[Openswan Users] Link seems to be up however no traffic.
Andy Gay
andy at andynet.net
Tue Jul 18 14:16:16 CEST 2006
On Tue, 2006-07-18 at 10:28 -0400, doug.johnson at vifanusa.com wrote:
> Hi gang!
>
> Having a few problems trying to finalize an IPSEC connection between two
> Linux boxes (FC4 & FC5). I could not get a connection established between
> Openswan to Watchguard Firebox so I am backing up and trying Openswan to
> Openswan before I go there. I have two Fedora boxes that have Openswan
> installed on them and am having problems with the setup. The connection
> establishes but I cannot ping an internal IP address on the other network.
You seem to have left and right reversed, in that the config file
comments refer to left as local, but you're using right as local. It'll
work but it's a bit confusing :)
Where are you trying to ping from? If you're pinging from the Openswan
box, you'll have to specify the source address to use, making sure it's
in the range allowed by your tunnel policy. Try ping -I
192.168.50.10 ...
Or, add 'rightsourceip=192.168.50.10' to the config.
I see the other end is 2.6.17 - do you have any iptables rules on there?
Since 2.6.16 you need to add an ACCEPT rule for ipip (protocol 4)
packets in your INPUT chain, if your policy is DROP.
BTW - please don't use *debug=all. It makes huge logs that tell us
nothing useful...
> I guess I expected to see an IPSEC device in ifconfig but I do not see
> one. Doing a traceroute the packets go through the default route to the
> internet and then !H and die. Looking through the BARF (pasted below) I
> see some NULL's in the eroute and think that is not correct. Also the
> whacks seem to concern me but I am not sure what they are. Any help would
> be appreciated.
>
> Here is the setup of the two machines:
> FC4:
> Linux 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386
> GNU/Linux
>
> FC5:
> Linux 2.6.17-1.2145_FC5 #1 Sat Jul 1 13:03:45 EDT 2006 i686 i686 i386
> GNU/Linux
> openswan-2.4.4-1.1.2.1
>
>
> CONFIG FILE:
> ####################################################################
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual: ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
> version 2.0 # conforms to second version of ipsec.conf specification
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # nat_traversal = no
> klipsdebug = all
> plutodebug = all
> conn net-to-net
> authby=secret
> left=68.106.151.150 # Local vitals
> leftsubnet=10.81.0.0/16 #
> leftnexthop=68.108.91.73 # correct in many situations
> right=68.108.91.73 # Remote vitals
> rightsubnet=192.168.50.0/24 #
> rightnexthop=68.106.151.150 # correct in many situations
> auto=add # add but doesn't start this
> # connection at
>
>
>
> include /etc/ipsec.d/*.conf
>
>
>
> ####################################################################
> BARF
> ####################################################################
>
> Unable to find KLIPS messages, typically found in /var/log/messages or
> equivalent. You may need to run Openswan for the first time;
> alternatively, your log files have been emptied (ie, logwatch) or we do
> not understand your logging configuration.
> fc4.pceoffice.com
> Tue Jul 18 08:06:17 EDT 2006
> + _________________________ version
> + ipsec --version
> Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)
> See `ipsec --copyright' for copyright information.
> + _________________________ /proc/version
> + cat /proc/version
> Linux version 2.6.11-1.1369_FC4 (bhcompile at decompose.build.redhat.com)
> (gcc version 4.0.0 20050525 (Red Hat 4.0.0-9)) #1 Thu Jun 2 22:55:56 EDT
> 2005
> + _________________________ /proc/net/ipsec_eroute
> + test -r /proc/net/ipsec_eroute
> + _________________________ netstat-rn
> + netstat -nr
> + head -n 100
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 192.168.50.75 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
> 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 68.108.80.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
> 10.81.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
> 0.0.0.0 68.108.80.1 0.0.0.0 UG 0 0 0 eth0
> + _________________________ /proc/net/ipsec_spi
> + test -r /proc/net/ipsec_spi
> + _________________________ /proc/net/ipsec_spigrp
> + test -r /proc/net/ipsec_spigrp
> + _________________________ /proc/net/ipsec_tncfg
> + test -r /proc/net/ipsec_tncfg
> + _________________________ /proc/net/pfkey
> + test -r /proc/net/pfkey
> + cat /proc/net/pfkey
> sk RefCnt Rmem Wmem User Inode
> + _________________________ setkey-D
> + setkey -D
> 68.108.91.73 68.106.151.150
> esp mode=tunnel spi=2093021935(0x7cc0faef) reqid=16385(0x00004001)
> E: aes-cbc 4a38e993 19cfada0 3d31c493 6df1a5ac
> A: hmac-sha1 fd0973e6 54933da4 bf8a0d44 5aa4ccee 5ada3e4f
> seq=0x00000000 replay=32 flags=0x00000000 state=mature
> created: Jul 18 08:04:53 2006 current: Jul 18 08:06:18 2006
> diff: 85(s) hard: 0(s) soft: 0(s)
> last: hard: 0(s) soft: 0(s)
> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 0 hard: 0 soft: 0
> sadb_seq=1 pid=1450 refcnt=0
> 68.106.151.150 68.108.91.73
> esp mode=tunnel spi=2751907170(0xa406c562) reqid=16385(0x00004001)
> E: aes-cbc da212811 71c62840 1eede8ea 460c852f
> A: hmac-sha1 5ddeb138 9d11abce 76410075 ff2e33ef fa67853e
> seq=0x00000000 replay=32 flags=0x00000000 state=mature
> created: Jul 18 08:04:53 2006 current: Jul 18 08:06:18 2006
> diff: 85(s) hard: 0(s) soft: 0(s)
> last: hard: 0(s) soft: 0(s)
> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 0 hard: 0 soft: 0
> sadb_seq=0 pid=1450 refcnt=0
> + _________________________ setkey-D-P
> + setkey -D -P
> 10.81.0.0/16[any] 192.168.50.0/24[any] any
> in prio high + 1073739472 ipsec
> esp/tunnel/68.106.151.150-68.108.91.73/unique#16385
> created: Jul 18 08:04:53 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10704 seq=16 pid=1451
> refcnt=1
> 192.168.50.0/24[any] 10.81.0.0/16[any] any
> out prio high + 1073739472 ipsec
> esp/tunnel/68.108.91.73-68.106.151.150/unique#16385
> created: Jul 18 08:04:53 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10721 seq=15 pid=1451
> refcnt=1
> 10.81.0.0/16[any] 192.168.50.0/24[any] any
> fwd prio high + 1073739472 ipsec
> esp/tunnel/68.106.151.150-68.108.91.73/unique#16385
> created: Jul 18 08:04:53 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10714 seq=14 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10691 seq=13 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10675 seq=12 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused: Jul 18 08:04:52 2006
> lifetime: 0(s) validtime: 0(s)
> spid=10659 seq=11 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10643 seq=10 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10627 seq=9 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10611 seq=8 pid=1451
> refcnt=1
> (per-socket policy)
> in none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10595 seq=7 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10700 seq=6 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10684 seq=5 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused: Jul 18 08:04:54 2006
> lifetime: 0(s) validtime: 0(s)
> spid=10668 seq=4 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10652 seq=3 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10636 seq=2 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10620 seq=1 pid=1451
> refcnt=1
> (per-socket policy)
> out none
> created: Jul 18 08:04:41 2006 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=10604 seq=0 pid=1451
> refcnt=1
> + _________________________ /proc/sys/net/ipsec-star
> + test -d /proc/sys/net/ipsec
> + _________________________ ipsec/status
> + ipsec auto --status
> 000 interface lo/lo ::1
> 000 interface lo/lo 127.0.0.1
> 000 interface eth0/eth0 68.108.91.73
> 000 interface eth1/eth1 192.168.50.10
> 000 interface eth1:1/eth1:1 192.168.50.20
> 000 interface eth1:2/eth1:2 192.168.50.21
> 000 interface ppp0/ppp0 192.168.50.74
> 000 %myid = (none)
> 000 debug
> raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pf
> key+nattraversal+x509
> 000
> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> keysizemax=64
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> keysizemax=192
> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
> keysizemin=40, keysizemax=448
> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> keysizemax=0
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> keysizemax=256
> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
> 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> keysizemin=256, keysizemax=256
> 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
> keysizemax=0
> 000
> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> keydeflen=192
> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> keydeflen=128
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> 000
> 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> trans={0,0,0} attrs={0,0,0}
> 000
> 000 "net-to-net":
> 192.168.50.0/24===68.108.91.73...68.106.151.150===10.81.0.0/16; erouted;
> eroute owner: #2
> 000 "net-to-net": srcip=unset; dstip=unset; srcup=ipsec _updown;
> dstup=ipsec _updown;
> 000 "net-to-net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "net-to-net": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,24;
> interface: eth0;
> 000 "net-to-net": newest ISAKMP SA: #1; newest IPsec SA: #2;
> 000 "net-to-net": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
> 000
> 000 #2: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 28172s; newest IPSEC; eroute owner
> 000 #2: "net-to-net" esp.7cc0faef at 68.106.151.150 esp.a406c562 at 68.108.91.73
> tun.0 at 68.106.151.150 tun.0 at 68.108.91.73
> 000 #1: "net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 2780s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
> 000
> + _________________________ ifconfig-a
> + ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:04:76:CE:78:BB
> inet addr:68.108.91.73 Bcast:255.255.255.255 Mask:255.255.240.0
> inet6 addr: fe80::204:76ff:fece:78bb/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:10944864 errors:0 dropped:0 overruns:0 frame:0
> TX packets:202857 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:735939253 (701.8 MiB) TX bytes:30258269 (28.8 MiB)
> Interrupt:5 Base address:0x2080
> eth1 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
> inet addr:192.168.50.10 Bcast:192.168.50.255 Mask:255.255.255.0
> inet6 addr: fe80::208:c7ff:feba:2499/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:118467 errors:0 dropped:0 overruns:0 frame:0
> TX packets:109723 errors:0 dropped:0 overruns:0 carrier:0
> collisions:215 txqueuelen:1000
> RX bytes:15679966 (14.9 MiB) TX bytes:46571305 (44.4 MiB)
> eth1:1 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
> inet addr:192.168.50.20 Bcast:192.168.50.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> eth1:2 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
> inet addr:192.168.50.21 Bcast:192.168.50.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:2568 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2568 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3094153 (2.9 MiB) TX bytes:3094153 (2.9 MiB)
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:192.168.50.74 P-t-P:192.168.50.75 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
> RX packets:2456 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1988 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:180346 (176.1 KiB) TX bytes:237750 (232.1 KiB)
> sit0 Link encap:IPv6-in-IPv4
> NOARP MTU:1480 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> + _________________________ ip-addr-list
> + ip addr list
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:04:76:ce:78:bb brd ff:ff:ff:ff:ff:ff
> inet 68.108.91.73/20 brd 255.255.255.255 scope global eth0
> inet6 fe80::204:76ff:fece:78bb/64 scope link
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:08:c7:ba:24:99 brd ff:ff:ff:ff:ff:ff
> inet 192.168.50.10/24 brd 192.168.50.255 scope global eth1
> inet 192.168.50.20/24 brd 192.168.50.255 scope global secondary eth1:1
> inet 192.168.50.21/24 brd 192.168.50.255 scope global secondary eth1:2
> inet6 fe80::208:c7ff:feba:2499/64 scope link
> valid_lft forever preferred_lft forever
> 4: sit0: <NOARP> mtu 1480 qdisc noop
> link/sit 0.0.0.0 brd 0.0.0.0
> 6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1396 qdisc pfifo_fast qlen 3
> link/ppp
> inet 192.168.50.74 peer 192.168.50.75/32 scope global ppp0
> + _________________________ ip-route-list
> + ip route list
> 192.168.50.75 dev ppp0 proto kernel scope link src 192.168.50.74
> 192.168.50.0/24 dev eth1 proto kernel scope link src 192.168.50.10
> 68.108.80.0/20 dev eth0 proto kernel scope link src 68.108.91.73
> 10.81.0.0/16 dev eth0 scope link
> 169.254.0.0/16 dev eth1 scope link
> default via 68.108.80.1 dev eth0
> + _________________________ ip-rule-list
> + ip rule list
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
> + _________________________ ipsec_verify
> + ipsec verify --nocolour
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)
> Checking for IPsec support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Checking for 'setkey' command for NETKEY IPsec stack support [OK]
> Opportunistic Encryption Support [DISABLED]
> + _________________________ mii-tool
> + '[' -x /sbin/mii-tool ']'
> + /sbin/mii-tool -v
> eth0: negotiated 100baseTx-FD, link ok
> product info: vendor 00:00:00, model 0 rev 0
> basic mode: autonegotiation enabled
> basic status: autonegotiation complete, link ok
> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
> eth1: no autonegotiation, 10baseT-HD, link ok
> product info: Intel 82555 rev 0
> basic mode: autonegotiation enabled
> basic status: autonegotiation complete, link ok
> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
> link partner: 10baseT-HD
> + _________________________ ipsec/directory
> + ipsec --directory
> /usr/lib/ipsec
> + _________________________ hostname/fqdn
> + hostname --fqdn
> fc4.pceoffice.com
> + _________________________ hostname/ipaddress
> + hostname --ip-address
> 127.0.0.1
> + _________________________ uptime
> + uptime
> 08:06:21 up 4 days, 14:30, 4 users, load average: 0.80, 0.47, 0.24
> + _________________________ ps
> + ps alxwf
> + egrep -i 'ppid|pluto|ipsec|klips'
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
> 0 0 1329 32269 17 0 4336 1084 wait S+ pts/4 0:00 \_ /bin/sh
> /usr/libexec/ipsec/barf
> 0 0 1509 1329 17 0 1688 508 pipe_w S+ pts/4 0:00 \_ egrep -i
> ppid|pluto|ipsec|klips
> 1 0 1211 1 18 0 2300 1108 wait S pts/3 0:00 /bin/sh
> /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
> --strictcrlpolicy --nat_traversal --keep_alive --protostack auto
> --force_keepalive --disable_port_floating --virtual_private
> --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
> no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
> 1 0 1212 1211 18 0 2300 1116 wait S pts/3 0:00 \_ /bin/sh
> /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
> --strictcrlpolicy --nat_traversal --keep_alive --protostack auto
> --force_keepalive --disable_port_floating --virtual_private
> --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
> no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
> 4 0 1213 1212 16 0 2656 1388 - S pts/3 0:00 | \_ /usr/libexec/ipsec/pluto
> --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
> --debug-all --use-auto --uniqueids
> 1 0 1219 1213 26 10 2596 972 - SN pts/3 0:00 | \_ pluto helper # 0
> 0 0 1250 1213 16 0 1488 296 - S pts/3 0:00 | \_ _pluto_adns -d
> 0 0 1214 1211 15 0 2300 1088 pipe_w S pts/3 0:00 \_ /bin/sh
> /usr/lib/ipsec/_plutoload --wait no --post
> 0 0 1215 1 18 0 1552 380 pipe_w S pts/3 0:00 logger -s -p daemon.error -t
> ipsec__plutorun
> + _________________________ ipsec/showdefaults
> + ipsec showdefaults
> routephys=eth0
> routevirt=ipsec0
> routeaddr=68.108.91.73
> routenexthop=68.108.80.1
> + _________________________ ipsec/conf
> + ipsec _include /etc/ipsec.conf
> + ipsec _keycensor
> #< /etc/ipsec.conf 1
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual: ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
> version 2.0 # conforms to second version of ipsec.conf specification
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # nat_traversal = no
> # interfaces = ipsec0=eth0
> klipsdebug = all
> plutodebug = all
> conn net-to-net
> authby=secret
> left=68.106.151.150 # Local vitals
> leftsubnet=10.81.0.0/16 #
> leftnexthop=68.108.91.73 # correct in many situations
> right=68.108.91.73 # Remote vitals
> rightsubnet=192.168.50.0/24 #
> rightnexthop=68.106.151.150 # correct in many situations
> auto=add # add but doesn't start this
> # connection at
>
>
>
>
> #< /etc/ipsec.d/no_oe.conf 1
> # 'include' this file to disable Opportunistic Encryption.
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
> conn block
> auto=ignore
> conn private
> auto=ignore
> conn private-or-clear
> auto=ignore
> conn clear-or-private
> auto=ignore
> conn clear
> auto=ignore
> conn packetdefault
> auto=ignore
> #> /etc/ipsec.conf 34
> + _________________________ ipsec/secrets
> + ipsec _secretcensor
> + ipsec _include /etc/ipsec.secrets
> #< /etc/ipsec.secrets 1
> 68.108.91.73 68.106.151.150: PSK "[sums to cc8f...]"
> #< /etc/ipsec.d/hostkey.secrets 1
> : RSA {
> # RSA 2192 bits fc4.pceoffice.com Sun Jul 16 14:26:21 2006
> # for signatures only, UNSAFE FOR ENCRYPTION
> #pubkey=[keyid AQOv+JdPg]
> Modulus: [...]
> PublicExponent: [...]
> # everything after this point is secret
> PrivateExponent: [...]
> Prime1: [...]
> Prime2: [...]
> Exponent1: [...]
> Exponent2: [...]
> Coefficient: [...]
> }
> # do not change the indenting of that "[sums to 7d9d...]"
> #> /etc/ipsec.secrets 4
> + _________________________ ipsec/listall
> + ipsec auto --listall
> 000
> 000 List of Public Keys:
> 000
> + '[' /etc/ipsec.d/policies ']'
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/block
> + base=block
> + _________________________ ipsec/policies/block
> + cat /etc/ipsec.d/policies/block
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should never be allowed.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/clear
> + base=clear
> + _________________________ ipsec/policies/clear
> + cat /etc/ipsec.d/policies/clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/clear-or-private
> + base=clear-or-private
> + _________________________ ipsec/policies/clear-or-private
> + cat /etc/ipsec.d/policies/clear-or-private
> # This file defines the set of CIDRs (network/mask-length) to which
> # we will communicate in the clear, or, if the other side initiates IPSEC,
> # using encryption. This behaviour is also called "Opportunistic
> Responder".
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private
> + base=private
> + _________________________ ipsec/policies/private
> + cat /etc/ipsec.d/policies/private
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be private (i.e. encrypted).
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private-or-clear
> + base=private-or-clear
> + _________________________ ipsec/policies/private-or-clear
> + cat /etc/ipsec.d/policies/private-or-clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should be private, if possible, but in the clear
> otherwise.
> #
> # If the target has a TXT (later IPSECKEY) record that specifies
> # authentication material, we will require private (i.e. encrypted)
> # communications. If no such record is found, communications will be
> # in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
> #
> 0.0.0.0/0
> + _________________________ ipsec/ls-libdir
> + ls -l /usr/lib/ipsec
> total 164
> -rwxr-xr-x 1 root root 15535 Nov 21 2005 _confread
> -rwxr-xr-x 1 root root 14320 Nov 21 2005 _copyright
> -rwxr-xr-x 1 root root 2379 Nov 21 2005 _include
> -rwxr-xr-x 1 root root 1475 Nov 21 2005 _keycensor
> -rwxr-xr-x 1 root root 3586 Nov 21 2005 _plutoload
> -rwxr-xr-x 1 root root 7431 Nov 21 2005 _plutorun
> -rwxr-xr-x 1 root root 12275 Nov 21 2005 _realsetup
> -rwxr-xr-x 1 root root 1975 Nov 21 2005 _secretcensor
> -rwxr-xr-x 1 root root 9778 Nov 21 2005 _startklips
> -rwxr-xr-x 1 root root 13417 Nov 21 2005 _updown
> -rwxr-xr-x 1 root root 15746 Nov 21 2005 _updown_x509
> -rwxr-xr-x 1 root root 1942 Nov 21 2005 ipsec_pr.template
> + _________________________ ipsec/ls-execdir
> + ls -l /usr/libexec/ipsec
> total 3260
> -rwxr-xr-x 1 root root 27595 Nov 21 2005 _pluto_adns
> -rwxr-xr-x 1 root root 19081 Nov 21 2005 auto
> -rwxr-xr-x 1 root root 10584 Nov 21 2005 barf
> -rwxr-xr-x 1 root root 816 Nov 21 2005 calcgoo
> -rwxr-xr-x 1 root root 192608 Nov 21 2005 eroute
> -rwxr-xr-x 1 root root 59461 Nov 21 2005 ikeping
> -rwxr-xr-x 1 root root 127465 Nov 21 2005 klipsdebug
> -rwxr-xr-x 1 root root 1836 Nov 21 2005 livetest
> -rwxr-xr-x 1 root root 2605 Nov 21 2005 look
> -rwxr-xr-x 1 root root 7153 Nov 21 2005 mailkey
> -rwxr-xr-x 1 root root 15996 Nov 21 2005 manual
> -rwxr-xr-x 1 root root 1926 Nov 21 2005 newhostkey
> -rwxr-xr-x 1 root root 112598 Nov 21 2005 pf_key
> -rwxr-xr-x 1 root root 1830953 Nov 21 2005 pluto
> -rwxr-xr-x 1 root root 24296 Nov 21 2005 ranbits
> -rwxr-xr-x 1 root root 47920 Nov 21 2005 rsasigkey
> -rwxr-xr-x 1 root root 766 Nov 21 2005 secrets
> -rwxr-xr-x 1 root root 17636 Nov 21 2005 send-pr
> lrwxrwxrwx 1 root root 22 Jul 16 14:26 setup -> /etc/rc.d/init.d/ipsec
> -rwxr-xr-x 1 root root 1054 Nov 21 2005 showdefaults
> -rwxr-xr-x 1 root root 4748 Nov 21 2005 showhostkey
> -rwxr-xr-x 1 root root 311070 Nov 21 2005 spi
> -rwxr-xr-x 1 root root 157995 Nov 21 2005 spigrp
> -rwxr-xr-x 1 root root 25354 Nov 21 2005 tncfg
> -rwxr-xr-x 1 root root 10607 Nov 21 2005 verify
> -rwxr-xr-x 1 root root 131328 Nov 21 2005 whack
> + _________________________ ipsec/updowns
> ++ ls /usr/libexec/ipsec
> ++ egrep updown
> + _________________________ /proc/net/dev
> + cat /proc/net/dev
> Inter-| Receive | Transmit
> face |bytes packets errs drop fifo frame compressed multicast|bytes
> packets errs drop fifo colls carrier compressed
> lo: 3094153 2568 0 0 0 0 0 0 3094153 2568 0 0 0 0 0 0
> eth0:735953953 10945062 0 0 0 0 0 0 30300725 203013 0 0 0 0 0 0
> eth1:15679966 118467 0 0 0 0 0 0 46571305 109723 0 0 0 215 0 0
> sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
> ppp0: 183610 2528 0 0 0 0 0 0 271158 2130 0 0 0 0 0 0
> + _________________________ /proc/net/route
> + cat /proc/net/route
> Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
> ppp0 4B32A8C0 00000000 0005 0 0 0 FFFFFFFF 0 0 0
> eth1 0032A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
> eth0 00507644 00000000 0001 0 0 0 00F0FFFF 0 0 0
> eth0 0000510A 00000000 0001 0 0 0 0000FFFF 0 0 0
> eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
> eth0 00000000 01507644 0003 0 0 0 00000000 0 0 0
> + _________________________ /proc/sys/net/ipv4/ip_forward
> + cat /proc/sys/net/ipv4/ip_forward
> 1
> + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
> lo/rp_filter ppp0/rp_filter
> all/rp_filter:0
> default/rp_filter:1
> eth0/rp_filter:0
> eth1/rp_filter:0
> lo/rp_filter:0
> ppp0/rp_filter:1
> + _________________________ uname-a
> + uname -a
> Linux fc4.pceoffice.com 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005
> i686 i686 i386 GNU/Linux
> + _________________________ config-built-with
> + test -r /proc/config_built_with
> + _________________________ redhat-release
> + test -r /etc/redhat-release
> + cat /etc/redhat-release
> Fedora Core release 4 (Stentz)
> + _________________________ /proc/net/ipsec_version
> + test -r /proc/net/ipsec_version
> + test -r /proc/net/pfkey
> ++ uname -r
> + echo 'NETKEY (2.6.11-1.1369_FC4) support detected '
> NETKEY (2.6.11-1.1369_FC4) support detected
> + _________________________ ipfwadm
> + test -r /sbin/ipfwadm
> + 'no old-style linux 1.x/2.0 ipfwadm firewall support'
> /usr/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm
> firewall support: No such file or directory
> + _________________________ ipchains
> + test -r /sbin/ipchains
> + echo 'no old-style linux 2.0 ipchains firewall support'
> no old-style linux 2.0 ipchains firewall support
> + _________________________ iptables
> + test -r /sbin/iptables
> + iptables -L -v -n
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 334 25272 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- eth1 * 192.168.50.171 0.0.0.0/0
> 290 20088 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> Chain INPUT (policy DROP 9663 packets, 3570K bytes)
> pkts bytes target prot opt in out source destination
> 54 211K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
> 317 41886 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
> 48 3538 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT all -- eth1 * 192.168.50.0/24 0.0.0.0/0
> 123 17784 ACCEPT all -- eth0 * 68.106.151.150 0.0.0.0/0
> 4750 417K ACCEPT 47 -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 106 5444 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
> 3348 243K ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
> 14088 4046K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED
> 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
> 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
> 0 0 ACCEPT esp -- eth0 * 0.0.0.0/0 0.0.0.0/0
> 0 0 ACCEPT ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
> Chain OUTPUT (policy ACCEPT 23467 packets, 3218K bytes)
> pkts bytes target prot opt in out source destination
> + _________________________ iptables-nat
> + iptables -t nat -L -v -n
> Chain OUTPUT (policy ACCEPT 4870 packets, 354K bytes)
> pkts bytes target prot opt in out source destination
> Chain POSTROUTING (policy ACCEPT 1736 packets, 107K bytes)
> pkts bytes target prot opt in out source destination
> Chain PREROUTING (policy ACCEPT 87880 packets, 30M bytes)
> pkts bytes target prot opt in out source destination
> + _________________________ iptables-mangle
> + iptables -t mangle -L -v -n
> Chain FORWARD (policy ACCEPT 111K packets, 23M bytes)
> pkts bytes target prot opt in out source destination
> Chain INPUT (policy ACCEPT 178K packets, 33M bytes)
> pkts bytes target prot opt in out source destination
> Chain OUTPUT (policy ACCEPT 159K packets, 25M bytes)
> pkts bytes target prot opt in out source destination
> Chain POSTROUTING (policy ACCEPT 269K packets, 48M bytes)
> pkts bytes target prot opt in out source destination
> Chain PREROUTING (policy ACCEPT 288K packets, 56M bytes)
> pkts bytes target prot opt in out source destination
> + _________________________ /proc/modules
> + test -f /proc/modules
> + cat /proc/modules
> xfrm4_tunnel 3909 0 - Live 0xd085a000
> af_key 33489 0 - Live 0xd0a85000
> ppp_mppe 15232 2 - Live 0xd0a61000
> ppp_async 12865 1 - Live 0xd0a4c000
> crc_ccitt 2113 1 ppp_async, Live 0xd0a15000
> ppp_generic 39572 6 ppp_mppe,ppp_async, Live 0xd0a6f000
> slhc 7105 1 ppp_generic, Live 0xd0a20000
> iptable_mangle 2753 0 - Live 0xd0a13000
> deflate 3905 0 - Live 0xd099f000
> zlib_deflate 22745 1 deflate, Live 0xd0a45000
> twofish 44097 0 - Live 0xd0a55000
> serpent 21953 0 - Live 0xd0a3e000
> blowfish 9153 0 - Live 0xd0a33000
> sha256 10561 0 - Live 0xd0a2f000
> crypto_null 2241 0 - Live 0xd0a1e000
> aes_i586 38081 2 - Live 0xd0a24000
> des 11713 0 - Live 0xd0a06000
> ipcomp 7881 0 - Live 0xd0a1b000
> esp4 8001 2 - Live 0xd0a0d000
> ah4 6209 0 - Live 0xd0a0a000
> ipt_MASQUERADE 3265 0 - Live 0xd09a1000
> ipt_state 1857 2 - Live 0xd09c6000
> iptable_filter 2881 1 - Live 0xd099d000
> ip_nat_ftp 3393 0 - Live 0xd0816000
> iptable_nat 21917 2 ipt_MASQUERADE,ip_nat_ftp, Live 0xd09b2000
> ip_tables 19521 5
> iptable_mangle,ipt_MASQUERADE,ipt_state,iptable_filter,iptable_nat, Live
> 0xd09ac000
> ip_conntrack_ftp 73297 1 ip_nat_ftp, Live 0xd09f3000
> ip_conntrack 41497 5
> ipt_MASQUERADE,ipt_state,ip_nat_ftp,iptable_nat,ip_conntrack_ftp, Live
> 0xd09ba000
> parport_pc 28933 1 - Live 0xd09a3000
> lp 13001 0 - Live 0xd0950000
> parport 40585 2 parport_pc,lp, Live 0xd08f0000
> autofs4 29253 2 - Live 0xd0947000
> sunrpc 167813 1 - Live 0xd09c9000
> md5 4033 1 - Live 0xd0842000
> ipv6 268097 20 - Live 0xd0955000
> uhci_hcd 35152 0 - Live 0xd08fc000
> i2c_piix4 8657 0 - Live 0xd0854000
> i2c_core 21569 1 i2c_piix4, Live 0xd085c000
> e100 47297 0 - Live 0xd08e3000
> 3c59x 45033 0 - Live 0xd0864000
> mii 5441 2 e100,3c59x, Live 0xd081d000
> floppy 65269 0 - Live 0xd08d2000
> dm_snapshot 17413 0 - Live 0xd0839000
> dm_zero 2113 0 - Live 0xd0814000
> dm_mirror 26029 0 - Live 0xd0831000
> ext3 132553 2 - Live 0xd08b0000
> jbd 86233 1 ext3, Live 0xd0871000
> dm_mod 58101 6 dm_snapshot,dm_zero,dm_mirror, Live 0xd0844000
> + _________________________ /proc/meminfo
> + cat /proc/meminfo
> MemTotal: 255684 kB
> MemFree: 33808 kB
> Buffers: 1004 kB
> Cached: 91260 kB
> SwapCached: 0 kB
> Active: 176924 kB
> Inactive: 14664 kB
> HighTotal: 0 kB
> HighFree: 0 kB
> LowTotal: 255684 kB
> LowFree: 33808 kB
> SwapTotal: 524280 kB
> SwapFree: 523460 kB
> Dirty: 256 kB
> Writeback: 0 kB
> Mapped: 136832 kB
> Slab: 22320 kB
> CommitLimit: 652120 kB
> Committed_AS: 368296 kB
> PageTables: 3636 kB
> VmallocTotal: 770040 kB
> VmallocUsed: 2576 kB
> VmallocChunk: 764228 kB
> HugePages_Total: 0
> HugePages_Free: 0
> Hugepagesize: 4096 kB
> + _________________________ /proc/net/ipsec-ls
> + test -f /proc/net/ipsec_version
> + _________________________ usr/src/linux/.config
> + test -f /proc/config.gz
> ++ uname -r
> + test -f /lib/modules/2.6.11-1.1369_FC4/build/.config
> ++ uname -r
> + cat /lib/modules/2.6.11-1.1369_FC4/build/.config
> + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
> CONFIG_NET_KEY=m
> CONFIG_INET=y
> CONFIG_IP_MULTICAST=y
> CONFIG_IP_ADVANCED_ROUTER=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_FWMARK=y
> CONFIG_IP_ROUTE_MULTIPATH=y
> CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
> CONFIG_IP_ROUTE_MULTIPATH_RR=m
> CONFIG_IP_ROUTE_MULTIPATH_RANDOM=m
> CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=m
> CONFIG_IP_ROUTE_MULTIPATH_DRR=m
> CONFIG_IP_ROUTE_VERBOSE=y
> # CONFIG_IP_PNP is not set
> CONFIG_IP_MROUTE=y
> CONFIG_IP_PIMSM_V1=y
> CONFIG_IP_PIMSM_V2=y
> CONFIG_INET_AH=m
> CONFIG_INET_ESP=m
> CONFIG_INET_IPCOMP=m
> CONFIG_INET_TUNNEL=m
> CONFIG_IP_TCPDIAG=m
> CONFIG_IP_TCPDIAG_IPV6=y
> CONFIG_IP_VS=m
> # CONFIG_IP_VS_DEBUG is not set
> CONFIG_IP_VS_TAB_BITS=12
> CONFIG_IP_VS_PROTO_TCP=y
> CONFIG_IP_VS_PROTO_UDP=y
> CONFIG_IP_VS_PROTO_ESP=y
> CONFIG_IP_VS_PROTO_AH=y
> CONFIG_IP_VS_RR=m
> CONFIG_IP_VS_WRR=m
> CONFIG_IP_VS_LC=m
> CONFIG_IP_VS_WLC=m
> CONFIG_IP_VS_LBLC=m
> CONFIG_IP_VS_LBLCR=m
> CONFIG_IP_VS_DH=m
> CONFIG_IP_VS_SH=m
> CONFIG_IP_VS_SED=m
> CONFIG_IP_VS_NQ=m
> CONFIG_IP_VS_FTP=m
> CONFIG_IPV6=m
> CONFIG_IPV6_PRIVACY=y
> CONFIG_INET6_AH=m
> CONFIG_INET6_ESP=m
> CONFIG_INET6_IPCOMP=m
> CONFIG_INET6_TUNNEL=m
> CONFIG_IPV6_TUNNEL=m
> CONFIG_IP_NF_CONNTRACK=m
> CONFIG_IP_NF_CT_ACCT=y
> CONFIG_IP_NF_CONNTRACK_MARK=y
> CONFIG_IP_NF_CT_PROTO_SCTP=m
> CONFIG_IP_NF_FTP=m
> CONFIG_IP_NF_IRC=m
> CONFIG_IP_NF_TFTP=m
> CONFIG_IP_NF_AMANDA=m
> CONFIG_IP_NF_QUEUE=m
> CONFIG_IP_NF_IPTABLES=m
> CONFIG_IP_NF_MATCH_LIMIT=m
> CONFIG_IP_NF_MATCH_IPRANGE=m
> CONFIG_IP_NF_MATCH_MAC=m
> CONFIG_IP_NF_MATCH_PKTTYPE=m
> CONFIG_IP_NF_MATCH_MARK=m
> CONFIG_IP_NF_MATCH_MULTIPORT=m
> CONFIG_IP_NF_MATCH_TOS=m
> CONFIG_IP_NF_MATCH_RECENT=m
> CONFIG_IP_NF_MATCH_ECN=m
> CONFIG_IP_NF_MATCH_DSCP=m
> CONFIG_IP_NF_MATCH_AH_ESP=m
> CONFIG_IP_NF_MATCH_LENGTH=m
> CONFIG_IP_NF_MATCH_TTL=m
> CONFIG_IP_NF_MATCH_TCPMSS=m
> CONFIG_IP_NF_MATCH_HELPER=m
> CONFIG_IP_NF_MATCH_STATE=m
> CONFIG_IP_NF_MATCH_CONNTRACK=m
> CONFIG_IP_NF_MATCH_OWNER=m
> CONFIG_IP_NF_MATCH_PHYSDEV=m
> CONFIG_IP_NF_MATCH_ADDRTYPE=m
> CONFIG_IP_NF_MATCH_REALM=m
> CONFIG_IP_NF_MATCH_SCTP=m
> CONFIG_IP_NF_MATCH_COMMENT=m
> CONFIG_IP_NF_MATCH_CONNMARK=m
> CONFIG_IP_NF_MATCH_HASHLIMIT=m
> CONFIG_IP_NF_FILTER=m
> CONFIG_IP_NF_TARGET_REJECT=m
> CONFIG_IP_NF_TARGET_LOG=m
> CONFIG_IP_NF_TARGET_ULOG=m
> CONFIG_IP_NF_TARGET_TCPMSS=m
> CONFIG_IP_NF_NAT=m
> CONFIG_IP_NF_NAT_NEEDED=y
> CONFIG_IP_NF_TARGET_MASQUERADE=m
> CONFIG_IP_NF_TARGET_REDIRECT=m
> CONFIG_IP_NF_TARGET_NETMAP=m
> CONFIG_IP_NF_TARGET_SAME=m
> CONFIG_IP_NF_NAT_SNMP_BASIC=m
> CONFIG_IP_NF_NAT_IRC=m
> CONFIG_IP_NF_NAT_FTP=m
> CONFIG_IP_NF_NAT_TFTP=m
> CONFIG_IP_NF_NAT_AMANDA=m
> CONFIG_IP_NF_MANGLE=m
> CONFIG_IP_NF_TARGET_TOS=m
> CONFIG_IP_NF_TARGET_ECN=m
> CONFIG_IP_NF_TARGET_DSCP=m
> CONFIG_IP_NF_TARGET_MARK=m
> CONFIG_IP_NF_TARGET_CLASSIFY=m
> CONFIG_IP_NF_TARGET_CONNMARK=m
> CONFIG_IP_NF_TARGET_CLUSTERIP=m
> CONFIG_IP_NF_RAW=m
> CONFIG_IP_NF_TARGET_NOTRACK=m
> CONFIG_IP_NF_ARPTABLES=m
> CONFIG_IP_NF_ARPFILTER=m
> CONFIG_IP_NF_ARP_MANGLE=m
> # CONFIG_IP6_NF_QUEUE is not set
> CONFIG_IP6_NF_IPTABLES=m
> CONFIG_IP6_NF_MATCH_LIMIT=m
> CONFIG_IP6_NF_MATCH_MAC=m
> CONFIG_IP6_NF_MATCH_RT=m
> CONFIG_IP6_NF_MATCH_OPTS=m
> CONFIG_IP6_NF_MATCH_FRAG=m
> CONFIG_IP6_NF_MATCH_HL=m
> CONFIG_IP6_NF_MATCH_MULTIPORT=m
> CONFIG_IP6_NF_MATCH_OWNER=m
> CONFIG_IP6_NF_MATCH_MARK=m
> CONFIG_IP6_NF_MATCH_IPV6HEADER=m
> CONFIG_IP6_NF_MATCH_AHESP=m
> CONFIG_IP6_NF_MATCH_LENGTH=m
> CONFIG_IP6_NF_MATCH_EUI64=m
> CONFIG_IP6_NF_MATCH_PHYSDEV=m
> CONFIG_IP6_NF_FILTER=m
> CONFIG_IP6_NF_TARGET_LOG=m
> CONFIG_IP6_NF_MANGLE=m
> CONFIG_IP6_NF_TARGET_MARK=m
> CONFIG_IP6_NF_RAW=m
> CONFIG_IP_SCTP=m
> CONFIG_IPX=m
> # CONFIG_IPX_INTERN is not set
> CONFIG_IPDDP=m
> CONFIG_IPDDP_ENCAP=y
> CONFIG_IPDDP_DECAP=y
> CONFIG_IPW2100=m
> # CONFIG_IPW_DEBUG is not set
> CONFIG_IPW2100_PROMISC=y
> # CONFIG_IPW2100_LEGACY_FW_LOAD is not set
> CONFIG_IPW2200=m
> CONFIG_IPPP_FILTER=y
> CONFIG_IPMI_HANDLER=m
> # CONFIG_IPMI_PANIC_EVENT is not set
> CONFIG_IPMI_DEVICE_INTERFACE=m
> CONFIG_IPMI_SI=m
> CONFIG_IPMI_WATCHDOG=m
> CONFIG_IPMI_POWEROFF=m
> + _________________________ etc/syslog.conf
> + cat /etc/syslog.conf
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
> # Log all the mail messages in one place.
> mail.* -/var/log/maillog
> # Log cron stuff
> cron.* /var/log/cron
> # Everybody gets emergency messages
> *.emerg *
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
> # Save boot messages also to boot.log
> local7.* /var/log/boot.log
> #
> # INN
> #
> news.=crit /var/log/news/news.crit
> news.=err /var/log/news/news.err
> news.notice /var/log/news/news.notice
> + _________________________ etc/resolv.conf
> + cat /etc/resolv.conf
> ; generated by /sbin/dhclient-script
> nameserver 24.158.96.130
> nameserver 24.158.96.131
> + _________________________ lib/modules-ls
> + ls -ltr /lib/modules
> total 8
> drwxr-xr-x 3 root root 4096 Feb 7 17:14 2.6.11-1.1369_FC4
> + _________________________ /proc/ksyms-netif_rx
> + test -r /proc/ksyms
> + test -r /proc/kallsyms
> + egrep netif_rx /proc/kallsyms
> c0308815 T netif_rx
> c03089ba T netif_rx_ni
> c0308815 U netif_rx [ppp_generic]
> c0308815 U netif_rx [ipv6]
> c0308815 U netif_rx [3c59x]
> + _________________________ lib/modules-netif_rx
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> + set +x
> 2.6.11-1.1369_FC4:
> + _________________________ kern.debug
> + test -f /var/log/kern.debug
> + _________________________ klog
> + sed -n '1,$p' /dev/null
> + egrep -i 'ipsec|klips|pluto'
> + case "$1" in
> + cat
> + _________________________ plog
> + sed -n '351566,$p' /var/log/secure
> + egrep -i pluto
> + case "$1" in
More information about the Users
mailing list