ooowin=64 seq=29 bit=0x1fffffff alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(2938,0,0)addtime(506,0,0)usetime(491,0,0)packets(29,0,0) idle=3 natencap=nonesp natsport=4500 natdport=4500 refcount=33 ref=961
esp0xdb40d594 at 192.168.1.127 ESP_3DES_HMAC_MD5: dir=in src=192.168.1.129 iv_bits=64bits iv=0xc691a49e0e4c1cae ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=936
tun0x1005 at 192.168.1.127 IPIP: dir=in src=192.168.1.153 policy=192.168.3.100/32->192.168.1.127/32 flags=0x8<> life(c,s,h)=bytes(60,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=none natsport=0 natdport=0 refcount=4 ref=959
tun0x1002 at 192.168.1.129 IPIP: dir=out src=192.168.1.127 life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=940
tun0x1001 at 192.168.1.127 IPIP: dir=in src=192.168.1.129 policy=192.168.100.0/24->192.168.50.0/24 flags=0x8<> life(c,s,h)=addtime(4992,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=935
comp0x7fbb at 192.168.1.153 COMP_DEFLATE: dir=out src=192.168.1.127 life(c,s,h)=bytes(80,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 ratio=80:80 natencap=none natsport=0 natdport=0 refcount=5 ref=968
comp0x6597 at 192.168.1.127 COMP_DEFLATE: dir=in src=192.168.1.153 life(c,s,h)=addtime(506,0,0) ratio=80:80 natencap=none natsport=0 natdport=0 refcount=5 ref=960
esp0xe8ad9dac at 192.168.1.153 ESP_3DES_HMAC_MD5: dir=out src=192.168.1.127 iv_bits=64bits iv=0x2ac9481cf0097b48 ooowin=64 seq=1 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(112,0,0)addtime(506,0,0)usetime(470,0,0) idle=470 natencap=nonesp natsport=4500 natdport=4500 refcount=4 ref=969
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1006 at 192.168.1.153 comp0x7fbb at 192.168.1.153 esp0xe8ad9dac at 192.168.1.153
tun0x1005 at 192.168.1.127 comp0x6597 at 192.168.1.127 esp0xdb40d596 at 192.168.1.127
tun0x1002 at 192.168.1.129 esp0x4074679e at 192.168.1.129
tun0x1001 at 192.168.1.127 esp0xdb40d594 at 192.168.1.127
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.1.127
000 interface ipsec0/eth1 192.168.1.127
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,72} attrs={0,2,48}
000
000 "mobile": 192.168.1.127/32===192.168.1.127---192.168.1.2...%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "mobile": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobile": ike_life: 14400s; ipsec_life: 28800s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "mobile": policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,0; interface: eth1;
000 "mobile": dpd: action:clear; delay:30; timeout:60;
000 "mobile": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "mobile": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "mobile": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
000 "mobile": ESP algorithms wanted: 3_000-1, flags=-strict
000 "mobile": ESP algorithms loaded: 3_000-1, flags=-strict
000 "mobile"[2]: 192.168.1.127/32===192.168.1.127---192.168.1.2...192.168.1.153[192.168.3.100]===192.168.3.100/32; erouted; eroute owner: #6
000 "mobile"[2]: srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "mobile"[2]: ike_life: 14400s; ipsec_life: 28800s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "mobile"[2]: policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,0; interface: eth1;
000 "mobile"[2]: dpd: action:clear; delay:30; timeout:60;
000 "mobile"[2]: newest ISAKMP SA: #5; newest IPsec SA: #6;
000 "mobile"[2]: IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "mobile"[2]: IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
000 "mobile"[2]: IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "mobile"[2]: ESP algorithms wanted: 3_000-1, flags=-strict
000 "mobile"[2]: ESP algorithms loaded: 3_000-1, flags=-strict
000 "mobile"[2]: ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000 "new1": 192.168.50.0/24===192.168.1.127---192.168.1.2...192.168.1.129===192.168.100.0/24; erouted; eroute owner: #2
000 "new1": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "new1": ike_life: 24000s; ipsec_life: 24000s; rekey_margin: 25s; rekey_fuzz: 100%; keyingtries: 10
000 "new1": policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface: eth1;
000 "new1": dpd: action:restart; delay:30; timeout:60;
000 "new1": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "new1": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, flags=-strict
000 "new1": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
000 "new1": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "new1": ESP algorithms wanted: 3_000-1, flags=-strict
000 "new1": ESP algorithms loaded: 3_000-1, flags=-strict
000 "new1": ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000
000 #6: "mobile"[2] 192.168.1.153:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3082s; newest IPSEC; eroute owner
000 #6: "mobile"[2] 192.168.1.153 used 434s ago; esp.e8ad9dac at 192.168.1.153 esp.db40d596 at 192.168.1.127 comp.7fbb at 192.168.1.153 comp.6597 at 192.168.1.127 tun.1006 at 192.168.1.153 tun.1005 at 192.168.1.127
000 #5: "mobile"[2] 192.168.1.153:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 13882s; newest ISAKMP; lastdpd=23s(seq in:23076 out:0)
000 #2: "new1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 18979s; newest IPSEC; eroute owner
000 #2: "new1" esp.4074679e at 192.168.1.129 esp.db40d594 at 192.168.1.127 tun.1002 at 192.168.1.129 tun.1001 at 192.168.1.127
000 #1: "new1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 18967s; newest ISAKMP; lastdpd=16s(seq in:20568 out:0)
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:40:63:C0:44:A0
inet addr:192.168.50.1 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0xe800
eth1 Link encap:Ethernet HWaddr 00:80:48:33:20:D4
inet addr:192.168.1.127 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:382816 errors:0 dropped:0 overruns:0 frame:0
TX packets:52413 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41993237 (40.0 Mb) TX bytes:6889338 (6.5 Mb)
Interrupt:11 Base address:0xec00
ipsec0 Link encap:Ethernet HWaddr 00:80:48:33:20:D4
inet addr:192.168.1.127 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:8097 errors:0 dropped:3 overruns:0 frame:0
TX packets:8428 errors:0 dropped:2808 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:516203 (504.1 Kb) TX bytes:1364980 (1.3 Mb)
ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1236 (1.2 Kb) TX bytes:1236 (1.2 Kb)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:63:c0:44:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.1/24 brd 192.168.50.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:48:33:20:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.127/24 brd 192.168.1.255 scope global eth1
4: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:80:48:33:20:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.127/24 brd 192.168.1.255 scope global ipsec0
5: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
6: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
7: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
+ _________________________ ip-route-list
+ ip route list
192.168.3.100 via 192.168.1.2 dev ipsec0
192.168.100.0/24 via 192.168.1.2 dev ipsec0
192.168.50.0/24 dev eth0 scope link
192.168.1.0/24 dev eth1 scope link
192.168.1.0/24 dev ipsec0 proto kernel scope link src 192.168.1.127
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.2 dev eth1
+ _________________________ ip-rule-list
+ ip rule list
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5rc5 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no link
product info: vendor 00:40:63, model 50 rev 5
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
vpnserver.testvpn.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
12:37:48 up 3 days, 21:29, 2 users, load average: 0.28, 0.09, 0.02
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 14609 14140 16 0 4148 1104 do_wai S pts/0 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
0 0 14775 14609 18 0 1504 464 pipe_w S pts/0 0:00 \_ grep -E -i ppid|pluto|ipsec|klips
1 0 14316 1 23 0 2076 400 do_wai S pts/0 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelp
1 0 14317 14316 23 0 2076 612 do_wai S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --n
4 0 14318 14317 15 0 2328 1252 rest_i S pts/0 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids --nat_traversal
1 0 14328 14318 25 10 2284 488 rest_i SN pts/0 0:00 | \_ pluto helper # 0
0 0 14329 14318 25 0 1416 248 rest_i S pts/0 0:00 | \_ _pluto_adns
0 0 14319 14316 15 0 2044 956 pipe_w S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0 0 14320 1 23 0 1364 448 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec _include /etc/ipsec.conf
#< /etc/ipsec.conf 1
version 2.0
config setup
interfaces="ipsec0=eth1"
nat_traversal=yes
strictcrlpolicy=no
forwardcontrol=yes
uniqueids=yes
nocrsend=no
conn new1
right=192.168.1.129
rightsubnet=192.168.100.0/24
left=192.168.1.127
leftsubnet=192.168.50.0/255.255.255.0
leftnexthop=192.168.1.2
esp=3des-md5
type=tunnel
authby=secret
dpddelay=30
dpdtimeout=60
dpdaction=restart
ike=3des-md5
ikelifetime=400m
keylife=400m
pfs=yes
compress=yes
keyingtries=10
rekey=yes
rekeymargin=25s
auto=start
conn mobile
right=%any
rightsubnetwithin=0.0.0.0/0
left=192.168.1.127
leftsubnet=192.168.1.127/255.255.255.255
leftnexthop=192.168.1.2
dpddelay=30
dpdtimeout=60
dpdaction=clear
esp=3des-md5
type=tunnel
authby=secret
ike=3des-md5
ikelifetime=14400s
keylife=28800s
pfs=yes
compress=yes
keyingtries=10
rekey=yes
rekeymargin=25s
auto=add
conn mobile-wxp
rightprotoport=17/%any
leftprotoport=17/0
also=mobile
pfs=no
conn mobile-wxp2
rightprotoport=17/%any
leftprotoport=17/1701
also=mobile
pfs=no
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
192.168.1.127 : PSK "[sums to xxxxxxx]"
192.168.1.129 192.168.1.127: PSK "[sums to xxxxxxx]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 148
-rwxr-xr-x 1 root root 15849 Apr 13 15:06 _confread
-rwxr-xr-x 1 root root 49027 Apr 13 15:06 _copyright
-rwxr-xr-x 1 root root 2379 Apr 13 15:06 _include
-rwxr-xr-x 1 root root 1475 Apr 13 15:06 _keycensor
-rwxr-xr-x 1 root root 3586 Apr 13 15:06 _plutoload
-rwxr-xr-x 1 root root 7073 Apr 13 15:06 _plutorun
-rwxr-xr-x 1 root root 12275 Apr 13 15:06 _realsetup
-rwxr-xr-x 1 root root 1975 Apr 13 15:06 _secretcensor
-rwxr-xr-x 1 root root 9958 Apr 13 15:06 _startklips
-rwxr-xr-x 1 root root 13887 Apr 13 15:06 _updown
-rwxr-xr-x 1 root root 15746 Apr 13 15:06 _updown_x509
-rwxr-xr-x 1 root root 1942 Apr 13 15:06 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 5008
-rwxr-xr-x 1 root root 73340 Apr 13 15:06 _pluto_adns
-rwxr-xr-x 1 root root 18891 Apr 13 15:06 auto
-rwxr-xr-x 1 root root 11355 Apr 13 15:06 barf
-rwxr-xr-x 1 root root 816 Apr 13 15:06 calcgoo
-rwxr-xr-x 1 root root 322229 Apr 13 15:06 eroute
-rwxr-xr-x 1 root root 133319 Apr 13 15:06 ikeping
-rwxr-xr-x 1 root root 192934 Apr 13 15:06 klipsdebug
-rwxr-xr-x 1 root root 1836 Apr 13 15:06 livetest
-rwxr-xr-x 1 root root 2605 Apr 13 15:06 look
-rwxr-xr-x 1 root root 7159 Apr 13 15:06 mailkey
-rwxr-xr-x 1 root root 15996 Apr 13 15:06 manual
-rwxr-xr-x 1 root root 1926 Apr 13 15:06 newhostkey
-rwxr-xr-x 1 root root 172779 Apr 13 15:06 pf_key
-rwxr-xr-x 1 root root 2784807 Apr 13 15:06 pluto
-rwxr-xr-x 1 root root 52949 Apr 13 15:06 ranbits
-rwxr-xr-x 1 root root 83291 Apr 13 15:06 rsasigkey
-rwxr-xr-x 1 root root 766 Apr 13 15:06 secrets
-rwxr-xr-x 1 root root 17660 Apr 13 15:06 send-pr
lrwxrwxrwx 1 root root 22 Apr 13 15:06 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Apr 13 15:06 showdefaults
-rwxr-xr-x 1 root root 4748 Apr 13 15:06 showhostkey
-rwxr-xr-x 1 root root 522111 Apr 13 15:06 spi
-rwxr-xr-x 1 root root 260994 Apr 13 15:06 spigrp
-rwxr-xr-x 1 root root 57585 Apr 13 15:06 tncfg
-rwxr-xr-x 1 root root 11635 Apr 13 15:06 verify
-rwxr-xr-x 1 root root 277133 Apr 13 15:06 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 1236 14 0 0 0 0 0 0 1236 14 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth1:41995195 382831 0 0 0 0 0 0 6889338 52413 0 0 0 0 0 0
ipsec0: 516203 8097 0 3 0 0 0 0 1364980 8428 0 2808 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
ipsec0 6403A8C0 0201A8C0 0007 0 0 0 FFFFFFFF 0 0 0
ipsec0 0064A8C0 0201A8C0 0003 0 0 0 00FFFFFF 0 0 0
eth0 0032A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
ipsec0 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF 0 0 0
eth1 00000000 0201A8C0 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
ipsec0/accept_redirects:1
ipsec0/secure_redirects:1
ipsec0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux vpnserver.testvpn.com 2.6.14NAT-T #3 PREEMPT Wed Apr 12 18:42:17 IST 2006 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
+ test -f /etc/debian-release
+ test -f /etc/SuSE-release
+ test -f /etc/mandrake-release
+ test -f /etc/mandriva-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.4.5rc5
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ ipfwadm -F -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -I -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -O -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -M -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ ipchains -L -v -n
ipchains: Incompatible with this kernel
+ _________________________
+ ipchains -M -L -v -n
ipchains: cannot open file `/proc/net/ip_masquerade'
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 286K packets, 28M bytes)
pkts bytes target prot opt in out source destination
4 352 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID reject-with icmp-port-unreachable
12 1008 DROP icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.1.127 multiport dports 22,21,20,80,443,25 state NEW
3 612 ACCEPT udp -- eth1 * 0.0.0.0/0 192.168.1.127 multiport dports 53,500,1214,4500 state NEW
1137 154K ACCEPT esp -- eth1 * 0.0.0.0/0 0.0.0.0/0
1132 93846 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
258 15818 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED
26407 2533K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- eth1 ipsec0 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ipsec0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 25432 packets, 3359K bytes)
pkts bytes target prot opt in out source destination
4 352 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 215K packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 23 packets, 3732 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 22 packets, 3672 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 333K packets, 33M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 326K packets, 31M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1 packets, 60 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 34533 packets, 4438K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 34534 packets, 4438K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ppp_synctty 9328 0 - Live 0xe018a000
ppp_async 10864 0 - Live 0xe017d000
crc_ccitt 1936 1 ppp_async, Live 0xe016e000
ppp_generic 27996 2 ppp_synctty,ppp_async, Live 0xe0182000
slhc 6640 1 ppp_generic, Live 0xe0175000
ipt_ULOG 7940 0 - Live 0xe0172000
ipt_ttl 1776 0 - Live 0xe016c000
ipt_TOS 2256 0 - Live 0xe016a000
ipt_tos 1520 0 - Live 0xe0164000
ipt_TCPMSS 4240 0 - Live 0xe0167000
ipt_tcpmss 2192 0 - Live 0xe0162000
ipt_state 1840 5 - Live 0xe0160000
ipt_SAME 2352 0 - Live 0xe0156000
ipt_REJECT 5136 1 - Live 0xe015d000
ipt_REDIRECT 2064 0 - Live 0xe0154000
ipt_recent 10544 0 - Live 0xe0159000
ipt_pkttype 1552 0 - Live 0xe0152000
ipt_owner 2000 0 - Live 0xe0150000
ipt_NOTRACK 1968 0 - Live 0xe014e000
ipt_NETMAP 1872 0 - Live 0xe00f9000
ipt_multiport 2320 2 - Live 0xe00f7000
ipt_MASQUERADE 3248 0 - Live 0xe00e0000
ipt_MARK 2288 0 - Live 0xe00f3000
ipt_mark 1552 0 - Live 0xe00ee000
ipt_mac 1840 0 - Live 0xe00ec000
ipt_LOG 6256 0 - Live 0xe00f0000
ipt_limit 2224 0 - Live 0xe00ea000
ipt_length 1584 0 - Live 0xe00e8000
ipt_iprange 1712 0 - Live 0xe00e6000
ipt_helper 1872 0 - Live 0xe00e4000
ipt_esp 1808 0 - Live 0xe00e2000
ipt_ECN 3184 0 - Live 0xe00d2000
ipt_ecn 2096 0 - Live 0xe00de000
ipt_DSCP 2320 0 - Live 0xe00dc000
ipt_dscp 1584 0 - Live 0xe00da000
ipt_conntrack 2448 0 - Live 0xe00d8000
ipt_CLASSIFY 2032 0 - Live 0xe00d6000
ipt_ah 1808 0 - Live 0xe00d4000
iptable_raw 1936 0 - Live 0xe00c6000
iptable_nat 7440 0 - Live 0xe00cf000
iptable_mangle 2640 0 - Live 0xe00a2000
iptable_filter 2832 1 - Live 0xe00ae000
ip_tables 20960 37 ipt_ULOG,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_tcpmss,ipt_state,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_pkttype,ipt_owner,ipt_NOTRACK,ipt_NETMAP,ipt_multiport,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ipt_length,ipt_iprange,ipt_helper,ipt_esp,ipt_ECN,ipt_ecn,ipt_DSCP,ipt_dscp,ipt_conntrack,ipt_CLASSIFY,ipt_ah,iptable_raw,iptable_nat,iptable_mangle,iptable_filter, Live 0xe00c8000
ip_nat_irc 2512 0 - Live 0xe00ac000
ip_nat_ftp 3088 0 - Live 0xe00aa000
ip_nat 17996 7 ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,iptable_nat,ip_nat_irc,ip_nat_ftp, Live 0xe00b1000
ip_conntrack_irc 6608 1 ip_nat_irc, Live 0xe00a7000
ip_conntrack_ftp 7312 1 ip_nat_ftp, Live 0xe00a4000
ipsec 332960 1 [permanent], Live 0xe00fb000
8139too 25136 0 - Live 0xe008c000
via_rhine 22164 0 - Live 0xe0094000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 507340 kB
MemFree: 68512 kB
Buffers: 140820 kB
Cached: 65484 kB
SwapCached: 0 kB
Active: 91956 kB
Inactive: 121496 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 507340 kB
LowFree: 68512 kB
SwapTotal: 1052216 kB
SwapFree: 1052216 kB
Dirty: 176 kB
Writeback: 0 kB
Mapped: 10600 kB
Slab: 222716 kB
CommitLimit: 1305884 kB
Committed_AS: 12740 kB
PageTables: 312 kB
VmallocTotal: 524244 kB
VmallocUsed: 1544 kB
VmallocChunk: 522640 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
lrwxrwxrwx 1 root root 16 Apr 17 12:37 /proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx 1 root root 16 Apr 17 12:37 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx 1 root root 13 Apr 17 12:37 /proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx 1 root root 16 Apr 17 12:37 /proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx 1 root root 11 Apr 17 12:37 /proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx 1 root root 13 Apr 17 12:37 /proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.14NAT-T/build/.config
++ uname -r
+ cat /lib/modules/2.6.14NAT-T/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_IP_MROUTE is not set
CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_DCCP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
# CONFIG_IP_NF_MATCH_STRING is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IP_NF_TARGET_NFQUEUE is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
# CONFIG_IP_NF_TARGET_TTL is not set
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_CRYPTO_DEV_PADLOCK is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#
# INN
#
news.=crit /var/log/news/news.crit
news.=err /var/log/news/news.err
news.notice /var/log/news/news.notice
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.1.1
nameserver 192.168.1.6
search localdomain
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 16
drwxr-xr-x 3 root root 4096 Mar 30 21:31 2.4.20-8
drwxr-xr-x 3 root root 4096 Apr 12 11:18 2.6.14
drwxr-xr-x 3 root root 4096 Apr 12 11:28 2.6.14VPN_TEST_KERNEL
drwxr-xr-x 3 root root 4096 Apr 13 15:09 2.6.14NAT-T
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02f4e3c T netif_rx
c02f4f7c T netif_rx_ni
c02f4e3c U netif_rx [ppp_generic]
c02f4e3c U netif_rx [ipsec]
c02f4e3c U netif_rx [via_rhine]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.20-8: U netif_rx_R275cc58f
2.6.14:
2.6.14NAT-T:
2.6.14VPN_TEST_KERNEL:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ cat
+ _________________________ plog
+ sed -n '1,$p' /dev/null
+ egrep -i pluto
+ cat
+ _________________________ date
+ date
Mon Apr 17 12:37:50 IST 2006
More information about the Users
mailing list