[Openswan Users] I: Road warrior test on lan
Fabio
fabio.marcone at duet.it
Fri Mar 10 13:58:05 CET 2006
Hi!
On Friday 10 March 2006 13:22, Federico wrote:
> Hello,
>
> I need some help,
>
> I,m trying to set up a Openswan VPN 2.2.0-kernel2.4.27 inside my LAN, as
> test for the future remote-office client.
>
> Tunnel seems to start correctly but when I try to ping a host behind the gw
> it doesn't work:
>
> Using tcpdump I noticed that pinging for ex 10.6.100.200(a host behind gw)
> a icmp request was sent to the gw and ESP pachet as well.
It is right and correct, if you want to see only esp packet you have to sniff
traffic on tunnel, not on endpoint ethernet interfaces.
Fabio
>
> To avoid first to be routed through the gw I use the following iptables
> rule
>
> Iptables -A FORWARD - p icmp -s 10.6.3.128/25 --icmp-type 8 -j DROP
>
> (this is why at beginning I thought the tunnel was ok: I can ping it but
> just 'cause the icmp packet was forwarded to the host..... But using
> tcpdump..)
>
>
>
> As I stated before the connection start correctly:
>
> multibel1:~# ipsec auto --up road
>
> 104 "road" #1: STATE_MAIN_I1: initiate
>
> 106 "road" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>
> 108 "road" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>
> 004 "road" #1: STATE_MAIN_I4: ISAKMP SA established
>
> 112 "road" #2: STATE_QUICK_I1: initiate
>
> 004 "road" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
> {ESP=>0x81805bcf <0x1011f522}
>
>
>
> Using tcpdump I discovered that as I stated above pinging an internal
> network gw host 10.6.100.200 ESP packets reach the gw (I can see them using
> tcpdump -I eth0) but nothing is put out from eth1.
>
> Someone can help me? I try to read every forum I found end every
> troubleshooting but.. I didn't manage to resolve..
>
> Thank you very much in advance.
>
> FV
>
>
>
>
>
>
>
>
>
> My network looks like this:
>
>
>
> LAN(simulate the internet)
>
> network address= 10.6.3.128/25
>
>
>
> ROAD WARRIOR
>
> Road warrior static ip= 10.6.3.132
>
>
>
> VPN/Gateway
>
> Gw ip =10.6.3.133
>
> Test Network behind gw= 10.6.100.0/24
>
> (no NAT and no firewall except the rule above)
>
>
>
>
>
>
>
> I use the following ipsec.conf files
>
>
>
>
>
> multilinus:/etc# more ipsec.conf
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
>
> # RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
>
>
>
> # This file: /usr/share/doc/openswan/ipsec.conf-sample
>
> #
>
> # Manual: ipsec.conf.5
>
>
>
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
>
>
> # basic configuration
>
> config setup
>
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
>
> # klipsdebug=none
>
> plutodebug=all #"control parsing"
>
> #plutostderrlog=
>
>
>
> # Add connections here
>
>
>
> # road-warrior VPN connection
>
> conn road
>
> # Left security gateway, subnet behind it, next hop toward right.
>
> left=10.6.3.133
>
> leftid=@multilinus.multibel.it
>
> leftsubnet=10.6.100.0/24
>
> leftrsasigkey=0sAQN74Z87R.....
>
> # Right road-warrior
>
> rightnexthop=%direct
>
> right=%any
>
> rightid=@multibel1.multibel.it
>
> rightrsasigkey=0sAQO9mjE.....
>
> # To authorize this connection, but not actually start it, at
> startup,
>
> # uncomment this.
>
> auto=add
>
>
>
> #Disable Opportunistic Encryption
>
> include /etc/ipsec.d/examples/no_oe.conf
>
> ---------------------------------------------------------------------------
>- -------------------------------
>
> ---------------------------------------------------------------------------
>- -------------------------------
>
> multibel1:/etc# more ipsec.conf
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
>
> # RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
>
>
>
> # This file: /usr/share/doc/openswan/ipsec.conf-sample
>
> #
>
> # Manual: ipsec.conf.5
>
>
>
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
>
>
> # basic configuration
>
> config setup
>
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
>
> # klipsdebug=none
>
> # plutodebug="control parsing"
>
>
>
> # Add connections here
>
>
>
> # road-warrior connection
>
> conn road
>
> left=10.6.3.132
>
> leftnexthop=10.6.3.133
>
> leftid=@multibel1.multibel.it
>
> leftrsasigkey=0sAQO9mjElL.......
>
> right=10.6.3.133
>
> rightsubnet=10.6.100.0/24
>
> rightid=@multilinus.multibel.it
>
> rightrsasigkey=0sAQN74Z87R....
>
> auto=add
>
>
>
> #Disable Opportunistic Encryption
>
> include /etc/ipsec.d/examples/no_oe.conf
>
>
>
>
>
> ipsec -barf
>
> multilinus
>
> Thu Mar 9 12:01:43 CET 2006
>
> + _________________________ version
>
> + ipsec --version
>
> Linux Openswan U2.2.0/K2.4.27-2-386 (native)
>
> See `ipsec --copyright' for copyright information.
>
> + _________________________ proc/version
>
> + cat /proc/version
>
> Linux version 2.4.27-2-386 (horms at tabatha.lab.ultramonkey.org) (gcc version
> 3.3.5 (Debian 1:3.3.5-12)) #1 Mon May 16 16:47:51 JST 2005
>
> + _________________________ proc/net/ipsec_eroute
>
> + test -r /proc/net/ipsec_eroute
>
> + _________________________ netstat-rn
>
> + netstat -nr
>
> Kernel IP routing table
>
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
>
> 10.6.3.132 10.6.3.132 255.255.255.255 UGH 0 0 0
> eth0
>
> 10.6.3.128 0.0.0.0 255.255.255.128 U 0 0 0
> eth0
>
> 10.6.100.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
>
> 0.0.0.0 10.6.3.129 0.0.0.0 UG 0 0 0
> eth0
>
> + _________________________ proc/net/ipsec_spi
>
> + test -r proc/net/ipsec_spi
>
> + _________________________ proc/net/ipsec_spigrp
>
> + test -r /proc/net/ipsec_spigrp
>
> + _________________________ proc/net/ipsec_tncfg
>
> + test -r /proc/net/ipsec_tncfg
>
> + _________________________ proc/net/pfkey
>
> + test -r /proc/net/pfkey
>
> + cat /proc/net/pfkey
>
> sk RefCnt Rmem Wmem User Inode
>
> + _________________________ setkey-D
>
> + setkey -D
>
> 10.6.3.133 10.6.3.132
>
> esp mode=tunnel spi=2680898582(0x9fcb4416)
> reqid=16389(0x00004005)
>
> E: 3des-cbc 3d97830a e6366157 134af78c 8ba84c9b 7cadeaef
> 554fdd77
>
> A: hmac-md5 0a413dd2 c5ccc1c9 c0923a5d 8b2b865f
>
> seq=0x00000000 replay=64 flags=0x00000000 state=mature
>
> created: Mar 9 11:13:17 2006 current: Mar 9 12:01:43 2006
>
> diff: 2906(s) hard: 0(s) soft: 0(s)
>
> last: Mar 9 11:14:55 2006 hard: 0(s) soft:
> 0(s)
>
> current: 336(bytes) hard: 0(bytes) soft: 0(bytes)
>
> allocated: 3 hard: 0 soft: 0
>
> sadb_seq=1 pid=5890 refcnt=0
>
> 10.6.3.132 10.6.3.133
>
> esp mode=tunnel spi=2125545048(0x7eb13e58)
> reqid=16389(0x00004005)
>
> E: 3des-cbc 4f76151f d6f87375 a2c97a81 71361aee 8f9d562c
> d7836869
>
> A: hmac-md5 2bc1e637 287bb07d c60c6765 84436f55
>
> seq=0x00000000 replay=64 flags=0x00000000 state=mature
>
> created: Mar 9 11:13:16 2006 current: Mar 9 12:01:43 2006
>
> diff: 2907(s) hard: 0(s) soft: 0(s)
>
> last: Mar 9 11:13:17 2006 hard: 0(s) soft:
> 0(s)
>
> current: 244368(bytes) hard: 0(bytes) soft: 0(bytes)
>
> allocated: 2910 hard: 0 soft: 0
>
> sadb_seq=0 pid=5890 refcnt=0
>
> + _________________________ setkey-D-P
>
> + setkey -D -P
>
> 10.6.3.132[any] 10.6.100.0/24[any] any
>
> in ipsec
>
> esp/tunnel/10.6.3.132-10.6.3.133/unique#16389
>
> created: Mar 9 11:13:16 2006 lastused:
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=312 seq=8 pid=5891
>
> refcnt=1
>
> 10.6.100.0/24[any] 10.6.3.132[any] any
>
> out ipsec
>
> esp/tunnel/10.6.3.133-10.6.3.132/unique#16389
>
> created: Mar 9 11:13:17 2006 lastused: Mar 9 11:14:57 2006
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=329 seq=7 pid=5891
>
> refcnt=1
>
> 10.6.3.132[any] 10.6.100.0/24[any] any
>
> fwd ipsec
>
> esp/tunnel/10.6.3.132-10.6.3.133/unique#16389
>
> created: Mar 9 11:13:16 2006 lastused: Mar 9 12:01:43 2006
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=322 seq=6 pid=5891
>
> refcnt=2
>
> (per-socket policy)
>
> in none
>
> created: Mar 9 11:13:07 2006 lastused:
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=299 seq=5 pid=5891
>
> refcnt=1
>
> (per-socket policy)
>
> in none
>
> created: Mar 9 11:13:07 2006 lastused: Mar 9 11:58:26 2006
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=283 seq=4 pid=5891
>
> refcnt=1
>
> (per-socket policy)
>
> in none
>
> created: Mar 9 11:13:07 2006 lastused:
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=267 seq=3 pid=5891
>
> refcnt=1
>
> (per-socket policy)
>
> out none
>
> created: Mar 9 11:13:07 2006 lastused:
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=308 seq=2 pid=5891
>
> refcnt=1
>
> (per-socket policy)
>
> out none
>
> created: Mar 9 11:13:07 2006 lastused: Mar 9 11:58:26 2006
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=292 seq=1 pid=5891
>
> refcnt=1
>
> (per-socket policy)
>
> out none
>
> created: Mar 9 11:13:07 2006 lastused:
>
> lifetime: 0(s) validtime: 0(s)
>
> spid=276 seq=0 pid=5891
>
> refcnt=1
>
> + _________________________ proc/sys/net/ipsec-star
>
> + test -d /proc/sys/net/ipsec
>
> + _________________________ ipsec/status
>
> + ipsec auto --status
>
> 000 interface lo/lo 127.0.0.1
>
> 000 interface eth0/eth0 10.6.3.133
>
> 000 interface eth1/eth1 10.6.100.254
>
> 000 %myid = (none)
>
> 000 debug
> raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfk
>e y+nattraversal+x509
>
> 000
>
> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> keysizemax=64
>
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> keysizemax=192
>
> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
> keysizemax=448
>
> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> keysizemax=0
>
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> keysizemax=256
>
> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> keysizemin=128, keysizemax=256
>
> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> keysizemin=128, keysizemax=256
>
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
>
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
>
> 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> keysizemin=256, keysizemax=256
>
> 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
> keysizemax=0
>
> 000
>
> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> keydeflen=128
>
> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> keydeflen=192
>
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
>
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
>
> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
>
> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
>
> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
>
> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
>
> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
>
> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
>
> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
>
> 000
>
> 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> trans={0,0,0} attrs={0,0,0}
>
> 000
>
> 000 "road":
> 10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...%any[@multibel1.multi
>b el.it]; unrouted; eroute owner: #0
>
> 000 "road": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
>
> 000 "road": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 24,32; interface:
> eth0;
>
> 000 "road": newest ISAKMP SA: #0; newest IPsec SA: #0;
>
> 000 "road": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5,
> 5_000-2-2, flags=-strict
>
> 000 "road": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
> 5_192-2_160-5, 5_192-2_160-2,
>
> 000 "road": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
>
> 000 "road": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
>
> 000 "road"[1]:
> 10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...10.6.3.132[@multibel1
>. multibel.it]; erouted; eroute owner: #2
>
> 000 "road"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
>
> 000 "road"[1]: policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 24,32; interface:
> eth0;
>
> 000 "road"[1]: newest ISAKMP SA: #3; newest IPsec SA: #2;
>
> 000 "road"[1]: IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5,
> 5_000-2-2, flags=-strict
>
> 000 "road"[1]: IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
> 5_192-2_160-5, 5_192-2_160-2,
>
> 000 "road"[1]: IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
>
> 000 "road"[1]: ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
>
> 000 "road"[1]: ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
>
> 000 "road"[1]: ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
>
> 000
>
> 000 #3: "road"[1] 10.6.3.132 STATE_MAIN_R3 (sent MR3, ISAKMP SA
> established); EVENT_SA_REPLACE in 3133s; newest ISAKMP
>
> 000 #2: "road"[1] 10.6.3.132 STATE_QUICK_R2 (IPsec SA established);
> EVENT_SA_REPLACE in 25624s; newest IPSEC; eroute owner
>
> 000 #2: "road"[1] 10.6.3.132 esp.9fcb4416 at 10.6.3.132
> esp.7eb13e58 at 10.6.3.133 tun.0 at 10.6.3.132 tun.0 at 10.6.3.133
>
> 000 #1: "road"[1] 10.6.3.132 STATE_MAIN_R3 (sent MR3, ISAKMP SA
> established); EVENT_SA_REPLACE in 422s
>
> 000
>
> + _________________________ ifconfig-a
>
> + ifconfig -a
>
> eth0 Link encap:Ethernet HWaddr 00:13:D4:B2:D4:8B
>
> inet addr:10.6.3.133 Bcast:10.255.255.255 Mask:255.255.255.128
>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> RX packets:645595 errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:107615 errors:0 dropped:0 overruns:0 carrier:0
>
> collisions:0 txqueuelen:1000
>
> RX bytes:164807835 (157.1 MiB) TX bytes:8102422 (7.7 MiB)
>
> Interrupt:19 Base address:0xed00
>
>
>
> eth1 Link encap:Ethernet HWaddr 00:13:49:24:4C:4C
>
> inet addr:10.6.100.254 Bcast:10.255.255.255 Mask:255.255.255.0
>
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> RX packets:2044 errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:670 errors:0 dropped:0 overruns:0 carrier:0
>
> collisions:0 txqueuelen:1000
>
> RX bytes:486855 (475.4 KiB) TX bytes:65954 (64.4 KiB)
>
> Interrupt:18 Base address:0xee00
>
>
>
> eth2 Link encap:Ethernet HWaddr 00:13:49:24:5E:B5
>
> BROADCAST MULTICAST MTU:1500 Metric:1
>
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>
> collisions:0 txqueuelen:1000
>
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> Interrupt:19 Base address:0xe000
>
>
>
> lo Link encap:Local Loopback
>
> inet addr:127.0.0.1 Mask:255.0.0.0
>
> UP LOOPBACK RUNNING MTU:16436 Metric:1
>
> RX packets:148625 errors:0 dropped:0 overruns:0 frame:0
>
> TX packets:148625 errors:0 dropped:0 overruns:0 carrier:0
>
> collisions:0 txqueuelen:0
>
> RX bytes:12254252 (11.6 MiB) TX bytes:12254252 (11.6 MiB)
>
>
>
> + _________________________ ipsec_verify
>
> + ipsec verify --nocolour
>
> Checking your system to see if IPsec got installed and started correctly:
>
> Version check and ipsec on-path [OK]
>
> Linux Openswan U2.2.0/K2.4.27-2-386 (native)
>
> Checking for IPsec support in kernel [OK]
>
> Checking for RSA private key (/etc/ipsec.secrets)
> [OK]
>
> Checking that pluto is running [OK]
>
> Two or more interfaces found, checking IP forwarding [OK]
>
> Checking NAT and MASQUERADEing [OK]
>
> Checking for 'ip' command [OK]
>
> Checking for 'iptables' command [OK]
>
> Checking for 'setkey' command for native IPsec stack support
> [OK]
>
>
>
> Opportunistic Encryption DNS checks:
>
> Looking for TXT in forward dns zone: multilinus
> [MISSING]
>
> Does the machine have at least one non-private address? [FAILED]
>
> + _________________________ mii-tool
>
> + '[' -x /sbin/mii-tool ']'
>
> + /sbin/mii-tool -v
>
> eth0: negotiated 100baseTx-FD, link ok
>
> product info: vendor 00:00:00, model 0 rev 0
>
> basic mode: autonegotiation enabled
>
> basic status: autonegotiation complete, link ok
>
> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
>
> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
>
> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> flow-control
>
> eth1: negotiated 100baseTx-FD, link ok
>
> product info: vendor 00:00:00, model 0 rev 0
>
> basic mode: autonegotiation enabled
>
> basic status: autonegotiation complete, link ok
>
> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
>
> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
>
> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
>
> SIOCGMIIPHY on 'eth2' failed: Invalid argument
>
> + _________________________ ipsec/directory
>
> + ipsec --directory
>
> /usr/lib/ipsec
>
> + _________________________ hostname/fqdn
>
> + hostname --fqdn
>
> localhost.localdomain
>
> + _________________________ hostname/ipaddress
>
> + hostname --ip-address
>
> 127.0.0.1
>
> + _________________________ uptime
>
> + uptime
>
> 12:01:46 up 2:38, 6 users, load average: 0.02, 0.04, 0.00
>
> + _________________________ ps
>
> + ps alxwf
>
> + egrep -i 'ppid|pluto|ipsec|klips'
>
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
>
> 0 0 5870 4874 16 0 2628 1328 wait4 S+ pts/4 0:00
> \_ /bin/sh /usr/lib/ipsec/barf
>
> 1 0 5941 5870 15 0 2628 1328 - R+ pts/4 0:00
> \_ /bin/sh /usr/lib/ipsec/barf
>
> 1 0 4303 1 9 0 2204 1104 wait4 S pts/3 0:00
> /bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
> --strictcrlpolicy --nat_traversal --keep_alive --force_keepalive
> --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
> --pid /var/run/pluto.pid
>
> 1 0 4307 4303 9 0 2204 1112 wait4 S pts/3 0:00 \_
> /bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
> --strictcrlpolicy --nat_traversal --keep_alive --force_keepalive
> --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
> --dump --opts --stderrlog --wait no --pre --post --log daemon.error
> --pid /var/run/pluto.pid
>
> 4 0 4314 4307 9 0 2348 1240 select S pts/3 0:00 | \_
> /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir
> /etc/ipsec.d --debug-all --uniqueids
>
> 0 0 4352 4314 9 0 1312 284 select S pts/3 0:00 |
> \_ _pluto_adns -d
>
> 0 0 4308 4303 8 0 2180 1088 pipe_w S pts/3 0:00 \_
> /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
>
> 0 0 4304 1 9 0 1376 384 pipe_w S pts/3 0:00 logger
> -s -p daemon.error -t ipsec__plutorun
>
> + _________________________ ipsec/showdefaults
>
> + ipsec showdefaults
>
> routephys=eth0
>
> routevirt=ipsec0
>
> routeaddr=10.6.3.133
>
> routenexthop=10.6.3.129
>
> + _________________________ ipsec/conf
>
> + ipsec _include /etc/ipsec.conf
>
> + ipsec _keycensor
>
>
>
> #< /etc/ipsec.conf 1
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
>
> # RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
>
>
>
> # This file: /usr/share/doc/openswan/ipsec.conf-sample
>
> #
>
> # Manual: ipsec.conf.5
>
>
>
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
>
>
> # basic configuration
>
> config setup
>
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
>
> # klipsdebug=none
>
> plutodebug=all #"control parsing"
>
> #plutostderrlog=
>
>
>
> # Add connections here
>
>
>
> # road-warrior VPN connection
>
> conn road
>
> # Left security gateway, subnet behind it, next hop toward
> right.
>
> left=10.6.3.133
>
> leftid=@multilinus.multibel.it
>
> leftsubnet=10.6.100.0/24
>
> leftrsasigkey=[keyid AQN74Z87R]
>
> # Right road-warrior
>
> rightnexthop=%direct
>
> right=%any
>
> rightid=@multibel1.multibel.it
>
> rightrsasigkey=[keyid AQO9mjElL]
>
> # To authorize this connection, but not actually start it, at
> startup,
>
> # uncomment this.
>
> auto=add
>
>
>
> #Disable Opportunistic Encryption
>
>
>
> #< /etc/ipsec.d/examples/no_oe.conf 1
>
> # 'include' this file to disable Opportunistic Encryption.
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
>
> conn block
>
> auto=ignore
>
>
>
> conn private
>
> auto=ignore
>
>
>
> conn private-or-clear
>
> auto=ignore
>
>
>
> conn clear-or-private
>
> auto=ignore
>
>
>
> conn clear
>
> auto=ignore
>
>
>
> conn packetdefault
>
> auto=ignore
>
>
>
> #> /etc/ipsec.conf 38
>
> + _________________________ ipsec/secrets
>
> + ipsec _include /etc/ipsec.secrets
>
> + ipsec _secretcensor
>
>
>
> #< /etc/ipsec.secrets 1
>
> : RSA {
>
> # RSA 2048 bits multilinus Tue Feb 7 17:51:12 2006
>
> # for signatures only, UNSAFE FOR ENCRYPTION
>
> #pubkey=[keyid AQN74Z87R]
>
> Modulus: [...]
>
> PublicExponent: [...]
>
> # everything after this point is secret
>
> PrivateExponent: [...]
>
> Prime1: [...]
>
> Prime2: [...]
>
> Exponent1: [...]
>
> Exponent2: [...]
>
> Coefficient: [...]
>
> }
>
> + _________________________ ipsec/listall
>
> + ipsec auto --listall
>
> 000
>
> 000 List of Public Keys:
>
> 000
>
> 000 Mar 09 11:13:07 2006, 2048 RSA Key AQO9mjElL, until --- -- --:--:--
> ---- ok (expires never)
>
> 000 ID_FQDN '@multibel1.multibel.it'
>
> 000 Mar 09 11:13:07 2006, 2048 RSA Key AQN74Z87R, until --- -- --:--:--
> ---- ok (expires never)
>
> 000 ID_FQDN '@multilinus.multibel.it'
>
> + '[' /etc/ipsec.d/policies ']'
>
> ++ basename /etc/ipsec.d/policies/block
>
> + base=block
>
> + _________________________ ipsec/policies/block
>
> + cat /etc/ipsec.d/policies/block
>
> # This file defines the set of CIDRs (network/mask-length) to which
>
> # communication should never be allowed.
>
> #
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
>
> #
>
>
>
> ++ basename /etc/ipsec.d/policies/clear
>
> + base=clear
>
> + _________________________ ipsec/policies/clear
>
> + cat /etc/ipsec.d/policies/clear
>
> # This file defines the set of CIDRs (network/mask-length) to which
>
> # communication should always be in the clear.
>
> #
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
>
> #
>
> ++ basename /etc/ipsec.d/policies/clear-or-private
>
> + base=clear-or-private
>
> + _________________________ ipsec/policies/clear-or-private
>
> + cat /etc/ipsec.d/policies/clear-or-private
>
> # This file defines the set of CIDRs (network/mask-length) to which
>
> # we will communicate in the clear, or, if the other side initiates IPSEC,
>
> # using encryption. This behaviour is also called "Opportunistic
> Responder".
>
> #
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
>
> #
>
> ++ basename /etc/ipsec.d/policies/private
>
> + base=private
>
> + _________________________ ipsec/policies/private
>
> + cat /etc/ipsec.d/policies/private
>
> # This file defines the set of CIDRs (network/mask-length) to which
>
> # communication should always be private (i.e. encrypted).
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
>
> #
>
> ++ basename /etc/ipsec.d/policies/private-or-clear
>
> + base=private-or-clear
>
> + _________________________ ipsec/policies/private-or-clear
>
> + cat /etc/ipsec.d/policies/private-or-clear
>
> # This file defines the set of CIDRs (network/mask-length) to which
>
> # communication should be private, if possible, but in the clear otherwise.
>
> #
>
> # If the target has a TXT (later IPSECKEY) record that specifies
>
> # authentication material, we will require private (i.e. encrypted)
>
> # communications. If no such record is found, communications will be
>
> # in the clear.
>
> #
>
> # See /usr/share/doc/openswan/policygroups.html for details.
>
> #
>
> # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
>
> #
>
>
>
> 0.0.0.0/0
>
> + _________________________ ipsec/ls-libdir
>
> + ls -l /usr/lib/ipsec
>
> total 1376
>
> -rwxr-xr-x 1 root root 15404 May 24 2005 _confread
>
> -rwxr-xr-x 1 root root 4612 May 24 2005 _copyright
>
> -rwxr-xr-x 1 root root 2380 May 24 2005 _include
>
> -rwxr-xr-x 1 root root 1476 May 24 2005 _keycensor
>
> -rwxr-xr-x 1 root root 9784 May 24 2005 _pluto_adns
>
> -rwxr-xr-x 1 root root 3586 May 24 2005 _plutoload
>
> -rwxr-xr-x 1 root root 7165 May 24 2005 _plutorun
>
> -rwxr-xr-x 1 root root 10494 May 24 2005 _realsetup
>
> -rwxr-xr-x 1 root root 1976 May 24 2005 _secretcensor
>
> -rwxr-xr-x 1 root root 9013 May 24 2005 _startklips
>
> -rwxr-xr-x 1 root root 12313 May 24 2005 _updown
>
> -rwxr-xr-x 1 root root 7572 May 24 2005 _updown_x509
>
> -rwxr-xr-x 1 root root 19222 May 24 2005 auto
>
> -rwxr-xr-x 1 root root 10224 May 24 2005 barf
>
> -rwxr-xr-x 1 root root 816 May 24 2005 calcgoo
>
> -rwxr-xr-x 1 root root 80792 May 24 2005 eroute
>
> -rwxr-xr-x 1 root root 1942 May 24 2005 ipsec_pr.template
>
> -rwxr-xr-x 1 root root 60664 May 24 2005 klipsdebug
>
> -rwxr-xr-x 1 root root 2462 May 24 2005 look
>
> -rwxr-xr-x 1 root root 7118 May 24 2005 mailkey
>
> -rwxr-xr-x 1 root root 16190 May 24 2005 manual
>
> -rwxr-xr-x 1 root root 1874 May 24 2005 newhostkey
>
> -rwxr-xr-x 1 root root 53196 May 24 2005 pf_key
>
> -rwxr-xr-x 1 root root 590808 May 24 2005 pluto
>
> -rwxr-xr-x 1 root root 6616 May 24 2005 ranbits
>
> -rwxr-xr-x 1 root root 18584 May 24 2005 rsasigkey
>
> -rwxr-xr-x 1 root root 766 May 24 2005 secrets
>
> -rwxr-xr-x 1 root root 17570 May 24 2005 send-pr
>
> lrwxrwxrwx 1 root root 17 Jan 25 12:50 setup -> /etc/init.d/ipsec
>
> -rwxr-xr-x 1 root root 1048 May 24 2005 showdefaults
>
> -rwxr-xr-x 1 root root 4365 May 24 2005 showhostkey
>
> -rwxr-xr-x 1 root root 118200 May 24 2005 spi
>
> -rwxr-xr-x 1 root root 68408 May 24 2005 spigrp
>
> -rwxr-xr-x 1 root root 81752 May 24 2005 starter
>
> -rwxr-xr-x 1 root root 9744 May 24 2005 tncfg
>
> -rwxr-xr-x 1 root root 10189 May 24 2005 verify
>
> -rwxr-xr-x 1 root root 42968 May 24 2005 whack
>
> + _________________________ ipsec/ls-execdir
>
> + ls -l /usr/lib/ipsec
>
> total 1376
>
> -rwxr-xr-x 1 root root 15404 May 24 2005 _confread
>
> -rwxr-xr-x 1 root root 4612 May 24 2005 _copyright
>
> -rwxr-xr-x 1 root root 2380 May 24 2005 _include
>
> -rwxr-xr-x 1 root root 1476 May 24 2005 _keycensor
>
> -rwxr-xr-x 1 root root 9784 May 24 2005 _pluto_adns
>
> -rwxr-xr-x 1 root root 3586 May 24 2005 _plutoload
>
> -rwxr-xr-x 1 root root 7165 May 24 2005 _plutorun
>
> -rwxr-xr-x 1 root root 10494 May 24 2005 _realsetup
>
> -rwxr-xr-x 1 root root 1976 May 24 2005 _secretcensor
>
> -rwxr-xr-x 1 root root 9013 May 24 2005 _startklips
>
> -rwxr-xr-x 1 root root 12313 May 24 2005 _updown
>
> -rwxr-xr-x 1 root root 7572 May 24 2005 _updown_x509
>
> -rwxr-xr-x 1 root root 19222 May 24 2005 auto
>
> -rwxr-xr-x 1 root root 10224 May 24 2005 barf
>
> -rwxr-xr-x 1 root root 816 May 24 2005 calcgoo
>
> -rwxr-xr-x 1 root root 80792 May 24 2005 eroute
>
> -rwxr-xr-x 1 root root 1942 May 24 2005 ipsec_pr.template
>
> -rwxr-xr-x 1 root root 60664 May 24 2005 klipsdebug
>
> -rwxr-xr-x 1 root root 2462 May 24 2005 look
>
> -rwxr-xr-x 1 root root 7118 May 24 2005 mailkey
>
> -rwxr-xr-x 1 root root 16190 May 24 2005 manual
>
> -rwxr-xr-x 1 root root 1874 May 24 2005 newhostkey
>
> -rwxr-xr-x 1 root root 53196 May 24 2005 pf_key
>
> -rwxr-xr-x 1 root root 590808 May 24 2005 pluto
>
> -rwxr-xr-x 1 root root 6616 May 24 2005 ranbits
>
> -rwxr-xr-x 1 root root 18584 May 24 2005 rsasigkey
>
> -rwxr-xr-x 1 root root 766 May 24 2005 secrets
>
> -rwxr-xr-x 1 root root 17570 May 24 2005 send-pr
>
> lrwxrwxrwx 1 root root 17 Jan 25 12:50 setup -> /etc/init.d/ipsec
>
> -rwxr-xr-x 1 root root 1048 May 24 2005 showdefaults
>
> -rwxr-xr-x 1 root root 4365 May 24 2005 showhostkey
>
> -rwxr-xr-x 1 root root 118200 May 24 2005 spi
>
> -rwxr-xr-x 1 root root 68408 May 24 2005 spigrp
>
> -rwxr-xr-x 1 root root 81752 May 24 2005 starter
>
> -rwxr-xr-x 1 root root 9744 May 24 2005 tncfg
>
> -rwxr-xr-x 1 root root 10189 May 24 2005 verify
>
> -rwxr-xr-x 1 root root 42968 May 24 2005 whack
>
> + _________________________ ipsec/updowns
>
> ++ ls /usr/lib/ipsec
>
> ++ egrep updown
>
> + cat /usr/lib/ipsec/_updown
>
> #! /bin/sh
>
> # iproute2 version, default updown script
>
> #
>
> # Copyright (C) 2003-2004 Nigel Meteringham
>
> # Copyright (C) 2003-2004 Tuomo Soini
>
> # Copyright (C) 2002-2004 Michael Richardson <mcr at xelerance.com>
>
> #
>
> # This program is free software; you can redistribute it and/or modify it
>
> # under the terms of the GNU General Public License as published by the
>
> # Free Software Foundation; either version 2 of the License, or (at your
>
> # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
>
> #
>
> # This program is distributed in the hope that it will be useful, but
>
> # WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY
>
> # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
>
> # for more details.
>
> #
>
> # RCSID $Id: _updown.ip2.in,v 1.11 2004/06/01 13:30:57 ken Exp $
>
>
>
>
>
>
>
> # CAUTION: Installing a new version of FreeS/WAN will install a new
>
> # copy of this script, wiping out any custom changes you make. If
>
> # you need changes, make a copy of this under another name, and customize
>
> # that, and use the (left/right)updown parameters in ipsec.conf to make
>
> # FreeS/WAN use yours instead of this default one.
>
>
>
> LC_ALL=C export LC_ALL
>
>
>
> # things that this script gets (from ipsec_pluto(8) man page)
>
> #
>
> #
>
> # PLUTO_VERSION
>
> # indicates what version of this interface is being
>
> # used. This document describes version 1.1. This
>
> # is upwardly compatible with version 1.0.
>
> #
>
> # PLUTO_VERB
>
> # specifies the name of the operation to be performed
>
> # (prepare-host, prepare-client, up-host, up-client,
>
> # down-host, or down-client). If the address family
>
> # for security gateway to security gateway communica-
>
> # tions is IPv6, then a suffix of -v6 is added to the
>
> # verb.
>
> #
>
> # PLUTO_CONNECTION
>
> # is the name of the connection for which we are
>
> # routing.
>
> #
>
> # PLUTO_CONN_POLICY
>
> # the policy of the connection, as in:
>
> #
> RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD
>
> #
>
> # PLUTO_NEXT_HOP
>
> # is the next hop to which packets bound for the peer
>
> # must be sent.
>
> #
>
> # PLUTO_INTERFACE
>
> # is the name of the ipsec interface to be used.
>
> #
>
> # PLUTO_ME
>
> # is the IP address of our host.
>
> #
>
> # PLUTO_MY_CLIENT
>
> # is the IP address / count of our client subnet. If
>
> # the client is just the host, this will be the
>
> # host's own IP address / max (where max is 32 for
>
> # IPv4 and 128 for IPv6).
>
> #
>
> # PLUTO_MY_CLIENT_NET
>
> # is the IP address of our client net. If the client
>
> # is just the host, this will be the host's own IP
>
> # address.
>
> #
>
> # PLUTO_MY_CLIENT_MASK
>
> # is the mask for our client net. If the client is
>
> # just the host, this will be 255.255.255.255.
>
> #
>
> # PLUTO_MY_SOURCEIP
>
> # if non-empty, then the source address for the route will be
>
> # set to this IP address.
>
> #
>
> # PLUTO_PEER
>
> # is the IP address of our peer.
>
> #
>
> # PLUTO_PEER_CLIENT
>
> # is the IP address / count of the peer's client sub-
>
> # net. If the client is just the peer, this will be
>
> # the peer's own IP address / max (where max is 32
>
> # for IPv4 and 128 for IPv6).
>
> #
>
> # PLUTO_PEER_CLIENT_NET
>
> # is the IP address of the peer's client net. If the
>
> # client is just the peer, this will be the peer's
>
> # own IP address.
>
> #
>
> # PLUTO_PEER_CLIENT_MASK
>
> # is the mask for the peer's client net. If the
>
> # client is just the peer, this will be
>
> # 255.255.255.255.
>
> #
>
> # PLUTO_CONNECTION_TYPE
>
> #
>
>
>
> # check interface version
>
> case "$PLUTO_VERSION" in
>
> 1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
>
> echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
>
> echo "$0: called by obsolete Pluto?" >&2
>
> exit 2
>
> ;;
>
> 1.*) ;;
>
> *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
>
> exit 2
>
> ;;
>
> esac
>
>
>
> # check parameter(s)
>
> case "$1:$*" in
>
> ':') # no parameters
>
> ;;
>
> ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
> only
>
> ;;
>
> custom:*) # custom parameters (see above CAUTION
> comment)
>
> ;;
>
> *) echo "$0: unknown parameters \`$*'" >&2
>
> exit 2
>
> ;;
>
> esac
>
>
>
> # utility functions for route manipulation
>
> # Meddling with this stuff should not be necessary and requires great care.
>
> uproute() {
>
> doroute add
>
> ip route flush cache
>
> }
>
> downroute() {
>
> doroute delete
>
> ip route flush cache
>
> }
>
>
>
> uprule() {
>
> # policy based advanced routing
>
> if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
> "main" ]
>
> then
>
> dorule delete
>
> dorule add
>
> fi
>
> # virtual sourceip support
>
> if [ -n "$PLUTO_MY_SOURCEIP" ] && ["$PLUTO_MY_SOURCEIP" != "no"
> ]
>
> then
>
> addsource
>
> changesource
>
> fi
>
> ip route flush cache
>
> }
>
>
>
> downrule() {
>
> if [ -n "$PLUTO_MY_SOURCEIP" ] && [ "$PLUTO_IPROUTETABLE" !=
> "main" ]
>
> then
>
> dorule delete
>
> ip route flush cache
>
> fi
>
> }
>
>
>
> addsource() {
>
> st=0
>
> if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
>
> then
>
> it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev
> $PLUTO_INTERFACE"
>
> oops="`eval $it 2>&1`"
>
> st=$?
>
> if test " $oops" = " " -a " $st" != " 0"
>
> then
>
> oops="silent error, exit status $st"
>
> fi
>
> if test " $oops" != " " -o " $st" != " 0"
>
> then
>
> echo "$0: addsource \`$it' failed ($oops)" >&2
>
> fi
>
> fi
>
> return $st
>
> }
>
>
>
> changesource() {
>
> st=0
>
> parms="$PLUTO_PEER_CLIENT"
>
> parms2="dev $PLUTO_INTERFACE"
>
> parms3="src ${PLUTO_MY_SOURCEIP%/*}"
>
> if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
> "main" ]
>
> then
>
> parms3="$parms3 table '$PLUTO_IPROUTETABLE'"
>
> fi
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # opportunistic encryption work around
>
> it=
>
> ;;
>
> esac
>
> oops="`eval $it 2>&1`"
>
> st=$?
>
> if test " $oops" = " " -a " $st" != " 0"
>
> then
>
> oops="silent error, exit status $st"
>
> fi
>
> if test " $oops" != " " -o " $st" != " 0"
>
> then
>
> echo "$0: changesource \`$it' failed ($oops)" >&2
>
> fi
>
> return $st
>
> }
>
>
>
> dorule() {
>
> st=0
>
> it2=
>
> iprule="from $PLUTO_MY_CLIENT"
>
> iprule2="to $PLUTO_PEER_CLIENT table $PLUTO_IPROUTETABLE"
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # opportunistic encryption work around
>
> st=0
>
> ;;
>
> *)
>
> if test "$PLUTO_MY_SOURCEIP" = "no"
>
> then
>
> if test "$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}"
>
> then
>
> it="ip rule $1 iif lo $iprule2"
>
> else
>
> it="ip rule $1 $iprule $iprule2"
>
> fi
>
> else
>
> if test "${PLUTO_MY_SOURCEIP%/*}" =
> "${PLUTO_MY_CLIENT%/*}"
>
> then
>
> it="ip rule $1 iif lo $iprule2"
>
> else
>
> it="ip rule $1 $iprule $iprule2"
>
> it2="ip rule $1 iif lo $iprule2"
>
> fi
>
> fi
>
> oops="`eval $it 2>&1`"
>
> st=$?
>
> if test " $oops" = " " -a " $st" != " 0"
>
> then
>
> oops="silent error, exit status $st"
>
> fi
>
> case "$oops" in
>
> 'RTNETLINK answers: No such process'*)
>
> # This is what ip rule gives
>
> # for "could not find such a rule"
>
> oops=
>
> st=0
>
> ;;
>
> esac
>
> if test " $oops" != " " -o " $st" != " 0"
>
> then
>
> echo "$0: dorule \`$it' failed ($oops)" >&2
>
> fi
>
> if test "$st" = "0" -a -n "$it2"
>
> then
>
> oops="`eval $it2 2>&1`"
>
> st=$?
>
> if test " $oops" = " " -a " $st" != " 0"
>
> then
>
> oops="silent error, exit status $st"
>
> fi
>
> case "$oops" in
>
> 'RTNETLINK answers: No such process'*)
>
> # This is what ip rule gives
>
> # for "could not find such a rule"
>
> oops=
>
> st=0
>
> ;;
>
> esac
>
> if test " $oops" != " " -o " $st" != " 0"
>
> then
>
> echo "$0: dorule \`$it2' failed ($oops)"
>
> >&2
>
> fi
>
> fi
>
> ;;
>
> esac
>
> return $st
>
> }
>
>
>
>
>
> doroute() {
>
> st=0
>
> parms="$PLUTO_PEER_CLIENT"
>
> parms2=
>
> if [ -n "$PLUTO_NEXT_HOP" ]
>
> then
>
> parms2="via $PLUTO_NEXT_HOP"
>
> fi
>
> parms2="$parms2 dev $PLUTO_INTERFACE"
>
> parms3=
>
> if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
> "main" ]
>
> then
>
> parms3="table $PLUTO_IPROUTETABLE"
>
> fi
>
>
>
> if [ -z "$PLUTO_MY_SOURCEIP" ]
>
> then
>
> if [ -f /etc/sysconfig/defaultsource ]
>
> then
>
> . /etc/sysconfig/defaultsource
>
> if [ -n "$DEFAULTSOURCE" ]
>
> then
>
> PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
>
> fi
>
> fi
>
> fi
>
>
>
> if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
>
> then
>
> addsource
>
> parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
>
> fi
>
>
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # opportunistic encryption work around
>
> # need to provide route that eclipses default,
> without
>
> # replacing it.
>
> it="ip route $1 0.0.0.0/1 $parms2 &&
>
> ip route $1 128.0.0.0/1 $parms2"
>
> ;;
>
> *) it="ip route $1 $parms $parms2 $parms3"
>
> ;;
>
> esac
>
> oops="`eval $it 2>&1`"
>
> st=$?
>
> if test " $oops" = " " -a " $st" != " 0"
>
> then
>
> oops="silent error, exit status $st"
>
> fi
>
> if test " $oops" != " " -o " $st" != " 0"
>
> then
>
> echo "$0: doroute \`$it' failed ($oops)" >&2
>
> fi
>
> return $st
>
> }
>
>
>
>
>
> # the big choice
>
> case "$PLUTO_VERB:$1" in
>
> prepare-host:*|prepare-client:*)
>
> # delete possibly-existing route (preliminary to adding a
> route)
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # need to provide route that eclipses default,
> without
>
> # replacing it.
>
> parms1="0.0.0.0/1"
>
> parms2="128.0.0.0/1"
>
> it="ip route delete $parms1 2>&1 ; ip route delete
> $parms2 2>&1"
>
> oops="`ip route delete $parms1 2>&1 ; ip route
> delete $parms2 2>&1`"
>
> ;;
>
> *)
>
> parms="$PLUTO_PEER_CLIENT"
>
> it="ip route delete $parms 2>&1"
>
> oops="`ip route delete $parms 2>&1`"
>
> ;;
>
> esac
>
> status="$?"
>
> if test " $oops" = " " -a " $status" != " 0"
>
> then
>
> oops="silent error, exit status $status"
>
> fi
>
> case "$oops" in
>
> *'RTNETLINK answers: No such process'*)
>
> # This is what route (currently -- not documented!)
> gives
>
> # for "could not find such a route".
>
> oops=
>
> status=0
>
> ;;
>
> esac
>
> if test " $oops" != " " -o " $status" != " 0"
>
> then
>
> echo "$0: \`$it' failed ($oops)" >&2
>
> fi
>
> exit $status
>
> ;;
>
> route-host:*|route-client:*)
>
> # connection to me or my client subnet being routed
>
> uproute
>
> ;;
>
> unroute-host:*|unroute-client:*)
>
> # connection to me or my client subnet being unrouted
>
> downroute
>
> ;;
>
> up-host:*)
>
> # connection to me coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> down-host:*)
>
> # connection to me going down
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> up-client:)
>
> # connection to my client subnet coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> down-client:)
>
> # connection to my client subnet going down
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> up-client:ipfwadm)
>
> # connection to client subnet, with (left/right)firewall=yes,
> coming up
>
> # This is used only by the default updown script, not by your
> custom
>
> # ones, so do not mess with it; see CAUTION comment up at top.
>
> ipfwadm -F -i accept -b -S
> $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
>
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
>
> ;;
>
> down-client:ipfwadm)
>
> # connection to client subnet, with (left/right)firewall=yes,
> going down
>
> # This is used only by the default updown script, not by your
> custom
>
> # ones, so do not mess with it; see CAUTION comment up at top.
>
> ipfwadm -F -d accept -b -S
> $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
>
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
>
> ;;
>
> #
>
> # IPv6
>
> #
>
> prepare-host-v6:*|prepare-client-v6:*)
>
> ;;
>
> route-host-v6:*|route-client-v6:*)
>
> # connection to me or my client subnet being routed
>
> #uproute_v6
>
> ;;
>
> unroute-host-v6:*|unroute-client-v6:*)
>
> # connection to me or my client subnet being unrouted
>
> #downroute_v6
>
> ;;
>
> up-host-v6:*)
>
> # connection to me coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> down-host-v6:*)
>
> # connection to me going down
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> up-client-v6:)
>
> # connection to my client subnet coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> down-client-v6:)
>
> # connection to my client subnet going down
>
> # If you are doing a custom version, firewall commands go here.
>
> ;;
>
> *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
>
> exit 1
>
> ;;
>
> esac
>
> + cat /usr/lib/ipsec/_updown_x509
>
> #! /bin/sh
>
> #
>
> # customized updown script
>
> #
>
>
>
> # logging of VPN connections
>
> #
>
> # tag put in front of each log entry:
>
> TAG=vpn
>
> #
>
> # syslog facility and priority used:
>
> FAC_PRIO=local0.notice
>
> #
>
> # to create a special vpn logging file, put the following line into
>
> # the syslog configuration file /etc/syslog.conf:
>
> #
>
> # local0.notice -/var/log/vpn
>
> #
>
> # check interface version
>
> case "$PLUTO_VERSION" in
>
> 1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
>
> echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
>
> echo "$0: called by obsolete Pluto?" >&2
>
> exit 2
>
> ;;
>
> 1.*) ;;
>
> *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
>
> exit 2
>
> ;;
>
> esac
>
>
>
> # check parameter(s)
>
> case "$1:$*" in
>
> ':') # no parameters
>
> ;;
>
> ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
> only
>
> ;;
>
> custom:*) # custom parameters (see above CAUTION
> comment)
>
> ;;
>
> *) echo "$0: unknown parameters \`$*'" >&2
>
> exit 2
>
> ;;
>
> esac
>
>
>
> # utility functions for route manipulation
>
> # Meddling with this stuff should not be necessary and requires great care.
>
> uproute() {
>
> doroute add
>
> }
>
> downroute() {
>
> doroute del
>
> }
>
> doroute() {
>
> parms="-net $PLUTO_PEER_CLIENT_NET netmask
> $PLUTO_PEER_CLIENT_MASK"
>
> parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # horrible kludge for obscure routing bug with
> opportunistic
>
> it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2
> &&"
>
> it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0
> $parms2"
>
> route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
>
> route $1 -net 128.0.0.0 netmask
> 128.0.0.0 $parms2
>
> ;;
>
> *) it="route $1 $parms $parms2"
>
> route $1 $parms $parms2
>
> ;;
>
> esac
>
> st=$?
>
> if test $st -ne 0
>
> then
>
> # route has already given its own cryptic message
>
> echo "$0: \`$it' failed" >&2
>
> if test " $1 $st" = " add 7"
>
> then
>
> # another totally undocumented interface
> -- 7 and
>
> # "SIOCADDRT: Network is unreachable"
> means that
>
> # the gateway isn't reachable.
>
> echo "$0: (incorrect or missing nexthop
> setting??)" >&2
>
> fi
>
> fi
>
> return $st
>
> }
>
>
>
> # are there port numbers?
>
> if [ "$PLUTO_MY_PORT" != 0 ]
>
> then
>
> S_MY_PORT="--sport $PLUTO_MY_PORT"
>
> D_MY_PORT="--dport $PLUTO_MY_PORT"
>
> fi
>
> if [ "$PLUTO_PEER_PORT" != 0 ]
>
> then
>
> S_PEER_PORT="--sport $PLUTO_PEER_PORT"
>
> D_PEER_PORT="--dport $PLUTO_PEER_PORT"
>
> fi
>
>
>
> # the big choice
>
> case "$PLUTO_VERB:$1" in
>
> prepare-host:*|prepare-client:*)
>
> # delete possibly-existing route (preliminary to adding a
> route)
>
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
>
> "0.0.0.0/0.0.0.0")
>
> # horrible kludge for obscure routing bug with
> opportunistic
>
> parms1="-net 0.0.0.0 netmask 128.0.0.0"
>
> parms2="-net 128.0.0.0 netmask 128.0.0.0"
>
> it="route del $parms1 2>&1 ; route del $parms2
> 2>&1"
>
> oops="`route del $parms1 2>&1 ; route del $parms2
> 2>&1`"
>
> ;;
>
> *)
>
> parms="-net $PLUTO_PEER_CLIENT_NET netmask
> $PLUTO_PEER_CLIENT_MASK"
>
> it="route del $parms 2>&1"
>
> oops="`route del $parms 2>&1`"
>
> ;;
>
> esac
>
> status="$?"
>
> if test " $oops" = " " -a " $status" != " 0"
>
> then
>
> oops="silent error, exit status $status"
>
> fi
>
> case "$oops" in
>
> 'SIOCDELRT: No such process'*)
>
> # This is what route (currently -- not documented!)
> gives
>
> # for "could not find such a route".
>
> oops=
>
> status=0
>
> ;;
>
> esac
>
> if test " $oops" != " " -o " $status" != " 0"
>
> then
>
> echo "$0: \`$it' failed ($oops)" >&2
>
> fi
>
> exit $status
>
> ;;
>
> route-host:*|route-client:*)
>
> # connection to me or my client subnet being routed
>
> uproute
>
> ;;
>
> unroute-host:*|unroute-client:*)
>
> # connection to me or my client subnet being unrouted
>
> downroute
>
> ;;
>
> up-host:*)
>
> # connection to me coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
>
> -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $S_PEER_PORT \
>
> -d $PLUTO_ME $D_MY_PORT -j ACCEPT
>
> iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p
> $PLUTO_PEER_PROTOCOL \
>
> -s $PLUTO_ME $S_MY_PORT \
>
> -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $D_PEER_PORT -j ACCEPT
>
> #
>
> if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
>
> then
>
> logger -t $TAG -p $FAC_PRIO \
>
> "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
>
> else
>
> logger -t $TAG -p $FAC_PRIO \
>
> "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
> $PLUTO_PEER -- $PLUTO_ME"
>
> fi
>
> ;;
>
> down-host:*)
>
> # connection to me going down
>
> # If you are doing a custom version, firewall commands go here.
>
> iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
>
> -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $S_PEER_PORT \
>
> -d $PLUTO_ME $D_MY_PORT -j ACCEPT
>
> iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL
> \
>
> -s $PLUTO_ME $S_MY_PORT \
>
> -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $D_PEER_PORT -j ACCEPT
>
> #
>
> if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
>
> then
>
> logger -t $TAG -p $FAC_PRIO -- \
>
> "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
>
> else
>
> logger -t $TAG -p $FAC_PRIO -- \
>
> "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER
> -- $PLUTO_ME"
>
> fi
>
> ;;
>
> up-client:)
>
> # connection to my client subnet coming up
>
> # If you are doing a custom version, firewall commands go here.
>
> iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p
> $PLUTO_PEER_PROTOCOL \
>
> -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
>
> -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $D_PEER_PORT -j ACCEPT
>
> iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL
> \
>
> -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $S_PEER_PORT \
>
> -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
> ACCEPT
>
> #
>
> if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
>
> then
>
> logger -t $TAG -p $FAC_PRIO \
>
> "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
> $PLUTO_MY_CLIENT"
>
> else
>
> logger -t $TAG -p $FAC_PRIO \
>
> "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
> $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
>
> fi
>
> ;;
>
> down-client:)
>
> # connection to my client subnet going down
>
> # If you are doing a custom version, firewall commands go here.
>
> iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL
> \
>
> -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
>
> -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $D_PEER_PORT -j ACCEPT
>
> iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
>
> -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> $S_PEER_PORT \
>
> -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
> ACCEPT
>
> #
>
> if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
>
> then
>
> logger -t $TAG -p $FAC_PRIO -- \
>
> "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
> $PLUTO_MY_CLIENT"
>
> else
>
> logger -t $TAG -p $FAC_PRIO -- \
>
> "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
> $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
>
> fi
>
> ;;
>
> up-client:ipfwadm)
>
> # connection to client subnet, with (left/right)firewall=yes,
> coming up
>
> # This is used only by the default updown script, not by your
> custom
>
> # ones, so do not mess with it; see CAUTION comment up at top.
>
> ipfwadm -F -i accept -b -S
> $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
>
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
>
> ;;
>
> down-client:ipfwadm)
>
> # connection to client subnet, with (left/right)firewall=yes,
> going down
>
> # This is used only by the default updown script, not by your
> custom
>
> # ones, so do not mess with it; see CAUTION comment up at top.
>
> ipfwadm -F -d accept -b -S
> $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
>
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
>
> ;;
>
> *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
>
> exit 1
>
> ;;
>
> esac
>
> + _________________________ proc/net/dev
>
> + cat /proc/net/dev
>
> Inter-| Receive |
> Transmit
>
> face |bytes packets errs drop fifo frame compressed multicast|bytes
> packets errs drop fifo colls carrier compressed
>
> lo:12260821 148705 0 0 0 0 0 0 12260821
> 148705 0 0 0 0 0 0
>
> eth0:164808575 645601 0 0 0 0 0 0 8103048
> 107624 0 0 0 0 0 0
>
> eth1: 487419 2048 0 0 0 0 0 0 66356
> 672 0 0 0 0 0 0
>
> eth2: 0 0 0 0 0 0 0 0 0
> 0 0 0 0 0 0 0
>
> + _________________________ proc/net/route
>
> + cat /proc/net/route
>
> Iface Destination Gateway Flags RefCnt Use
> Metric Mask MTU Window IRTT
>
>
> eth0 8403060A 8403060A 0007 0 0
> 0 FFFFFFFF 0 0 0
>
>
> eth0 8003060A 00000000 0001 0 0
> 0 80FFFFFF 0 0 0
>
>
> eth1 0064060A 00000000 0001 0 0
> 0 00FFFFFF 0 0 0
>
>
> eth0 00000000 8103060A 0003 0 0
> 0 00000000 0 0 0
>
>
> + _________________________ proc/sys/net/ipv4/ip_forward
>
> + cat /proc/sys/net/ipv4/ip_forward
>
> 1
>
> + _________________________ proc/sys/net/ipv4/conf/star-rp_filter
>
> + cd /proc/sys/net/ipv4/conf
>
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
> lo/rp_filter
>
> all/rp_filter:1
>
> default/rp_filter:1
>
> eth0/rp_filter:1
>
> eth1/rp_filter:1
>
> lo/rp_filter:1
>
> + _________________________ uname-a
>
> + uname -a
>
> Linux multilinus 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686
> GNU/Linux
>
> + _________________________ config-built-with
>
> + test -r /proc/config_built_with
>
> + _________________________ redhat-release
>
> + test -r /etc/redhat-release
>
> + test -r /etc/fedora-release
>
> + _________________________ proc/net/ipsec_version
>
> + test -r /proc/net/ipsec_version
>
> + test -r /proc/net/pfkey
>
> ++ uname -r
>
> + echo 'native PFKEY (2.4.27-2-386) support detected '
>
> native PFKEY (2.4.27-2-386) support detected
>
> + _________________________ ipfwadm
>
> + test -r /sbin/ipfwadm
>
> + ipfwadm -F -l -n -e
>
> Generic IP Firewall Chains not in this kernel
>
> + _________________________
>
> + ipfwadm -I -l -n -e
>
> Generic IP Firewall Chains not in this kernel
>
> + _________________________
>
> + ipfwadm -O -l -n -e
>
> Generic IP Firewall Chains not in this kernel
>
> + _________________________
>
> + ipfwadm -M -l -n -e
>
> Generic IP Firewall Chains not in this kernel
>
> + _________________________ ipchains
>
> + test -r /sbin/ipchains
>
> + ipchains -L -v -n
>
> ipchains: Incompatible with this kernel
>
> + _________________________
>
> + ipchains -M -L -v -n
>
> ipchains: cannot open file `/proc/net/ip_masquerade'
>
> + _________________________ iptables
>
> + test -r /sbin/iptables
>
> + iptables -L -v -n
>
> Chain INPUT (policy ACCEPT 121K packets, 10M bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain FORWARD (policy ACCEPT 249 packets, 19077 bytes)
>
> pkts bytes target prot opt in out source
> destination
>
> 6647 558K DROP icmp -- * * 10.6.3.128/25
> 0.0.0.0/0 icmp type 8
>
>
>
> Chain OUTPUT (policy ACCEPT 113K packets, 9990K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
> + _________________________
>
> + iptables -t nat -L -v -n
>
> Chain PREROUTING (policy ACCEPT 4663 packets, 497K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain POSTROUTING (policy ACCEPT 913 packets, 55871 bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain OUTPUT (policy ACCEPT 894 packets, 54169 bytes)
>
> pkts bytes target prot opt in out source
> destination
>
> + _________________________
>
> + iptables -t mangle -L -v -n
>
> Chain PREROUTING (policy ACCEPT 79957 packets, 6937K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain INPUT (policy ACCEPT 75472 packets, 6495K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain FORWARD (policy ACCEPT 4283 packets, 359K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain OUTPUT (policy ACCEPT 70617 packets, 6468K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
>
>
> Chain POSTROUTING (policy ACCEPT 70754 packets, 6479K bytes)
>
> pkts bytes target prot opt in out source
> destination
>
> + _________________________ proc/modules
>
> + test -f /proc/modules
>
> + cat /proc/modules
>
> iptable_mangle 2040 0 (autoclean) (unused)
>
> iptable_nat 14766 0 (autoclean) (unused)
>
> ip_conntrack 17000 0 (autoclean) [iptable_nat]
>
> iptable_filter 1644 1 (autoclean)
>
> ip_tables 10400 5 [iptable_mangle iptable_nat
> iptable_filter]
>
> input 3040 0 (autoclean)
>
> apm 8428 1 (autoclean)
>
> parport_pc 19432 1 (autoclean)
>
> lp 5540 0 (autoclean)
>
> parport 21608 1 (autoclean) [parport_pc lp]
>
> af_packet 11048 2 (autoclean)
>
> deflate 1068 0 (autoclean)
>
> zlib_deflate 16760 0 (autoclean) [deflate]
>
> twofish 34476 0 (autoclean)
>
> serpent 11564 0 (autoclean)
>
> aes 31488 0 (autoclean)
>
> blowfish 8428 0 (autoclean)
>
> des 9932 2 (autoclean)
>
> sha256 7820 0 (autoclean)
>
> sha1 7052 0 (autoclean)
>
> md5 2572 2 (autoclean)
>
> crypto_null 812 0 (autoclean)
>
> xfrm_user 7172 0 (unused)
>
> ipcomp 3376 0 (unused)
>
> esp4 5520 2
>
> ah4 3664 0 (unused)
>
> af_key 17904 0
>
> ehci-hcd 14764 0 (unused)
>
> nvidia 3645692 12
>
> usb-ohci 16488 0 (unused)
>
> usbcore 52268 1 [ehci-hcd usb-ohci]
>
> i810_audio 21372 1
>
> ac97_codec 11252 0 [i810_audio]
>
> soundcore 3268 2 [i810_audio]
>
> ide-scsi 8272 0
>
> 8139too 12328 2
>
> mii 1952 0 [8139too]
>
> crc32 2848 0 [8139too]
>
> ide-disk 12448 0
>
> ide-detect 288 0 (unused)
>
> ide-cd 27072 0
>
> cdrom 26212 0 [ide-cd]
>
> ide-core 91832 0 [ide-scsi ide-disk ide-detect ide-cd]
>
> rtc 5768 0 (autoclean)
>
> ext3 65388 1 (autoclean)
>
> jbd 34628 1 (autoclean) [ext3]
>
> sd_mod 10764 4 (autoclean)
>
> sata_sis 1588 2 (autoclean)
>
> libata 21732 0 (autoclean) [sata_sis]
>
> scsi_mod 86052 3 (autoclean) [ide-scsi sd_mod sata_sis
> libata]
>
> unix 12752 217 (autoclean)
>
> + _________________________ proc/meminfo
>
> + cat /proc/meminfo
>
> total: used: free: shared: buffers: cached:
>
> Mem: 927129600 300302336 626827264 0 44457984 121520128
>
> Swap: 1998733312 0 1998733312
>
> MemTotal: 905400 kB
>
> MemFree: 612136 kB
>
> MemShared: 0 kB
>
> Buffers: 43416 kB
>
> Cached: 118672 kB
>
> SwapCached: 0 kB
>
> Active: 102968 kB
>
> Inactive: 154876 kB
>
> HighTotal: 0 kB
>
> HighFree: 0 kB
>
> LowTotal: 905400 kB
>
> LowFree: 612136 kB
>
> SwapTotal: 1951888 kB
>
> SwapFree: 1951888 kB
>
> + _________________________ proc/net/ipsec-ls
>
> + test -f /proc/net/ipsec_version
>
> + _________________________ usr/src/linux/.config
>
> + test -f /proc/config.gz
>
> ++ uname -r
>
> + test -f /lib/modules/2.4.27-2-386/build/.config
>
> + egrep 'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
>
> ++ uname -r
>
> + cat /lib/modules/2.4.27-2-386/build/.config
>
> CONFIG_NETLINK_DEV=m
>
> CONFIG_NET_KEY=m
>
> CONFIG_INET=y
>
> CONFIG_IP_MULTICAST=y
>
> CONFIG_IP_ADVANCED_ROUTER=y
>
> CONFIG_IP_MULTIPLE_TABLES=y
>
> CONFIG_IP_ROUTE_FWMARK=y
>
> CONFIG_IP_ROUTE_NAT=y
>
> CONFIG_IP_ROUTE_MULTIPATH=y
>
> CONFIG_IP_ROUTE_TOS=y
>
> CONFIG_IP_ROUTE_VERBOSE=y
>
> # CONFIG_IP_PNP is not set
>
> CONFIG_IP_MROUTE=y
>
> CONFIG_IP_PIMSM_V1=y
>
> CONFIG_IP_PIMSM_V2=y
>
> # CONFIG_INET_ECN is not set
>
> CONFIG_INET_AH=m
>
> CONFIG_INET_ESP=m
>
> CONFIG_INET_IPCOMP=m
>
> CONFIG_IP_NF_CONNTRACK=m
>
> CONFIG_IP_NF_FTP=m
>
> CONFIG_IP_NF_AMANDA=m
>
> CONFIG_IP_NF_TFTP=m
>
> CONFIG_IP_NF_IRC=m
>
> CONFIG_IP_NF_QUEUE=m
>
> CONFIG_IP_NF_IPTABLES=m
>
> CONFIG_IP_NF_MATCH_LIMIT=m
>
> CONFIG_IP_NF_MATCH_MAC=m
>
> CONFIG_IP_NF_MATCH_PKTTYPE=m
>
> CONFIG_IP_NF_MATCH_MARK=m
>
> CONFIG_IP_NF_MATCH_MULTIPORT=m
>
> CONFIG_IP_NF_MATCH_TOS=m
>
> CONFIG_IP_NF_MATCH_RECENT=m
>
> CONFIG_IP_NF_MATCH_ECN=m
>
> CONFIG_IP_NF_MATCH_DSCP=m
>
> CONFIG_IP_NF_MATCH_AH_ESP=m
>
> CONFIG_IP_NF_MATCH_LENGTH=m
>
> CONFIG_IP_NF_MATCH_TTL=m
>
> CONFIG_IP_NF_MATCH_TCPMSS=m
>
> CONFIG_IP_NF_MATCH_HELPER=m
>
> CONFIG_IP_NF_MATCH_STATE=m
>
> CONFIG_IP_NF_MATCH_CONNTRACK=m
>
> CONFIG_IP_NF_MATCH_UNCLEAN=m
>
> CONFIG_IP_NF_MATCH_OWNER=m
>
> CONFIG_IP_NF_FILTER=m
>
> CONFIG_IP_NF_TARGET_REJECT=m
>
> CONFIG_IP_NF_TARGET_MIRROR=m
>
> CONFIG_IP_NF_NAT=m
>
> CONFIG_IP_NF_NAT_NEEDED=y
>
> CONFIG_IP_NF_TARGET_MASQUERADE=m
>
> CONFIG_IP_NF_TARGET_REDIRECT=m
>
> CONFIG_IP_NF_NAT_AMANDA=m
>
> CONFIG_IP_NF_NAT_LOCAL=y
>
> CONFIG_IP_NF_NAT_SNMP_BASIC=m
>
> CONFIG_IP_NF_NAT_IRC=m
>
> CONFIG_IP_NF_NAT_FTP=m
>
> CONFIG_IP_NF_NAT_TFTP=m
>
> CONFIG_IP_NF_MANGLE=m
>
> CONFIG_IP_NF_TARGET_TOS=m
>
> CONFIG_IP_NF_TARGET_ECN=m
>
> CONFIG_IP_NF_TARGET_DSCP=m
>
> CONFIG_IP_NF_TARGET_MARK=m
>
> CONFIG_IP_NF_TARGET_LOG=m
>
> CONFIG_IP_NF_TARGET_ULOG=m
>
> CONFIG_IP_NF_TARGET_TCPMSS=m
>
> CONFIG_IP_NF_ARPTABLES=m
>
> CONFIG_IP_NF_ARPFILTER=m
>
> CONFIG_IP_NF_ARP_MANGLE=m
>
> CONFIG_IP_NF_COMPAT_IPCHAINS=m
>
> CONFIG_IP_NF_NAT_NEEDED=y
>
> CONFIG_IP_NF_COMPAT_IPFWADM=m
>
> CONFIG_IP_NF_NAT_NEEDED=y
>
> CONFIG_IP_VS=m
>
> # CONFIG_IP_VS_DEBUG is not set
>
> CONFIG_IP_VS_TAB_BITS=12
>
> CONFIG_IP_VS_RR=m
>
> CONFIG_IP_VS_WRR=m
>
> CONFIG_IP_VS_LC=m
>
> CONFIG_IP_VS_WLC=m
>
> CONFIG_IP_VS_LBLC=m
>
> CONFIG_IP_VS_LBLCR=m
>
> CONFIG_IP_VS_DH=m
>
> CONFIG_IP_VS_SH=m
>
> CONFIG_IP_VS_SED=m
>
> CONFIG_IP_VS_NQ=m
>
> CONFIG_IP_VS_FTP=m
>
> CONFIG_IPV6=m
>
> CONFIG_IPV6_PRIVACY=y
>
> CONFIG_IP6_NF_QUEUE=m
>
> CONFIG_IP6_NF_IPTABLES=m
>
> CONFIG_IP6_NF_MATCH_LIMIT=m
>
> CONFIG_IP6_NF_MATCH_MAC=m
>
> CONFIG_IP6_NF_MATCH_RT=m
>
> CONFIG_IP6_NF_MATCH_OPTS=m
>
> CONFIG_IP6_NF_MATCH_FRAG=m
>
> CONFIG_IP6_NF_MATCH_HL=m
>
> CONFIG_IP6_NF_MATCH_MULTIPORT=m
>
> CONFIG_IP6_NF_MATCH_OWNER=m
>
> CONFIG_IP6_NF_MATCH_MARK=m
>
> CONFIG_IP6_NF_MATCH_IPV6HEADER=m
>
> CONFIG_IP6_NF_MATCH_AHESP=m
>
> CONFIG_IP6_NF_MATCH_LENGTH=m
>
> CONFIG_IP6_NF_MATCH_EUI64=m
>
> CONFIG_IP6_NF_FILTER=m
>
> CONFIG_IP6_NF_TARGET_LOG=m
>
> CONFIG_IP6_NF_MANGLE=m
>
> CONFIG_IP6_NF_TARGET_MARK=m
>
> CONFIG_INET6_AH=m
>
> CONFIG_INET6_ESP=m
>
> CONFIG_INET6_IPCOMP=m
>
> CONFIG_IPV6_TUNNEL=m
>
> CONFIG_IP_SCTP=m
>
> CONFIG_IPX=m
>
> # CONFIG_IPX_INTERN is not set
>
> CONFIG_IPDDP=m
>
> CONFIG_IPDDP_ENCAP=y
>
> CONFIG_IPDDP_DECAP=y
>
> CONFIG_IPHASE5526=m
>
> CONFIG_IPPP_FILTER=y
>
> CONFIG_IPMI_HANDLER=m
>
> # CONFIG_IPMI_PANIC_EVENT is not set
>
> CONFIG_IPMI_DEVICE_INTERFACE=m
>
> CONFIG_IPMI_KCS=m
>
> CONFIG_IPMI_WATCHDOG=m
>
> + _________________________ etc/syslog.conf
>
> + cat /etc/syslog.conf
>
> # /etc/syslog.conf Configuration file for syslogd.
>
> #
>
> # For more information see syslog.conf(5)
>
> # manpage.
>
>
>
> #
>
> # First some standard logfiles. Log by facility.
>
> #
>
>
>
> auth,authpriv.* /var/log/auth.log
>
> *.*;auth,authpriv.none -/var/log/syslog
>
> #cron.* /var/log/cron.log
>
> daemon.* -/var/log/daemon.log
>
> kern.* -/var/log/kern.log
>
> lpr.* -/var/log/lpr.log
>
> mail.* -/var/log/mail.log
>
> user.* -/var/log/user.log
>
> uucp.* /var/log/uucp.log
>
>
>
> #
>
> # Logging for the mail system. Split it up so that
>
> # it is easy to write scripts to parse these files.
>
> #
>
> mail.info -/var/log/mail.info
>
> mail.warn -/var/log/mail.warn
>
> mail.err /var/log/mail.err
>
>
>
> # Logging for INN news system
>
> #
>
> news.crit /var/log/news/news.crit
>
> news.err /var/log/news/news.err
>
> news.notice -/var/log/news/news.notice
>
>
>
> #
>
> # Some `catch-all' logfiles.
>
> #
>
> *.=debug;\
>
> auth,authpriv.none;\
>
> news.none;mail.none -/var/log/debug
>
> *.=info;*.=notice;*.=warn;\
>
> auth,authpriv.none;\
>
> cron,daemon.none;\
>
> mail,news.none -/var/log/messages
>
>
>
> #
>
> # Emergencies are sent to everybody logged in.
>
> #
>
> *.emerg *
>
>
>
> #
>
> # I like to have messages displayed on the console, but only on a virtual
>
> # console I usually leave idle.
>
> #
>
> #daemon,mail.*;\
>
> # news.=crit;news.=err;news.=notice;\
>
> # *.=debug;*.=info;\
>
> # *.=notice;*.=warn /dev/tty8
>
>
>
> # The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
>
> # you must invoke `xconsole' with the `-file' option:
>
> #
>
> # $ xconsole -file /dev/xconsole [...]
>
> #
>
> # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
>
> # busy site..
>
> #
>
> daemon.*;mail.*;\
>
> news.crit;news.err;news.notice;\
>
> *.=debug;*.=info;\
>
> *.=notice;*.=warn |/dev/xconsole
>
>
>
> + _________________________ etc/resolv.conf
>
> + cat /etc/resolv.conf
>
> search comunebl.it
>
> nameserver 10.6.3.130
>
> nameserver 10.6.0.20
>
> + _________________________ lib/modules-ls
>
> + ls -ltr /lib/modules
>
> total 8
>
> drwxr-xr-x 5 root root 4096 Dec 19 16:28 2.4.27-2-386
>
> drwxr-xr-x 4 root root 4096 Jan 25 13:08 2.4.27-2-686-smp
>
> + _________________________ proc/ksyms-netif_rx
>
> + test -r /proc/ksyms
>
> + egrep netif_rx /proc/ksyms
>
> c01ba0fa netif_rx_R86c60d40
>
> + _________________________ lib/modules-netif_rx
>
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
>
> + set +x
>
> 2.4.27-2-386: U netif_rx_R86c60d40
>
> 2.4.27-2-686-smp: U netif_rx_Rsmp_6381047f
>
> + _________________________ kern.debug
>
> + test -f /var/log/kern.debug
>
> + _________________________ klog
>
> + sed -n '14429,$p' /var/log/syslog
>
> + egrep -i 'ipsec|klips|pluto'
>
> + cat
>
> Mar 9 11:13:07 localhost ipsec_setup: Starting Openswan IPsec
> U2.2.0/K2.4.27-2-386...
>
> + _________________________ plog
>
> + sed -n '6401,$p' /var/log/auth.log
>
> + egrep -i pluto
>
> + cat
>
> Mar 9 11:13:07 localhost ipsec__plutorun: Starting Pluto subsystem...
>
> Mar 9 11:13:07 localhost pluto[4314]: Starting Pluto (Openswan Version
> 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
>
> Mar 9 11:13:07 localhost pluto[4314]: including NAT-Traversal patch
> (Version 0.6c) [disabled]
>
> Mar 9 11:13:07 localhost pluto[4314]: | opening /dev/urandom
>
> Mar 9 11:13:07 localhost pluto[4314]: | inserting event
> EVENT_REINIT_SECRET, timeout in 3600 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: ike_alg_register_enc(): Activating
> OAKLEY_AES_CBC: Ok (ret=0)
>
> Mar 9 11:13:07 localhost pluto[4314]: | process 4314 listening for
> PF_KEY_V2 on file descriptor 6
>
> Mar 9 11:13:07 localhost pluto[4314]: Using Linux 2.6 IPsec interface code
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build:
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2,
> res=0, seq=1, pid=4314.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> remain=0, ext_type=0(reserved), ext_len=0.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
> message 1 for AH
>
> Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 02 02 00 00 00 01 00
> 00 00 da 10 00 00
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 1
>
> Mar 9 11:13:07 localhost pluto[4314]: | AH registered with kernel.
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build:
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2,
> res=0, seq=2, pid=4314.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> remain=0, ext_type=0(reserved), ext_len=0.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
> message 2 for ESP
>
> Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 03 02 00 00 00 02 00
> 00 00 da 10 00 00
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 2
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_init():memset(0x80eba80, 0,
> 2016) memset(0x80ec260, 0, 2048)
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=14, alg_id=251
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0,
> alg_minbits=0, alg_maxbits=0, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=14, alg_id=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0,
> alg_minbits=128, alg_maxbits=128, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=14, alg_id=3
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0,
> alg_minbits=160, alg_maxbits=160, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=14, alg_id=5
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0,
> alg_minbits=256, alg_maxbits=256, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=11
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0,
> alg_minbits=0, alg_maxbits=0, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8,
> alg_minbits=64, alg_maxbits=64, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=3
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8,
> alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=7
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8,
> alg_minbits=40, alg_maxbits=448, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=12
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=252
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
> exttype=15, alg_id=253
>
> Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
> SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8,
> alg_minbits=128, alg_maxbits=256, res=0, ret=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | ESP registered with kernel.
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build:
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
> pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2,
> res=0, seq=3, pid=4314.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> remain=0, ext_type=0(reserved), ext_len=0.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
> extensions permitted=00000001, seen=00000001, required=00000001.
>
> Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
> message 3 for IPCOMP
>
> Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 09 02 00 00 00 03 00
> 00 00 da 10 00 00
>
> Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 3
>
> Mar 9 11:13:07 localhost pluto[4314]: | IPCOMP registered with kernel.
>
> Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
> '/etc/ipsec.d/cacerts'
>
> Mar 9 11:13:07 localhost pluto[4314]: Could not change to directory
> '/etc/ipsec.d/aacerts'
>
> Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
> '/etc/ipsec.d/ocspcerts'
>
> Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
> '/etc/ipsec.d/crls'
>
> Mar 9 11:13:07 localhost pluto[4314]: Warning: empty directory
>
> Mar 9 11:13:07 localhost pluto[4314]: | inserting event 11??, timeout in
> 46013 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
> 3600 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: |
>
> Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
> 3600 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: |
>
> Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
> 3600 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: |
>
> Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:13:07 localhost pluto[4314]: | Added new connection road with
> policy RSASIG+ENCRYPT+TUNNEL+PFS
>
> Mar 9 11:13:07 localhost pluto[4314]: | from whack: got
> --esp=3des-md5,3des-sha1
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
> aalg_buf=md5eklen=0 aklen=0
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80cdfb4, "ESP_3DES")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> ealg_getbyname("3des")=3
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce280, "AUTH_ALGORITHM_HMAC_MD5")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> aalg_getbyname("md5")=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_esp_add() ealg=3 aalg=1
> cnt=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
> aalg_buf=sha1eklen=0 aklen=0
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80cdfb4, "ESP_3DES")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> ealg_getbyname("3des")=3
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce280, "AUTH_ALGORITHM_HMAC_SHA1")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> aalg_getbyname("sha1")=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_esp_add() ealg=3 aalg=2
> cnt=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | esp string values: 3_000-1,
> 3_000-2, flags=-strict
>
> Mar 9 11:13:07 localhost pluto[4314]: | from whack: got
> --ike=3des-md5,3des-sha
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
> aalg_buf=md5eklen=0 aklen=0
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce3fc, "OAKLEY_3DES")
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_ppfixi () calling
> enum_search(0x80ce3fc, "OAKLEY_3DES_CBC")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> ealg_getbyname("3des")=5
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce424, "OAKLEY_MD5")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> aalg_getbyname("md5")=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=1
> modp_id=5, cnt=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=1
> modp_id=2, cnt=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
> aalg_buf=shaeklen=0 aklen=0
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce3fc, "OAKLEY_3DES")
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_ppfixi () calling
> enum_search(0x80ce3fc, "OAKLEY_3DES_CBC")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> ealg_getbyname("3des")=5
>
> Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
> enum_search(0x80ce424, "OAKLEY_SHA")
>
> Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
> aalg_getbyname("sha")=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=2
> modp_id=5, cnt=3
>
> Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=2
> modp_id=2, cnt=4
>
> Mar 9 11:13:07 localhost pluto[4314]: | ike string values: 5_000-1-5,
> 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
>
> Mar 9 11:13:07 localhost pluto[4314]: | counting wild cards for
> @multilinus.multibel.it is 0
>
> Mar 9 11:13:07 localhost pluto[4314]: | sendcert is 3
>
> Mar 9 11:13:07 localhost pluto[4314]: | counting wild cards for
> @multibel1.multibel.it is 0
>
> Mar 9 11:13:07 localhost pluto[4314]: | sendcert is 3
>
> Mar 9 11:13:07 localhost pluto[4314]: | based upon policy, the connection
> is a template.
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=1
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=2
>
> Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=2
>
> Mar 9 11:13:07 localhost pluto[4314]: added connection description "road"
>
> Mar 9 11:13:07 localhost pluto[4314]: |
> 10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...%any[@multibel1.multi
>b el.it]
>
> Mar 9 11:13:07 localhost pluto[4314]: | ike_life: 3600s; ipsec_life:
> 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
> RSASIG+ENCRYPT+TUNNEL+PFS
>
> Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
> 3600 seconds
>
> Mar 9 11:13:07 localhost pluto[4314]: |
>
> Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:13:07 localhost pluto[4314]: listening for IKE messages
>
> Mar 9 11:13:07 localhost pluto[4314]: | found lo with address 127.0.0.1
>
> Mar 9 11:13:07 localhost pluto[4314]: | found eth0 with address 10.6.3.133
>
> Mar 9 11:13:07 localhost pluto[4314]: | found eth1 with address
> 10.6.100.254
>
> Mar 9 11:13:07 localhost pluto[4314]: adding interface eth1/eth1
> 10.6.100.254
>
> Mar 9 11:13:07 localhost pluto[4314]: adding interface eth0/eth0
> 10.6.3.133
>
> Mar 9 11:13:07 localhost pluto[4314]: adding interface lo/lo 127.0.0.1
>
> Mar 9 11:13:07 localhost pluto[4314]: | could not open /proc/net/if_inet6
>
> Mar 9 11:13:07 localhost pluto[4314]: loading secrets from
> "/etc/ipsec.secrets"
>
> Mar 9 11:13:07 localhost pluto[4314]: | loaded private key for keyid:
> PPK_RSA:AQN74Z87R
>
> Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
> 3600 seconds
>
> Mar 9 11:13:15 localhost pluto[4314]: |
>
> Mar 9 11:13:15 localhost pluto[4314]: | *received 176 bytes from
> 10.6.3.132:500 on eth0
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 00 00
> 00 00 00 00 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
> 00 b0 00 00 00 94
>
> Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
> 00 88 00 01 00 04
>
> Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 00 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
> 00 03 80 04 00 05
>
> Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 01 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
> 00 03 80 04 00 02
>
> Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 02 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
> 00 03 80 04 00 05
>
> Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 20 03 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
> 00 03 80 04 00 02
>
> Mar 9 11:13:15 localhost pluto[4314]: | **parse ISAKMP Message:
>
> Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 00 00 00 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:13:15 localhost pluto[4314]: | flags: none
>
> Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 176
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Security
> Association Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 148
>
> Mar 9 11:13:15 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=3
>
> Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=3
>
> Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=4
>
> Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
> alg_info->ref_cnt=4
>
> Mar 9 11:13:15 localhost pluto[4314]: | instantiated "road" for 10.6.3.132
>
> Mar 9 11:13:15 localhost pluto[4314]: | creating state object #1 at
> 0x80efca8
>
> Mar 9 11:13:15 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:15 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:13:15 localhost pluto[4314]: | state hash entry 25
>
> Mar 9 11:13:15 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #1
>
> Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: responding
> to Main Mode from unknown peer 10.6.3.132
>
> Mar 9 11:13:15 localhost pluto[4314]: | **emit ISAKMP Message:
>
> Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:13:15 localhost pluto[4314]: | flags: none
>
> Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Security
> Association Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:13:15 localhost pluto[4314]: | ****parse IPsec DOI SIT:
>
> Mar 9 11:13:15 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:13:15 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 136
>
> Mar 9 11:13:15 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
>
> Mar 9 11:13:15 localhost pluto[4314]: | SPI size: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | number of transforms: 4
>
> Mar 9 11:13:15 localhost pluto[4314]: | *****parse ISAKMP Transform
> Payload (ISAKMP):
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_T
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 32
>
> Mar 9 11:13:15 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | transform ID: KEY_IKE
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_LIFE_TYPE
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:13:15 localhost pluto[4314]: | [1 is OAKLEY_LIFE_SECONDS]
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_LIFE_DURATION
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 3600
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type:
> OAKLEY_ENCRYPTION_ALGORITHM
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 5
>
> Mar 9 11:13:15 localhost pluto[4314]: | [5 is OAKLEY_3DES_CBC]
>
> Mar 9 11:13:15 localhost pluto[4314]: | ike_alg_enc_ok(ealg=5,key_len=0):
> blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_HASH_ALGORITHM
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:13:15 localhost pluto[4314]: | [1 is OAKLEY_MD5]
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type:
> OAKLEY_AUTHENTICATION_METHOD
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 3
>
> Mar 9 11:13:15 localhost pluto[4314]: | [3 is OAKLEY_RSA_SIG]
>
> Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:13:15 localhost pluto[4314]: | af+type:
> OAKLEY_GROUP_DESCRIPTION
>
> Mar 9 11:13:15 localhost pluto[4314]: | length/value: 5
>
> Mar 9 11:13:15 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
>
> Mar 9 11:13:15 localhost pluto[4314]: | Oakley Transform 0 accepted
>
> Mar 9 11:13:15 localhost pluto[4314]: | ****emit IPsec DOI SIT:
>
> Mar 9 11:13:15 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:13:15 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
>
> Mar 9 11:13:15 localhost pluto[4314]: | SPI size: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | number of transforms: 1
>
> Mar 9 11:13:15 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
> (ISAKMP):
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | transform ID: KEY_IKE
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting 24 raw bytes of
> attributes into ISAKMP Transform Payload (ISAKMP)
>
> Mar 9 11:13:15 localhost pluto[4314]: | attributes 80 0b 00 01 80 0c 0e
> 10 80 01 00 05 80 02 00 01
>
> .............
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Identification
> Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SIG
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 29
>
> Mar 9 11:13:15 localhost pluto[4314]: | ID type: ID_FQDN
>
> Mar 9 11:13:15 localhost pluto[4314]: | DOI specific A: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | DOI specific B: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Signature Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 260
>
> Mar 9 11:13:15 localhost pluto[4314]: | removing 7 bytes of padding
>
> Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: Peer ID is
> ID_FQDN: '@multibel1.multibel.it'
>
> Mar 9 11:13:15 localhost pluto[4314]: | refine_connection: starting with
> road
>
> Mar 9 11:13:15 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:15 localhost pluto[4314]: | refine_connection: happy with
> starting point: road
>
> Mar 9 11:13:15 localhost pluto[4314]: | offered CA: '%none'
>
> Mar 9 11:13:15 localhost pluto[4314]: | hashing 144 bytes of SA
>
> Mar 9 11:13:15 localhost pluto[4314]: | required CA is '%any'
>
> Mar 9 11:13:15 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:15 localhost pluto[4314]: | key issuer CA is '%any'
>
> Mar 9 11:13:15 localhost pluto[4314]: | an RSA Sig check passed with
> *AQO9mjElL [preloaded key]
>
> Mar 9 11:13:15 localhost pluto[4314]: | authentication succeeded
>
> Mar 9 11:13:15 localhost pluto[4314]: | thinking about whether to send my
> certificate:
>
> Mar 9 11:13:15 localhost pluto[4314]: | I have RSA key: OAKLEY_RSA_SIG
> cert.type: CERT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | sendcert: CERT_ALWAYSSEND and I
> did not get a certificate request
>
> Mar 9 11:13:15 localhost pluto[4314]: | so do not send cert.
>
> Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: I did not
> send a certificate because I do not have one.
>
> Mar 9 11:13:15 localhost pluto[4314]: | **emit ISAKMP Message:
>
> Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_ID
>
> Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:13:15 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
>
> Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Identification
> Payload (IPsec DOI):
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SIG
>
> Mar 9 11:13:15 localhost pluto[4314]: | ID type: ID_FQDN
>
> Mar 9 11:13:15 localhost pluto[4314]: | Protocol ID: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | port: 0
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting 22 raw bytes of my
> identity into ISAKMP Identification Payload (IPsec DOI)
>
> Mar 9 11:13:15 localhost pluto[4314]: | my identity 6d 75 6c 74 69 6c 69
> 6e 75 73 2e 6d 75 6c 74 69
>
> Mar 9 11:13:15 localhost pluto[4314]: | 62 65 6c 2e 69 74
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP
> Identification Payload (IPsec DOI): 30
>
> Mar 9 11:13:15 localhost pluto[4314]: | hashing 144 bytes of SA
>
> Mar 9 11:13:15 localhost pluto[4314]: | looking for secret for
> @multilinus.multibel.it->@multibel1.multibel.it of kind PPK_RSA
>
> Mar 9 11:13:15 localhost pluto[4314]: | signing hash with RSA Key
> *AQN74Z87R
>
> Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Signature Payload:
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting 256 raw bytes of SIG_R
> into ISAKMP Signature Payload
>
> Mar 9 11:13:15 localhost pluto[4314]: | SIG_R 33 a3 36 ba b9 63 d7 8f
> 65 59 9c 0c 45 f6 f5 a9
>
> Mar 9 11:13:15 localhost pluto[4314]: | c2 e7 1a 90 44 fe 98 20 c2 c9
> 06 24 a3 f2 6e 27
>
> Mar 9 11:13:15 localhost pluto[4314]: | 3b c3 5d 09 0c ff 8f 14 07 b9
> 1b d5 c2 f1 cb d2
>
> Mar 9 11:13:15 localhost pluto[4314]: | 0d 85 dd a7 63 e6 65 8e 93 4d
> ed b5 0e 5b 63 5e
>
> Mar 9 11:13:15 localhost pluto[4314]: | 93 98 b9 e5 cb bf 7a 78 20 c2
> 6d 3c 03 b3 66 87
>
> Mar 9 11:13:15 localhost pluto[4314]: | f3 cd b9 54 ca a7 ff 6b 4d b6
> c0 4c 1d 54 c8 b0
>
> Mar 9 11:13:15 localhost pluto[4314]: | b7 9e ee 08 54 ff 78 e8 57 2f
> 0b 8b 62 6d f9 a5
>
> Mar 9 11:13:15 localhost pluto[4314]: | 76 c9 b1 fa 0f 02 05 9c d5 08
> 00 72 ad 45 2c ba
>
> Mar 9 11:13:15 localhost pluto[4314]: | 39 82 ee 91 02 5a 46 c8 f8 c6
> 08 db ac 00 bc e9
>
> Mar 9 11:13:15 localhost pluto[4314]: | ea b8 1e 7f cc 2b 67 7c fe a3
> cb a8 51 1b 36 ae
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1d cb ab fa 58 06 4b 19 6f b7
> c5 87 00 c6 e5 ff
>
> Mar 9 11:13:15 localhost pluto[4314]: | 03 dd bd cf ad e1 77 2a e2 82
> 31 5e 73 4d 5f 3c
>
> Mar 9 11:13:15 localhost pluto[4314]: | e4 43 4b 5a b9 e7 24 fd c7 39
> 35 f3 15 17 a3 46
>
> Mar 9 11:13:15 localhost pluto[4314]: | 0e 97 a2 74 61 7e 1d f3 21 51
> 91 df d6 6f 1c c8
>
> Mar 9 11:13:15 localhost pluto[4314]: | f0 b1 ec d4 b1 7f b4 ec cb 20
> 3c 89 5c d4 d3 71
>
> Mar 9 11:13:15 localhost pluto[4314]: | dc b0 72 ad ef 3a 35 4b a0 c7
> 8b c8 b4 18 1d bc
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP
> Signature Payload: 260
>
> Mar 9 11:13:15 localhost pluto[4314]: | encrypting:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 09 00 00 1e 02 00 00 00 6d 75
> 6c 74 69 6c 69 6e
>
> Mar 9 11:13:15 localhost pluto[4314]: | 75 73 2e 6d 75 6c 74 69 62 65
> 6c 2e 69 74 00 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | 01 04 33 a3 36 ba b9 63 d7 8f
> 65 59 9c 0c 45 f6
>
> Mar 9 11:13:15 localhost pluto[4314]: | f5 a9 c2 e7 1a 90 44 fe 98 20
> c2 c9 06 24 a3 f2
>
> Mar 9 11:13:15 localhost pluto[4314]: | 6e 27 3b c3 5d 09 0c ff 8f 14
> 07 b9 1b d5 c2 f1
>
> Mar 9 11:13:15 localhost pluto[4314]: | cb d2 0d 85 dd a7 63 e6 65 8e
> 93 4d ed b5 0e 5b
>
> Mar 9 11:13:15 localhost pluto[4314]: | 63 5e 93 98 b9 e5 cb bf 7a 78
> 20 c2 6d 3c 03 b3
>
> Mar 9 11:13:15 localhost pluto[4314]: | 66 87 f3 cd b9 54 ca a7 ff 6b
> 4d b6 c0 4c 1d 54
>
> Mar 9 11:13:15 localhost pluto[4314]: | c8 b0 b7 9e ee 08 54 ff 78 e8
> 57 2f 0b 8b 62 6d
>
> Mar 9 11:13:15 localhost pluto[4314]: | f9 a5 76 c9 b1 fa 0f 02 05 9c
> d5 08 00 72 ad 45
>
> Mar 9 11:13:15 localhost pluto[4314]: | 2c ba 39 82 ee 91 02 5a 46 c8
> f8 c6 08 db ac 00
>
> Mar 9 11:13:15 localhost pluto[4314]: | bc e9 ea b8 1e 7f cc 2b 67 7c
> fe a3 cb a8 51 1b
>
> Mar 9 11:13:15 localhost pluto[4314]: | 36 ae 1d cb ab fa 58 06 4b 19
> 6f b7 c5 87 00 c6
>
> Mar 9 11:13:15 localhost pluto[4314]: | e5 ff 03 dd bd cf ad e1 77 2a
> e2 82 31 5e 73 4d
>
> Mar 9 11:13:15 localhost pluto[4314]: | 5f 3c e4 43 4b 5a b9 e7 24 fd
> c7 39 35 f3 15 17
>
> Mar 9 11:13:15 localhost pluto[4314]: | a3 46 0e 97 a2 74 61 7e 1d f3
> 21 51 91 df d6 6f
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1c c8 f0 b1 ec d4 b1 7f b4 ec
> cb 20 3c 89 5c d4
>
> Mar 9 11:13:15 localhost pluto[4314]: | d3 71 dc b0 72 ad ef 3a 35 4b
> a0 c7 8b c8 b4 18
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1d bc
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting 6 zero bytes of
> encryption padding into ISAKMP Message
>
> Mar 9 11:13:15 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
>
> Mar 9 11:13:15 localhost pluto[4314]: | next IV: 63 bf f3 e4 3a 47 b5 b7
>
> Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP Message:
> 324
>
> Mar 9 11:13:15 localhost pluto[4314]: | last encrypted block of Phase 1:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 63 bf f3 e4 3a 47 b5 b7
>
> Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: transition
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
>
> Mar 9 11:13:15 localhost pluto[4314]: | sending 324 bytes for
> STATE_MAIN_R2 through eth0 to 10.6.3.132:500:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
> 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | 05 10 02 01 00 00 00 00 00 00
> 01 44 8a a3 af 51
>
> Mar 9 11:13:15 localhost pluto[4314]: | 23 fa 23 ed b1 7d f3 c1 2a d6
> da 52 14 19 2a 1b
>
> Mar 9 11:13:15 localhost pluto[4314]: | ed 6a eb d8 09 b9 1f d2 4d af
> 6b bf df 99 45 1e
>
> Mar 9 11:13:15 localhost pluto[4314]: | 19 6f 49 63 da 62 5e 59 00 da
> 1f c6 5b 2c ff ce
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1e 5f 4e 1b 6f 47 40 f2 ad 65
> f7 b1 79 53 58 e9
>
> Mar 9 11:13:15 localhost pluto[4314]: | f5 61 4e e3 64 3d d2 e7 c3 1a
> 9c f8 8c 51 e3 ab
>
> Mar 9 11:13:15 localhost pluto[4314]: | bb 33 c0 96 89 e8 f6 86 01 a6
> 05 e2 2a 04 99 8a
>
> Mar 9 11:13:15 localhost pluto[4314]: | e8 80 b9 21 a9 2d 60 58 d2 22
> 5d d0 c2 5d 04 f2
>
> Mar 9 11:13:15 localhost pluto[4314]: | 92 0d 6a 01 ae b6 68 27 dc 0e
> ed 3a aa 7b 97 58
>
> Mar 9 11:13:15 localhost pluto[4314]: | 0b 93 f8 30 d1 52 b6 44 f3 58
> 03 67 47 c4 54 78
>
> Mar 9 11:13:15 localhost pluto[4314]: | 22 81 7e 0f 5d e3 86 13 62 87
> b6 a7 cf b6 fc 64
>
> Mar 9 11:13:15 localhost pluto[4314]: | a1 94 bd 11 4a cd d0 4e 11 60
> 59 0f d2 51 8d 08
>
> Mar 9 11:13:15 localhost pluto[4314]: | e2 5c 1e a3 7e 5c a0 90 a6 15
> b7 2a ff 25 e7 e0
>
> Mar 9 11:13:15 localhost pluto[4314]: | 78 f8 99 ea f1 1c 0f 26 f7 c1
> b1 fd 58 1e e9 23
>
> Mar 9 11:13:15 localhost pluto[4314]: | fb 6c fd dd ff 92 60 d4 0b 6b
> 36 20 40 f2 ec af
>
> Mar 9 11:13:15 localhost pluto[4314]: | 35 28 53 25 b2 e7 8c 1c 0a 3f
> ad db 44 6b c4 55
>
> Mar 9 11:13:15 localhost pluto[4314]: | d7 d7 97 9d b2 a5 72 77 e6 46
> 7f e5 c1 06 c0 ea
>
> Mar 9 11:13:15 localhost pluto[4314]: | 22 90 fb bb 94 08 60 20 35 a1
> 76 fd b7 72 3a 6f
>
> Mar 9 11:13:15 localhost pluto[4314]: | df b4 a7 8b 0e d3 b8 36 ab 79
> b0 ae 63 bf f3 e4
>
> Mar 9 11:13:15 localhost pluto[4314]: | 3a 47 b5 b7
>
> Mar 9 11:13:15 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
> timeout in 3330 seconds for #1
>
> Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: sent MR3,
> ISAKMP SA established
>
> Mar 9 11:13:15 localhost pluto[4314]: | next event EVENT_SA_REPLACE in
> 3330 seconds for #1
>
> Mar 9 11:13:15 localhost pluto[4314]: |
>
> Mar 9 11:13:15 localhost pluto[4314]: | *received 380 bytes from
> 10.6.3.132:500 on eth0
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
> 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
> 01 7c 65 a9 84 33
>
> Mar 9 11:13:15 localhost pluto[4314]: | e7 38 76 bb 28 ca ad 4c db fc
> dc 74 d0 ff a1 17
>
> Mar 9 11:13:15 localhost pluto[4314]: | e4 f0 02 25 7b da 49 87 b3 92
> 51 0d 91 ce 73 44
>
> Mar 9 11:13:15 localhost pluto[4314]: | 0a 8c dc ba d1 70 05 0b a7 e2
> 5f e3 97 e6 ca 77
>
> Mar 9 11:13:15 localhost pluto[4314]: | 34 82 35 18 86 9c 79 7f cb c8
> 6c e1 8a 24 08 69
>
> Mar 9 11:13:15 localhost pluto[4314]: | 9c 90 b5 50 b2 15 e5 17 c9 25
> 89 78 a4 eb f9 57
>
> Mar 9 11:13:15 localhost pluto[4314]: | 4a c7 21 15 fe 9a 37 7c 50 c4
> 35 af d4 fd 92 aa
>
> Mar 9 11:13:15 localhost pluto[4314]: | 9c fb 66 cd ff e7 16 93 1a 0f
> 22 78 f0 6d be 20
>
> Mar 9 11:13:15 localhost pluto[4314]: | 87 c6 5a c9 f4 62 2d 64 01 78
> c2 7d ce 9d c9 60
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1b 5b 1f 5b ac 9c b2 a3 26 ae
> 47 de 93 aa a3 6b
>
> Mar 9 11:13:15 localhost pluto[4314]: | ed 55 9b 9a 01 c3 f5 5e 1f cf
> 4d 7d 0d b8 cf da
>
> Mar 9 11:13:15 localhost pluto[4314]: | 49 ee 99 61 23 84 d0 0c 38 9d
> 31 9c 12 1f ce 6f
>
> Mar 9 11:13:15 localhost pluto[4314]: | eb 7a 8e 1b 70 77 f7 72 08 e9
> e0 82 63 fe 55 3c
>
> Mar 9 11:13:15 localhost pluto[4314]: | 8b 73 0f 3b b0 f3 d7 1c 3e 30
> b8 b9 c9 21 ba a9
>
> Mar 9 11:13:15 localhost pluto[4314]: | 61 15 5c c5 30 2e 37 69 79 20
> a7 6b ee 6e 0b fb
>
> Mar 9 11:13:15 localhost pluto[4314]: | 50 b1 4d 9c 31 5c 61 f3 82 c7
> 12 99 07 fe 1c 4b
>
> Mar 9 11:13:15 localhost pluto[4314]: | eb 7a 0e 1e 9d a7 8d 65 5f 7b
> e7 63 3f 16 0b 3e
>
> Mar 9 11:13:15 localhost pluto[4314]: | 18 b2 e8 eb d4 cd ed fb b1 46
> 53 27 5b 64 97 23
>
> Mar 9 11:13:15 localhost pluto[4314]: | 9d ed 8f 91 fd 90 aa b4 9d 9c
> 0f 26 38 23 82 9f
>
> Mar 9 11:13:15 localhost pluto[4314]: | f6 74 28 58 77 86 98 73 70 88
> bc 49 8b f0 84 1a
>
> Mar 9 11:13:15 localhost pluto[4314]: | 7d 86 8e 96 5d 3e 2f 3f 9b e9
> 54 7f 10 59 e1 22
>
> Mar 9 11:13:15 localhost pluto[4314]: | a1 6b 6d 84 50 d0 02 31 26 e4
> 82 92 17 92 43 87
>
> Mar 9 11:13:15 localhost pluto[4314]: | f1 86 a4 b9 e5 25 28 89 13 32
> d4 03
>
> Mar 9 11:13:15 localhost pluto[4314]: | **parse ISAKMP Message:
>
> Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_HASH
>
> Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_QUICK
>
> Mar 9 11:13:15 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
>
> Mar 9 11:13:15 localhost pluto[4314]: | message ID: ae 62 6a 91
>
> Mar 9 11:13:15 localhost pluto[4314]: | length: 380
>
> Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer and cookies match on #1,
> provided msgid ae626a91 vs 00000000
>
> Mar 9 11:13:16 localhost pluto[4314]: | state object not found
>
> Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer and cookies match on #1,
> provided msgid 00000000 vs 00000000
>
> Mar 9 11:13:16 localhost pluto[4314]: | state object #1 found, in
> STATE_MAIN_R3
>
> Mar 9 11:13:16 localhost pluto[4314]: | last Phase 1 IV: 63 bf f3 e4 3a
> 47 b5 b7
>
> Mar 9 11:13:16 localhost pluto[4314]: | last Phase 1 IV: 63 bf f3 e4 3a
> 47 b5 b7
>
> Mar 9 11:13:16 localhost pluto[4314]: | computed Phase 2 IV:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 17 4b e7 d7 eb eb c4 87 3c 51
> 9c 93 e8 e9 2f f5
>
> Mar 9 11:13:16 localhost pluto[4314]: | received encrypted packet from
> 10.6.3.132:500
>
> Mar 9 11:13:16 localhost pluto[4314]: | decrypting 352 bytes using
> algorithm OAKLEY_3DES_CBC
>
> Mar 9 11:13:16 localhost pluto[4314]: | decrypted:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 01 00 00 14 b6 b4 72 27 de 1b
> 4d 74 44 13 a1 9c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 99 5a 16 b1 0a 00 00 50 00 00
> 00 01 00 00 00 01
>
> Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 44 00 03 04 02 9f cb
> 44 16 03 00 00 1c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 00 03 00 00 80 03 00 05 80 04
> 00 01 80 01 00 01
>
> Mar 9 11:13:16 localhost pluto[4314]: | 80 02 70 80 80 05 00 01 00 00
> 00 1c 01 03 00 00
>
> Mar 9 11:13:16 localhost pluto[4314]: | 80 03 00 05 80 04 00 01 80 01
> 00 01 80 02 70 80
>
> Mar 9 11:13:16 localhost pluto[4314]: | 80 05 00 02 04 00 00 14 f5 09
> 95 c0 85 d4 38 4f
>
> Mar 9 11:13:16 localhost pluto[4314]: | a3 9b 35 fc 50 91 8f 75 05 00
> 00 c4 0a 65 89 43
>
> Mar 9 11:13:16 localhost pluto[4314]: | eb 76 6f 86 c6 37 4b 69 90 b6
> 16 49 90 ac 30 ab
>
> Mar 9 11:13:16 localhost pluto[4314]: | 53 95 b6 b7 2e 30 98 47 f5 f0
> 47 e9 9b 89 3e 90
>
> Mar 9 11:13:16 localhost pluto[4314]: | b5 68 ab 60 e4 4b 58 c5 f2 79
> c9 66 fe 50 ba 02
>
> Mar 9 11:13:16 localhost pluto[4314]: | 1c ff 17 af ed 7a e4 f1 2f bf
> 27 b4 87 ac 71 2d
>
> Mar 9 11:13:16 localhost pluto[4314]: | 4f 74 79 33 d4 f9 61 f1 a5 03
> 28 c2 5b f1 12 5b
>
> Mar 9 11:13:16 localhost pluto[4314]: | 2d 7f 69 76 18 3e 38 e3 21 e7
> 1e 3c 8c 13 32 38
>
> Mar 9 11:13:16 localhost pluto[4314]: | c8 88 ff 91 0d 98 48 96 ff ed
> 03 23 38 27 f4 d8
>
> Mar 9 11:13:16 localhost pluto[4314]: | 35 69 58 75 3b f2 47 0c 85 1a
> b4 54 2b 57 a2 12
>
> Mar 9 11:13:16 localhost pluto[4314]: | e3 ca ca 9b 22 be 86 de bb 7f
> a1 8f 56 64 3e 5f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 2b 2e 3f 59 af 4e fe 7e 79 cd
> e7 4d 5c 1f fd be
>
> Mar 9 11:13:16 localhost pluto[4314]: | 20 7d 35 74 71 5a 24 f2 bd ce
> 95 d8 04 55 2f 38
>
> Mar 9 11:13:16 localhost pluto[4314]: | 35 91 43 06 0d d6 ae f6 3a 23
> 6b 57 05 00 00 10
>
> Mar 9 11:13:16 localhost pluto[4314]: | 04 00 00 00 0a 06 03 84 ff ff
> ff ff 00 00 00 10
>
> Mar 9 11:13:16 localhost pluto[4314]: | 04 00 00 00 0a 06 64 00 ff ff
> ff 00 00 00 00 00
>
> Mar 9 11:13:16 localhost pluto[4314]: | next IV: e5 25 28 89 13 32 d4 03
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Hash Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 20
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Security
> Association Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONCE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 80
>
> Mar 9 11:13:16 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Nonce Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_KE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 20
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Key Exchange
> Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_ID
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 196
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Identification
> Payload (IPsec DOI):
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_ID
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | ID type: ID_IPV4_ADDR_SUBNET
>
> Mar 9 11:13:16 localhost pluto[4314]: | Protocol ID: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | port: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Identification
> Payload (IPsec DOI):
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | ID type: ID_IPV4_ADDR_SUBNET
>
> Mar 9 11:13:16 localhost pluto[4314]: | Protocol ID: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | port: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | removing 4 bytes of padding
>
> Mar 9 11:13:16 localhost pluto[4314]: | HASH(1) computed:
>
> Mar 9 11:13:16 localhost pluto[4314]: | b6 b4 72 27 de 1b 4d 74 44 13
> a1 9c 99 5a 16 b1
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer client is subnet
> 10.6.3.132/32
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer client protocol/port is 0/0
>
> Mar 9 11:13:16 localhost pluto[4314]: | our client is subnet 10.6.100.0/24
>
> Mar 9 11:13:16 localhost pluto[4314]: | our client protocol/port is 0/0
>
> Mar 9 11:13:16 localhost pluto[4314]: | find_client_connection starting
> with road
>
> Mar 9 11:13:16 localhost pluto[4314]: | looking for 10.6.100.0/24:0/0 ->
> 10.6.3.132/32:0/0
>
> Mar 9 11:13:16 localhost pluto[4314]: | concrete checking against sr#0
> 10.6.100.0/24 -> 10.6.3.132/32
>
> Mar 9 11:13:16 localhost pluto[4314]: | match_id
> a=@multibel1.multibel.it b=@multibel1.multibel.it
>
> Mar 9 11:13:16 localhost pluto[4314]: | match_id called with
> a=@multibel1.multibel.it b=@multibel1.multibel.it
>
> Mar 9 11:13:16 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc_try trying
> road:10.6.100.0/24:0/0 -> 10.6.3.132/32:0/0 vs road:10.6.100.0/24:0/0 ->
> 10.6.3.132/32:0/0
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc_try concluding with road
> [128]
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc_try road gives road
>
> Mar 9 11:13:16 localhost pluto[4314]: | concluding with d = road
>
> Mar 9 11:13:16 localhost pluto[4314]: | duplicating state object #1
>
> Mar 9 11:13:16 localhost pluto[4314]: | creating state object #2 at
> 0x80f0948
>
> Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
>
> Mar 9 11:13:16 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #2
>
> Mar 9 11:13:16 localhost pluto[4314]: | **emit ISAKMP Message:
>
> Mar 9 11:13:16 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:16 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_HASH
>
> Mar 9 11:13:16 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:16 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_QUICK
>
> Mar 9 11:13:16 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
>
> Mar 9 11:13:16 localhost pluto[4314]: | message ID: ae 62 6a 91
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Hash Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 zero bytes of HASH
> into ISAKMP Hash Payload
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Hash
> Payload: 20
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Security
> Association Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONCE
>
> Mar 9 11:13:16 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:13:16 localhost pluto[4314]: | ****parse IPsec DOI SIT:
>
> Mar 9 11:13:16 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:13:16 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 68
>
> Mar 9 11:13:16 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | protocol ID: PROTO_IPSEC_ESP
>
> Mar 9 11:13:16 localhost pluto[4314]: | SPI size: 4
>
> Mar 9 11:13:16 localhost pluto[4314]: | number of transforms: 2
>
> Mar 9 11:13:16 localhost pluto[4314]: | parsing 4 raw bytes of ISAKMP
> Proposal Payload into SPI
>
> Mar 9 11:13:16 localhost pluto[4314]: | SPI 9f cb 44 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | *****parse ISAKMP Transform
> Payload (ESP):
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_T
>
> Mar 9 11:13:16 localhost pluto[4314]: | length: 28
>
> Mar 9 11:13:16 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | transform ID: ESP_3DES
>
> Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
> attribute:
>
> Mar 9 11:13:16 localhost pluto[4314]: | af+type: GROUP_DESCRIPTION
>
> Mar 9 11:13:16 localhost pluto[4314]: | length/value: 5
>
> Mar 9 11:13:16 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
>
> Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
> attribute:
>
> Mar 9 11:13:16 localhost pluto[4314]: | af+type: ENCAPSULATION_MODE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:13:16 localhost pluto[4314]: | [1 is
> ENCAPSULATION_MODE_TUNNEL]
>
> Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
> attribute:
>
> Mar 9 11:13:16 localhost pluto[4314]: | af+type: SA_LIFE_TYPE
>
> Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:13:16 localhost pluto[4314]: | [1 is SA_LIFE_TYPE_SECONDS]
>
> Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
> attribute:
>
> Mar 9 11:13:16 localhost pluto[4314]: | af+type: SA_LIFE_DURATION
>
> Mar 9 11:13:16 localhost pluto[4314]: | length/value: 28800
>
> Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
> attribute:
>
> Mar 9 11:13:16 localhost pluto[4314]: | af+type: AUTH_ALGORITHM
>
> Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:13:16 localhost pluto[4314]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
>
> Mar 9 11:13:16 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:13:16 localhost pluto[4314]: |
> kernel_alg_esp_enc_keylen():alg_id=3, keylen=24
>
> Mar 9 11:13:16 localhost pluto[4314]: | ****emit IPsec DOI SIT:
>
> Mar 9 11:13:16 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:13:16 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:16 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | protocol ID: PROTO_IPSEC_ESP
>
> Mar 9 11:13:16 localhost pluto[4314]: | SPI size: 4
>
> Mar 9 11:13:16 localhost pluto[4314]: | number of transforms: 1
>
> Mar 9 11:13:16 localhost pluto[4314]: | netlink_get_spi: allocated
> 0x7eb13e58 for esp.0 at 10.6.3.133
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 4 raw bytes of SPI into
> ISAKMP Proposal Payload
>
> Mar 9 11:13:16 localhost pluto[4314]: | SPI 7e b1 3e 58
>
> Mar 9 11:13:16 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
> (ESP):
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:16 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:13:16 localhost pluto[4314]: | transform ID: ESP_3DES
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 20 raw bytes of
> attributes into ISAKMP Transform Payload (ESP)
>
> Mar 9 11:13:16 localhost pluto[4314]: | attributes 80 03 00 05 80 04 00
> 01 80 01 00 01 80 02 70 80
>
> Mar 9 11:13:16 localhost pluto[4314]: | 80 05 00 01
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP
> Transform Payload (ESP): 28
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Proposal
> Payload: 40
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Security
> Association Payload: 52
>
> Mar 9 11:13:16 localhost pluto[4314]: | DH public value received:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 0a 65 89 43 eb 76 6f 86 c6 37
> 4b 69 90 b6 16 49
>
> Mar 9 11:13:16 localhost pluto[4314]: | 90 ac 30 ab 53 95 b6 b7 2e 30
> 98 47 f5 f0 47 e9
>
> Mar 9 11:13:16 localhost pluto[4314]: | 9b 89 3e 90 b5 68 ab 60 e4 4b
> 58 c5 f2 79 c9 66
>
> Mar 9 11:13:16 localhost pluto[4314]: | fe 50 ba 02 1c ff 17 af ed 7a
> e4 f1 2f bf 27 b4
>
> Mar 9 11:13:16 localhost pluto[4314]: | 87 ac 71 2d 4f 74 79 33 d4 f9
> 61 f1 a5 03 28 c2
>
> Mar 9 11:13:16 localhost pluto[4314]: | 5b f1 12 5b 2d 7f 69 76 18 3e
> 38 e3 21 e7 1e 3c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 8c 13 32 38 c8 88 ff 91 0d 98
> 48 96 ff ed 03 23
>
> Mar 9 11:13:16 localhost pluto[4314]: | 38 27 f4 d8 35 69 58 75 3b f2
> 47 0c 85 1a b4 54
>
> Mar 9 11:13:16 localhost pluto[4314]: | 2b 57 a2 12 e3 ca ca 9b 22 be
> 86 de bb 7f a1 8f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 56 64 3e 5f 2b 2e 3f 59 af 4e
> fe 7e 79 cd e7 4d
>
> Mar 9 11:13:16 localhost pluto[4314]: | 5c 1f fd be 20 7d 35 74 71 5a
> 24 f2 bd ce 95 d8
>
> Mar 9 11:13:16 localhost pluto[4314]: | 04 55 2f 38 35 91 43 06 0d d6
> ae f6 3a 23 6b 57
>
> Mar 9 11:13:16 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: responding
> to Quick Mode
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Nonce Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_KE
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of Nr into
> ISAKMP Nonce Payload
>
> Mar 9 11:13:16 localhost pluto[4314]: | Nr 7e ba 3c 89 88 a1 86 e8 37
> c7 5e 58 46 9d 77 6b
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Nonce
> Payload: 20
>
> Mar 9 11:13:16 localhost pluto[4314]: | Local DH secret:
>
> Mar 9 11:13:16 localhost pluto[4314]: | eb f2 a6 3d fb 7d 20 00 08 a0
> 8e 49 8d 01 f6 38
>
> Mar 9 11:13:16 localhost pluto[4314]: | 55 75 11 d8 ed 19 e6 b0 f4 1f
> d9 6b 0d 25 02 2d
>
> Mar 9 11:13:16 localhost pluto[4314]: | Public DH value sent:
>
> Mar 9 11:13:16 localhost pluto[4314]: | ae 80 90 a3 c4 ac 7a 67 b3 78
> 2d 88 7a 03 e3 04
>
> Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
> 15 a0 bf eb d1 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
> 8e a3 82 ca 54 ab
>
> Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
> bd a5 ef 0b ae 4f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
> 70 76 94 fd a7 de
>
> Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
> 35 f7 14 93 89 df
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
> 83 18 1b a0 a3 cd
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
> a8 82 ae 6c ad f2
>
> Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
> 65 2c c8 5b dc af
>
> Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
> e9 5f 8c 74 ff 9e
>
> Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
> fc ed fc a4 1d 85
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
> 06 31 d4 ff 39 68
>
> Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Key Exchange
> Payload:
>
> Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_ID
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 192 raw bytes of keyex
> value into ISAKMP Key Exchange Payload
>
> Mar 9 11:13:16 localhost pluto[4314]: | keyex value ae 80 90 a3 c4 ac 7a
> 67 b3 78 2d 88 7a 03 e3 04
>
> Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
> 15 a0 bf eb d1 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
> 8e a3 82 ca 54 ab
>
> Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
> bd a5 ef 0b ae 4f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
> 70 76 94 fd a7 de
>
> Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
> 35 f7 14 93 89 df
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
> 83 18 1b a0 a3 cd
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
> a8 82 ae 6c ad f2
>
> Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
> 65 2c c8 5b dc af
>
> Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
> e9 5f 8c 74 ff 9e
>
> Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
> fc ed fc a4 1d 85
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
> 06 31 d4 ff 39 68
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Key
> Exchange Payload: 196
>
> Mar 9 11:13:16 localhost pluto[4314]: | compute_dh_shared(): time elapsed
> (OAKLEY_GROUP_MODP1536): 5714 usec
>
> Mar 9 11:13:16 localhost pluto[4314]: | DH shared secret:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 7a 28 99 4a 18 5f 49 15 c0 4e
> c8 0f d1 de b2 79
>
> Mar 9 11:13:16 localhost pluto[4314]: | 72 8c 2d e2 87 1b 22 8c ed d1
> 8e 0e 56 cf a7 ce
>
> Mar 9 11:13:16 localhost pluto[4314]: | ea e0 0c 07 ff 97 cb c9 5f e9
> f4 d9 cc 0f ea de
>
> Mar 9 11:13:16 localhost pluto[4314]: | 88 45 8c 5e fd 08 17 ba db 0e
> ac 74 c3 ac 09 a9
>
> Mar 9 11:13:16 localhost pluto[4314]: | 76 74 60 38 1e 85 68 4b 2c e5
> 7d 7d e3 76 85 81
>
> Mar 9 11:13:16 localhost pluto[4314]: | d9 3e b3 bd a6 57 ee 87 9d 8b
> b6 f1 99 6e 21 e5
>
> Mar 9 11:13:16 localhost pluto[4314]: | 60 b8 d6 20 c2 cf e7 cd 16 f8
> 30 dc f6 44 09 81
>
> Mar 9 11:13:16 localhost pluto[4314]: | 2c 9e 7f b5 ac c7 9e 2d fe ba
> 16 c0 0e e3 11 93
>
> Mar 9 11:13:16 localhost pluto[4314]: | 66 92 e7 11 0c b3 0f 49 08 e1
> 9d f0 11 fb 74 40
>
> Mar 9 11:13:16 localhost pluto[4314]: | 50 74 32 bc 16 62 fe 29 50 b2
> ee ce 53 e0 62 48
>
> Mar 9 11:13:16 localhost pluto[4314]: | e5 e3 65 42 fe 74 23 c3 bf 56
> 08 b1 9a c8 80 a9
>
> Mar 9 11:13:16 localhost pluto[4314]: | 45 98 63 d9 39 4d d1 28 c0 13
> 4a 09 a0 a8 48 5c
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of IDci into
> ISAKMP Message
>
> Mar 9 11:13:16 localhost pluto[4314]: | IDci 05 00 00 10 04 00 00 00 0a
> 06 03 84 ff ff ff ff
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of IDcr into
> ISAKMP Message
>
> Mar 9 11:13:16 localhost pluto[4314]: | IDcr 00 00 00 10 04 00 00 00 0a
> 06 64 00 ff ff ff 00
>
> Mar 9 11:13:16 localhost pluto[4314]: | HASH(2) computed:
>
> Mar 9 11:13:16 localhost pluto[4314]: | cd 1b ee de e9 0a 74 de 26 3f
> 68 67 5d 87 24 cf
>
> Mar 9 11:13:16 localhost pluto[4314]: | compute_proto_keymat:needed_len
> (after ESP enc)=24
>
> Mar 9 11:13:16 localhost pluto[4314]: | compute_proto_keymat:needed_len
> (after ESP auth)=40
>
> Mar 9 11:13:16 localhost pluto[4314]: | KEYMAT computed:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 4f 76 15 1f d6 f8 73 75 a2 c9
> 7a 81 71 36 1a ee
>
> Mar 9 11:13:16 localhost pluto[4314]: | 8f 9d 56 2c d7 83 68 69 2b c1
> e6 37 28 7b b0 7d
>
> Mar 9 11:13:16 localhost pluto[4314]: | c6 0c 67 65 84 43 6f 55
>
> Mar 9 11:13:16 localhost pluto[4314]: | Peer KEYMAT computed:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 3d 97 83 0a e6 36 61 57 13 4a
> f7 8c 8b a8 4c 9b
>
> Mar 9 11:13:16 localhost pluto[4314]: | 7c ad ea ef 55 4f dd 77 0a 41
> 3d d2 c5 cc c1 c9
>
> Mar 9 11:13:16 localhost pluto[4314]: | c0 92 3a 5d 8b 2b 86 5f
>
> Mar 9 11:13:16 localhost pluto[4314]: | install_inbound_ipsec_sa()
> checking if we can route
>
> Mar 9 11:13:16 localhost pluto[4314]: | route owner of "road"[1]
> 10.6.3.132 unrouted: NULL; eroute owner: NULL
>
> Mar 9 11:13:16 localhost pluto[4314]: | could_route called for road
> (kind=CK_INSTANCE)
>
> Mar 9 11:13:16 localhost pluto[4314]: | add inbound eroute 10.6.3.132/32:0
> --0-> 10.6.100.0/24:0 => tun.10000 at 10.6.3.133 (raw_eroute)
>
> Mar 9 11:13:16 localhost pluto[4314]: | encrypting:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 01 00 00 14 cd 1b ee de e9 0a
> 74 de 26 3f 68 67
>
> Mar 9 11:13:16 localhost pluto[4314]: | 5d 87 24 cf 0a 00 00 34 00 00
> 00 01 00 00 00 01
>
> Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 28 00 03 04 01 7e b1
> 3e 58 00 00 00 1c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 00 03 00 00 80 03 00 05 80 04
> 00 01 80 01 00 01
>
> Mar 9 11:13:16 localhost pluto[4314]: | 80 02 70 80 80 05 00 01 04 00
> 00 14 7e ba 3c 89
>
> Mar 9 11:13:16 localhost pluto[4314]: | 88 a1 86 e8 37 c7 5e 58 46 9d
> 77 6b 05 00 00 c4
>
> Mar 9 11:13:16 localhost pluto[4314]: | ae 80 90 a3 c4 ac 7a 67 b3 78
> 2d 88 7a 03 e3 04
>
> Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
> 15 a0 bf eb d1 16
>
> Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
> 8e a3 82 ca 54 ab
>
> Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
> bd a5 ef 0b ae 4f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
> 70 76 94 fd a7 de
>
> Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
> 35 f7 14 93 89 df
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
> 83 18 1b a0 a3 cd
>
> Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
> a8 82 ae 6c ad f2
>
> Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
> 65 2c c8 5b dc af
>
> Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
> e9 5f 8c 74 ff 9e
>
> Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
> fc ed fc a4 1d 85
>
> Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
> 06 31 d4 ff 39 68
>
> Mar 9 11:13:16 localhost pluto[4314]: | 05 00 00 10 04 00 00 00 0a 06
> 03 84 ff ff ff ff
>
> Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 10 04 00 00 00 0a 06
> 64 00 ff ff ff 00
>
> Mar 9 11:13:16 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
>
> Mar 9 11:13:16 localhost pluto[4314]: | next IV: b6 7e c3 ed a1 52 e8 a6
>
> Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Message:
> 348
>
> Mar 9 11:13:16 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: transition
> from state (null) to state STATE_QUICK_R1
>
> Mar 9 11:13:16 localhost pluto[4314]: | sending 348 bytes for
> STATE_QUICK_R0 through eth0 to 10.6.3.132:500:
>
> Mar 9 11:13:16 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
> 70 9c 52 0c 37 8c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
> 01 5c 01 1c 9f ff
>
> Mar 9 11:13:16 localhost pluto[4314]: | 2e 18 48 2d 55 44 50 9c 51 c0
> 62 a9 98 ba d1 51
>
> Mar 9 11:13:16 localhost pluto[4314]: | b6 c2 de fc bb 84 18 b7 e0 e8
> ab 1a bc 32 54 95
>
> Mar 9 11:13:16 localhost pluto[4314]: | 44 f3 a6 55 aa de b5 bf 62 6e
> 1a c7 a7 42 0e 05
>
> Mar 9 11:13:16 localhost pluto[4314]: | ae 2b 36 20 16 cb 63 c4 a0 2c
> 91 b0 b4 9e af 3d
>
> Mar 9 11:13:16 localhost pluto[4314]: | da 1c 7c 02 58 fe 1e 1b 5b 0c
> 64 ed a0 d1 b2 7d
>
> Mar 9 11:13:16 localhost pluto[4314]: | c7 08 03 1d 46 7c c3 ea 9d cf
> 4f fa 16 1d 3a 7f
>
> Mar 9 11:13:16 localhost pluto[4314]: | 70 fb 9a 40 ac fd 3e 38 c6 8c
> f1 70 2d ff 78 36
>
> Mar 9 11:13:16 localhost pluto[4314]: | c1 57 a3 fb a7 f7 b4 cb 85 a7
> c2 df cd a0 ae 57
>
> Mar 9 11:13:16 localhost pluto[4314]: | 86 db ce e6 79 ac e9 3b 52 c7
> c9 c1 56 7b 3a 07
>
> Mar 9 11:13:16 localhost pluto[4314]: | 87 46 1a 44 2f 96 75 b2 69 14
> 0f eb dd ec 87 3d
>
> Mar 9 11:13:16 localhost pluto[4314]: | c5 2f d5 fb c8 30 95 48 58 7d
> a6 fd 34 dc 45 21
>
> Mar 9 11:13:16 localhost pluto[4314]: | 4b 78 39 5d 84 8a de d2 32 d2
> f6 1a 0f 4b 94 62
>
> Mar 9 11:13:16 localhost pluto[4314]: | 08 27 c0 23 4d 8c 7e 4c 70 2b
> 1d 78 47 fd 38 c3
>
> Mar 9 11:13:16 localhost pluto[4314]: | 0e c4 0c 4b 96 be 39 e2 6a 19
> 60 c2 fd 3d 0e 9e
>
> Mar 9 11:13:16 localhost pluto[4314]: | 45 ef 63 32 2d 60 78 c3 97 5d
> f8 ca 8b 06 26 54
>
> Mar 9 11:13:16 localhost pluto[4314]: | 7a 4d 22 3b 57 dd 11 0b b8 43
> b2 67 2b ec 52 41
>
> Mar 9 11:13:16 localhost pluto[4314]: | 29 0e 98 43 7b 9d b3 5b 97 03
> 84 b4 72 ba df 0a
>
> Mar 9 11:13:16 localhost pluto[4314]: | f4 b9 2a c2 5a 97 d5 37 c5 a2
> 2e 27 54 fb 33 96
>
> Mar 9 11:13:16 localhost pluto[4314]: | 32 1b 44 5a e7 c6 b3 cb d1 3c
> ae 9d 44 1b c8 9c
>
> Mar 9 11:13:16 localhost pluto[4314]: | 29 56 05 6b b6 7e c3 ed a1 52
> e8 a6
>
> Mar 9 11:13:16 localhost pluto[4314]: | inserting event EVENT_RETRANSMIT,
> timeout in 10 seconds for #2
>
> Mar 9 11:13:16 localhost pluto[4314]: | next event EVENT_RETRANSMIT in 10
> seconds for #2
>
> Mar 9 11:13:17 localhost pluto[4314]: |
>
> Mar 9 11:13:17 localhost pluto[4314]: | *received 52 bytes from
> 10.6.3.132:500 on eth0
>
> Mar 9 11:13:17 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
> 70 9c 52 0c 37 8c
>
> Mar 9 11:13:17 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
> 00 34 ec 5e 83 32
>
> Mar 9 11:13:17 localhost pluto[4314]: | da 4a 1c 45 49 f9 16 2d 04 d5
> a4 56 ee 16 a2 94
>
> Mar 9 11:13:17 localhost pluto[4314]: | bd 91 de b7
>
> Mar 9 11:13:17 localhost pluto[4314]: | **parse ISAKMP Message:
>
> Mar 9 11:13:17 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:13:17 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:17 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:13:17 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:17 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_HASH
>
> Mar 9 11:13:17 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:13:17 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_QUICK
>
> Mar 9 11:13:17 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
>
> Mar 9 11:13:17 localhost pluto[4314]: | message ID: ae 62 6a 91
>
> Mar 9 11:13:17 localhost pluto[4314]: | length: 52
>
> Mar 9 11:13:17 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
>
> Mar 9 11:13:17 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
>
> Mar 9 11:13:17 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:13:17 localhost pluto[4314]: | state hash entry 25
>
> Mar 9 11:13:17 localhost pluto[4314]: | peer and cookies match on #2,
> provided msgid ae626a91 vs ae626a91
>
> Mar 9 11:13:17 localhost pluto[4314]: | state object #2 found, in
> STATE_QUICK_R1
>
> Mar 9 11:13:17 localhost pluto[4314]: | received encrypted packet from
> 10.6.3.132:500
>
> Mar 9 11:13:17 localhost pluto[4314]: | decrypting 24 bytes using
> algorithm OAKLEY_3DES_CBC
>
> Mar 9 11:13:17 localhost pluto[4314]: | decrypted:
>
> Mar 9 11:13:17 localhost pluto[4314]: | 00 00 00 14 19 f9 c1 d7 2a 51
> 7e 79 7b c3 83 a5
>
> Mar 9 11:13:17 localhost pluto[4314]: | 6a e7 5d 7b 00 00 00 00
>
> Mar 9 11:13:17 localhost pluto[4314]: | next IV: ee 16 a2 94 bd 91 de b7
>
> Mar 9 11:13:17 localhost pluto[4314]: | ***parse ISAKMP Hash Payload:
>
> Mar 9 11:13:17 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:13:17 localhost pluto[4314]: | length: 20
>
> Mar 9 11:13:17 localhost pluto[4314]: | removing 4 bytes of padding
>
> Mar 9 11:13:17 localhost pluto[4314]: | HASH(3) computed: 19 f9 c1 d7 2a
> 51 7e 79 7b c3 83 a5 6a e7 5d 7b
>
> Mar 9 11:13:17 localhost pluto[4314]: | install_ipsec_sa() for #2:
> outbound only
>
> Mar 9 11:13:17 localhost pluto[4314]: | route owner of "road"[1]
> 10.6.3.132 unrouted: NULL; eroute owner: NULL
>
> Mar 9 11:13:17 localhost pluto[4314]: | could_route called for road
> (kind=CK_INSTANCE)
>
> Mar 9 11:13:17 localhost pluto[4314]: | sr for #2: unrouted
>
> Mar 9 11:13:17 localhost pluto[4314]: | route owner of "road"[1]
> 10.6.3.132 unrouted: NULL; eroute owner: NULL
>
> Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute with c: road
> (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
>
> Mar 9 11:13:17 localhost pluto[4314]: | eroute_connection add eroute
> 10.6.100.0/24:0 --0-> 10.6.3.132/32:0 => tun.0 at 10.6.3.132 (raw_eroute)
>
> Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:17 localhost pluto[4314]: | executing up-client: 2>&1
> PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='road'
> PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
> PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
> PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
> PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
> PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
> PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
> PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
> PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
>
> Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute:
> firewall_notified: true
>
> Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:17 localhost pluto[4314]: | executing prepare-client: 2>&1
> PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='road'
> PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
> PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
> PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
> PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
> PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
> PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
> PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
> PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
>
> Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
> b=(empty)
>
> Mar 9 11:13:17 localhost pluto[4314]: | executing route-client: 2>&1
> PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='road'
> PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
> PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
> PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
> PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
> PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
> PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
> PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
> PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
>
> Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute: instance
> "road"[1] 10.6.3.132, setting eroute_owner {spd=0x80efa5c,sr=0x80efa5c} to
> #2 (was #0) (newest_ipsec_sa=#0)
>
> Mar 9 11:13:17 localhost pluto[4314]: | inI2: instance road[1], setting
> newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
>
> Mar 9 11:13:17 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: transition
> from state STATE_QUICK_R1 to state STATE_QUICK_R2
>
> Mar 9 11:13:17 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
> timeout in 28530 seconds for #2
>
> Mar 9 11:13:17 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: IPsec SA
> established {ESP=>0x9fcb4416 <0x7eb13e58}
>
> Mar 9 11:13:17 localhost pluto[4314]: | next event EVENT_SA_REPLACE in
> 3328 seconds for #1
>
> Mar 9 11:56:40 localhost pluto[4314]: |
>
> Mar 9 11:56:40 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:56:40 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:56:40 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 725
> seconds for #1
>
> Mar 9 11:56:40 localhost pluto[4314]: |
>
> Mar 9 11:56:40 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:56:40 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:56:40 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 725
> seconds for #1
>
> Mar 9 11:56:42 localhost pluto[4314]: |
>
> Mar 9 11:56:42 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:56:42 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 723
> seconds for #1
>
> Mar 9 11:57:19 localhost pluto[4314]: |
>
> Mar 9 11:57:19 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:57:19 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:57:19 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 686
> seconds for #1
>
> Mar 9 11:57:19 localhost pluto[4314]: |
>
> Mar 9 11:57:19 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:57:19 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:57:19 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 686
> seconds for #1
>
> Mar 9 11:57:21 localhost pluto[4314]: |
>
> Mar 9 11:57:21 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:57:21 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 684
> seconds for #1
>
> Mar 9 11:57:57 localhost pluto[4314]: |
>
> Mar 9 11:57:57 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:57:57 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:57:57 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 648
> seconds for #1
>
> Mar 9 11:57:57 localhost pluto[4314]: |
>
> Mar 9 11:57:57 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:57:57 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:57:57 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 648
> seconds for #1
>
> Mar 9 11:58:00 localhost pluto[4314]: |
>
> Mar 9 11:58:00 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:58:00 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 645
> seconds for #1
>
> Mar 9 11:58:26 localhost pluto[4314]: |
>
> Mar 9 11:58:26 localhost pluto[4314]: | *received 176 bytes from
> 10.6.3.132:500 on eth0
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e 00 00
> 00 00 00 00 00 00
>
> Mar 9 11:58:26 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
> 00 b0 00 00 00 94
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
> 00 88 00 01 00 04
>
> Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 00 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
> 00 03 80 04 00 05
>
> Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 01 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
> 00 03 80 04 00 02
>
> Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 02 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
> 00 03 80 04 00 05
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 20 03 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
> 00 03 80 04 00 02
>
> Mar 9 11:58:26 localhost pluto[4314]: | **parse ISAKMP Message:
>
> Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
>
> Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 00 00 00 00 00
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:58:26 localhost pluto[4314]: | flags: none
>
> Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:58:26 localhost pluto[4314]: | length: 176
>
> Mar 9 11:58:26 localhost pluto[4314]: | ***parse ISAKMP Security
> Association Payload:
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:58:26 localhost pluto[4314]: | length: 148
>
> Mar 9 11:58:26 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:58:26 localhost pluto[4314]: | creating state object #3 at
> 0x80f0f20
>
> Mar 9 11:58:26 localhost pluto[4314]: | ICOOKIE: c1 07 f0 35 8a 80 67 6e
>
> Mar 9 11:58:26 localhost pluto[4314]: | RCOOKIE: c7 be 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:58:26 localhost pluto[4314]: | state hash entry 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #3
>
> Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: responding
> to Main Mode from unknown peer 10.6.3.132
>
> Mar 9 11:58:26 localhost pluto[4314]: | **emit ISAKMP Message:
>
> Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
>
> Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c7 be 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_SA
>
> Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:58:26 localhost pluto[4314]: | flags: none
>
> Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:58:26 localhost pluto[4314]: | ***emit ISAKMP Security
> Association Payload:
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:58:26 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
>
> Mar 9 11:58:26 localhost pluto[4314]: | ****parse IPsec DOI SIT:
>
> Mar 9 11:58:26 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:58:26 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:58:26 localhost pluto[4314]: | length: 136
>
> Mar 9 11:58:26 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
>
> Mar 9 11:58:26 localhost pluto[4314]: | SPI size: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | number of transforms: 4
>
> Mar 9 11:58:26 localhost pluto[4314]: | *****parse ISAKMP Transform
> Payload (ISAKMP):
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_T
>
> Mar 9 11:58:26 localhost pluto[4314]: | length: 32
>
> Mar 9 11:58:26 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | transform ID: KEY_IKE
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_LIFE_TYPE
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:58:26 localhost pluto[4314]: | [1 is OAKLEY_LIFE_SECONDS]
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_LIFE_DURATION
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 3600
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type:
> OAKLEY_ENCRYPTION_ALGORITHM
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 5
>
> Mar 9 11:58:26 localhost pluto[4314]: | [5 is OAKLEY_3DES_CBC]
>
> Mar 9 11:58:26 localhost pluto[4314]: | ike_alg_enc_ok(ealg=5,key_len=0):
> blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_HASH_ALGORITHM
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 1
>
> Mar 9 11:58:26 localhost pluto[4314]: | [1 is OAKLEY_MD5]
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type:
> OAKLEY_AUTHENTICATION_METHOD
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 3
>
> Mar 9 11:58:26 localhost pluto[4314]: | [3 is OAKLEY_RSA_SIG]
>
> Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
> attribute:
>
> Mar 9 11:58:26 localhost pluto[4314]: | af+type:
> OAKLEY_GROUP_DESCRIPTION
>
> Mar 9 11:58:26 localhost pluto[4314]: | length/value: 5
>
> Mar 9 11:58:26 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
>
> Mar 9 11:58:26 localhost pluto[4314]: | Oakley Transform 0 accepted
>
> Mar 9 11:58:26 localhost pluto[4314]: | ****emit IPsec DOI SIT:
>
> Mar 9 11:58:26 localhost pluto[4314]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
>
> Mar 9 11:58:26 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:58:26 localhost pluto[4314]: | proposal number: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
>
> Mar 9 11:58:26 localhost pluto[4314]: | SPI size: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | number of transforms: 1
>
> Mar 9 11:58:26 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
> (ISAKMP):
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_NONE
>
> Mar 9 11:58:26 localhost pluto[4314]: | transform number: 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | transform ID: KEY_IKE
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting 24 raw bytes of
> attributes into ISAKMP Transform Payload (ISAKMP)
>
> Mar 9 11:58:26 localhost pluto[4314]: | attributes 80 0b 00 01 80 0c 0e
> 10 80 01 00 05 80 02 00 01
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 03 00 03 80 04 00 05
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP
> Transform Payload (ISAKMP): 32
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Proposal
> Payload: 40
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Security
> Association Payload: 52
>
> Mar 9 11:58:26 localhost pluto[4314]: | sender checking NAT-t: 0 and 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Message:
> 80
>
> Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: transition
> from state (null) to state STATE_MAIN_R1
>
> Mar 9 11:58:26 localhost pluto[4314]: | sending 80 bytes for STATE_MAIN_R0
> through eth0 to 10.6.3.132:500:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
> 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
> 00 50 00 00 00 34
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
> 00 28 00 01 00 01
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 20 00 01 00 00 80 0b
> 00 01 80 0c 0e 10
>
> Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
> 00 03 80 04 00 05
>
> Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_RETRANSMIT,
> timeout in 10 seconds for #3
>
> Mar 9 11:58:26 localhost pluto[4314]: | next event EVENT_RETRANSMIT in 10
> seconds for #3
>
> Mar 9 11:58:26 localhost pluto[4314]: |
>
> Mar 9 11:58:26 localhost pluto[4314]: | *received 244 bytes from
> 10.6.3.132:500 on eth0
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
> 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | 04 10 02 00 00 00 00 00 00 00
> 00 f4 0a 00 00 c4
>
> Mar 9 11:58:26 localhost pluto[4314]: | 03 08 4e 68 66 a4 cc 46 3d ba
> d0 ab 12 81 d7 aa
>
> Mar 9 11:58:26 localhost pluto[4314]: | e1 f6 df b8 29 83 0b 49 05 04
> 77 5a 5d 8e ea cf
>
> Mar 9 11:58:26 localhost pluto[4314]: | d8 58 27 28 9a 41 35 91 16 a5
> f2 e1 af fa 3f f8
>
> Mar 9 11:58:26 localhost pluto[4314]: | 83 c2 85 15 c3 5d 93 69 1f 79
> 0d 66 e0 ec f6 7b
>
> Mar 9 11:58:26 localhost pluto[4314]: | 4e fa dc 75 36 4f 65 5c 45 92
> 0a d3 85 a9 b8 24
>
> Mar 9 11:58:26 localhost pluto[4314]: | 2c cd f6 15 83 39 c2 17 40 3d
> 0d 1e 4e b9 0b d1
>
> Mar 9 11:58:26 localhost pluto[4314]: | 11 11 04 a6 c1 d9 a4 d8 ab 01
> 63 b3 d1 47 66 73
>
> Mar 9 11:58:26 localhost pluto[4314]: | a1 29 b6 e9 e6 2b 0d cb 8b 61
> b7 b5 fb c5 2b 2d
>
> Mar 9 11:58:26 localhost pluto[4314]: | 67 22 c1 51 b5 66 3e a3 79 2a
> 96 87 73 48 de f9
>
> Mar 9 11:58:26 localhost pluto[4314]: | 9f 7f 77 f1 a0 bd fd 10 d7 3c
> da 1b 14 ec 76 cc
>
> Mar 9 11:58:26 localhost pluto[4314]: | 7f 00 fb 28 de ea 48 86 0d f6
> f2 80 72 8a b7 b5
>
> Mar 9 11:58:26 localhost pluto[4314]: | bd 03 c4 d7 7b f3 e9 07 14 6b
> 33 a3 32 c6 fc 4d
>
> Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 14 90 dd 95 a3 ee e1
> 38 d4 d4 f1 90 a2
>
> Mar 9 11:58:26 localhost pluto[4314]: | b8 f7 65 2d
>
> Mar 9 11:58:26 localhost pluto[4314]: | **parse ISAKMP Message:
>
> Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
>
> Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c7 be 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
> ISAKMP_NEXT_KE
>
> Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
> 1.0
>
> Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
> ISAKMP_XCHG_IDPROT
>
> Mar 9 11:58:26 localhost pluto[4314]: | flags: none
>
> Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
>
> Mar 9 11:58:26 localhost pluto[4314]: | length: 244
>
> Mar 9 11:58:26 localhost pluto[4314]: | ICOOKIE: c1 07 f0 35 8a 80 67 6e
>
> Mar 9 11:58:26 localhost pluto[4314]: | RCOOKIE: c7 be 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | peer: 0a 06 03 84
>
> Mar 9 11:58:26 localhost pluto[4314]: | state hash entry 0
>
> Mar 9 11:58:26 localhost pluto[4314]: | b2 c5
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting 6 zero bytes of
> encryption padding into ISAKMP Message
>
> Mar 9 11:58:26 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
>
> Mar 9 11:58:26 localhost pluto[4314]: | next IV: a1 a8 3e fc 52 55 32 c5
>
> Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Message:
> 324
>
> Mar 9 11:58:26 localhost pluto[4314]: | last encrypted block of Phase 1:
>
> Mar 9 11:58:26 localhost pluto[4314]: | a1 a8 3e fc 52 55 32 c5
>
> Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: transition
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
>
> Mar 9 11:58:26 localhost pluto[4314]: | sending 324 bytes for
> STATE_MAIN_R2 through eth0 to 10.6.3.132:500:
>
> Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
> 1f f8 44 33 91 97
>
> Mar 9 11:58:26 localhost pluto[4314]: | 05 10 02 01 00 00 00 00 00 00
> 01 44 e0 98 38 fd
>
> Mar 9 11:58:26 localhost pluto[4314]: | 6c 6f d3 6c e6 8c e3 64 33 69
> 34 d9 b2 93 48 1d
>
> Mar 9 11:58:26 localhost pluto[4314]: | d5 77 e5 14 32 23 ec 1a f0 83
> e4 cc 51 78 bc a5
>
> Mar 9 11:58:26 localhost pluto[4314]: | b6 54 97 b3 36 c8 dd 6e c5 0b
> 6a e9 c4 14 27 ea
>
> Mar 9 11:58:26 localhost pluto[4314]: | 8a 14 8a 90 ca 06 05 34 4c 93
> c3 73 87 74 39 e8
>
> Mar 9 11:58:26 localhost pluto[4314]: | 20 d7 8d 86 a0 17 6e da 5d fe
> 74 62 4a c5 c1 7c
>
> Mar 9 11:58:26 localhost pluto[4314]: | 84 85 2e 44 c3 94 0e cc 91 de
> d2 18 08 3c e9 95
>
> Mar 9 11:58:26 localhost pluto[4314]: | c0 00 77 17 ae 2f 39 d7 bb fd
> 9d 66 e7 55 33 71
>
> Mar 9 11:58:26 localhost pluto[4314]: | a6 21 b1 37 7f 68 ad be eb fc
> 6e 40 82 a1 31 70
>
> Mar 9 11:58:26 localhost pluto[4314]: | 1c 1a b2 0a c1 3c 81 90 79 66
> 79 b4 6d ce 65 fa
>
> Mar 9 11:58:26 localhost pluto[4314]: | 5b 3b fe a7 b8 b3 24 21 9e c6
> 06 4a 64 b1 8d 81
>
> Mar 9 11:58:26 localhost pluto[4314]: | 87 0f b5 96 8b d3 fd 23 6a b4
> ac 10 11 61 dc 0b
>
> Mar 9 11:58:26 localhost pluto[4314]: | 33 94 e8 af 26 fc 11 b6 e9 01
> bc 91 80 5c 49 ab
>
> Mar 9 11:58:26 localhost pluto[4314]: | 18 b3 65 0e b9 bc b2 e5 97 a3
> 97 4f 19 20 66 11
>
> Mar 9 11:58:26 localhost pluto[4314]: | 85 2b a8 62 19 1d ce ce b9 ef
> b2 cd 82 51 01 f9
>
> Mar 9 11:58:26 localhost pluto[4314]: | 97 d6 30 53 5e b2 2c c2 f0 34
> 40 ac aa d1 67 34
>
> Mar 9 11:58:26 localhost pluto[4314]: | 0c a5 dc 84 09 20 78 e5 2e b8
> e8 dc a6 ca 5f 49
>
> Mar 9 11:58:26 localhost pluto[4314]: | d2 c0 f8 e4 b0 36 b0 60 c4 20
> 56 13 e5 78 d6 fd
>
> Mar 9 11:58:26 localhost pluto[4314]: | f6 b6 1a a9 62 14 3b 53 a4 95
> 49 a0 a1 a8 3e fc
>
> Mar 9 11:58:26 localhost pluto[4314]: | 52 55 32 c5
>
> Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
> timeout in 3330 seconds for #3
>
> Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: sent MR3,
> ISAKMP SA established
>
> Mar 9 11:58:26 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 619
> seconds for #1
>
> Mar 9 11:59:03 localhost pluto[4314]: |
>
> Mar 9 11:59:03 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:59:03 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:59:03 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 582
> seconds for #1
>
> Mar 9 11:59:04 localhost pluto[4314]: |
>
> Mar 9 11:59:04 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:59:04 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 11:59:04 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 581
> seconds for #1
>
> Mar 9 11:59:06 localhost pluto[4314]: |
>
> Mar 9 11:59:06 localhost pluto[4314]: | *received whack message
>
> Mar 9 11:59:06 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 579
> seconds for #1
>
> Mar 9 12:01:43 localhost pluto[4314]: |
>
> Mar 9 12:01:43 localhost pluto[4314]: | *received whack message
>
> Mar 9 12:01:43 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 12:01:43 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 422
> seconds for #1
>
> Mar 9 12:01:44 localhost pluto[4314]: |
>
> Mar 9 12:01:44 localhost pluto[4314]: | *received whack message
>
> Mar 9 12:01:44 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
> alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
>
> Mar 9 12:01:44 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 421
> seconds for #1
>
> Mar 9 12:01:46 localhost pluto[4314]: |
>
> Mar 9 12:01:46 localhost pluto[4314]: | *received whack message
>
> Mar 9 12:01:46 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 419
> seconds for #1
>
> + _________________________ date
>
> + date
>
> Thu Mar 9 12:01:46 CET 2006
--
Dott. Fabio Marcone
2T srl
Telefono +39 - 0871- 540154
Fax +39 - 0871- 571594
Email fabio.marcone at duet.it
Indirizzo Viale B. Croce 573
66013 Chieti Scalo (CH)
GNU/Linux registered user #400424
More information about the Users
mailing list