Fw: [Openswan Users]
Gbenga
stjames08 at yahoo.co.uk
Thu Apr 20 03:04:51 CEST 2006
Hi all,
I recompiled the kernel again, this time with kernel 2.6.16 and enabled CONFIG_IPSEC_NAT_TRAVERSAL=y and CONFIG_KLIPS=m.
This compiled ok and I was able to compile and install user-land: modprobe ipsec (ok)
However, when I ran ipsec verify, NAT Traversal support failed ??
aparo:/home/osogbetun# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
I need NAT-T for my setup and I will grateful if someone can explain why despite enabling NAT-T in the kernel, it would not compile properly. ipsec barf output is attached.
Also, how long does it take to for ipsec newhostkey takes to generate a key? Or what is the best way to generate keys for ipsec.secrets file?
Rgds,
Gbenga
On Sat, 15 Apr 2006, Gbenga wrote:
> Next I compiled the openswan userland. which compiled well. To install I run, "make module minstall". I however, I have trouble inserting/modprobing the new ipsec.ko.
>
> I get the error output:
>
> aparo:~# modprobe ipsec
> FATAL: Error inserting ipsec (/lib/modules/2.6.16.5/kernel/net/ipsec/ipsec.ko): Unknown symbol in module, or unknown parameter (see dmesg)
What did dmesg say? This could be for instance a different c compiler that was
used for the kernel and the kernel module compile.
> ipsec verify :
>
> aparo:/home/osogbetun# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.5 (klips)
Odd, it seems you have the module loaded anyway?
> Checking for IPsec support in kernel [OK]
> KLIPS detected, checking for NAT Traversal support [FAILED]
Did you boot into the new kernel? For the nat-t patch, which patches the
kernel's udp.c, you must rebuild both the kernel and all modules.
> However, I need some clarification regarding compiling klip, because there are many procedures from different sources.
> a.) the openswan book, it says to "For NAT-T patch: KERNELSRC=/source_to_kernel_source; cd openswan; make nattpatch > /usr/src/openswan-ipsec-natt.patch; cd $kernelsource_dir; cat /usr/src/openswan-ipsec-natt.patch | patch -p1 -s; make clean; make oldconfig
>
> b.) openswan wiki (http://wiki.openswan.org/index.php/Building%20from%20tarballs%20for%202.6) gives a different angle to how compile for kernel26. (note the line: export KERNELSRC=/lib/modules/`uname -r`/build)
>
> c.) from the README file in openswan source dir:
> make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make bzImage)
These are three different ways that accomplish the same, though c) needs to
have KERNELSRC set as well. KERNELSRC points to the kernel header files. These
can come from the full kernel source, but are also often installed in the
directory /lib/modules/kernel-version/build
> From the openswan source directory, build the userland tools, and ipsec.o kernel module:
> "make KERNELSRC=/usr/src/linux-2.6 programs module"
> to install "make KERNELSRC=/usr/src/linux-2.6 install minstall"
>
> I would appreciate if someone can give me a working step-by-step guide to getting kernel 2.6.16.X working with native i.e compiled in klip, openswan 2.4.5
Either works, it depends on where/how your kernel source is. The /lib/modules/kernel-version method
only works for kernel modules. If you want the NAT-T patch, you will need the full kernel source.
Though on fedora for example, when installing the kernel-devel package, your kernel source will be
available through /lib/modules/kernel-version/build, or in /usr/src/kernels/kernel-version
Paul
-------------- next part --------------
aparo
Thu Apr 20 02:26:30 IST 2006
+ _________________________ version
+ ipsec --version
Linux Openswan 2.4.5 (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.16 (root at aparo) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #1 Wed Apr 19 23:04:33 IST 2006
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ipsec0
0.0.0.0 10.10.1.3 0.0.0.0 UG 0 0 0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 10.10.1.57
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:02:A5:2B:51:43
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth1 Link encap:Ethernet HWaddr 00:02:A5:45:F5:91
inet addr:10.10.1.57 Bcast:10.10.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:139132 errors:0 dropped:0 overruns:0 frame:0
TX packets:17015 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18102992 (17.2 MiB) TX bytes:3156424 (3.0 MiB)
ipsec0 Link encap:Ethernet HWaddr 00:02:A5:45:F5:91
inet addr:10.10.1.57 Mask:255.255.0.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:200 (200.0 b) TX bytes:200 (200.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:02:a5:2b:51:43 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:a5:45:f5:91 brd ff:ff:ff:ff:ff:ff
inet 10.10.1.57/16 brd 10.10.255.255 scope global eth1
4: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:02:a5:45:f5:91 brd ff:ff:ff:ff:ff:ff
inet 10.10.1.57/16 brd 10.10.255.255 scope global ipsec0
5: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
6: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
7: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
+ _________________________ ip-route-list
+ ip route list
10.10.0.0/16 dev eth1 proto kernel scope link src 10.10.1.57
10.10.0.0/16 dev ipsec0 proto kernel scope link src 10.10.1.57
default via 10.10.1.3 dev eth1
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no link
product info: vendor 00:aa:00, model 50 rev 0
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: negotiated 100baseTx-FD flow-control, link ok
product info: Intel 82555 rev 4
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
aparo.eng.esat.ie
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.10.1.57
+ _________________________ uptime
+ uptime
02:26:30 up 2:38, 1 user, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 20596 19822 16 0 2804 1304 - R+ pts/1 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
1 0 20456 1 21 0 2384 436 wait S pts/1 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 20457 20456 21 0 2384 580 wait S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 20458 20457 15 0 2552 1056 - S pts/1 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
1 0 20459 20458 30 10 2552 412 - SN pts/1 0:00 | \_ pluto helper # 0
0 0 20460 20458 25 0 1504 276 - S pts/1 0:00 | \_ _pluto_adns
0 0 20461 20456 23 0 2364 1080 pipe_w S pts/1 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0 0 20463 1 21 0 1572 504 pipe_w S pts/1 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth1
routevirt=ipsec0
routeaddr=10.10.1.57
routenexthop=10.10.1.3
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# Add connections here
# sample VPN connection
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=start
#Disable Opportunistic Encryption
#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 42
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
: RSA {
: RSA {
: RSA {
: RSA {
: RSA {
# RSA 2192 bits aparo Thu Apr 20 00:55:40 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQPojm0ZP]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 156
-rwxr-xr-x 1 root staff 15859 Apr 20 00:49 _confread
-rwxr-xr-x 1 root staff 49861 Apr 20 00:49 _copyright
-rwxr-xr-x 1 root staff 2379 Apr 20 00:49 _include
-rwxr-xr-x 1 root staff 1475 Apr 20 00:49 _keycensor
-rwxr-xr-x 1 root staff 3586 Apr 20 00:49 _plutoload
-rwxr-xr-x 1 root staff 7073 Apr 20 00:49 _plutorun
-rwxr-xr-x 1 root staff 12275 Apr 20 00:49 _realsetup
-rwxr-xr-x 1 root staff 1975 Apr 20 00:49 _secretcensor
-rwxr-xr-x 1 root staff 9958 Apr 20 00:49 _startklips
-rwxr-xr-x 1 root staff 13918 Apr 20 00:49 _updown
-rwxr-xr-x 1 root staff 15746 Apr 20 00:49 _updown_x509
-rwxr-xr-x 1 root staff 1942 Apr 20 00:49 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 5160
-rwxr-xr-x 1 root staff 75206 Apr 20 00:49 _pluto_adns
-rwxr-xr-x 1 root staff 18891 Apr 20 00:49 auto
-rwxr-xr-x 1 root staff 11355 Apr 20 00:49 barf
-rwxr-xr-x 1 root staff 816 Apr 20 00:49 calcgoo
-rwxr-xr-x 1 root staff 332489 Apr 20 00:49 eroute
-rwxr-xr-x 1 root staff 136111 Apr 20 00:49 ikeping
-rwxr-xr-x 1 root staff 197702 Apr 20 00:49 klipsdebug
-rwxr-xr-x 1 root staff 1836 Apr 20 00:49 livetest
-rwxr-xr-x 1 root staff 2605 Apr 20 00:49 look
-rwxr-xr-x 1 root staff 7159 Apr 20 00:49 mailkey
-rwxr-xr-x 1 root staff 16015 Apr 20 00:49 manual
-rwxr-xr-x 1 root staff 1926 Apr 20 00:49 newhostkey
-rwxr-xr-x 1 root staff 177165 Apr 20 00:49 pf_key
-rwxr-xr-x 1 root staff 2857239 Apr 20 00:49 pluto
-rwxr-xr-x 1 root staff 53917 Apr 20 00:49 ranbits
-rwxr-xr-x 1 root staff 86095 Apr 20 00:49 rsasigkey
-rwxr-xr-x 1 root staff 766 Apr 20 00:49 secrets
-rwxr-xr-x 1 root staff 17660 Apr 20 00:49 send-pr
lrwxrwxrwx 1 root staff 17 Apr 20 00:49 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root staff 1054 Apr 20 00:49 showdefaults
-rwxr-xr-x 1 root staff 4748 Apr 20 00:49 showhostkey
-rwxr-xr-x 1 root staff 533591 Apr 20 00:49 spi
-rwxr-xr-x 1 root staff 269074 Apr 20 00:49 spigrp
-rwxr-xr-x 1 root staff 58757 Apr 20 00:49 tncfg
-rwxr-xr-x 1 root staff 11635 Apr 20 00:49 verify
-rwxr-xr-x 1 root staff 299031 Apr 20 00:49 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 200 4 0 0 0 0 0 0 200 4 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth1:18103208 139135 0 0 0 0 0 0 3156424 17015 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth1 00000A0A 00000000 0001 0 0 0 0000FFFF 0 0 0
ipsec0 00000A0A 00000000 0001 0 0 0 0000FFFF 0 0 0
eth1 00000000 03010A0A 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:1
lo/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
ipsec0/accept_redirects:1
ipsec0/secure_redirects:1
ipsec0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux aparo 2.6.16 #1 Wed Apr 19 23:04:33 IST 2006 i686 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ test -f /etc/redhat-release
+ test -f /etc/debian-release
+ test -f /etc/SuSE-release
+ test -f /etc/mandrake-release
+ test -f /etc/mandriva-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.4.5
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 6624 packets, 757K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1126 packets, 188K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 5710 packets, 757K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 14 packets, 877 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 14 packets, 877 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 7372 packets, 839K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 6604 packets, 756K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1106 packets, 185K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1106 packets, 185K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 2816 0 - Live 0xd099a000
iptable_filter 2944 0 - Live 0xd088f000
ipsec 328328 1 - Live 0xd0ae0000
shpchp 42624 0 - Live 0xd09c8000
pci_hotplug 10340 1 shpchp, Live 0xd0996000
hw_random 5752 0 - Live 0xd0882000
intel_agp 21308 1 - Live 0xd098f000
uhci_hcd 29744 0 - Live 0xd0986000
usbcore 118308 2 uhci_hcd, Live 0xd09aa000
e100 32356 0 - Live 0xd097d000
mii 5344 1 e100, Live 0xd0895000
agpgart 33084 1 intel_agp, Live 0xd08d4000
ide_cd 38660 0 - Live 0xd08c9000
cdrom 36320 1 ide_cd, Live 0xd08bf000
rtc 11828 0 - Live 0xd08a0000
ext3 124264 5 - Live 0xd08e4000
jbd 50388 1 ext3, Live 0xd08b1000
ide_disk 15520 7 - Live 0xd089b000
ide_generic 1408 0 [permanent], Live 0xd088d000
via82cxxx 8900 0 [permanent], Live 0xd0891000
trm290 4260 0 [permanent], Live 0xd088a000
triflex 3872 0 [permanent], Live 0xd0888000
slc90e66 5568 0 [permanent], Live 0xd0885000
sis5513 14792 0 [permanent], Live 0xd086d000
siimage 11264 0 [permanent], Live 0xd087e000
serverworks 8680 0 [permanent], Live 0xd087a000
sc1200 7072 0 [permanent], Live 0xd0825000
rz1000 2784 0 [permanent], Live 0xd0833000
piix 9956 0 [permanent], Live 0xd0876000
pdc202xx_old 10336 0 [permanent], Live 0xd0872000
opti621 4324 0 [permanent], Live 0xd0863000
ns87415 4296 0 [permanent], Live 0xd0860000
hpt366 17696 0 [permanent], Live 0xd0867000
hpt34x 5056 0 [permanent], Live 0xd085d000
generic 4612 0 [permanent], Live 0xd083c000
cy82c693 4612 0 [permanent], Live 0xd0839000
cs5530 5184 0 [permanent], Live 0xd0830000
cmd64x 10908 0 [permanent], Live 0xd0835000
atiixp 5744 0 [permanent], Live 0xd0828000
amd74xx 13660 0 [permanent], Live 0xd082b000
alim15x3 11276 0 [permanent], Live 0xd0812000
aec62xx 7136 0 [permanent], Live 0xd0822000
pdc202xx_new 8160 0 [permanent], Live 0xd0816000
ide_core 114504 27 ide_cd,ide_disk,ide_generic,via82cxxx,trm290,triflex,slc90e66,sis5513,siimage,serverworks,sc1200,rz1000,piix,pdc202xx_old,opti621,ns87415,hpt366,hpt34x,generic,cy82c693,cs5530,cmd64x,atiixp,amd74xx,alim15x3,aec62xx,pdc202xx_new, Live 0xd0840000
unix 24720 22 - Live 0xd081a000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 256288 kB
MemFree: 30692 kB
Buffers: 51572 kB
Cached: 138656 kB
SwapCached: 0 kB
Active: 120700 kB
Inactive: 73860 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 256288 kB
LowFree: 30692 kB
SwapTotal: 979924 kB
SwapFree: 979924 kB
Dirty: 48 kB
Writeback: 0 kB
Mapped: 7332 kB
Slab: 28124 kB
CommitLimit: 1108068 kB
Committed_AS: 28616 kB
PageTables: 316 kB
VmallocTotal: 778200 kB
VmallocUsed: 2692 kB
VmallocChunk: 774928 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
lrwxrwxrwx 1 root root 16 Apr 20 02:26 /proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx 1 root root 16 Apr 20 02:26 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx 1 root root 13 Apr 20 02:26 /proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx 1 root root 16 Apr 20 02:26 /proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx 1 root root 11 Apr 20 02:26 /proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx 1 root root 13 Apr 20 02:26 /proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
# CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
# CONFIG_IP_PIMSM_V1 is not set
# CONFIG_IP_PIMSM_V2 is not set
CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_NETBIOS_NS=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_MATCH_POLICY=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
CONFIG_KLIPS=m
CONFIG_KLIPS_ESP=y
# CONFIG_KLIPS_AH is not set
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ALG=y
# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_IPCOMP=y
CONFIG_KLIPS_DEBUG=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
# CONFIG_IPMI_SI is not set
CONFIG_IPMI_WATCHDOG=m
# CONFIG_IPMI_POWEROFF is not set
CONFIG_HW_RANDOM=m
# CONFIG_CRYPTO_DEV_PADLOCK is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
search eng.esat.ie
nameserver 10.11.0.90
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 3
drwxr-xr-x 5 root root 1024 Apr 18 17:54 2.6.8-2-386
drwxr-xr-x 3 root root 1024 Apr 19 22:14 2.6.16.npvpn
drwxr-xr-x 3 root root 1024 Apr 20 00:49 2.6.16
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c01fd011 T netif_rx
c01fd12b T netif_rx_ni
c01fd011 U netif_rx [ipsec]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.16:
2.6.16.npvpn:
2.6.8-2-386:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '4301,$p' /var/log/syslog
+ egrep -i 'ipsec|klips|pluto'
+ cat
Apr 20 02:04:06 aparo ipsec_setup: Starting Openswan IPsec 2.4.5...
Apr 20 02:04:06 aparo ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: premature end of RSA key
Apr 20 02:04:06 aparo ipsec__plutorun: 003 "/etc/ipsec.secrets" line 3: premature end of RSA key
Apr 20 02:04:06 aparo ipsec__plutorun: 003 "/etc/ipsec.secrets" line 4: premature end of RSA key
Apr 20 02:04:06 aparo ipsec__plutorun: 003 "/etc/ipsec.secrets" line 5: premature end of RSA key
+ _________________________ plog
+ sed -n '252,$p' /var/log/auth.log
+ egrep -i pluto
+ cat
Apr 20 02:04:06 aparo ipsec__plutorun: Starting Pluto subsystem...
Apr 20 02:04:06 aparo pluto[20458]: Starting Pluto (Openswan Version 2.4.5 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEnMCu\177xOp at c)
Apr 20 02:04:06 aparo pluto[20458]: Setting NAT-Traversal port-4500 floating to off
Apr 20 02:04:06 aparo pluto[20458]: port floating activation criteria nat_t=0/port_fload=1
Apr 20 02:04:06 aparo pluto[20458]: including NAT-Traversal patch (Version 0.6c) [disabled]
Apr 20 02:04:06 aparo pluto[20458]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 20 02:04:06 aparo pluto[20458]: starting up 1 cryptographic helpers
Apr 20 02:04:06 aparo pluto[20458]: started helper pid=20459 (fd:6)
Apr 20 02:04:06 aparo pluto[20458]: Using KLIPS IPsec interface code on 2.6.16
Apr 20 02:04:06 aparo pluto[20458]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 20 02:04:06 aparo pluto[20458]: Changing to directory '/etc/ipsec.d/aacerts'
Apr 20 02:04:06 aparo pluto[20458]: Changing to directory '/etc/ipsec.d/ocspcerts'
Apr 20 02:04:06 aparo pluto[20458]: Changing to directory '/etc/ipsec.d/crls'
Apr 20 02:04:06 aparo pluto[20458]: Warning: empty directory
Apr 20 02:04:06 aparo pluto[20458]: listening for IKE messages
Apr 20 02:04:06 aparo pluto[20458]: adding interface ipsec0/eth1 10.10.1.57:500
Apr 20 02:04:06 aparo pluto[20458]: loading secrets from "/etc/ipsec.secrets"
Apr 20 02:04:06 aparo pluto[20458]: "/etc/ipsec.secrets" line 2: premature end of RSA key
Apr 20 02:04:06 aparo pluto[20458]: "/etc/ipsec.secrets" line 3: premature end of RSA key
Apr 20 02:04:06 aparo pluto[20458]: "/etc/ipsec.secrets" line 4: premature end of RSA key
Apr 20 02:04:06 aparo pluto[20458]: "/etc/ipsec.secrets" line 5: premature end of RSA key
+ _________________________ date
+ date
Thu Apr 20 02:26:31 IST 2006
More information about the Users
mailing list