[Openswan Users] Stuck Connection

Mark Olliver mark at olliver.me.uk
Tue Oct 10 15:34:50 EDT 2006


Hi,

See bellow

Regards,

Mark

I will try the latest dr release and see if that makes any difference, as
far a I know selinux is disabled.

Bellow are some bits from the snapgear, I am sorry about the amount but I
don't want to accidentally cut out a useful bit, however, some it relates to
working tunnels to a different vpn end point.

/> tcpdump -i eth1 host 81.17.242.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes
20:12:20.857278 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x56),
length 132
20:12:21.867215 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x57),
length 132
20:12:22.857153 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x58),
length 132
20:12:23.867090 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x59),
length 132
20:12:24.867027 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5a),
length 132
20:12:25.866964 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5b),
length 132
20:12:26.076951 IP 81.17.242.10.isakmp > 212.159.53.154.isakmp: UDP, length
84
20:12:26.086950 IP 212.159.53.154.isakmp > 81.17.242.10.isakmp: UDP, length
84
20:12:26.876901 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5c),
length 132
20:12:27.876838 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5d),
length 132
20:12:28.876775 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5e),
length 132
20:12:29.876712 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x5f),
length 132
20:12:30.876650 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x60),
length 132
20:12:31.876587 IP 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x61),
length 132

14 packets captured
32 packets received by filter
0 packets dropped by kernel
/> tcpdump -i eth1 host 81.17.242.10 -vv
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 68
bytes
20:12:57.424984 IP (tos 0x80, ttl  55, id 21879, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x7b), length 132
20:12:58.424921 IP (tos 0x80, ttl  55, id 21880, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x7c), length 132
20:12:59.424858 IP (tos 0x80, ttl  55, id 21881, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x7d), length 132
20:13:00.414796 IP (tos 0x80, ttl  55, id 21882, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x7e), length 132
20:13:00.524789 IP (tos 0x80, ttl  55, id 0, offset 0, flags [DF], proto:
UDP (17), length: 112) 81.17.242.10.isakmp > 212.159.53.154.isakmp: UDP,
length 84
20:13:00.524789 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP
(17), length: 112) 212.159.53.154.isakmp > 81.17.242.10.isakmp: UDP, length
84
20:13:01.414734 IP (tos 0x80, ttl  55, id 21883, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x7f), length 132
20:13:02.404671 IP (tos 0x80, ttl  55, id 21884, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x80), length 132
20:13:03.404609 IP (tos 0x80, ttl  55, id 21885, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x81), length 132
20:13:04.414545 IP (tos 0x80, ttl  55, id 21886, offset 0, flags [none],
proto: ESP (50), length: 152) 81.17.242.10 > 212.159.53.154:
ESP(spi=0xee37a265,seq=0x82), length 132

10 packets captured
29 packets received by filter
0 packets dropped by kernel
/> ipsec barf
Ipsec configurator.  (C) Copyright 2002 SnapGear (www.snapgear.com).
Host THEU-Office-SG300 in domain (none)
_________________________
Tue Oct 10 20:16:08 2006
_________________________
cat /proc/net/ipsec_eroute
        0          192.168.234.0/24   -> 10.1.1.0/24        =>
tun0x11d1 at 193.109.194.98
        0          192.168.234.0/24   -> 10.200.0.0/16      =>
tun0x11cf at 193.109.194.98
        0          192.168.234.0/24   -> 62.17.140.139/32   =>
tun0x11e5 at 193.109.194.98
        0          192.168.234.0/24   -> 192.16.144.71/32   =>
tun0x11c5 at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.1.10/31    =>
tun0x11dd at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.10.0/24    =>
tun0x11cd at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.11.0/24    =>
tun0x11e3 at 193.109.194.98
        4          192.168.234.0/24   -> 192.168.12.0/24    =>
tun0x11cb at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.13.0/24    =>
tun0x11d5 at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.221.0/30   =>
tun0x11df at 193.109.194.98
        1744       192.168.234.0/24   -> 192.168.240.0/24   =>
tun0x11c7 at 193.109.194.98
        0          192.168.234.0/24   -> 192.168.242.0/24   =>
tun0x11db at 81.17.242.10
        0          192.168.234.0/24   -> 198.153.203.0/24   =>
tun0x11e1 at 193.109.194.98
_________________________
cat /proc/net/ipsec_spi
        esp0xee37a25a at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xbd0c1f73ca40e0a2 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25652,0,0)
        tun0x11e4 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=62.17.140.139/32->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(28291,0,0)
        tun0x11c7 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=bytes(199518,0,0)addtime(25817,0,0)usetime(25824,0,0)packets(174
4,0,0) idle=0
        esp0xee37a259 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x6794977ca07621e0 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25410,0,0)
        esp0xee37a258 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xc099af61fa753035 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25375,0,0)
        tun0x11e2 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.11.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(28238,0,0)
        tun0x11c5 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25652,0,0)
        esp0xee37a257 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xcbbb10817fedf8a3 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25308,0,0)
        tun0x11e0 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=198.153.203.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(28153,0,0)
        tun0x11c3 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25410,0,0)
        esp0xee37a255 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xa6987d8e2288bc38 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25055,0,0)
        tun0x11de at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.221.0/30->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(27983,0,0)
        tun0x11c1 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25375,0,0)
        tun0x11dc at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.1.10/31->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(27801,0,0)
        tun0x11bf at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25308,0,0)
        tun0x11da at 212.159.53.154 IPIP: dir=in  src=81.17.242.10
policy=192.168.242.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(27777,0,0)
        tun0x11d8 at 212.159.53.154 IPIP: dir=in  src=81.17.242.10
policy=192.168.242.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(27569,0,0)
        tun0x11bb at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25055,0,0)
        tun0x11d4 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.13.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(27250,0,0)
        tun0x11d0 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=10.1.1.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(26215,0,0)
        tun0x11ce at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=10.200.0.0/16->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(26180,0,0)
        tun0x11cc at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.10.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(26157,0,0)
        tun0x11ca at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.12.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=bytes(504,0,0)addtime(26124,0,0)usetime(26194,0,0)packets(4,0,0)
idle=481
        tun0x11c8 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=62.17.140.139/32->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25869,0,0)
        esp0xfe4cf169 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xf87bc6a862acfc29 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28291,0,0)
        tun0x11c6 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.240.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=bytes(586273,0,0)addtime(25817,0,0)usetime(25817,0,0)packets(197
8,0,0) idle=0
        esp0xfe4cf167 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x57271357f2132a88 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28238,0,0)
        tun0x11c4 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.16.144.71/32->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25652,0,0)
        tun0x11c2 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=198.153.203.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25410,0,0)
        esp0xfe4cf163 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xe1304a4c203d06ca ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28153,0,0)
        tun0x11c0 at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.221.0/30->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25375,0,0)
        tun0x11be at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.11.0/24->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25308,0,0)
        esp0xfe4cf15e at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x57b9cd20352ed06e ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27983,0,0)
        tun0x11ba at 212.159.53.154 IPIP: dir=in  src=193.109.194.98
policy=192.168.1.10/31->192.168.234.0/24 flags=0x8<>
life(c,s,h)=addtime(25055,0,0)
        esp0xfe4cf158 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x7b0319b68375939e ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27801,0,0)
        esp0xfe4cf149 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x411240fe1b9625d9 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27250,0,0)
        comp0x551 at 81.17.242.10 COMP_DEFLATE: dir=out src=212.159.53.154
life(c,s,h)=addtime(27777,0,0)
        esp0xfe4cf137 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x6264178a8decdf0e ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26215,0,0)
        esp0xfe4cf135 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x4ac18a19f9c3dd3e ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26180,0,0)
        esp0xfe4cf134 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x60fcf150865a9b16 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26157,0,0)
        esp0xfe4cf133 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x0c64d2e683186135 ooowin=64 seq=4
alen=160 aklen=160 eklen=192
life(c,s,h)=bytes(640,0,0)addtime(26124,0,0)usetime(26194,0,0)packets(4,0,0)
idle=481
        esp0xfe4cf12f at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x80481912bc1f659a ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25869,0,0)
        esp0xfe4cf12d at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xf33b15c5895e3f48 ooowin=64 seq=1749
alen=160 aklen=160 eklen=192
life(c,s,h)=bytes(264336,0,0)addtime(25817,0,0)usetime(25824,0,0)packets(174
9,0,0) idle=0
        tun0x11db at 81.17.242.10 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(27777,0,0)
        esp0xfe4cf125 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x0b78cea021a64a1c ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25652,0,0)
        esp0x75aa9a5b at 81.17.242.10 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xb1ac52723c077049 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27569,0,0)
        tun0x11d9 at 81.17.242.10 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(27569,0,0)
        esp0xfe4cf11c at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xd13df6ed733437a5 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25410,0,0)
        esp0xfe4cf11b at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x77b2dd865da2b6c4 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25375,0,0)
        esp0xfe4cf119 at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0x90610e1e7743e662 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25308,0,0)
        esp0xfe4cf10f at 193.109.194.98 ESP_3DES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=64bits iv=0xe261c2d5e2984f58 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25055,0,0)
        comp0x21c at 81.17.242.10 COMP_DEFLATE: dir=out src=212.159.53.154
life(c,s,h)=addtime(27569,0,0)
        comp0xa667 at 212.159.53.154 COMP_DEFLATE: dir=in  src=81.17.242.10
life(c,s,h)=addtime(27777,0,0)
        comp0xa666 at 212.159.53.154 COMP_DEFLATE: dir=in  src=81.17.242.10
life(c,s,h)=addtime(27569,0,0)
        esp0x77db577c at 81.17.242.10 ESP_AES_HMAC_SHA1: dir=out
src=212.159.53.154 iv_bits=128bits iv=0xb73bd8f45af1631476d67b7b0518b7af
ooowin=64 alen=160 aklen=160 eklen=256 life(c,s,h)=addtime(27777,0,0)
        tun0x11e5 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(28291,0,0)
        tun0x11e3 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(28238,0,0)
        tun0x11e1 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(28153,0,0)
        tun0x11df at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(27983,0,0)
        tun0x11dd at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(27801,0,0)
        esp0xee37a26a at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x20dc25925083cdc5 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28291,0,0)
        esp0xee37a269 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x4452598836a816a7 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28238,0,0)
        esp0xee37a268 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xe4c51c9b46d5465b ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(28153,0,0)
        esp0xee37a267 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x7908e3a57aea227b ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27983,0,0)
        esp0xee37a266 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x6464be621748cc6e ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27801,0,0)
        tun0x11d5 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(27250,0,0)
        esp0xee37a265 at 212.159.53.154 ESP_AES_HMAC_SHA1: dir=in
src=81.17.242.10 iv_bits=128bits iv=0x300ae4f6873d979ef42594c20500d2b2
ooowin=64 alen=160 aklen=160 auth_errs=296 eklen=256
life(c,s,h)=addtime(27777,0,0)
        esp0xee37a264 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=81.17.242.10 iv_bits=64bits iv=0x0db3a6735041ba17 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27569,0,0)
        tun0x11d1 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(26215,0,0)
        esp0xee37a262 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x704926b814007c07 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(27250,0,0)
        tun0x11cf at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(26180,0,0)
        esp0xee37a260 at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x15466b9a977ca4f6 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26215,0,0)
        esp0xee37a25f at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x09f1a63fee32a719 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26180,0,0)
        tun0x11cd at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(26157,0,0)
        esp0xee37a25e at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xc5aa8f3a9adc810c ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(26157,0,0)
        tun0x11cb at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=bytes(516,0,0)addtime(26124,0,0)usetime(26194,0,0)packets(4,0,0)
idle=481
        esp0xee37a25d at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x9dfd243c22ec6bb4 ooowin=64 seq=4
bit=0xf alen=160 aklen=160 eklen=192
life(c,s,h)=bytes(504,0,0)addtime(26124,0,0)usetime(26194,0,0)packets(4,0,0)
idle=481
        esp0xee37a25c at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0x46c3e3e0c156e101 ooowin=64 alen=160
aklen=160 eklen=192 life(c,s,h)=addtime(25869,0,0)
        tun0x11c9 at 193.109.194.98 IPIP: dir=out src=212.159.53.154
life(c,s,h)=addtime(25869,0,0)
        esp0xee37a25b at 212.159.53.154 ESP_3DES_HMAC_SHA1: dir=in
src=193.109.194.98 iv_bits=64bits iv=0xcd859f88483325c3 ooowin=64 seq=1991
bit=0xffffffffffffffff max_seq_diff=2 alen=160 aklen=160 eklen=192
life(c,s,h)=bytes(586849,0,0)addtime(25817,0,0)usetime(25817,0,0)packets(198
6,0,0) idle=0
_________________________
cat /proc/net/ipsec_spigrp
        tun0x11e4 at 212.159.53.154 esp0xee37a26a at 212.159.53.154
        tun0x11c7 at 193.109.194.98 esp0xfe4cf12d at 193.109.194.98
        tun0x11e2 at 212.159.53.154 esp0xee37a269 at 212.159.53.154
        tun0x11c5 at 193.109.194.98 esp0xfe4cf125 at 193.109.194.98
        tun0x11e0 at 212.159.53.154 esp0xee37a268 at 212.159.53.154
        tun0x11c3 at 193.109.194.98 esp0xfe4cf11c at 193.109.194.98
        tun0x11de at 212.159.53.154 esp0xee37a267 at 212.159.53.154
        tun0x11c1 at 193.109.194.98 esp0xfe4cf11b at 193.109.194.98
        tun0x11dc at 212.159.53.154 esp0xee37a266 at 212.159.53.154
        tun0x11bf at 193.109.194.98 esp0xfe4cf119 at 193.109.194.98
        tun0x11da at 212.159.53.154 comp0xa667 at 212.159.53.154
esp0xee37a265 at 212.159.53.154
        tun0x11d8 at 212.159.53.154 comp0xa666 at 212.159.53.154
esp0xee37a264 at 212.159.53.154
        tun0x11bb at 193.109.194.98 esp0xfe4cf10f at 193.109.194.98
        tun0x11d4 at 212.159.53.154 esp0xee37a262 at 212.159.53.154
        tun0x11d0 at 212.159.53.154 esp0xee37a260 at 212.159.53.154
        tun0x11ce at 212.159.53.154 esp0xee37a25f at 212.159.53.154
        tun0x11cc at 212.159.53.154 esp0xee37a25e at 212.159.53.154
        tun0x11ca at 212.159.53.154 esp0xee37a25d at 212.159.53.154
        tun0x11c8 at 212.159.53.154 esp0xee37a25c at 212.159.53.154
        tun0x11c6 at 212.159.53.154 esp0xee37a25b at 212.159.53.154
        tun0x11c4 at 212.159.53.154 esp0xee37a25a at 212.159.53.154
        tun0x11c2 at 212.159.53.154 esp0xee37a259 at 212.159.53.154
        tun0x11c0 at 212.159.53.154 esp0xee37a258 at 212.159.53.154
        tun0x11be at 212.159.53.154 esp0xee37a257 at 212.159.53.154
        tun0x11ba at 212.159.53.154 esp0xee37a255 at 212.159.53.154
        tun0x11db at 81.17.242.10 comp0x551 at 81.17.242.10
esp0x77db577c at 81.17.242.10
        tun0x11d9 at 81.17.242.10 comp0x21c at 81.17.242.10
esp0x75aa9a5b at 81.17.242.10
        tun0x11e5 at 193.109.194.98 esp0xfe4cf169 at 193.109.194.98
        tun0x11e3 at 193.109.194.98 esp0xfe4cf167 at 193.109.194.98
        tun0x11e1 at 193.109.194.98 esp0xfe4cf163 at 193.109.194.98
        tun0x11df at 193.109.194.98 esp0xfe4cf15e at 193.109.194.98
        tun0x11dd at 193.109.194.98 esp0xfe4cf158 at 193.109.194.98
        tun0x11d5 at 193.109.194.98 esp0xfe4cf149 at 193.109.194.98
        tun0x11d1 at 193.109.194.98 esp0xfe4cf137 at 193.109.194.98
        tun0x11cf at 193.109.194.98 esp0xfe4cf135 at 193.109.194.98
        tun0x11cd at 193.109.194.98 esp0xfe4cf134 at 193.109.194.98
        tun0x11cb at 193.109.194.98 esp0xfe4cf133 at 193.109.194.98
        tun0x11c9 at 193.109.194.98 esp0xfe4cf12f at 193.109.194.98
_________________________
cat /proc/net/ipsec_tncfg
        ipsec0 -> eth1 mtu=16260(1427) -> 1500
        ipsec1 -> NULL mtu=0(0) -> 0
        ipsec2 -> NULL mtu=0(0) -> 0
        ipsec3 -> NULL mtu=0(0) -> 0
_________________________
cat /proc/net/pf_key
            sock   pid   socket     next     prev e n p sndbf    Flags
Type St
        c0700c40   194 c0782720        0        0 0 0 2 32767 00000000
3  1
_________________________
ipsec --version
ipsec.conf parsing and processing routine.
(C) Copyright 2002 SnapGear (www.snapgear.com).
Version 1.0
_________________________
ipsec --directory
/bin
_________________________
ipsec showdefaults
routephys=eth1
routevirt=ipsec0
routeaddr=212.159.53.154
routenexthop=212.159.53.153
_________________________
cat /proc/net/ipsec_version
        FreeS/WAN version: 1.97
_________________________
cat /var/log/ipsec.info
        defaultroutephys=eth1
        defaultroutevirt=ipsec0
        defaultrouteaddr=212.159.53.154
        defaultroutenexthop=212.159.53.153
_________________________
ipsec auto --status
000 interface ipsec0/eth1 212.159.53.154
000 interface ipsec0/eth1 212.159.53.154
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=64, keysizemin=64,
keysizemax=168
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168,
keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128,
keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8,
keydeflen=64
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=1, name=OAKLEY_GROUP_MODP768, bits=768
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536 (extension),
bits=1536
000 algorithm IKE dh group: id=42048, name=OAKLEY_GROUP_MODP2048
(extension), bits=2048
000 algorithm IKE dh group: id=43072, name=OAKLEY_GROUP_MODP3072
(extension), bits=3072
000 algorithm IKE dh group: id=44096, name=OAKLEY_GROUP_MODP4096
(extension), bits=4096
000
000 stats : {curr_cnt, total_cnt, maxsz} :context={0,185,36}
trans={0,185,96} attrs={0,185,160}
000
000 "OFFICE-IE":
192.168.234.0/24===212.159.53.154---212.159.53.153...81.17.242.10===192.168.
242.0/24
000 "OFFICE-IE":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s;
rekey_fuzz: 100%; keyingtries: 0
000 "OFFICE-IE":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: eth1;
erouted
000 "OFFICE-IE":   newest ISAKMP SA: #329; newest IPsec SA: #330; eroute
owner: #330
000 "OFFICE-IE":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "OFFICE-IE":   IKE algorithms found:  5_192-2_160-2,
000 "OFFICE-IE":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
(extension)
000 "OFFICE-IE":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "OFFICE-IE":   ESP algorithms loaded: 3/168-2/160,
000 "OFFICE-IE":   ESP algorithm newest: AES_0-HMAC_SHA1; pfsgroup=MODP1024
000 "Office-THEU-Colo_11":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.221.0/30
000 "Office-THEU-Colo_11":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_11":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface:
eth1; erouted
000 "Office-THEU-Colo_11":   newest ISAKMP SA: #0; newest IPsec SA: #332;
eroute owner: #332
000 "Office-THEU-Colo_11":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_11":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_11":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_11":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_11":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_10":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===62.17.
140.139/32
000 "Office-THEU-Colo_10":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_10":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface:
eth1; erouted
000 "Office-THEU-Colo_10":   newest ISAKMP SA: #0; newest IPsec SA: #335;
eroute owner: #335
000 "Office-THEU-Colo_10":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_10":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_10":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_10":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_10":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_9":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
.144.71/32
000 "Office-THEU-Colo_9":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_9":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_9":   newest ISAKMP SA: #0; newest IPsec SA: #314;
eroute owner: #314
000 "Office-THEU-Colo_9":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_9":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_9":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_9":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_9":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_8":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===10.1.1
.0/24
000 "Office-THEU-Colo_8":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_8":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_8":   newest ISAKMP SA: #0; newest IPsec SA: #320;
eroute owner: #320
000 "Office-THEU-Colo_8":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_8":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_8":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_8":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_8":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_7":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.13.0/24
000 "Office-THEU-Colo_7":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_7":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_7":   newest ISAKMP SA: #0; newest IPsec SA: #323;
eroute owner: #323
000 "Office-THEU-Colo_7":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_7":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_7":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_7":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_7":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_6":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.12.0/24
000 "Office-THEU-Colo_6":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_6":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_6":   newest ISAKMP SA: #0; newest IPsec SA: #317;
eroute owner: #317
000 "Office-THEU-Colo_6":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_6":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_6":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_6":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_6":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_5":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.11.0/24
000 "Office-THEU-Colo_5":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_5":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_5":   newest ISAKMP SA: #0; newest IPsec SA: #334;
eroute owner: #334
000 "Office-THEU-Colo_5":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_5":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_5":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_5":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_5":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_4":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.10.0/24
000 "Office-THEU-Colo_4":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_4":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_4":   newest ISAKMP SA: #0; newest IPsec SA: #318;
eroute owner: #318
000 "Office-THEU-Colo_4":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_4":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_4":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_4":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_4":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_3":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.1.10/31
000 "Office-THEU-Colo_3":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_3":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_3":   newest ISAKMP SA: #0; newest IPsec SA: #331;
eroute owner: #331
000 "Office-THEU-Colo_3":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_3":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_3":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_3":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_3":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_2":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===10.200
.0.0/16
000 "Office-THEU-Colo_2":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_2":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_2":   newest ISAKMP SA: #0; newest IPsec SA: #319;
eroute owner: #319
000 "Office-THEU-Colo_2":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_2":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_2":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_2":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_2":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_1":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===198.15
3.203.0/24
000 "Office-THEU-Colo_1":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_1":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_1":   newest ISAKMP SA: #0; newest IPsec SA: #333;
eroute owner: #333
000 "Office-THEU-Colo_1":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_1":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_1":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_1":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_1":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000 "Office-THEU-Colo_0":
192.168.234.0/24===212.159.53.154---212.159.53.153...193.109.194.98===192.16
8.240.0/24
000 "Office-THEU-Colo_0":   ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "Office-THEU-Colo_0":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1;
erouted
000 "Office-THEU-Colo_0":   newest ISAKMP SA: #324; newest IPsec SA: #315;
eroute owner: #315
000 "Office-THEU-Colo_0":   IKE algorithms wanted: 5_000-2-2, flags=-strict
000 "Office-THEU-Colo_0":   IKE algorithms found:  5_192-2_160-2,
000 "Office-THEU-Colo_0":   IKE algorithm newest: 3DES_CBC_192-SHA-MODP1024
000 "Office-THEU-Colo_0":   ESP algorithms wanted: 3_000-2, ; pfsgroup=2;
flags=-strict
000 "Office-THEU-Colo_0":   ESP algorithms loaded: 3/168-2/160,
000 "Office-THEU-Colo_0":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000
000 #330: "OFFICE-IE" STATE_QUICK_R2 (IPsec SA established);
born:1160507051s; EVENT_SA_REPLACE in 2583s; newest IPSEC; eroute owner
000 #330: "OFFICE-IE" esp.77db577c at 81.17.242.10 esp.ee37a265 at 212.159.53.154
comp.551 at 81.17.242.10 comp.a667 at 212.159.53.154 tun.11db at 81.17.242.10
tun.11da at 212.159.53.154
000 #329: "OFFICE-IE" STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
born:1160507050s; EVENT_SA_REPLACE in 2582s; newest ISAKMP
000 #335: "Office-THEU-Colo_10" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160507565s; EVENT_SA_REPLACE in 2266s; newest IPSEC;
eroute owner
000 #335: "Office-THEU-Colo_10" esp.fe4cf169 at 193.109.194.98
esp.ee37a26a at 212.159.53.154 tun.11e5 at 193.109.194.98 tun.11e4 at 212.159.53.154
000 #334: "Office-THEU-Colo_5" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160507512s; EVENT_SA_REPLACE in 2217s; newest IPSEC;
eroute owner
000 #334: "Office-THEU-Colo_5" esp.fe4cf167 at 193.109.194.98
esp.ee37a269 at 212.159.53.154 tun.11e3 at 193.109.194.98 tun.11e2 at 212.159.53.154
000 #333: "Office-THEU-Colo_1" STATE_QUICK_R2 (IPsec SA established);
born:1160507427s; EVENT_SA_REPLACE in 2959s; newest IPSEC; eroute owner
000 #333: "Office-THEU-Colo_1" esp.fe4cf163 at 193.109.194.98
esp.ee37a268 at 212.159.53.154 tun.11e1 at 193.109.194.98 tun.11e0 at 212.159.53.154
000 #332: "Office-THEU-Colo_11" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160507257s; EVENT_SA_REPLACE in 1977s; newest IPSEC;
eroute owner
000 #332: "Office-THEU-Colo_11" esp.fe4cf15e at 193.109.194.98
esp.ee37a267 at 212.159.53.154 tun.11df at 193.109.194.98 tun.11de at 212.159.53.154
000 #331: "Office-THEU-Colo_3" STATE_QUICK_R2 (IPsec SA established);
born:1160507075s; EVENT_SA_REPLACE in 2607s; newest IPSEC; eroute owner
000 #331: "Office-THEU-Colo_3" esp.fe4cf158 at 193.109.194.98
esp.ee37a266 at 212.159.53.154 tun.11dd at 193.109.194.98 tun.11dc at 212.159.53.154
000 #324: "Office-THEU-Colo_0" STATE_MAIN_I4 (ISAKMP SA established);
born:1160506726s; EVENT_SA_REPLACE in 1671s; newest ISAKMP
000 #328: "OFFICE-IE" STATE_QUICK_I2 (sent QI2, IPsec SA established);
born:1160506843s; EVENT_SA_REPLACE in 26746s
000 #328: "OFFICE-IE" esp.75aa9a5b at 81.17.242.10 esp.ee37a264 at 212.159.53.154
comp.21c at 81.17.242.10 comp.a666 at 212.159.53.154 tun.11d9 at 81.17.242.10
tun.11d8 at 212.159.53.154
000 #327: "OFFICE-IE" STATE_MAIN_I4 (ISAKMP SA established);
born:1160506842s; EVENT_SA_REPLACE in 1865s
000 #323: "Office-THEU-Colo_7" STATE_QUICK_R2 (IPsec SA established);
born:1160506524s; EVENT_SA_REPLACE in 2056s; newest IPSEC; eroute owner
000 #323: "Office-THEU-Colo_7" esp.fe4cf149 at 193.109.194.98
esp.ee37a262 at 212.159.53.154 tun.11d5 at 193.109.194.98 tun.11d4 at 212.159.53.154
000 #320: "Office-THEU-Colo_8" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160505489s; EVENT_SA_REPLACE in 682s; newest IPSEC;
eroute owner
000 #320: "Office-THEU-Colo_8" esp.fe4cf137 at 193.109.194.98
esp.ee37a260 at 212.159.53.154 tun.11d1 at 193.109.194.98 tun.11d0 at 212.159.53.154
000 #319: "Office-THEU-Colo_2" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160505454s; EVENT_SA_REPLACE in 329s; newest IPSEC;
eroute owner
000 #319: "Office-THEU-Colo_2" esp.fe4cf135 at 193.109.194.98
esp.ee37a25f at 212.159.53.154 tun.11cf at 193.109.194.98 tun.11ce at 212.159.53.154
000 #318: "Office-THEU-Colo_4" STATE_QUICK_R2 (IPsec SA established);
born:1160505431s; EVENT_SA_REPLACE in 963s; newest IPSEC; eroute owner
000 #318: "Office-THEU-Colo_4" esp.fe4cf134 at 193.109.194.98
esp.ee37a25e at 212.159.53.154 tun.11cd at 193.109.194.98 tun.11cc at 212.159.53.154
000 #317: "Office-THEU-Colo_6" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160505398s; EVENT_SA_REPLACE in 222s; newest IPSEC;
eroute owner
000 #317: "Office-THEU-Colo_6" esp.fe4cf133 at 193.109.194.98
esp.ee37a25d at 212.159.53.154 tun.11cb at 193.109.194.98 tun.11ca at 212.159.53.154
000 #316: "Office-THEU-Colo_10" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160505143s; EVENT_SA_EXPIRE in 975s
000 #316: "Office-THEU-Colo_10" esp.fe4cf12f at 193.109.194.98
esp.ee37a25c at 212.159.53.154 tun.11c9 at 193.109.194.98 tun.11c8 at 212.159.53.154
000 #315: "Office-THEU-Colo_0" STATE_QUICK_R2 (IPsec SA established);
born:1160505092s; EVENT_SA_REPLACE in 624s; newest IPSEC; eroute owner
000 #315: "Office-THEU-Colo_0" esp.fe4cf12d at 193.109.194.98
esp.ee37a25b at 212.159.53.154 tun.11c7 at 193.109.194.98 tun.11c6 at 212.159.53.154
000 #314: "Office-THEU-Colo_9" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160504926s; EVENT_SA_REPLACE in 8s; newest IPSEC; eroute
owner
000 #314: "Office-THEU-Colo_9" esp.fe4cf125 at 193.109.194.98
esp.ee37a25a at 212.159.53.154 tun.11c5 at 193.109.194.98 tun.11c4 at 212.159.53.154
000 #313: "Office-THEU-Colo_1" STATE_QUICK_R2 (IPsec SA established);
born:1160504684s; EVENT_SA_REPLACE in 216s
000 #313: "Office-THEU-Colo_1" esp.fe4cf11c at 193.109.194.98
esp.ee37a259 at 212.159.53.154 tun.11c3 at 193.109.194.98 tun.11c2 at 212.159.53.154
000 #312: "Office-THEU-Colo_11" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160504649s; EVENT_SA_EXPIRE in 481s
000 #312: "Office-THEU-Colo_11" esp.fe4cf11b at 193.109.194.98
esp.ee37a258 at 212.159.53.154 tun.11c1 at 193.109.194.98 tun.11c0 at 212.159.53.154
000 #311: "Office-THEU-Colo_5" STATE_QUICK_I2 (sent QI2, IPsec SA
established); born:1160504582s; EVENT_SA_EXPIRE in 414s
000 #311: "Office-THEU-Colo_5" esp.fe4cf119 at 193.109.194.98
esp.ee37a257 at 212.159.53.154 tun.11bf at 193.109.194.98 tun.11be at 212.159.53.154
000 #308: "Office-THEU-Colo_3" STATE_QUICK_R2 (IPsec SA established);
born:1160504329s; EVENT_SA_EXPIRE in 161s
000 #308: "Office-THEU-Colo_3" esp.fe4cf10f at 193.109.194.98
esp.ee37a255 at 212.159.53.154 tun.11bb at 193.109.194.98 tun.11ba at 212.159.53.154
000 #307: "Office-THEU-Colo_0" STATE_MAIN_I4 (ISAKMP SA established);
born:1160504320s; EVENT_SA_EXPIRE in 152s
_________________________

#< /etc/config/ipsec.conf 1
config setup
        interfaces = %defaultroute
        X-enabled = yes
        klipsdebug = none
        plutodebug = none
        plutoload = %search
        plutostart = %search
        manualstart =
        uniqueids = yes

conn Office-THEU-Colo_0
        x_conn_match = Office-THEU-Colo
        leftsubnet = 192.168.234.0/24
        rightsubnet = 192.168.240.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_1
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 198.153.203.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_2
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 10.200.0.0/16
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_3
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.1.11/31
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_4
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.10.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_5
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.11.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_6
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.12.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_7
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.13.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_8
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 10.1.1.0/24
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_9
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.16.144.71/32
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_10
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 62.17.140.139/32
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo_11
        x_conn_match = Office-THEU-Colo
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.221.0/30
        auto = start
        also = Office-THEU-Colo

conn Office-THEU-Colo
        type = tunnel
        left = %defaultroute
        x-interface = %defaultroute
        right = 193.109.194.98
        keyexchange = ike
        authby = secret
        auth = esp
        pfs = yes
        pfsgroup = MODP1024
        ike = "3DES-SHA-MODP1024"
        esp = "3DES-SHA1"
        keyingtries = 0
        ikelifetime = 3600
        keylife = 3600
        rekeymargin = 600
        rekeyfuzz = 100%
        dpddelay = 9
        dpdtimeout = 30
        x-l2tpd = no

conn OFFICE-IE
        type = tunnel
        leftsubnet = $if_ethernet0_network/$if_ethernet0_netmask
        rightsubnet = 192.168.242.0/24
        left = %defaultroute
        x-interface = %defaultroute
        right = 81.17.242.10
        auto = start
        keyexchange = ike
        authby = secret
        auth = esp
        compress = yes
        pfs = yes
        pfsgroup = MODP1024
        ike = "3DES-SHA-MODP1024"
        esp = "3DES-SHA1"
        keyingtries = 0
        ikelifetime = 3600
        keylife = 28800
        rekeymargin = 600
        rekeyfuzz = 100%
        dpddelay = 9
        dpdtimeout = 30
        x-l2tpd = no
_________________________

#< /etc/config/ipsec.secrets 1
0.0.0.0 193.109.194.98 : PSK "[sums to 6a87...]"
0.0.0.0 81.17.242.10 : PSK "[sums to 27a3...]"
: RSA ukoffice.key "[sums to 714f...]"
_________________________
Tue Oct 10 20:16:09 2006

******************************************************************
Mark Olliver BSc (Hons) 





More information about the Users mailing list